last executing test programs:

3.368333846s ago: executing program 1 (id=519):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00')
pread64(r0, &(0x7f0000001300)=""/4118, 0x1016, 0x0)

3.192354022s ago: executing program 0 (id=521):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000500)={[{@clear_cache}, {@ssd_spread}, {@space_cache}, {@discard_sync}, {@compress_algo={'compress', 0x3d, 'zstd'}}, {@space_cache}, {@nodiscard}, {@noflushoncommit}, {@user_subvol_rm}, {@barrier}, {@noacl}]}, 0x1, 0x50f3, &(0x7f0000005140)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x103a42, 0x0)
ftruncate(r0, 0x6000000)
copy_file_range(r0, 0x0, r0, &(0x7f00000004c0)=0x2000, 0x9, 0x0)

3.015748198s ago: executing program 1 (id=525):
socket$kcm(0xa, 0x3, 0x73)
syz_usb_connect(0x0, 0x3b, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000ec13b2106d04d308280b0102030109022900010000000009046900000e01000008240501020205050764f7edb276"], 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000)

3.015583513s ago: executing program 2 (id=526):
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0)
r1 = syz_open_dev$admmidi(&(0x7f0000000000), 0x2, 0x1a9882)
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r1, 0xc0305710, &(0x7f0000000040)={0x0, 0x10001, 0x3c, 0x0, 0x9})
close_range(r0, 0xffffffffffffffff, 0x0)

2.88187255s ago: executing program 2 (id=528):
r0 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r0, &(0x7f0000005240)=[{{0x0, 0x0, 0x0}, 0xfffffdef}], 0x4000095, 0x0)
getpeername$packet(r0, 0x0, 0x0)

2.81759291s ago: executing program 3 (id=529):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0xc, 0x0, &(0x7f00000001c0)=[@free_buffer], 0x0, 0x0, 0x0})

2.643775089s ago: executing program 3 (id=530):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000005c0)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x6, 0x11, &(0x7f0000000100)=@framed={{0x18, 0x2, 0x0, 0x0, 0x6de}, [@call={0x85, 0x0, 0x0, 0x2c}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8000}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x5c298795369ca04f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff6f}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)

2.586334606s ago: executing program 4 (id=531):
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = getpid()
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={r0, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000340)=[0x200], 0x0, 0x0, 0x1, 0x1, r1}}, 0x40)

2.477453216s ago: executing program 4 (id=532):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40180, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000300)=ANY=[@ANYBLOB="010000000000000098000040"])

2.439438348s ago: executing program 3 (id=533):
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0xa00058, &(0x7f0000000040), 0x1, 0x588, &(0x7f0000000600)="$eJzs3U9sHFcZAPBvdh0ncU3ThEZqyiGBRKR/lNjtSk4DB8IBDhT1UiRUqRysZGOHrGNju6I2F/fGiSIBAlRRNeKABBKxxAE4VBQkDkgECYEQFmolEAf+tIBwD5QARrM7a2+8s84i27vF8/tJm33zZuzvvd18b3ffm/UEUFgn0n+SiOGIuBkRhxqbtx9wonH37cry5I3K8mQSa2tP/jWpH3e9sjzZPLT5c3dFxFJE3BcRP7occXFfe9y5hcWr47VadTbbHpmfmhmZW1g8c2VqfKI6Ub1WqTx2fmzs/Lmx0f+hN8mWez8+8/qRX08+MfHS8X89dW7q639J4kK937GpHzspr0UDScSF3QjWB+W0PxEx1OXxR6vPv7zLTaJLXzyyMpI+d/dGxKl6/h+Kcv3ZjPjAi0///VC8/1ann7258uIfe9lWAGDnrKX2b70b2JtKkX72T0pnI6JRLpXOnm18hr83hkq16bn5hy9PP3PtUmOO4J7YV7p8pVYdzeYK7ol9Sbr9SL28sf3opu1KRByOiM+WD9a3z16crl3q6UgHNA1HvPadT10cvGtT/v+h3Mh/YO9K8/+XP/7eD9Lym+V+twbopTT/v/nm1OMh/6Fw7pz/B3reJqA3vP5Dccl/KK72/N/63Flg7/D6D8Ul/6G45D8Ul/yH4pL/UFyt+S/9oZgOH39lJYmIpfcdrN9Sg9m+nD/bA+wha2uJL/lDQXnvD8U1sFE82M92AL3nMz5wp7P/O34beGbn2wL0RqnfDQD65vQx639QVOb/obgG+t0AoG+8xwfM/0PxmP+H4hrucP2vd7Rcu2s0Iu6OiJ+W9+1vXusL+P81HPHaCze/+3RE6U9J9v7/9KFTw+Ovv/rD1uMGk3/UlwgGI+LTLzz55WfH5+dnH0nr/7ZeP/+VrP7RfvUG6EYzT5t5DBTX3MLi1fFarTqroLCpEPG2aIbCLhaa48D1yvJk89arsef5hyLe+GDjJIQ07o3s1tg7kM1NHqivUQ6tJredq5DswNrl585ELD0XEffl9T/JrnfeWPkYWi23xX9ndp/ejmXzJ+kxR7uMX757e/Hvb4l/vCX+u7qMv/KxLg/cJYe/1d/4L/1mfdlrIO/xH9jmV2KP3GH/49/Y1q/ftt//rr/xTx3vb/wvTUe8ko4/o3n5V0rTcn3ls3X8+cLnG/Omg9uM/5nTG+Pfjbbxr7Q+/pU7jH8nuozzk6eqn8irL/8s4o3nIu7Pjd+Md6Aea2i11Bb/ZMv488AW8f/80V9czau/8GrE2vWI05EfvzXWyPzUzMjcwuKZK1PjE9WJ6rVK5bHzY2Pnz42NjtTnqEeaM9Xtnrh19EN59Se/1uj/UIf4zf53evzXtuhzq8WvfnL43Tn1Pz/WiP/Ayfzn/0gWv/H4D7TFf092n/4/+Xd2Lm96zFsRsT+rfzAivv/y4Yfy2vWRW434lzr0v3Rb/Pb+P9xl/+O3/3kmr/rZD3f7CwCAndR5aqDfLQMAAHZaL1Ya+91HIN/Q6mC0LgMnSy3rCksb6wpp/VvZ+kJ5KeKf2RpDWv9gtkqWlnMXGoC3naOL7/1Vv9sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUHRzC4tXx2u16uxcv1sC9Np/AwAA//8Fjv+b")
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x21081c, &(0x7f00000005c0)={[{@grpquota}, {@nogrpid}, {@quota}, {@minixdf}, {@barrier_val={'barrier', 0x3d, 0x5}}]}, 0x1, 0x502, &(0x7f0000002a00)="$eJzs3c9vVFsdAPDvTDvttJTXvudbqNH38D0UDWHaDtAQFoorYwyJkaUmUNuhaTrtNJ0WaWVR1m5NJHGlS/8A16zcuzG6c4MLE380GmrCYsy9cweGMkMbWmaazueT3Nxz7rnM93uAew5zyswJYGBdiIjdiBiJiHsRMZldz2VH3GoeyX3P9x4t7O89WshFo3HnX7m0PbkWbb8mcS57zWJE/Oh7ET/NvRm3vr2zMl+tVjay+vRwVlhenV+qLFXWyuW52bmZG1evl0+sr5+ujmSlrz774+63fp6kNZFdSfvxotFonFi0pmbXCy/jJJKu/uCE4/TLUNafkX4nwjvJR8RHEfFZ+vxPxlAM9zslAOA9azQmozHZXgcAzrp8ugaWy5eytYCJyOdLpeYa3scxnq/W6puX79e21haba2VTUcjfX65WZrK1wqko5JL6bFp+VS8fqF+NiA8j4pejY2m9tFCrLvbzHz4AMMDOHZj//zvanP8BgDOu2O8EAICeM/8DwOAx/wPA4DH/A8Dgac7/Y/1OAwDoIe//AWDwmP8BYKD88Pbt5GjsZ9/jvfhge2ul9uDKYqW+UlrdWigt1DbWS0u12lL6nT2rh71etVZbn70WWw+nvr1e35yub+/cXa1trW3eTb/X+26lkN6124OeAQDdfPjp07/kkhn55lh6RNteDoW+Zga8b/l+JwD0zVC/EwD6xm5fMLiO8R7f8gCcER226H1NsdMHhBonv18u0DuXvmT9HwZV2/q//wUMA8b6Pwwu6/8wuBqN3FH3/I+j3ggAnG7W+IEuP///KDv/LvvhwE8WD97x5H1mBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKdba//fUrYX+ETk86VSxPmImIpC7v5ytTITER9ExJ9HC6NJfbbPOQMAx5X/ey7b/+vS5MWJ15o+OfeyOBIRP/v1nV89nN/c3PhTxEju36Ot65tPsuvl3mcPAByuNU+n57Y38s/3Hi20jl7m84/vRkSxGX9/byT2X8YfjuH0XIxCRIz/J5fVm3JtaxfHsfs4Ir7Yqf+5mEjXQJo7nx6Mn8Q+39P4+dfi59O25jn5vfjCCeQCg+ZpMv7c6vT85eNCeu78/BfTEer4svEveamF/XQMfBW/Nf4NdRn/Lhw1xrU/fL9ZGnuz7XHEl4cjWrH328afVvxcl/gXjxj/r1/55LNubY3fRFyKzvHbY01vrq5P17d3riyvzi9Vlipr5fLc7NzMjavXy9PpGvV099ngnzcvf9CtLen/eJf4xUP6//Uj9v+3L+79+Gtvif/NzzvFz8fHb4mfzInfOGL8+fHfF7u1JfEXu/T/sD//y0eM/+xvO29sGw4A9E99e2dlvlqtbNS3z7cKOwoKp7OQ/JU9BWl0LHzn5F4w3nrPSHRu+sXnzWf6QFOj8U5pdBsxTmLVDTgNXg05Ef/rdzIAAAAAAAAAAAAAAEBHvfh0VL/7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwNn1/wAAAP//6KbPLA==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x10)
ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f0000000000)={0x1, 0xdd, 0x479c28ea, 0x1, 0x4, 0xb})

2.182564362s ago: executing program 4 (id=534):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xda0, 0x0, 0x2}]})

1.873569977s ago: executing program 4 (id=535):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000000)=0x219a, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x40000, &(0x7f0000000180)={0xa, 0x4e20, 0x8001, @loopback, 0x627bcafb}, 0x1c)
recvmmsg(r0, &(0x7f0000003680)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)=""/27, 0x1b}, 0x3}], 0x1, 0x12142, 0x0)

1.756074193s ago: executing program 4 (id=536):
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a40)=ANY=[@ANYBLOB="580000000102ff0c00000000000000000a000000040003803c0002802c00018014000300fc00000000000000000000000000000014000400ff0200000000000000000000000000010c000280040001"], 0x58}}, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)

1.755507791s ago: executing program 3 (id=537):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000100)={0x0, <r1=>0x0, <r2=>0x0}, &(0x7f0000000180)=0xc)
syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000980)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000280)={[{@nobarrier}, {@gid={'gid', 0x3d, r2}}, {@creator={'creator', 0x3d, "cf44eee4"}}, {@creator={'creator', 0x3d, "64eb8ba9"}}, {@nodecompose}, {@umask}, {@uid={'uid', 0x3d, r1}}, {@nodecompose}]}, 0x3, 0x6a4, &(0x7f0000001b40)="$eJzs3U9sHFcdB/DvbDbrbJBS918aEFKtRqqgEYmdVUmQkBoQQjlEKIJLr1biNFY2aeW4KK0Q2QAFiRMn1AOHIhQOPSGEkMoJUc5ISFw4+R6JG4ccAKOZnV2v7Y1jJ7HXbT8faTzv7Zv33m9+nT+7s402wGfW+ddzsJci509cuFXWV+52uit3O9cH5SRTSRpJs79K0U6Kj5Nz6S/5fPliPVzxoHlevfdR0Xz/w06/1qyXavvGVv02GbtlLzk0rBxIMtMv/mfbw24ar1qqcS6tjfeIimHcZcKODxIHk7a6SW+tsfHQ7ts/b4F963b/vrnJdHI4/btr+T4g9dXh4VeGydvy2tTbuzgAAABgt4z9LD/qqfu5n1s5sjfhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKdD0f/NwKJeGoPyTIrB7/+3Rn5TvzXhcB/Te1eq1XefmnQgAAAAAAAAAPBYXryf+7mVI4P6alF95/9SVXmu+vu5vJ2bWchSTuZW5rOc5SxlLsn0yECtW/PLy0tzm3v+MmXP1dXV23XP02N7nl4fV29joOP+T4NNGwEAAAAAAADAZ9aPcn7t+38AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgPiuRAf1Utzw3K02k0kxxK0ipmhpu3JhrsE/DnSQcAAAAAu69dr48U/+sXVovqM//R6nP/obydG1nOYpbTzUIuV88C+p/6G3/vdbordzvXy2XzwN/4147iqEZM/9nD+Jlnqy2eH/Y4n2/nezmRmVzMUhbz/cxnOQuZybeq0nyKTNdPL6ZX7rYziHVzvOfW1S5ujO3FkXIZ37EqknauZLGK7WQutQahN+rtjo3M9sdWsmHGO2V2itdq28zR5Xpd7tEv6vX+MF3t+cFhRmbr3JfZeHo075tzv8PjZONMc2kMn0E9tzZLWd040yPl/HC9LnP9093N+Q4fpa3PRO/nZW1w9B3dOufJl//xl4tXGzeuXb1y88T+OYwe0cZjojOSiRe2lYlumYneY2Ti0OPE/+S06mz0r6I7u1q+VPU9ksV8J2/mchZyJrOZy9nM5ms5nU5Oj+T1+a3zWp1rjZ2da8e/VBfKe9LPRu5Ne2bqQQ1lXp8eyevolW66aht9ZS1Lz2wjS0Ur47P0z7GhNL9QF8o5fjxyx5m8jZmYG8nEs1tn4tf/XU1ys3vj2tLV+be2Od/L9bo8bd9bf23+zRPZoZ2rd7c8Xp4p/2Olf9sYPTrKtmcHbRvy1aq/cWnWg61ra6U6n/ttDztTy5GO3hk3Ur/thbGzdKq2YyNt697l5M10h+9CANjHDr9yuNW+1/5b+4P2T9pX2xcOfXPq7NQXWzn41+afDvyu8dvG14tX8kF+mCOTjhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4Nbr7z7rX5bndhaR8W0njCA94Z2zRIRf+V1v7Y909qYWqrI+r3Sbbo3ppEzO0k+yJ1ae7BXFMZ03Rh+Eo7aQzjSXJtn/zAHbAbTi1ff+vUzXfe/cri9fk3Ft5YuHH67JnXznS+Onf71JXF7sJs/++kowR2w9rbgElHAgAAAAAAAAAAAGzXXvzzhjHTFr0J7CsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwyXT+9Rzspcjc7MnZsr5yt9Mtl0F5bctmkkaS4gdJ8XFyLv0l0yPDFQ+a59V7H/3q5fc/7KyN1Rxs39jQ7w//Xl3d4V706iUzSQ7U64eb2tZ4l0bG6+0wsL5iuIdlwo4PEgeT9v8AAAD//x5LB84=")
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000780)=ANY=[@ANYBLOB="0200000001000000000000000400000000000000100000000000000020"], 0x24, 0x0)

1.640506683s ago: executing program 2 (id=538):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2542, 0x0)
r0 = syz_io_uring_setup(0x1e1e, &(0x7f0000000380)={0x0, 0x86f7, 0x10100, 0x3, 0x16a}, &(0x7f0000002000)=<r1=>0x0, &(0x7f0000000440)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x22})
io_uring_enter(r0, 0x48e9, 0x0, 0x2, 0x0, 0x0)

1.549500664s ago: executing program 4 (id=539):
syz_mount_image$xfs(&(0x7f0000009740), &(0x7f0000009780)='./file0\x00', 0x0, &(0x7f0000000000)={[{@gquota}, {@nolargeio}, {@prjquota}]}, 0x1, 0x97a6, &(0x7f0000012f40)="$eJzs/QeYJHWheH/PAsuSs4ooioqKkShBRAkCIkGiggKCZMlBCUoSkaAoCCgCknPOIDnnnHPOOefwPsvuKq4H5P7ee/947znneXZnurq6pvr76aqamerpXnKexeYcGBhjYFhTDIzcTbfPudDGO8552d477XnyFGNNMPnwycNvMOnwi5MOGv5xlIGBgVGGL2f4tLEfPuHEUQZGe3v6Pxp7zLEGjTswMN3wi7MP/zjTsA8TPzJivrdGauQVHfT3i4O2H/bv7cYf+iWGfrL0jeefNTAwMME7bj/0JtP8yx2VtuQc887zD6u/uw21Gjz883f+G33Yv4nvGxiY+O4Bfny8c95BH8BdGvo1J9jx/jHW/QC+9v+6lpxj3vlG8h+6LY46fNpMQ7fxkbdBYyM/zm9cZdbdhw/h24+3gYGhu7h/2lb+V7TkHPMsMPDu+/mBB8ca77S33t5vjv30wMDYzwwMjP3swMDYzw0MjP38wMDYL3zQLvX/X3PMOf2cQ7f3EZeHs494LE9Aj4u9V39+r4GBgSHD5hn7zWHHi3GmGHFMqKqqqv/s5phz+rng+D/Gex3/t9p6jps7/ldVVf3vbb455px+6HF8pOP/OO91/P/u9devMex3/7PPNOxWb36wd6Kqqqr+S80zHx7/J3iv4//4O1y7X8f/qqqq/70tuuDbx/9xRjr+T/Jex/815r/9kuHzjfi+4Y13LPLt548Nn/7aO6aP+o7pr75j+uB3LOed84/+jukvv2P6GAMDYz88fPrr/5g89tNDb/Ovyxn7xX88H2fS0d4x/aV3TB/9HdNfHr5OQ6cPecf0N94x/xj/mD7O0P+mGP51X3mPoa6qqvqPadHp55lr4B3Psx8+ecQT+/F5oUcfvfUdH9T6VlVVVVVVVdV/vTefOPXMf/zN9ycG3vG3q3//G9bhvxcYdMzZV1/9ga3of0aD/vX3IVt80Ov0/29Dncc4bIqBgbWW+KBXpT6A/tf8rXr9j5S/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+Yt7l/P/f//7/4G7v7jD8Flnmez2exb7xy0nHVht+Gc33T7nQqt9AOv+AfR/9fz/wGqDBgaG+04w1HKhORZdfKqBgYHF7rl9shkH/n7dzEOvm3WiUd/+Y86Bgane/n/wpO+y5OHvsvD2mztM8vdlHPP28ud7a99RB420Eu9otrPuPXDVJV+aYeSPn3/3+/H395dY6sV9pxzxtyyjjDTTGO9y4xHLH3FfRnYevu5TDV33qTdYc52p1994k6+stubyq6y0ykprTTfdtDNMP+MM031tlqlXXm2NlaYZ9v+7jNmwt64Y9f2M2Tgjj9kTc7xzzEa+bxOedCCO2b++q8c/LeLtJZ4z24OXjhiz0d7nmI34eqO+95hNsdrwLzTpwOCB5d4emkEDA5OONnhgo6EXph0yMDDp4OHzTjp03m9MNMrAwI7/uKODhr/Y6LB5Bm0xdJ7/sPctmWX4iGw6Yr6RX2d95BX9d+9bcvw4u9w+0vuW/E/1/3T8/xevmQf9faBGvAHC8HmGeX3A7zPxL+s7xWhvH+TebX3f43Vx3o4eX2uu+sgS/12vi0PrO857rO97vI7fu67vVNM+tcewRf23re9I+7oFhl35fvZ1A++9rxuVbr/SFZOPvK+b/91X8Z+24xFjNGSkmd5tX7fj/OdsPnT5A++9r1tgteEvHvCPfd0oAwOTjjpiXzd0xzf64IEdh16YbuiFIYMHDhl6Yfq3L4w5cPbQC19dYe01Vhz09ssMDF/uNEOXO/tEg4ZtQDccuOqQXd56a7Th6/Li2P+8rsMfH1O883g+x0TDB3P4bUcsd+isI5b78jbDrht9+HJf+i8sd8RtaX0nPWPYdUOGL/flkZY7+D2WO+K2/7I9TDXon56oCvubD/R9jWj7HeM91vc9XocbH29vu0+57IP/Da/DPejd1ne0917fd3vfkHdd30cvfWyf/67XDafH2d17D3usjDH8cfbGf+HxO+K2I+/Hhr0QyLDd/hjvZz82xb/sx7YcdZSRBvsdvdv3uSvC/MO3iL8vbcUDXlptxNgPHmm5/+773Hfcl0GwH5tgpJ/nBm2+z8AgGvOH13huwzd3fu8xHzzwzz9bjBjzEbd9rzEf8n7G/OPvPeYjf5/8bmM+1WeGXT94pPV/55gvstvsN4wY89FHWu6/G/Mh733s+NcxHxgYTGO+42TDxu299qfvNuYjbjtizId+nVknGm1g7oGBgSmHj/no72fMJ/3veZyPBfMP+3ylv096esaFvzxizEce43835qP/F8d8s7v//jif8u3rPj3KwOijD2y0/AYbrDftsP9HXJxu2P+8L3p6xWHj/F7H0nczGnHb99ouRns/RhO8L6NB/85ostHezegfm9aoBy76zP/rvmi0/6rR2bwvOmXeYeP2Xt8XvduYj7gtHQcnecftR/459D1ePwvv09vjM/+2I37e+094/awRP+/+r3z9rBG/k1xt5J18vd/6/b+7/N3l7y5/d/mLe5fz/1OMOP//1jj7f3j4D52Dr5j55tk/6PX9gPs/ff5/uO8/nf+f/eaZrxj6o9Xw697z/Oywef4jz8/ONOzDxI+MmG/k84Mjr+i/Oz+7964bXPH/0fnZ/6dGbKvv4+fi9v/u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/ce9y/n+aEc8DeGDxhb43/ETo4E2nPXLTD3p9P+D+T5//H+77T+f/Nz1y2k1HGfj7de95/n/YPI7z//cuuPky/8nn/0dsq53/r39T/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eUv7l3O/88+4nkAh88292dHPB/guu323eODXt8PuP+r5/97/39v7f/d5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+4oaf/x8Y6W0SF+5xgcH5///dvYv/IvljFv9F88cs/ovlj1n8F88fs/gvkT9m8f9+/pjF/wf5Yxb/JfPHLP5L5Y9Z/H+YP2bx/1H+mMV/6fwxi/8y+WMW/2Xzxyz+P84fs/gvlz9m8V8+f8zi/5P8MYv/CvljFv8V88cs/ivlj1n8V84fs/ivkj9m8V81f8ziv1r+mMX/p/ljFv/V88cs/mvkj1n818wfs/ivlT9m8V87f8ziv07+mMV/3fwxi/96+WMW//Xzxyz+G+SPWfx/lj9m8f95/pjFf8P8MYv/RvljFv+N88cs/pvkj1n8f5E/ZvH/Zf6YxX/T/DGL/2b5Yxb/zfPHLP5b5I9Z/LfMH7P4/yp/zOK/Vf6Yxf/X+WMW/63zxyz+v8kfs/hvkz9m8d82f8ziv13+mMV/+/wxi/9v88cs/r/LH7P475A/ZvH/ff6Yxf8P+WMW/x3zxyz+O+WPWfz/mD9m8d85f8ziv0v+mMV/1/wxi/+f8scs/n/OH7P475Y/ZvH/S/6YxX/3/DGL/x75Yxb/PfPHLP5/zR+z+O+VP2bx3zt/zOK/T/6YxX/f/DGL/375Yxb//fPHLP4H5I9Z/A/MH7P4H5Q/ZvE/OH/M4n9I/pjF/9D8MYv/YfljFv/D88cs/kfkj1n8j8wfs/gflT9m8T86f8zif0z+mMX/2Pwxi/9x+WMW/+Pzxyz+J+SPWfxPzB+z+J+UP2bxPzl/zOJ/Sv6Yxf9v+WMW/1Pzxyz+p+WPWfxPzx+z+J+RP2bxPzN/zOJ/Vv6Yxf/s/DGL/zn5Yxb/c/PHLP7n5Y9Z/M/PH7P4X5A/ZvG/MH/M4n9R/pjF/+L8MYv/JfljFv9L88cs/pflj1n8L88fs/hfkT9m8b8yf8zif1X+mMX/6vwxi/81+WMW/2vzxyz+1+WPWfyvzx+z+N+QP2bxvzF/zOJ/U/6Yxf/m/DGL/y35Yxb/W/PHLP635Y9Z/G/PH7P435E/ZvG/M3/M4n9X/pjF/+78MYv/PfljFv9788cs/vflj1n8788fs/g/kD9m8X8wf8zi/1D+mMX/4fwxi/8j+WMW/0fzxyz+j+WPWfwfzx+z+D+RP2bxfzJ/zOL/VP6Yxf/p/DGL/zP5Yxb/Z/PHLP7P5Y9Z/J/PH7P4v5A/ZvF/MX/M4v9S/pjF/+X8MYv/K/ljFv9X88cs/q/lj1n8X88fs/i/kT9m8X8zf8zi/1b+mMR/0ED+mMV/UP6YxX+U/DGL/6j5Yxb/0fLHLP6D88cs/qPnj1n8h+SPWfzHyB+z+I+ZP2bxHyt/zOI/dv6YxX+c/DGL/7j5Yxb/8fLHLP7j549Z/CfIH7P4T5g/ZvGfKH/M4j9x/pjFf5L8MYv/h/LHLP4fzh+z+H8kf8ziP2n+mMX/o/ljFv/J8scs/h/LH7P4fzx/zOI/ef6Yxf8T+WMW/0/mj1n8p8gfs/h/Kn/M4v/p/DGL/2fyxyz+U+aPWfw/mz9m8f9c/pjF//P5Yxb/qfLHLP5fyB+z+H8xf8zi/6X8MYv/l/PHLP5fyR+z+H81f8ziP3X+mMV/mvwxi/+0+WMW/+nyxyz+0+ePWfxnyB+z+H8tf8ziP2P+mMV/pvwxi//M+WMW/1nyxyz+X88fs/jPmj9m8f9G/pjFf7b8MYv/N/PHLP7fyh+z+M+eP2bxnyN/zOI/Z/6YxX+u/DGL/7fzxyz+c+ePWfznyR+z+M+bP2bx/07+mMV/vvwxi/9388cs/vPnj1n8F8gfs/gvmD9m8V8of8zi/738MYv/wvljFv9F8scs/ovmj1n8F8sfs/gvnj9m8V8if8zi//38MYv/D/LHLP5L5o9Z/JfKH7P4/zB/zOL/o/wxi//S+WMW/2Xyxyz+y+aPWfx/nD9m8V8uf8ziv3z+mMX/J/ljFv8V8scs/ivmj1n8V8ofs/ivnD9m8V8lf8ziv2r+mMV/tfwxi/9P88cs/qvnj1n818gfs/ivmT9m8V8rf8ziv3b+mMV/nfwxi/+6+WMW//Xyxyz+6+ePWfw3yB+z+P8sf8zi//P8MYv/hvljFv+N8scs/hvnj1n8N8kfs/j/In/M4v/L/DGL/6b5Yxb/zfLHLP6b549Z/LfIH7P4b5k/ZvH/Vf6YxX+r/DGL/6/zxyz+W+ePWfx/kz9m8d8mf8ziv23+mMV/u/wxi//2+WMW/9/mj1n8f5c/ZvHfIX/M4v/7/DGL/x/yxyz+O+aPWfx3yh+z+P8xf8ziv3P+mMV/l/wxi/+u+WMW/z/lj1n8/5w/ZvHfLX/M4v+X/DGL/+75Yxb/PfLHLP575o9Z/P+aP2bx3yt/zOK/d/6YxX+f/DGL/775Yxb//fLHLP77549Z/A/IH7P4H5g/ZvE/KH/M4n9w/pjF/5D8MYv/ofljFv/D8scs/ofnj1n8j8gfs/gfmT9m8T8qf8zif3T+mMX/mPwxi/+x+WMW/+Pyxyz+x+ePWfxPyB+z+J+YP2bxPyl/zOJ/cv6Yxf+U/DGL/9/yxyz+p+aPWfxPyx+z+J+eP2bxPyN/zOJ/Zv6Yxf+s/DGL/9n5Yxb/c/LHLP7n5o9Z/M/LH7P4n58/ZvG/IH/M4n9h/pjF/6L8MYv/xfljFv9L8scs/pfmj1n8L8sfs/hfnj9m8b8if8zif2X+72zLEZ9Y/K/KH7P4X50/ZvG/Jn/M4n9t/pjF/7r8MYv/9fljFv8b8scs/jfmj1n8b8ofs/jfnD9m8b8lf8zif2v+mMX/tvwxi//t+WMW/zvyxyz+d+aPWfzvyh+z+N+dP2bxvyd/bIT/kIGBgf/L/vfmj1m2//vyxyz+9+ePWfwfyB+z+D+YP2bxfyh/zOL/cP6Yxf+R/DGL/6P5Yxb/x/LHLP6P549Z/J/IH7P4P5k/ZvF/Kn/M4v90/pjF/5n8MYv/s/ljFv/n8scs/s/nj1n8X8gfs/i/mD9m8X8pf8zi/3L+mMX/lfwxi/+r+WMW/9fyxyz+r+ePWfzfyB+z+L+ZP2bxfyt/TOL/9qf5/2sW/0H5Yxb/UfLHLP6j5o9Z/EfLH7P4D84fs/iPnj9m8R+SP2bxHyN/zOI/Zv6YxX+s/DGL/9j5Yxb/cfLHLP7j5o9Z/MfLH7P4j58/ZvGfIH/M4j9h/pjFf6L8MYv/xPljFv9J8scs/h/KH7P4fzh/zOL/kfwxi/+k+WMW/4/mj1n8J8sfs/h/LH/M4v/x/DGL/+T5Yxb/T+SPWfw/mT9m8Z8if8zi/6n8MYv/p/PHLP6fyR+z+E+ZP2bx/2z+mMX/c/ljFv/P549Z/KfKH7P4fyF/zOL/xfwxi/+X8scs/l/OH7P4fyV/zOL/1fwxi//U+WMW/2nyxyz+0+aPWfynyx+z+E+fP2bxnyF/zOL/tfwxi/+M+WMW/5nyxyz+M+ePWfxnyR+z+H89f8ziP2v+mMX/G/ljFv/Z8scs/t/MH7P4fyt/zOI/e/6YxX+O/DGL/5z5Yxb/ufLHLP7fzh+z+M+dP2bxnyd/zOI/b/6Yxf87+WMW//nyxyz+380fs/jPnz9m8V8gf8ziv2D+mMV/ofwxi//38scs/gvnj1n8F8kfs/gvmj9m8V8sf8ziv3j+mMV/ifwxi//388cs/j/IH7P4L5k/ZvFfKn/M4v/D/DGL/4/yxyz+S+ePWfyXyR+z+C+bP2bx/3H+mMV/ufwxi//y+WMW/5/kj1n8V8gfs/ivmD9m8V8pf8ziv3L+mMV/lfwxi/+q+WMW/9Xyxyz+P80fs/ivnj9m8V8jf8ziv2b+mMV/rfwxi//a+WMW/3Xyxyz+6+aPWfzXyx+z+K+fP2bx3yB/zOL/s/wxi//P88cs/hvmj1n8N8ofs/hvnD9m8d8kf8zi/4v8MYv/L/PHLP6b5o9Z/DfLH7P4b54/ZvHfIn/M4r9l/pjF/1f5Yxb/rfLHLP6/zh+z+G+dP2bx/03+mMV/m/wxi/+2+WMW/+3yxyz+2+ePWfx/mz9m8f9d/pjFf4f8MYv/7/PHLP5/yB+z+O+YP2bx3yl/zOL/x/wxi//O+WMW/13yxyz+u+aPWfz/lD9m8f9z/pjFf7f8MYv/X/LHLP67549Z/PfIH7P475k/ZvH/a/6YxX+v/DGL/975Yxb/ffLHLP775o9Z/PfLH7P4758/ZvE/IH/M4n9g/pjF/6D8MYv/wfljFv9D8scs/ofmj1n8D8sfs/gfnj9m8T8if8zif2T+mMX/qPwxi//R+WMW/2Pyxyz+x+aPWfyPyx+z+B+fP2bxPyF/zOJ/Yv6Yxf+k/DGL/8n5Yxb/U/LHLP5/yx+z+J+aP2bxPy1/zOJ/ev6Yxf+M/DGL/5n5Yxb/s/LHLP5n549Z/M/JH7P4n5s/ZvE/L3/M4n9+/pjF/4L8MYv/hfljFv+L8scs/hfnj1n8L8kfs/hfmj9m8b8sf8zif3n+mMX/ivwxi/+V+WMW/6vyxyz+V+ePWfyvyR+z+F+bP2bxvy5/zOJ/ff6Yxf+G/DGL/435Yxb/m/LHLP43549Z/G/JH7P435o/ZvG/LX/M4n97/pjF/478MYv/nfljFv+78scs/nfnj1n878kfs/jfmz9m8b8vf8zif3/+mMX/gfwxi/+D+WMW/4fyxyz+D+ePWfwfyR+z+D+aP2bxfyx/zOL/eP6Yxf+J/DGL/5P5Yxb/p/LHLP5P549Z/J/JH7P4P5s/ZvF/Ln/M4v98/pjF/4X8MYv/i/ljFv+X8scs/i/nj1n8X8kfs/i/mj9m8X8tf8zi/3r+mMX/jfwxi/+b+WMW/7fyxyT+ow7kj1n8B+WPWfxHyR+z+I+aP2bxHy1/zOI/OH/M4j96/pjFf0j+mMV/jPwxi/+Y+WMW/7Hyxyz+Y+ePWfzHyR+z+I+bP2bxHy9/zOI/fv6YxX+C/DGL/4T5Yxb/ifLHLP4T549Z/CfJH7P4fyh/zOL/4fwxi/9H8scs/pPmj1n8P5o/ZvGfLH/M4v+x/DGL/8fzxyz+k+ePWfw/kT9m8f9k/pjFf4r8MYv/p/LHLP6fzh+z+H8mf8ziP2X+mMX/s/ljFv/P5Y9Z/D+fP2bxnyp/zOL/hfwxi/8X88cs/l/KH7P4fzl/zOL/lfwxi/9X88cs/lPnj1n8p8kfs/hPmz9m8Z8uf8ziP33+mMV/hvwxi//X8scs/jPmj1n8Z8ofs/jPnD9m8Z8lf8zi//X8MYv/rPljFv9v5I9Z/GfLH7P4fzN/zOL/rfwxi//s+WMW/znyxyz+c+aPWfznyh+z+H87f8ziP3f+mMV/nvwxi/+8+WMW/+/kj1n858sfs/h/N3/M4j9//pjFf4H8MYv/gvljFv+F8scs/t/LH7P4L5w/ZvFfJH/M4r9o/pjFf7H8MYv/4vljFv8l8scs/t/PH7P4/yB/zOK/ZP6YxX+p/DGL/w/zxyz+P8ofs/gvnT9m8V8mf8ziv2z+mMX/x/ljFv/l8scs/svnj1n8f5I/ZvFfIX/M4r9i/pjFf6X8MYv/yvljFv9V8scs/qvmj1n8V8sfs/j/NH/M4r96/pjFf438MYv/mvljFv+18scs/mvnj1n818kfs/ivmz9m8V8vf8ziv37+mMV/g/wxi//P8scs/j/PH7P4b5g/ZvHfKH/M4r9x/pjFf5P8MYv/L/LHLP6/zB+z+G+aP2bx3yx/zOK/ef6YxX+L/DGL/5b5Yxb/X+WPWfy3yh+z+P86f8ziv3X+mMX/N/ljFv9t8scs/tvmj1n8t8sfs/hvnz9m8f9t/pjF/3f5Yxb/HfLHLP6/zx+z+P8hf8ziv2P+mMV/p/wxi/8f88cs/jvnj1n8d8kfs/jvmj9m8f9T/pjF/8/5Yxb/3fLHLP5/yR+z+O+eP2bx3yN/zOK/Z/6Yxf+v+WMW/73yxyz+e+ePWfz3yR+z+O+bP2bx3y9/zOK/f/6Yxf+A/DGL/4H5Yxb/g/LHLP4H549Z/A/JH7P4H5o/ZvE/TOX/1vjvd06L/+Eq//efxf+I/DGL/5H5Yxb/o/LHLP5H549Z/I/JH7P4H5s/ZvE/Ln/M4n98/pjF/4T8MYv/ifljFv+T8scs/ifnj1n8T8kfs/gfNCR/yuJ/ats/ZvE/LX/M4n96/pjF/4z8MYv/mfljFv+z8scs/mfnj1n8z8kfs/ifmz9m8T8vf8zif37+mMX/gvwxi/+F+WMW/4vyxyz+F+ePWfwvyR+z+F+aP2bxvyx/zOJ/ef6Yxf+K/DGL/5X5Yxb/q/LHLP5X549Z/K/JH7P4X5s/ZvG/Ln/M4n99/pjF/4b8MYv/jfljFv+b8scs/jfnj1n8b8kfs/jfmj9m8b8tf8zif3v+mMX/jvwxi/+d+WMW/7vyxyz+d+ePWfzvyR+z+N+bP2bxvy9/zOJ/f/6Yxf+B/DGL/4P5Yxb/h/LHLP4P549Z/B/JH7P4P5o/ZvF/LH/M4v94/pjF/4n8MYv/k/ljFv+n8scs/k/nj1n8n8kfs/g/mz9m8X8uf8zi/3z+mMX/hfwxi/+L+WMW/5fyxyz+L+ePWfxfyR+z+L+aP2bxfy1/zOL/ev6Yxf+N/DGL/5v5Yxb/t/LHJP6jDeSPWfwH5Y9Z/EfJH7P4j5o/ZvEfLX/M4j84f8ziP3r+mMV/SP6YxX+M/DGL/5j5Yxb/sfLHLP5j549Z/MfJH7P4j5s/ZvEfL3/M4j9+/pjFf4L8MYv/hPljFv+J8scs/hPnj1n8J8kfs/h/KH/M4v/h/DGL/0fyxyz+k+aPWfw/mj9m8Z8sf8zi/7H8MYv/x/PHLP6T549Z/D+RP2bx/2T+mMV/ivwxi/+n8scs/p/OH7P4fyZ/zOI/Zf6Yxf+z+WMW/8/lj1n8P58/ZvGfKn/M4v+F/DGL/xfzxyz+X8ofs/h/OX/M4v+V/DGL/1fzxyz+U+ePWfynyR+z+E+bP2bxny5/zOI/ff6YxX+G/DGL/9fyxyz+M+aPWfxnyh+z+M+cP2bxnyV/zOL/9fwxi/+s+WMW/2/kj1n8Z8sfs/h/M3/M4v+t/DGL/+z5Yxb/OfLHLP5z5o9Z/OfKH7P4fzt/zOI/d/6YxX+e/DGL/7z5Yxb/7+SPWfznyx+z+H83f8ziP3/+mMV/gfwxi/+C+WMW/4Xyxyz+38sfs/gvnD9m8V8kf8ziv2j+mMV/sfwxi//i+WMW/yXyxyz+388fs/j/IH/M4r9k/pjFf6n8MYv/D/PHLP4/yh+z+C+dP2bxXyZ/zOK/bP6Yxf/H+WMW/+Xyxyz+y+ePWfx/kj9m8V8hf8ziv2L+mMV/pfwxi//K+WMW/1Xyxyz+q+aPWfxXyx+z+P80f8ziv3r+mMV/jfwxi/+a+WMW/7Xyxyz+a+ePWfzXyR+z+K+bP2bxXy9/zOK/fv6YxX+D/DGL/8/yxyz+P88fs/hvmD9m8d8of8ziv3H+mMV/k/wxi/8v8scs/r/MH7P4b5o/ZvHfLH/M4r95/pjFf4v8MYv/lvljFv9f5Y9Z/LfKH7P4/zp/zOK/df6Yxf83+WMW/23yxyz+2+aPWfy3yx+z+G+fP2bx/23+mMX/d/ljFv8d8scs/r/PH7P4/yF/zOK/Y/6YxX+n/DGL/x/zxyz+O+ePWfx3yR+z+O+aP2bx/1P+mMX/z/ljFv/d8scs/n/JH7P4754/ZvHfI3/M4r9n/pjF/6/5Yxb/vfLHLP57549Z/PfJH7P47yv1H/Jvrrf47yf1/3dZ/PfPH7P4H5A/ZvE/MH/M4n9Q/pjF/+D8MYv/IfljFv9D88cs/oflj1n8D88fs/gfkT9m8T8yf8zif1T+mMX/6Pwxi/8x+WMW/2Pzxyz+x+WPWfyPzx+z+J+QP2bxPzF/zOJ/Uv6Yxf/k/DGL/yn5Yxb/v+WPWfxPzR+z+J+WP2bxPz1/zOJ/Rv6Yxf/M/DGL/1n5Yxb/s/PHLP7n5I9Z/M/NH7P4n5c/ZvE/P3/M4n9B/pjF/8L8MYv/RfljFv+L88cs/pfkj1n8L80fs/hflj9m8b88f8zif0X+mMX/yvwxi/9V+WMW/6vzxyz+1+SPWfyvzR+z+F+XP2bxvz5/zOJ/Q/6Yxf/G/DGL/035Yxb/m/PHLP635I9Z/G/NH7P435Y/ZvG/PX/M4n9H/pjF/878MYv/XfljFv+788cs/vfkj1n8780fs/jflz9m8b8/f8zi/0D+mMX/wfwxi/9D+WMW/4fzxyz+j+SPWfwfzR+z+D+WP2bxf/zf+L++2v/0iv1nZvF/ou0fs/g/mT9m8X8qf8zi/3T+mMX/mfwxi/+z+WMW/+fyxyz+z+ePWfxfyB+z+L+YP2bxfyl/zOL/cv6Yxf+V/DGL/6v5Yxb/1/LHLP6v549Z/N/IH7P4v5k/ZvF/K39M4j94IH/M4j8of8ziP0r+mMV/1Pwxi/9o+WMW/8H5Yxb/0fPHLP5D8scs/mPkj1n8x8wfs/iPlT9m8R87f8ziP07+mMV/3Pwxi/94+WMW//Hzxyz+E+SPWfwnzB+z+E+UP2bxnzh/zOI/Sf6Yxf9D+WMW/w/nj1n8P5I/ZvGfNH/M4v/R/DGL/2T5Yxb/j+WPWfw/nj9m8Z88f8zi/4n8MYv/J/PHLP5T5I9Z/D+VP2bx/3T+mMX/M/ljFv8p88cs/p/NH7P4fy5/zOL/+fwxi/9U+WMW/y/kj1n8v5g/ZvH/Uv6Yxf/L+WMW/6/kj1n8v5o/ZvGfOn/M4j9N/pjFf9r8MYv/dPljFv/p88cs/jPkj1n8v5Y/ZvGfMX/M4j9T/pjFf+b8MYv/LPljFv+v549Z/GfNH7P4fyN/zOI/W/6Yxf+b+WMW/2/lj1n8Z88fs/jPkT9m8Z8zf8ziP1f+mMX/2/ljFv+588cs/vPkj1n8580fs/h/J3/M4j9f/pjF/7v5Yxb/+fPHLP4L5I9Z/BfMH7P4L5Q/ZvH/Xv6YxX/h/DGL/yL5Yxb/RfPHLP6L5Y9Z/BfPH7P4L5E/ZvH/fv6Yxf8H+WMW/yXzxyz+S+WPWfx/mD9m8f9R/pjFf+n8MYv/MvljFv9l88cs/j/OH7P4L5c/ZvFfPn/M4v+T/DGL/wr5Yxb/FfPHLP4r5Y9Z/FfOH7P4r5I/ZvFfNX/M4r9a/pjF/6f5Yxb/1fPHLP5r5I9Z/NfMH7P4r5U/ZvFfO3/M4r9O/pjFf938MYv/evljFv/188cs/hvkj1n8f5Y/ZvH/ef6YxX/D/DGL/0b5Yxb/jfPHLP6b5I9Z/H+RP2bx/2X+mMV/0/wxi/9m+WMW/83zxyz+W+SPWfy3zB+z+P8qf8ziv1X+mMX/1/ljFv+t88cs/r/JH7P4b5M/ZvHfNn/M4r9d/pjFf/v8MYv/b/PHLP6/yx+z+O+QP2bx/33+mMX/D/ljFv8d88cs/jvlj1n8/5g/ZvHfOX/M4r9L/pjFf9f8MYv/n/LHLP5/zh+z+O+WP2bx/0v+mMV/9/wxi/8e+WMW/z3zxyz+f80fs/jvlT9m8d87f8ziv0/+mMV/3/wxi/9++WMW//3zxyz+B+SPWfwPzB+z+B+UP2bxPzh/zOJ/SP6Yxf/Q/DGL/2H5Yxb/w/PHLP5H5I9Z/I/MH7P4H5U/ZvE/On/M4n9M/pjF/9j8MYv/cfljFv/j88cs/ifkj1n8T8wfs/iflD9m8T85f8zif0r+mMX/b/ljFv9T88cs/qflj1n8T88fs/ifkT9m8T8zf8zif1b+mMX/7Pwxi/85+WMW/3Pzxyz+5+WPWfzPzx+z+F+QP2bxvzB/zOJ/Uf6Yxf/i/DGL/yX5Yxb/S/PHLP6X5Y9Z/C/PH7P4X5E/ZvG/Mn/M4n9V/pjF/+r8MYv/NfljFv9r88cs/tflj1n8r88fs/jfkD9m8b8xf8zif1P+mMX/5vwxi/8t+WMW/1vzxyz+t+WPWfxvzx+z+N+RP2bxvzN/zOJ/V/6Yxf/u/DGL/z35Yxb/e/PHLP735Y9Z/O/PH7P4P5A/ZvF/MH/M4v9Q/pjF/+H8MYv/I/ljFv9H88cs/o/lj1n8H88fs/g/kT9m8X8yf8zi/1T+mMX/6fwxi/8z+WMW/2fzxyz+z+WPWfyfzx+z+L+QP2bxfzF/zOL/Uv6Yxf/l/DGL/yv5Yxb/V/PHLP6v5Y9Z/F/PH7P4v5E/ZvF/M3/M4v9W/pjEf/SB/DGL/6D8MYv/KPljFv9R88cs/qPlj1n8B+ePWfxHzx+z+A/JH7P4j5E/ZvEfM3/M4j9W/pjFf+z8MYv/OPljFv9x88cs/uPlj1n8x88fs/hPkD9m8Z8wf8ziP1H+mMV/4vwxi/8k+WMW/w/lj1n8P5w/ZvH/SP6YxX/S/DGL/0fzxyz+k+WPWfw/lj9m8f94/pjFf/L8MYv/J/LHLP6fzB+z+E+RP2bx/1T+mMX/0/ljFv/P5I9Z/KfMH7P4fzZ/zOL/ufwxi//n88cs/lPlj1n8v5A/ZvH/Yv6Yxf9L+WMW/y/nj1n8v5I/ZvH/av6YxX/q/DGL/zT5Yxb/afPHLP7T5Y9Z/KfPH7P4z5A/ZvH/Wv6YxX/G/DGL/0z5Yxb/mfPHLP6z5I9Z/L+eP2bxnzV/zOL/jfwxi/9s+WMW/2/mj1n8v5U/ZvGfPX/M4j9H/pjFf878MYv/XPljFv9v549Z/OfOH7P4z5M/ZvGfN3/M4v+d/DGL/3z5Yxb/7+aPWfznzx+z+C+QP2bxXzB/zOK/UP6Yxf97+WMW/4Xzxyz+i+SPWfwXzR+z+C+WP2bxXzx/zOK/RP6Yxf/7+WMW/x/kj1n8l8wfs/gvlT9m8f9h/pjF/0f5Yxb/pfPHLP7L5I9Z/JfNH7P4/zh/zOK/XP6YxX/5/DGL/0/yxyz+K+SPWfxXzB+z+K+UP2bxXzl/zOK/Sv6YxX/V/DGL/2r5Yxb/n+aPWfxXzx+z+K+RP2bxXzN/zOK/Vv6YxX/t/DGL/zr5Yxb/dfPHLP7r5Y9Z/NfPH7P4b5A/ZvH/Wf6Yxf/n+WMW/w3zxyz+G+WPWfw3zh+z+G+SP2bx/0X+mMX/l/ljFv9N88cs/pvlj1n8N88fs/hvkT9m8d8yf8zi/6v8MYv/VvljFv9f549Z/LfOH7P4/yZ/zOK/Tf6YxX/b/DGL/3b5Yxb/7fPHLP6/zR+z+P8uf8ziv0P+mMX/9/ljFv8/5I9Z/HfMH7P475Q/ZvH/Y/6YxX/n/DGL/y75Yxb/XfPHLP5/yh+z+P85f8ziv1v+mMX/L/ljFv/d88cs/nvkj1n898wfs/j/NX/M4r9X/pjFf+/8MYv/PvljFv9988cs/vvlj1n8988fs/gfkD9m8T8wf8zif1D+mMX/4Pwxi/8h+WMW/0Pzxyz+h+WPWfwPzx+z+B+RP2bxPzJ/zOJ/VP6Yxf/o/DGL/zH5Yxb/Y/PHLP7H5Y9Z/I/PH7P4n5A/ZvE/MX/M4n9S/pjF/+T8MYv/KfljFv+/5Y9Z/E/NH7P4n5Y/ZvE/PX/M4n9G/pjF/8z8MYv/WfljFv+z88cs/ufkj1n8z80fs/iflz9m8T8/f8zif0H+mMX/wvwxi/9F+WMW/4vzxyz+l+SPWfwvzR+z+F+WP2bxvzx/zOJ/Rf6Yxf/K/DGL/1X5Yxb/q/PHLP7X5I9Z/K/NH7P4X5c/ZvG/Pn/M4n9D/pjF/8b8MYv/TfljFv+b88cs/rfkj1n8b80fs/jflj9m8b89f8zif0f+mMX/zvwxi/9d+WMW/7vzxyz+9+SPWfzvzR+z+N+XP2bxvz9/zOL/QP6Yxf/B/DGL/0P5Yxb/h/PHLP6P5I9Z/B/NH7P4P5Y/ZvF/PH/M4v9E/pjF/8n8MYv/U/ljFv+n88cs/s/kj1n8n80fs/g/lz9m8X8+f8zi/0L+mMX/xfwxi/9L+WMW/5fzxyz+r+SPWfxfzR+z+L+WP2bxfz1/zOL/Rv6Yxf/N/DGL/1v5YxL/IQP5Yxb/QfljFv9R8scs/qPmj1n8R8sfs/gPzh+z+I+eP2bxH5I/ZvEfI3/M4j9m/pjFf6z8MYv/2PljFv9x8scs/uPmj1n8x8sfs/iPnz9m8Z8gf8ziP2H+mMV/ovwxi//E+WMW/0nyxyz+H8ofs/h/OH/M4v+R/DGL/6T5Yxb/j+aPWfwnyx+z+H8sf8zi//H8MYv/5PljFv9P5I9Z/D+ZP2bxnyJ/zOL/qfwxi/+n88cs/p/JH7P4T5k/ZvH/bP6Yxf9z+WMW/8/nj1n8p8ofs/h/IX/M4v/F/DGL/5fyxyz+X84fs/h/JX/M4v/V/DGL/9T5Yxb/afLHLP7T5o9Z/KfLH7P4T58/ZvGfIX/M4v+1/DGL/4z5Yxb/mfLHLP4z549Z/GfJH7P4fz1/zOI/a/6Yxf8b+WMW/9nyxyz+38wfs/h/K3/M4j97/pjFf478MYv/nPljFv+58scs/t/OH7P4z50/ZvGfJ3/M4j9v/pjF/zv5Yxb/+fLHLP7fzR+z+M+fP2bxXyB/zOK/YP6YxX+h/DGL//fyxyz+C+ePWfwXyR+z+C+aP2bxXyx/zOK/eP6YxX+J/DGL//fzxyz+P8gfs/gvmT9m8V8qf8zi/8P8MYv/j/LHLP5L549Z/JfJH7P4L5s/ZvH/cf6YxX+5/DGL//L5Yxb/n+SPWfxXyB+z+K+YP2bxXyl/zOK/cv6YxX+V/DGL/6r5Yxb/1fLHLP4/zR+z+K+eP2bxXyN/zOK/Zv6YxX+t/DGL/9r5Yxb/dfLHLP7r5o9Z/NfLH7P4r58/ZvHfIH/M4v+z/DGL/8/zxyz+G+aPWfw3yh+z+G+cP2bx3yR/zOL/i/wxi/8v88cs/pvmj1n8N8sfs/hvnj9m8d8if8ziv2X+mMX/V/ljFv+t8scs/r/OH7P4b50/ZvH/Tf6YxX+b/DGL/7b5Yxb/7fLHLP7b549Z/H+bP2bx/13+mMV/h/wxi//v88cs/n/IH7P475g/ZvHfKX/M4v/H/DGL/875Yxb/XfLHLP675o9Z/P+UP2bx/3P+mMV/t/wxi/9f8scs/rvnj1n898gfs/jvmT9m8f9r/pjFf6/8MYv/3vljFv998scs/vvmj1n898sfs/jvnz9m8T8gf8zif2D+mMX/oPwxi//B+Y9o9HdesPgfkj9m8T80f8zif1j+mMX/8Pwxi/8R+WMW/yPzxyz+R+WPWfyPzh+z+B+TP2bxPzZ/zOJ/XP6Yxf/4/DGL/wn5Yxb/E/PHLP4n5Y9Z/E/OH7P4n5I/ZvH/W/6Yxf/U/DGL/2n5Yxb/0/PHLP5n5I9Z/M/MH7P4n5U/ZvE/O3/M4n9O/pjF/9z8MYv/efljFv/z88cs/hfkj1n8L8wfs/hflD9m8b84f8zif0n+mMX/0vwxi/9l+WMW/8vzxyz+V+SPWfyvzB+z+F+VP2bxvzp/zOJ/Tf6Yxf/a/DGL/3X5Yxb/6/PHLP435I9Z/G/MH7P435Q/ZvG/OX/M4n9L/pjF/9b8MYv/bfljFv/b88cs/nfkj1n878wfs/jflT9m8b87f8zif0/+mMX/3vwxi/99+WMW//vzxyz+D+SPWfwfzB+z+D+UP2bxfzh/zOL/SP6Yxf/R/DGL/2P5Yxb/x/PHLP5PmPxHff+zWvyfNPn/F7L4P5U/ZvF/On/M4v9M/pjF/9n8MYv/c/ljFv/n88cs/i/kj1n8X8wfs/i/lD9m8X85f8zi/0r+mMX/1fwxi/9r+WMW/9fzxyz+b+SPWfzfzB+z+L+VPybxH2Mgf8ziPyh/zOI/Sv6YxX/U/DGL/2j5Yxb/wfljFv/R88cs/kPyxyz+Y+SPWfzHzB+z+I+VP2bxHzt/zOI/Tv6YxX/c/DGL/3j5Yxb/8fPHLP4T5I9Z/CfMH7P4TyT2f2vzd7/O4j+x2P+9svhPkj9m8f9Q/pjF/8P5Yxb/j+SPWfwnzR+z+H80f8ziP1n+mMX/Y/ljFv+P549Z/CfPH7P4fyJ/zOL/yfwxi/8U+WMW/0/lj1n8P50/ZvH/TP6YxX/K/DGL/2fzxyz+n8sfs/h/Pn/M4j9V/pjF/wv5Yxb/L+aPWfy/lD9m8f9y/pjF/yv5Yxb/r+aPWfynzh+z+E+TP2bxnzZ/zOI/Xf6YxX/6/DGL/wz5Yxb/r+WPWfxnzB+z+M+UP2bxnzl/zOI/S/6Yxf/r+WMW/1nzxyz+38gfs/jPlj9m8f9m/pjF/1v5Yxb/2fPHLP5z5I9Z/OfMH7P4z5U/ZvH/dv6YxX/u/DGL/zz5Yxb/efPHLP7fyR+z+M+XP2bx/27+mMV//vwxi/8C+WMW/wXzxyz+C+WPWfy/lz9m8V84f8ziv0j+mMV/0fwxi/9i+WMW/8Xzxyz+S+SPWfy/nz9m8f9B/pjFf8n8MYv/UvljFv8f5o9Z/H+UP2bxXzp/zOK/TP6YxX/Z/DGL/4/zxyz+y+WPWfyXzx+z+P8kf8ziv0L+mMV/xfwxi/9K+WMW/5Xzxyz+q+SPWfxXzR+z+K+WP2bx/2n+mMV/9fwxi/8a+WMW/zXzxyz+a+WPWfzXzh+z+K+TP2bxXzd/zOK/Xv6YxX/9/DGL/wb5Yxb/n+WPWfx/nj9m8d8wf8ziv1H+mMV/4/wxi/8m+WMW/1/kj1n8f5k/ZvHfNH/M4r9Z/pjFf/P8MYv/FvljFv8t88cs/r/KH7P4b5U/ZvH/df6YxX/r/DGL/2/yxyz+2+SPWfy3zR+z+G+XP2bx3z5/zOL/2/wxi//v8scs/jvkj1n8f58/ZvH/Q/6YxX/H/DGL/075Yxb/P+aPWfx3zh+z+O+SP2bx3zV/zOL/p/wxi/+f88cs/rvlj1n8/5I/ZvHfPX/M4r9H/pjFf8/8MYv/X/PHLP575Y9Z/PfOH7P475M/ZvHfN3/M4r9f/pjFf//8MYv/AfljFv8D88cs/gflj1n8D84fs/gfkj9m8T80f8zif1j+mMX/8Pwxi/8R+WMW/yPzxyz+R+WPWfyPzh+z+B+TP2bxPzZ/zOJ/XP6Yxf/4/DGL/wn5Yxb/E/PHLP4n5Y9Z/E/OH7P4n5I/ZvH/W/6Yxf/U/DGL/2n5Yxb/0/PHLP5n5I9Z/M/MH7P4n5U/ZvE/O3/M4n9O/pjF/9z8MYv/efljFv/z88cs/hfkj1n8L8wfs/hflD9m8b84f8zif0n+mMX/0vwxi/9l+WMW/8vzxyz+V+SPWfyvzB+z+F+VP2bxvzp/zOJ/Tf6Yxf/a/DGL/3X5Yxb/6/PHLP435I9Z/G/MH7P435Q/ZvG/OX/M4n9L/pjF/9b8MYv/bfljFv/b88cs/nfkj1n878wfs/jflT9m8b87f8zif0/+mMX/3vwxi/99+WMW//vzxyz+D+SPWfwfzB+z+D+UP2bxfzh/zOL/SP6Yxf/R/DGL/2P5Yxb/x/PHLP5P5I9Z/J/MH7P4P5U/ZvF/On/M4v9M/pjF/9n8MYv/c/ljFv/n88cs/i/kj1n8X8wfs/i/lD9m8X85f8zi/0r+mMX/1fwxi/9r+WMW/9fzxyz+b+SPWfzfzB+z+L+VPybxH3Mgf8ziPyh/zOI/Sv6YxX/U/DGL/2j5Yxb/wfljFv/R88cs/kPyxyz+Y+SPWfzHzB+z+I+VP2bxHzt/zOI/Tv6YxX/c/DGL/3j5Yxb/8fPHLP4T5I9Z/CfMH7P4T5Q/ZvGfOH/M4j9J/pjF/0P5Yxb/D+ePWfw/kj9m8Z80f8zi/9H8MYv/ZPljFv+P5Y9Z/D+eP2bxnzx/zOL/ifwxi/8n88cs/lPkj1n8P5U/ZvH/dP6Yxf8z+WMW/ynzxyz+n80fs/h/Ln/M4v/5/DGL/1T5Yxb/L+SPWfy/mD9m8f9S/pjF/8v5Yxb/r+SPWfy/mj9m8Z86f8ziP03+mMV/2vwxi/90+WMW/+nzxyz+M+SPWfy/lj9m8Z8xf8ziP1P+mMV/5vwxi/8s+WMW/6/nj1n8Z80fs/h/I3/M4j9b/pjF/5v5Yxb/b+WPWfxnzx+z+M+RP2bxnzN/zOI/V/6Yxf/b+WMW/7nzxyz+8+SPWfznzR+z+H8nf8ziP1/+mMX/u/ljFv/588cs/gvkj1n8F8wfs/gvlD9m8f9e/pjFf+H8MYv/IvljFv9F88cs/ovlj1n8F88fs/gvkT9m8f9+/pjF/wf5Yxb/JfPHLP5L5Y9Z/H+YP2bx/1H+mMV/6fwxi/8y+WMW/2Xzxyz+P84fs/gvlz9m8V8+f8zi/5P8MYv/CvljFv8V88cs/ivlj1n8V84fs/ivkj9m8V81f8ziv1r+mMX/p/ljFv/V88cs/mvkj1n818wfs/ivlT9m8V87f8ziv07+mMV/3fwxi/96+WMW//Xzxyz+G+SPWfx/lj9m8f95/pjFf8P8MYv/RvljFv+N88cs/pvkj1n8f5E/ZvH/Zf6YxX/T/DGL/2b5Yxb/zfPHLP5b5I9Z/LfMH7P4/yp/zOK/Vf6Yxf/X+WMW/63zxyz+v8kfs/hvkz9m8d82f8ziv13+mMV/+/wxi/9v88cs/r/LH7P475A/ZvH/ff6Yxf8P+WMW/x3zxyz+O+WPWfz/mD9m8d85f8ziv0v+mMV/1/wxi/+f8scs/n/OH7P475Y/ZvH/S/6YxX/3/DGL/x75Yxb/PfPHLP5/zR+z+O+VP2bx3zt/zOK/T/6YxX/f/DGL/375Yxb//fPHLP4H5I9Z/A/MH7P4H5Q/ZvE/OH/M4n9I/pjF/9D8MYv/YfljFv/D88cs/kfkj1n8j8wfs/gflT9m8T86f8zif0z+mMX/2Pwxi/9x+WMW/+Pzxyz+J+SPWfxPzB+z+J+UP2bxPzl/zOJ/ynv6j/k/v17/oVn8/9b2j1n8T80fs/iflj9m8T89f8zif0b+mMX/zPwxi/9Z+WMW/7Pzxyz+5+SPWfzPzR+z+J+XP2bxPz9/zOJ/Qf6Yxf/C/DGL/0X5Yxb/i/PHLP6X5I9Z/C/NH7P4X5Y/ZvG/PH/M4n9F/pjF/8r8MYv/VfljFv+r88cs/tfkj1n8r80fs/hflz9m8b8+f8zif0P+mMX/xvwxi/9N+WMW/5vzxyz+t+SPWfxvzR+z+N+WP2bxvz1/zOJ/R/6Yxf/O/DGL/135Yxb/u/PHLP735I9Z/O/NH7P435c/ZvG/P3/M4v9A/pjF/8H8MYv/Q/ljFv+H88cs/o/kj1n8H80fs/g/lj9m8X88f8zi/0T+mMX/yfwxi/9T+WMW/6fzxyz+z+SPWfyfzR+z+D+XP2bxfz5/zOL/Qv6Yxf/F/DGL/0v5Yxb/l/PHLP6v5I9Z/F/NH7P4v5Y/ZvF/PX/M4v9G/pjF/838MYv/W/ljEv+xBvLHLP6D8scs/qPkj1n8R80fs/iPlj9m8R+cP2bxHz1/zOI/JH/M4j9G/pjFf8z8MYv/WPljFv+x88cs/uPkj1n8x80fs/iPlz9m8R8/f8ziP0H+mMV/wvwxi/9E+WMW/4nzxyz+k+SPWfw/lD9m8f9w/pjF/yP5Yxb/SfPHLP4fzR+z+E+WP2bx/1j+mMX/4/ljFv/J88cs/p/IH7P4fzJ/zOI/Rf6Yxf9T+WMW/0/nj1n8P5M/ZvGfMn/M4v/Z/DGL/+fyxyz+n88fs/hPlT9m8f9C/pjF/4v5Yxb/L+WPWfy/nD9m8f9K/pjF/6v5Yxb/qfPHLP7T5I9Z/KfNH7P4T5c/ZvGfPn/M4j9D/pjF/2v5Yxb/GfPHLP4z5Y9Z/GfOH7P4z5I/ZvH/ev6YxX/W/DGL/zfyxyz+s+WPWfy/mT9m8f9W/pjFf/b8MYv/HPljFv8588cs/nPlj1n8v50/ZvGfO3/M4j9P/pjFf978MYv/d/LHLP7z5Y9Z/L+bP2bxnz9/zOK/QP6YxX/B/DGL/0L5Yxb/7+WPWfwXzh+z+C+SP2bxXzR/zOK/WP6YxX/x/DGL/xL5Yxb/7+ePWfx/kD9m8V8yf8ziv1T+mMX/h/ljFv8f5Y9Z/JfOH7P4L5M/ZvFfNn/M4v/j/DGL/3L5Yxb/5fPHLP4/yR+z+K+QP2bxXzF/zOK/Uv6YxX/l/DGL/yr5Yxb/VfPHLP6r5Y9Z/H+aP2bxXz1/zOK/Rv6YxX/N/DGL/1r5Yxb/tfPHLP7r5I9Z/NfNH7P4r5c/ZvFfP3/M4r9B/pjF/2f5Yxb/n+ePWfw3zB+z+G8k8x/yPuez+G8s83+/Wfw3yR+z+P8if8zi/8v8MYv/pvljFv/N8scs/pvnj1n8t8gfs/hvmT9m8f9V/pjFf6v8MYv/r/PHLP5b549Z/H+TP2bx3yZ/zOK/bf6YxX+7/DGL//b5Yxb/3+aPWfx/lz9m8d8hf8zi//v8MYv/H/LHLP475o9Z/HfKH7P4/zF/zOK/c/6YxX+X/DGL/675Yxb/P+WPWfz/nD9m8d8tf8zi/5f8MYv/7vljFv898scs/nvmj1n8/5o/ZvHfK3/M4r93/pjFf5/8MYv/vvljFv/98scs/vvnj1n8D8gfs/gfmD9m8T8of8zif3D+mMX/kPwxi/+h+WMW/8Pyxyz+h+ePWfyPyB+z+B+ZP2bxPyp/zOJ/dP6Yxf+Y/DGL/7H5Yxb/4/LHLP7H549Z/E/IH7P4n5g/ZvE/KX/M4n9y/pjF/5T8MYv/3/LHLP6n5o9Z/E/LH7P4n54/ZvE/I3/M4n9m/pjF/6z8MYv/2fljFv9z8scs/ufmj1n8z8sfs/ifnz9m8b8gf8zif2H+mMX/ovwxi//F+WMW/0vyxyz+l+aPWfwvyx+z+F+eP2bxvyJ/zOJ/Zf6Yxf+q/DGL/9X5Yxb/a/LHLP7X5o9Z/K/LH7P4X58/ZvG/IX/M4n9j/pjF/6b8MYv/zfljFv9b8scs/rfmj1n8b8sfs/jfnj9m8b8jf8zif2f+mMX/rvwxi//d+WMW/3vyxyz+9+aPWfzvyx+z+N+fP2bxfyB/zOL/YP6Yxf+h/DGL/8P5Yxb/R/LHLP6P5o9Z/B/LH7P4P54/ZvF/In/M4v9k/pjF/6n8MYv/0/ljFv9n8scs/s/mj1n8n8sfs/g/nz9m8X8hf8zi/2L+mMX/pfwxi//L+WMW/1fyxyz+r+aPWfxfyx+z+L+eP2bxfyN/zOL/Zv6Yxf+t/DGJ/9gD+WMW/0H5Yxb/UfLHLP6j5o9Z/EfLH7P4D84fs/iPnj9m8R+SP2bxHyN/zOI/Zv6YxX+s/DGL/9j5Yxb/cfLHLP7j5o9Z/MfLH7P4j58/ZvGfIH/M4j9h/pjFf6L8MYv/xPljFv9J8scs/h/KH7P4fzh/zOL/kfwxi/+k+WMW/4/mj1n8J8sfs/h/LH/M4v/x/DGL/+T5Yxb/T+SPWfw/mT9m8Z8if8zi/6n8MYv/p/PHLP6fyR+z+E+ZP2bx/2z+mMX/c/ljFv/P549Z/KfKH7P4fyF/zOL/xfwxi/+X8scs/l/OH7P4fyV/zOL/Vav/kPe+2uI/tdX/32TxnyZ/zOI/bf6YxX+6/DGL//T5Yxb/GfLHLP5fyx+z+M+YP2bxnyl/zOI/c/6YxX+W/DGL/9fzxyz+s+aPWfy/kT9m8Z8tf8zi/838MYv/t/LHLP6z549Z/OfIH7P4z5k/ZvGfK3/M4v/t/DGL/9z5Yxb/efLHLP7z5o9Z/L+TP2bxny9/zOL/3fwxi//8+WMW/wXyxyz+C+aPWfwXyh+z+H8vf8ziv3D+mMV/kfwxi/+i+WMW/8Xyxyz+i+ePWfyXyB+z+H8/f8zi/4P8MYv/kvljFv+l8scs/j/MH7P4/yh/zOK/dP6YxX+Z/DGL/7L5Yxb/H+ePWfyXyx+z+C+fP2bx/0n+mMV/hfwxi/+K+WMW/5Xyxyz+K+ePWfxXyR+z+K+aP2bxXy1/zOL/0/wxi//q+WMW/zXyxyz+a+aPWfzXyh+z+K+dP2bxXyd/zOK/bv6YxX+9/DGL//r5Yxb/DfLHLP4/yx+z+P88f8ziv2H+mMV/o/wxi//G+WMW/03yxyz+v8gfs/j/Mn/M4r9p/pjFf7P8MYv/5vljFv8t8scs/lvmj1n8f5U/ZvHfKn/M4v/r/DGL/9b5Yxb/3+SPWfy3yR+z+G+bP2bx3y5/zOK/ff6Yxf+3+WMW/9/lj1n8d8gfs/j/Pn/M4v+H/DGL/475Yxb/nfLHLP5/zB+z+O+cP2bx3yV/zOK/a/6Yxf9P+WMW/z/nj1n8d8sfs/j/JX/M4r97/pjFf4/8MYv/nvljFv+/5o9Z/PfKH7P4750/ZvHfJ3/M4r9v/pjFf7/8MYv//vljFv8D8scs/gfmj1n8D8ofs/gfnD9m8T8kf8zif2j+mMX/sPwxi//h+WMW/yPyxyz+R+aPWfyPyh+z+B+dP2bxPyZ/zOJ/bP6Yxf+4/DGL//H5Yxb/E/LHLP4n5o9Z/E/KH7P4n5w/ZvE/JX/M4v+3/DGL/6n5Yxb/0/LHLP6n549Z/M/IH7P4n5k/ZvE/K3/M4n92/pjF/5z8MYv/ufljFv/z8scs/ufnj1n8L8gfs/hfmD9m8b8of8zif3H+mMX/kvwxi/+l+WMW/8vyxyz+l+ePWfyvyB+z+F+ZP2bxvyp/zOJ/df6Yxf+a/DGL/7X5Yxb/6/LHLP7X549Z/G/IH7P435g/ZvG/KX/M4n9z/pjF/5b8MYv/rfljFv/b8scs/rfnj1n878gfs/jfmT9m8b8rf8zif3f+mMX/nvwxi/+9+WMW//vyxyz+9+ePWfwfyB+z+D+YP2bxfyh/zOL/cP6Yxf+R/DGL/6P5Yxb/x/LHLP6P549Z/J/IH7P4P5k/ZvF/Kn/M4v90/pjF/5n8MYv/s/ljFv/n8scs/s/nj1n8X8gfs/i/mD9m8X8pf8zi/3L+mMX/lfwxi/+r+WMW/9fyxyz+r+ePWfzfyB+z+L+ZP2bxfyt/TOI/zkD+mMV/UP6YxX+U/DGL/6j5Yxb/0fLHLP6D88cs/qPnj1n8h+SPWfzHyB+z+I+ZP2bxHyt/zOI/dv6YxX+c/DGL/7j5Yxb/8fLHLP7j549Z/CfIH7P4T5g/ZvGfKH/M4j9x/pjFf5L8MYv/h/LHLP4fflf/N996663/b1btPzGL/0fa/jGL/6T5Yxb/j+aPWfwnyx+z+H8sf8zi//H8MYv/5PljFv9P5I9Z/D+ZP2bxnyJ/zOL/qfwxi/+n88cs/p/JH7P4T5k/ZvH/bP6Yxf9z+WMW/8/nj1n8p8ofs/h/IX/M4v/F/DGL/5fyxyz+X84fs/h/JX/M4v/V/DGL/9T5Yxb/afLHLP7T5o9Z/KfLH7P4T58/ZvGfIX/M4v+1/DGL/4z5Yxb/mfLHLP4z549Z/GfJH7P4fz1/zOI/a/6Yxf8b+WMW/9nyxyz+38wfs/h/K3/M4j97/pjFf478MYv/nPljFv+58scs/t/OH7P4z50/ZvGfJ3/M4j9v/pjF/zv5Yxb/+fLHLP7fzR+z+M+fP2bxXyB/zOK/YP6YxX+h/DGL//fyxyz+C+ePWfwXyR+z+C+aP2bxXyx/zOK/eP6YxX+J/DGL//fzxyz+P8gfs/gvmT9m8V8qf8zi/8P8MYv/j/LHLP5L549Z/JfJH7P4L5s/ZvH/cf6YxX+5/DGL//L5Yxb/n+SPWfxXyB+z+K+YP2bxXyl/zOK/cv6YxX+V/DGL/6r5Yxb/1fLHLP4/zR+z+K+eP2bxXyN/zOK/Zv6YxX+t/DGL/9r5Yxb/dfLHLP7r5o9Z/NfLH7P4r58/ZvHfIH/M4v+z/DGL/8/zxyz+G+aPWfw3yh+z+G+cP2bx3yR/zOL/i/wxi/8v88cs/pvmj1n8N8sfs/hvnj9m8d8if8ziv2X+mMX/V/ljFv+t8scs/r/OH7P4b50/ZvH/Tf6YxX+b/DGL/7b5Yxb/7fLHLP7b549Z/H+bP2bx/13+mMV/h/wxi//v88cs/n/IH7P475g/ZvHfKX/M4v/H/DGL/875Yxb/XfLHLP675o9Z/P+UP2bx/3P+mMV/t/wxi/9f8scs/rvnj1n898gfs/jvmT9m8f9r/pjFf6/8MYv/3vljFv998scs/vvmj1n898sfs/jvnz9m8T8gf8zif2D+mMX/oPwxi//B+WMW/0Pyxyz+h+aPWfwPyx+z+B+eP2bxPyJ/zOJ/ZP6Yxf+o/DGL/9H5Yxb/Y/LHLP7H5o9Z/I/LH7P4H58/ZvE/IX/M4n9i/pjF/6T8MYv/yfljFv9T8scs/n/LH7P4n5o/ZvE/LX/M4n96/pjF/4z8MYv/mfljFv+z8scs/mfnj1n8z8kfs/ifmz9m8T8vf8zif37+mMX/gvwxi/+F+WMW/4vyxyz+F+ePWfwvyR+z+F+aP2bxvyx/zOJ/ef6Yxf+K/DGL/5X5Yxb/q/LHLP5X549Z/K/JH7P4X5s/ZvG/Ln/M4n99/pjF/4b8MYv/jfljFv+b8scs/jfnj1n8b8kfs/jfmj9m8b8tf8zif3v+mMX/jvwxi/+d+WMW/7vyxyz+d+ePWfzvyR+z+N+bP2bxvy9/zOJ/f/6Yxf+B/Ic2aOQxsPg/mD9m8X8of8zi/3D+mMX/kfwxi/+j+WMW/8fyxyz+j+ePWfyfyB+z+D+ZP2bxfyp/zOL/dP6Yxf+Z/DGL/7P5Yxb/5/LHLP7P549Z/F/IH7P4v5g/ZvF/KX/M4v9y/pjF/5X8MYv/q/ljFv/X8scs/q/nj1n838gfs/i/mT9m8X8rf0ziP+5A/pjFf1D+mMV/lPwxi/+o+WMW/9Hyxyz+g/PHLP6j549Z/Ifkj1n8x8gfs/iPmT9m8R8rf8ziP3b+mMV/nPwxi/+4+WMW//Hyxyz+4+ePWfwnyB+z+E+YP2bxnyh/zOI/cf6YxX+S/DGL/4fyxyz+H84fs/h/JH/M4j9p/pjF/6P5Yxb/yfLHLP4fyx+z+H88f8ziP3n+mMX/E/ljFv9P5o9Z/KfIH7P4fyp/zOL/6fwxi/9n8scs/lPmj1n8P5s/ZvH/XP6Yxf/z+WMW/6nyxyz+X8gfs/h/MX/M4v+l/DGL/5f/jf9o/9Pr9R+axf8rbf+Yxf+r+WMW/6nzxyz+0+SPWfynzR+z+E+XP2bxnz5/zOI/Q/6Yxf9r+WMW/xnzxyz+M+WPWfxnzh+z+M+SP2bx/3r+mMV/1vwxi/838scs/rPlj1n8v5k/ZvH/Vv6YxX/2/DGL/xz5Yxb/OfPHLP5z5Y9Z/L+dP2bxnzt/zOI/T/6YxX/e/DGL/3fyxyz+8+WPWfy/mz9m8Z8/f8ziv0D+mMV/wfwxi/9C+WMW/+/lj1n8F84fs/gvkj9m8V80f8ziv1j+mMV/8fwxi/8S+WMW/+/nj1n8f5A/ZvFfMn/M4r9U/pjF/4f5Yxb/H+WPWfyXzh+z+C+TP2bxXzZ/zOL/4/wxi/9y+WMW/+Xzxyz+P8kfs/ivkD9m8V8xf8ziv1L+mMV/5fwxi/8q+WMW/1Xzxyz+q+WPWfx/mj9m8V89f8ziv0b+mMV/zfwxi/9a+WMW/7Xzxyz+6+SPWfzXzR+z+K+XP2bxXz9/zOK/Qf6Yxf9n+WMW/5/nj1n8N8wfs/hvlD9m8d84f8ziv0n+mMX/F/ljFv9f5o9Z/DfNH7P4b5Y/ZvHfPH/M4r9F/pjFf8v8MYv/r/LHLP5b5Y9Z/H+dP2bx3zp/zOL/m/wxi/82+WMW/23zxyz+2+WPWfy3zx+z+P82f8zi/7v8MYv/DvljFv/f549Z/P+QP2bx3zF/zOK/U/6Yxf+P+WMW/53zxyz+u+SPWfx3zR+z+P8pf8zi/+f8MYv/bvljFv+/5I9Z/HfPH7P475E/ZvHfM3/M4v/X/DGL/175Yxb/vfPHLP775I9Z/PfNH7P475c/ZvHfP3/M4n9A/pjF/8D8MYv/QfljFv+D88cs/ofkj1n8D80fs/gflj9m8T88f8zif0T+mMX/yPwxi/9R+WMW/6Pzxyz+x+SPWfyPzR+z+B+XP2bxPz5/zOJ/Qv6Yxf/E/DGL/0n5Yxb/k/PHLP6n5I9Z/P+WP2bxPzV/zOJ/Wv6Yxf/0/DGL/xn5Yxb/M/PHLP5n5Y9Z/M/OH7P4n5M/ZvE/N3/M4n9e/pjF//z8MYv/BfljFv8L88cs/hflj1n8L84fs/hfkj9m8b80f8zif1n+mMX/8vwxi/8V+WMW/yvzxyz+V+WPWfyvzh+z+F+TP2bxvzZ/zOJ/Xf6Yxf/6/DGL/w35Yxb/G/PHLP435Y9Z/G/OH7P435I/ZvG/NX/M4n9b/pjF//b8MYv/HfljFv8788cs/nflj1n8784fs/jfkz9m8b83f8zif1/+mMX//vwxi/8D+WMW/wfzxyz+D+WPWfwfzh+z+D+SP2bxfzR/zOL/WP6Yxf/x/DGL/xP5Yxb/J/PHLP5P5Y9Z/J/OH7P4P5M/ZvF/Nn/M4v9c/pjF//n8MYv/C/ljFv8X88cs/i/lj1n8X84fs/i/kj9m8X81f8zi/1r+mMX/9fwxi/8b+WMW/zfzxyz+b+WPSfzHG8gfs/gPyh+z+I+SP2bxHzV/zOI/Wv6YxX9w/pjFf/T8MYv/kPwxi/8Y+WMW/zHzxyz+Y+WPWfzHzh+z+I+TP2bxHzd/zOI/Xv6YxX/8/DGL/wT5Yxb/CfPHLP4T5Y9Z/CfOH7P4T5I/ZvH/UP6Yxf/D+WMW/4/kj1n8J80fs/h/NH/M4j9Z/pjF/2P5Yxb/j+ePWfwnzx+z+H8if8zi/8n8MYv/FPljFv9P5Y9Z/D+dP2bx/0z+mMV/yvwxi/9n88cs/p/LH7P4fz5/zOI/Vf6Yxf8L+WMW/y/mj1n8v5Q/ZvH/cv6Yxf8r+WMW/6/mj1n8p84fs/hPkz9m8Z82f8ziP13+mMV/+vwxi/8M+WMW/6/lj1n8Z8wfs/jPlD9m8Z85f8ziP0v+mMX/6/lj/+Q/sMX/Wf9Z88cs2/838scs/rPlj1n8v5k/ZvH/Vv6YxX/2/DGL/xz5Yxb/OfPHLP5z5Y9Z/L+dP2bxnzt/zOI/T/6YxX/e/DGL/3fyxyz+8+WPWfy/mz9m8Z8/f8ziv0D+mMV/wfwxi/9C+WMW/+/lj1n8F84fs/gvkj9m8V80f8ziv1j+mMV/8fwxi/8S+WMW/+/nj1n8f5A/ZvFfMn/M4r9U/pjF/4f5Yxb/H+WPWfyXzh+z+C+TP2bxXzZ/zOL/4/wxi/9y+WMW/+Xzxyz+P8kfs/ivkD9m8V8xf8ziv1L+mMV/5fwxi/8q+WMW/1Xzxyz+q+WPWfx/mj9m8V89f8ziv0b+mMV/zfwxi/9a+WMW/7Xzxyz+6+SPWfzXzR+z+K+XP2bxXz9/zOK/Qf6Yxf9n+WMW/5/nj1n8N8wfs/hvlD9m8d84f8ziv0n+mMX/F/ljFv9f5o9Z/DfNH7P4b5Y/ZvHfPH/M4r9F/pjFf8v8MYv/r/LHLP5b5Y9Z/H+dP2bx3zp/zOL/m/wxi/82+WMW/23zxyz+2+WPWfy3zx+z+P82f8zi/7v8MYv/DvljFv/f549Z/P+QP2bx3zF/zOK/U/6Yxf+P+WMW/53zxyz+u+SPWfx3zR+z+P8pf8zi/+f8MYv/bvljFv+/5I9Z/HfPH7P475E/ZvHfM3/M4v/X/DGL/175Yxb/vfPHLP775I9Z/PfNH7P475c/ZvHfP3/M4n9A/pjF/8D8MYv/QfljFv+D88cs/ofkj1n8D80fs/gflj9m8T88f8zif0T+mMX/yPwxi/9R+WMW/6Pzxyz+x+SPWfyPzR+z+B+XP2bxPz5/zOJ/Qv6Yxf/E/DGL/0n5Yxb/k/PHLP6n5I9Z/P+WP2bxPzV/zOJ/Wv6Yxf/0/DGL/xn5Yxb/M/PHLP5n5Y9Z/M/OH7P4n5M/ZvE/N3/M4n9e/pjF//z8MYv/BfljFv8L88cs/hflj1n8L84fs/hfkj9m8b80f8zif1n+mMX/8vwxi/8V+WMW/yvzxyz+V+WPWfyvzh+z+F+TP2bxvzZ/zOJ/Xf6Yxf/6/DGL/w35Yxb/G/PHLP435Y9Z/G/OH7P435I/ZvG/NX/M4n9b/pjF//b8MYv/HfljFv8788cs/nflj1n8784fs/jfkz9m8b83f8zif1/+mMX//vwxi/8D+WMW/wfzxyz+D+WPWfwfzh+z+D+SP2bxfzR/zOL/WP6Yxf/x/DGL/xP5Yxb/J/PHLP5P5Y9Z/J/OH7P4P5M/ZvF/Nn/M4v9c/pjF//n8MYv/C/ljFv8X88cs/i/lj1n8X84fs/i/kj9m8X81f8zi/1r+mMX/9fwxi/8b+WMW/zfzxyz+b+WPSfzHH8gfs/gPyh+z+I+SP2bxHzV/zOI/Wv6YxX9w/pjFf/T8MYv/kPwxi/8Y+WMW/zHzxyz+Y+WPWfzHzh+z+I+TP2bxHzd/zOI/Xv6YxX/8/DGL/wT5Yxb/CfPHLP4T5Y9Z/P9/7NHTEiiGAQXA2/a2jZOZ2LZt27Zt27Zt27Zt27ZtvGfOF+Ts/sIO6z9q+R/Of9TyP7z/qOV/BP9Ry/+I/qOW/5H8Ry3/I/uPWv5H8R+1/I/qP2r5H81/1PI/uv+o5X8M/1HL/5j+o5b/sfxHLf9j+49a/sfxH7X8j+s/avkfz3/U8j++/6jlfwL/Ucv/hP6jlv+J/Ect/xP7j1r+J/EftfxP6j9q+Z/Mf9TyP7n/qOV/Cv9Ry/+U/qOW/6n8Ry3/U/uPWv6n8R+1/E/rP2r5n85/1PI/vf+o5X8G/1HL/4z+o5b/mfxHLf8z+49a/mfxH7X8z+o/avmfzX/U8j+7/6jlfw7/Ucv/nP6jlv+5/Ect/3P7j1r+5/EftfzP6z9q+Z/Pf9TyP7//qOV/Af9Ry/+C/qOW/4X8Ry3/C/uPWv4X8R+1/C/qP2r5X8x/1PK/uP+o5X8J/1HL/5L+o5b/pfxHLf9L+49a/pfxH7X8L+s/avlfzn/U8r+8/6jlfwX/Ucv/iv6jlv+V/Ect/yv7j1r+V/Eftfyv6j9q+V/Nf9Tyv7r/qOV/Df9Ry/+a/qOW/7X8Ry3/a/uPWv7X8R+1/K/rP2r5X89/1PK/vv+o5X8D/1HL/4b+o5b/jfxHLf8b+49a/jfxH7X8b+o/avnfzH/U8r+5/6jlfwv/Ucv/lv6jlv+t/Ect/1v7j1r+t/Eftfxv6z9q+d/Of9Tyv73/qOV/B/9Ry/+O/qOW/538Ry3/O/uPWv538R+1/O/qP2r5381/1PK/u/+o5X8P/1HL/57+o5b/vfxHLf97+49a/vfxH7X87+s/avnfz3/U8r+//6jl/wD/Ucv/gf6jlv+D/Ect/wf7j1r+D/Eftfwf6j9q+T/Mf9Tyf7j/qOX/CP9Ry/+R/qOW/6P8Ry3/R/uPWv6P8R+1/B/rP2r5P85/1PJ/vP+o5f8E/1HL/4n+o5b/k/xHLf8n+49a/k/xH7X8n+o/avk/zX/U8n+6/6jl/wz/Ucv/mf6jlv+z/Ect/2f7j1r+z/Eftfyf6z9q+T/Pf9Tyf77/qOX/Av9Ry/+F/qOW/4v8Ry3/F/uPWv4v8R+1/F/qP2r5v8x/1PJ/uf+o5f8K/1HL/5X+o5b/q/xHLf9X+49a/q/xH7X8X+s/avm/zn/U8n+9/6jl/wb/Ucv/jf6jlv+b/Ect/zf7j1r+b/Eftfzf6j9q+b/Nf9Tyf7v/qOX/Dv9Ry/+d/qOW/7v8Ry3/d/uPWv7v8R+1/N/rP2r5v89/1PJ/v/+o5f8B/1HL/4P+o5b/h/xHLf8P+49a/h/xH7X8P+o/avl/zH/U8v+4/6jl/wn/Ucv/k/6jlv+n/Ect/0/7j1r+n/Eftfw/6z9q+X/Of9Ty/7z/qOX/Bf9Ry/+L/qOW/5f8Ry3/L/uPWv5f8R+1/L/qP2r5f81/1PL/uv+o5f8N/1HL/5v+o5b/t/xHLf9v+49a/t/xH7X8v+s/avl/z3/U8v++/6jl/wP/Ucv/h/6jlv+P/Ect/x/7j1r+P/Eftfx/6v/vBg4o+v/Mf9Ty/7n/qOX/C/9Ry/+X/qOW/6/8Ry3/X/uPWv6/8R+1/H/rP2r5/85/1PL/vf+o5f8H/1HL/4/+o5b/n/xHLf8/+49a/n/xH7X8/+o/avn/zX/U8v+7/6jl/w//Ucv/n/6jkv9hBviPWv7/5T9q+f+3/6jl/z/+o5b/gf6jlv//+o9a/v/nP2r5/7//qOV/EP9Ry/+g/qOW/8H8Ry3/g/uPWv6H8B+1/A/pP2r5H8p/1PI/tP/oH/cPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBf7N1tbF5l4cfx07Xd05/9uzmH15DBYNNNXNnalclg86E+FkzVsRgwgWxhZVQKcw/BDdRqUGIwhslIEFG3qZtAYsx4MUxAWElU4lQ0TkRDHIK6iKlhIiMal5q77V3ae22zXvW69mKfz4v2Pqf8Trcl351TtmYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAApLR52y03rO3oaNvkhRdeeDHw4lT/zgSk9lr0p/pHAgAAAAAAAAAAAAAAjCTHtxOd6p8jAAAAAACcblpa39VdXTXkVPXggzk/b+t93/Tqldfvef7xleX3/R++fJhLThh80NPT0/NSc9fM/sNJRVGUPtv0/uPJlePS9Tu7Lt/edxSK3z7b3Lpte/PBnV/5+sNzp06fU9t7trZYc117R9uSCUURqmuLraWDhqqiCBNri+2lg8bSwaTa4v7SwdLegynFgdLBhddu6FhXOnHCp4bTTkvrZ4vqIcUWQ343GNx/Z9emXeX3o1yyfLWaor//uuYf7q34WNkI/ZevH6oq+x/zTxAY0dj6v31h+f0olzzh/v9oe92q4T42cv/l64cJ+od0hnn+H9Jo7/P+nv0zRnj+nzvMJQf2P/3Lyq5S/zf98oX6/lM1J/P8X/p8fUehurL/CUOe/0vP8TXl5/9JRRFqx/nLAaeVltbPdY92/6/sfmj/NWdVbKoG93901Z7qUv+H73rg/f2nak+q/4Hrh5pR7v9Vnzkw9McKjE1L6+6eivv/GPovFgxzyYH+5+8+dlWp/zN2Htk36GNj6b+2sv/FW278xOLN226pb79x7fq29W03NTY2NC1d1tR40fLFvY8EfW/H+asCp4fx3f+LqRWbqqJoG9gv+vCyl0r9Hzz3H3/rPzV5jP1PHPX+/5z7Pwzr/AnFxInF1rVbtmxq6HtbPmzse9v3nw3T/4lf/4/Y/7zy/wcsf91d+oJ8YP+bd371I6X+75206oH+UxPH2P+k0frvfO3zAhHGef9fV7EZ0n/7q99ZV+r/T68cP9R/aqxf/08etf9d7v8wHi2tFX/h53+s1P/qfx0e7s8JTkKY4s//IJ0c/W+d9otvxq3DVP1DOjn6X7q5LfIv24b/0z+kk6P/X+2oOhK3DmfoH9LJ0f/Xuh/cGLcO0/QP6eTof//sR56KW4f/1z+kk6P/4+unXxW3DnX6h3Ry9H/Zl/aujluH6fqHdHL0X/XKtCfi1mGG/iGdHP3XV539qbh1eJ3+IZ0c/V/X+fCLceswU/+QTo7+P7/z15HfpxNer39IJ0f/T/1x6464dZilf0gnR/8vzGqvj1uHM/UP6eTo//4bnngkbh3eoH9IJ0f/T3/rg8fi1iHoH9LJ0f83nj2yJm4dZusf0snR/76Fx/4Qtw5n6R/SydH/vz969Qfi1uGN+od0cvQf9i//btw6nK1/SCdH/1c8eVdD3DrM0T+kk6P/zhW33Rm3DufoH9LJ0X9T88LZcetwrv4hnRz9z/jz3++OW4e5+od0cvT/sfveW/nvfp+kcJ7+IZ0c/d+8YfWjcetwvv4hnRz9r5zRc0HcOszTP6STo//DR+/7Udw6zNc/pJOj/7vvXHJF3Dq8Sf+QTo7+f3Dred1x6/Bm/UM6Ofp/ufaOW+PWYYH+IZ0c/X/5ZzXL4tZhof4hnRz9//ih7++KW4e36B/SydH/i+977Jy4dbhA/5BOjv53Xzzri3Hr8Fb9Qzo5+n/3MxvXx63DIv1DOjn6n7z390fj1qFe/5BOjv7nrzr4obh1uFD/kE6O/jcsWvO7uHVYrH9IJ0f/zxx4+lDcOizRP6STo/8dj326OW4dGvQP6eTo//HLOv4Ttw6N+od0cvT/z6affDxuHZbqH9LJ0f+Zh779hbh1aNI/pJOj/6sfnDwzbh0u0j+kk6P/jdfM/l7cOizTP6STo/9L5j50adw6vE3/kE6O/t/z1xU3x63DxfqHdHL0X3fPPc/FrcNy/UM6Ofqfd+3t18StwyX6h3Ry9H/9nPon49bhUv1DOjn6v+N4y4K4dVihf0gnR/9dtz2/L24dVuof0snRf/cnX66LW4e36x/SydH/3ilX3hu3Du/QPwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/ZQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCADAAAAIMzfOo/2AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8FMAAAD//xWB0bY=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f00000005c0)='\"', 0x1, 0x4fed0)
sendfile(r0, r0, 0x0, 0xe3aa6ea)

1.498434162s ago: executing program 3 (id=540):
r0 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r0, &(0x7f0000000180)=ANY=[@ANYBLOB='SYNTH \'Mic\' 00000000000000000000\nIGAIN \'Capture Volume\' 00000000000000000000\nVOLUME\nLINE\nMONITOR\nCD \'CD Capture\' 8'], 0x86)
r1 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card2/oss_mixer\x00', 0x0, 0x0)
dup3(r1, r0, 0x0)

1.421833977s ago: executing program 0 (id=541):
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000380)={'bond0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mq={0x7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)

1.411825794s ago: executing program 2 (id=542):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @empty}], 0x10)
sendmsg$inet_sctp(r0, &(0x7f0000000140)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000002c0)=[{&(0x7f00000001c0)='N', 0x1}], 0x1, 0x0, 0x0, 0xc04c000}, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000440)=[@in6={0xa, 0x4e21, 0x9, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x8}], 0x1c)

1.267959491s ago: executing program 3 (id=543):
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_connect(0x5, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000079db8540da0b77010b7d000000010902120001000000000904", @ANYRES32, @ANYRES8=r0], 0x0)

1.133669242s ago: executing program 2 (id=544):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000001380)='./file1\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="636865636b706f696e743d64697361626c652c6261636b67726f756e645f67633d73796e632c61636c2c616c6c6f635f6d6f64653d72657573652c696e6c696e655f78617474722c6e6f666c7573685f6d657267652c6d6f64653d6c66732c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c6167655f657874656e745f63616368652c646973636172642c6e6f696e6c696e655f64656e7472792c008bfb3c1e4b1b12ae77c937da8858"], 0x1, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f00000005c0)='\"', 0x1, 0x4fed0)
ioctl$FIBMAP(r0, 0x1, &(0x7f0000000180)=0x3f015764)

779.087988ms ago: executing program 1 (id=545):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f00000000c0)=[{0x20, 0x5, 0x2, 0xfffff010}, {0x28, 0x7, 0x0, 0xa56e}, {0x6, 0x0, 0x0, 0xa1a}]}, 0x10)
r2 = dup(r0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x4004}, 0x4)

555.958019ms ago: executing program 0 (id=546):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x44, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x28, 0x33, @reassoc_resp={{{0x0, 0x0, 0x8}, {}, @broadcast}, 0x0, 0x0, @default, @val={0x1, 0x4, [{0x48, 0x1}, {0xb}, {0xc}, {0x5, 0x1}]}, @void}}]}, 0x44}}, 0x0)

545.748547ms ago: executing program 1 (id=547):
syz_open_dev$radio(&(0x7f0000000140), 0x0, 0x2)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}})

357.951414ms ago: executing program 1 (id=548):
writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000000)="39e8dcfa461ac09e8a722e34d7e484893ffa560200", 0x15}], 0x1)
r0 = syz_open_dev$sg(&(0x7f0000001bc0), 0x208, 0x2c41)
setreuid(0x0, 0xee00)
ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)=ANY=[@ANYRES64=r0])

343.998ms ago: executing program 0 (id=549):
r0 = userfaultfd(0x1)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000080)={&(0x7f0000c15000/0x1000)=nil, &(0x7f0000508000/0x4000)=nil, 0x1000})

173.684392ms ago: executing program 0 (id=550):
r0 = fanotify_init(0x0, 0x8000)
r1 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_mark(r0, 0x1, 0x48001018, r1, 0x0)
fanotify_mark(r0, 0x201, 0x8000033, r1, 0x0)

172.859071ms ago: executing program 1 (id=551):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
read$FUSE(r0, 0x0, 0x0)

48.300731ms ago: executing program 0 (id=552):
r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x11)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x200008, &(0x7f0000000400)={[{@grpquota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x10000}}]}, 0x1, 0x504, &(0x7f0000001000)="$eJzs3c9vI1cdAPDveOPEyaZNWnoABO3SFha0WifxtlHVA5QTQqgSokeQtiHxRlHsOIqd0oQ9pGckTkhU4gRH/gDOPXHnguDGpRyQ+BGBGiQORjMep07W3gSS2FH8+UijeW/erL/vbXbei7/Z+AUwtu5ExEFETEbEuxExl19P8iPe6hzpfZ8cPl49Ony8mkS7/c7fk6w9vRY9fyZ1O3/NUkR871sRP0yejNvc299cqdWqO3l9oVXfXmju7d/fqK+sV9erW5XK8tLy4hsPXq9c2lhfqk/mpS9+/LuDr/047dZsfqV3HJepM/TicZzURER85yqCjcCtfDyTo+4I/5dCRDwfES9nz/9c3Mq+mgDATdZuz0V7rrd+LDlZBQBuikKWA0sK5TwXMBuFQrncyeG9EDOFWqPZuveosbu11smVzUex8GijVl3Mc4XzUUzS+lJW/rReOVV/EBHPRcTPpqazenm1UVsb5Tc+ADDGbp9a//811Vn/AYAbrjTqDgAAQ2f9B4DxY/0HgPFj/QeA8dNZ/6dH3Q0AYIi8/weA8WP9B4Cx8t23306P9lH++ddr7+3tbjbeu79WbW6W67ur5dXGznZ5vdFYzz6zp37W69Uaje2l12L3/fmvbzdbC829/Yf1xu5W62H2ud4Pq8XsroMhjAwAGOS5lz76Y5KuyG9OZ0f07OVQHGnPgKtWGHUHgJG5NeoOACNjty8YXxd4j1+M+KkUAdwAfbboPaHU7xeE2u12++q6BFyxu5+T/4dx1ZP/97+AYczI/8P4kv+H8dVuJ+fd5D/OeyMAcL3J8QMDfv7/fH7+df7DgR+snb7jw6vsFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFxv3f1/y/le4LNRKJTLEc9ExHwUk0cbtepiRDwbEX+YKk6l9aUR9xkAuKjCX5J8/6+7c6/Onmh68fZxcTIifvSLd37+/kqrtfP7iMnkH1Pd660P8+uV4fceADhbd53Ozj1v5D85fLzaPYbZn79+MyJKnfhHh5NxdBx/IiaycymKETHzzySvdyQ9uYuLOPggIj7bb/xJzGY5kM7Op6fjp7GfGWr8won4haytc07/Lj5zCX2BcfNROv+81e/5K8Sd7Nz/+S9lM9TF5fNf+lKrR9kc+Gn87vx3a8D8d+e8MV777bc7pekn2z6I+PxERDf2Uc/8042fDIj/6jnj/+kLL748qK39y4i70T9+b6yFVn17obm3f3+jvrJeXa9uVSrLS8uLbzx4vbKQ5agXBq8Gf3vz3rOD2tLxzwyIXzpj/F8+5/h/9Z93v/+lp8T/6iv94hfihafET9fEr5wz/srMb0qD2tL4awPGf9bX/94543/85/0ntg0HAEanube/uVKrVXcUFK5/If0new260bfwjWHFmoz+TT95pfNMn2rqfu//P8YaNGNcRtYNuA6OH/qI+PeoOwMAAAAAAAAAAAAAAPQ1jN9YGvUYAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLn+GwAA//+hm8cd")
quotactl$Q_SETQUOTA(0xffffffff80000801, &(0x7f0000000040)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000100)={0x0, 0x100000000, 0x2000000000000000, 0x3, 0x0, 0xffffffffffffffff, 0x7b, 0xfffffffffffffffd, 0x9b})

0s ago: executing program 2 (id=553):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d3e457201e040b40e73e000000010902120001000000000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, &(0x7f0000000340)={0x14, &(0x7f0000000240)={0x40, 0x24, 0x2, {0x2, 0x7}}, 0x0}, 0x0)

kernel console output (not intermixed with test programs):

xattr: e_value size too large
[   86.648590][ T6088] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.47: couldn't read orphan inode 15 (err -117)
[   86.682628][ T6088] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   86.786322][   T55] cfg80211: failed to load regulatory.db
[   86.953938][ T5825] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   86.994193][ T5887] arvo 0003:1E7D:30D4.0001: unknown main item tag 0x0
[   87.046309][ T5887] arvo 0003:1E7D:30D4.0001: unknown main item tag 0x0
[   87.053244][ T5887] arvo 0003:1E7D:30D4.0001: unknown main item tag 0x0
[   87.108871][ T5887] arvo 0003:1E7D:30D4.0001: unknown main item tag 0x0
[   87.135312][ T5887] arvo 0003:1E7D:30D4.0001: unknown main item tag 0x0
[   87.151654][ T5887] arvo 0003:1E7D:30D4.0001: unknown main item tag 0x0
[   87.176104][ T5887] arvo 0003:1E7D:30D4.0001: unknown main item tag 0x0
[   87.201075][ T5887] arvo 0003:1E7D:30D4.0001: hidraw0: USB HID v0.00 Device [HID 1e7d:30d4] on usb-dummy_hcd.1-1/input0
[   87.243787][ T5887] arvo 0003:1E7D:30D4.0001: couldn't init struct arvo_device
[   87.261786][ T5887] arvo 0003:1E7D:30D4.0001: couldn't install keyboard
[   87.298587][ T5887] arvo 0003:1E7D:30D4.0001: probe with driver arvo failed with error -32
[   87.349491][ T5887] usb 2-1: USB disconnect, device number 2
[   87.459607][ T6108] fido_id[6108]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[   87.498457][ T6090] loop2: detected capacity change from 0 to 40427
[   87.532555][ T6090] F2FS-fs (loop2): invalid crc value
[   87.884482][ T6090] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   87.927112][ T6090] F2FS-fs (loop2): Start checkpoint disabled!
[   87.934641][ T6105] loop0: detected capacity change from 0 to 32768
[   87.956380][ T6105] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.54 (6105)
[   87.995372][ T6090] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[   88.019921][ T6090] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[   88.036504][ T6105] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[   88.079769][ T6105] BTRFS info (device loop0): using blake2b (blake2b-256-lib) checksum algorithm
[   88.272833][ T3075] kworker/u8:10: attempt to access beyond end of device
[   88.272833][ T3075] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   88.299063][ T3075] CPU: 1 UID: 0 PID: 3075 Comm: kworker/u8:10 Not tainted syzkaller #0 PREEMPT(full) 
[   88.299088][ T3075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   88.299100][ T3075] Workqueue: writeback wb_workfn (flush-7:2)
[   88.299127][ T3075] Call Trace:
[   88.299134][ T3075]  <TASK>
[   88.299142][ T3075]  dump_stack_lvl+0x189/0x250
[   88.299171][ T3075]  ? __pfx_dump_stack_lvl+0x10/0x10
[   88.299193][ T3075]  ? __pfx_queue_work_on+0x10/0x10
[   88.299213][ T3075]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   88.299235][ T3075]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   88.299269][ T3075]  f2fs_handle_critical_error+0x37c/0x540
[   88.299296][ T3075]  f2fs_write_end_io+0x94b/0xc10
[   88.299335][ T3075]  __submit_merged_bio+0x256/0x6a0
[   88.299361][ T3075]  __submit_merged_write_cond+0x255/0x530
[   88.299387][ T3075]  f2fs_write_data_pages+0x2756/0x3290
[   88.299442][ T3075]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   88.299476][ T3075]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[   88.299534][ T3075]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[   88.299567][ T3075]  ? trace_f2fs_writepages+0x7f/0x200
[   88.299596][ T3075]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[   88.299636][ T3075]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   88.299658][ T3075]  do_writepages+0x32e/0x550
[   88.299681][ T3075]  ? reacquire_held_locks+0x127/0x1d0
[   88.299704][ T3075]  ? writeback_sb_inodes+0x3bc/0x1950
[   88.299732][ T3075]  __writeback_single_inode+0x133/0x12f0
[   88.299762][ T3075]  writeback_sb_inodes+0x984/0x1950
[   88.299815][ T3075]  ? __pfx_writeback_sb_inodes+0x10/0x10
[   88.299877][ T3075]  ? rcu_is_watching+0x15/0xb0
[   88.299904][ T3075]  wb_writeback+0x42b/0xb10
[   88.299933][ T3075]  ? queue_io+0x361/0x590
[   88.299957][ T3075]  ? __pfx_wb_writeback+0x10/0x10
[   88.299986][ T3075]  ? _raw_spin_unlock_irq+0x23/0x50
[   88.300013][ T3075]  wb_workfn+0x3f9/0xef0
[   88.300047][ T3075]  ? __pfx_wb_workfn+0x10/0x10
[   88.300070][ T3075]  ? __lock_acquire+0xab9/0xd20
[   88.300102][ T3075]  ? process_one_work+0x868/0x15e0
[   88.300129][ T3075]  ? _raw_spin_unlock_irq+0x23/0x50
[   88.300154][ T3075]  ? process_one_work+0x868/0x15e0
[   88.300172][ T3075]  process_one_work+0x93a/0x15e0
[   88.300191][ T3075]  ? __lock_acquire+0xab9/0xd20
[   88.300233][ T3075]  ? __pfx_process_one_work+0x10/0x10
[   88.300264][ T3075]  ? assign_work+0x3a1/0x410
[   88.300290][ T3075]  worker_thread+0x9b0/0xee0
[   88.300339][ T3075]  kthread+0x711/0x8a0
[   88.300359][ T3075]  ? __pfx_worker_thread+0x10/0x10
[   88.300380][ T3075]  ? __pfx_kthread+0x10/0x10
[   88.300399][ T3075]  ? _raw_spin_unlock_irq+0x23/0x50
[   88.300419][ T3075]  ? lockdep_hardirqs_on+0x9c/0x150
[   88.300461][ T3075]  ? __pfx_kthread+0x10/0x10
[   88.300479][ T3075]  ret_from_fork+0x599/0xb30
[   88.300503][ T3075]  ? __pfx_ret_from_fork+0x10/0x10
[   88.300535][ T3075]  ? __switch_to_asm+0x39/0x70
[   88.300550][ T3075]  ? __switch_to_asm+0x33/0x70
[   88.300565][ T3075]  ? __pfx_kthread+0x10/0x10
[   88.300582][ T3075]  ret_from_fork_asm+0x1a/0x30
[   88.300623][ T3075]  </TASK>
[   88.300631][ T3075] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[   88.339568][ T6136] loop4: detected capacity change from 0 to 64
[   88.637598][ T6105] BTRFS info (device loop0): enabling ssd optimizations
[   88.644598][ T6105] BTRFS info (device loop0): turning on async discard
[   88.668009][ T6136] BFS-fs: bfs_fill_super(): loop4 is unclean, continuing
[   88.671805][ T6105] BTRFS info (device loop0): enabling free space tree
[   88.883357][ T6105] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8)
[   88.979363][ T6116] loop3: detected capacity change from 0 to 40427
[   89.018271][ T6116] F2FS-fs (loop3): Image doesn't support compression
[   89.037833][ T6116] F2FS-fs (loop3): build fault injection rate: 684
[   89.045821][ T6116] F2FS-fs (loop3): build fault injection type: 0x35f7
[   89.057841][ T5841] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[   89.065742][ T6116] F2FS-fs (loop3): invalid crc value
[   89.247858][ T6116] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   89.269106][ T6116] F2FS-fs (loop3): Start checkpoint disabled!
[   89.313829][ T6116] F2FS-fs (loop3): f2fs_disable_checkpoint() finish, err:0
[   89.357320][ T6116] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[   89.640322][ T4581] kworker/u8:12: attempt to access beyond end of device
[   89.640322][ T4581] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   89.687163][ T4581] CPU: 0 UID: 0 PID: 4581 Comm: kworker/u8:12 Not tainted syzkaller #0 PREEMPT(full) 
[   89.687188][ T4581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   89.687199][ T4581] Workqueue: writeback wb_workfn (flush-7:3)
[   89.687226][ T4581] Call Trace:
[   89.687234][ T4581]  <TASK>
[   89.687241][ T4581]  dump_stack_lvl+0x189/0x250
[   89.687270][ T4581]  ? __pfx_dump_stack_lvl+0x10/0x10
[   89.687293][ T4581]  ? __pfx_queue_work_on+0x10/0x10
[   89.687313][ T4581]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   89.687335][ T4581]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   89.687371][ T4581]  f2fs_handle_critical_error+0x37c/0x540
[   89.687400][ T4581]  f2fs_write_end_io+0x94b/0xc10
[   89.687443][ T4581]  __submit_merged_bio+0x256/0x6a0
[   89.687470][ T4581]  __submit_merged_write_cond+0x255/0x530
[   89.687499][ T4581]  f2fs_write_data_pages+0x2756/0x3290
[   89.687559][ T4581]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   89.687596][ T4581]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[   89.687664][ T4581]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[   89.687685][ T4581]  ? register_lock_class+0x51/0x320
[   89.687719][ T4581]  ? trace_f2fs_writepages+0x7f/0x200
[   89.687741][ T4581]  ? f2fs_write_node_pages+0x478/0x6e0
[   89.687767][ T4581]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[   89.687814][ T4581]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   89.687836][ T4581]  do_writepages+0x32e/0x550
[   89.687859][ T4581]  ? reacquire_held_locks+0x127/0x1d0
[   89.687881][ T4581]  ? writeback_sb_inodes+0x3bc/0x1950
[   89.687913][ T4581]  __writeback_single_inode+0x133/0x12f0
[   89.687944][ T4581]  writeback_sb_inodes+0x984/0x1950
[   89.688001][ T4581]  ? __pfx_writeback_sb_inodes+0x10/0x10
[   89.688072][ T4581]  ? rcu_is_watching+0x15/0xb0
[   89.688102][ T4581]  wb_writeback+0x42b/0xb10
[   89.688131][ T4581]  ? queue_io+0x361/0x590
[   89.688157][ T4581]  ? __pfx_wb_writeback+0x10/0x10
[   89.688190][ T4581]  ? _raw_spin_unlock_irq+0x23/0x50
[   89.688219][ T4581]  wb_workfn+0x3f9/0xef0
[   89.688257][ T4581]  ? __pfx_wb_workfn+0x10/0x10
[   89.688282][ T4581]  ? __lock_acquire+0xab9/0xd20
[   89.688316][ T4581]  ? process_one_work+0x868/0x15e0
[   89.688347][ T4581]  ? _raw_spin_unlock_irq+0x23/0x50
[   89.688373][ T4581]  ? process_one_work+0x868/0x15e0
[   89.688393][ T4581]  process_one_work+0x93a/0x15e0
[   89.688412][ T4581]  ? __lock_acquire+0xab9/0xd20
[   89.688460][ T4581]  ? __pfx_process_one_work+0x10/0x10
[   89.688494][ T4581]  ? assign_work+0x3a1/0x410
[   89.688520][ T4581]  worker_thread+0x9b0/0xee0
[   89.688576][ T4581]  kthread+0x711/0x8a0
[   89.688597][ T4581]  ? __pfx_worker_thread+0x10/0x10
[   89.688618][ T4581]  ? __pfx_kthread+0x10/0x10
[   89.688638][ T4581]  ? _raw_spin_unlock_irq+0x23/0x50
[   89.688658][ T4581]  ? lockdep_hardirqs_on+0x9c/0x150
[   89.688678][ T4581]  ? __pfx_kthread+0x10/0x10
[   89.688695][ T4581]  ret_from_fork+0x599/0xb30
[   89.688718][ T4581]  ? __pfx_ret_from_fork+0x10/0x10
[   89.688747][ T4581]  ? __switch_to_asm+0x39/0x70
[   89.688762][ T4581]  ? __switch_to_asm+0x33/0x70
[   89.688780][ T4581]  ? __pfx_kthread+0x10/0x10
[   89.688798][ T4581]  ret_from_fork_asm+0x1a/0x30
[   89.688832][ T4581]  </TASK>
[   89.688839][ T4581] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[   90.279477][ T6167] loop2: detected capacity change from 0 to 164
[   90.335633][ T6167] iso9660: Corrupted directory entry in block 2 of inode 1792
[   90.634788][ T6176] loop2: detected capacity change from 0 to 512
[   90.710701][ T6176] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   90.826066][ T6176] ext4 filesystem being mounted at /16/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   90.942511][ T5827] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   90.992408][ T6189] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   91.427086][ T5887] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   91.618109][ T5887] usb 4-1: Using ep0 maxpacket: 32
[   91.630385][ T5887] usb 4-1: config 0 has an invalid interface number: 209 but max is 0
[   91.648535][ T5887] usb 4-1: config 0 has no interface number 0
[   91.655111][ T5887] usb 4-1: config 0 interface 209 has no altsetting 0
[   91.669193][ T5887] usb 4-1: New USB device found, idVendor=1f71, idProduct=3306, bcdDevice=1b.23
[   91.685495][ T5887] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   91.693527][ T5887] usb 4-1: Product: syz
[   91.715301][ T5887] usb 4-1: Manufacturer: syz
[   91.719950][ T5887] usb 4-1: SerialNumber: syz
[   91.734768][ T5887] usb 4-1: config 0 descriptor??
[   92.088032][ T5887] usb 4-1: USB disconnect, device number 2
[   92.328159][ T6206] loop0: detected capacity change from 0 to 32768
[   92.399637][ T6225] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[   92.416241][ T6206] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   92.424590][ T6206] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   92.493479][ T6206] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   92.529827][   T55] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   92.540729][    C0] Illegal XDP return value 16128 on prog  (id 6) dev bridge0, expect packet loss!
[   92.565997][   T55] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[   92.620078][ T6218] loop2: detected capacity change from 0 to 32768
[   92.662804][   T55] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 96ms
[   92.689123][   T55] gfs2: fsid=syz:syz.0: jid=0: Done
[   92.716961][ T6206] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   92.724151][ T6218] lbmIODone: I/O error in JFS log
[   92.778605][ T6218] *** Log Format Error ! ***
[   92.835153][ T6233] loop3: detected capacity change from 0 to 64
[   92.843338][ T6229] netlink: 212 bytes leftover after parsing attributes in process `syz.1.94'.
[   92.857276][ T6218] lmLogInit: exit(-22)
[   92.861481][ T6218] lmLogOpen: exit(-22)
[   92.953468][ T6218] jfs_dirty_inode called on read-only volume
[   92.962501][ T6206] gfs2: fsid=syz:syz.0: found 1 quota changes
[   92.993379][ T6218] Is remount racy?
[   93.012379][ T6218] jfs_dirty_inode called on read-only volume
[   93.036501][ T6218] Is remount racy?
[   93.425313][ T5841] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error - inode = 11 2339, function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 402
[   93.466984][ T5841] gfs2: fsid=syz:syz.0: G:  s:EX n:2/923 f:aqonN t:EX d:EX/0 a:0 v:0 r:2 m:20 p:1
[   93.479392][ T5841] gfs2: fsid=syz:syz.0:  H: s:EX f:H e:0 p:5841 [syz-executor] gfs2_quota_sync+0x359/0x460
[   93.490675][ T5841] gfs2: fsid=syz:syz.0:  I: n:11/2339 t:0 f:0x00 d:0x00000000 s:0 p:0
[   93.501638][ T5841] CPU: 0 UID: 0 PID: 5841 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[   93.501662][ T5841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   93.501673][ T5841] Call Trace:
[   93.501680][ T5841]  <TASK>
[   93.501688][ T5841]  dump_stack_lvl+0x189/0x250
[   93.501719][ T5841]  ? __pfx_dump_stack_lvl+0x10/0x10
[   93.501761][ T5841]  gfs2_withdraw+0xc3/0x1b0
[   93.501781][ T5841]  inode_go_instantiate+0xdd0/0x1210
[   93.501803][ T5841]  ? __pfx_bit_wait+0x10/0x10
[   93.501827][ T5841]  ? __pfx_bit_wait+0x10/0x10
[   93.501855][ T5841]  ? __pfx_inode_go_instantiate+0x10/0x10
[   93.501882][ T5841]  ? __pfx_wake_bit_function+0x10/0x10
[   93.501908][ T5841]  gfs2_instantiate+0x168/0x220
[   93.501930][ T5841]  gfs2_glock_wait+0x1d4/0x2a0
[   93.501952][ T5841]  do_sync+0x46f/0xc60
[   93.501971][ T5841]  ? _raw_spin_unlock+0x28/0x50
[   93.501990][ T5841]  ? gfs2_quota_sync+0x359/0x460
[   93.502021][ T5841]  ? __pfx_do_sync+0x10/0x10
[   93.502052][ T5841]  ? gfs2_quota_sync+0x359/0x460
[   93.502077][ T5841]  ? do_raw_spin_unlock+0x122/0x240
[   93.502100][ T5841]  gfs2_quota_sync+0x359/0x460
[   93.502133][ T5841]  gfs2_sync_fs+0x4c/0xb0
[   93.502155][ T5841]  sync_filesystem+0xee/0x230
[   93.502176][ T5841]  generic_shutdown_super+0x6f/0x2c0
[   93.502198][ T5841]  kill_block_super+0x44/0x90
[   93.502219][ T5841]  deactivate_locked_super+0xbc/0x130
[   93.502238][ T5841]  cleanup_mnt+0x425/0x4c0
[   93.502257][ T5841]  ? lockdep_hardirqs_on+0x9c/0x150
[   93.502283][ T5841]  task_work_run+0x1d4/0x260
[   93.502305][ T5841]  ? __pfx_task_work_run+0x10/0x10
[   93.502328][ T5841]  ? exit_to_user_mode_loop+0x55/0x4f0
[   93.502354][ T5841]  exit_to_user_mode_loop+0xff/0x4f0
[   93.502374][ T5841]  ? rcu_is_watching+0x15/0xb0
[   93.502396][ T5841]  do_syscall_64+0x2e9/0xfa0
[   93.502419][ T5841]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.502436][ T5841]  ? clear_bhb_loop+0x60/0xb0
[   93.502457][ T5841]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.502473][ T5841] RIP: 0033:0x7f4b5cd909f7
[   93.502496][ T5841] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   93.502509][ T5841] RSP: 002b:00007ffd22c57e48 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   93.502528][ T5841] RAX: 0000000000000000 RBX: 00007f4b5ce11d7d RCX: 00007f4b5cd909f7
[   93.502540][ T5841] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd22c57f00
[   93.502551][ T5841] RBP: 00007ffd22c57f00 R08: 0000000000000000 R09: 0000000000000000
[   93.502561][ T5841] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd22c58f90
[   93.502572][ T5841] R13: 00007f4b5ce11d7d R14: 0000000000016c0c R15: 00007ffd22c58fd0
[   93.502605][ T5841]  </TASK>
[   93.502612][ T5841] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   93.645278][   T55] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   93.896454][ T6251] netlink: 8 bytes leftover after parsing attributes in process `syz.4.104'.
[   94.058444][ T6238] loop3: detected capacity change from 0 to 32768
[   94.063074][ T6254] loop4: detected capacity change from 0 to 4096
[   94.074308][ T6238] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.97 (6238)
[   94.103612][ T6254] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512).
[   94.115269][   T55] usb 2-1: Using ep0 maxpacket: 32
[   94.124307][   T55] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   94.154682][   T55] usb 2-1: New USB device found, idVendor=9022, idProduct=d662, bcdDevice=b3.0e
[   94.170093][ T6238] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   94.190557][   T55] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   94.198270][ T6254] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[   94.225724][ T6238] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm
[   94.226248][   T55] usb 2-1: config 0 descriptor??
[   94.284178][   T55] dvb-usb: found a 'TeVii S662' in warm state.
[   94.303874][   T55] dw2102: su3000_power_ctrl: 1, initialized 0
[   94.322655][   T55] dvb-usb: bulk message failed: -22 (2/0)
[   94.352161][   T55] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   94.389746][ T6254] ntfs3(loop4): ino=1f, "file2" failed to open parent directory r=5 to update
[   94.394434][   T55] dvbdev: DVB: registering new adapter (TeVii S662)
[   94.421810][   T55] usb 2-1: media controller created
[   94.430649][ T6238] BTRFS info (device loop3): setting nodatasum
[   94.435826][   T55] dvb-usb: bulk message failed: -22 (6/0)
[   94.449626][ T6238] BTRFS info (device loop3): setting nodatacow
[   94.469299][ T6238] BTRFS info (device loop3): turning on async discard
[   94.496885][   T55] dw2102: i2c transfer failed.
[   94.506157][ T6241] dvb-usb: bulk message failed: -22 (5/0)
[   94.524020][ T6241] dw2102: i2c transfer failed.
[   94.530720][ T6238] BTRFS info (device loop3): enabling free space tree
[   94.542118][   T55] dvb-usb: bulk message failed: -22 (6/0)
[   94.550894][ T6238] BTRFS info (device loop3): enabling auto defrag
[   94.557934][   T55] dw2102: i2c transfer failed.
[   94.562839][   T55] dvb-usb: bulk message failed: -22 (6/0)
[   94.568687][ T6238] BTRFS info (device loop3): max_inline set to 0
[   94.575153][   T55] dw2102: i2c transfer failed.
[   94.585097][   T55] dvb-usb: bulk message failed: -22 (6/0)
[   94.591342][   T55] dw2102: i2c transfer failed.
[   94.598539][   T55] dvb-usb: bulk message failed: -22 (6/0)
[   94.604359][   T55] dw2102: i2c transfer failed.
[   94.621357][   T55] dvb-usb: bulk message failed: -22 (6/0)
[   94.637368][   T55] dw2102: i2c transfer failed.
[   94.642186][   T55] dvb-usb: MAC address: 02:02:02:02:02:02
[   94.702540][   T55] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   94.771995][   T55] dvb-usb: bulk message failed: -22 (3/0)
[   94.782703][ T5829] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   94.797926][   T55] dw2102: command 0x0e transfer failed.
[   94.807513][ T6274] netlink: 16 bytes leftover after parsing attributes in process `syz.4.107'.
[   94.817944][   T55] dvb-usb: bulk message failed: -22 (3/0)
[   94.823697][   T55] dw2102: command 0x0e transfer failed.
[   94.881922][   T36] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[   94.923242][ T5953] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[   94.930747][   T36] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[   95.166808][   T55] dvb-usb: bulk message failed: -22 (3/0)
[   95.172638][   T55] dw2102: command 0x0e transfer failed.
[   95.194362][ T5953] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[   95.228595][   T55] dvb-usb: bulk message failed: -22 (3/0)
[   95.234366][   T55] dw2102: command 0x0e transfer failed.
[   95.263830][ T6283] loop1: detected capacity change from 0 to 4096
[   95.275475][   T55] dvb-usb: bulk message failed: -22 (1/0)
[   95.281250][   T55] dw2102: command 0x51 transfer failed.
[   95.310369][   T55] dvb-usb: bulk message failed: -22 (5/0)
[   95.337144][   T55] dw2102: i2c probe for address 0x68 failed.
[   95.362067][   T55] dvb-usb: bulk message failed: -22 (5/0)
[   95.363850][ T6283] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[   95.388633][ T6283] ntfs3(loop1): ino=1a, mi_enum_attr
[   95.391019][   T55] dw2102: i2c probe for address 0x69 failed.
[   95.422729][   T55] dvb-usb: bulk message failed: -22 (5/0)
[   95.425747][ T6283] ntfs3(loop1): ino=1a, mi_enum_attr
[   95.435746][ T6283] ntfs3(loop1): Failed to initialize $Extend/$Reparse.
[   95.437149][   T55] dw2102: i2c probe for address 0x6a failed.
[   95.458855][   T55] dw2102: probing for demodulator failed. Is the external power switched on?
[   95.492422][   T55] dvb-usb: no frontend was attached by 'TeVii S662'
[   95.536620][   T10] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[   95.705481][   T55] rc_core: IR keymap rc-tt-1500 not found
[   95.711254][   T55] Registered IR keymap rc-empty
[   95.761706][   T55] rc rc0: TeVii S662 as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0
[   95.795669][ T6300] team_slave_0: entered allmulticast mode
[   95.797350][   T55] input: TeVii S662 as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0/input5
[   95.836920][ T6300] team_slave_0: entered promiscuous mode
[   95.863676][   T55] dvb-usb: schedule remote query interval to 250 msecs.
[   95.872307][   T55] dw2102: su3000_power_ctrl: 0, initialized 1
[   95.882764][   T55] dvb-usb: TeVii S662 successfully initialized and connected.
[   95.893986][   T55] usb 2-1: USB disconnect, device number 3
[   95.936101][ T5953] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   96.079233][   T55] dvb-usb: TeVii S662 successfully deinitialized and disconnected.
[   96.127594][ T5953] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   96.156954][ T5953] usb 5-1: New USB device found, idVendor=5543, idProduct=0004, bcdDevice= 0.00
[   96.170719][ T5953] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   96.205573][ T5953] usb 5-1: config 0 descriptor??
[   96.435353][   T55] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   96.516218][ T6302] loop1: detected capacity change from 0 to 32768
[   96.547413][ T6302] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.121 (6302)
[   96.578997][ T6302] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   96.589846][ T6302] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[   96.628480][   T55] usb 4-1: config 0 interface 0 has no altsetting 0
[   96.652089][ T5953] uclogic 0003:5543:0004.0002: hidraw0: USB HID v0.02 Device [HID 5543:0004] on usb-dummy_hcd.4-1/input0
[   96.663704][   T55] usb 4-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[   96.681381][   T55] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   96.702390][   T55] usb 4-1: config 0 descriptor??
[   96.784936][ T6302] BTRFS info (device loop1): enabling ssd optimizations
[   96.802330][ T6302] BTRFS info (device loop1): turning on async discard
[   96.824467][ T6302] BTRFS info (device loop1): enabling free space tree
[   96.835512][   T10] usb 5-1: USB disconnect, device number 2
[   96.910719][ T6332] fido_id[6332]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[   97.154972][ T5826] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   97.340060][   T55] video4linux radio48: keene_cmd_set failed (-71)
[   97.385434][   T55] radio-keene 4-1:0.0: V4L2 device registered as radio48
[   97.413661][   T55] usb 4-1: USB disconnect, device number 3
[   97.987941][ T6360] loop2: detected capacity change from 0 to 1024
[   98.056367][ T6360] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   98.101394][ T6360] netlink: 8 bytes leftover after parsing attributes in process `syz.2.141'.
[   98.113094][ T6360] netlink: zone id is out of range
[   98.121357][ T6360] netlink: zone id is out of range
[   98.128076][ T6360] netlink: zone id is out of range
[   98.133216][ T6360] netlink: zone id is out of range
[   98.138984][ T6360] netlink: zone id is out of range
[   98.144119][ T6360] netlink: zone id is out of range
[   98.149972][ T6360] netlink: zone id is out of range
[   98.155103][ T6360] netlink: zone id is out of range
[   98.185307][   T24] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   98.208614][ T5199] udevd[5199]: worker [5879] terminated by signal 33 (Unknown signal 33)
[   98.235821][ T5199] udevd[5199]: worker [5879] failed while handling '/devices/virtual/block/loop1'
[   98.263696][ T5827] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   98.365644][   T24] usb 2-1: Using ep0 maxpacket: 32
[   98.401037][   T24] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[   98.430513][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[   98.465930][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[   98.492631][   T24] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[   98.535659][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   98.560833][   T24] usb 2-1: config 0 descriptor??
[   98.568566][ T6359] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[   98.593836][   T24] hub 2-1:0.0: USB hub found
[   98.757556][ T6388] loop2: detected capacity change from 0 to 256
[   98.781941][ T5841] gfs2: fsid=syz:syz.0: warning: assertion "gfs2_log_is_empty(sdp)" failed - function = gfs2_make_fs_ro, file = fs/gfs2/super.c, line = 564
[   98.817628][ T5841] CPU: 1 UID: 0 PID: 5841 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[   98.817652][ T5841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   98.817661][ T5841] Call Trace:
[   98.817669][ T5841]  <TASK>
[   98.817677][ T5841]  dump_stack_lvl+0x189/0x250
[   98.817708][ T5841]  ? __pfx_dump_stack_lvl+0x10/0x10
[   98.817734][ T5841]  ? __pfx__printk+0x10/0x10
[   98.817760][ T5841]  ? do_raw_spin_unlock+0x122/0x240
[   98.817784][ T5841]  gfs2_assert_warn_i+0x194/0x2c0
[   98.817817][ T5841]  gfs2_make_fs_ro+0x2f5/0x300
[   98.817840][ T5841]  ? __pfx_gfs2_make_fs_ro+0x10/0x10
[   98.817856][ T5841]  ? do_raw_spin_lock+0x121/0x290
[   98.817874][ T5841]  ? __pfx_autoremove_wake_function+0x10/0x10
[   98.817902][ T5841]  ? do_raw_spin_unlock+0x122/0x240
[   98.817925][ T5841]  gfs2_put_super+0x220/0x860
[   98.817950][ T5841]  ? __pfx_gfs2_put_super+0x10/0x10
[   98.817969][ T5841]  generic_shutdown_super+0x135/0x2c0
[   98.817990][ T5841]  kill_block_super+0x44/0x90
[   98.818011][ T5841]  deactivate_locked_super+0xbc/0x130
[   98.818031][ T5841]  cleanup_mnt+0x425/0x4c0
[   98.818048][ T5841]  ? lockdep_hardirqs_on+0x9c/0x150
[   98.818074][ T5841]  task_work_run+0x1d4/0x260
[   98.818096][ T5841]  ? __pfx_task_work_run+0x10/0x10
[   98.818119][ T5841]  ? exit_to_user_mode_loop+0x55/0x4f0
[   98.818144][ T5841]  exit_to_user_mode_loop+0xff/0x4f0
[   98.818165][ T5841]  ? rcu_is_watching+0x15/0xb0
[   98.818185][ T5841]  do_syscall_64+0x2e9/0xfa0
[   98.818209][ T5841]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.818225][ T5841]  ? clear_bhb_loop+0x60/0xb0
[   98.818245][ T5841]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.818260][ T5841] RIP: 0033:0x7f4b5cd909f7
[   98.818275][ T5841] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   98.818288][ T5841] RSP: 002b:00007ffd22c57e48 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   98.818306][ T5841] RAX: 0000000000000000 RBX: 00007f4b5ce11d7d RCX: 00007f4b5cd909f7
[   98.818318][ T5841] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd22c57f00
[   98.818329][ T5841] RBP: 00007ffd22c57f00 R08: 0000000000000000 R09: 0000000000000000
[   98.818338][ T5841] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd22c58f90
[   98.818349][ T5841] R13: 00007f4b5ce11d7d R14: 0000000000016c0c R15: 00007ffd22c58fd0
[   98.818382][ T5841]  </TASK>
[   98.819748][   T24] hub 2-1:0.0: 1 port detected
[   99.069798][   T24] hub 2-1:0.0: config failed, can't get hub status (err -5)
[   99.091229][   T24] usbhid 2-1:0.0: can't add hid device: -71
[   99.099746][   T24] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[   99.227913][   T24] usb 2-1: USB disconnect, device number 4
[   99.348254][ T6387] loop3: detected capacity change from 0 to 32768
[   99.387494][ T6387] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.151 (6387)
[   99.416204][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[   99.430636][ T6387] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   99.475954][ T6387] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[   99.761304][ T6387] BTRFS info (device loop3): enabling ssd optimizations
[   99.820175][ T6387] BTRFS info (device loop3): turning on async discard
[   99.883110][ T6387] BTRFS info (device loop3): enabling free space tree
[   99.999108][ T6421] loop4: detected capacity change from 0 to 256
[  100.094587][ T6421] exfat: Deprecated parameter 'namecase'
[  100.139746][ T6421] exfat: Deprecated parameter 'utf8'
[  100.175971][ T6426] loop0: detected capacity change from 0 to 256
[  100.262732][ T6421] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  100.310505][ T6426] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x987a2e96, utbl_chksum : 0xe619d30d)
[  100.352387][ T4581] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared)
[  100.397194][ T6428] loop2: detected capacity change from 0 to 8192
[  100.495981][ T6426] exFAT-fs (loop0): start_clu is invalid cluster(0x0)
[  100.508348][ T5829] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  100.787937][ T6436] Attempt to restore checkpoint with obsolete wellknown handles
[  101.344402][ T6455] loop4: detected capacity change from 0 to 128
[  101.424317][ T6455] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1)
[  101.592533][ T6455] FAT-fs (loop4): FAT read failed (blocknr 128)
[  101.739088][   T76] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1)
[  101.905306][   T24] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  102.085513][   T24] usb 3-1: Using ep0 maxpacket: 32
[  102.096626][   T24] usb 3-1: config 0 has an invalid interface number: 209 but max is 0
[  102.104844][   T24] usb 3-1: config 0 has no interface number 0
[  102.115299][   T24] usb 3-1: config 0 interface 209 has no altsetting 0
[  102.149738][   T24] usb 3-1: New USB device found, idVendor=1f71, idProduct=3306, bcdDevice=1b.23
[  102.185310][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  102.193356][   T24] usb 3-1: Product: syz
[  102.216712][   T24] usb 3-1: Manufacturer: syz
[  102.221440][   T24] usb 3-1: SerialNumber: syz
[  102.242520][   T24] usb 3-1: config 0 descriptor??
[  102.290261][ T6478] loop4: detected capacity change from 0 to 4096
[  102.440426][ T6483] netem: incorrect gi model size
[  102.475500][ T6483] netem: change failed
[  102.611639][   T24] usb 3-1: USB disconnect, device number 3
[  102.638848][ T6485] loop4: detected capacity change from 0 to 256
[  102.800912][ T6489] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input6
[  102.900468][ T6491] random: crng reseeded on system resumption
[  103.303068][ T6502] netlink: 8 bytes leftover after parsing attributes in process `syz.1.193'.
[  103.686413][ T6503] loop2: detected capacity change from 0 to 32768
[  103.741895][ T6503] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  103.750233][ T6503] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  103.788932][ T6503] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms
[  103.800025][   T24] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  103.808215][   T24] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  103.883593][   T24] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 75ms
[  103.893585][   T24] gfs2: fsid=syz:syz.0: jid=0: Done
[  103.899668][ T6503] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  104.456157][ T5843] Bluetooth: hci0: command tx timeout
[  104.638103][ T6507] loop3: detected capacity change from 0 to 32768
[  104.730945][   T30] audit: type=1800 audit(1763529336.923:2): pid=6507 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.196" name="file1" dev="loop3" ino=4 res=0 errno=0
[  104.907378][ T5894] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  104.995108][ T6509] loop4: detected capacity change from 0 to 32768
[  105.069554][   T30] audit: type=1800 audit(1763529337.253:3): pid=6509 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.197" name="file1" dev="loop4" ino=0 res=0 errno=0
[  105.135408][ T5894] usb 1-1: Using ep0 maxpacket: 8
[  105.166428][ T5894] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 7
[  105.210268][ T6532] loop1: detected capacity change from 0 to 2048
[  105.216310][ T5894] usb 1-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  105.257966][ T5894] usb 1-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  105.295751][ T5894] usb 1-1: Product: syz
[  105.299973][ T5894] usb 1-1: Manufacturer: syz
[  105.304587][ T5894] usb 1-1: SerialNumber: syz
[  105.355231][ T6532] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  105.625816][ T5894] usb 1-1: Handspring Visor / Palm OS: No valid connect info available
[  105.669543][ T5894] usb 1-1: Handspring Visor / Palm OS: port 109, is for unknown use
[  105.703351][ T5894] usb 1-1: Handspring Visor / Palm OS: port 211, is for unknown use
[  105.745274][ T5894] usb 1-1: Handspring Visor / Palm OS: Number of ports: 2
[  105.839501][ T5894] visor 1-1:1.0: Handspring Visor / Palm OS converter detected
[  105.845395][ T6547] netlink: 8 bytes leftover after parsing attributes in process `syz.1.212'.
[  105.896371][ T5894] usb 1-1: Handspring Visor / Palm OS converter now attached to ttyUSB0
[  105.908084][ T6547] netlink: 'syz.1.212': attribute type 30 has an invalid length.
[  105.943684][ T6547] netlink: 4 bytes leftover after parsing attributes in process `syz.1.212'.
[  105.948011][ T5894] usb 1-1: Handspring Visor / Palm OS converter now attached to ttyUSB1
[  106.194711][ T6553] loop1: detected capacity change from 0 to 2048
[  106.240131][ T5894] usb 1-1: USB disconnect, device number 3
[  106.250472][ T6553] UDF-fs: error (device loop1): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  106.283805][ T5894] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0
[  106.316607][ T6553] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[  106.324285][ T6553] UDF-fs: Scanning with blocksize 512 failed
[  106.335996][ T5894] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1
[  106.384651][ T6553] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  106.398871][ T5894] visor 1-1:1.0: device disconnected
[  106.400523][ T6557] netlink: 44 bytes leftover after parsing attributes in process `syz.2.217'.
[  106.678995][ T6541] loop3: detected capacity change from 0 to 32768
[  106.722237][ T6541] ERROR: (device loop3): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 3
[  106.722237][ T6541] 
[  106.753394][ T6541] ERROR: (device loop3): remounting filesystem as read-only
[  106.778518][ T6541] ERROR: (device loop3): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 3
[  106.778518][ T6541] 
[  107.375648][ T6575] netlink: 40 bytes leftover after parsing attributes in process `syz.1.226'.
[  107.391906][ T6575] netlink: 40 bytes leftover after parsing attributes in process `syz.1.226'.
[  107.414722][ T6575] netlink: 40 bytes leftover after parsing attributes in process `syz.1.226'.
[  108.170782][ T6590] loop1: detected capacity change from 0 to 32768
[  108.221460][ T6590] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  108.230241][ T6590] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  108.239688][   T10] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  108.252559][ T6590] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  108.263056][ T6250] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  108.270215][ T6250] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  108.313637][ T6250] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 43ms
[  108.323108][ T6250] gfs2: fsid=syz:syz.0: jid=0: Done
[  108.333177][ T6590] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  108.424170][ T6590] gfs2: fsid=syz:syz.0: Corruption found in quota_change0file: duplicate identifier in slot 48768
[  108.435431][ T6590] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed - function = gfs2_qd_dispose, file = fs/gfs2/quota.c, line = 129
[  108.449078][ T6590] CPU: 0 UID: 0 PID: 6590 Comm: syz.1.232 Not tainted syzkaller #0 PREEMPT(full) 
[  108.449100][ T6590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  108.449110][ T6590] Call Trace:
[  108.449119][ T6590]  <TASK>
[  108.449127][ T6590]  dump_stack_lvl+0x189/0x250
[  108.449157][ T6590]  ? __pfx_dump_stack_lvl+0x10/0x10
[  108.449180][ T6590]  ? __pfx__printk+0x10/0x10
[  108.449206][ T6590]  ? do_raw_spin_unlock+0x122/0x240
[  108.449231][ T6590]  gfs2_assert_warn_i+0x194/0x2c0
[  108.449259][ T6590]  gfs2_qd_dispose+0x466/0x570
[  108.449287][ T6590]  gfs2_quota_init+0xcb0/0x1200
[  108.449310][ T6590]  ? __lock_acquire+0xab9/0xd20
[  108.449354][ T6590]  ? __pfx_gfs2_quota_init+0x10/0x10
[  108.449375][ T6590]  ? rcu_is_watching+0x15/0xb0
[  108.449393][ T6590]  ? __pfx_wake_up_bit+0x10/0x10
[  108.449409][ T6590]  ? kfree+0x4d/0x680
[  108.449435][ T6590]  ? inode_go_inval+0x2a0/0x360
[  108.449463][ T6590]  gfs2_make_fs_rw+0x143/0x220
[  108.449485][ T6590]  gfs2_fill_super+0x1b6a/0x21b0
[  108.449521][ T6590]  ? __pfx_gfs2_fill_super+0x10/0x10
[  108.449543][ T6590]  ? init_locking+0xb8/0x210
[  108.449559][ T6590]  ? sb_set_blocksize+0x155/0x240
[  108.449583][ T6590]  ? setup_bdev_super+0x4c1/0x5b0
[  108.449608][ T6590]  get_tree_bdev_flags+0x40e/0x4d0
[  108.449636][ T6590]  ? __pfx_gfs2_fill_super+0x10/0x10
[  108.449654][ T6590]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  108.449673][ T6590]  ? __pfx_vfs_parse_comma_sep+0x10/0x10
[  108.449704][ T6590]  gfs2_get_tree+0x51/0x1e0
[  108.449726][ T6590]  vfs_get_tree+0x92/0x2b0
[  108.449750][ T6590]  do_new_mount+0x302/0xa10
[  108.449772][ T6590]  ? apparmor_capable+0x137/0x1b0
[  108.449801][ T6590]  ? __pfx_do_new_mount+0x10/0x10
[  108.449825][ T6590]  ? ns_capable+0x8a/0xf0
[  108.449849][ T6590]  ? kmem_cache_free+0x197/0x640
[  108.449877][ T6590]  __se_sys_mount+0x313/0x410
[  108.449904][ T6590]  ? __pfx___se_sys_mount+0x10/0x10
[  108.449933][ T6590]  ? do_syscall_64+0xbe/0xfa0
[  108.449957][ T6590]  ? __x64_sys_mount+0x20/0xc0
[  108.449983][ T6590]  do_syscall_64+0xfa/0xfa0
[  108.450008][ T6590]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.450031][ T6590]  ? clear_bhb_loop+0x60/0xb0
[  108.450053][ T6590]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.450071][ T6590] RIP: 0033:0x7f09b4b90e6a
[  108.450088][ T6590] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  108.450102][ T6590] RSP: 002b:00007f09b2df5e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  108.450122][ T6590] RAX: ffffffffffffffda RBX: 00007f09b2df5ef0 RCX: 00007f09b4b90e6a
[  108.450136][ T6590] RDX: 00002000000124c0 RSI: 0000200000012500 RDI: 00007f09b2df5eb0
[  108.450148][ T6590] RBP: 00002000000124c0 R08: 00007f09b2df5ef0 R09: 0000000000000000
[  108.450161][ T6590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000012500
[  108.450172][ T6590] R13: 00007f09b2df5eb0 R14: 000000000001264d R15: 0000200000000180
[  108.450205][ T6590]  </TASK>
[  108.758330][   T10] usb 3-1: config 1 has an invalid interface number: 7 but max is 0
[  108.766899][   T10] usb 3-1: config 1 has no interface number 0
[  108.773110][   T10] usb 3-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  108.784990][   T10] usb 3-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  108.794961][   T10] usb 3-1: config 1 interface 7 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 64
[  108.804750][   T10] usb 3-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  108.817398][ T6590] gfs2: fsid=syz:syz.0: found 1 quota changes
[  108.827727][   T10] usb 3-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  108.838535][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  108.846605][   T10] usb 3-1: Product: syz
[  108.850770][   T10] usb 3-1: Manufacturer: syz
[  108.855513][   T10] usb 3-1: SerialNumber: syz
[  108.874987][ T6584] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  108.931027][ T6584] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  108.964769][ T6588] loop3: detected capacity change from 0 to 40427
[  108.973433][ T6588] F2FS-fs (loop3): Small segment_count (9 < 1 * 24)
[  108.980588][ T6588] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  109.094510][ T6588] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  109.108517][ T6588] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  109.116537][ T6588] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  109.175399][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  109.220082][ T6584] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  109.241479][ T6588] syz.3.231: attempt to access beyond end of device
[  109.241479][ T6588] loop3: rw=2049, sector=53248, nr_sectors = 16 limit=40427
[  109.292023][ T6584] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  109.466110][ T5829] syz-executor: attempt to access beyond end of device
[  109.466110][ T5829] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  109.499088][ T5829] CPU: 1 UID: 0 PID: 5829 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  109.499113][ T5829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  109.499123][ T5829] Call Trace:
[  109.499130][ T5829]  <TASK>
[  109.499138][ T5829]  dump_stack_lvl+0x189/0x250
[  109.499170][ T5829]  ? __pfx_dump_stack_lvl+0x10/0x10
[  109.499199][ T5829]  ? __pfx_queue_work_on+0x10/0x10
[  109.499220][ T5829]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  109.499243][ T5829]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  109.499277][ T5829]  f2fs_handle_critical_error+0x37c/0x540
[  109.499305][ T5829]  f2fs_write_end_io+0x94b/0xc10
[  109.499344][ T5829]  __submit_merged_bio+0x256/0x6a0
[  109.499368][ T5829]  __submit_merged_write_cond+0x255/0x530
[  109.499393][ T5829]  f2fs_write_data_pages+0x2756/0x3290
[  109.499454][ T5829]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  109.499529][ T5829]  ? __lock_acquire+0xab9/0xd20
[  109.499579][ T5829]  ? irqentry_exit+0x5ba/0x640
[  109.499619][ T5829]  ? __lock_acquire+0xab9/0xd20
[  109.499660][ T5829]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  109.499680][ T5829]  do_writepages+0x32e/0x550
[  109.499712][ T5829]  ? do_raw_spin_unlock+0x122/0x240
[  109.499735][ T5829]  filemap_fdatawrite+0x199/0x240
[  109.499750][ T5829]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  109.499821][ T5829]  ? do_raw_spin_unlock+0x122/0x240
[  109.499844][ T5829]  f2fs_sync_dirty_inodes+0x30f/0x830
[  109.499881][ T5829]  f2fs_write_checkpoint+0x93e/0x2440
[  109.499938][ T5829]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  109.499955][ T5829]  ? kasan_record_aux_stack+0xbd/0xd0
[  109.500038][ T5829]  kill_f2fs_super+0x2cc/0x6d0
[  109.500070][ T5829]  ? __pfx_kill_f2fs_super+0x10/0x10
[  109.500113][ T5829]  ? shrinker_free+0x2ce/0x3e0
[  109.500139][ T5829]  deactivate_locked_super+0xbc/0x130
[  109.500161][ T5829]  cleanup_mnt+0x425/0x4c0
[  109.500180][ T5829]  ? lockdep_hardirqs_on+0x9c/0x150
[  109.500213][ T5829]  task_work_run+0x1d4/0x260
[  109.500235][ T5829]  ? __pfx_task_work_run+0x10/0x10
[  109.500259][ T5829]  ? exit_to_user_mode_loop+0x55/0x4f0
[  109.500287][ T5829]  exit_to_user_mode_loop+0xff/0x4f0
[  109.500306][ T5829]  ? rcu_is_watching+0x15/0xb0
[  109.500327][ T5829]  do_syscall_64+0x2e9/0xfa0
[  109.500351][ T5829]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.500366][ T5829]  ? clear_bhb_loop+0x60/0xb0
[  109.500388][ T5829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.500404][ T5829] RIP: 0033:0x7f2740d909f7
[  109.500420][ T5829] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  109.500433][ T5829] RSP: 002b:00007ffd42fbcd08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  109.500451][ T5829] RAX: 0000000000000000 RBX: 00007f2740e11d7d RCX: 00007f2740d909f7
[  109.500461][ T5829] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd42fbcdc0
[  109.500472][ T5829] RBP: 00007ffd42fbcdc0 R08: 0000000000000000 R09: 0000000000000000
[  109.500481][ T5829] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd42fbde50
[  109.500492][ T5829] R13: 00007f2740e11d7d R14: 000000000001ab07 R15: 00007ffd42fbde90
[  109.500529][ T5829]  </TASK>
[  109.502819][ T5829] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  109.813014][   T10] sierra_net 3-1:1.7 wwan0: register 'sierra_net' at usb-dummy_hcd.2-1, Sierra Wireless USB-to-WWAN Modem, 00:00:00:00:01:07
[  109.872603][ T6610] loop1: detected capacity change from 0 to 512
[  109.936591][   T10] sierra_net 3-1:1.7 wwan0: Submit SYNC failed -71
[  109.979945][ T6592] loop0: detected capacity change from 0 to 32768
[  109.981455][   T10] sierra_net 3-1:1.7 wwan0: Send SYNC failed, status -71
[  110.109973][   T10] sierra_net 3-1:1.7 wwan0: Submit SYNC failed -71
[  110.112031][ T6610] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  110.159237][   T10] sierra_net 3-1:1.7 wwan0: Send SYNC failed, status -71
[  110.160241][ T6620] netlink: 8 bytes leftover after parsing attributes in process `syz.4.239'.
[  110.197732][ T6592] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  110.204960][   T10] usb 3-1: USB disconnect, device number 4
[  110.227377][   T10] sierra_net 3-1:1.7 wwan0: unregister 'sierra_net' usb-dummy_hcd.2-1, Sierra Wireless USB-to-WWAN Modem
[  110.357999][ T6592] XFS (loop0): Ending clean mount
[  110.376895][   T10] sierra_net 3-1:1.7 wwan0 (unregistered): usb_control_msg failed, status -19
[  110.422124][ T6592] XFS (loop0): Quotacheck needed: Please wait.
[  110.463626][ T5826] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  110.548043][ T6592] XFS (loop0): Quotacheck: Done.
[  110.757195][ T5841] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  111.361447][ T6648] loop2: detected capacity change from 0 to 4096
[  111.409686][ T6648] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512).
[  111.604513][ T6648] ntfs3(loop2): ino=1e, "file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ni_find_attr
[  112.007312][ T6671] capability: warning: `syz.2.259' uses deprecated v2 capabilities in a way that may be insecure
[  112.040279][ T6673] loop4: detected capacity change from 0 to 1024
[  112.088236][ T6673] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  112.332915][ T6684] loop2: detected capacity change from 0 to 128
[  112.334473][ T6682] batman_adv: batadv0: Adding interface: ipvlan2
[  112.379915][ T6682] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  112.475296][ T6682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  112.492368][ T6682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  112.522324][ T5825] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.528536][ T6682] batman_adv: batadv0: Interface activated: ipvlan2
[  113.145393][ T5894] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  113.305267][ T5894] usb 2-1: Using ep0 maxpacket: 32
[  113.318121][ T5894] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  113.346344][ T5894] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  113.372420][ T6687] loop0: detected capacity change from 0 to 40427
[  113.377409][ T5894] usb 2-1: config 0 descriptor??
[  113.409701][ T6687] F2FS-fs: heap/no_heap options were deprecated
[  113.443957][ T6687] F2FS-fs (loop0): build fault injection rate: 19
[  113.479511][ T6687] F2FS-fs (loop0): build fault injection type: 0x3bfe8c
[  113.503516][ T6687] F2FS-fs (loop0): invalid crc value
[  113.556646][ T6687] F2FS-fs (loop0): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970
[  113.593118][ T6691] loop2: detected capacity change from 0 to 32768
[  113.649511][ T6691] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.268 (6691)
[  113.676253][ T5894] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  113.699875][ T5894] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  113.727762][ T6691] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  113.749856][ T5894] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  113.755522][ T6687] F2FS-fs (loop0): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x20a/0x3f0
[  113.771097][ T5894] usb 2-1: media controller created
[  113.794536][ T6691] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  113.831296][ T6687] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  113.841829][ T6687] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  113.860821][ T5894] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  113.880829][ T6695] az6027: more than 2 i2c messages at a time is not handled yet. TODO.
[  113.891352][ T6687] F2FS-fs (loop0): inject page alloc in f2fs_grab_cache_folio of f2fs_new_node_folio+0x131/0xa40
[  113.964055][    C1] F2FS-fs (loop0): inject write IO error in f2fs_write_end_io of blk_update_request+0x57e/0xe60
[  113.974929][    C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted syzkaller #0 PREEMPT(full) 
[  113.974957][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  113.974969][    C1] Call Trace:
[  113.974976][    C1]  <TASK>
[  113.974985][    C1]  dump_stack_lvl+0x189/0x250
[  113.975022][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  113.975050][    C1]  ? __pfx_queue_work_on+0x10/0x10
[  113.975078][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  113.975104][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  113.975132][    C1]  ? f2fs_hw_is_readonly+0x39b/0x470
[  113.975157][    C1]  f2fs_handle_critical_error+0x37c/0x540
[  113.975180][    C1]  f2fs_write_end_io+0x94b/0xc10
[  113.975217][    C1]  blk_update_request+0x57e/0xe60
[  113.975248][    C1]  blk_mq_end_request+0x3e/0x70
[  113.975265][    C1]  blk_flush_complete_seq+0x678/0xcc0
[  113.975294][    C1]  flush_end_io+0xbaf/0xe60
[  113.975326][    C1]  __blk_mq_end_request+0x46a/0x630
[  113.975350][    C1]  blk_done_softirq+0x10a/0x160
[  113.975379][    C1]  handle_softirqs+0x27d/0x880
[  113.975406][    C1]  ? run_ksoftirqd+0x9b/0x100
[  113.975436][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  113.975461][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  113.975488][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  113.975511][    C1]  run_ksoftirqd+0x9b/0x100
[  113.975537][    C1]  ? __pfx_run_ksoftirqd+0x10/0x10
[  113.975578][    C1]  smpboot_thread_fn+0x542/0xa60
[  113.975607][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  113.975641][    C1]  kthread+0x711/0x8a0
[  113.975663][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  113.975689][    C1]  ? __pfx_kthread+0x10/0x10
[  113.975709][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  113.975733][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  113.975758][    C1]  ? __pfx_kthread+0x10/0x10
[  113.975776][    C1]  ret_from_fork+0x599/0xb30
[  113.975803][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  113.975835][    C1]  ? __switch_to_asm+0x39/0x70
[  113.975849][    C1]  ? __switch_to_asm+0x33/0x70
[  113.975863][    C1]  ? __pfx_kthread+0x10/0x10
[  113.975881][    C1]  ret_from_fork_asm+0x1a/0x30
[  113.975911][    C1]  </TASK>
[  113.975917][    C1] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  114.198676][ T5894] az6027: usb out operation failed. (-71)
[  114.213063][ T5894] az6027: usb out operation failed. (-71)
[  114.218904][ T5894] stb0899_attach: Driver disabled by Kconfig
[  114.224904][ T5894] az6027: no front-end attached
[  114.224904][ T5894] 
[  114.233664][ T5841] F2FS-fs (loop0): do_checkpoint failed err:-5, stop checkpoint
[  114.249516][ T5894] az6027: usb out operation failed. (-71)
[  114.283912][ T5894] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  114.313638][ T5894] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input7
[  114.345632][ T5894] dvb-usb: schedule remote query interval to 400 msecs.
[  114.352698][ T5894] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  114.379348][ T6691] BTRFS info (device loop2): enabling ssd optimizations
[  114.396036][ T5894] usb 2-1: USB disconnect, device number 5
[  114.415221][ T6691] BTRFS info (device loop2): turning on async discard
[  114.424486][ T6691] BTRFS info (device loop2): enabling free space tree
[  114.515577][   T10] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  114.613100][ T5894] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  114.672076][ T6732] loop3: detected capacity change from 0 to 512
[  114.678540][   T10] usb 5-1: Using ep0 maxpacket: 32
[  114.682260][ T5827] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  114.686003][   T10] usb 5-1: config 0 interface 0 has no altsetting 0
[  114.727306][ T6732] EXT4-fs: Ignoring removed orlov option
[  114.732998][ T6732] EXT4-fs: Ignoring removed nobh option
[  114.768608][   T10] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  114.811322][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  114.824019][ T6732] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  114.867307][   T10] usb 5-1: Product: syz
[  114.906595][   T10] usb 5-1: Manufacturer: syz
[  114.911007][ T6732] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.278: bg 0: block 248: padding at end of block bitmap is not set
[  114.925963][   T10] usb 5-1: SerialNumber: syz
[  114.947538][   T10] usb 5-1: config 0 descriptor??
[  114.980630][ T6732] Quota error (device loop3): write_blk: dquota write failed
[  115.025345][ T6732] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  115.064157][ T6732] EXT4-fs error (device loop3): ext4_acquire_dquot:6948: comm syz.3.278: Failed to acquire dquot type 1
[  115.164560][ T6732] EXT4-fs (loop3): 1 truncate cleaned up
[  115.222399][ T6732] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  115.265005][ T6732] ext4 filesystem being mounted at /57/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  115.339590][   T49] Bluetooth: hci5: Frame reassembly failed (-84)
[  115.356446][   T30] audit: type=1326 audit(1763529347.543:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6748 comm="syz.0.284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b5cd8f6c9 code=0x7ffc0000
[  115.378555][   T49] Bluetooth: hci5: Frame reassembly failed (-84)
[  115.406945][   T10] gs_usb 5-1:0.0: Configuring for 1 interfaces
[  115.430437][ T6732] EXT4-fs: Ignoring removed orlov option
[  115.440740][ T6732] EXT4-fs: Ignoring removed nobh option
[  115.455583][ T6732] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  115.458083][   T30] audit: type=1326 audit(1763529347.583:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6748 comm="syz.0.284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b5cd8f6c9 code=0x7ffc0000
[  115.509195][ T6732] EXT4-fs error (device loop3): __ext4_remount:6751: comm syz.3.278: Abort forced by user
[  115.525862][ T6732] EXT4-fs (loop3): Remounting filesystem read-only
[  115.534539][   T30] audit: type=1326 audit(1763529347.623:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6748 comm="syz.0.284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4b5cd8f6c9 code=0x7ffc0000
[  115.556698][   T30] audit: type=1326 audit(1763529347.623:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6748 comm="syz.0.284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b5cd8f6c9 code=0x7ffc0000
[  115.579523][   T30] audit: type=1326 audit(1763529347.623:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6748 comm="syz.0.284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4b5cd8f6c9 code=0x7ffc0000
[  115.601264][ T6732] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000.
[  115.639854][   T30] audit: type=1326 audit(1763529347.633:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6748 comm="syz.0.284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b5cd8f6c9 code=0x7ffc0000
[  115.692938][   T30] audit: type=1326 audit(1763529347.683:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6748 comm="syz.0.284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f4b5cd86567 code=0x7ffc0000
[  115.723508][   T30] audit: type=1326 audit(1763529347.683:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6748 comm="syz.0.284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f4b5cd2b789 code=0x7ffc0000
[  115.750574][ T5829] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  115.814339][   T10] gs_usb 5-1:0.0: Disabling termination support for channel 0 (-EPROTO)
[  115.835588][   T10] gs_usb 5-1:0.0: Couldn't register candev for channel 0 (-EINVAL)
[  115.857978][   T10] gs_usb 5-1:0.0: probe with driver gs_usb failed with error -22
[  115.881375][ T6604] udevd[6604]: failed to send result of seq 11945 to main daemon: Connection refused
[  115.888251][ T6761] program syz.2.290 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  115.893951][   T10] usb 5-1: USB disconnect, device number 3
[  116.522815][ T6773] loop3: detected capacity change from 0 to 512
[  116.554293][ T6764] loop0: detected capacity change from 0 to 40427
[  116.564399][ T6764] F2FS-fs (loop0): build fault injection rate: 174
[  116.575020][ T6764] F2FS-fs (loop0): build fault injection type: 0x3bfe8c
[  116.577597][ T6773] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  116.595512][ T6773] ext4 filesystem being mounted at /59/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  116.610109][ T6764] F2FS-fs (loop0): invalid crc value
[  116.694193][ T5829] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  116.735278][   T10] usb 3-1: new low-speed USB device number 5 using dummy_hcd
[  116.769239][ T6764] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  116.794015][ T6764] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  116.840414][ T6764] F2FS-fs (loop0): inject inconsistent footer in f2fs_sanity_check_node_footer of __get_node_folio+0x6df/0xbe0
[  116.853867][ T6764] F2FS-fs (loop0): inconsistent node block, node_type:1, nid:10, node_footer[nid:10,ino:10,ofs:0,cpver:0,blkaddr:0]
[  116.892678][ T5841] syz-executor: attempt to access beyond end of device
[  116.892678][ T5841] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  116.906962][ T5841] CPU: 0 UID: 0 PID: 5841 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  116.906985][ T5841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  116.906994][ T5841] Call Trace:
[  116.907000][ T5841]  <TASK>
[  116.907010][ T5841]  dump_stack_lvl+0x189/0x250
[  116.907040][ T5841]  ? __pfx_dump_stack_lvl+0x10/0x10
[  116.907064][ T5841]  ? __pfx_queue_work_on+0x10/0x10
[  116.907087][ T5841]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  116.907110][ T5841]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  116.907143][ T5841]  f2fs_handle_critical_error+0x37c/0x540
[  116.907170][ T5841]  f2fs_write_end_io+0x94b/0xc10
[  116.907210][ T5841]  __submit_merged_bio+0x256/0x6a0
[  116.907237][ T5841]  __submit_merged_write_cond+0x255/0x530
[  116.907263][ T5841]  f2fs_write_data_pages+0x2756/0x3290
[  116.907331][ T5841]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  116.907405][ T5841]  ? __mod_zone_page_state+0xd7/0x140
[  116.907433][ T5841]  ? folios_put_refs+0x58b/0x670
[  116.907471][ T5841]  ? __lock_acquire+0xab9/0xd20
[  116.907504][ T5841]  ? do_raw_spin_lock+0x121/0x290
[  116.907534][ T5841]  ? do_raw_spin_unlock+0x122/0x240
[  116.907551][ T5841]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  116.907572][ T5841]  do_writepages+0x32e/0x550
[  116.907604][ T5841]  ? do_raw_spin_unlock+0x122/0x240
[  116.907628][ T5841]  filemap_fdatawrite+0x199/0x240
[  116.907646][ T5841]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  116.907726][ T5841]  ? do_raw_spin_unlock+0x122/0x240
[  116.907751][ T5841]  f2fs_sync_dirty_inodes+0x30f/0x830
[  116.907772][ T6783] loop4: detected capacity change from 0 to 32768
[  116.907791][ T5841]  f2fs_write_checkpoint+0x93e/0x2440
[  116.907810][ T5841]  ? __lock_acquire+0xab9/0xd20
[  116.907860][ T5841]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  116.907947][ T5841]  kill_f2fs_super+0x2cc/0x6d0
[  116.907977][ T5841]  ? __pfx_kill_f2fs_super+0x10/0x10
[  116.908019][ T5841]  ? shrinker_free+0x2ce/0x3e0
[  116.908044][ T5841]  deactivate_locked_super+0xbc/0x130
[  116.908066][ T5841]  cleanup_mnt+0x425/0x4c0
[  116.908084][ T5841]  ? lockdep_hardirqs_on+0x9c/0x150
[  116.908110][ T5841]  task_work_run+0x1d4/0x260
[  116.908133][ T5841]  ? __pfx_task_work_run+0x10/0x10
[  116.908157][ T5841]  ? exit_to_user_mode_loop+0x55/0x4f0
[  116.908183][ T5841]  exit_to_user_mode_loop+0xff/0x4f0
[  116.908202][ T5841]  ? rcu_is_watching+0x15/0xb0
[  116.908223][ T5841]  do_syscall_64+0x2e9/0xfa0
[  116.908248][ T5841]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.908263][ T5841]  ? clear_bhb_loop+0x60/0xb0
[  116.908285][ T5841]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.908300][ T5841] RIP: 0033:0x7f4b5cd909f7
[  116.908323][ T5841] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  116.908336][ T5841] RSP: 002b:00007ffd22c57e48 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  116.908354][ T5841] RAX: 0000000000000000 RBX: 00007f4b5ce11d7d RCX: 00007f4b5cd909f7
[  116.908365][ T5841] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd22c57f00
[  116.908375][ T5841] RBP: 00007ffd22c57f00 R08: 0000000000000000 R09: 0000000000000000
[  116.908384][ T5841] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd22c58f90
[  116.908395][ T5841] R13: 00007f4b5ce11d7d R14: 000000000001c867 R15: 00007ffd22c58fd0
[  116.908429][ T5841]  </TASK>
[  116.909699][ T5841] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  116.930316][ T6783] (syz.4.298,6783,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  116.934974][   T10] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  116.949074][ T6783] (syz.4.298,6783,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  116.951624][   T10] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  117.011741][ T6783] JBD2: Ignoring recovery information on journal
[  117.085240][   T10] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  117.312495][   T10] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  117.324118][   T10] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  117.341157][ T6783] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  117.355847][ T5843] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[  117.358845][   T10] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  117.393184][   T10] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  117.456836][   T10] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  117.493647][   T10] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  117.527834][   T10] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  117.564273][ T6783] (syz.4.298,6783,1):ocfs2_check_set_options:1244 ERROR: Invalid heartbeat mount options
[  117.564564][   T10] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  117.589312][   T10] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  117.600854][   T10] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  117.612691][   T10] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  117.625106][   T10] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  117.646248][ T5901] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  117.668481][   T10] usb 3-1: string descriptor 0 read error: -22
[  117.674948][   T10] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  117.685749][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  117.704995][   T10] adutux 3-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  117.756528][ T5825] ocfs2: Unmounting device (7,4) on (node local)
[  117.805305][ T5901] usb 1-1: Using ep0 maxpacket: 16
[  117.818991][ T5901] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  117.843654][ T5901] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  117.864465][ T5901] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  117.878400][ T5901] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  117.889508][ T5901] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  117.906169][ T5901] usb 1-1: config 0 descriptor??
[  117.981011][   T10] usb 3-1: USB disconnect, device number 5
[  118.161868][ T6807] new mount options do not match the existing superblock, will be ignored
[  118.204862][ T6800] loop3: detected capacity change from 0 to 40427
[  118.215026][ T6800] F2FS-fs (loop3): Invalid SB checksum offset: 0
[  118.222227][ T6800] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[  118.237588][ T6800] F2FS-fs (loop3): invalid crc value
[  118.341722][ T6817] loop1: detected capacity change from 0 to 512
[  118.349064][ T5901] microsoft 0003:045E:07DA.0003: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0
[  118.354280][ T6800] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  118.381792][ T6817] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #15: comm syz.1.311: inode has both inline data and extents flags
[  118.382082][ T6800] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[  118.399307][ T6817] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.311: couldn't read orphan inode 15 (err -117)
[  118.402414][ T5901] microsoft 0003:045E:07DA.0003: no inputs found
[  118.424975][ T6817] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  118.435776][ T6800] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  118.440296][ T5901] microsoft 0003:045E:07DA.0003: could not initialize ff, continuing anyway
[  118.517761][ T5826] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  118.530355][ T5829] syz-executor: attempt to access beyond end of device
[  118.530355][ T5829] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  118.585583][ T5829] CPU: 0 UID: 0 PID: 5829 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  118.585609][ T5829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  118.585622][ T5829] Call Trace:
[  118.585629][ T5829]  <TASK>
[  118.585637][ T5829]  dump_stack_lvl+0x189/0x250
[  118.585676][ T5829]  ? __pfx_dump_stack_lvl+0x10/0x10
[  118.585699][ T5829]  ? __pfx_queue_work_on+0x10/0x10
[  118.585718][ T5829]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  118.585741][ T5829]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  118.585776][ T5829]  f2fs_handle_critical_error+0x37c/0x540
[  118.585802][ T5829]  f2fs_write_end_io+0x94b/0xc10
[  118.585845][ T5829]  __submit_merged_bio+0x256/0x6a0
[  118.585869][ T5829]  __submit_merged_write_cond+0x255/0x530
[  118.585898][ T5829]  f2fs_write_data_pages+0x2756/0x3290
[  118.585958][ T5829]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  118.586030][ T5829]  ? kernel_text_address+0xa5/0xe0
[  118.586050][ T5829]  ? __kernel_text_address+0xd/0x40
[  118.586067][ T5829]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  118.586114][ T5829]  ? __lock_acquire+0xab9/0xd20
[  118.586155][ T5829]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  118.586177][ T5829]  do_writepages+0x32e/0x550
[  118.586208][ T5829]  ? do_raw_spin_unlock+0x122/0x240
[  118.586229][ T5829]  filemap_fdatawrite+0x199/0x240
[  118.586247][ T5829]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  118.586318][ T5829]  ? do_raw_spin_unlock+0x122/0x240
[  118.586343][ T5829]  f2fs_sync_dirty_inodes+0x30f/0x830
[  118.586383][ T5829]  f2fs_write_checkpoint+0x93e/0x2440
[  118.586402][ T5829]  ? __lock_acquire+0xab9/0xd20
[  118.586455][ T5829]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  118.586556][ T5829]  kill_f2fs_super+0x2cc/0x6d0
[  118.586588][ T5829]  ? __pfx_kill_f2fs_super+0x10/0x10
[  118.586633][ T5829]  ? shrinker_free+0x2ce/0x3e0
[  118.586659][ T5829]  deactivate_locked_super+0xbc/0x130
[  118.586682][ T5829]  cleanup_mnt+0x425/0x4c0
[  118.586701][ T5829]  ? lockdep_hardirqs_on+0x9c/0x150
[  118.586727][ T5829]  task_work_run+0x1d4/0x260
[  118.586750][ T5829]  ? __pfx_task_work_run+0x10/0x10
[  118.586775][ T5829]  ? exit_to_user_mode_loop+0x55/0x4f0
[  118.586802][ T5829]  exit_to_user_mode_loop+0xff/0x4f0
[  118.586823][ T5829]  ? rcu_is_watching+0x15/0xb0
[  118.586845][ T5829]  do_syscall_64+0x2e9/0xfa0
[  118.586870][ T5829]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.586887][ T5829]  ? clear_bhb_loop+0x60/0xb0
[  118.586908][ T5829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.586925][ T5829] RIP: 0033:0x7f2740d909f7
[  118.586951][ T5829] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  118.586964][ T5829] RSP: 002b:00007ffd42fbcd08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  118.586987][ T5829] RAX: 0000000000000000 RBX: 00007f2740e11d7d RCX: 00007f2740d909f7
[  118.586998][ T5829] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd42fbcdc0
[  118.587009][ T5829] RBP: 00007ffd42fbcdc0 R08: 0000000000000000 R09: 0000000000000000
[  118.587019][ T5829] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd42fbde50
[  118.587030][ T5829] R13: 00007f2740e11d7d R14: 000000000001cecb R15: 00007ffd42fbde90
[  118.587067][ T5829]  </TASK>
[  118.587076][ T5829] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  118.642953][ T5926] usb 1-1: USB disconnect, device number 4
[  119.248265][ T6832] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  119.291436][ T6832] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  119.382280][ T6832] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  119.411145][ T6832] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  119.446946][ T6832] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  119.472901][ T6832] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  119.514571][ T6832] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  119.526756][ T6850] loop1: detected capacity change from 0 to 512
[  119.558228][ T6832] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  119.569879][ T6850] EXT4-fs (loop1): 1 truncate cleaned up
[  119.590731][ T6850] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  119.718303][ T6832] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  119.800959][ T6832] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  119.829973][ T6850] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.325: bg 0: block 465: padding at end of block bitmap is not set
[  119.855377][ T6832] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  119.882734][ T6850] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[  119.887131][ T6832] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  119.922330][ T6832] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  119.925437][ T6850] EXT4-fs (loop1): This should not happen!! Data will be lost
[  119.925437][ T6850] 
[  119.941260][ T6832] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  120.034672][ T6832] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  120.151682][   T12] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 64 with error 28
[  120.211819][   T12] EXT4-fs (loop1): This should not happen!! Data will be lost
[  120.211819][   T12] 
[  120.263562][   T12] EXT4-fs (loop1): Total free blocks count 0
[  120.291109][   T12] EXT4-fs (loop1): Free/Dirty block details
[  120.326402][   T12] EXT4-fs (loop1): free_blocks=0
[  120.331793][   T12] EXT4-fs (loop1): dirty_blocks=64
[  120.341121][   T12] EXT4-fs (loop1): Block reservation details
[  120.468713][ T6855] loop2: detected capacity change from 0 to 32768
[  120.487946][ T6855] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.326 (6855)
[  120.536572][ T6855] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  120.563977][ T6855] BTRFS info (device loop2): using blake2b (blake2b-256-lib) checksum algorithm
[  120.707637][ T6855] BTRFS info (device loop2): enabling ssd optimizations
[  120.740947][ T6855] BTRFS info (device loop2): turning on async discard
[  120.818396][ T6855] BTRFS info (device loop2): enabling free space tree
[  120.847605][ T6855] BTRFS info (device loop2): use zstd compression, level 3
[  120.943177][ T6892] process 'syz.4.335' launched './file0' with NULL argv: empty string added
[  120.960889][ T6894] capability: warning: `syz.3.337' uses 32-bit capabilities (legacy support in use)
[  120.988989][ T5827] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  121.254286][ T6903] loop0: detected capacity change from 0 to 2048
[  121.276196][ T5830] Bluetooth: hci0: command 0x0c1a tx timeout
[  121.301170][ T6903] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  121.335511][   T55] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  121.397893][ T6907] loop1: detected capacity change from 0 to 4096
[  121.415360][ T5830] Bluetooth: hci1: command 0x0c1a tx timeout
[  121.471832][ T6910] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  121.495410][   T55] usb 5-1: Using ep0 maxpacket: 32
[  121.506402][   T55] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  121.555277][   T55] usb 5-1: New USB device found, idVendor=04b4, idProduct=07b1, bcdDevice= 0.00
[  121.574533][   T55] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  121.583309][ T5830] Bluetooth: hci2: command 0x0c1a tx timeout
[  121.586174][ T6907] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=12)
[  121.614027][   T55] usb 5-1: config 0 descriptor??
[  121.631125][ T6907] Remounting filesystem read-only
[  121.815437][ T5830] Bluetooth: hci3: command 0x0c1a tx timeout
[  121.841926][   T55] usbhid 5-1:0.0: can't add hid device: -71
[  121.855386][   T55] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  121.871208][   T55] usb 5-1: USB disconnect, device number 4
[  121.974116][ T6905] loop3: detected capacity change from 0 to 32768
[  121.985683][ T5830] Bluetooth: hci4: command 0x0c1a tx timeout
[  121.996005][ T6905] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.343 (6905)
[  122.078473][ T6905] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  122.115402][ T6905] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm
[  122.134519][ T6905] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  122.164659][ T6914] loop0: detected capacity change from 0 to 32768
[  122.177304][ T6914] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.346 (6914)
[  122.203592][ T6927] loop2: detected capacity change from 0 to 512
[  122.212108][ T6914] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  122.212411][ T6927] EXT4-fs: Ignoring removed orlov option
[  122.225311][ T6914] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[  122.229166][ T6927] EXT4-fs: Ignoring removed nobh option
[  122.248171][ T6927] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  122.309532][ T6927] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.350: bg 0: block 248: padding at end of block bitmap is not set
[  122.326155][ T6927] __quota_error: 35 callbacks suppressed
[  122.326171][ T6927] Quota error (device loop2): write_blk: dquota write failed
[  122.339528][ T6927] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  122.353515][ T6927] EXT4-fs error (device loop2): ext4_acquire_dquot:6948: comm syz.2.350: Failed to acquire dquot type 1
[  122.368163][ T6927] EXT4-fs (loop2): 1 truncate cleaned up
[  122.377357][ T6927] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  122.391355][ T6927] ext4 filesystem being mounted at /80/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  122.428710][ T6914] BTRFS info (device loop0): enabling ssd optimizations
[  122.433027][ T6927] EXT4-fs: Ignoring removed orlov option
[  122.443541][ T6927] EXT4-fs: Ignoring removed nobh option
[  122.448742][ T6914] BTRFS info (device loop0): turning on async discard
[  122.463100][ T6927] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  122.466185][ T6914] BTRFS info (device loop0): enabling free space tree
[  122.497547][ T6905] BTRFS info (device loop3): rebuilding free space tree
[  122.514401][ T6905] BTRFS info (device loop3): disabling free space tree
[  122.524810][ T6927] EXT4-fs error (device loop2): __ext4_remount:6751: comm syz.2.350: Abort forced by user
[  122.535086][ T6905] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  122.545323][ T6905] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  122.576719][ T6927] EXT4-fs (loop2): Remounting filesystem read-only
[  122.590824][ T6905] BTRFS info (device loop3): enabling ssd optimizations
[  122.595375][ T6927] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000.
[  122.597985][ T6905] BTRFS info (device loop3): using spread ssd allocation scheme
[  122.614654][ T6905] BTRFS info (device loop3): enabling disk space caching
[  122.637603][ T6905] BTRFS info (device loop3): force clearing of disk cache
[  122.644779][ T6905] BTRFS info (device loop3): use zstd compression, level 3
[  122.660137][ T5841] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  122.743918][ T5827] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  122.946533][ T5829] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  123.129596][ T6973] loop0: detected capacity change from 0 to 512
[  123.151345][ T6973] EXT4-fs: Ignoring removed orlov option
[  123.180390][ T6973] EXT4-fs: Ignoring removed nobh option
[  123.204724][ T6973] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  123.254529][ T6973] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.363: bg 0: block 248: padding at end of block bitmap is not set
[  123.313684][ T6973] Quota error (device loop0): write_blk: dquota write failed
[  123.335304][ T5830] Bluetooth: hci0: command 0x0c1a tx timeout
[  123.368533][ T6973] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  123.427271][ T6973] EXT4-fs error (device loop0): ext4_acquire_dquot:6948: comm syz.0.363: Failed to acquire dquot type 1
[  123.495304][ T5830] Bluetooth: hci1: command 0x0c1a tx timeout
[  123.540681][ T6973] EXT4-fs (loop0): 1 truncate cleaned up
[  123.548454][ T6973] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  123.576564][ T6973] ext4 filesystem being mounted at /42/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  123.633903][ T6973] EXT4-fs: Ignoring removed orlov option
[  123.647383][ T6973] EXT4-fs: Ignoring removed nobh option
[  123.656046][ T5830] Bluetooth: hci2: command 0x0c1a tx timeout
[  123.662601][ T6973] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  123.693472][ T6973] EXT4-fs error (device loop0): __ext4_remount:6751: comm syz.0.363: Abort forced by user
[  123.704459][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  123.714612][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  123.725906][ T6973] EXT4-fs (loop0): Remounting filesystem read-only
[  123.752075][ T6973] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000.
[  123.849455][ T5841] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  123.899717][ T5830] Bluetooth: hci3: command 0x0c1a tx timeout
[  124.055784][ T5830] Bluetooth: hci4: command 0x0c1a tx timeout
[  124.162864][ T6990] loop4: detected capacity change from 0 to 4096
[  124.235399][ T5901] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  124.243006][ T6997] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  124.363340][ T7001] netlink: 36 bytes leftover after parsing attributes in process `syz.3.368'.
[  124.396980][ T5901] usb 1-1: Using ep0 maxpacket: 32
[  124.416028][ T5901] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  124.465254][ T5901] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  124.477128][ T5901] usb 1-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00
[  124.493656][ T5901] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  124.513830][ T5901] usb 1-1: config 0 descriptor??
[  124.630849][ T7014] loop3: detected capacity change from 0 to 2048
[  124.643584][ T7014] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[  124.651423][ T7014] UDF-fs: Scanning with blocksize 512 failed
[  124.674143][ T7018] loop1: detected capacity change from 0 to 256
[  124.678396][ T7014] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  124.727503][ T7018] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xb5f96684, utbl_chksum : 0xe619d30d)
[  124.945622][ T5901] magicmouse 0003:05AC:0265.0004: hidraw0: USB HID v0.00 Device [HID 05ac:0265] on usb-dummy_hcd.0-1/input0
[  124.946137][ T5901] magicmouse 0003:05AC:0265.0004: magicmouse input not registered
[  124.948341][ T5901] magicmouse 0003:05AC:0265.0004: probe with driver magicmouse failed with error -12
[  125.027612][ T7028] EXT4-fs: Ignoring removed nobh option
[  125.067097][ T7028] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  125.089549][ T7028] ext4 filesystem being mounted at /78/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  125.132292][ T7031] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  125.139837][ T5926] usb 1-1: USB disconnect, device number 5
[  125.167543][ T7031] ext4 filesystem being mounted at /92/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  125.249348][ T5826] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  125.294345][ T5829] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  125.418434][ T5830] Bluetooth: hci0: command 0x0c1a tx timeout
[  125.482955][ T7044] FAT-fs (loop3): Directory bread(block 64) failed
[  125.490575][ T7044] FAT-fs (loop3): Directory bread(block 65) failed
[  125.498469][ T7044] FAT-fs (loop3): Directory bread(block 66) failed
[  125.501735][ T7046] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  125.505246][ T7044] FAT-fs (loop3): Directory bread(block 67) failed
[  125.525415][ T7044] FAT-fs (loop3): Directory bread(block 68) failed
[  125.531946][ T7044] FAT-fs (loop3): Directory bread(block 69) failed
[  125.535275][ T7046] ext4 filesystem being mounted at /82/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  125.555381][ T7044] FAT-fs (loop3): Directory bread(block 70) failed
[  125.566615][ T7044] FAT-fs (loop3): Directory bread(block 71) failed
[  125.573316][ T7044] FAT-fs (loop3): Directory bread(block 72) failed
[  125.581179][ T5830] Bluetooth: hci1: command 0x0c1a tx timeout
[  125.585337][ T7044] FAT-fs (loop3): Directory bread(block 73) failed
[  125.651277][ T7046] EXT4-fs error (device loop4): ext4_get_first_dir_block:3540: inode #12: comm syz.4.388: directory missing '.'
[  125.692164][ T7046] EXT4-fs (loop4): Remounting filesystem read-only
[  125.737574][ T5830] Bluetooth: hci2: command 0x0c1a tx timeout
[  125.788754][ T5825] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  125.964728][ T7066] set_capacity_and_notify: 4 callbacks suppressed
[  125.964745][ T7066] loop4: detected capacity change from 0 to 1024
[  125.985402][ T5830] Bluetooth: hci3: command 0x0c1a tx timeout
[  126.049296][ T7066] EXT4-fs: Ignoring removed bh option
[  126.063748][ T7066] EXT4-fs (loop4): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  126.130652][ T7066] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  126.144172][ T5830] Bluetooth: hci4: command 0x0c1a tx timeout
[  126.247620][ T7066] EXT4-fs error (device loop4): ext4_find_dest_de:2052: inode #12: block 7: comm syz.4.396: bad entry in directory: rec_len is too small for name_len - offset=16, inode=14, rec_len=40, size=56 fake=0
[  126.271081][ T7066] EXT4-fs (loop4): Remounting filesystem read-only
[  126.368006][ T5825] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  126.426150][ T6250] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  126.510973][ T7062] loop0: detected capacity change from 0 to 32768
[  126.573015][ T7062] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.395 (7062)
[  126.602002][ T7062] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  126.615339][ T6250] usb 4-1: Using ep0 maxpacket: 32
[  126.622163][ T7062] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm
[  126.642279][ T6250] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  126.665740][ T6250] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.686562][ T6250] usb 4-1: config 0 descriptor??
[  126.790682][ T7079] loop2: detected capacity change from 0 to 40427
[  126.799136][ T7079] F2FS-fs (loop2): build fault injection rate: 174
[  126.806422][ T7079] F2FS-fs (loop2): build fault injection type: 0x3bfe8c
[  126.814998][ T7079] F2FS-fs (loop2): invalid crc value
[  126.819543][ T7062] BTRFS info (device loop0): rebuilding free space tree
[  126.846094][ T7062] BTRFS info (device loop0): enabling ssd optimizations
[  126.872476][ T7062] BTRFS info (device loop0): turning off barriers
[  126.888133][ T7062] BTRFS info (device loop0): disabling tree log
[  126.914848][ T6250] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  126.926266][ T7062] BTRFS info (device loop0): turning on flush-on-commit
[  126.933237][ T7062] BTRFS info (device loop0): enabling free space tree
[  126.947823][ T6250] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  126.975304][ T7062] BTRFS info (device loop0): force clearing of disk cache
[  126.983477][ T6250] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  126.995279][ T7062] BTRFS info (device loop0): max_inline set to 0
[  127.019571][ T6250] usb 4-1: media controller created
[  127.043918][ T7079] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  127.055971][ T6250] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  127.083374][ T7079] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  127.091727][   T30] audit: type=1800 audit(1763529359.283:47): pid=7062 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.395" name="bus" dev="loop0" ino=263 res=0 errno=0
[  127.112379][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  127.135796][ T6250] az6027: usb out operation failed. (-71)
[  127.141913][ T6250] az6027: usb out operation failed. (-71)
[  127.153460][ T6250] stb0899_attach: Driver disabled by Kconfig
[  127.165336][ T6250] az6027: no front-end attached
[  127.165336][ T6250] 
[  127.174253][ T6250] az6027: usb out operation failed. (-71)
[  127.185243][ T6250] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  127.194455][ T6250] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input9
[  127.215105][ T7079] F2FS-fs (loop2): inject inconsistent footer in f2fs_sanity_check_node_footer of __get_node_folio+0x6df/0xbe0
[  127.230080][ T6250] dvb-usb: schedule remote query interval to 400 msecs.
[  127.230875][ T7079] F2FS-fs (loop2): inconsistent node block, node_type:1, nid:10, node_footer[nid:10,ino:10,ofs:0,cpver:0,blkaddr:0]
[  127.237467][ T6250] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  127.239557][ T6250] usb 4-1: USB disconnect, device number 4
[  127.298152][ T5827] syz-executor: attempt to access beyond end of device
[  127.298152][ T5827] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  127.341134][ T5827] CPU: 1 UID: 0 PID: 5827 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  127.341160][ T5827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  127.341171][ T5827] Call Trace:
[  127.341178][ T5827]  <TASK>
[  127.341186][ T5827]  dump_stack_lvl+0x189/0x250
[  127.341219][ T5827]  ? __pfx_dump_stack_lvl+0x10/0x10
[  127.341242][ T5827]  ? __pfx_queue_work_on+0x10/0x10
[  127.341262][ T5827]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  127.341284][ T5827]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  127.341320][ T5827]  f2fs_handle_critical_error+0x37c/0x540
[  127.341348][ T5827]  f2fs_write_end_io+0x94b/0xc10
[  127.341391][ T5827]  __submit_merged_bio+0x256/0x6a0
[  127.341419][ T5827]  __submit_merged_write_cond+0x255/0x530
[  127.341446][ T5827]  f2fs_write_data_pages+0x2756/0x3290
[  127.341518][ T5827]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  127.341554][ T5827]  ? finish_task_switch+0x162/0x960
[  127.341607][ T5827]  ? trace_sched_exit_tp+0x36/0x110
[  127.341626][ T5827]  ? __schedule+0x184c/0x4ed0
[  127.341675][ T5827]  ? __lock_acquire+0xab9/0xd20
[  127.341707][ T5827]  ? do_raw_spin_lock+0x121/0x290
[  127.341739][ T5827]  ? do_raw_spin_unlock+0x122/0x240
[  127.341758][ T5827]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  127.341780][ T5827]  do_writepages+0x32e/0x550
[  127.341812][ T5827]  ? do_raw_spin_unlock+0x122/0x240
[  127.341835][ T5827]  filemap_fdatawrite+0x199/0x240
[  127.341853][ T5827]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  127.341927][ T5827]  ? do_raw_spin_unlock+0x122/0x240
[  127.341952][ T5827]  f2fs_sync_dirty_inodes+0x30f/0x830
[  127.341992][ T5827]  f2fs_write_checkpoint+0x93e/0x2440
[  127.342013][ T5827]  ? __lock_acquire+0xab9/0xd20
[  127.342065][ T5827]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  127.342155][ T5827]  kill_f2fs_super+0x2cc/0x6d0
[  127.342185][ T5827]  ? __pfx_kill_f2fs_super+0x10/0x10
[  127.342228][ T5827]  ? shrinker_free+0x2ce/0x3e0
[  127.342254][ T5827]  deactivate_locked_super+0xbc/0x130
[  127.342275][ T5827]  cleanup_mnt+0x425/0x4c0
[  127.342294][ T5827]  ? lockdep_hardirqs_on+0x9c/0x150
[  127.342320][ T5827]  task_work_run+0x1d4/0x260
[  127.342343][ T5827]  ? __pfx_task_work_run+0x10/0x10
[  127.342367][ T5827]  ? exit_to_user_mode_loop+0x55/0x4f0
[  127.342394][ T5827]  exit_to_user_mode_loop+0xff/0x4f0
[  127.342414][ T5827]  ? rcu_is_watching+0x15/0xb0
[  127.342436][ T5827]  do_syscall_64+0x2e9/0xfa0
[  127.342460][ T5827]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  127.342477][ T5827]  ? clear_bhb_loop+0x60/0xb0
[  127.342505][ T5827]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  127.342521][ T5827] RIP: 0033:0x7fa96e5909f7
[  127.342537][ T5827] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  127.342551][ T5827] RSP: 002b:00007ffce8e9f818 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  127.342570][ T5827] RAX: 0000000000000000 RBX: 00007fa96e611d7d RCX: 00007fa96e5909f7
[  127.342581][ T5827] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffce8e9f8d0
[  127.342592][ T5827] RBP: 00007ffce8e9f8d0 R08: 0000000000000000 R09: 0000000000000000
[  127.342602][ T5827] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffce8ea0960
[  127.342614][ T5827] R13: 00007fa96e611d7d R14: 000000000001f108 R15: 00007ffce8ea09a0
[  127.342649][ T5827]  </TASK>
[  127.342657][ T5827] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  127.422679][ T6250] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  127.694804][ T5841] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  128.187063][ T7127] loop0: detected capacity change from 0 to 256
[  128.300958][ T7131] loop2: detected capacity change from 0 to 4096
[  128.333024][ T7133] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  128.412486][ T7136] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[  128.582906][ T7141] loop2: detected capacity change from 0 to 4096
[  128.637365][ T7144] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  128.690666][ T7146] loop0: detected capacity change from 0 to 64
[  128.891497][ T7135] loop1: detected capacity change from 0 to 40427
[  128.899892][ T7135] F2FS-fs (loop1): build fault injection rate: 174
[  128.909388][ T7135] F2FS-fs (loop1): build fault injection type: 0x3bfe8c
[  128.922402][ T7135] F2FS-fs (loop1): invalid crc value
[  128.999473][ T7138] loop4: detected capacity change from 0 to 32768
[  129.030487][ T7138] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  129.043132][ T7135] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  129.062050][ T7135] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  129.063942][ T7162] loop0: detected capacity change from 0 to 64
[  129.098675][ T7162] BFS-fs: bfs_fill_super(): loop0 is unclean, continuing
[  129.103121][ T7138] XFS (loop4): Ending clean mount
[  129.148008][ T7135] F2FS-fs (loop1): inject inconsistent footer in f2fs_sanity_check_node_footer of __get_node_folio+0x6df/0xbe0
[  129.175314][   T55] usb 3-1: new full-speed USB device number 6 using dummy_hcd
[  129.183569][ T5825] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  129.222292][ T7135] F2FS-fs (loop1): inconsistent node block, node_type:1, nid:10, node_footer[nid:10,ino:10,ofs:0,cpver:0,blkaddr:0]
[  129.316055][ T7166] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start 22000003)
[  129.346114][ T7166] FAT-fs (loop3): Filesystem has been set read-only
[  129.358939][ T5826] syz-executor: attempt to access beyond end of device
[  129.358939][ T5826] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  129.365087][   T55] usb 3-1: unable to get BOS descriptor or descriptor too short
[  129.377161][ T7166] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start 22000003)
[  129.391899][ T5826] CPU: 0 UID: 0 PID: 5826 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  129.391924][ T5826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  129.391934][ T5826] Call Trace:
[  129.391941][ T5826]  <TASK>
[  129.391949][ T5826]  dump_stack_lvl+0x189/0x250
[  129.391984][ T5826]  ? __pfx_dump_stack_lvl+0x10/0x10
[  129.392008][ T5826]  ? __pfx_queue_work_on+0x10/0x10
[  129.392028][ T5826]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  129.392050][ T5826]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  129.392085][ T5826]  f2fs_handle_critical_error+0x37c/0x540
[  129.392113][ T5826]  f2fs_write_end_io+0x94b/0xc10
[  129.392156][ T5826]  __submit_merged_bio+0x256/0x6a0
[  129.392184][ T5826]  __submit_merged_write_cond+0x255/0x530
[  129.392214][ T5826]  f2fs_write_data_pages+0x2756/0x3290
[  129.392274][ T5826]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  129.392306][ T5826]  ? is_bpf_text_address+0x26/0x2b0
[  129.392358][ T5826]  ? __mod_zone_page_state+0xd7/0x140
[  129.392391][ T5826]  ? folios_put_refs+0x58b/0x670
[  129.392431][ T5826]  ? __lock_acquire+0xab9/0xd20
[  129.392464][ T5826]  ? do_raw_spin_lock+0x121/0x290
[  129.392498][ T5826]  ? do_raw_spin_unlock+0x122/0x240
[  129.392517][ T5826]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  129.392539][ T5826]  do_writepages+0x32e/0x550
[  129.392580][ T5826]  ? do_raw_spin_unlock+0x122/0x240
[  129.392605][ T5826]  filemap_fdatawrite+0x199/0x240
[  129.392623][ T5826]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  129.392702][ T5826]  ? do_raw_spin_unlock+0x122/0x240
[  129.392727][ T5826]  f2fs_sync_dirty_inodes+0x30f/0x830
[  129.392768][ T5826]  f2fs_write_checkpoint+0x93e/0x2440
[  129.392789][ T5826]  ? __lock_acquire+0xab9/0xd20
[  129.392847][ T5826]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  129.392941][ T5826]  kill_f2fs_super+0x2cc/0x6d0
[  129.392972][ T5826]  ? __pfx_kill_f2fs_super+0x10/0x10
[  129.393016][ T5826]  ? shrinker_free+0x2ce/0x3e0
[  129.393043][ T5826]  deactivate_locked_super+0xbc/0x130
[  129.393065][ T5826]  cleanup_mnt+0x425/0x4c0
[  129.393084][ T5826]  ? lockdep_hardirqs_on+0x9c/0x150
[  129.393111][ T5826]  task_work_run+0x1d4/0x260
[  129.393134][ T5826]  ? __pfx_task_work_run+0x10/0x10
[  129.393159][ T5826]  ? exit_to_user_mode_loop+0x55/0x4f0
[  129.393182][ T5826]  exit_to_user_mode_loop+0xff/0x4f0
[  129.393202][ T5826]  ? rcu_is_watching+0x15/0xb0
[  129.393225][ T5826]  do_syscall_64+0x2e9/0xfa0
[  129.393250][ T5826]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.393266][ T5826]  ? clear_bhb_loop+0x60/0xb0
[  129.393289][ T5826]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.393305][ T5826] RIP: 0033:0x7f09b4b909f7
[  129.393322][ T5826] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  129.393337][ T5826] RSP: 002b:00007ffd98b0b658 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  129.393356][ T5826] RAX: 0000000000000000 RBX: 00007f09b4c11d7d RCX: 00007f09b4b909f7
[  129.393369][ T5826] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd98b0b710
[  129.393380][ T5826] RBP: 00007ffd98b0b710 R08: 0000000000000000 R09: 0000000000000000
[  129.393391][ T5826] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd98b0c7a0
[  129.393402][ T5826] R13: 00007f09b4c11d7d R14: 000000000001f8cb R15: 00007ffd98b0c7e0
[  129.393440][ T5826]  </TASK>
[  129.393448][ T5826] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  129.544027][   T55] usb 3-1: not running at top speed; connect to a high speed hub
[  129.784166][   T55] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  129.833685][   T55] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  129.850868][   T55] usb 3-1: string descriptor 0 read error: -22
[  129.857439][   T55] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  129.875526][   T55] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  129.918485][   T55] usb 3-1: 0:2 : does not exist
[  130.378731][ T5830] Bluetooth: hci0: command 0x0c1a tx timeout
[  130.431190][ T7168] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  130.463547][ T7168] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  130.565384][ T6250] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  130.579961][ T7168] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  130.590978][ T7168] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  130.609318][ T7168] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  130.667453][ T7168] fscrypt (loop4, inode 3): Error -61 getting encryption context
[  130.691758][ T7197] netlink: 'syz.1.442': attribute type 1 has an invalid length.
[  130.776911][   T55] usb 3-1: 5:0: failed to get current value for ch 0 (-22)
[  130.854466][   T55] usb 3-1: 5:0: cannot get min/max values for control 3 (id 5)
[  130.887619][   T55] usb 3-1: 5:0: failed to get current value for ch 1 (-22)
[  130.985736][   T55] usb 3-1: 5:0: cannot get min/max values for control 3 (id 5)
[  131.021613][   T55] usb 3-1: USB disconnect, device number 6
[  131.075260][   T24] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  131.220707][ T7201] set_capacity_and_notify: 2 callbacks suppressed
[  131.220724][ T7201] loop4: detected capacity change from 0 to 64
[  131.257215][   T24] usb 2-1: Using ep0 maxpacket: 32
[  131.269044][   T24] usb 2-1: config 0 has an invalid interface number: 66 but max is 0
[  131.287617][   T24] usb 2-1: config 0 has no interface number 0
[  131.306941][   T24] usb 2-1: New USB device found, idVendor=0fe9, idProduct=d501, bcdDevice=23.50
[  131.331207][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  131.351571][   T30] audit: type=1800 audit(1763529363.473:48): pid=7201 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.444" name="file2" dev="loop4" ino=6 res=0 errno=0
[  131.395638][   T24] usb 2-1: Product: syz
[  131.410686][   T24] usb 2-1: Manufacturer: syz
[  131.435227][   T24] usb 2-1: SerialNumber: syz
[  131.463910][   T24] usb 2-1: config 0 descriptor??
[  131.481477][   T24] dvb-usb: found a 'DViCO FusionHDTV5 USB Gold' in warm state.
[  131.510531][   T24] dvb-usb: bulk message failed: -22 (2/0)
[  131.528538][   T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  131.568125][   T24] dvbdev: DVB: registering new adapter (DViCO FusionHDTV5 USB Gold)
[  131.591852][   T24] usb 2-1: media controller created
[  131.630067][ T6250] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  131.639260][ T6250] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  131.646652][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  131.660417][ T6250] usb 1-1: config 0 descriptor??
[  131.672125][ T6250] cp210x 1-1:0.0: cp210x converter detected
[  131.697245][ T7199] dvb-usb: bulk message failed: -22 (4/0)
[  131.726798][ T7199] cxusb: i2c read failed
[  131.762541][   T24] cxusb: set interface failed
[  131.775783][   T24] dvb-usb: bulk message failed: -22 (1/0)
[  131.984982][   T24] DVB: Unable to find symbol lgdt330x_attach()
[  132.005253][   T24] dvb-usb: no frontend was attached by 'DViCO FusionHDTV5 USB Gold'
[  132.205326][   T24] rc_core: IR keymap rc-dvico-portable not found
[  132.227127][   T24] Registered IR keymap rc-empty
[  132.250033][   T24] rc rc0: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0
[  132.309567][   T24] input: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0/input10
[  132.361809][   T24] dvb-usb: schedule remote query interval to 100 msecs.
[  132.411623][   T24] dvb-usb: DViCO FusionHDTV5 USB Gold successfully initialized and connected.
[  132.467605][   T24] usb 2-1: USB disconnect, device number 6
[  132.551065][ T6250] cp210x 1-1:0.0: failed to get vendor val 0x000e size 3: -32
[  132.575733][ T6250] usb 1-1: cp210x converter now attached to ttyUSB0
[  132.604705][   T24] dvb-usb: DViCO FusionHDTV5 USB Gold successfully deinitialized and disconnected.
[  132.675712][ T7195] loop3: detected capacity change from 0 to 262144
[  132.685972][ T7195] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.441 (7195)
[  132.712218][ T7195] BTRFS info (device loop3): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  132.725115][ T7195] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[  132.806625][ T6250] usb 1-1: USB disconnect, device number 6
[  132.822177][ T6250] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  132.848234][ T6250] cp210x 1-1:0.0: device disconnected
[  132.861368][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  132.868540][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  132.928851][ T7195] BTRFS info (device loop3): enabling ssd optimizations
[  132.936012][ T7195] BTRFS info (device loop3): enabling free space tree
[  132.975609][   T30] audit: type=1326 audit(1763529365.153:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7243 comm="syz.4.456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4df58f6c9 code=0x7ffc0000
[  133.025243][   T30] audit: type=1326 audit(1763529365.153:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7243 comm="syz.4.456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4df58f6c9 code=0x7ffc0000
[  133.090906][   T30] audit: type=1326 audit(1763529365.153:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7243 comm="syz.4.456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4df58f6c9 code=0x7ffc0000
[  133.147254][ T5829] BTRFS info (device loop3): last unmount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  133.148621][   T30] audit: type=1326 audit(1763529365.153:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7243 comm="syz.4.456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa4df58f6c9 code=0x7ffc0000
[  133.301240][ T7253] loop2: detected capacity change from 0 to 128
[  133.363676][ T7253] FAT-fs (loop2): bogus number of FAT sectors
[  133.397326][ T7253] FAT-fs (loop2): Can't find a valid FAT filesystem
[  133.509385][   T30] audit: type=1326 audit(1763529365.153:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7243 comm="syz.4.456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4df58f6c9 code=0x7ffc0000
[  133.532906][   T30] audit: type=1326 audit(1763529365.153:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7243 comm="syz.4.456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4df58f6c9 code=0x7ffc0000
[  133.558777][   T30] audit: type=1326 audit(1763529365.153:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7243 comm="syz.4.456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4df58f6c9 code=0x7ffc0000
[  133.626336][   T30] audit: type=1326 audit(1763529365.153:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7243 comm="syz.4.456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4df58f6c9 code=0x7ffc0000
[  133.716797][   T30] audit: type=1326 audit(1763529365.153:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7243 comm="syz.4.456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=442 compat=0 ip=0x7fa4df58f6c9 code=0x7ffc0000
[  133.783836][ T7261] loop4: detected capacity change from 0 to 512
[  133.802085][ T7261] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  133.845260][ T7261] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  133.878667][ T7261] EXT4-fs (loop4): 1 truncate cleaned up
[  133.898019][ T7261] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  133.920654][ T7246] loop1: detected capacity change from 0 to 32768
[  133.935628][ T7246] (syz.1.455,7246,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  133.957381][ T7246] (syz.1.455,7246,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  133.980914][ T7261] EXT4-fs (loop4): shut down requested (2)
[  134.064527][ T7246] JBD2: Ignoring recovery information on journal
[  134.120421][ T5825] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  134.213731][ T7263] loop2: detected capacity change from 0 to 32768
[  134.259133][ T7246] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  134.280011][ T7263] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.465 (7263)
[  134.324686][ T7263] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  134.337981][ T7263] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[  134.351170][ T7263] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  134.397817][ T7246] (syz.1.455,7246,0):ocfs2_check_set_options:1244 ERROR: Invalid heartbeat mount options
[  134.498371][ T7263] BTRFS info (device loop2): rebuilding free space tree
[  134.558889][ T7263] BTRFS info (device loop2): disabling free space tree
[  134.581927][ T7263] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  134.592714][ T5826] ocfs2: Unmounting device (7,1) on (node local)
[  134.625577][ T7263] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  134.689420][ T7263] BTRFS info (device loop2): setting nodatasum
[  134.708095][ T7263] BTRFS info (device loop2): setting nodatacow
[  134.718230][ T7263] BTRFS info (device loop2): enabling ssd optimizations
[  134.735541][ T7263] BTRFS info (device loop2): using spread ssd allocation scheme
[  134.744385][ T7263] BTRFS info (device loop2): turning on sync discard
[  134.779327][ T7263] BTRFS info (device loop2): enabling disk space caching
[  134.797018][ T7263] BTRFS info (device loop2): force clearing of disk cache
[  134.944956][ T7300] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  134.992417][ T7302] loop8: detected capacity change from 0 to 524288000
[  135.036159][ T5827] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  135.188814][ T7307] netlink: 4 bytes leftover after parsing attributes in process `syz.0.478'.
[  135.228178][ T7307] netlink: 4 bytes leftover after parsing attributes in process `syz.0.478'.
[  135.273493][ T7307] netlink: 8 bytes leftover after parsing attributes in process `syz.0.478'.
[  135.595112][ T7320] netlink: 292 bytes leftover after parsing attributes in process `syz.3.482'.
[  135.842458][ T7309] loop1: detected capacity change from 0 to 32768
[  136.142002][ T7337] netlink: 'syz.0.489': attribute type 4 has an invalid length.
[  136.156568][ T7309] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  136.214016][ T7309] XFS (loop1): Ending clean mount
[  136.321633][ T5826] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  136.799770][ T7359] mmap: syz.1.494 (7359) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  136.908685][ T7346] loop3: detected capacity change from 0 to 32768
[  136.981279][ T7346] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  137.073468][ T7346] XFS (loop3): Ending clean mount
[  137.186446][ T7354] loop2: detected capacity change from 0 to 32768
[  137.198272][ T7354] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.496 (7354)
[  137.223324][ T7354] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  137.239530][ T7352] loop4: detected capacity change from 0 to 32768
[  137.246238][ T7354] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[  137.246345][ T5829] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  137.254779][ T7354] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  137.279247][ T7352] BTRFS info: device /dev/loop4 (7:4) using temp-fsid 89e55a98-7bae-4c22-a7d1-60dbb9a3ff29
[  137.294641][ T7352] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.495 (7352)
[  137.326551][ T7352] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  137.339837][ T7352] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  137.419067][ T7390] netlink: 8 bytes leftover after parsing attributes in process `syz.1.506'.
[  137.556486][ T7402] serio: Serial port ptm0
[  137.636340][ T7354] BTRFS info (device loop2): rebuilding free space tree
[  137.661191][ T7352] BTRFS info (device loop4): enabling ssd optimizations
[  137.682370][ T7352] BTRFS info (device loop4): turning on async discard
[  137.692526][ T7354] BTRFS info (device loop2): disabling free space tree
[  137.710918][ T7352] BTRFS info (device loop4): enabling free space tree
[  137.719141][ T7354] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  137.739204][ T7352] BTRFS info (device loop4): enabling auto defrag
[  137.751904][ T7417] loop3: detected capacity change from 0 to 4096
[  137.758667][ T7354] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  137.778495][ T7378] loop0: detected capacity change from 0 to 32768
[  137.784269][ T7354] BTRFS info (device loop2): enabling ssd optimizations
[  137.792336][ T7354] BTRFS info (device loop2): using spread ssd allocation scheme
[  137.796710][ T7378] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.503 (7378)
[  137.800366][ T7354] BTRFS info (device loop2): enabling disk space caching
[  137.832907][ T7354] BTRFS info (device loop2): force clearing of disk cache
[  137.840499][ T7354] BTRFS info (device loop2): use zstd compression, level 3
[  137.876545][ T7378] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  137.905830][ T7378] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[  137.920647][ T7417] ntfs3(loop3): ino=5, "/" mi_enum_attr
[  138.011344][ T5827] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  138.046950][ T5825] BTRFS info (device loop4): last unmount of filesystem 89e55a98-7bae-4c22-a7d1-60dbb9a3ff29
[  138.101329][ T7378] BTRFS info (device loop0): enabling ssd optimizations
[  138.108484][ T7378] BTRFS info (device loop0): turning on async discard
[  138.119826][ T7378] BTRFS info (device loop0): enabling free space tree
[  138.165894][ T5841] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  138.493454][ T7437] loop2: detected capacity change from 0 to 256
[  138.529439][ T7437] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  138.560376][   T30] kauditd_printk_skb: 5 callbacks suppressed
[  138.560391][   T30] audit: type=1800 audit(1763529370.753:63): pid=7437 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.510" name="file2" dev="loop2" ino=1048620 res=0 errno=0
[  139.375279][ T5926] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  139.565399][ T5926] usb 2-1: Using ep0 maxpacket: 16
[  139.599293][ T5926] usb 2-1: config 0 has an invalid interface number: 105 but max is 0
[  139.638451][ T5926] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  139.666067][ T7458] loop0: detected capacity change from 0 to 32768
[  139.674001][ T5926] usb 2-1: config 0 has no interface number 0
[  139.683912][ T5926] usb 2-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[  139.684041][ T7458] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.521 (7458)
[  139.706109][ T5926] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  139.714119][ T5926] usb 2-1: Product: syz
[  139.733567][ T5926] usb 2-1: Manufacturer: syz
[  139.741992][ T5926] usb 2-1: SerialNumber: syz
[  139.761544][ T7458] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  139.779818][ T5926] usb 2-1: config 0 descriptor??
[  139.791593][ T7458] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm
[  139.837164][ T7458] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  139.863255][ T7484] loop3: detected capacity change from 0 to 512
[  139.931429][ T7484] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  139.966188][ T7484] ext4 filesystem being mounted at /99/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  140.097726][ T7484] EXT4-fs error (device loop3): ext4_group_add:1739: inode #7: comm syz.3.533: iget: checksum invalid
[  140.129896][ T7458] BTRFS info (device loop0): rebuilding free space tree
[  140.154911][ T7484] EXT4-fs warning (device loop3): ext4_group_add:1741: Error opening resize inode
[  140.191085][ T7458] BTRFS info (device loop0): disabling free space tree
[  140.233655][ T7458] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  140.300277][ T7458] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  140.351670][ T5829] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  140.364071][ T7458] BTRFS info (device loop0): enabling ssd optimizations
[  140.399946][ T7458] BTRFS info (device loop0): using spread ssd allocation scheme
[  140.436376][ T7458] BTRFS info (device loop0): enabling disk space caching
[  140.437383][ T7508] loop3: detected capacity change from 0 to 1024
[  140.443517][ T7458] BTRFS info (device loop0): force clearing of disk cache
[  140.465292][ T7458] BTRFS info (device loop0): use zstd compression, level 3
[  140.620853][   T65] hfsplus: b-tree write err: -5, ino 4
[  140.628088][ T5926] uvcvideo 2-1:0.105: Found UVC 0.00 device syz (046d:08d3)
[  140.657391][ T5926] uvcvideo 2-1:0.105: No valid video chain found.
[  140.669999][ T5926] usb 2-1: USB disconnect, device number 7
[  140.718866][ T5841] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  141.195439][ T5926] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  141.207662][ T7513] loop4: detected capacity change from 0 to 32768
[  141.298073][ T7513] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  141.360531][ T7513] XFS (loop4): Ending clean mount
[  141.377564][ T5926] usb 4-1: config 0 has an invalid interface number: 255 but max is 0
[  141.380540][ T7513] XFS (loop4): Quotacheck needed: Please wait.
[  141.392283][ T5926] usb 4-1: config 0 has no interface number 0
[  141.410079][ T5926] usb 4-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30
[  141.432020][ T5926] usb 4-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  141.445912][ T5926] usb 4-1: config 0 interface 255 has no altsetting 0
[  141.452735][ T5926] usb 4-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b
[  141.462011][ T5926] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  141.472906][ T5926] usb 4-1: config 0 descriptor??
[  141.480192][ T5926] ums-realtek 4-1:0.255: USB Mass Storage device detected
[  141.502761][ T7513] XFS (loop4): Quotacheck: Done.
[  141.574215][ T7513] page: refcount:2 mapcount:0 mapping:ffff888076af0b88 index:0x1 pfn:0x4d0d9
[  141.592465][ T7513] memcg:ffff88801cac9a80
[  141.605261][ T7513] aops:xfs_address_space_operations ino:1806 dentry name(?):"file1"
[  141.619787][ T7513] flags: 0xfff20000004029(locked|uptodate|lru|private|node=0|zone=1|lastcpupid=0x7ff)
[  141.634368][ T7513] raw: 00fff20000004029 ffffea0001fd8188 ffffea00013435c8 ffff888076af0b88
[  141.636177][ T7522] F2FS-fs (loop2): invalid crc value
[  141.644883][ T7513] raw: 0000000000000001 ffff888146bdf880 00000002ffffffff ffff88801cac9a80
[  141.662270][   T55] kernel read not supported for file /radio4 (pid: 55 comm: kworker/1:1)
[  141.714541][   T55] usb 4-1: USB disconnect, device number 5
[  141.721960][ T7513] page dumped because: VM_BUG_ON_FOLIO(success && folio_test_uptodate(folio))
[  141.749639][ T7513] page_owner tracks the page as allocated
[  141.760176][ T7513] page last allocated via order 0, migratetype Movable, gfp_mask 0x152c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_MOVABLE|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 7513, tgid 7511 (syz.4.539), ts 141573067025, free_ts 141552847595
[  141.771871][ T7522] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  141.784534][ T7513]  post_alloc_hook+0x234/0x290
[  141.812254][ T7513]  get_page_from_freelist+0x2365/0x2440
[  141.825471][ T7522] F2FS-fs (loop2): Start checkpoint disabled!
[  141.838209][ T7522] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  141.841495][ T7513]  __alloc_frozen_pages_noprof+0x181/0x370
[  141.855429][ T7513]  alloc_pages_mpol+0x232/0x4a0
[  141.855478][ T7544] program syz.1.548 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  141.860347][ T7513]  alloc_pages_noprof+0xa9/0x190
[  141.860377][ T7513]  folio_alloc_noprof+0x1e/0x30
[  141.860398][ T7513]  filemap_alloc_folio_noprof+0x112/0x490
[  141.870137][ T7522] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  141.874530][ T7513]  page_cache_ra_order+0x53d/0xe80
[  141.925243][ T7513]  filemap_get_pages+0x468/0x1df0
[  141.937233][ T7513]  filemap_splice_read+0x581/0xc60
[  141.944501][ T7513]  xfs_file_splice_read+0x2b4/0x610
[  141.949846][ T7513]  splice_direct_to_actor+0x4a9/0xcc0
[  141.955448][ T7513]  do_splice_direct+0x181/0x270
[  141.960332][ T7513]  do_sendfile+0x4da/0x7e0
[  141.964768][ T7513]  __se_sys_sendfile64+0x13e/0x190
[  141.970333][ T7513]  do_syscall_64+0xfa/0xfa0
[  141.971239][ T7522] syz.2.544: attempt to access beyond end of device
[  141.971239][ T7522] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  141.974864][ T7513] page last free pid 7534 tgid 7533 stack trace:
[  141.974879][ T7513]  free_unref_folios+0xd22/0x1470
[  141.974903][ T7513]  folios_put_refs+0x584/0x670
[  141.974925][ T7513]  free_pages_and_swap_cache+0x4be/0x520
[  141.974940][ T7513]  tlb_flush_mmu+0x3a0/0x680
[  142.018336][ T7513]  tlb_finish_mmu+0xc3/0x1d0
[  142.023057][ T7513]  exit_mmap+0x439/0xb40
[  142.048466][ T7513]  __mmput+0x118/0x430
[  142.060207][ T7513]  exit_mm+0x1da/0x2c0
[  142.064409][ T7513]  do_exit+0x650/0x2300
[  142.068744][ T7513]  do_group_exit+0x21c/0x2d0
[  142.073450][ T7513]  get_signal+0x1285/0x1340
[  142.078098][ T7513]  arch_do_signal_or_restart+0x9a/0x7a0
[  142.083761][ T7513]  exit_to_user_mode_loop+0x87/0x4f0
[  142.090218][ T7513]  do_syscall_64+0x2e9/0xfa0
[  142.096122][ T7513]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.107157][ T7513] ------------[ cut here ]------------
[  142.114164][ T7513] kernel BUG at mm/filemap.c:1531!
[  142.120339][   T13] kworker/u8:1: attempt to access beyond end of device
[  142.120339][   T13] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  142.121247][ T7513] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[  142.137209][   T13] CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT(full) 
[  142.137233][   T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  142.137244][   T13] Workqueue: writeback wb_workfn (flush-7:2)
[  142.137272][   T13] Call Trace:
[  142.137279][   T13]  <TASK>
[  142.137286][   T13]  dump_stack_lvl+0x189/0x250
[  142.137314][   T13]  ? __pfx_dump_stack_lvl+0x10/0x10
[  142.137336][   T13]  ? __pfx_queue_work_on+0x10/0x10
[  142.137358][   T13]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  142.137380][   T13]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  142.137407][   T13]  f2fs_handle_critical_error+0x37c/0x540
[  142.137431][   T13]  f2fs_write_end_io+0x94b/0xc10
[  142.137460][   T13]  __submit_merged_bio+0x256/0x6a0
[  142.137481][   T13]  __submit_merged_write_cond+0x255/0x530
[  142.137502][   T13]  f2fs_write_data_pages+0x2756/0x3290
[  142.137539][   T13]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  142.137574][   T13]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  142.137613][   T13]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  142.137650][   T13]  ? __set_next_task_fair+0x135/0x390
[  142.137675][   T13]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  142.137695][   T13]  do_writepages+0x32e/0x550
[  142.137714][   T13]  ? reacquire_held_locks+0x127/0x1d0
[  142.137736][   T13]  ? writeback_sb_inodes+0x3bc/0x1950
[  142.137761][   T13]  __writeback_single_inode+0x133/0x12f0
[  142.137785][   T13]  writeback_sb_inodes+0x984/0x1950
[  142.137805][   T13]  ? lockdep_hardirqs_on+0x9c/0x150
[  142.137844][   T13]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  142.137886][   T13]  ? rcu_is_watching+0x15/0xb0
[  142.137907][   T13]  wb_writeback+0x42b/0xb10
[  142.137931][   T13]  ? queue_io+0x361/0x590
[  142.137952][   T13]  ? __pfx_wb_writeback+0x10/0x10
[  142.137975][   T13]  ? _raw_spin_unlock_irq+0x23/0x50
[  142.137998][   T13]  wb_workfn+0x3f9/0xef0
[  142.138023][   T13]  ? __pfx_wb_workfn+0x10/0x10
[  142.138042][   T13]  ? __lock_acquire+0xab9/0xd20
[  142.138067][   T13]  ? process_one_work+0x868/0x15e0
[  142.138090][   T13]  ? _raw_spin_unlock_irq+0x23/0x50
[  142.138112][   T13]  ? process_one_work+0x868/0x15e0
[  142.138131][   T13]  process_one_work+0x93a/0x15e0
[  142.138150][   T13]  ? __lock_acquire+0xab9/0xd20
[  142.138180][   T13]  ? __pfx_process_one_work+0x10/0x10
[  142.138204][   T13]  ? assign_work+0x3a1/0x410
[  142.138227][   T13]  worker_thread+0x9b0/0xee0
[  142.138260][   T13]  kthread+0x711/0x8a0
[  142.138277][   T13]  ? __pfx_worker_thread+0x10/0x10
[  142.138297][   T13]  ? __pfx_kthread+0x10/0x10
[  142.138313][   T13]  ? _raw_spin_unlock_irq+0x23/0x50
[  142.138333][   T13]  ? lockdep_hardirqs_on+0x9c/0x150
[  142.138354][   T13]  ? __pfx_kthread+0x10/0x10
[  142.138369][   T13]  ret_from_fork+0x599/0xb30
[  142.138390][   T13]  ? __pfx_ret_from_fork+0x10/0x10
[  142.138415][   T13]  ? __switch_to_asm+0x39/0x70
[  142.138430][   T13]  ? __switch_to_asm+0x33/0x70
[  142.138444][   T13]  ? __pfx_kthread+0x10/0x10
[  142.138461][   T13]  ret_from_fork_asm+0x1a/0x30
[  142.138485][   T13]  </TASK>
[  142.139164][   T13] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  142.140574][ T7513] CPU: 1 UID: 0 PID: 7513 Comm: syz.4.539 Not tainted syzkaller #0 PREEMPT(full) 
[  142.140596][ T7513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  142.454312][ T7513] RIP: 0010:folio_end_read+0x22e/0x230
[  142.459775][ T7513] Code: 54 c7 ff 48 89 df 48 c7 c6 80 84 74 8b e8 8a 89 2d ff 90 0f 0b e8 92 54 c7 ff 48 89 df 48 c7 c6 e0 7c 74 8b e8 73 89 2d ff 90 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa
[  142.479385][ T7513] RSP: 0018:ffffc90004e3f028 EFLAGS: 00010246
[  142.485456][ T7513] RAX: 8282e43873df1900 RBX: ffffea0001343640 RCX: 0000000000000000
[  142.493416][ T7513] RDX: 0000000000000007 RSI: ffffffff8d78e538 RDI: 00000000ffffffff
[  142.501379][ T7513] RBP: 0000000000000001 R08: ffffffff8f7de477 R09: 1ffffffff1efbc8e
[  142.509340][ T7513] R10: dffffc0000000000 R11: fffffbfff1efbc8f R12: 1ffffd40002686c9
[  142.517303][ T7513] R13: 1ffffd40002686c8 R14: ffffea0001343648 R15: 0000000000000008
[  142.525267][ T7513] FS:  00007fa4e040b6c0(0000) GS:ffff888125fbc000(0000) knlGS:0000000000000000
[  142.534203][ T7513] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  142.540869][ T7513] CR2: 00007f4b5cfe7dac CR3: 000000002eb9c000 CR4: 00000000003526f0
[  142.548836][ T7513] Call Trace:
[  142.552101][ T7513]  <TASK>
[  142.555020][ T7513]  iomap_readahead+0x3f5/0xbd0
[  142.559783][ T7513]  ? __pfx_iomap_readahead+0x10/0x10
[  142.565068][ T7513]  ? __lock_acquire+0xab9/0xd20
[  142.569911][ T7513]  ? __folio_batch_add_and_move+0x192/0xc60
[  142.575796][ T7513]  xfs_vm_readahead+0x9f/0xe0
[  142.580478][ T7513]  ? __pfx_xfs_vm_readahead+0x10/0x10
[  142.585839][ T7513]  ? __asan_memset+0x22/0x50
[  142.590419][ T7513]  ? blk_start_plug+0x6f/0x1b0
[  142.595179][ T7513]  read_pages+0x17a/0x580
[  142.599504][ T7513]  ? __pfx_read_pages+0x10/0x10
[  142.604348][ T7513]  ? filemap_add_folio+0x35f/0x540
[  142.609450][ T7513]  page_cache_ra_order+0x904/0xe80
[  142.614556][ T7513]  filemap_get_pages+0x468/0x1df0
[  142.619582][ T7513]  ? __pfx_filemap_get_pages+0x10/0x10
[  142.625035][ T7513]  ? folios_put_refs+0x58b/0x670
[  142.629967][ T7513]  ? __pfx___might_resched+0x10/0x10
[  142.635249][ T7513]  ? mlock_drain_local+0x79/0x490
[  142.640370][ T7513]  ? mlock_drain_local+0x28e/0x490
[  142.645477][ T7513]  filemap_splice_read+0x581/0xc60
[  142.650590][ T7513]  ? __pfx_filemap_splice_read+0x10/0x10
[  142.656249][ T7513]  ? down_read_nested+0x1af/0x2f0
[  142.661267][ T7513]  ? xfs_ilock+0x1cf/0x390
[  142.665681][ T7513]  xfs_file_splice_read+0x2b4/0x610
[  142.670869][ T7513]  ? __pfx_xfs_file_splice_read+0x10/0x10
[  142.676577][ T7513]  splice_direct_to_actor+0x4a9/0xcc0
[  142.681953][ T7513]  ? __pfx_direct_splice_actor+0x10/0x10
[  142.687581][ T7513]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  142.693471][ T7513]  do_splice_direct+0x181/0x270
[  142.698318][ T7513]  ? __pfx_do_splice_direct+0x10/0x10
[  142.703682][ T7513]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  142.709653][ T7513]  ? rw_verify_area+0x255/0x4d0
[  142.714502][ T7513]  do_sendfile+0x4da/0x7e0
[  142.718914][ T7513]  ? __pfx_vfs_write+0x10/0x10
[  142.723671][ T7513]  ? __pfx_do_sendfile+0x10/0x10
[  142.728604][ T7513]  ? __se_sys_futex+0x36f/0x400
[  142.733450][ T7513]  __se_sys_sendfile64+0x13e/0x190
[  142.738555][ T7513]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  142.744295][ T7513]  ? do_syscall_64+0xbe/0xfa0
[  142.748971][ T7513]  do_syscall_64+0xfa/0xfa0
[  142.753466][ T7513]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.759519][ T7513]  ? clear_bhb_loop+0x60/0xb0
[  142.764233][ T7513]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.770123][ T7513] RIP: 0033:0x7fa4df58f6c9
[  142.774531][ T7513] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  142.794129][ T7513] RSP: 002b:00007fa4e040b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  142.802537][ T7513] RAX: ffffffffffffffda RBX: 00007fa4df7e5fa0 RCX: 00007fa4df58f6c9
[  142.810497][ T7513] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000004
[  142.818546][ T7513] RBP: 00007fa4df611f91 R08: 0000000000000000 R09: 0000000000000000
[  142.826505][ T7513] R10: 000000000e3aa6ea R11: 0000000000000246 R12: 0000000000000000
[  142.834469][ T7513] R13: 00007fa4df7e6038 R14: 00007fa4df7e5fa0 R15: 00007ffdd024de38
[  142.842437][ T7513]  </TASK>
[  142.845451][ T7513] Modules linked in:
[  142.851817][ T7513] ---[ end trace 0000000000000000 ]---
[  142.881262][ T7553] set_capacity_and_notify: 1 callbacks suppressed
[  142.881279][ T7553] loop0: detected capacity change from 0 to 512
[  142.911786][ T7553] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  142.919884][ T7513] RIP: 0010:folio_end_read+0x22e/0x230
[  142.931222][ T7513] Code: 54 c7 ff 48 89 df 48 c7 c6 80 84 74 8b e8 8a 89 2d ff 90 0f 0b e8 92 54 c7 ff 48 89 df 48 c7 c6 e0 7c 74 8b e8 73 89 2d ff 90 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa
[  142.945955][ T7553] ext4 filesystem being mounted at /83/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  142.953071][ T7513] RSP: 0018:ffffc90004e3f028 EFLAGS: 00010246
[  142.970381][ T7513] RAX: 8282e43873df1900 RBX: ffffea0001343640 RCX: 0000000000000000
[  142.980051][ T7513] RDX: 0000000000000007 RSI: ffffffff8d78e538 RDI: 00000000ffffffff
[  142.989417][ T7513] RBP: 0000000000000001 R08: ffffffff8f7de477 R09: 1ffffffff1efbc8e
[  143.008362][ T7513] R10: dffffc0000000000 R11: fffffbfff1efbc8f R12: 1ffffd40002686c9
[  143.016565][ T7513] R13: 1ffffd40002686c8 R14: ffffea0001343648 R15: 0000000000000008
[  143.018831][ T5841] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  143.024546][ T7513] FS:  00007fa4e040b6c0(0000) GS:ffff888125fbc000(0000) knlGS:0000000000000000
[  143.024564][ T7513] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  143.024577][ T7513] CR2: 000055555fa7e608 CR3: 000000002eb9c000 CR4: 00000000003526f0
[  143.058279][ T7513] Kernel panic - not syncing: Fatal exception
[  143.064719][ T7513] Kernel Offset: disabled
[  143.069035][ T7513] Rebooting in 86400 seconds..