last executing test programs:

12.673355136s ago: executing program 0 (id=348):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha384)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmsg$xdp(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000080)='C', 0x1}, {&(0x7f0000000140)="98", 0x1}], 0x2, 0x0, 0x0, 0x20004000}, 0x5880)

12.49544341s ago: executing program 0 (id=349):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
ioprio_set$pid(0x3, 0x0, 0x0)
ioprio_get$pid(0x2, 0x0)

12.308960447s ago: executing program 0 (id=350):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000380)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x4}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xac}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000880)={0x40, 0xd, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "ffd7"}]}]}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000)

12.186650586s ago: executing program 0 (id=351):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40000000010800034000000014480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c0003801800008008000340000000020c0004260000000000000c7f14000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x2c, 0xd, 0xa, 0x301, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)

12.085101484s ago: executing program 0 (id=352):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0])
mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040))
chdir(&(0x7f00000000c0)='./file0\x00')
syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000980)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000280)={[{@nobarrier}, {@gid}, {@creator={'creator', 0x3d, "cf44eee4"}}, {@creator={'creator', 0x3d, "64eb8ba9"}}, {@nodecompose}, {@umask}, {@uid}, {@nodecompose}]}, 0x3, 0x6a4, &(0x7f0000001b40)="$eJzs3U9sHFcdB/DvbDbrbJBS918aEFKtRqqgEYmdVUmQkBoQQjlEKIJLr1biNFY2aeW4KK0Q2QAFiRMn1AOHIhQOPSGEkMoJUc5ISFw4+R6JG4ccAKOZnV2v7Y1jJ7HXbT8faTzv7Zv33m9+nT+7s402wGfW+ddzsJci509cuFXWV+52uit3O9cH5SRTSRpJs79K0U6Kj5Nz6S/5fPliPVzxoHlevfdR0Xz/w06/1qyXavvGVv02GbtlLzk0rBxIMtMv/mfbw24ar1qqcS6tjfeIimHcZcKODxIHk7a6SW+tsfHQ7ts/b4F963b/vrnJdHI4/btr+T4g9dXh4VeGydvy2tTbuzgAAABgt4z9LD/qqfu5n1s5sjfhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKdD0f/NwKJeGoPyTIrB7/+3Rn5TvzXhcB/Te1eq1XefmnQgAAAAAAAAAPBYXryf+7mVI4P6alF95/9SVXmu+vu5vJ2bWchSTuZW5rOc5SxlLsn0yECtW/PLy0tzm3v+MmXP1dXV23XP02N7nl4fV29joOP+T4NNGwEAAAAAAADAZ9aPcn7t+38AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgPiuRAf1Utzw3K02k0kxxK0ipmhpu3JhrsE/DnSQcAAAAAu69dr48U/+sXVovqM//R6nP/obydG1nOYpbTzUIuV88C+p/6G3/vdbordzvXy2XzwN/4147iqEZM/9nD+Jlnqy2eH/Y4n2/nezmRmVzMUhbz/cxnOQuZybeq0nyKTNdPL6ZX7rYziHVzvOfW1S5ujO3FkXIZ37EqknauZLGK7WQutQahN+rtjo3M9sdWsmHGO2V2itdq28zR5Xpd7tEv6vX+MF3t+cFhRmbr3JfZeHo075tzv8PjZONMc2kMn0E9tzZLWd040yPl/HC9LnP9093N+Q4fpa3PRO/nZW1w9B3dOufJl//xl4tXGzeuXb1y88T+OYwe0cZjojOSiRe2lYlumYneY2Ti0OPE/+S06mz0r6I7u1q+VPU9ksV8J2/mchZyJrOZy9nM5ms5nU5Oj+T1+a3zWp1rjZ2da8e/VBfKe9LPRu5Ne2bqQQ1lXp8eyevolW66aht9ZS1Lz2wjS0Ur47P0z7GhNL9QF8o5fjxyx5m8jZmYG8nEs1tn4tf/XU1ys3vj2tLV+be2Od/L9bo8bd9bf23+zRPZoZ2rd7c8Xp4p/2Olf9sYPTrKtmcHbRvy1aq/cWnWg61ra6U6n/ttDztTy5GO3hk3Ur/thbGzdKq2YyNt697l5M10h+9CANjHDr9yuNW+1/5b+4P2T9pX2xcOfXPq7NQXWzn41+afDvyu8dvG14tX8kF+mCOTjhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4Nbr7z7rX5bndhaR8W0njCA94Z2zRIRf+V1v7Y909qYWqrI+r3Sbbo3ppEzO0k+yJ1ae7BXFMZ03Rh+Eo7aQzjSXJtn/zAHbAbTi1ff+vUzXfe/cri9fk3Ft5YuHH67JnXznS+Onf71JXF7sJs/++kowR2w9rbgElHAgAAAAAAAAAAAGzXXvzzhjHTFr0J7CsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwyXT+9Rzspcjc7MnZsr5yt9Mtl0F5bctmkkaS4gdJ8XFyLv0l0yPDFQ+a59V7H/3q5fc/7KyN1Rxs39jQ7w//Xl3d4V706iUzSQ7U64eb2tZ4l0bG6+0wsL5iuIdlwo4PEgeT9v8AAAD//x5LB84=")

11.81195429s ago: executing program 0 (id=354):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002180)='blkio.bfq.io_merged\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r0, 0x0)
mbind(&(0x7f0000283000/0x4000)=nil, 0x4000, 0x1, 0x0, 0x7, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f00000002c0)={0x28, 0x6, 0x0, 0x0, &(0x7f0000aca000/0x1000)=nil, 0x1000, 0x10200})
mbind(&(0x7f00000bd000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x0, 0x0)

8.371065645s ago: executing program 2 (id=382):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000001200)={[{@nodiscard}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@nobarrier}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0xeb}}, {@abort}, {@user_xattr}, {@bh}, {@errors_remount}]}, 0x1, 0x55f, &(0x7f0000000580)="$eJzs3d9rU+cbAPDnpK2/v18riGxjjIIXczhT2+6Hg124y7HJhO3ehfZYpKmRJhXbCdOLebObIYMxJozdb/e7lP0D+yuETZAhZbvYTcZJT2q0SRNrtNF8PnDkfXNO+p4n73le35M3IQEMrYnsn0LEyxHxTRJxMCKSfN9o5Dsn1o9bu391NtuSqNc//StpHJfVm3+r+bz9eeWliPjtq4jjhc3tVldWF0rlcrqU1ydri5cmqyurJy4slubT+fTi9MzMqbdnpt97952+xfrG2X++/+T2h6e+Prr23S93D91M4nQcyPe1xvEErrVWJmIif03G4vQjB071obFBkuz0CbAtI3mej0U2BhyMkTzrgRfflxFRB4ZUIv9hSDXnAc17+z7dBz837n2wfgO0Of7R9fdGYk/j3mjfWvLQnVF2vzveh/azNn7989bNbIv+vQ8B0NW16xFxcnR08/iX5OPf9p3s4ZhH2zD+wbNzO5v/vNlu/lPYmP9Em/nP/ja5ux3d879wtw/NdJTN/95vO//dWLQaH8lr/2vM+caS8xfKaTa2/T8ijsXY7qy+1XrOqbU79U77Wud/2Za135wL5udxd3T3w8+ZK9VKTxJzq3vXI15pO/9NNvo/adP/2etxtsc2jqS3Xuu0r3v8T1f9p4jX2/b/gxWtZOv1ycnG9TDZvCo2+/vGkd87tb/T8Wf9v2/r+MeT1vXa6uO38eOef9NO+x6KP3q//nclnzXKu/LHrpRqtaWpiF3Jx5sfn37w3Ga9eXwW/7GjW49/7a7/vRHxeY/x3zj886s9xd+t/5/CImsW/9xj9f/jF+589MUP248/6/+3GqVj+SO9jH+9nuCTvHYAAAAAAAAwaAoRcSCSQnGjXCgUi+uf7zgc+wrlSrV2/Hxl+eJcNL4rOx5jheZK98GWz0NM5Z+HbdanH6nPRMShiPh2ZG+jXpytlOd2OngAAAAAAAAAAAAAAAAAAAAYEPs7fP8/88fITp8d8NT5yW8YXl3zvx+/9AQMJP//w/CS/zC85D8ML/kPw0v+w/CS/zC85D8ML/kPAAAAAAAAAAAAAAAAAAAAAAAAAAAAfXX2zJlsq6/dvzqb1ecurywvVC6fmEurC8XF5dnibGXpUnG+Upkvp8XZymK3v1euVC5NTcfylclaWq1NVldWzy1Wli/Wzl1YLM2n59KxZxIVAAAAAAAAAAAAAAAAAAAAPF+qK6sLpXI5XVJQ2FZhdDBOY3UhYiBO40Up7PTIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/BcAAP//8NI25Q==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x58)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1, 0x0)
pwrite64(r1, &(0x7f0000000140)='2', 0xfdef, 0xe7c)
copy_file_range(r0, 0x0, r0, &(0x7f00000000c0)=0xae8, 0x863, 0x0)

8.072923724s ago: executing program 2 (id=383):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x9d, 0xea, 0x78, 0x40, 0x18b4, 0xfffb, 0xdc7b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x1, 0x0, 0x0, 0xa0, 0x1f, 0x71}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000000)={0x0, 0x0, 0x1, "01"}, 0x0, 0x0})
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000a40)={&(0x7f0000000140)=[{0x18, 0x4000, 0x1, &(0x7f00000001c0)='\x00'}], 0x1})
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)

4.924952297s ago: executing program 2 (id=400):
syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file0\x00', 0x114404, 0x0, 0x1, 0x0, 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000340)={0x0, <r3=>0x0}, &(0x7f00000002c0)=0xc)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x200004, &(0x7f0000000640)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access', 0x3d, r3}}]}})

4.792037115s ago: executing program 2 (id=401):
syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f00000000c0)='./file4\x00', 0x0, &(0x7f0000000180)={[{@noinline_xattr}, {@four_active_logs}, {@discard}, {@fault_injection={'fault_injection', 0x3d, 0xa0c8}}, {@fault_type={'fault_type', 0x3d, 0x302}}, {@lfs_mode}, {@inline_data}, {@fastboot}, {@fsync_mode_strict}, {@discard_unit_section}]}, 0x21, 0x5548, &(0x7f00000058c0)="$eJzs3E1vG1UXAOBjp2nffrwlQizYdVCFlEi1Vacfgl2BVny2qgosWIFju5Zb2xPFrhu66oIlYsE/QSCxYslvYMGaHWIBYocE8txJoS2VKsWOSfM80vjMvXPnzL2jJNKZiRzAgbWS/f5rJU7G0YhYiogTEcV+pdwKl1J4MSJORUT1H1ul7H/QcTgijkXEyWnylLNSHvryzOT0hV/e+e27H44cOv7Vtz8ubtXAor0cEYPNtH93kGLeTfFW2d+c9Io4OD8pYzowuF228xTvdjaKDHebO+OaRTzXTePzzTujabzZb7amsdu7WfRvDtMFR5PuTp7ihFvNraLd7mwUsTfKi9i9l+a1fS/9bbs3Gqc87TLfp0X6GI93YurvbHfSejZvF7E1HJf9KW/e7mxP46SM5eWilffbxTw2dnOn/9Neeq83vLOdTTpbo14+zC7UG6/UGxdrja283Rl3zteag/bF89lqtz8dVht3moNL3Tzv9jv1Vj5Yy1a7rVat0chWL3c2es3h/Uajfq5+tnZhLUt7Z7I3r32Y9dvZ6jS+3hveGff6o+xmvpWlM9ay9fq5V9ey043s/avXs+s3rly5ev2Djy9/dO21q2+/UQ56bFrZ6vrZ9fVa42xtvbG2uxsw0/Vnc17/Z+WkZ7h+2JXKoicAsP+o/4FFmF/9v3Uj4vH6vzrj+j/U/zOxr+rfg17/z2H9sCvqfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAA+un5a/fKnZWUvt42f//suv5sl2JiGpE/PkvluLwQzmXyjzLTxi//Mgcvq9EkWF6jSPldiwiLpXbH8/N+y4AAADAs+ub+6e+SNV6+lh5qrOOznlW7JH00KZ64pMZ5atExPLKzzPKVp1+vDCjZMXP96HYnlG24gHW/2aULD1yOzSrbE+l+HV/N4UHKylCJYXqo2fMbLUAAMDCLD0U9rYKAQAAYC99/sQjt/d0HuyxSuy8ytx5F1z85/3fL/uOprZXfwAAALB/VRY9AQAAAGDuivrf9/8BAADAsy19/x8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBf7NxNbtpAGAbgz8Yu9E9FVfe9SndwjB6hyy4rDtBLcAR6hV6AM5BdjhBBhMdBISIJxGNQoueR7MGWeT3mZzEz0gcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECfrurF9N+f73+75qw33eR5GgAAAOCQVb2YNi/G6fhje/5ze+pre1xERBkRh8bug3i3lzloc+pHrq8f9OF/RJOwvcew3T5ExI+0beJL358CAAAAvEnVdreczSdptJ5240v3is5O+A7TpE356WemWxcRUY+vM6WV27xvmcKa33cVvzOlNRNYo0xhacqtypV2lObvvpu1G91ritSUT78/27MDAABnNNhrzjsKAQAA4Jx+XboD9OH9s1cUcbeUuVsKHKZmtBdhsQ8AAABer+LSHQAAAAB614z/T6n/F8fU/6uy1/+LG/X/AAAA4MVS/T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD6tKoX0+VsPumas950k+dpAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALhlf95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN787i//J6bGmWTutbH0PJKsnRpbp8beuXH0h/H1awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAL/rdL/8npsaZZO60sXQ8kqxdNbauGnsPGkcPxtu/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmf7Q8U1yh4iouBBL3a7ra29iQclePBPEEK6rbFbf7Q52FKEXLxJzr2IHkUEJd76D3jqTWihl3rrYQ8VRPCyMrMz2UkTcGPIzJp8PvDmfXcymfd9MxDynTcJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURu9M4yTbdCZxXOy79/jWStbff6LP3Nl4sJi1LI7qTPr/4aXqh6jbXCIAAAAcHUlZ34cQHqabS1kfd/L6Py2PyWr+b5+ZxGU9/2TdX/Zl7Z+1X35+9MLWQJ3JONlJL60OB6d3ptI6uFnOt2f/9YhWfuXzZy9JfkPi99efH6X59Yy+vnv33XYeHqsjWwDgvzhV9kVQ/j6U9f0mEwPgyGhVCu+i/v8r6TScFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEANRuvhqTKOQgiLrWmcuf/41spu/Z2NB4tlO3/79kb1nNkp0hDCpdXh4HSNc5l312/cvLI8HA6u1R+8HEJoavS3i+lf+XCGg0No5PocVPD3eDze03cdbz7nfQVxcbNnOLg9Lzk3HzT4QwkAgEMpLVpW1z9MN5eyfdFCCOPvttf/r1XiMGP9/+ij8/eqY1Xr/35tM5x/vbWrn/Wu37j5xurV5cuDy4NP3jzTf6t/9sK5cxd6+bOSnicmAAAA7E+7aNX6P17Yuf5/shKHGev/z7/pfzkd6bd8q/7fabro13QmAAAAR9tzr/z5R7TL/qjdDl8sr61d60+2W5/PTLYNpLpnx4pWrf+ThaazAgAAAOowWo+2rf9frMRhxvX/p79/8cfqOZMQwoli/f/UyqfDi/VNZ67V8efETc8RAACAZp0oWnX9P83f/4+3XnmIQwivvzqJi38DOFP9n7z31Q/VsZLK+/9n65viXIq7k+uR990QWt1tX/61scQAAAA4lI4XLSv2f083lz7+6eQHbe//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANTtnwAAAP//gQBD5A==")
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000240)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

4.308132375s ago: executing program 4 (id=403):
write(0xffffffffffffffff, &(0x7f0000000000)="f51c5574012968299aad978ab2f6b8a37eb8bd63328278d059719d89ae378f801371051760877bce0bd87882a83aee06614388e440d963d3972ac395e06381f74c9699efe70c174f9da31a758d4a1f0ec58150bd0f8b5f3e0a12463201d0addcd1e2c6dadbb16258a080d0cd00f5a10ff66093188dff409e01d308f7d4d56d17b8ee2c41228e4c4688e7b16f5420819cb35a4bd873fa73ef56028f51dfb9b3769bbcaee2fc9b7833781a7fa0cc7fba9a7a05f7957af5d077e7a376f0d2fde83c1f1f208b8963dd92daeb1b1612c284728b202de1391c666aaddc643a1f2eeaa797446d6d294addb7bae416582a2500588deb1500c9229aa09ead381b92a403693d5bbe65f83e48344689ac31ede02837a561fe8c028115e6eb780c5d9548e305f7fc8e438ea97773119a1c1cdfb6dd1465d09c39869d54b94f12550002e9cb1ddcd46aff2a8e0cc04641df8b049a91c499f4a67c440db7f8000033121cbe757e9d1d10f99e620c021d245dc6903fcf0df4251e07429b0c46a6ff3ac0e77be425c66e0a5df2e0e3827b3be5adf62791d26f57991915f0a57b90b7093be021cea4a5a96ab192df5c7783d03a07d078dac98d3b4355072ee6cbf4f8ec73ba8789518b53a0572a0de4e29a0d9972240ae3b6f8bbe06e178b36cd42c5ae24425007ab696fe448513f6c7427336361f5ee7e8d23a3d9b7f41103242972237217683f5f6b9a0159fc72d657d1456175850d", 0x20e)
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x170, 0xffffffff, 0xffffffff, 0x170, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0x0, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528)
syz_emit_ethernet(0x0, 0x0, 0x0)
syz_emit_ethernet(0x4e, &(0x7f00000001c0)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x9, 0x6, "9eebf9", 0x18, 0x6, 0xff, @dev={0xfe, 0x80, '\x00', 0x39}, @local, {[], {{0x4e22, 0x4e24, 0x41424344, 0x41424344, 0x1, 0x0, 0x6, 0xc2, 0xfffd, 0x0, 0xfff, {[@window={0x3, 0x3, 0x7}]}}}}}}}}, 0x0)

4.114575053s ago: executing program 1 (id=404):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x8)
poll(&(0x7f00000002c0)=[{r1}], 0x1, 0xfa)
r2 = dup2(r0, r1)
write$FUSE_NOTIFY_RETRIEVE(r2, 0x0, 0x0)

4.02669611s ago: executing program 4 (id=405):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x14d}]}, 0x24}, 0x1, 0x0, 0x0, 0x90}, 0x4)

3.914267204s ago: executing program 4 (id=406):
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xffffffff7ffffffd]}, 0x0, 0x8)
r0 = gettid()
timer_create(0x3, &(0x7f000049efa0)={0x0, 0x14, 0x4, @tid=r0}, &(0x7f0000044000)=<r1=>0x0)
timer_settime(r1, 0x236bd4336e4642df, &(0x7f0000000300)={{0x0, 0x989680}, {0x0, 0xe4c}}, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000380), &(0x7f0000000400)={&(0x7f00000003c0)={[0x8]}, 0x8})

3.566275967s ago: executing program 4 (id=407):
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x4, @remote, 0x7}, 0x1c)
sendto$inet6(r0, &(0x7f0000000100)="15", 0x1, 0x1, &(0x7f0000000140)={0xa, 0x4e23, 0x7ff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x3}, 0x1c)
shutdown(r0, 0x1)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000003c0)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x4a, 0x3, 0x4, 0x0, 0x20}, &(0x7f0000000080)=0x9c)

3.215852622s ago: executing program 2 (id=410):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x26e1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0x4c, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x38, 0x1, [@m_tunnel_key={0x34, 0x1, 0x0, 0x0, {{0xf}, {0xfffffffffffffe3f}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x4c}}, 0x8000)
close(r0)
socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$SIOCSIFHWADDR(r0, 0x8b19, &(0x7f0000000000)={'wlan0\x00', @random="7cf1e97c9e4f"})

2.706710185s ago: executing program 3 (id=412):
r0 = gettid()
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000400)={[0xfffffffffffffff5]}, 0x8, 0x80000)
ppoll(&(0x7f0000000300)=[{r1, 0x1}], 0x1, 0x0, 0x0, 0x0)
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)

2.606543035s ago: executing program 4 (id=413):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000340)=@newtaction={0x44, 0x32, 0xffffffffffffffff, 0x0, 0x0, {}, [{0x30, 0x1, [@m_bpf={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x44}}, 0x0)
sendmsg$NL802154_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16, @ANYBLOB="01002bbd7000fedbdf25070000000a0004007770616e3000000008000100010000000800050000000000080003"], 0x40}}, 0x8084)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000380)=ANY=[@ANYBLOB="14000000100001"], 0xa8}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000340)=ANY=[@ANYBLOB="180100002000010000000000fcdbdf2506"], 0x118}], 0x1, 0x0, 0x0, 0x20008001}, 0x0)

2.446010406s ago: executing program 3 (id=414):
syz_mount_image$jfs(&(0x7f0000000240), &(0x7f0000000040)='./file1\x00', 0x1010006, &(0x7f00000000c0)=ANY=[@ANYBLOB="67727071756f74612c6e6f646973636172642c696f636861727365743d6d6163726f6d616e69616e2c6572726f72733d636f6e74696e75652c696f636861727365743d6b6f69382d72752c6572726f72733d72656d6f756e742d726f2c696e746567726974792c75737271756f74612c646973636172642c6572726f72733d636f6e74696e75652c696f636861727365743d6b6f69382d722c0048ffe5a15f6312b5858ee5"], 0x24, 0x62cd, &(0x7f000000c880)="$eJzs3c1vHGcdB/Df7JtfStuoh6pUCLkvvJTSvJYQKND2AAcuHFCuKJHrVhEpoCSgtIqIK1848EeAkDgixJETf0APXLnxBxDJQQL1gDpo7Oexx9Ndr53EO7uZz0dyZn77zHifyXdnXzwz+wQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAED/8wY/PFRFx5VfphlMRn4t+RC9iparXImJl7VR9nedipzmejYjhUkS1/s4/T0e8HhEfPxWxff/OenXz+SP24/t//scffvLEj/7+p+GZ//7lVv+NScvdvv3b//z17oNvLwAAAHRRWZZlkT7mPx8Rg/TZHgB4/OXX/zLJt6vnrt6cs/6o1Wq1egHrunK8u/UiIjbr61TvGRyOB4AFsxmftN0FWiT/ThtExBNtdwKYa0XbHeBEbN+/s16kfIv668Habns+F+RA/pvF3vUdk6bTNM8xmdXjayv68cyE/qzMqA/zJOffa+Z/Zbd9lJY76fxnZVL+o91Lnzon599v5t/w+OTfG5t/V+X8B8fKvy9/AAAAAACYY/nv/6daPv679PCbciSHHf9dm1EfAAAAAAAAAOBRO+74f4PG+H97jP8HAAAAc6v6rF753VP7t036Lrbq9stFxJON5YGOSRfLrLbdDwAAAAAAAAAAAADoksHuObyXi4hhRDy5ulqWZfVT16yP62HXX3Rd337osraf5AEAYNfHTzWu5S8iliPicvquv+Hq6mpZLq+slqvlylJ+PztaWi5Xap9r87S6bWl0hDfEg1FZ/bLl2np10z4vT2tv/r7qvkZl/wgdm40WAweAiNh9Ndqe9Ir0P69Xi6ksn46W3+SwIA7Z/1lQ9n+Oou3HKQAAAHDyyrIsi/R13s+nY/69tjsFAMxEfv1vHhdQq9VqtVr9+NV15Xh360VEbNbXqd4zGI4fABbMZnzSdhdokfw7bRARz7XdCWCuFW13gBOxff/OepHyLeqvB2l893wuyIH8N4ud9fL646bTNM8xmdXjayv68cyE/jw7oz7Mk5x/r5n/ld32UVru4fMvD/yZsK1zjCblX23nqRb607acf7+Zf8NJ7/+zshW9sfl3Vc5/cKz8+/IHAAAAAIA5lv/+f2qujv+OHnRzpjrs+O/a2DVOri8AAAAAAAAA8Khs37+znq97zcf/vzBmOdd/Pp5y/oX8Oynn32vk/9XGcv3a/L239/P/9/0763+89a/P5+lR81/KM0V6ZBXpEVGkeyoGafowW/dZW8P+qLqnYdHrD9I5P+Xw3bgW12Mjzh5Ytpf+P/bbzx1or3o63Gkv+7vt5w+0D/ba8/oXDrQP09lF5UpuPx3r8fO4Hu/stFdtS1O2f3lKezmlPefft/930naaDvZ/nq7q1XR70ZhW7n3U+8x+X5+Ou5+3rn3xN2dPdEuOZiv6e9tWV23fiy30Z+f/5IlR/PLmxo3Tt6/eunXj3M7zQuzs//u3no80ecTy/j9MP3vP/y/ttufn/fr+eu+j0bHznxdbMZiY/0u1+Wp7X5lx39qQ8x+ln5z/O6l9/P6/yPlP3v9fbaE/AAAAAAAAAAAAAAAAcJiyLHcuEX0rIi6m63/aujYTAJit/PpfJvn2WdX9Gd+fWr3gdTFn/Zlp/Wk5X/1RqxexrivHe7NeRMTf6utU7xl+Pe6XAQDz7NOI+GfbnaA18u+w/H1/1fTltjsDzNTNDz786dXr1zdu3Gy7JwAAAAAAAADAg8rjf67Vxn9+uSzLu43lDoz/+nasPez4n4M8szfA6ISBqvvH36bDbPVG/V5tuPEXYtL438O9ucPG/x5Mub/hlPbRlPalKe3LU9rHXuhRk/N/oTbe+csR8Xxj+PUujP/aHPO+C3L+L9Yez1X+X2ksV8+//P0i5987kP+ZW+//4szNDz587dr7V9/beG/jZxfOnTt74eLFS5cunXn32vWNs7v/ttjjk5Xzz2NfOw+0W3L+OXP5d0vO/0upln+35Py/nGr5d0vOP7/fk3+35PzzZx/5d0vO/5VUy79bcv5fS7X8uyXn/2qqp+c/7S+aLJKc/9dTbf/vlpz/a6mWf7fk/E+nWv7dkvM/k+oj5r9y0v1iNnL++QiX/b9bcv75zAb5d0vO/3yq5d8tOf8LqZZ/t+T8X0+1/Lsl5/+NVMu/W3L+F1Mt/27J+X8z1fLvlpz/pVTLv1ty/t9Ktfy7Jef/7VTLv1ty/m+kWv7dkvP/Tqrl3y05/++mWv7dkvP/Xqrl3y05/zdTLf9u2f/+fzNmzJjJM20/MwEAAAAAAAAAAAAATbM4nbjtbQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/swMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYUdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7N1djFxneQfwM+vd9dohiYGQOqmBjWNCSJzs2k78QZtiwmfDVwmEQj+wXe/aLDi28dol0Eg2DZRIGBVVtA0XbQGhNjcVueCCVoBygVohtYL2gvYCgVC5iKqAAlIlWgFbzTnv++7M7OzMrne8e+ac30+yH++ZM3PeOfOes/Ps+j8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABa3fKa2U80sixr/sn/2pZlz2v+e8vktnzZKzd6hAAAAMBa/SL/+7nr04LDK7hTyzr//JJvfXlhYWEhe/emPx/7zMJCumEyy8Y2Z1l+W/TUD97TaF0neCybaIy0fD3SZ/Ob+tw+2uf2sT63j/e5fXOf2yf63L5kByyxpfh5TP5gu/J/bit2aXZDNpbftqvLvR5rbB4ZiT/LyTXy+yyMncjmslPZbDbdtn6xbiNf/6u3NLf1xixua6RlWzuaM+Qnjx6PY2iEfbyrbVuLjxn96NXZ5E9/8ujxvz3/7E3dat/d0PZ4xThv39kc58fCkmKsjWxz2idxnCMt49zR5TXZ1DbORn6/5r87x/ncCse5aXGY66rzNZ/IRvJ/fzvfT6OtP9ZL+2lHWPazW7Msu7Q47M51lmwrG8m2ti0ZWXx9JooZ2XyM5lR6QTa6qnl6ywrmabPO7Gqfp53HRHz9bwn3G11mDK0v048+Ot7yuv984UrmadR81ssdK51zcNDHSlnmYJwX386f9ONd5+Cu8PwfvW35Odh17nSZg+l5t8zBnf3m4Mj4pnzM6UVo5PdZnIN72tbflG+pkddnbus9B6fOP3x2av7DH7lr7uFjJ2dPzp7et2fP9L79+w8ePDh1Yu7U7HTx9xXu7fLbmo2kY2Bn2HfxGHh5x7qtU3Xh8+NLzr9XehxO9DgOt3WsO+jjcLTzyTXW54BcOqeLY+OdzZ0+cXkkW+YYy1+fO9Z+HKbn3XIcjrYch12/p3Q5DkdXcBw21zl7x8res4y2/Ok2huW/F6xtDm5rmYOd70c65+Cg34+UZQ5OhHnx3TuW/16wI4z38d2rfT+yackcTE83nHuaS9L7/YmDeek2L29u3nDNeHZhfvbc3Y8cO3/+3J4slHXxwpa50jlft7Y8p2zJfB1Z9Xw9PPeSx2/usnxb2FcTdzX/mlj2tWquc8/dvV+r/Ltb9/3ZtnRvFsqArff+7PbdvLk/x7Pss9/46INfe/Szr1l2fzb7zY9Nrf29eOpLW86/Y8ucf2Pf/8tie+mhHts0Nlocv5vS3hlrOx+3v1Sj+bmrkW/7uamVnY/Hwp/1Ph/f0ON8vL1j3UGfj8c6n1w8Hzf6/bRjbTpfz4kwT05N9z4fN9fZvne1c3K05/n41lAbYf+/InQKqS9qmTvLzdu0rdHRsfC8RuMW2ufpvrb1x0Jv1tzWk3vDm8I0ypXN09tvLdbf1HK/aL3m6WTHuoOep+lnX8vN00a/n75dmc7XcyLMixv29Z6nzXWevmft584t8Z8t587xfnNwbNN4c8xjaRLm5/tsYUucg3dnx7Mz2alsJr91PJ9PjXxbu+9d2blyPPxZ73Pl9h5z8PaOdQc9B9P3seXmXmN06ZMfgM7XcyLMiyfu7T0Hm+u89sBg37veHpakdVreu3b+fG25n3nd3LGbrtZcGQ3j/MaB3j+bba5z6uBq+8ze++nOsOSaLvup8/hd7piaydZnP20P43z24PL7qTme5jqfObTC+XQ4y7KLH7w//3lv+P3KxQvf+XLb7126/U7n4gfv//G1J/5pNeMHYPj9sihbi+91Lb+ZWsnv/wEAAIChEPv+kVAT/T8AAABURuz74/8KT/T/AAAAUBmx7x8NNalC///H/VfZ/tpn5355MUvJ/IUg3p52wwPFejHjOh2+nlxY1Fx+/xdn/+cfL65seCNZlv38gT/quv72B+K4CpNhnE+9rn35El++a0XbPvrQxbTd1vz658Ljx+ez0mnQLYI7nWXZV6//VL6dyfdczuvTDxzN64OXHn+suc5zh4qv4/2feWGx/l+F8O/hE8fa7v9M2A8/DHX6Td33R7zfly6/YseBdy1uL96vsfO6/Gk/8d7icePn5Hz6sWL9uJ+XG//XPvnkl5rrP/Ky7uO/ONJ9/E+Gx/1iqP/74mL91teg+XW838fD+OP24v3u/sLXu47/qU8U6599fbHe0VDj9m8PX+96/bNzrfvrkcaxtueVvaFYL25/+jt/mt8eHy8+fuf4J45cbtsfnfPj6X8vHmeqY/24PG4n+oeO7Tcfp3V+xu0/+SdH2/Zzv+0/9eAzL24+buf27+xY7+wH78i3v/h47Z/Y9Ncf/1TX7cXxHP77s23P5/Dbw3Ectv/Ee8N8DLf/31PF43V+usLRt7eff+L6n9t2se35RG/8abH9p151Mq+bJ7ZsveZ511536aXNfZdl395cPF6/7Z/8mzNt4//8jcX+iLfHjH7n9pcTt3/uQ7tPn5m/MDeT9uqj1+efnfPmYjxxvNeHc2vn10fOnH/f7LnJ6cnpLJus7kfoXbEvhPrjolzqvfbCkjPoHQ+F1/Pmv/zq1tv+7ZNx+X+8s1h++U3F962Xh/U+HZZvC6/f6ra/1BO33Jgf342nwwgXln5e8Frs2PXfB/t9vm8uPP/O9wVxvp990fvy/dC8Lf++EY/rNY7/ezPF43wl7NeF8MnMO29c3F7r+vGzES6/ozje17z/wmkuvq5/F17vt/ywePw4rvh8vxfex3x9e/v5Ls6Pr1wc6Xz8/FM8LoXzSXapuD2uFff35edu7Dq8+Dkk2aWb8q//LD3OTat6msuZ//D81Km50xcemTo/O39+av7DHzny8JkLp88fyT/L88j7+91/8fy0NT8/zczuvyfLz1ZninKVbfT4zz50fObA9G0zsyeOXThx/qGzs+dOHp+fPz47M3/bsRMnZj/U7/5zM/ft2Xto34G9u0/Ozdx38NChfYd2z50+0xxGMag+9k9/YPfpc0fyu8zfd8+hPffee8/07ofPzMzed2B6eveFfvfPvzftbt77D3efmz117Pzcw7O75+c+MnvfnkP79+/t+2mAD589MT85de7C6akL87PnpornMnk+X9z83tfv/lTT/PeL97OdGsUH8WVvu3N/+nzWpi9+dNmHKlbp+ADRZ8Nn0Xzz+WcPruTr2PePhZpUof8HAAAAcrHvHw810f8DAABAZcS+f3Ooif4fAAAAKiP2/ROhpv8SUJP+v3L5/+0XV7R9+X/5/9b9Jf9fs/z/O8qW/y/OF/L/g7HW/H0d8v8rWlH+X/5f/l/+X/6fAShb/j/2/VuyzO//AQAAoKJi37811ET/DwAAAJUR+/5rQk30/wAAAFAZse9/XqhJTfp/+X/5f/l/+X/5/+7bl/8fTvL/vZUs/z/RuUD+f+Pz/1m98v+XBjn+Dcj/b2n9Qv6fMipb/j/2/deGmtSk/wcAAIA6iH3/daEm+n8AAACojNj3Xx9qov8HAACAyoh9/7ZQk5r0//L/a8r/p8zV8Ob/iy3L/8v/y//L/1eF/H9vJcv/LyH/v/H5f9f/H6r8fxv5f8qobPn/2Pc/P9SkJv0/AAAA1EHs+18QaqL/BwAAgPIZvbK7xb7/haEmS/r/K9wAAAAAsOFi339D1hEEr8nv/+X/Xf+/tNf/H5P/l/8vlD//vymT/y8P+f/e5P/7GET+/5L8v/y//L/8P1HZ8v95359NZC8KNalJ/w8AAAB1EPv+G0NN9P8AAABQGbHv/5VQE/0/AAAAVEbs+7eHmtSk/5f/r0z+/2etL10l8v+u/y//H5Q//+/6/2Ui/9+b/H8frv8v/y//L//PQM137ZQ2Lv8f+/6bQk1q0v8DAABAHcS+/+ZQE/0/AAAAVEbs+3811ET/DwAAAJUR+/4doSY16f/l/0ue/4/J0Tpe/1/+X/4/KHP+f0L+v3Tk/3uT/+9jCPP/jUz+vyzjl/+X/2ep+e8X72c7bVT+P/b9Lw41qUn/DwAAAHUQ+/6XhJro/wEAAKAyYt//0lAT/T8AAABURuz7J0NNatL/ryb/37gk/7+cq3z9//EVXP+/jfz/huT/R+X/C3XK/2fy/6Uj/9+b/H8fQ5j/d/3/8oxf/l/+n6XKlv+Pff8toSY16f8BAACgDmLfvzPURP8PAAAAlRH7/ltDTfT/AAAAUBmx798ValKT/t/1/4ci/5/J/w9F/t/1/wP5/+7k/9eH/H9v8v99yP/L/8v/y/8zUGXL/8e+/2WhJjXp/wEAAKAOYt9/W6iJ/h8AAAAqI/b9Lw810f8DAABAZcS+//ZQk5r0//L/8v/y//L/8v/dt7/u+f9L8v+DIP/fm/x/H/L/8v/y//L/DFTZ8v+x739FqElN+n8AAACog9j33xFqov8HAACAyoh9/52hJvp/AAAAqIzY9+8ONalJ/y//L/9fzfz/f8r/99i+/H9J8/+u/z8Q8v+9yf/3If8v/z+I/P9YWCD/L//Phuf/4/u1+HXs++8KNalJ/w8AAAB1EPv+u0NN9P8AAABQGbHvnwo10f8DAABAZcS+fzrUpCb9v/y//H818/+u/99r+2vK/7908XHl/wvy/+Ui/9+b/H8fg8z/b5b/r23+f03X/x+T/6dSNjr/3/l17Pv3hJrUpP8HAACAOoh9/95QE/0/AAAAVEbs+/eFmuj/AQAAoDJi339PqElN+n/5f/l/+X/5f9f/7759+f/hJP/f2+Dz//Epyv+7/r/8/2Dy/67/T7WULf8f+/57Q01q0v8DAABAHcS+f3+oif4fAAAAKiP2/QdCTfT/AAAAUBmx7z8YalKT/l/+X/5f/l/+X/6/+/bl/4eT/H9vrv/fh/y//P8Q5/+bc0v+n7IpW/4/9v2HQk1q0v8DAABAHcS+/5WhJvp/AAAAqIzY9/9aqIn+HwAAACoj9v2/HmpSk/5f/l/+X/5f/n+D8/9j/fL/4/L/8v+rIP/fm/x/H/L/8v9DnP9f5vr/14ab5f/ZEGXL/8e+/75Qk5r0/wAAAFAHse//jVAT/T8AAABURuz7XxVqov8HAACAyoh9/+FQk5r0//L/65T/jwvl/+X/5f9d/1/+/6qS/+9N/r8P+X/5/+rl/wd9/f/Ob9OJ/D/dlC3/H/v+V4ea1KT/BwAAgDqIff/9oSb6fwAAAKiM2Pe/JtRE/w8AAACVEfv+14aa1KT/l/93/f+Nz/+PtY1d/n/xfvL/Bfl/+f/VkP/vTf6/D/l/+X/5f9f/Z6DKlv+Pff/rQk1q0v8DAABAHcS+//WhJvp/AAAAqIzY978h1ET/DwAAAJUR+/43hprUpP+X/5f/3/j8v+v/y/8X5P/l/wdB/r83+f8+5P/l/+X/5f8ZqLLl/2Pf/5uhJjXp/wEAAKAOYt//QKiJ/h8AAAAqI/b9bwo10f8DAABAZcS+/82hJjXp/+X/5f/l/+X/5f+7b1/+fzjJ//c2ZPn/X1wXlsv/F+T/yz3+1eb/Rzu+vir5/x8sl/9f2Nx5f/l/roay5f9j3/+WUJOa9P8AAABQB7Hvf2uoif4fAAAAKiP2/W8LNdH/AwAAQGXEvv+3Qk1q0v/L/zfHsZhelv+X/88XyP/L/8v/Dy35/96GLP/v+v8d5P/LPX7X/5f/Z6my5f9j3//2UJOa9P8AAABQB7HvfzDURP8PAAAAlRH7/neEmuj/AQAAoDJi3//OUJOa9P/y/67/L/8v/y//33378v/DSf6/N/n/PuT/5f/Llv//L/l/hlvZ8v+x738o1KQm/T8AAADUQez73xVqov8HAACAyoh9/2+Hmuj/AQAAoDJi3//uUJOa9P/y/8OS/5+U/19l/n88LJP/l/+X/68X+f/e5P/7kP+X/y9b/t/1/xlyZcv/x77/PaEmK+//J1a8JgAAAHA1df46KYl9/++EmtTk9/8AAABQB7Hv/91QE/0/AAAAVEbs+38v1KQm/b/8/7Dk/13/P3P9f/n/jucj/y//38365f/jmWdV+f/N/bYv/y//L/8/vOOX/5f/Z6my5f9j3//7oSY16f8BAACgDmLf/95QE/0/AAAADIVu/ye7U+z7j4Sa6P8BAACgMmLffzTUpCb9v/y//L/8f0nz/3+x81+++623Ht0j/y//L/+/Kut6/f/mwe/6//L/8v+J/L/8v/w/ncqW/499/7FQk8XG780u8A8AAADDLfb9fxBqUpPf/wMAAEAdxL7/eKiJ/h8AAAAqI/b9M6EmNen/5f83MP8/mmWZ/L/8fwWv/x/3xzDl/3dvHqL8fzzpyv93ta75/3ct5sTl/1eb/x/vurQz/9+Q/28j/7/q8X8zy7J1G//Ff5X/l/+nU9ny/7Hvnw01qUn/DwAAAHUQ+v6RE0VdvEH/DwAAAJUR+/6ToSb6fwAAAKiM2Pe/L9SkJv2//L/r/8v/y/+7/n/37Zc2/+/6/z3J//dWnvx/d67/L/8/zON3/X/5f5YqW/4/9v1zoSY16f8BAACgDmLf//5QE/0/AAAAVEbs+z8QaqL/B4D/Z+8+viwtqz2On4Lq292Ldde6sztwoHNHjhnIyIH+AQ6YMNBlWAoq5kRjjphzQJeKGDCAIibMCUwoYkTFLGLChKi0i669d6VT76nqOlXnPc/z+QzcUtBU4eU2/Lr58gAANCN3/yPilk72v/5f/99k/39U/z/0+fX/+v+W6f+H6f9n0P/r//X/+n/mamz9f+7+R8Ytnex/AAAA6EHu/vPjFvsfAAAAmpG7/4K4xf4HAACAZuTuf1Tc0sn+1//r/5vs/+9328Puuq/+f6fPr//X/7dM/z9M/z+D/l//r//X/zNXY+v/c/c/Om7pZP8DAABAD3L3PyZusf8BAACgGbn7L4xb7H8AAABoRu7+x8Ytnez/Lf3/yqTP/j8zXv1/S/2/9/93/Pz6f/1/yw63/7/47u/59P/6f/1/0P/r//X/bDW2/j93/+Pilk72PwAAAPQgd//j4xb7HwAAAJqRu/8JcYv9DwAAAM3I3f/EuKWT/e/9f+//6//1//r/6Z9f/7+cvP8/rKf+/8Ibzzr/9qvvcc1ePr/+X/+v/9f/M19j6/9z9z8pbulk/wMAAEAPcvc/OW6x/wEAAKAZufufErfY/wAAALCEjk/9aO7+p8Ytnex//b/+X/8f/f8x/b/+X//fAv3/sH31/2csV/9/Op9f/6//1//r/5mvsfX/ufufFrd0sv8BAACgB7n7nx632P8AAAAwXtP+QewBufsvilvsfwAAAGhG7v4TcUsn+1//f/D9/3/0/8vR/3v/X/+v/2+C/n9YT+//n87n1//r//X/+n/ma2z9f+7+i+OWTvY/AAAA9CB3/zPiFvsfAAAAmpG7/5lxi/0PAAAAzcjd/6y4pZP9r//3/r/+X/9/+P3/2ne2+v/1/1X1//Oj/x+m/59B/7/ffv6I/l//r/9noz32/3cOfLc9l/4/d/+z45ZO9j8AAAD0IHf/c+IW+x8AAACakbv/uXGL/Q8AAADNyN3/vLilk/2v/9f/6//1/6fd/2//U+8U7/9Pp/8/HPr/YaPp/1dWp35Y/z+X/n/a35bsyqL7+f1a9Nev/9f/s93Y3v/P3f/8uKWT/Q8AAAA9yN3/grhlYP/v+QfzAQAAgIXK3f/CuMXP/wMAAMDSy+osd/+L4pZO9r/+X/+v/9f/H/77/8vf/1+z4evT/4+L/n/YaPr/Hej/l/79f/2//l//zyZj6/9z9784bulk/wMAAEAPcvdfErfY/wAAANCM3P0viVvsfwAAAGhG7v6Xxi2d7P/p/f/6rx9r/39kxz8g/f9E/998/5+/R/3/YP9/jvf/+6T/H6b/n0H/r//X/+/U/x+f9e31/0wztv4/d//L4pZO9j8AAAD0IHf/y+MW+x8AAACakbv/FXGL/Q8AAADNyN3/yrilk/3v/X/9v/5/+fp/7/+vWeT7/5ND7/9X9f+7tNj+f+Wu/Cuo/v/0vn79v/5/mb/+Jvv/I5PN7/8P/FsA9P9MM7b+P3f/q+KWTvY/AAAA9CB3/6vjFvsfAAAAlsPGf3Zg6z9QGnL3vyZusf8BAACgGbn7Xxu3tLP/B9/q1P/r//X/+n/9//TP/5BLVyfj6f+9/79b3v8fpv+fQf9/EP38amP9/6U7ffsx9P8XHdz7//eZ9e31/0yzqf+/dv3ji+r/c/e/Lm5pZ/8DAABA93L3vz5usf8BAACgGbn73xC32P8AAADQjNz9b4xbOtn/B97/D/zbB/T/+n/9v/5/3P3/mN7/1//vlv5/mP5/Bv2/9/+9/6//Z/82/C3jpv5/g0X1/7n73xS3dLL/AQAAoAe5+98ct9j/AAAA0Izc/ZfGLfY/AAAANCN3/1vilk72v/f/9f/6f/2//n/659f/L6d99fdn6P+L/l//r//X/+v/mYOx9f+bd39/+x8AAAB68NZT/3ksfrze/gcAAIAW5e5/W9xi/wMAAEAzcve/PW7pZP/r/w+2/8+P6//1/xP9v/5f/38oun3/f2XaX4m226H/v/6hJx6w+SP6f/2//l//r/9nl/5v4NeNov8/uf53l7n73xG3dLL/AQAAoAe5+y+LW+x/AAAAaEbu/nfGLfY/AAAANCN3/+Vxyx73/1DzMGb6f+//6//1/yPv//P/vPp//f+udNv/75L3/2eo/n/tewb9v/5f/6//Z39G0f9v+OXc/e+KW/z8PwAAADQjd/+74xb7HwAAAJqRu/89cYv9DwAAAM3I3f/euKWT/a//1//r//X/I+//vf+v/98T/f8w/f8My/T+/+X76P9Xp3940f38fi3669f/6//Zbmz9f+7+K+KWTvY/AAAA9CB3//viFvsfAAAAmpG7//1xi/0PAAAAzcjd/4G4pZP9r//X/+v/9f/6/+mfX/+/nPT/w/T/k8nkyoEvYFr/f/LoOPt/7/+P7uvX/+v/2W5s/X/u/g/GLZ3sfwAAAOhB7v4r4xb7HwAAAJqRu/+quMX+BwAAgGbk7v9Q3NLJ/tf/6//1//p//f/0z6//X076/2H6/xmW6f1//f/ovn79v/6f7cbW/+fu/3Dc0sn+BwAAgB7k7r86brH/AQAAoBm5+z8St9j/AAAA0Izc/dfELZ3sf/2//l//r/+f0v+f+n91/b/+fxkdXP8/0f/r//X/M+j/9f/6f7YaW/+fu/+jcUsn+x8AAAB6kLv/Y3GL/Q8AAADNyN3/8bjF/gcAAIBm5O7/RNzSyf7X/+v/9f/6f+//T//8+v/l5P3/Yfr/GfT/+n/9v/6fuZre/1+0sP4/d/8n45ZO9j8AAAD0IHf/tXGL/Q8AAADNyN3/qbjF/gcAAIBm5O7/dNzSyf7X/8+v/z+y5WPL2f9PJvp//b/+f82U/v+mOy773/rlOfT/xyb6/7nT/w/T/8+g/2+z/z9j0lD/f3zHb6//Z4zG9v5/7v7PxC2d7H8AAADoQe7+z8Yt9j8AAAA0I3f/5+IW+x8AAACakbv/83FLJ/tf/+/9/zm//3/reVO+Dv3/Gv3/0vf/3v9fAvr/Yfr/GfT/bfb/3v/X/7MwY+v/c/d/IW7pZP8DAABAD3L3fzFusf8BAACgGbn7vxS32P8AAADQjNz9X45bOtn/+n/9/5z7/0be//+f+DX6f/3/+u9X/78c9P/D9P8z6P+b6//z7+71//p/FmNs/X/u/q/ELZ3sfwAAAOhB7v7r4hb7HwAAAJqRu//6uMX+BwAAgGbk7v9q3NLJ/tf/6//1/8v5/v+xTf3/mRP9//pvr//v21j6/7PPvv8N+n/9v/5/8f2/9//1/yzW2Pr/3P1fi1s62f8AAADQg9z9X49b7H8AAABoRu7+b8Qt9j8AAAA0I3f/N+OWTvb/9v7/yGStUF0zrf+PRk3/v4H+f/PXr/+f/ueH9//1//r/gzeW/t/7/6f39ev/9f/L/PXvqf+/1/Zvr/+nRWPr/3P33xC3dLL/AQAAoAe5+78Vt9j/AAAA0Izc/d+OW+x/AAAAaEbu/hvjlk72v/f/9f/6f/2//n/659f/Lyf9/zD9/wz6f/2/9/8veNCZ+n/mZ2z9f+7+78Qtnex/AAAA6EHu/pviFvsfAAAAmpG7/7txi/0PAAAAzcjd/724pZP9r//X/+v/9f/6/+mfX/+/nPT/w/T/Zesf2pp++v9j0z646H5+vxb99TfT/3v/nzkaW/+fu//7cUsn+x8AAAB6kLv/B3GL/Q8AAADNyN3/w7jF/gcAAIBm5O7/UdzSyf7X/+v/2+//z9P/b/n8+n/9f8v0//lX9On0/zP00/9Pteh+ftm/fv2//p/txtb/5+6/OW7pZP8DAABAD3L3/zhusf8BAACgGbn7fxK32P8AAADQjNz9P41bOtn/+v+++v+VSY/9v/f/9f/6/57o/4fp/2fQ/+v/9f/6f+ZqbP1/7v5bVla73P8AAACwrB5474ffvNvf9pZT/3ls8rO45ZzJyV3+NDYAAAAwcnfv/pXVyeTnp37Jz/8DAABAi3L3/yJu6WT/6//76v/7fP9f/6//1//3RP8/TP8/g/5f/6//1/8zV4vt/9e/D85fn7v/l3HLhuG3uqc/QgAAAGBscvf/Km7p5Of/AQAAoAe5+38dt2zb//51gAAAALCscvf/Jm7p5Of/9f8j7/8nB9T/x2+n/1+j/9f/T/v8+v/lpP8fts/+/+SK/l//P0D/r//X/7PV2N7/z93/27ilk/0PAAAAjdr0Iwq5+2+NW+x/AAAAaEbu/t/FLfY/AAAANCN3/21xSyf7X/9/6P1/puoH+P7/8fpv3v/vvP+/5NjUz6//1/+3TP8/zPv/M+j/W+n/j+r/9f+Mw9j6/9z9v49bOtn/AAAA0IPc/X+IW+x/AAAAaEbu/j/GLfY/AAAANCN3/5/ilk72v/5/5O//n1b/v4v3//X/ffT/O3z+dvr//z/rxHXnPviqK/T/rDvM/j//XDjk/v/oXn+fG+n/Z9D/t9L/e/9f/89IzL//X930wb32/7n7/xy3dLL/AQAAoAe5+2+PW+x/AAAAaEbu/r/ELfY/AAAANCN3/1/jlk72v/5f/z+W/j//t15A/3/itPv/45PJZCH9fzbFvff/3v/X/2/n/f9h+v8Z9P/6f/2//p+5mn//v/mDe+3/c/f/LW7pZP8DAABAD3L3/z1uyf2/sucfugcAAABGJnf/P+IWP/8PAAAAzcjdf0fc0sn+1//r/8fS/yfv/69/u7be/z+34tQ++/971n/T/x8s/f8w/f8M+n/9v/5f/89cja3/z93/z7ilk/0PAAAAPcjdf2fcYv8DAABAM3L3/ytusf8BAACgGbn7/x23dLL/9f+t9v9ZxOv/9f9j6f+9/+/9/8Oh/x+m/59B/6//1//r/5mrsfX/ufv/GwAA//9Y4U6y")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r0, &(0x7f0000000200), 0x48400)

2.239863992s ago: executing program 1 (id=415):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000040)={0x1, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0x8}, 0xe)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000680)={r1, 0xff, 0x30, 0x2, 0x4}, &(0x7f00000006c0)=0x18)

2.048871324s ago: executing program 1 (id=416):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_ON_EMULATION_FAILURE(r1, 0x4068aea3, &(0x7f0000000300)={0xcc, 0x0, 0x1})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.983061811s ago: executing program 4 (id=417):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x2, 0x31, 0x7d, 0x55, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000004c0)={0x44, &(0x7f0000000200)={0x40, 0x15, 0x4, "79a40ebf"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

1.763370248s ago: executing program 1 (id=418):
r0 = io_uring_setup(0x70c5, &(0x7f0000000180)={0x0, 0x0, 0x10, 0x8000001})
r1 = socket(0x2b, 0x1, 0x1)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x3}, 0x1c)
accept4$inet6(r1, 0x0, 0x0, 0x800)
close_range(r0, 0xffffffffffffffff, 0x0)

1.65759583s ago: executing program 2 (id=419):
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='net/ip_mr_cache\x00')
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4138ae84, &(0x7f0000000080)=@x86={0x6, 0xa, 0x7, 0x0, 0x3, 0x8d, 0xce, 0x1c, 0x89, 0xa0, 0x7, 0x8, 0x0, 0x8000, 0xb, 0x2, 0x8, 0x2, 0x1, '\x00', 0x9, 0x3fb})

1.238560511s ago: executing program 32 (id=419):
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='net/ip_mr_cache\x00')
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4138ae84, &(0x7f0000000080)=@x86={0x6, 0xa, 0x7, 0x0, 0x3, 0x8d, 0xce, 0x1c, 0x89, 0xa0, 0x7, 0x8, 0x0, 0x8000, 0xb, 0x2, 0x8, 0x2, 0x1, '\x00', 0x9, 0x3fb})

1.232900266s ago: executing program 1 (id=421):
syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000000080)='./file1\x00', 0x4000, &(0x7f0000000040)=ANY=[], 0xff, 0x60c0, &(0x7f000000d800)="$eJzs3U1vHVf9B/DfffC147RpVP1V5R+xcFMeWkrznEB5asqCBSxAQl2TyHWrlBRQEhCtIuLKC8QGeAmw6YZFJV4BL6CvASGxJVLSVReUQWOf44xvrn3tJp659vl8pJuZ35w7vmfyveOZ65m5EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA/OD7PznXi4irv04Tjkc8FYOIfsSRul6KeuRKfv4wIk7EenM8FxGD+Yh6/vV/nom4GBEfH4u4/+DOcj35/C77cens7Zuf/fB7//jdH9dOvPPmTz8cb//x/1346Pd3I47/6NWPPrv7ZJYdAAAASlFVVdVLH/NPps/3/a47BQC0Im//qyRPV6vVavUTrf/Q38vznzradX/Vh7Ruqia72ywiYrU5T73P4HA8ABwwq/Fp112gQ/Iv2jAijnbdCWCm9bruAPvi/oM7y72Ub6+5PVjaaM9/p9yS/2pv8/qO7YbTjJ9j0tb7ay0G8ew2/TnSUh9mSc6/P57/1Y32UXrefufflu3yH21c+lScnP9gPP8xW/L/U0Qc2Pz7E/MvVc5/uJf8VwcHeP2XPwAAAAAAh1/++//xjo//zj/+ouzKTsd/l1rqAwAAAAAAAAA8aY97/79N7v8HAAAAM6v+rF7787GH07b7LrZ6+hu9iKfHng8UZqnx5YAAAAAAAAAAAAAAQDuGEYvpvP65iHh6cbGqqvrRNF7v1ePOf9CVvvxQsq5/yQMAwIaPj41dy9+LWIiIN9J3/c0tLi5W1VxELFZH5vP+7Gh+oTrS+Fybh/W0+dEudoiHo6r+YQuN+ZqmfV6e1j7+8+rXGlWDXXSsHR0GDgARsbE1um+LdMhU1TPR9V4OB4P1//Cx/rMbXb9PAQAAgP1XVVXVS1/nfTId8+933SkAoBV5+z9+XECtVquLqT/ZmDgz/VGr97Fuqia72ywiYrU5T73P4Hb8AHDArManXXeBDsm/aMOIONF1J4CZ1uu6A+yL+w/uLPdSvr3m9mBpoz2fC7Il/9Xe+nx5/knDacbPMWnr/bUWg3h2m/4811IfZknOvz+e/9WN9nyL/818FvYn/7Zsl3+9nMc76E/Xcv6D8fzH7Pf635a16E/Mv1Q5/+Ge8h/IHwAAAAAAZlj++/9xx3/zIgMAAAAAAADAgXP/wZ3lfN1rPv7/hQnP6zXHXP95aOT8e7vO3/W/h0nOvz+e/9gJOYPG+L3XH+b/yYM7yx/e/vf/5+HM5z83GNWvPdfrD4bpnJ9q7q24HjdiJc4+8vzhlvZzj7TPbWk/P6X9wiPto7r9SG4/Hcvxi7gRb262z085MWphSns1pT3nP7D+FynnP2w86vwXU3tvbFi790H/kfW+OZz0Olf++p8vP7p2tWG4pVqLweayNRyr/znVWp8eWv8/OTqKX91auXn6N9du3755LtJgy9TzkQZPWM5/Lj1y/i++sNGef+8319d7H4z2nP+sWIvhpPzX398vNMbr5X2p5b51Iec/So+cf94CTV7/D3L+E9f/9eV7uYP+AAAAAAAAAAAAAAAAwE6qqlq/RPRKRFxO1/90dW0mANCuvP2vkjxdre6g/tffZqs/arVavbXuzVh/PkfdVE32WrOIiL8356n3GX476YcBALPsvxHxz647QWfkX7D8fX/18ItddwZo1a333v/ZtRs3Vm7e6ronAAAAAAAAAMDnle//udS4//P6eUBj943ecv/X12PpwN7/sz8arN/rPC3Q87Hz/b9Pxc73/x5Oeb25Ke2jKe3zU9oXprRPvNCjIef/fMo4538yLVhJ9399sYP+dC3nfyrd6znn/5Wx5zXzr/5ykPPvb8n/zO13f3nm1nvvv3L93Wtvr7y98vNzZy9fvHDp4oVLl868df3GytmNfzvs8f7K+ed7XzsPtCw5/5y5/MuS8/9SquVflpT/5m6o/MuS1/+8vyf/suT882cf+Zcl5/9SquVflpz/V1Mt/7Lk/F9OtfzLkvP/WqrlX5ac/yupln9Zcv6nUy3/suT8z6Ra/mXJ+ecjXPIvS84/n9kg/7Lk/M+nWv5lyflfSLX8y5Lzv5hq+Zcl538p1fIvS87/cqrlX5ac/9dTLf+y5Py/kWr5lyXn/2qq5V+WnP83Uy3/suT8v5Vq+Zcl5//tVO+U/zst9ot25Py/k2rrf1ly/t9NtfzLkvN/LdXyL8vD7/83sueRxdnoRpsjVRUxA90wsu8jXf9mAgAAAAAAAAAAAADGtXE6cdfLCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwP/YgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRX27jVGrrO+H/izV6+TQPwnIYQQiO1cMGST3fUtMcFgrv809JIGQksLdYy9dgy+1buGBKFmaWgLAqmR2hf0RSkgQEhtlahCKpUoilSk9k1VXhVFlVArIdWVoDIRVKICtjpznufZmdnZmV3vrj1zzueD4p+9M2fmmTNnZve76DsHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABotuNts380FEIo/mv8sS2E64q/bw2Hin8u7L/aKwQAAADW6+eNP//q+vyFQ6vYqOk6//iaf/n64uLiYvjgixd/8SeLi/mC7SGMbAmhcVnyTz/9yWLzdaKnw8TQcNO/h3vc/UiPy0d7XD7W4/LxHpdv6XH5RI/Ll+2AZbaWv49p3Ngdjb9uK3dpuDGMNS67o8NWTw9tGR5Ov8tpGGpsszh2PJwMp8JsmF62zVDjfyF8c0dxXw+GdF/DTfd1awjh0o8+fjStYSju4ztCy501ND93P3xL2P7ijz5+9KvzP3hlp9lzNyxbaQi7dhbr/GQIS7+uCkNhS94naZ3DTeu8tcM6R1rWOdTYrvh7+zovrXKd6XFPxHV+p8s6b41fe+L2EMJCWPE67Z4Ow+GatnvN+3uiPCKK2yieypeF0TUdJztWcZwU23z/9tbjpP2YTPt/R9wnoyusofnp+OEnxpft98s9TopH3Q/HanHbDxd3OjHR/KvVlmO1uM7H71z5GOj43HU4BvKx3HQM7Ox1DAyPjzSOgeGlNe9sOQZmlm0zHIYa93Xxzu7HwNT86XNTc09+7J6Tp4+cmD0xe2Zmev/ePfv27tm3b+r4yVOz0+Wfa9ulA+SaMJyPwZ3xvSYdg69tu27zIbn4xY17HUz0yeugeOzvuatY0HXDYYVjvLjOJ3et/3WQv+83vQ5Gm14HHd9TO7wORlfxOiiuc2nX6r5njjb912kNm/VeuK3pGLia3w+L+3z/61Z+L7w1rutTr1/r98ORZcdAelhD8bVXfCX/vDdxf9wvy4+LW4oLrh0PF+Zmz9/7xJH5+fMzIY4r4oam56r9eLmm6TGFZcfL8JqPl0N/+bO7bunw9W1xX03cvfRcjXd4Horr7J3s/lw13t0778+Wr+4OcWywK70/O303K/ZnzhJdjv3iOp+8Z/0/C+Zc0vT+N9br/W9kbLR8/xvJe2Os5f1v+VMz0lhZCJfuWd3731j870q//93YJ+9/xb56/73dj4HiOp+aWusxMNr1/e/2OIfiel4XE8NEU+7/RePyhfIwbXouex43o6Nj8bgZTffYetzsWbZNcWvFfe+avrzjZtftrc9Vy88tFTxuin31p9Pdj5viOs/PrP+9Y2v6a9N7x3ivY2BsZLxY71g+CMr3u8Wt6Ri4NxwNZ8OpcCxvUzzLxX1N7l7dMTAe/7vS7x0398kxUOyrz+3ufgwU1/n2no392WlX/Eq+TtPPTu2/X1gp898yunR77bttozN/sc637+3+u6HiOj/Yu9ac0X0/3R2/cm2H/dT++lnpmD4Wrsx+ujmu89S+7r+bKq5z4/5VHk+HQggvzLzQ+H1X/P3u31z416+3/N630++UX5h54aGpR767lvUDAHD5ftH4c2G8/Fmz6f+xXs3//w8AAAAMhJT7h+PM5H8AAACojJT7R+LM5H8AAACojJT7R+PMapL/H7//wLM/fyrkTwNcjNLlaTc8/KbyeqnjvRD/vX1xSfH1t3557NlPP7W6+x4OIfzsoVd1vP7jb0rrKp1L63xD69eXufm2Vd3/Y48uXa/58xMuHShvPz2e1R4Gqav8zandjdvd/uRMYz7/UGjMRxY+9XR5++W/0/Uv7imv/+fxQ0sOHR9q2X5XXM8dcW6Pnynz8KGl/VDMtN2zt77mH25479L9pe2Gdr608TA/93vl7abPiHrmhvL66XGvtP6//8zXni2u/8Sdndf/1HDn9V+Mt/v9OH96sLx+8z7/dNP6/yCuP91f2u7eL32r4/qfe0V5/eficfGFONvX/5Y/fvXPOz1f6X4OPVBul+5/+n/2NrZLt5duv339E0/NtOyP9tt//sXydg5+5McjzddPX0/3kzz2QOvxPRSf35YeeQjha38YWvZzeGO53d+1rT/d3rkHOq//7rZ1nhu6rbH90uPZ1vK4Pv+V3R0fb1rPob/e1vJ4nnlH3H8vTn27uN2Lj8TjMV7+v98pb6/9s0yfe0fr+026/he2la/bdHtTbet/pm39C7cV+673+h98sVz/c2/e0rL+Q++Mx9OD5ey1/hN/cX3L9l/8avl8nP/o5JmzcxdOHosPZlvb63jLxNZrrr3uJS+9Pr6Xtv/78Nn5x2fPb5/ePh3C9gH8yMDNXv+X4vzvcixs/D2Uvvvj8rj77LvK71uv/Un572fi1x+Lz2f6/vj5PxtrOV7bn/eFN5dzvet/fVzHar3iM/9xW4cv/+eyz/y9+IFvXvjb3/9B+88F6fGce/lE4/F9bsdNjcuGni8vb3+/6uXfX976uv7e6HRjfiPu18X4ycw7byrvr/3202eTfPbd5es3/SSXtg9tnyeybaT1cax3/d+LP8d86+bW9790fHzjqbZPc94WhoolLMT3h7BQXp6ulfb3Zy/d1PH+0ufwhIVXrmWZK5p7cm7q1MkzF56Ymp+dm5+ae/Jjh0+fvXBm/nDjs0sPf6jX9kuv72sar+9js/v3hsar/Ww5NtnVXv+5R48eu2/6rmOzx49cOD7/6LnZ8yeOzs0dnT02d9eR48dnP9pr+5PHDs7sPrDnvt2TJ04eO3j/gQN7DkyePHO2WEa5qB72T3948sz5w41N5g7uPTCzb9/e6cnTZ4/NHrxvenryQq/tG9+bJoutPzJ5fvbUkfmTp2cn505+bPbgzIH9+3f3/PTH0+eOz22fOn/hzNSFudnzU+Vj2T7f+HLxva/X9tTD3Nn4ftdmKP50/r679+fPxy18+RMr3lR5ldYfT8MP42dBpe9vvf6dcv9YnFlN8j8AAADUQcr98YP/ly6Q/wEAAKAyUu7fEmcm/wMAAEBlpNw/EWdWk/yv/6//r/+v/6//fwX7/0H/f6Pp/29I/385/f9V0f/X/9f/1/+nu37r/6fcvzWEWuZ/AAAAqIOU+6+JM5P/AQAAoDJS7r82zkz+BwAAgMpIuf+6OLN65P+x9r/q/+v/6/839//TdfX/g/6//v9l0v/X/+9G/1//f5DX34f9/636//Sbfuv/p9z/kjizeuR/AAAAqIWU+18aZyb/AwAAQGWk3H99nJn8DwAAAJWRcv+2OLOa5P8NPP//Z+JF+v/6/4Pe/z+djmPn/9f/1/9fP/1//f9u9P/1/wd5/X3Y/3f+f/pOv/X/U+7/f3FmNcn/AAAAUAcp978szkz+BwAAgMpIuf+GODP5HwAAACoj5f4b48xqkv83sP/v/P/6/1Xp/zed/1//v5n+v/7/5dD/1//vRv9f/3/j1z8Uf0zQ/++1vf4/V0K/9f9T7n95nFlN8j8AAADUQcr9N8WZyf8AAABQGSn3vyLOTP4HAACAyki5/+Y4s5rkf/1//X/9f/1//X/9/82k/6//343+v/7/IK9f/1//n976rf+fcv8r48xqkv8BAACgDlLuvyXOTP4HAACAyki5/1VxZvI/AAAAVEbK/bfGmdUk/+v/91X//8mg/7+8/z+s/6//X1pr/79hoff69f8312D1/4dXvET/v6T/30r/X/9f/1//n+76rf+fcv+r48xqkv8BAACgDlLuf02cmfwPAAAAlZFy/21xZvI/AAAAVEbK/dvjzGqS//X/+6r/7/z/zv+v/+/8/0v9//kh/f9VcP5//f+g/3/ZrnZ/ftDXr/+v/09v/db/T7l/R5xZTfI/AAAA1EHK/TvjzOR/AAAAqIyU+2+PM5P/AQAAoDJS7r8jzqwm+V///zL7/1tb/6n/33n9+v/6//r/zv+v/6//343+v/7/IK9f/391/f/xXjdEpfVb/z/l/jvjzGqS/wEAAKAOUu6/K85M/gcAAIDKSLn/tXFm8j8AAABURsr9u+LMapL/9f+d/1//X/9f/1//fzPp/6+6/7/1cta1Kf3/9Car/9+T/r/+/6D0/yc6bO/8/1wJ/db/T7n/dXFmNcn/AAAAUAcp978+zkz+BwAAgMpIuf/uODP5HwAAACoj5f7JOLOa5H/9f/1//X/9f/1//f/NVNX+f34fdf5//X/9f/3/Te7/f2WF7Qfl/P/UW7/1/1PuvyfOrCb5HwAAAOog5f5748zkfwAAAKiMlPun4szkfwAAAKiMlPun48xqkv+r3/9vbxaX9P9L+v/6/0H/X/9/k1W1/99+/v8Qgv6//n+m/6//32/n/+9E/58rYf39//G8SePPdfb/U+6fiTOrSf4HAACAOki5f3ecmfwPAAAAlZFy/544M/kfAAAAKiPl/r1xZjXJ/9Xv/3em/1/S/9f/D/r/+v+brC79f+f/Ly/X/y/p/+v/6//r/9fRcIevrb//v7RJ48919v9T7t8XZ1aT/A8AAAB1kHL//jgz+R8AAAAqI+X+++LM5H8AAACojJT7748zq0n+1//X/9f/1//v3/5/6/1vXv//v/T/N5H+v/5/N/r/+v+DvH79f/1/etvY/v/16+7/p9x/IM6sJvkfAAAA6iDl/jfEmcn/AAAAUBkp9z8QZyb/AwAAwEDpdB7CJOX+N8aZ1ST/6/9Xvf+/uEX/X/9/cPv/rfvT+f/1/zuJb5/6/6tUr/7/1mX3p//f6mr35wd9/fr/+v/0trH9/2U/nq65/59y/8E4s5rkfwAAAKiDlPvfFGcm/wMAAEBlpNz/5jgz+R8AAAAqI+X+Q3FmNcn/+v9V7//33/n/h8Lg9v9H9f/1//X/18z5//X/u3H+/8Hs/6fP3dD/75/+f3EM6f/Tj/qt/59y/1vizGqS/wEAAKAOUu5/a5yZ/A8AAACVkXL/2+LM5H8AAACojJT73x5nVpP8r/+v/+/8/87/r/+v/7+Z9P/1/7vR/x/M/n+i/98//X/n/6df9Vv/P+X+d8SZ1ST/AwAAQB2k3P/OODP5HwAAACoj5f7/H2cm/wMAAEBlpNz/YJxZTfJ/hfr/Y3Hq/+v/6//r/zfo//cH/X/9/270//X/B3n9+v/6//TWb/3/lPt/Kc6sJvkfAAAA6iDl/ofizOR/AAAAqIyU+98VZyb/AwAAQGWk3P/LcWY1yf8V6v+X+vT8/8P59vX/9f/1//X/9f830oD2/yf0/0v6//r/g7x+/X/9f3rrt/5/yv2/EmdWk/wPAAAAdZBy/6/Gmcn/AAAAUBkp9/9anJn8DwAAAJWRcv/DcWY1yf/6/87/r/+v/9+3/f/R1v2p/6//38mA9v+d/z/S/9f/H+T16//r/9Nbv/X/U+7/9TizmuR/AAAAqIOU+x+JM5P/AQAAoDJS7n93nJn8DwAAAJWRcv974sxqkv/1//X/9f/1//u2/9+2P/X/+7X//29dL9X/1//vRv9f/3+Q16//r/9Pb/3W/0+5/9E4s5rkfwAAAKiDlPvfG2cm/wMAAEBlpNz/G3Fm8j8AAABURsr9vxlnNpj5f3itG+j/6//r/+v/r7r/vxBC0P/X/18j/f/l/f/iPexq9v/HV3NF/f9V0f/X/9f/1/+nu37r/6fc/744s8HM/wAAAEAHKff/VpyZ/A8AAACVkXL/b8eZyf8AAABQGSn3vz/OrCb5X/9f/1//X//f+f/1/zeT/n+9zv8/HvT/g/6//r/+v/4/Wb/1/1Pu/0CcWU3yPwAAANRByv2/E2cm/wMAAEBlpNx/OM5M/gcAAIDKSLn/sTizmuR//f+r1P/fWl5f/1//vzr9/0X9f/3/jvT/69X/d/7/kv6//r/+v/4/pX7r/6fcfyTOrCb5HwAAAOog5f4PxpnJ/wAAAFAZKfcfjTOT/wEAAKAyUu4/FmdWk/yv/+/8//r/+v/O/6//v5n0//X/u9H/1/8f5PXr/+v/01u/9f9T7p+NM6tJ/gcAAIA6SLn/eJyZ/A8AAACVkXL/iTgz+R8AAAAqI+X+x+PMapL/9f/1/1fV/x8L+v/6//r/+v+XRf9f/78b/X/9/0Fev/6//j+9bVz//583pP+fcv/JOLOa5H8AAACog5T7PxRnJv8DAABAZaTc/+E4M/kfAAAAKiPl/lNxZjXJ//r/+v/O/1/B/v+o/n/Q/+8b+v/6/93o/+v/D/L69f/1/+ltKGxU/z9sSP8/5f7TcWY1yf8AAABQByn3n4kzk/8BAACgMlLuPxtnJv8DAABAZaTcfy7OrCb5X/9f/1//v4L9f+f/b9D/7w/6//r/3ej/6/8P8vr1//X/6W3jzv+/Mf3/lPt/N86sJvkfAAAA6iDl/v9j7z6a5LyrPY63riWPVK5bd3X3vAV27OAd+DWwYUuRc44GTE4m55yTiSbnnIPJORlMBkOVKWvOOfZIPd2t0fT08/zP57PgMGaseayhxvUr1beee8ct9j8AAAAMI3f/feIW+x8AAACGkbv/vnFLk/2v/9f/6//1//p//f826f/1/6vo/+fT/59Z8vfr//X/+n/WmVr/n7v/fnFLk/0PAAAAHeTuv3/cYv8DAADAMHL3PyBusf8BAABgGLn7Hxi3NNn/+n/9v/5/Mv3/fuen/9f/6/8vif5f/7/Ydf9/Lj4YvP9fRv+v/9f/s87U+v/c/Q+KW5rsfwAAAOggd/+D4xb7HwAAAIaRu/8hcYv9DwAAAMPI3f/QuKXJ/tf/6//H7f/35tb/e/9/fl9H7P9P3f5l9f/HS/+v/1/suv9v8v7/ZfT/+n/9P+tMrf/P3f+wuKXJ/gcAAIAOcvc/PG6x/wEAAGAYufsfEbfY/wAAADCM3P2PjFua7H/9v/5/3P5/du//1//n93WI/v9c/Tre/6//1/8fTv+v/5/z8+v/9f+sN7X+P3f/o+KWJvsfAAAAOsjd/+i4xf4HAACAYeTuf0zcYv8DAADAMHL3PzZuabL/9f/6f/2//l//fwLv/9f/6//1/0vp//X/c35+/b/+n/Wm1v/n7n9c3NJk/wMAAEAHufsfH7fY/wAAADCM3P1PiFvsfwAAABhG7v4nxi1N9v+l9f+n9P+H0P8vf379v/5f/6//1//r/1fR/+v/5/z8+n/9P+ttvf+/+przd9P+P3f/NXFLk/0PAAAAHeTuf1LcYv8DAADAMHL3Pzlusf8BAABgGLn7nxK3NNn/S/r/KxYzfv//2c2+tP4/vv7B/v/WU/p//f80+/9b4qeM/l//f7F59/9n9f876//39P8r+/nNfif0//p//T/rbL3/X9P7X/hx7v5r45Ym+x8AAAA6yN3/1LjF/gcAAIBh5O5/Wtxi/wMAAMAwcvc/PW5psv8v7f3/0+//vf9/t+//z193C/3/mWXPr//v0v/v8/5//f8y8+7/vf9/i/3/PfI30/v/D7frfn7uz7+q/7/rBs+v/6eDqfX/ufufEbc02f8AAADQQe7+Z8Yt9j8AAAAMI3f/s+IW+x8AAACGkbv/2XFLg/1/Wv9fz5H0/97/v1H/f27/79f/H3we/b/+fxn9v/5/ld29/1//v5hAPz/35/f+//X9/1XrfhGGN7X+P3f/c+KWBvsfAAAAusjd/9y4xf4HAACAYeTuf17cYv8DAADAMHL3Pz9uabL/9f/6f/2/9/9fVv9/xTb6/9NLfz/1//r/ZfT/+v+F/v/Idt3Pz/359f/e/896U+v/c/dfF7fU8Dt9hH9KAAAAYEpy978gbmny5/8AAADQQe7+F8Yt9j8AAAAMI3f/i+KWJvtf/6//1//r/73/X/+/Tfr/4fr/U/r/2+n/9f/6f/0/q02t/8/d/+K4pcn+BwAAgA5y978kbrH/AQAAYBi5+18at9j/AAAAMIzc/S+LW5rsf/2//l//r//X/+v/t0n/P1z/7/3/d6D/1//r//X/rDa1/j93/8vjlib7HwAAADrI3f+KuMX+BwAAgGHk7n9l3GL/AwAAwDBy978qbpnd/r+woN2M/l//r//X/+v/9f/bNP3+/8xGn6X/36f/P2hb/f/ZQ76e/n9az388/X9+9/X/jGkC/f/d7vhx7v5Xxy2z2/8AAADAYXL3vyZusf8BAABgGLn7Xxu32P8AAAAwjNz9r4tbmuz/w/r/m6/a/9/X9P/5G6b/j6v/1/8v9P9F/6//X8yi/9+M/n+f/v8g7//X/3v/v/6f1SbQ/x/4OHf/6+OWJvsfAAAAOsjd/4a4xf4HAACAYeTuf2PcYv8DAADAMHL3vyluabL/vf9f/6//1//r//X/26T/1/+vMqP+f2/ZX9T/6//1//p/Vpta/5+7/81xS5P9DwAAAB3k7n9L3GL/AwAAwDBy9781brH/AQAAYBi5+98WtzTZ//p//f/O+///GbL/P/+I+n/9v/5f/6//X21G/f9S+n/9v/5f/89qU+v/c/e/PW5psv8BAACgg9z974hb7H8AAAAYRu7+d8Yt9j8AAAAMI3f/u+KWJvtf/6//33n/7/3/Rf8f31f9v/7/Euj/9f8L/f+R7bqfn/vz6//1/6w3tf4/d/+745Ym+x8AAAA6yN3/nrjF/gcAAIBh5O6/Pm6x/wEAAGAYufvfG7c02f/6f/2//l//r//X/2+T/l//v8rJ9v/X3qz/P2jX/fzcn1//r/9nvan1/7n73xe3NNn/AAAA0EHu/vfHLfY/AAAADCN3/wfiFvsfAAAAhpG7/4NxS5P9r/+fe/9/95viCabW/+en6P/1/yv7/73FxfT/+v9Lof/X/y+28v7/C39SLKf/1//r//X/rHZi/f89r77XXW77L2v6/9z9H4pbmux/AAAA6CB3/w1xi/0PAAAAw8jd/+G4xf4HAACAYeTu/0jc0mT/9+j/z1z0aeP0/97/r/+fdP+fP1S9/1//r//X/y813f5/M/p//b/+X//PalN7/3/u/o/GLU32PwAAAHSQu/9jcYv9DwAAAMPI3f/xuMX+BwAAgGHk7v9E3NJk//fo/y+m/9937P3/rf+n/9f/l03e/6//1/9fLv2//n+h/z+yXffzc3/+ofv/Uwv9P8diav1/7v5Pxi1N9j8AAAB0kLv/U3GL/Q8AAADDyN3/6bjF/gcAAIBh5O7/TNxw5//d3SOdKP2//t/7//X/+n/9/zbp/4/Q/586vfFz6f/36f+PZtf9/Nyff+j+3/v/OSZT6/9z9382bvHn/wAAADCM3P2fi1vsfwAAABhG7v7Pxy32PwAAAAxgv3fP3f+FuKXJ/l/T/+/l5x25/z93+NfW/+v/F/p//b/+X/9/mYbs/y+B/n+f/v9odt3Pz/35Z9f/X3/wQ/0/J2FJ/3/+J/Gu+v/c/V+MW5rsfwAAAOggd/+X4hb7HwAAAIaRu//LcYv9DwAAAMPI3f+VuKXJ/l/a/+95/7/+X/+v/1/o//X/x0L/r/9fRf+v/5/z88+u/7+A/p+TMLX3/+fu/2rc0mT/AwAAQAe5+78Wt9j/AAAAMIzc/V+PW+x/AAAAGEbu/m/ELU32/5r3/+v/N/tH0f/r/5f+/0H/r//fsP8/s9D/H5n+X/+/0P8f2a77+bk//+X0/+f0/zQxtf4/d/8345Ym+x8AAAA6yN3/rbjF/gcAAIBh5O7/dtxi/wMAAMAwcvd/J25psv9H7v9XfZr+f5/+X/+/0P9Pof/3/v/LoP/X/y/0/0e2635+7s/v/f/6f9abWv+fu/+7cUuT/Q8AAAAd5O7/Xtxi/wMAAMAwcvffuFjcYP8DAADAmG48/59nF9+PW5rs/5H7/1X0//v0//r/hf5f/79l+n/9/yr6f/3/nJ9f/6//Z72p9f+5+38QtzTZ/wAAANBB7v4fxi32PwAAAAwjd/+P4hb7HwAAAIaRu//HcUuT/a//1//r//X/+n/9/zbp//X/q+j/9f9zfn79v/6f9abW/+fu/0nc0mT/AwAAQAe5+38at9j/AAAAMIzc/T+LW+x/AAAAGEbu/p/HLU32v/5f/6//1//r//X/26T/1/+vov/X/8/5+fX/+n/Wm1r/n7v/F3FLk/0PAAAAHeTu/2XcYv8DAADAMHL3/ypusf8BAABgGLn7fx23NNn/+v/bnuNc/XX9v/5f/6//T/r/49G2/7/tX6v6/7X0//r/OT+//l//z3pT6/9z9/8mbmmy/wEAAKCD3P2/jVvsfwAAABhG7v7fxS32PwAAAAwjd//v45Ym+1//7/3/+n/9/zz6/yv1//r/pSbb/3v//0b0//r/OT+//l//z3pT6/9z998UtzTZ/wAAANBB7v4/xC32PwAAAAwjd/8f4xb7HwAAAIaRu//muKXJ/tf/6/+H7P/39P/j9f/e/z/L/v9O+n/9/2r6f/3/nJ9f/6//Z72p9f+5+/8UtzTZ/wAAANBB7v4/xy32PwAAAAwjd/9f4hb7HwAAAIaRu/+vcUuT/a//1/8P2f97/7/+X/8/Gfp//f8q+n/9/5yfX/+v/2e9qfX/ufv/Frc02f8AAADQQe7+v8ct9j8AAAAMI3f/P+IW+x8AAACGkbv/n3FLk/2v/9f/6//1//p//f826f/n2/9fuThC/3/dQv+v/9f/6//1/5Sp9f+5+/8VtzTZ/wAAANBB7v5b4pal+///T+ipAAAAgOOUu//fcYs//wcAAIBh5O7/T9zSZP/r//X/+n/9v/5f/79N+v/59v/e/7+e/l//r//X/7Pa1Pr/3P3/DQAA///E7/7M")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0xc6081, 0xcc)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x82200, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0)
sendfile(r0, r1, 0x0, 0x20fffe85)

1.230115936s ago: executing program 3 (id=422):
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000040)={0x2000003c, &(0x7f0000000280)})
bind$bt_hci(r1, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r1, &(0x7f0000000040)=ANY=[], 0x6)

1.086913456s ago: executing program 3 (id=423):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00'})
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0x18, &(0x7f0000000040)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000240)={0x2, 0x0, @local}, 0x6f)

1.001044171s ago: executing program 3 (id=424):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f00000010c0)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f00000000c0)={0x0, 0xd, 0x0, 0x2, 0xfffffff8, 0x4, 0x10000, 0xfffffff8, r2}, 0x20)

1.300679ms ago: executing program 1 (id=425):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
read$nci(r0, 0x0, 0x0)
write$nci(r0, 0x0, 0x0)
write$nci(r0, 0x0, 0x0)
writev(r0, &(0x7f0000000cc0)=[{&(0x7f0000000900)="4dddf1ec", 0x4}, {0x0}], 0x2)

0s ago: executing program 3 (id=426):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x9a)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x4008, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20400, 0x8f)
lseek(r0, 0x3, 0x1)

kernel console output (not intermixed with test programs):

batadv_slave_0
[  101.823894][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.899760][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.937220][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1
[  102.019679][   T36] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  102.063138][   T36] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  102.139442][   T36] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  102.162519][   T36] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  102.243408][   T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.296248][   T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.485010][   T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.514996][   T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.595596][   T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.604417][   T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.833877][ T5944] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.874431][ T5944] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.246358][  T985] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  103.310124][ T5990] tipc: Started in network mode
[  103.322308][ T5990] tipc: Node identity 16c16d18b2be, cluster identity 4711
[  103.342965][ T5990] tipc: Enabled bearer <eth:netdevsim0>, priority 10
[  103.374768][ T5990] tipc: Cannot configure node identity twice
[  103.387083][ T5990] tipc: Cannot configure node identity twice
[  103.419635][ T5969] loop2: detected capacity change from 0 to 32768
[  103.450165][ T5969] =======================================================
[  103.450165][ T5969] WARNING: The mand mount option has been deprecated and
[  103.450165][ T5969]          and is ignored by this kernel. Remove the mand
[  103.450165][ T5969]          option from the mount to silence this warning.
[  103.450165][ T5969] =======================================================
[  103.528752][  T985] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  103.540523][  T985] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  103.578330][ T5969] btrfs: Deprecated parameter 'usebackuproot'
[  103.606414][  T985] usb 1-1: config 0 descriptor??
[  103.628165][ T5969] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  103.684258][ T5969] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.3 (5969)
[  103.825619][ T5969] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  103.865447][ T5969] BTRFS info (device loop2): using sha256 checksum algorithm
[  104.005904][ T6008] syz.3.18 uses obsolete (PF_INET,SOCK_PACKET)
[  104.085123][  T985] [drm:udl_init] *ERROR* Selecting channel failed
[  104.114314][  T985] [drm] Initialized udl 0.0.1 for 1-1:0.0 on minor 2
[  104.145586][  T985] [drm] Initialized udl on minor 2
[  104.168830][  T985] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  104.199751][  T985] udl 1-1:0.0: [drm] Cannot find any crtc or sizes
[  104.199936][ T5969] BTRFS info (device loop2): rebuilding free space tree
[  104.218348][ T5951] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  104.275905][  T985] usb 1-1: USB disconnect, device number 2
[  104.285976][ T5951] udl 1-1:0.0: [drm] Cannot find any crtc or sizes
[  104.423976][ T5969] BTRFS info (device loop2): enabling ssd optimizations
[  104.445610][ T5969] BTRFS info (device loop2): turning on async discard
[  104.453578][ T5969] BTRFS info (device loop2): enabling free space tree
[  104.486605][ T5844] tipc: Node number set to 2759814424
[  104.535489][ T5969] BTRFS info (device loop2): force clearing of disk cache
[  104.550529][ T5969] BTRFS info (device loop2): trying to use backup root at mount time
[  104.625164][ T5987] loop4: detected capacity change from 0 to 32768
[  104.729627][ T5987] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.5 (5987)
[  104.850434][ T5987] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  104.943502][ T5987] BTRFS info (device loop4): using sha256 checksum algorithm
[  104.981272][ T6013] syz.2.3 (6013) used greatest stack depth: 18808 bytes left
[  105.133972][ T6028] evm: overlay not supported
[  105.149103][ T5987] BTRFS info (device loop4): rebuilding free space tree
[  105.184396][ T5994] loop1: detected capacity change from 0 to 32768
[  105.237335][ T5994] xfs: Deprecated parameter 'attr2'
[  105.274441][ T5994] XFS: attr2 mount option is deprecated.
[  105.306145][ T5987] BTRFS info (device loop4): disabling free space tree
[  105.320976][ T5842] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  105.337028][ T5987] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  105.413767][ T5994] XFS (loop1): DAX unsupported by block device. Turning off DAX.
[  105.435571][ T5987] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  105.467994][ T5987] BTRFS info (device loop4): enabling ssd optimizations
[  105.476377][ T5987] BTRFS info (device loop4): turning on async discard
[  105.484720][ T5987] BTRFS info (device loop4): force clearing of disk cache
[  105.493178][ T5987] BTRFS info (device loop4): enabling auto defrag
[  105.502759][ T5987] BTRFS info (device loop4): max_inline set to 4096
[  105.517800][ T5994] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  105.715767][   T30] audit: type=1800 audit(1769547643.221:2): pid=5987 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.5" name="file1" dev="loop4" ino=260 res=0 errno=0
[  105.754168][ T5994] XFS (loop1): Ending clean mount
[  105.826709][ T5994] XFS (loop1): Quotacheck needed: Please wait.
[  105.937396][ T6049] loop0: detected capacity change from 0 to 164
[  106.006438][ T5994] XFS (loop1): Quotacheck: Done.
[  106.138029][   T30] audit: type=1804 audit(1769547643.651:3): pid=5994 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.17" name="/newroot/7/file0/file1" dev="loop1" ino=6150 res=1 errno=0
[  106.236595][ T5840] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  106.353520][ T5837] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  106.866200][ T6065] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  107.495414][ T5951] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  107.664978][ T6069] loop1: detected capacity change from 0 to 32768
[  107.684125][ T6069] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.28 (6069)
[  107.716820][ T5951] usb 5-1: Using ep0 maxpacket: 32
[  107.741456][ T5951] usb 5-1: config 0 has an invalid interface number: 51 but max is 0
[  107.758888][ T5951] usb 5-1: config 0 has no interface number 0
[  107.791934][ T5951] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  107.832671][ T6069] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  107.855360][ T5951] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  107.865202][ T5951] usb 5-1: Product: syz
[  107.895558][ T6069] BTRFS info (device loop1): using crc32c checksum algorithm
[  107.910467][ T5951] usb 5-1: Manufacturer: syz
[  107.923450][ T5951] usb 5-1: SerialNumber: syz
[  107.961261][ T5951] usb 5-1: config 0 descriptor??
[  108.019030][ T5951] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  108.100506][ T6069] BTRFS info (device loop1): rebuilding free space tree
[  108.263745][ T6069] BTRFS info (device loop1): allowing degraded mounts
[  108.305725][ T6069] BTRFS info (device loop1): enabling ssd optimizations
[  108.307152][ T5951] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  108.313436][ T6069] BTRFS info (device loop1): enabling free space tree
[  108.313461][ T6069] BTRFS info (device loop1): force clearing of disk cache
[  108.313478][ T6069] BTRFS info (device loop1): use zstd compression, level 3
[  108.313495][ T6069] BTRFS info (device loop1): max_inline set to 0
[  108.412658][ T5951] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  108.717726][    C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71
[  108.727478][ T5951] usb 5-1: USB disconnect, device number 2
[  108.735368][ T5915] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  108.764266][ T5951] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  108.793580][ T5951] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  108.814558][ T5837] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  108.829185][ T5951] quatech2 5-1:0.51: device disconnected
[  108.939362][ T5915] usb 3-1: Using ep0 maxpacket: 32
[  108.958374][ T5915] usb 3-1: config 0 has an invalid interface number: 51 but max is 0
[  108.979319][ T5915] usb 3-1: config 0 has no interface number 0
[  108.981412][ T6117] netlink: 8 bytes leftover after parsing attributes in process `syz.3.46'.
[  109.013882][ T6118] loop0: detected capacity change from 0 to 512
[  109.016300][ T5915] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  109.077534][ T5915] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  109.105403][ T5915] usb 3-1: Product: syz
[  109.111338][ T5915] usb 3-1: Manufacturer: syz
[  109.126007][ T5915] usb 3-1: SerialNumber: syz
[  109.135161][ T6118] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  109.153177][ T5915] usb 3-1: config 0 descriptor??
[  109.166965][ T5915] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  109.187141][ T6118] ext4 filesystem being mounted at /16/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  109.327439][ T6118] EXT4-fs error (device loop0): ext4_do_update_inode:5596: inode #2: comm syz.0.47: corrupted inode contents
[  109.403295][ T6118] EXT4-fs error (device loop0): ext4_dirty_inode:6481: inode #2: comm syz.0.47: mark_inode_dirty error
[  109.405022][ T5915] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  109.436536][ T6118] EXT4-fs error (device loop0): ext4_do_update_inode:5596: inode #2: comm syz.0.47: corrupted inode contents
[  109.484399][ T5915] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  109.517186][ T6118] EXT4-fs error (device loop0): __ext4_ext_dirty:207: inode #2: comm syz.0.47: mark_inode_dirty error
[  109.646282][ T6124] EXT4-fs warning (device loop0): ext4_es_cache_extent:1082: inode #2: comm syz.0.47: ES cache extent failed: add [0,1,21,0x1] conflict with existing [0,8,576460752303423487,0x18]
[  109.646282][ T6124] 
[  109.779865][ T6134] loop1: detected capacity change from 0 to 64
[  109.908771][ T5833] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.941849][ T6134] hfs: request for non-existent node 131072 in B*Tree
[  109.942900][    C1] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71
[  109.966905][ T5915] usb 3-1: USB disconnect, device number 2
[  109.998880][ T5915] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  110.046519][ T6134] hfs: request for non-existent node 131072 in B*Tree
[  110.069002][ T5915] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  110.097647][ T5915] quatech2 3-1:0.51: device disconnected
[  111.141551][ T6138] loop4: detected capacity change from 0 to 32768
[  111.247640][ T6138] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  111.370547][ T6138] XFS (loop4): Ending clean mount
[  111.379056][ T6140] loop0: detected capacity change from 0 to 40427
[  111.418189][ T6138] XFS (loop4): Quotacheck needed: Please wait.
[  111.489370][ T6140] F2FS-fs (loop0): invalid crc value
[  111.489901][ T6138] XFS (loop4): Quotacheck: Done.
[  111.659555][ T6164] loop3: detected capacity change from 0 to 2048
[  111.661656][ T6142] loop1: detected capacity change from 0 to 40427
[  111.690460][ T5840] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  111.702735][ T6164] NILFS: invalid option "cp=0": invalid checkpoint number 0
[  111.713884][ T6142] F2FS-fs (loop1): build fault injection rate: 690
[  111.751143][ T6142] F2FS-fs (loop1): invalid crc value
[  111.884360][ T6140] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  111.919276][ T6140] F2FS-fs (loop0): Start checkpoint disabled!
[  111.960558][ T6140] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0
[  112.050635][ T6140] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  112.225489][ T6142] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  112.255466][ T6142] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  112.281444][ T6175] loop2: detected capacity change from 0 to 4096
[  112.300324][ T6140] bio_check_eod: 54 callbacks suppressed
[  112.300346][ T6140] syz.0.53: attempt to access beyond end of device
[  112.300346][ T6140] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  112.343274][ T6175] EXT4-fs: Ignoring removed nomblk_io_submit option
[  112.370769][ T5837] syz-executor: attempt to access beyond end of device
[  112.370769][ T5837] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  112.394140][ T6175] EXT4-fs (loop2): Test dummy encryption mode enabled
[  112.418548][ T6175] EXT4-fs (loop2): stripe (97) is not aligned with cluster size (16), stripe is disabled
[  112.432857][ T5837] CPU: 1 UID: 0 PID: 5837 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  112.432887][ T5837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  112.432899][ T5837] Call Trace:
[  112.432908][ T5837]  <TASK>
[  112.432916][ T5837]  dump_stack_lvl+0xe8/0x150
[  112.432962][ T5837]  f2fs_handle_critical_error+0x37c/0x540
[  112.432993][ T5837]  f2fs_write_end_io+0xcdb/0xff0
[  112.433041][ T5837]  __submit_merged_bio+0x256/0x650
[  112.433072][ T5837]  __submit_merged_write_cond+0x3c3/0x4e0
[  112.433116][ T5837]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  112.433178][ T5837]  f2fs_write_data_pages+0x2970/0x35e0
[  112.433201][ T5837]  ? unwind_next_frame+0xa5/0x23c0
[  112.433274][ T5837]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  112.433295][ T5837]  ? is_bpf_text_address+0x26/0x2b0
[  112.433340][ T5837]  ? arch_stack_walk+0xfb/0x150
[  112.433405][ T5837]  ? add_lock_to_list+0xc7/0x100
[  112.433436][ T5837]  ? lockdep_unlock+0x5d/0xd0
[  112.433454][ T5837]  ? __lock_acquire+0x146e/0x2cf0
[  112.433512][ T5837]  ? do_raw_spin_lock+0x12b/0x2f0
[  112.433557][ T5837]  ? do_raw_spin_unlock+0xf5/0x210
[  112.433576][ T5837]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  112.433601][ T5837]  do_writepages+0x32e/0x550
[  112.433640][ T5837]  ? do_raw_spin_unlock+0xf5/0x210
[  112.433665][ T5837]  filemap_fdatawrite+0x1e9/0x2f0
[  112.433694][ T5837]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  112.433777][ T5837]  ? do_raw_spin_unlock+0xf5/0x210
[  112.433802][ T5837]  f2fs_sync_dirty_inodes+0x30e/0x810
[  112.433847][ T5837]  f2fs_write_checkpoint+0x9cf/0x2680
[  112.433871][ T5837]  ? lockdep_hardirqs_on+0x7a/0x110
[  112.433945][ T5837]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  112.434021][ T5837]  ? kfree+0x1c1/0x610
[  112.434046][ T5837]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  112.434085][ T5837]  kill_f2fs_super+0x314/0x720
[  112.434118][ T5837]  ? __pfx_kill_f2fs_super+0x10/0x10
[  112.434160][ T5837]  ? lockdep_hardirqs_on+0x7a/0x110
[  112.434204][ T5837]  deactivate_locked_super+0xbc/0x130
[  112.434234][ T5837]  cleanup_mnt+0x437/0x4d0
[  112.434262][ T5837]  ? _raw_spin_unlock_irq+0x23/0x50
[  112.434292][ T5837]  task_work_run+0x1d9/0x270
[  112.434317][ T5837]  ? __pfx_task_work_run+0x10/0x10
[  112.434351][ T5837]  exit_to_user_mode_loop+0xed/0x480
[  112.434374][ T5837]  ? rcu_is_watching+0x15/0xb0
[  112.434404][ T5837]  do_syscall_64+0x2b7/0xf80
[  112.434431][ T5837]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.434450][ T5837]  ? trace_irq_disable+0x37/0x100
[  112.434475][ T5837]  ? clear_bhb_loop+0x40/0x90
[  112.434501][ T5837]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.434520][ T5837] RIP: 0033:0x7efc6199c117
[  112.434540][ T5837] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  112.434556][ T5837] RSP: 002b:00007ffce804ad88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  112.434577][ T5837] RAX: 0000000000000000 RBX: 00007efc61a0471f RCX: 00007efc6199c117
[  112.434590][ T5837] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffce804ae40
[  112.434601][ T5837] RBP: 00007ffce804ae40 R08: 00007ffce804be40 R09: 00000000ffffffff
[  112.434614][ T5837] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffce804bed0
[  112.434625][ T5837] R13: 00007efc61a0471f R14: 000000000001b6a4 R15: 00007ffce804bf10
[  112.434663][ T5837]  </TASK>
[  112.434671][ T5837] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  112.497215][ T6175] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0002]
[  112.867313][ T5944] kworker/u8:7: attempt to access beyond end of device
[  112.867313][ T5944] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  112.885755][ T6175] System zones: 0-5
[  112.917129][ T5944] CPU: 0 UID: 0 PID: 5944 Comm: kworker/u8:7 Not tainted syzkaller #0 PREEMPT(full) 
[  112.917161][ T5944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  112.917175][ T5944] Workqueue: writeback wb_workfn (flush-7:0)
[  112.917215][ T5944] Call Trace:
[  112.917223][ T5944]  <TASK>
[  112.917241][ T5944]  dump_stack_lvl+0xe8/0x150
[  112.917274][ T5944]  f2fs_handle_critical_error+0x37c/0x540
[  112.917304][ T5944]  f2fs_write_end_io+0xcdb/0xff0
[  112.917351][ T5944]  __submit_merged_bio+0x256/0x650
[  112.917382][ T5944]  __submit_merged_write_cond+0x3c3/0x4e0
[  112.917426][ T5944]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  112.917488][ T5944]  f2fs_write_data_pages+0x2970/0x35e0
[  112.917511][ T5944]  ? rcu_is_watching+0x15/0xb0
[  112.917587][ T5944]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  112.917629][ T5944]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  112.917698][ T5944]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  112.917759][ T5944]  ? __lock_acquire+0x6b5/0x2cf0
[  112.917803][ T5944]  ? f2fs_update_inode+0x13d9/0x2620
[  112.917841][ T5944]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  112.917867][ T5944]  do_writepages+0x32e/0x550
[  112.917901][ T5944]  ? reacquire_held_locks+0x104/0x190
[  112.917926][ T5944]  ? writeback_sb_inodes+0x42a/0x1940
[  112.917956][ T5944]  __writeback_single_inode+0x133/0x1060
[  112.917981][ T5944]  ? do_raw_spin_unlock+0xf5/0x210
[  112.918004][ T5944]  writeback_sb_inodes+0x92e/0x1940
[  112.918027][ T5944]  ? ret_from_fork_asm+0x1a/0x30
[  112.918071][ T5944]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  112.918091][ T5944]  ? do_raw_spin_lock+0x12b/0x2f0
[  112.918171][ T5944]  ? rcu_is_watching+0x15/0xb0
[  112.918209][ T5944]  wb_writeback+0x445/0xad0
[  112.918236][ T5944]  ? queue_io+0x1f1/0x450
[  112.918267][ T5944]  ? __pfx_wb_writeback+0x10/0x10
[  112.918286][ T5944]  ? do_raw_spin_lock+0x12b/0x2f0
[  112.918336][ T5944]  wb_workfn+0x3f8/0xef0
[  112.918361][ T5944]  ? __lock_acquire+0x6b5/0x2cf0
[  112.918382][ T5944]  ? look_up_lock_class+0x57/0x110
[  112.918432][ T5944]  ? __pfx_wb_workfn+0x10/0x10
[  112.918465][ T5944]  ? do_raw_spin_lock+0x12b/0x2f0
[  112.918491][ T5944]  ? lock_acquire+0x106/0x330
[  112.918516][ T5944]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  112.918549][ T5944]  ? process_one_work+0x87c/0x15a0
[  112.918575][ T5944]  ? process_one_work+0x87c/0x15a0
[  112.918614][ T5944]  ? process_one_work+0x87c/0x15a0
[  112.918635][ T5944]  process_one_work+0x949/0x15a0
[  112.918687][ T5944]  ? __pfx_process_one_work+0x10/0x10
[  112.918708][ T5944]  ? do_raw_spin_lock+0x12b/0x2f0
[  112.918767][ T5944]  worker_thread+0xb46/0x1140
[  112.918804][ T5944]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  112.918848][ T5944]  kthread+0x388/0x470
[  112.918878][ T5944]  ? __pfx_worker_thread+0x10/0x10
[  112.918900][ T5944]  ? __pfx_kthread+0x10/0x10
[  112.918929][ T5944]  ret_from_fork+0x51b/0xa40
[  112.918956][ T5944]  ? __pfx_ret_from_fork+0x10/0x10
[  112.918978][ T5944]  ? __switch_to+0xc7d/0x1400
[  112.919004][ T5944]  ? __pfx_kthread+0x10/0x10
[  112.919035][ T5944]  ret_from_fork_asm+0x1a/0x30
[  112.919085][ T5944]  </TASK>
[  112.919093][ T5944] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  113.313187][ T6175] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  113.412743][ T6175] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni"
[  113.689046][ T6187] loop3: detected capacity change from 0 to 65536
[  113.690760][ T5842] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.814270][ T6187] XFS (loop3): DAX unsupported by block device. Turning off DAX.
[  113.836439][ T6187] XFS (loop3): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  114.081070][ T6187] XFS (loop3): Ending clean mount
[  114.100237][   T30] audit: type=1800 audit(1769547651.621:4): pid=6187 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.72" name="bus" dev="loop3" ino=41 res=0 errno=0
[  114.231681][ T5841] XFS (loop3): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  114.685026][ T6191] loop4: detected capacity change from 0 to 32768
[  114.729095][ T6191] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.73 (6191)
[  114.819625][ T6191] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  114.853118][ T6191] BTRFS info (device loop4): using sha256 checksum algorithm
[  115.134236][ T6191] BTRFS info (device loop4): rebuilding free space tree
[  115.273622][ T6226] loop1: detected capacity change from 0 to 1024
[  115.354949][ T6191] BTRFS info (device loop4): disabling free space tree
[  115.416268][ T6191] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  115.484887][ T6191] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  115.592447][ T6232] batadv_slave_1: entered promiscuous mode
[  115.605005][ T6226] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  115.619803][ T6191] BTRFS info (device loop4): enabling ssd optimizations
[  115.619835][ T6191] BTRFS info (device loop4): turning on async discard
[  115.619852][ T6191] BTRFS info (device loop4): force clearing of disk cache
[  115.619868][ T6191] BTRFS info (device loop4): enabling auto defrag
[  115.619886][ T6191] BTRFS info (device loop4): max_inline set to 4096
[  115.638241][ T6229] batadv_slave_1: left promiscuous mode
[  115.741228][ T6235] input: syz0 as /devices/virtual/input/input5
[  115.900545][ T6205] loop2: detected capacity change from 0 to 32768
[  115.986413][ T6205] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.76 (6205)
[  116.019275][ T5837] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  116.075587][ T6205] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  116.097765][ T5840] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  116.148420][ T6205] BTRFS info (device loop2): using crc32c checksum algorithm
[  116.313692][ T6252] loop1: detected capacity change from 0 to 64
[  116.446302][ T6254] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  116.474287][ T5821] IPVS: starting estimator thread 0...
[  116.492663][ T6205] BTRFS info (device loop2): enabling ssd optimizations
[  116.531407][ T6205] BTRFS info (device loop2): turning on async discard
[  116.549797][ T6205] BTRFS info (device loop2): enabling free space tree
[  116.575564][ T6267] xt_connbytes: Forcing CT accounting to be enabled
[  116.625463][ T6262] IPVS: using max 29 ests per chain, 69600 per kthread
[  116.649176][    C0] IPv4: Oversized IP packet from 127.0.0.1
[  116.690984][ T6252] syz.1.82: attempt to access beyond end of device
[  116.690984][ T6252] loop1: rw=8390657, sector=65, nr_sectors = 1 limit=64
[  116.759291][ T6252] buffer_io_error: 46 callbacks suppressed
[  116.759311][ T6252] Buffer I/O error on dev loop1, logical block 65, lost async page write
[  116.836994][ T6252] syz.1.82: attempt to access beyond end of device
[  116.836994][ T6252] loop1: rw=8390657, sector=66, nr_sectors = 1 limit=64
[  116.911740][ T6252] Buffer I/O error on dev loop1, logical block 66, lost async page write
[  116.936509][ T6252] syz.1.82: attempt to access beyond end of device
[  116.936509][ T6252] loop1: rw=8390657, sector=67, nr_sectors = 1 limit=64
[  116.973477][ T6252] Buffer I/O error on dev loop1, logical block 67, lost async page write
[  117.037020][ T5842] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  117.049007][ T6252] syz.1.82: attempt to access beyond end of device
[  117.049007][ T6252] loop1: rw=8390657, sector=68, nr_sectors = 1 limit=64
[  117.071770][ T6252] Buffer I/O error on dev loop1, logical block 68, lost async page write
[  117.089050][ T6252] syz.1.82: attempt to access beyond end of device
[  117.089050][ T6252] loop1: rw=8390657, sector=72, nr_sectors = 1 limit=64
[  117.104887][ T6252] Buffer I/O error on dev loop1, logical block 72, lost async page write
[  117.121289][ T6252] syz.1.82: attempt to access beyond end of device
[  117.121289][ T6252] loop1: rw=8390657, sector=73, nr_sectors = 1 limit=64
[  117.245825][ T6252] Buffer I/O error on dev loop1, logical block 73, lost async page write
[  117.335634][ T6252] syz.1.82: attempt to access beyond end of device
[  117.335634][ T6252] loop1: rw=8390657, sector=76, nr_sectors = 1 limit=64
[  117.433668][ T6252] Buffer I/O error on dev loop1, logical block 76, lost async page write
[  117.462919][ T6252] syz.1.82: attempt to access beyond end of device
[  117.462919][ T6252] loop1: rw=8390657, sector=77, nr_sectors = 1 limit=64
[  117.512284][ T6252] Buffer I/O error on dev loop1, logical block 77, lost async page write
[  117.554664][ T6252] syz.1.82: attempt to access beyond end of device
[  117.554664][ T6252] loop1: rw=2049, sector=78, nr_sectors = 200 limit=64
[  117.626192][ T6252] syz.1.82: attempt to access beyond end of device
[  117.626192][ T6252] loop1: rw=8390657, sector=278, nr_sectors = 1 limit=64
[  117.651001][ T6252] Buffer I/O error on dev loop1, logical block 278, lost async page write
[  117.676397][ T6252] syz.1.82: attempt to access beyond end of device
[  117.676397][ T6252] loop1: rw=8390657, sector=279, nr_sectors = 1 limit=64
[  117.710970][ T6252] Buffer I/O error on dev loop1, logical block 279, lost async page write
[  117.730841][ T6252] syz.1.82: attempt to access beyond end of device
[  117.730841][ T6252] loop1: rw=8390657, sector=280, nr_sectors = 1 limit=64
[  117.768903][ T6252] syz.1.82: attempt to access beyond end of device
[  117.768903][ T6252] loop1: rw=8390657, sector=281, nr_sectors = 1 limit=64
[  117.805487][ T6252] syz.1.82: attempt to access beyond end of device
[  117.805487][ T6252] loop1: rw=8390657, sector=282, nr_sectors = 1 limit=64
[  117.862509][ T6252] syz.1.82: attempt to access beyond end of device
[  117.862509][ T6252] loop1: rw=8390657, sector=283, nr_sectors = 1 limit=64
[  117.921358][ T6252] syz.1.82: attempt to access beyond end of device
[  117.921358][ T6252] loop1: rw=8390657, sector=4172, nr_sectors = 1 limit=64
[  117.949365][ T6272] loop4: detected capacity change from 0 to 32768
[  117.976032][ T6272] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.88 (6272)
[  118.030053][ T6284] Zero length message leads to an empty skb
[  118.057869][ T6272] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  118.090422][ T6272] BTRFS info (device loop4): using blake2b checksum algorithm
[  118.132534][ T6272] workqueue: max_active 262152 requested for btrfs-worker is out of range, clamping between 1 and 2048
[  118.161804][ T6272] workqueue: max_active 262152 requested for btrfs-delalloc is out of range, clamping between 1 and 2048
[  118.226297][ T6272] workqueue: max_active 262152 requested for btrfs-endio is out of range, clamping between 1 and 2048
[  118.311197][ T6272] workqueue: max_active 262152 requested for btrfs-endio-meta is out of range, clamping between 1 and 2048
[  118.330935][ T6272] workqueue: max_active 262152 requested for btrfs-rmw is out of range, clamping between 1 and 2048
[  118.395920][ T6272] workqueue: max_active 262152 requested for btrfs-endio-write is out of range, clamping between 1 and 2048
[  118.497438][ T6272] BTRFS info (device loop4): enabling ssd optimizations
[  118.524152][ T6272] BTRFS info (device loop4): turning on async discard
[  118.534536][ T6272] BTRFS info (device loop4): enabling free space tree
[  118.866163][ T5840] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  119.221742][ T6292] loop2: detected capacity change from 0 to 32768
[  119.275662][ T6292] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.94 (6292)
[  119.344026][ T6292] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  119.362128][ T6316] loop1: detected capacity change from 0 to 512
[  119.378244][ T6292] BTRFS info (device loop2): using sha256 checksum algorithm
[  119.477878][ T6316] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  119.664622][   T30] audit: type=1800 audit(1769547657.181:5): pid=6316 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.99" name="file1" dev="loop1" ino=15 res=0 errno=0
[  119.667879][ T6292] BTRFS info (device loop2): enabling ssd optimizations
[  119.715983][ T6292] BTRFS info (device loop2): turning on async discard
[  119.759406][ T6292] BTRFS info (device loop2): enabling free space tree
[  119.806223][ T6338] faux_driver vkms: [drm] Unknown color mode 9; guessing buffer size.
[  119.820276][ T5837] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  120.095555][ T6342] loop1: detected capacity change from 0 to 128
[  120.158937][ T6292] BTRFS info (device loop2): scrub: started on devid 1
[  120.172052][ T6342] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  120.205927][ T6342] hpfs: filesystem error: improperly stopped
[  120.232873][ T6292] BTRFS info (device loop2): scrub: finished on devid 1 with status: 0
[  120.254064][ T6342] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  120.268348][ T6342] hpfs: You really don't want any checks? You are crazy...
[  120.286413][ T6342] hpfs: hpfs_map_sector(): read error
[  120.318340][ T6342] hpfs: code page support is disabled
[  120.339722][ T6342] hpfs: hpfs_map_4sectors(): unaligned read
[  120.347915][ T6342] hpfs: hpfs_map_4sectors(): unaligned read
[  120.354533][ T6342] hpfs: filesystem error: unable to find root dir
[  120.671394][ T6353] loop4: detected capacity change from 0 to 128
[  120.677405][ T6310] loop3: detected capacity change from 0 to 40427
[  120.706173][ T6351] loop1: detected capacity change from 0 to 1024
[  120.721158][ T6310] F2FS-fs (loop3): build fault injection rate: 174
[  120.761304][ T6310] F2FS-fs (loop3): build fault injection type: 0x3bfe8c
[  120.783611][ T6351] EXT4-fs: Ignoring removed orlov option
[  120.790438][ T6353] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  120.800468][ T6351] EXT4-fs: inline encryption not supported
[  120.847008][ T6310] F2FS-fs (loop3): invalid crc value
[  120.852890][ T6351] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (52289!=20869)
[  120.907533][ T6353] ext4 filesystem being mounted at /17/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  120.936846][ T6351] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  120.998581][ T6351] EXT4-fs (loop1): invalid journal inode
[  121.026275][ T6353] syz.4.107 (pid 6353) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  121.035235][ T6351] EXT4-fs (loop1): can't get journal size
[  121.059246][ T6351] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  121.061306][ T6361] loop0: detected capacity change from 0 to 1024
[  121.183754][ T5840] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  121.198558][ T5842] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  121.223652][ T5837] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  121.253903][ T6310] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  121.272639][ T6310] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  121.330323][   T30] audit: type=1800 audit(1769547658.851:6): pid=6361 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.109" name="file1" dev="loop0" ino=2 res=0 errno=0
[  121.410179][ T6361] hfsplus: b-tree write err: -5, ino 3
[  121.418472][   T30] audit: type=1800 audit(1769547658.941:7): pid=6310 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.97" name="file1" dev="loop3" ino=10 res=0 errno=0
[  121.614192][   T62] hfsplus: bad catalog file entry
[  121.630661][   T62] hfsplus: b-tree write err: -5, ino 3
[  121.642525][ T5841] CPU: 1 UID: 0 PID: 5841 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  121.642553][ T5841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  121.642564][ T5841] Call Trace:
[  121.642572][ T5841]  <TASK>
[  121.642591][ T5841]  dump_stack_lvl+0xe8/0x150
[  121.642625][ T5841]  f2fs_handle_critical_error+0x37c/0x540
[  121.642654][ T5841]  f2fs_write_end_io+0xcdb/0xff0
[  121.642676][ T5841]  ? __submit_merged_bio+0x256/0x650
[  121.642715][ T5841]  __submit_merged_bio+0x256/0x650
[  121.642743][ T5841]  __submit_merged_write_cond+0x3c3/0x4e0
[  121.642785][ T5841]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  121.642842][ T5841]  f2fs_write_data_pages+0x2970/0x35e0
[  121.642873][ T5841]  ? __lock_acquire+0x6b5/0x2cf0
[  121.642938][ T5841]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  121.642975][ T5841]  ? unwind_next_frame+0xa5/0x23c0
[  121.643044][ T5841]  ? __lock_acquire+0x6b5/0x2cf0
[  121.643083][ T5841]  ? __lock_acquire+0x6b5/0x2cf0
[  121.643116][ T5841]  ? do_raw_spin_lock+0x12b/0x2f0
[  121.643158][ T5841]  ? do_raw_spin_unlock+0xf5/0x210
[  121.643176][ T5841]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  121.643200][ T5841]  do_writepages+0x32e/0x550
[  121.643236][ T5841]  ? do_raw_spin_unlock+0xf5/0x210
[  121.643260][ T5841]  filemap_fdatawrite+0x1e9/0x2f0
[  121.643286][ T5841]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  121.643371][ T5841]  ? do_raw_spin_unlock+0xf5/0x210
[  121.643395][ T5841]  f2fs_sync_dirty_inodes+0x30e/0x810
[  121.643457][ T5841]  f2fs_write_checkpoint+0x9cf/0x2680
[  121.643480][ T5841]  ? __lock_acquire+0x6b5/0x2cf0
[  121.643540][ T5841]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  121.643629][ T5841]  kill_f2fs_super+0x314/0x720
[  121.643661][ T5841]  ? __pfx_kill_f2fs_super+0x10/0x10
[  121.643700][ T5841]  ? lockdep_hardirqs_on+0x7a/0x110
[  121.643742][ T5841]  deactivate_locked_super+0xbc/0x130
[  121.643770][ T5841]  cleanup_mnt+0x437/0x4d0
[  121.643797][ T5841]  ? _raw_spin_unlock_irq+0x23/0x50
[  121.643825][ T5841]  task_work_run+0x1d9/0x270
[  121.643848][ T5841]  ? __pfx_task_work_run+0x10/0x10
[  121.643888][ T5841]  exit_to_user_mode_loop+0xed/0x480
[  121.643910][ T5841]  ? rcu_is_watching+0x15/0xb0
[  121.643938][ T5841]  do_syscall_64+0x2b7/0xf80
[  121.643962][ T5841]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.643980][ T5841]  ? trace_irq_disable+0x37/0x100
[  121.644004][ T5841]  ? clear_bhb_loop+0x40/0x90
[  121.644027][ T5841]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.644045][ T5841] RIP: 0033:0x7f15d359c117
[  121.644065][ T5841] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  121.644079][ T5841] RSP: 002b:00007ffdb1bcd298 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  121.644100][ T5841] RAX: 0000000000000000 RBX: 00007f15d360471f RCX: 00007f15d359c117
[  121.644112][ T5841] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdb1bcd350
[  121.644123][ T5841] RBP: 00007ffdb1bcd350 R08: 00007ffdb1bce350 R09: 00000000ffffffff
[  121.644133][ T5841] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdb1bce3e0
[  121.644143][ T5841] R13: 00007f15d360471f R14: 000000000001da7e R15: 00007ffdb1bce420
[  121.644177][ T5841]  </TASK>
[  121.644184][ T5841] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  122.267195][ T6377] loop1: detected capacity change from 0 to 4096
[  122.306888][ T6377] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512).
[  122.551888][ T6377] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  122.589632][ T6385] loop6: detected capacity change from 0 to 524288000
[  122.719589][   T30] audit: type=1804 audit(1769547660.241:8): pid=6377 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.117" name="/newroot/21/file0/bus" dev="loop1" ino=33 res=1 errno=0
[  123.144400][ T6375] loop0: detected capacity change from 0 to 32768
[  123.294192][ T6375] JBD2: Ignoring recovery information on journal
[  123.559394][ T6375] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  123.825636][ T6384] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  123.954704][ T6384] XFS (loop2): Ending clean mount
[  123.969210][ T6384] XFS (loop2): Quotacheck needed: Please wait.
[  124.118352][ T6384] XFS (loop2): Quotacheck: Done.
[  124.183979][ T5833] ocfs2: Unmounting device (7,0) on (node local)
[  124.243240][ T6387] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  124.441794][ T6387] XFS (loop3): Ending clean mount
[  124.519176][ T6387] XFS (loop3): Quotacheck needed: Please wait.
[  124.533606][ T5842] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  124.548519][ T6425] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.130'.
[  124.650137][ T6387] XFS (loop3): Quotacheck: Done.
[  124.946998][ T5841] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  125.154380][ T6435] netlink: 20 bytes leftover after parsing attributes in process `syz.1.135'.
[  125.245390][ T5915] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  125.425367][ T5915] usb 5-1: Using ep0 maxpacket: 8
[  125.451580][ T5915] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  125.495746][ T5915] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  125.526266][ T5915] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  125.546723][ T5915] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  125.572065][ T5915] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  125.585011][ T5915] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  125.674255][ T6429] set_capacity_and_notify: 2 callbacks suppressed
[  125.674274][ T6429] loop0: detected capacity change from 0 to 40427
[  125.706080][ T6429] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  125.715318][ T6429] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  125.862300][ T6447] bridge0: port 1(bridge_slave_0) entered disabled state
[  125.863619][ T5915] usb 5-1: GET_CAPABILITIES returned 0
[  125.908338][ T5915] usbtmc 5-1:16.0: can't read capabilities
[  125.914704][ T6447] bridge0: port 2(bridge_slave_1) entered disabled state
[  125.932489][ T6429] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  126.042577][ T6429] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  126.071697][ T6429] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  126.106613][ T6429] fscrypt (loop0, inode 3): Error -61 getting encryption context
[  126.142889][    C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  126.167977][    C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  126.168191][ T6460] fscrypt (loop0, inode 3): Error -61 getting encryption context
[  126.178048][    C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  126.178483][    C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  126.178537][    C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  126.178585][    C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  126.178788][    C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  126.178836][    C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  126.178881][    C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  126.179091][    C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  126.179141][    C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  126.179181][    C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  126.330053][    C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  126.339483][    C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  126.349090][    C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  126.362001][    C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  126.393606][ T5951] usb 5-1: USB disconnect, device number 3
[  127.207680][ T6459] loop1: detected capacity change from 0 to 40427
[  127.884883][ T6459] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  127.964100][ T6459] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  128.198785][ T6459] bio_check_eod: 50 callbacks suppressed
[  128.198807][ T6459] syz.1.141: attempt to access beyond end of device
[  128.198807][ T6459] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  128.419857][ T6459] CPU: 0 UID: 0 PID: 6459 Comm: syz.1.141 Not tainted syzkaller #0 PREEMPT(full) 
[  128.419892][ T6459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  128.419904][ T6459] Call Trace:
[  128.419913][ T6459]  <TASK>
[  128.419922][ T6459]  dump_stack_lvl+0xe8/0x150
[  128.419960][ T6459]  f2fs_handle_critical_error+0x37c/0x540
[  128.419993][ T6459]  f2fs_write_end_io+0xcdb/0xff0
[  128.420041][ T6459]  __submit_merged_bio+0x256/0x650
[  128.420073][ T6459]  __submit_merged_write_cond+0x3c3/0x4e0
[  128.420117][ T6459]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  128.420178][ T6459]  f2fs_write_data_pages+0x2970/0x35e0
[  128.420249][ T6459]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  128.420291][ T6459]  ? css_rstat_updated+0x23a/0x530
[  128.420346][ T6459]  ? rcu_is_watching+0x15/0xb0
[  128.420377][ T6459]  ? __lock_acquire+0x6b5/0x2cf0
[  128.420468][ T6459]  ? __lock_acquire+0x6b5/0x2cf0
[  128.420504][ T6459]  ? do_raw_spin_lock+0x12b/0x2f0
[  128.420548][ T6459]  ? do_raw_spin_unlock+0xf5/0x210
[  128.420568][ T6459]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  128.420593][ T6459]  do_writepages+0x32e/0x550
[  128.420632][ T6459]  ? do_raw_spin_unlock+0xf5/0x210
[  128.420655][ T6459]  filemap_fdatawrite+0x1e9/0x2f0
[  128.420685][ T6459]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  128.420767][ T6459]  ? do_raw_spin_unlock+0xf5/0x210
[  128.420790][ T6459]  f2fs_sync_dirty_inodes+0x30e/0x810
[  128.420834][ T6459]  f2fs_write_checkpoint+0x9cf/0x2680
[  128.420858][ T6459]  ? __lock_acquire+0x6b5/0x2cf0
[  128.420921][ T6459]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  128.421015][ T6459]  kill_f2fs_super+0x314/0x720
[  128.421047][ T6459]  ? __pfx_kill_f2fs_super+0x10/0x10
[  128.421087][ T6459]  ? lockdep_hardirqs_on+0x7a/0x110
[  128.421132][ T6459]  deactivate_locked_super+0xbc/0x130
[  128.421162][ T6459]  cleanup_mnt+0x437/0x4d0
[  128.421190][ T6459]  ? _raw_spin_unlock_irq+0x23/0x50
[  128.421220][ T6459]  task_work_run+0x1d9/0x270
[  128.421245][ T6459]  ? __pfx_task_work_run+0x10/0x10
[  128.421265][ T6459]  ? do_exit+0x696/0x2310
[  128.421293][ T6459]  ? kmem_cache_free+0x180/0x610
[  128.421322][ T6459]  ? put_net+0x191/0x260
[  128.421352][ T6459]  do_exit+0x69b/0x2310
[  128.421387][ T6459]  ? futex_hash+0x40/0x2d0
[  128.421525][ T6459]  ? __pfx_do_exit+0x10/0x10
[  128.421560][ T6459]  ? do_raw_spin_lock+0x12b/0x2f0
[  128.421603][ T6459]  do_group_exit+0x21b/0x2d0
[  128.421621][ T6459]  ? _raw_spin_unlock_irq+0x23/0x50
[  128.421649][ T6459]  get_signal+0x1284/0x1330
[  128.421700][ T6459]  arch_do_signal_or_restart+0xbc/0x830
[  128.421729][ T6459]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  128.421764][ T6459]  ? __pfx___se_sys_futex+0x10/0x10
[  128.421798][ T6459]  exit_to_user_mode_loop+0x86/0x480
[  128.421822][ T6459]  ? rcu_is_watching+0x15/0xb0
[  128.421851][ T6459]  do_syscall_64+0x2b7/0xf80
[  128.421879][ T6459]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  128.421898][ T6459]  ? trace_irq_disable+0x37/0x100
[  128.421923][ T6459]  ? clear_bhb_loop+0x40/0x90
[  128.421949][ T6459]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  128.421968][ T6459] RIP: 0033:0x7efc6199aeb9
[  128.421989][ T6459] Code: Unable to access opcode bytes at 0x7efc6199ae8f.
[  128.421998][ T6459] RSP: 002b:00007efc629290e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  128.422021][ T6459] RAX: fffffffffffffe00 RBX: 00007efc61c15fa8 RCX: 00007efc6199aeb9
[  128.422034][ T6459] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007efc61c15fa8
[  128.422046][ T6459] RBP: 00007efc61c15fa0 R08: 0000000000000000 R09: 0000000000000000
[  128.422057][ T6459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  128.422068][ T6459] R13: 00007efc61c16038 R14: 00007ffce804ba30 R15: 00007ffce804bb18
[  128.422105][ T6459]  </TASK>
[  128.422114][ T6459] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  128.997883][ T6466] loop3: detected capacity change from 0 to 32768
[  129.042336][ T6472] loop2: detected capacity change from 0 to 32768
[  129.112823][ T6472] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.147 (6472)
[  129.436262][ T6466] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  129.469404][ T6472] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  129.524398][ T6472] BTRFS info (device loop2): using blake2b checksum algorithm
[  129.613635][ T6474] loop4: detected capacity change from 0 to 262144
[  129.623990][ T6474] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.148 (6474)
[  129.645615][ T6474] BTRFS info (device loop4): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  129.656596][ T6474] BTRFS info (device loop4): using xxhash64 checksum algorithm
[  129.671358][ T6466] XFS (loop3): Ending clean mount
[  129.703659][ T6466] XFS (loop3): Quotacheck needed: Please wait.
[  129.849648][ T6466] XFS (loop3): Quotacheck: Done.
[  129.914148][ T5841] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  129.975888][ T6474] BTRFS info (device loop4): deleted orphan free space tree entries
[  129.984997][ T6474] BTRFS info (device loop4): checking UUID tree
[  129.992777][ T6474] BTRFS info (device loop4): enabling ssd optimizations
[  130.001498][ T6474] BTRFS info (device loop4): enabling free space tree
[  130.056117][ T6472] BTRFS info (device loop2): enabling ssd optimizations
[  130.106406][ T6472] BTRFS info (device loop2): turning on async discard
[  130.140574][ T6472] BTRFS info (device loop2): enabling free space tree
[  130.172358][ T5840] BTRFS info (device loop4): last unmount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  130.196467][ T6472] BTRFS info (device loop2): use zstd compression, level 3
[  130.475839][ T5842] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  130.869091][ T6534] loop3: detected capacity change from 0 to 512
[  130.944538][ T6534] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  130.987979][ T6539] loop0: detected capacity change from 0 to 128
[  131.015453][ T6534] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  131.097954][ T6539] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  131.113726][ T6534] EXT4-fs (loop3): 1 truncate cleaned up
[  131.217668][ T6534] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  131.230780][ T6539] ext4 filesystem being mounted at /32/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  131.509019][ T5841] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  131.657735][ T5833] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  132.225189][ T6531] loop4: detected capacity change from 0 to 40427
[  132.246266][ T6535] loop2: detected capacity change from 0 to 32768
[  132.308622][ T6535] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.154 (6535)
[  132.346280][ T6531] F2FS-fs (loop4): build fault injection type: 0x7
[  132.385657][ T6531] F2FS-fs (loop4): invalid crc value
[  132.418643][ T6535] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  132.484860][ T6535] BTRFS info (device loop2): using sha256 checksum algorithm
[  132.529572][ T6535] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  132.798504][ T6531] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  132.817147][ T6531] F2FS-fs (loop4): Start checkpoint disabled!
[  132.837158][ T6531] F2FS-fs (loop4): f2fs_disable_checkpoint() finish, err:0
[  132.856349][ T6535] BTRFS info (device loop2): rebuilding free space tree
[  132.865963][ T6531] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  132.977469][ T6535] BTRFS info (device loop2): disabling free space tree
[  133.022497][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  133.032128][ T6577] loop3: detected capacity change from 0 to 512
[  133.035582][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  133.046415][ T6535] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  133.095448][ T6535] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  133.133512][ T6577] EXT4-fs (loop3): filesystem is read-only
[  133.163473][ T6535] BTRFS info (device loop2): enabling ssd optimizations
[  133.185464][ T6577] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  133.215428][ T6535] BTRFS info (device loop2): turning on async discard
[  133.222813][ T6535] BTRFS info (device loop2): enabling disk space caching
[  133.261083][ T6547] loop0: detected capacity change from 0 to 32768
[  133.270515][ T6535] BTRFS info (device loop2): force clearing of disk cache
[  133.289665][ T6577] EXT4-fs (loop3): filesystem is read-only
[  133.335348][ T6577] EXT4-fs (loop3): orphan cleanup on readonly fs
[  133.369331][ T6577] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #16: comm syz.3.163: iget: bad i_size value: -504403158265486552
[  133.386037][ T6535] BTRFS info (device loop2): enabling auto defrag
[  133.393381][ T6535] BTRFS info (device loop2): force zlib compression, level 3
[  133.409901][ T6547] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  133.466960][ T6577] loop3: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117
[  133.469148][ T6577] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.163: couldn't read orphan inode 16 (err -117)
[  133.485432][    C0] EXT4-fs (loop3): error count since last fsck: 1
[  133.500543][    C0] EXT4-fs (loop3): initial error at time 1769547670: ext4_orphan_get:1391: inode 16
[  133.510995][    C0] EXT4-fs (loop3): last error at time 1769547670: ext4_orphan_get:1391: inode 16
[  133.528389][   T13] kworker/u8:1: attempt to access beyond end of device
[  133.528389][   T13] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  133.561015][ T6577] loop3: lost filesystem error report for type 5 error -117
[  133.561338][   T13] CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT(full) 
[  133.561364][   T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  133.561376][   T13] Workqueue: writeback wb_workfn (flush-7:4)
[  133.561418][   T13] Call Trace:
[  133.561426][   T13]  <TASK>
[  133.561435][   T13]  dump_stack_lvl+0xe8/0x150
[  133.561467][   T13]  f2fs_handle_critical_error+0x37c/0x540
[  133.561499][   T13]  f2fs_write_end_io+0xcdb/0xff0
[  133.561547][   T13]  __submit_merged_bio+0x256/0x650
[  133.561589][   T13]  __submit_merged_write_cond+0x3c3/0x4e0
[  133.561630][   T13]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  133.561688][   T13]  f2fs_write_data_pages+0x2970/0x35e0
[  133.561752][   T13]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  133.561790][   T13]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  133.561849][   T13]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  133.561890][   T13]  ? __lock_acquire+0x6b5/0x2cf0
[  133.561936][   T13]  ? set_shrinker_bit+0x7c/0x350
[  133.561964][   T13]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  133.561989][   T13]  do_writepages+0x32e/0x550
[  133.562024][   T13]  ? reacquire_held_locks+0x104/0x190
[  133.562048][   T13]  ? writeback_sb_inodes+0x42a/0x1940
[  133.562089][   T13]  __writeback_single_inode+0x133/0x1060
[  133.562113][   T13]  ? do_raw_spin_unlock+0xf5/0x210
[  133.562139][   T13]  writeback_sb_inodes+0x92e/0x1940
[  133.562168][   T13]  ? ret_from_fork_asm+0x1a/0x30
[  133.562218][   T13]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  133.562237][   T13]  ? do_raw_spin_lock+0x12b/0x2f0
[  133.562314][   T13]  ? rcu_is_watching+0x15/0xb0
[  133.562351][   T13]  wb_writeback+0x445/0xad0
[  133.562380][   T13]  ? queue_io+0x1f1/0x450
[  133.562411][   T13]  ? __pfx_wb_writeback+0x10/0x10
[  133.562429][   T13]  ? do_raw_spin_lock+0x12b/0x2f0
[  133.562479][   T13]  wb_workfn+0x3f8/0xef0
[  133.562504][   T13]  ? __lock_acquire+0x6b5/0x2cf0
[  133.562524][   T13]  ? look_up_lock_class+0x57/0x110
[  133.562583][   T13]  ? __pfx_wb_workfn+0x10/0x10
[  133.562617][   T13]  ? do_raw_spin_lock+0x12b/0x2f0
[  133.562644][   T13]  ? lock_acquire+0x106/0x330
[  133.562669][   T13]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  133.562701][   T13]  ? process_one_work+0x87c/0x15a0
[  133.562727][   T13]  ? process_one_work+0x87c/0x15a0
[  133.562766][   T13]  ? process_one_work+0x87c/0x15a0
[  133.562787][   T13]  process_one_work+0x949/0x15a0
[  133.562832][   T13]  ? __pfx_process_one_work+0x10/0x10
[  133.562851][   T13]  ? do_raw_spin_lock+0x12b/0x2f0
[  133.562900][   T13]  worker_thread+0xb46/0x1140
[  133.562959][   T13]  kthread+0x388/0x470
[  133.562988][   T13]  ? __pfx_worker_thread+0x10/0x10
[  133.563010][   T13]  ? __pfx_kthread+0x10/0x10
[  133.563042][   T13]  ret_from_fork+0x51b/0xa40
[  133.563071][   T13]  ? __pfx_ret_from_fork+0x10/0x10
[  133.563094][   T13]  ? __switch_to+0xc7d/0x1400
[  133.563121][   T13]  ? __pfx_kthread+0x10/0x10
[  133.563152][   T13]  ret_from_fork_asm+0x1a/0x30
[  133.563200][   T13]  </TASK>
[  133.563209][   T13] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  133.567023][ T6590] netlink: 8 bytes leftover after parsing attributes in process `syz.1.165'.
[  133.590209][ T6577] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  133.654270][ T6547] XFS (loop0): Ending clean mount
[  133.675562][ T6590] netlink: 'syz.1.165': attribute type 5 has an invalid length.
[  133.795630][ T6547] XFS (loop0): Quotacheck needed: Please wait.
[  133.852111][ T6590] netlink: 20 bytes leftover after parsing attributes in process `syz.1.165'.
[  134.161125][ T1146] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared)
[  134.175480][ T6590] geneve2: entered promiscuous mode
[  134.179741][ T6547] XFS (loop0): Quotacheck: Done.
[  134.181006][ T6590] geneve2: entered allmulticast mode
[  134.203351][ T5841] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  134.305383][   T13] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0
[  134.315093][   T13] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0
[  134.397252][   T13] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0
[  134.461549][   T13] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0
[  134.471354][ T5842] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  134.520730][ T5833] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  134.746829][ T6596] loop3: detected capacity change from 0 to 4096
[  134.933868][ T6601] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  135.057169][   T29] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  135.245529][   T29] usb 2-1: Using ep0 maxpacket: 16
[  135.296381][   T29] usb 2-1: config 128 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  135.345321][   T29] usb 2-1: config 128 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  135.387799][   T29] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  135.441596][   T29] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  135.600715][ T6621] netlink: 7 bytes leftover after parsing attributes in process `syz.3.176'.
[  135.734039][ T6625] loop0: detected capacity change from 0 to 512
[  135.768490][ T6625] EXT4-fs error (device loop0): ext4_orphan_get:1391: inode #15: comm syz.0.177: inode has both inline data and extents flags
[  135.785455][ T6625] loop0: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  135.794799][ T6625] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.177: couldn't read orphan inode 15 (err -117)
[  135.806581][    C0] EXT4-fs (loop0): error count since last fsck: 1
[  135.806608][    C0] EXT4-fs (loop0): initial error at time 1769547673: ext4_orphan_get:1391: inode 15
[  135.806640][    C0] EXT4-fs (loop0): last error at time 1769547673: ext4_orphan_get:1391: inode 15
[  135.850400][ T6625] loop0: lost filesystem error report for type 5 error -117
[  135.854052][ T6613] syzkaller1: entered promiscuous mode
[  135.876170][ T6625] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  135.893853][ T6613] syzkaller1: entered allmulticast mode
[  135.934063][   T29] mcp2221 0003:04D8:00DD.0001: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0
[  135.983896][ T6621] netlink: 7 bytes leftover after parsing attributes in process `syz.3.176'.
[  135.997129][ T6625] EXT4-fs (loop0): can't disable delalloc during remount
[  136.147986][ T5833] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  136.162525][   T29] usb 2-1: USB disconnect, device number 2
[  136.258114][ T6629] loop3: detected capacity change from 0 to 512
[  136.356020][ T6629] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  136.370976][ T6635] netlink: 'syz.4.180': attribute type 2 has an invalid length.
[  136.381819][ T6634] loop0: detected capacity change from 0 to 128
[  136.438178][ T6629] ext4 filesystem being mounted at /42/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  136.564928][ T6634] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  137.088833][ T6650] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  137.125154][ T5841] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  137.463431][ T6656] Illegal XDP return value 4294967274 on prog  (id 12) dev syz_tun, expect packet loss!
[  137.808057][ T6667] loop3: detected capacity change from 0 to 128
[  138.536395][   T30] audit: type=1326 audit(1769547676.051:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6687 comm="syz.1.204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc6199aeb9 code=0x7ffc0000
[  138.573526][   T30] audit: type=1326 audit(1769547676.061:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6687 comm="syz.1.204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc6199aeb9 code=0x7ffc0000
[  138.624159][   T30] audit: type=1326 audit(1769547676.091:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6687 comm="syz.1.204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc6199aeb9 code=0x7ffc0000
[  138.709383][ T6693] loop3: detected capacity change from 0 to 2048
[  138.716095][   T30] audit: type=1326 audit(1769547676.091:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6687 comm="syz.1.204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc6199aeb9 code=0x7ffc0000
[  138.744263][   T30] audit: type=1326 audit(1769547676.091:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6687 comm="syz.1.204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7efc6199aeb9 code=0x7ffc0000
[  138.772586][   T30] audit: type=1326 audit(1769547676.091:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6687 comm="syz.1.204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc6199aeb9 code=0x7ffc0000
[  138.834493][   T30] audit: type=1326 audit(1769547676.091:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6687 comm="syz.1.204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc6199aeb9 code=0x7ffc0000
[  138.867656][ T6693] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  138.894013][   T30] audit: type=1326 audit(1769547676.091:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6687 comm="syz.1.204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc6199aeb9 code=0x7ffc0000
[  138.931082][   T30] audit: type=1326 audit(1769547676.091:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6687 comm="syz.1.204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7efc6199aeb9 code=0x7ffc0000
[  138.958236][   T30] audit: type=1326 audit(1769547676.131:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6687 comm="syz.1.204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc6199aeb9 code=0x7ffc0000
[  139.060969][ T5841] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  139.096288][ T6700] loop1: detected capacity change from 0 to 512
[  139.126143][ T6700] EXT4-fs: inline encryption not supported
[  139.180094][ T6700] EXT4-fs: Ignoring removed i_version option
[  139.261051][ T6700] EXT4-fs (loop1): 1 orphan inode deleted
[  139.301348][ T6700] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  139.389281][ T6700] EXT4-fs (loop1): shut down requested (2)
[  139.553020][ T5837] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  139.691693][ T6711] netlink: 8 bytes leftover after parsing attributes in process `syz.4.211'.
[  139.713180][ T6712] loop1: detected capacity change from 0 to 1024
[  139.762070][ T6712] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945)
[  139.784195][ T6712] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  139.803750][ T6712] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  139.814856][ T6712] EXT4-fs (loop1): orphan cleanup on readonly fs
[  139.823906][ T6712] EXT4-fs error (device loop1): ext4_read_inode_bitmap:167: comm syz.1.212: Inode bitmap for bg 0 marked uninitialized
[  139.839191][ T6712] loop1: lost filesystem error report for type 5 error -117
[  139.849973][ T6712] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  139.961314][ T6712] EXT4-fs (loop1): shut down requested (0)
[  140.025625][    T9] usb 3-1: new full-speed USB device number 3 using dummy_hcd
[  140.078044][ T5837] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  140.212887][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  140.240723][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  140.260995][    T9] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00
[  140.291615][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  140.316494][    T9] usb 3-1: config 0 descriptor??
[  140.467034][ T6706] loop3: detected capacity change from 0 to 40427
[  140.498477][ T6706] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  140.543748][ T6706] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  140.759595][    T9] koneplus 0003:1E7D:2D51.0002: unknown main item tag 0x0
[  140.782024][    T9] koneplus 0003:1E7D:2D51.0002: unknown main item tag 0x0
[  140.797642][    T9] koneplus 0003:1E7D:2D51.0002: unknown main item tag 0x0
[  140.799328][ T6706] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  140.822472][    T9] koneplus 0003:1E7D:2D51.0002: unknown main item tag 0x0
[  140.853296][    T9] koneplus 0003:1E7D:2D51.0002: unknown main item tag 0x0
[  140.901454][ T6706] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  140.915540][ T6706] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  140.936792][    T9] koneplus 0003:1E7D:2D51.0002: hidraw0: USB HID v0.00 Device [HID 1e7d:2d51] on usb-dummy_hcd.2-1/input0
[  141.270249][    T9] usb 3-1: USB disconnect, device number 3
[  141.525031][ T6740] syzkaller1: entered promiscuous mode
[  141.575871][ T6740] syzkaller1: entered allmulticast mode
[  142.789648][ T6761] loop1: detected capacity change from 0 to 32768
[  142.854484][ T6761] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.231 (6761)
[  142.906810][ T6766] loop2: detected capacity change from 0 to 32768
[  142.941084][ T6766] BTRFS info: device /dev/loop2 (7:2) using temp-fsid 3946952e-061d-4d10-a68f-5a7a817ee989
[  142.941258][ T6761] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  142.984415][ T6766] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.232 (6766)
[  143.005854][ T6761] BTRFS info (device loop1): using sha256 checksum algorithm
[  143.014532][ T6771] pim6reg1: entered promiscuous mode
[  143.024144][ T6771] pim6reg1: entered allmulticast mode
[  143.055454][ T6766] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  143.067528][ T6766] BTRFS info (device loop2): using sha256 checksum algorithm
[  143.095477][ T6766] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  143.211847][ T6761] BTRFS info (device loop1): enabling ssd optimizations
[  143.240154][ T6761] BTRFS info (device loop1): turning on async discard
[  143.275211][ T6761] BTRFS info (device loop1): enabling free space tree
[  143.322749][ T6766] BTRFS info (device loop2): rebuilding free space tree
[  143.487931][ T6766] BTRFS info (device loop2): disabling free space tree
[  143.503715][ T6766] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  143.537262][ T6766] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  143.580613][ T6766] BTRFS info (device loop2): enabling ssd optimizations
[  143.600739][ T6766] BTRFS info (device loop2): enabling disk space caching
[  143.618244][ T6769] loop4: detected capacity change from 0 to 32768
[  143.627207][ T6806] loop0: detected capacity change from 0 to 256
[  143.635913][ T6766] BTRFS info (device loop2): force clearing of disk cache
[  143.643527][ T6766] BTRFS info (device loop2): enabling auto defrag
[  143.663588][ T6766] BTRFS info (device loop2): max_inline set to 0
[  143.717761][ T5837] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  143.730496][ T6769] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  143.801813][ T6806] FAT-fs (loop0): Directory bread(block 64) failed
[  143.825548][ T6806] FAT-fs (loop0): Directory bread(block 65) failed
[  143.851465][ T6806] FAT-fs (loop0): Directory bread(block 66) failed
[  143.860475][ T6806] FAT-fs (loop0): Directory bread(block 67) failed
[  143.868816][ T6806] FAT-fs (loop0): Directory bread(block 68) failed
[  143.871212][ T6769] XFS (loop4): Ending clean mount
[  143.875982][ T6806] FAT-fs (loop0): Directory bread(block 69) failed
[  143.888519][ T6806] FAT-fs (loop0): Directory bread(block 70) failed
[  143.895636][ T6806] FAT-fs (loop0): Directory bread(block 71) failed
[  143.902274][ T6806] FAT-fs (loop0): Directory bread(block 72) failed
[  143.916801][ T6806] FAT-fs (loop0): Directory bread(block 73) failed
[  143.945375][   T29] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  144.084217][   T12] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared)
[  144.087576][ T6806] process 'syz.0.237' launched '/dev/fd/4' with NULL argv: empty string added
[  144.127535][   T29] usb 4-1: Using ep0 maxpacket: 16
[  144.169163][   T29] usb 4-1: config 128 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  144.184383][ T6806] syz.0.237: attempt to access beyond end of device
[  144.184383][ T6806] loop0: rw=8912896, sector=1160, nr_sectors = 4 limit=256
[  144.196421][   T29] usb 4-1: config 128 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  144.226067][ T6806] syz.0.237: attempt to access beyond end of device
[  144.226067][ T6806] loop0: rw=8388608, sector=1160, nr_sectors = 4 limit=256
[  144.240393][ T5842] BTRFS info (device loop2): last unmount of filesystem 3946952e-061d-4d10-a68f-5a7a817ee989
[  144.282807][   T29] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  144.312277][   T29] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  144.341857][ T5840] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  144.787703][ T6828] netlink: 16 bytes leftover after parsing attributes in process `syz.0.242'.
[  144.847511][ T6828] netlink: 16 bytes leftover after parsing attributes in process `syz.0.242'.
[  144.917110][   T29] mcp2221 0003:04D8:00DD.0003: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.3-1/input0
[  145.084462][   T29] usb 4-1: USB disconnect, device number 2
[  145.183523][ T6834] loop0: detected capacity change from 0 to 512
[  145.237901][ T6834] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem
[  145.271988][ T6837] loop1: detected capacity change from 0 to 128
[  145.435452][ T6834] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz.0.244: bg 0: block 104: invalid block bitmap
[  145.488298][ T6834] loop0: lost filesystem error report for type 5 error -117
[  145.493021][ T6834] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6687: Corrupt filesystem
[  145.500544][    C1] EXT4-fs (loop0): error count since last fsck: 1
[  145.500568][    C1] EXT4-fs (loop0): initial error at time 1769547683: ext4_validate_block_bitmap:432
[  145.500594][    C1] EXT4-fs (loop0): last error at time 1769547683: ext4_validate_block_bitmap:432
[  145.543603][ T6834] loop0: lost filesystem error report for type 5 error -117
[  145.560818][ T6834] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.244: invalid indirect mapped block 1 (level 1)
[  145.589668][ T6834] loop0: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  145.595107][ T6834] EXT4-fs (loop0): 1 truncate cleaned up
[  145.614142][ T6834] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  145.727980][   T30] kauditd_printk_skb: 25 callbacks suppressed
[  145.727999][   T30] audit: type=1800 audit(1769547683.251:44): pid=6834 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.244" name="file1" dev="loop0" ino=18 res=0 errno=0
[  145.934972][ T5833] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  146.125621][    T9] usb 2-1: new full-speed USB device number 3 using dummy_hcd
[  146.243024][ T6867] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  146.263143][ T6864] loop4: detected capacity change from 0 to 2048
[  146.318115][    T9] usb 2-1: too many endpoints for config 0 interface 0 altsetting 254: 253, using maximum allowed: 30
[  146.355551][    T9] usb 2-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  146.365887][    T9] usb 2-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  146.379399][    T9] usb 2-1: config 0 interface 0 has no altsetting 0
[  146.386306][    T9] usb 2-1: New USB device found, idVendor=056a, idProduct=00b2, bcdDevice= 0.00
[  146.396273][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  146.409303][ T6864] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  146.422886][ T6864] ext4 filesystem being mounted at /55/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  146.471311][ T6864] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.257: bg 0: block 345: padding at end of block bitmap is not set
[  146.500151][ T6864] EXT4-fs (loop4): Remounting filesystem read-only
[  146.508161][    T9] usb 2-1: config 0 descriptor??
[  146.658427][ T5840] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  146.997843][ T6854] loop1: detected capacity change from 0 to 1764
[  147.084331][    T9] wacom 0003:056A:00B2.0004: unbalanced delimiter at end of report description
[  147.124156][    T9] wacom 0003:056A:00B2.0004: parse failed
[  147.155458][    T9] wacom 0003:056A:00B2.0004: probe with driver wacom failed with error -22
[  147.178230][ T6894] loop4: detected capacity change from 0 to 2048
[  147.204539][ T6894] udf: Bad value for 'volume'
[  147.292424][ T5844] usb 2-1: USB disconnect, device number 3
[  147.324474][ T6899] bridge0: port 1(bridge_slave_0) entered disabled state
[  147.340267][ T6899] bridge0: port 2(bridge_slave_1) entered disabled state
[  147.454267][ T6894] netlink: 12 bytes leftover after parsing attributes in process `syz.4.268'.
[  147.702946][ T6908] loop0: detected capacity change from 0 to 4096
[  147.912684][ T5821] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  148.032646][ T6918] netlink: 'syz.2.279': attribute type 32 has an invalid length.
[  148.087412][ T5821] usb 5-1: Using ep0 maxpacket: 32
[  148.105799][ T5821] usb 5-1: config 0 interface 0 has no altsetting 0
[  148.156068][ T5821] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  148.189463][ T5821] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  148.229556][ T5821] usb 5-1: Product: syz
[  148.251448][ T5821] usb 5-1: Manufacturer: syz
[  148.253354][ T6924] sch_tbf: burst 19920 is lower than device lo mtu (65550) !
[  148.270336][ T5821] usb 5-1: SerialNumber: syz
[  148.309367][ T5821] usb 5-1: config 0 descriptor??
[  148.391980][ T6927] netlink: 8 bytes leftover after parsing attributes in process `syz.0.280'.
[  148.755123][ T5821] gs_usb 5-1:0.0: Configuring for 1 interfaces
[  149.134874][ T6944] netlink: 'syz.2.287': attribute type 29 has an invalid length.
[  149.199104][ T6945] netlink: 'syz.2.287': attribute type 29 has an invalid length.
[  149.209989][ T6938] loop0: detected capacity change from 0 to 32768
[  149.231018][ T5821] gs_usb 5-1:0.0: Couldn't register candev for channel 0 (-EINVAL)
[  149.310625][ T6938] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  149.321485][ T6938] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  149.345338][ T5821] gs_usb 5-1:0.0: probe with driver gs_usb failed with error -22
[  149.356583][ T6944] netlink: 500 bytes leftover after parsing attributes in process `syz.2.287'.
[  149.367831][ T6944] unsupported nla_type 58
[  149.465571][ T6950] loop1: detected capacity change from 0 to 512
[  149.501946][ T6938] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms
[  149.543409][ T5821] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  149.554904][ T6950] EXT4-fs (loop1): 1 truncate cleaned up
[  149.590717][ T5821] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  149.618992][ T6950] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  149.665674][ T5915] usb 5-1: USB disconnect, device number 4
[  149.783588][ T6950] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.288: bg 0: block 465: padding at end of block bitmap is not set
[  149.883550][ T6950] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  149.958089][ T6959] loop3: detected capacity change from 0 to 2048
[  149.972273][ T5821] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 381ms
[  149.980125][ T6950] EXT4-fs (loop1): This should not happen!! Data will be lost
[  149.980125][ T6950] 
[  150.007487][ T6959] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  150.016427][ T5821] gfs2: fsid=syz:syz.0: jid=0: Done
[  150.024868][ T6938] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  150.039095][ T6950] EXT4-fs (loop1): Total free blocks count 0
[  150.069574][ T6950] EXT4-fs (loop1): Free/Dirty block details
[  150.086111][ T6950] EXT4-fs (loop1): free_blocks=0
[  150.086329][ T6959] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  150.100943][ T6950] EXT4-fs (loop1): dirty_blocks=66
[  150.116174][ T6950] EXT4-fs (loop1): Block reservation details
[  150.159331][ T6950] EXT4-fs (loop1): i_reserved_data_blocks=66
[  150.357542][ T6965] netlink: 60 bytes leftover after parsing attributes in process `syz.4.293'.
[  150.410003][   T13] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 64 with error 28
[  150.491739][ T6965] netlink: 60 bytes leftover after parsing attributes in process `syz.4.293'.
[  150.590469][ T6967] netlink: 32 bytes leftover after parsing attributes in process `syz.3.294'.
[  150.635787][ T6967] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  150.847870][ T6971] input: syz0 as /devices/virtual/input/input6
[  150.962402][ T6956] loop2: detected capacity change from 0 to 32768
[  151.075895][ T6956] XFS (loop2): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  151.150549][ T6956] XFS (loop2): Ending clean mount
[  151.200858][ T6938] gfs2: reconfiguration of spectator mode not allowed
[  151.560077][ T5842] XFS (loop2): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  152.124458][ T7000] loop2: detected capacity change from 0 to 512
[  152.167297][ T7000] EXT4-fs: Ignoring removed nobh option
[  152.203937][ T7000] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  152.241006][ T7003] loop0: detected capacity change from 0 to 128
[  152.259633][ T7000] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #15: comm syz.2.303: iget: bad i_size value: 38620345925642
[  152.296168][ T7000] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  152.296698][ T7000] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.303: couldn't read orphan inode 15 (err -117)
[  152.305919][    C0] EXT4-fs (loop2): error count since last fsck: 1
[  152.305937][    C0] EXT4-fs (loop2): initial error at time 1769547689: ext4_orphan_get:1391: inode 15
[  152.305968][    C0] EXT4-fs (loop2): last error at time 1769547689: ext4_orphan_get:1391: inode 15
[  152.359964][ T6987] loop4: detected capacity change from 0 to 32768
[  152.368974][ T6987] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.300 (6987)
[  152.370162][ T7000] loop2: lost filesystem error report for type 5 error -117
[  152.395319][   T30] audit: type=1800 audit(1769547689.891:45): pid=7003 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.306" name="file1" dev="loop0" ino=1048610 res=0 errno=0
[  152.436092][ T1146] FAT-fs (loop0): error, invalid FAT chain (i_pos 548, last_block 8)
[  152.454265][ T7000] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  152.486373][ T1146] FAT-fs (loop0): Filesystem has been set read-only
[  152.519897][ T1146] FAT-fs (loop0): error, corrupted file size (i_pos 548, 522)
[  152.566687][ T7003] FAT-fs (loop0): error, corrupted file size (i_pos 548, 522)
[  152.585800][ T7003] FAT-fs (loop0): Filesystem has been set read-only
[  152.593947][ T6987] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  152.635327][ T6987] BTRFS info (device loop4): using sha256 checksum algorithm
[  152.700706][ T5842] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  152.881090][ T7022] loop1: detected capacity change from 0 to 4096
[  152.911892][ T6987] BTRFS info (device loop4): rebuilding free space tree
[  153.030918][ T6987] BTRFS info (device loop4): disabling free space tree
[  153.080134][ T6987] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  153.135484][ T6987] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  153.210447][ T6987] BTRFS info (device loop4): enabling ssd optimizations
[  153.245976][ T6987] BTRFS info (device loop4): turning on async discard
[  153.270092][ T6987] BTRFS info (device loop4): force clearing of disk cache
[  153.325351][ T6987] BTRFS info (device loop4): enabling auto defrag
[  153.331838][ T6987] BTRFS info (device loop4): max_inline set to 4096
[  153.468645][ T7042] loop2: detected capacity change from 0 to 128
[  153.555029][ T7042] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  153.611476][ T7042] ext4 filesystem being mounted at /51/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  153.893679][ T5842] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  154.077488][ T5840] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  154.174988][ T7035] loop3: detected capacity change from 0 to 32768
[  154.274322][ T7035] ocfs2: Slot 0 on device (7,3) was already allocated to this node!
[  154.325701][ T7035] JBD2: Ignoring recovery information on journal
[  154.433261][ T7035] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  154.766412][ T5841] ocfs2: Unmounting device (7,3) on (node local)
[  155.199211][ T7051] loop0: detected capacity change from 0 to 32768
[  155.228144][ T7051] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.322 (7051)
[  155.267507][ T7051] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  155.283369][ T7051] BTRFS info (device loop0): using crc32c checksum algorithm
[  155.369259][ T7051] BTRFS info (device loop0): rebuilding free space tree
[  155.432149][ T7051] BTRFS info (device loop0): allowing degraded mounts
[  155.445787][ T7051] BTRFS info (device loop0): enabling ssd optimizations
[  155.463051][ T7051] BTRFS info (device loop0): enabling free space tree
[  155.486890][ T7051] BTRFS info (device loop0): force clearing of disk cache
[  155.509861][ T7051] BTRFS info (device loop0): use zstd compression, level 3
[  155.537681][ T7051] BTRFS info (device loop0): max_inline set to 0
[  155.594232][   T30] audit: type=1800 audit(1769547693.111:46): pid=7051 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.322" name="bus" dev="loop0" ino=263 res=0 errno=0
[  155.764123][ T5833] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  155.790317][ T7073] loop2: detected capacity change from 0 to 32768
[  155.828519][ T7073] (syz.2.330,7073,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  155.896401][ T7073] (syz.2.330,7073,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  156.020232][ T7073] JBD2: Ignoring recovery information on journal
[  156.178045][ T7069] loop1: detected capacity change from 0 to 32768
[  156.229421][ T7069] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.327 (7069)
[  156.285925][ T7073] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  156.367745][ T7102] mmap: syz.0.333 (7102) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  156.375386][ T7069] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  156.426573][ T7069] BTRFS info (device loop1): using blake2b checksum algorithm
[  156.451267][ T7069] workqueue: max_active 262152 requested for btrfs-worker is out of range, clamping between 1 and 2048
[  156.520286][ T7069] workqueue: max_active 262152 requested for btrfs-delalloc is out of range, clamping between 1 and 2048
[  156.631094][ T7069] workqueue: max_active 262152 requested for btrfs-endio is out of range, clamping between 1 and 2048
[  156.702845][ T7069] workqueue: max_active 262152 requested for btrfs-endio-meta is out of range, clamping between 1 and 2048
[  156.777148][ T7069] workqueue: max_active 262152 requested for btrfs-rmw is out of range, clamping between 1 and 2048
[  156.843706][ T7069] workqueue: max_active 262152 requested for btrfs-endio-write is out of range, clamping between 1 and 2048
[  156.855779][ T7073] syz.2.330 (7073) used greatest stack depth: 18648 bytes left
[  157.015053][ T7069] BTRFS info (device loop1): enabling ssd optimizations
[  157.057819][ T7069] BTRFS info (device loop1): turning on async discard
[  157.066866][ T5842] ocfs2: Unmounting device (7,2) on (node local)
[  157.066928][ T7069] BTRFS info (device loop1): enabling free space tree
[  157.295924][ T7133] loop0: detected capacity change from 0 to 2048
[  157.331019][ T7133] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  157.651419][ T5837] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  158.516236][   T51] Bluetooth: hci4: command tx timeout
[  158.775790][ T7143] loop3: detected capacity change from 0 to 40427
[  158.819567][ T7143] F2FS-fs (loop3): invalid crc value
[  159.067595][ T7143] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  159.095663][ T7143] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  159.191539][ T7170] loop0: detected capacity change from 0 to 1024
[  159.274658][ T5841] syz-executor: attempt to access beyond end of device
[  159.274658][ T5841] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  159.293888][ T5841] CPU: 0 UID: 0 PID: 5841 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  159.293916][ T5841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  159.293927][ T5841] Call Trace:
[  159.293935][ T5841]  <TASK>
[  159.293943][ T5841]  dump_stack_lvl+0xe8/0x150
[  159.293977][ T5841]  f2fs_handle_critical_error+0x37c/0x540
[  159.294008][ T5841]  f2fs_write_end_io+0xcdb/0xff0
[  159.294056][ T5841]  __submit_merged_bio+0x256/0x650
[  159.294085][ T5841]  __submit_merged_write_cond+0x3c3/0x4e0
[  159.294128][ T5841]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  159.294185][ T5841]  f2fs_write_data_pages+0x2970/0x35e0
[  159.294205][ T5841]  ? unwind_next_frame+0xa5/0x23c0
[  159.294229][ T5841]  ? lock_acquire+0x106/0x330
[  159.294294][ T5841]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  159.294315][ T5841]  ? is_bpf_text_address+0x26/0x2b0
[  159.294411][ T5841]  ? __lock_acquire+0x6b5/0x2cf0
[  159.294452][ T5841]  ? __lock_acquire+0x6b5/0x2cf0
[  159.294496][ T5841]  ? do_raw_spin_lock+0x12b/0x2f0
[  159.294538][ T5841]  ? do_raw_spin_unlock+0xf5/0x210
[  159.294558][ T5841]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  159.294581][ T5841]  do_writepages+0x32e/0x550
[  159.294619][ T5841]  ? do_raw_spin_unlock+0xf5/0x210
[  159.294644][ T5841]  filemap_fdatawrite+0x1e9/0x2f0
[  159.294673][ T5841]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  159.294754][ T5841]  ? do_raw_spin_unlock+0xf5/0x210
[  159.294778][ T5841]  f2fs_sync_dirty_inodes+0x30e/0x810
[  159.294820][ T5841]  f2fs_write_checkpoint+0x9cf/0x2680
[  159.294842][ T5841]  ? __lock_acquire+0x6b5/0x2cf0
[  159.294903][ T5841]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  159.294995][ T5841]  kill_f2fs_super+0x314/0x720
[  159.295028][ T5841]  ? __pfx_kill_f2fs_super+0x10/0x10
[  159.295069][ T5841]  ? lockdep_hardirqs_on+0x7a/0x110
[  159.295111][ T5841]  deactivate_locked_super+0xbc/0x130
[  159.295141][ T5841]  cleanup_mnt+0x437/0x4d0
[  159.295169][ T5841]  ? _raw_spin_unlock_irq+0x23/0x50
[  159.295199][ T5841]  task_work_run+0x1d9/0x270
[  159.295222][ T5841]  ? __pfx_task_work_run+0x10/0x10
[  159.295252][ T5841]  exit_to_user_mode_loop+0xed/0x480
[  159.295273][ T5841]  ? rcu_is_watching+0x15/0xb0
[  159.295299][ T5841]  do_syscall_64+0x2b7/0xf80
[  159.295323][ T5841]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.295340][ T5841]  ? trace_irq_disable+0x37/0x100
[  159.295363][ T5841]  ? clear_bhb_loop+0x40/0x90
[  159.295387][ T5841]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.295405][ T5841] RIP: 0033:0x7f15d359c117
[  159.295424][ T5841] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  159.295439][ T5841] RSP: 002b:00007ffdb1bcd298 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  159.295469][ T5841] RAX: 0000000000000000 RBX: 00007f15d360471f RCX: 00007f15d359c117
[  159.295482][ T5841] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdb1bcd350
[  159.295492][ T5841] RBP: 00007ffdb1bcd350 R08: 00007ffdb1bce350 R09: 00000000ffffffff
[  159.295503][ T5841] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdb1bce3e0
[  159.295513][ T5841] R13: 00007f15d360471f R14: 0000000000026dbd R15: 00007ffdb1bce420
[  159.295547][ T5841]  </TASK>
[  159.295554][ T3574] hfsplus: b-tree write err: -5, ino 4
[  159.369392][ T5841] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  159.637876][ T5155] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[  159.644381][   T51] Bluetooth: hci5: command 0xfc11 tx timeout
[  160.383344][ T7199] loop4: detected capacity change from 0 to 128
[  160.412641][ T7199] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  160.430658][ T7199] hpfs: filesystem error: improperly stopped
[  160.438271][ T7199] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  160.448018][ T7199] hpfs: You really don't want any checks? You are crazy...
[  160.456413][ T7199] hpfs: hpfs_map_sector(): read error
[  160.466881][ T7199] hpfs: code page support is disabled
[  160.472483][ T7199] hpfs: hpfs_map_4sectors(): unaligned read
[  160.555418][ T7199] hpfs: hpfs_map_4sectors(): unaligned read
[  160.561367][ T7199] hpfs: filesystem error: unable to find root dir
[  161.043304][ T7200] loop3: detected capacity change from 0 to 32768
[  161.075765][ T7210] loop4: detected capacity change from 0 to 1024
[  161.105316][ T7200] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  161.184080][ T7210] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  161.201444][ T7200] XFS (loop3): Ending clean mount
[  161.224636][ T7200] XFS (loop3): Quotacheck needed: Please wait.
[  161.305414][ T7200] XFS (loop3): Quotacheck: Done.
[  161.405383][    T9] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  161.418389][ T5841] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  161.423443][ T7202] loop2: detected capacity change from 0 to 32768
[  161.478977][ T7202] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  161.489193][ T7202] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  161.571356][    T9] usb 2-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac
[  161.592164][ T7202] gfs2: fsid=syz:syz.0: fatal: invalid metadata block - bh = 19 (type: exp=5, found=4), function = gfs2_meta_buffer, file = fs/gfs2/meta_io.c, line = 496
[  161.625455][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  161.654068][    T9] usb 2-1: Product: syz
[  161.662574][    T9] usb 2-1: Manufacturer: syz
[  161.667484][ T7202] CPU: 0 UID: 0 PID: 7202 Comm: syz.2.367 Not tainted syzkaller #0 PREEMPT(full) 
[  161.667511][ T7202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  161.667522][ T7202] Call Trace:
[  161.667530][ T7202]  <TASK>
[  161.667539][ T7202]  dump_stack_lvl+0xe8/0x150
[  161.667571][ T7202]  gfs2_withdraw+0xc3/0x1b0
[  161.667603][ T7202]  gfs2_meta_buffer+0x250/0x2e0
[  161.667633][ T7202]  __gfs2_iomap_get+0x756/0x1840
[  161.667685][ T7202]  ? __pfx___gfs2_iomap_get+0x10/0x10
[  161.667717][ T7202]  ? rcu_is_watching+0x15/0xb0
[  161.667752][ T7202]  gfs2_block_map+0x2a3/0x750
[  161.667795][ T7202]  ? __pfx_gfs2_block_map+0x10/0x10
[  161.667819][ T7202]  ? __pfx_bit_wait_io+0x10/0x10
[  161.667847][ T7202]  ? __pfx_out_of_line_wait_on_bit+0x10/0x10
[  161.667878][ T7202]  ? __pfx_wake_bit_function+0x10/0x10
[  161.667910][ T7202]  ? __wait_on_buffer+0xe/0x80
[  161.667961][ T7202]  gfs2_write_alloc_required+0x3b5/0x690
[  161.667996][ T7202]  ? __pfx_gfs2_write_alloc_required+0x10/0x10
[  161.668041][ T7202]  ? __pfx_wake_up_bit+0x10/0x10
[  161.668089][ T7202]  gfs2_jdesc_check+0x21a/0x2f0
[  161.668118][ T7202]  init_journal+0xc7e/0x2260
[  161.668163][ T7202]  ? init_inodes+0xdb/0x320
[  161.668197][ T7202]  ? __pfx_init_journal+0x10/0x10
[  161.668224][ T7202]  ? vsnprintf+0xdf1/0xee0
[  161.668257][ T7202]  ? snprintf+0xe8/0x140
[  161.668279][ T7202]  ? init_inodes+0xdb/0x320
[  161.668309][ T7202]  ? __pfx_snprintf+0x10/0x10
[  161.668332][ T7202]  ? gfs2_glock_nq_num+0x13d/0x170
[  161.668356][ T7202]  init_inodes+0xdb/0x320
[  161.668388][ T7202]  gfs2_fill_super+0x1a38/0x21d0
[  161.668435][ T7202]  ? __pfx_gfs2_fill_super+0x10/0x10
[  161.668479][ T7202]  ? init_locking+0xb8/0x210
[  161.668506][ T7202]  ? sb_set_blocksize+0x155/0x240
[  161.668538][ T7202]  ? setup_bdev_super+0x4c1/0x5b0
[  161.668571][ T7202]  get_tree_bdev_flags+0x431/0x4f0
[  161.668610][ T7202]  ? __pfx_gfs2_fill_super+0x10/0x10
[  161.668638][ T7202]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  161.668665][ T7202]  ? __pfx_vfs_parse_comma_sep+0x10/0x10
[  161.668701][ T7202]  gfs2_get_tree+0x51/0x1e0
[  161.668734][ T7202]  vfs_get_tree+0x92/0x2a0
[  161.668766][ T7202]  do_new_mount+0x341/0xd30
[  161.668789][ T7202]  ? apparmor_capable+0x137/0x1a0
[  161.668821][ T7202]  ? __pfx_do_new_mount+0x10/0x10
[  161.668846][ T7202]  ? ns_capable+0x89/0xe0
[  161.668883][ T7202]  ? user_path_at+0xd4/0x160
[  161.668912][ T7202]  __se_sys_mount+0x31d/0x420
[  161.668942][ T7202]  ? __pfx___se_sys_mount+0x10/0x10
[  161.668974][ T7202]  ? __x64_sys_mount+0x20/0xc0
[  161.669001][ T7202]  do_syscall_64+0xe2/0xf80
[  161.669028][ T7202]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.669048][ T7202]  ? trace_irq_disable+0x37/0x100
[  161.669074][ T7202]  ? clear_bhb_loop+0x40/0x90
[  161.669100][ T7202]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.669120][ T7202] RIP: 0033:0x7fd533b9c14a
[  161.669141][ T7202] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  161.669156][ T7202] RSP: 002b:00007fd531df5e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  161.669179][ T7202] RAX: ffffffffffffffda RBX: 00007fd531df5ee0 RCX: 00007fd533b9c14a
[  161.669193][ T7202] RDX: 0000200000000000 RSI: 00002000000002c0 RDI: 00007fd531df5ea0
[  161.669204][ T7202] RBP: 0000200000000000 R08: 00007fd531df5ee0 R09: 0000000000000000
[  161.669216][ T7202] R10: 0000000000000000 R11: 0000000000000246 R12: 00002000000002c0
[  161.669227][ T7202] R13: 00007fd531df5ea0 R14: 00000000000126a0 R15: 00002000000003c0
[  161.669261][ T7202]  </TASK>
[  161.669279][ T7202] gfs2: fsid=syz:syz.0: G:  s:SH n:2/13 f:aqo t:SH d:EX/0 a:0 v:0 r:2 m:20 p:1
[  161.706811][ T5840] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  161.710265][    T9] usb 2-1: SerialNumber: syz
[  161.810078][ T7202] gfs2: fsid=syz:syz.0:  H: s:SH f:eEcH e:0 p:0 [(none)] init_inodes+0xdb/0x320
[  161.838869][    T9] usb 2-1: config 0 descriptor??
[  161.880902][ T7202] gfs2: fsid=syz:syz.0:  I: n:1/19 t:8 f:0x00 d:0x00000200 s:8388608 p:0
[  161.966801][    T9] gspca_main: sunplus-2.14.0 probing 055f:c230
[  161.984856][ T7202] gfs2: fsid=syz:syz.0: my journal (0) is bad: -5
[  162.577638][ T7242] syzkaller1: entered promiscuous mode
[  162.583345][ T7242] syzkaller1: entered allmulticast mode
[  162.705416][ T5951] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  162.793867][ T7248] loop2: detected capacity change from 0 to 1024
[  162.803871][ T7248] EXT4-fs: Ignoring removed bh option
[  162.820672][ T7248] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  162.881464][ T5951] usb 5-1: Using ep0 maxpacket: 8
[  162.898843][ T5951] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  162.950587][ T5951] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  162.974273][ T5951] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  162.988795][    T9] gspca_sunplus: reg_r err -71
[  162.993694][    T9] sunplus 2-1:0.0: probe with driver sunplus failed with error -71
[  163.015064][ T5951] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  163.029356][    T9] usb 2-1: USB disconnect, device number 4
[  163.045531][ T5951] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  163.073119][ T5951] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  163.087408][ T5951] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.109172][ T5951] usb 5-1: config 0 descriptor??
[  163.121494][ T5842] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  163.137999][ T7244] loop3: detected capacity change from 0 to 40427
[  163.146985][ T5155] Bluetooth: hci5: urb ffff88807d922700 submission failed (90)
[  163.180552][ T7244] F2FS-fs (loop3): Image doesn't support compression
[  163.206169][ T7244] F2FS-fs (loop3): build fault injection rate: 690
[  163.218870][ T7244] F2FS-fs (loop3): invalid crc value
[  163.336333][   T29] usb 5-1: USB disconnect, device number 5
[  163.377750][ T7244] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  163.398654][ T7244] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  163.428201][   T30] audit: type=1800 audit(1769547700.951:47): pid=7244 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.380" name="file1" dev="loop3" ino=10 res=0 errno=0
[  163.462125][ T5841] syz-executor: attempt to access beyond end of device
[  163.462125][ T5841] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  163.476973][ T5841] CPU: 1 UID: 0 PID: 5841 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  163.476991][ T5841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  163.476999][ T5841] Call Trace:
[  163.477004][ T5841]  <TASK>
[  163.477008][ T5841]  dump_stack_lvl+0xe8/0x150
[  163.477031][ T5841]  f2fs_handle_critical_error+0x37c/0x540
[  163.477049][ T5841]  f2fs_write_end_io+0xcdb/0xff0
[  163.477075][ T5841]  __submit_merged_bio+0x256/0x650
[  163.477092][ T5841]  __submit_merged_write_cond+0x3c3/0x4e0
[  163.477117][ T5841]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  163.477160][ T5841]  f2fs_write_data_pages+0x2970/0x35e0
[  163.477174][ T5841]  ? __lock_acquire+0x6b5/0x2cf0
[  163.477209][ T5841]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  163.477251][ T5841]  ? __pfx_sched_balance_rq+0x10/0x10
[  163.477267][ T5841]  ? __lock_acquire+0x6b5/0x2cf0
[  163.477290][ T5841]  ? __lock_acquire+0x6b5/0x2cf0
[  163.477309][ T5841]  ? do_raw_spin_lock+0x12b/0x2f0
[  163.477333][ T5841]  ? do_raw_spin_unlock+0xf5/0x210
[  163.477344][ T5841]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  163.477358][ T5841]  do_writepages+0x32e/0x550
[  163.477380][ T5841]  ? do_raw_spin_unlock+0xf5/0x210
[  163.477394][ T5841]  filemap_fdatawrite+0x1e9/0x2f0
[  163.477411][ T5841]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  163.477455][ T5841]  ? do_raw_spin_unlock+0xf5/0x210
[  163.477468][ T5841]  f2fs_sync_dirty_inodes+0x30e/0x810
[  163.477493][ T5841]  f2fs_write_checkpoint+0x9cf/0x2680
[  163.477529][ T5841]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  163.477579][ T5841]  kill_f2fs_super+0x314/0x720
[  163.477597][ T5841]  ? __pfx_kill_f2fs_super+0x10/0x10
[  163.477620][ T5841]  ? lockdep_hardirqs_on+0x7a/0x110
[  163.477645][ T5841]  deactivate_locked_super+0xbc/0x130
[  163.477662][ T5841]  cleanup_mnt+0x437/0x4d0
[  163.477678][ T5841]  ? _raw_spin_unlock_irq+0x23/0x50
[  163.477695][ T5841]  task_work_run+0x1d9/0x270
[  163.477709][ T5841]  ? __pfx_task_work_run+0x10/0x10
[  163.477727][ T5841]  exit_to_user_mode_loop+0xed/0x480
[  163.477740][ T5841]  ? rcu_is_watching+0x15/0xb0
[  163.477757][ T5841]  do_syscall_64+0x2b7/0xf80
[  163.477773][ T5841]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.477784][ T5841]  ? trace_irq_disable+0x37/0x100
[  163.477798][ T5841]  ? clear_bhb_loop+0x40/0x90
[  163.477813][ T5841]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.477824][ T5841] RIP: 0033:0x7f15d359c117
[  163.477837][ T5841] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  163.477846][ T5841] RSP: 002b:00007ffdb1bcd298 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  163.477860][ T5841] RAX: 0000000000000000 RBX: 00007f15d360471f RCX: 00007f15d359c117
[  163.477868][ T5841] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdb1bcd350
[  163.477875][ T5841] RBP: 00007ffdb1bcd350 R08: 00007ffdb1bce350 R09: 00000000ffffffff
[  163.477883][ T5841] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdb1bce3e0
[  163.477890][ T5841] R13: 00007f15d360471f R14: 0000000000027e4c R15: 00007ffdb1bce420
[  163.477910][ T5841]  </TASK>
[  163.477915][ T5841] F2FS-fs (loop3): Remounting filesystem read-only
[  163.565556][    T9] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  163.940065][ T7262] netlink: 28 bytes leftover after parsing attributes in process `syz.1.387'.
[  163.950266][ T7262] netlink: 28 bytes leftover after parsing attributes in process `syz.1.387'.
[  163.956938][    T9] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  163.972014][    T9] usb 3-1: config 0 has no interface number 0
[  163.981586][    T9] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  163.992259][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  164.000347][    T9] usb 3-1: Product: syz
[  164.004646][    T9] usb 3-1: Manufacturer: syz
[  164.009362][    T9] usb 3-1: SerialNumber: syz
[  164.035058][    T9] usb 3-1: config 0 descriptor??
[  164.251643][    T9] usb 3-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  164.269790][    T9] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  164.280819][    T9] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  164.290607][    T9] usb 3-1: media controller created
[  164.312732][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  164.436424][   T29] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  164.517324][    T9] i2c i2c-1: ec100: i2c rd failed=-32 reg=33
[  164.585418][   T29] usb 5-1: Using ep0 maxpacket: 8
[  164.598433][   T29] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  164.625377][   T29] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  164.648844][   T29] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  164.669197][   T29] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  164.683562][   T29] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  164.696572][   T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  164.717742][ T7272] loop1: detected capacity change from 0 to 32768
[  164.735564][ T7272] (syz.1.391,7272,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  164.756549][ T7272] (syz.1.391,7272,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  164.800891][ T7272] JBD2: Ignoring recovery information on journal
[  164.863604][ T7272] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  164.940805][   T29] usb 5-1: GET_CAPABILITIES returned 0
[  164.950383][   T29] usbtmc 5-1:16.0: can't read capabilities
[  165.211329][   T29] usb 5-1: USB disconnect, device number 6
[  165.267508][ T5837] ocfs2: Unmounting device (7,1) on (node local)
[  165.442709][ T7283] loop3: detected capacity change from 0 to 40427
[  165.455864][ T7283] F2FS-fs (loop3): Image doesn't support compression
[  165.470737][ T7283] F2FS-fs (loop3): build fault injection rate: 690
[  165.490922][ T7283] F2FS-fs (loop3): build fault injection type: 0x35f7
[  165.500349][ T7283] F2FS-fs (loop3): invalid crc value
[  165.569812][    T9] usb 3-1: USB disconnect, device number 4
[  165.657879][ T7283] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  165.718623][ T7283] F2FS-fs (loop3): Start checkpoint disabled!
[  165.747804][ T7283] F2FS-fs (loop3): f2fs_disable_checkpoint() finish, err:0
[  165.765489][ T7283] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  165.832604][ T7283] F2FS-fs (loop3): Stopped filesystem due to reason: 0
[  165.919789][   T30] audit: type=1326 audit(1769547703.441:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7291 comm="syz.4.397" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ffacb99aeb9 code=0x0
[  166.324709][ T7300] loop3: detected capacity change from 0 to 256
[  166.333266][ T7299] 9p: Unknown uid 00000000004294967295
[  166.393703][ T7300] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  166.497625][ T7300] exFAT-fs (loop3): valid_size(150994954) is greater than size(10)
[  166.509463][ T7294] loop1: detected capacity change from 0 to 40427
[  166.543263][ T7294] F2FS-fs (loop1): invalid crc value
[  166.767808][ T7294] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  166.807719][ T7294] F2FS-fs (loop1): Start checkpoint disabled!
[  166.822041][ T7294] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  166.845874][ T7294] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  167.001951][ T7294] syz.1.399: attempt to access beyond end of device
[  167.001951][ T7294] loop1: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  167.050878][   T62] kworker/u8:4: attempt to access beyond end of device
[  167.050878][   T62] loop1: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  167.104631][ T7302] loop2: detected capacity change from 0 to 40427
[  167.125442][ T7302] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504)
[  167.125821][ T5944] kworker/u8:7: attempt to access beyond end of device
[  167.125821][ T5944] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  167.132429][ T7302] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  167.165569][ T7302] F2FS-fs (loop2): build fault injection rate: 17008
[  167.172305][ T7302] F2FS-fs (loop2): build fault injection type: 0x1f8
[  167.202230][ T7302] F2FS-fs (loop2): invalid crc value
[  167.212510][ T5944] CPU: 0 UID: 0 PID: 5944 Comm: kworker/u8:7 Not tainted syzkaller #0 PREEMPT(full) 
[  167.212535][ T5944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  167.212547][ T5944] Workqueue: writeback wb_workfn (flush-7:1)
[  167.212583][ T5944] Call Trace:
[  167.212590][ T5944]  <TASK>
[  167.212598][ T5944]  dump_stack_lvl+0xe8/0x150
[  167.212626][ T5944]  f2fs_handle_critical_error+0x37c/0x540
[  167.212654][ T5944]  f2fs_write_end_io+0xcdb/0xff0
[  167.212696][ T5944]  __submit_merged_bio+0x256/0x650
[  167.212723][ T5944]  __submit_merged_write_cond+0x3c3/0x4e0
[  167.212759][ T5944]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  167.212811][ T5944]  f2fs_write_data_pages+0x2970/0x35e0
[  167.212873][ T5944]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  167.212908][ T5944]  ? unwind_next_frame+0xa5/0x23c0
[  167.212971][ T5944]  ? rcu_is_watching+0x15/0xb0
[  167.212994][ T5944]  ? trace_pelt_se_tp+0x39/0x120
[  167.213038][ T5944]  ? update_load_avg+0x1b0/0x1e70
[  167.213080][ T5944]  ? pick_next_task_fair+0x16d3/0x1710
[  167.213105][ T5944]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  167.213129][ T5944]  do_writepages+0x32e/0x550
[  167.213160][ T5944]  ? reacquire_held_locks+0x104/0x190
[  167.213185][ T5944]  ? writeback_sb_inodes+0x42a/0x1940
[  167.213212][ T5944]  __writeback_single_inode+0x133/0x1060
[  167.213235][ T5944]  ? do_raw_spin_unlock+0xf5/0x210
[  167.213257][ T5944]  writeback_sb_inodes+0x92e/0x1940
[  167.213305][ T5944]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  167.213323][ T5944]  ? do_raw_spin_lock+0x12b/0x2f0
[  167.213393][ T5944]  ? rcu_is_watching+0x15/0xb0
[  167.213426][ T5944]  wb_writeback+0x445/0xad0
[  167.213452][ T5944]  ? queue_io+0x1f1/0x450
[  167.213488][ T5944]  ? __pfx_wb_writeback+0x10/0x10
[  167.213506][ T5944]  ? do_raw_spin_lock+0x12b/0x2f0
[  167.213549][ T5944]  wb_workfn+0x3f8/0xef0
[  167.213572][ T5944]  ? __lock_acquire+0x6b5/0x2cf0
[  167.213591][ T5944]  ? look_up_lock_class+0x57/0x110
[  167.213637][ T5944]  ? __pfx_wb_workfn+0x10/0x10
[  167.213659][ T5944]  ? kasan_quarantine_put+0xbb/0x1f0
[  167.213688][ T5944]  ? do_raw_spin_lock+0x12b/0x2f0
[  167.213714][ T5944]  ? lock_acquire+0x106/0x330
[  167.213737][ T5944]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  167.213766][ T5944]  ? process_one_work+0x87c/0x15a0
[  167.213788][ T5944]  ? process_one_work+0x87c/0x15a0
[  167.213823][ T5944]  ? process_one_work+0x87c/0x15a0
[  167.213843][ T5944]  process_one_work+0x949/0x15a0
[  167.213888][ T5944]  ? __pfx_process_one_work+0x10/0x10
[  167.213908][ T5944]  ? do_raw_spin_lock+0x12b/0x2f0
[  167.213952][ T5944]  worker_thread+0xb46/0x1140
[  167.213985][ T5944]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  167.214024][ T5944]  kthread+0x388/0x470
[  167.214049][ T5944]  ? __pfx_worker_thread+0x10/0x10
[  167.214068][ T5944]  ? __pfx_kthread+0x10/0x10
[  167.214096][ T5944]  ret_from_fork+0x51b/0xa40
[  167.214122][ T5944]  ? __pfx_ret_from_fork+0x10/0x10
[  167.214142][ T5944]  ? __switch_to+0xc7d/0x1400
[  167.214167][ T5944]  ? __pfx_kthread+0x10/0x10
[  167.214194][ T5944]  ret_from_fork_asm+0x1a/0x30
[  167.214238][ T5944]  </TASK>
[  167.214246][ T5944] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  167.651405][ T7302] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  167.694612][ T7302] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  167.705400][ T7302] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  167.918917][ T7326] netlink: 24 bytes leftover after parsing attributes in process `syz.3.409'.
[  167.962404][ T5842] syz-executor: attempt to access beyond end of device
[  167.962404][ T5842] loop2: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  168.006330][ T5842] syz-executor: attempt to access beyond end of device
[  168.006330][ T5842] loop2: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  168.064659][ T1146] kworker/u8:5: attempt to access beyond end of device
[  168.064659][ T1146] loop2: rw=2049, sector=45096, nr_sectors = 24 limit=40427
[  168.090083][ T1146] CPU: 0 UID: 0 PID: 1146 Comm: kworker/u8:5 Not tainted syzkaller #0 PREEMPT(full) 
[  168.090120][ T1146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  168.090133][ T1146] Workqueue: writeback wb_workfn (flush-7:2)
[  168.090173][ T1146] Call Trace:
[  168.090181][ T1146]  <TASK>
[  168.090190][ T1146]  dump_stack_lvl+0xe8/0x150
[  168.090221][ T1146]  f2fs_handle_critical_error+0x37c/0x540
[  168.090252][ T1146]  f2fs_write_end_io+0xcdb/0xff0
[  168.090299][ T1146]  __submit_merged_bio+0x256/0x650
[  168.090328][ T1146]  __submit_merged_write_cond+0x3c3/0x4e0
[  168.090368][ T1146]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  168.090428][ T1146]  f2fs_write_data_pages+0x2970/0x35e0
[  168.090450][ T1146]  ? rcu_is_watching+0x15/0xb0
[  168.090521][ T1146]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  168.090561][ T1146]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  168.090628][ T1146]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  168.090652][ T1146]  ? has_not_enough_free_secs+0xcb5/0x16d0
[  168.090691][ T1146]  ? __lock_acquire+0x6b5/0x2cf0
[  168.090733][ T1146]  ? f2fs_update_inode+0x13d9/0x2620
[  168.090771][ T1146]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  168.090796][ T1146]  do_writepages+0x32e/0x550
[  168.090830][ T1146]  ? reacquire_held_locks+0x104/0x190
[  168.090854][ T1146]  ? writeback_sb_inodes+0x42a/0x1940
[  168.090884][ T1146]  __writeback_single_inode+0x133/0x1060
[  168.090908][ T1146]  ? do_raw_spin_unlock+0xf5/0x210
[  168.090934][ T1146]  writeback_sb_inodes+0x92e/0x1940
[  168.090963][ T1146]  ? ret_from_fork_asm+0x1a/0x30
[  168.091015][ T1146]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  168.091035][ T1146]  ? do_raw_spin_lock+0x12b/0x2f0
[  168.091126][ T1146]  ? rcu_is_watching+0x15/0xb0
[  168.091163][ T1146]  wb_writeback+0x445/0xad0
[  168.091191][ T1146]  ? queue_io+0x1f1/0x450
[  168.091223][ T1146]  ? __pfx_wb_writeback+0x10/0x10
[  168.091242][ T1146]  ? do_raw_spin_lock+0x12b/0x2f0
[  168.091293][ T1146]  wb_workfn+0x3f8/0xef0
[  168.091319][ T1146]  ? __lock_acquire+0x6b5/0x2cf0
[  168.091339][ T1146]  ? look_up_lock_class+0x57/0x110
[  168.091388][ T1146]  ? __pfx_wb_workfn+0x10/0x10
[  168.091422][ T1146]  ? do_raw_spin_lock+0x12b/0x2f0
[  168.091448][ T1146]  ? lock_acquire+0x106/0x330
[  168.091473][ T1146]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  168.091507][ T1146]  ? process_one_work+0x87c/0x15a0
[  168.091533][ T1146]  ? process_one_work+0x87c/0x15a0
[  168.091573][ T1146]  ? process_one_work+0x87c/0x15a0
[  168.091594][ T1146]  process_one_work+0x949/0x15a0
[  168.091647][ T1146]  ? __pfx_process_one_work+0x10/0x10
[  168.091668][ T1146]  ? do_raw_spin_lock+0x12b/0x2f0
[  168.091719][ T1146]  worker_thread+0xb46/0x1140
[  168.091779][ T1146]  kthread+0x388/0x470
[  168.091809][ T1146]  ? __pfx_worker_thread+0x10/0x10
[  168.091831][ T1146]  ? __pfx_kthread+0x10/0x10
[  168.091863][ T1146]  ret_from_fork+0x51b/0xa40
[  168.091892][ T1146]  ? __pfx_ret_from_fork+0x10/0x10
[  168.091916][ T1146]  ? __switch_to+0xc7d/0x1400
[  168.091943][ T1146]  ? __pfx_kthread+0x10/0x10
[  168.091974][ T1146]  ret_from_fork_asm+0x1a/0x30
[  168.092025][ T1146]  </TASK>
[  168.390957][ T1146] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  168.398540][ T1146] CPU: 0 UID: 0 PID: 1146 Comm: kworker/u8:5 Not tainted syzkaller #0 PREEMPT(full) 
[  168.398559][ T1146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  168.398567][ T1146] Workqueue: writeback wb_workfn (flush-7:2)
[  168.398592][ T1146] Call Trace:
[  168.398596][ T1146]  <TASK>
[  168.398602][ T1146]  dump_stack_lvl+0xe8/0x150
[  168.398621][ T1146]  f2fs_handle_critical_error+0x37c/0x540
[  168.398638][ T1146]  f2fs_write_end_io+0xcdb/0xff0
[  168.398663][ T1146]  __submit_merged_bio+0x256/0x650
[  168.398679][ T1146]  __submit_merged_write_cond+0x3c3/0x4e0
[  168.398703][ T1146]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  168.398735][ T1146]  f2fs_write_data_pages+0x2970/0x35e0
[  168.398748][ T1146]  ? rcu_is_watching+0x15/0xb0
[  168.398783][ T1146]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  168.398805][ T1146]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  168.398840][ T1146]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  168.398854][ T1146]  ? has_not_enough_free_secs+0xcb5/0x16d0
[  168.398874][ T1146]  ? __lock_acquire+0x6b5/0x2cf0
[  168.398898][ T1146]  ? f2fs_update_inode+0x13d9/0x2620
[  168.398919][ T1146]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  168.398933][ T1146]  do_writepages+0x32e/0x550
[  168.398952][ T1146]  ? reacquire_held_locks+0x104/0x190
[  168.398966][ T1146]  ? writeback_sb_inodes+0x42a/0x1940
[  168.398983][ T1146]  __writeback_single_inode+0x133/0x1060
[  168.398996][ T1146]  ? do_raw_spin_unlock+0xf5/0x210
[  168.399010][ T1146]  writeback_sb_inodes+0x92e/0x1940
[  168.399025][ T1146]  ? ret_from_fork_asm+0x1a/0x30
[  168.399052][ T1146]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  168.399064][ T1146]  ? do_raw_spin_lock+0x12b/0x2f0
[  168.399111][ T1146]  ? rcu_is_watching+0x15/0xb0
[  168.399132][ T1146]  wb_writeback+0x445/0xad0
[  168.399147][ T1146]  ? queue_io+0x1f1/0x450
[  168.399163][ T1146]  ? __pfx_wb_writeback+0x10/0x10
[  168.399174][ T1146]  ? do_raw_spin_lock+0x12b/0x2f0
[  168.399201][ T1146]  wb_workfn+0x3f8/0xef0
[  168.399216][ T1146]  ? __lock_acquire+0x6b5/0x2cf0
[  168.399228][ T1146]  ? look_up_lock_class+0x57/0x110
[  168.399254][ T1146]  ? __pfx_wb_workfn+0x10/0x10
[  168.399273][ T1146]  ? do_raw_spin_lock+0x12b/0x2f0
[  168.399289][ T1146]  ? lock_acquire+0x106/0x330
[  168.399303][ T1146]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  168.399322][ T1146]  ? process_one_work+0x87c/0x15a0
[  168.399337][ T1146]  ? process_one_work+0x87c/0x15a0
[  168.399357][ T1146]  ? process_one_work+0x87c/0x15a0
[  168.399370][ T1146]  process_one_work+0x949/0x15a0
[  168.399396][ T1146]  ? __pfx_process_one_work+0x10/0x10
[  168.399408][ T1146]  ? do_raw_spin_lock+0x12b/0x2f0
[  168.399435][ T1146]  worker_thread+0xb46/0x1140
[  168.399465][ T1146]  kthread+0x388/0x470
[  168.399482][ T1146]  ? __pfx_worker_thread+0x10/0x10
[  168.399495][ T1146]  ? __pfx_kthread+0x10/0x10
[  168.399513][ T1146]  ret_from_fork+0x51b/0xa40
[  168.399530][ T1146]  ? __pfx_ret_from_fork+0x10/0x10
[  168.399543][ T1146]  ? __switch_to+0xc7d/0x1400
[  168.399558][ T1146]  ? __pfx_kthread+0x10/0x10
[  168.399576][ T1146]  ret_from_fork_asm+0x1a/0x30
[  168.399602][ T1146]  </TASK>
[  168.399607][ T1146] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  168.617289][ T7335] netlink: 'syz.4.413': attribute type 4 has an invalid length.
[  168.617486][ T1146] CPU: 0 UID: 0 PID: 1146 Comm: kworker/u8:5 Not tainted syzkaller #0 PREEMPT(full) 
[  168.617509][ T1146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  168.617521][ T1146] Workqueue: writeback wb_workfn (flush-7:2)
[  168.617554][ T1146] Call Trace:
[  168.617562][ T1146]  <TASK>
[  168.617569][ T1146]  dump_stack_lvl+0xe8/0x150
[  168.617596][ T1146]  f2fs_handle_critical_error+0x37c/0x540
[  168.617624][ T1146]  f2fs_write_end_io+0xcdb/0xff0
[  168.617670][ T1146]  __submit_merged_bio+0x256/0x650
[  168.617696][ T1146]  __submit_merged_write_cond+0x3c3/0x4e0
[  168.617732][ T1146]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  168.617782][ T1146]  f2fs_write_data_pages+0x2970/0x35e0
[  168.617802][ T1146]  ? rcu_is_watching+0x15/0xb0
[  168.617864][ T1146]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  168.617899][ T1146]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  168.617955][ T1146]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  168.617977][ T1146]  ? has_not_enough_free_secs+0xcb5/0x16d0
[  168.618009][ T1146]  ? __lock_acquire+0x6b5/0x2cf0
[  168.618045][ T1146]  ? f2fs_update_inode+0x13d9/0x2620
[  168.618077][ T1146]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  168.618099][ T1146]  do_writepages+0x32e/0x550
[  168.618128][ T1146]  ? reacquire_held_locks+0x104/0x190
[  168.618149][ T1146]  ? writeback_sb_inodes+0x42a/0x1940
[  168.618175][ T1146]  __writeback_single_inode+0x133/0x1060
[  168.618197][ T1146]  ? do_raw_spin_unlock+0xf5/0x210
[  168.618218][ T1146]  writeback_sb_inodes+0x92e/0x1940
[  168.618242][ T1146]  ? ret_from_fork_asm+0x1a/0x30
[  168.618285][ T1146]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  168.618301][ T1146]  ? do_raw_spin_lock+0x12b/0x2f0
[  168.618366][ T1146]  ? rcu_is_watching+0x15/0xb0
[  168.618408][ T1146]  wb_writeback+0x445/0xad0
[  168.618431][ T1146]  ? queue_io+0x1f1/0x450
[  168.618457][ T1146]  ? __pfx_wb_writeback+0x10/0x10
[  168.618473][ T1146]  ? do_raw_spin_lock+0x12b/0x2f0
[  168.618514][ T1146]  wb_workfn+0x3f8/0xef0
[  168.618535][ T1146]  ? __lock_acquire+0x6b5/0x2cf0
[  168.618553][ T1146]  ? look_up_lock_class+0x57/0x110
[  168.618594][ T1146]  ? __pfx_wb_workfn+0x10/0x10
[  168.618621][ T1146]  ? do_raw_spin_lock+0x12b/0x2f0
[  168.618644][ T1146]  ? lock_acquire+0x106/0x330
[  168.618665][ T1146]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  168.618693][ T1146]  ? process_one_work+0x87c/0x15a0
[  168.618716][ T1146]  ? process_one_work+0x87c/0x15a0
[  168.618748][ T1146]  ? process_one_work+0x87c/0x15a0
[  168.618766][ T1146]  process_one_work+0x949/0x15a0
[  168.618809][ T1146]  ? __pfx_process_one_work+0x10/0x10
[  168.618826][ T1146]  ? do_raw_spin_lock+0x12b/0x2f0
[  168.618868][ T1146]  worker_thread+0xb46/0x1140
[  168.618916][ T1146]  kthread+0x388/0x470
[  168.618940][ T1146]  ? __pfx_worker_thread+0x10/0x10
[  168.618959][ T1146]  ? __pfx_kthread+0x10/0x10
[  168.618985][ T1146]  ret_from_fork+0x51b/0xa40
[  168.619010][ T1146]  ? __pfx_ret_from_fork+0x10/0x10
[  168.619037][ T1146]  ? __switch_to+0xc7d/0x1400
[  168.619059][ T1146]  ? __pfx_kthread+0x10/0x10
[  168.619085][ T1146]  ret_from_fork_asm+0x1a/0x30
[  168.619127][ T1146]  </TASK>
[  168.619134][ T1146] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  168.622989][ T7335] netlink: 'syz.4.413': attribute type 8 has an invalid length.
[  169.038147][ T7335] netlink: 'syz.4.413': attribute type 1 has an invalid length.
[  169.047059][ T7335] netlink: 196 bytes leftover after parsing attributes in process `syz.4.413'.
[  169.056188][ T7335] NCSI netlink: No device for ifindex 0
[  169.360517][ T7338] loop3: detected capacity change from 0 to 32768
[  169.387433][ T5944] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  169.488333][ T5915] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  169.531515][ T5944] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  169.651096][ T5915] usb 5-1: Using ep0 maxpacket: 32
[  169.673567][ T5915] usb 5-1: config 0 has an invalid interface number: 67 but max is 0
[  169.703597][ T5915] usb 5-1: config 0 has no interface number 0
[  169.737280][ T5944] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  169.757518][ T5915] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  169.785389][ T5915] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  169.793500][ T5915] usb 5-1: Product: syz
[  169.805519][ T5915] usb 5-1: Manufacturer: syz
[  169.810154][ T5915] usb 5-1: SerialNumber: syz
[  169.828142][ T5915] usb 5-1: config 0 descriptor??
[  169.838372][ T5915] smsc95xx v2.0.0
[  169.866456][ T5944] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  170.252561][ T5915] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  170.283927][ T5944] bridge_slave_1: left allmulticast mode
[  170.293875][ T5915] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  170.303081][ T5944] bridge_slave_1: left promiscuous mode
[  170.317748][ T5944] bridge0: port 2(bridge_slave_1) entered disabled state
[  170.343945][ T5944] bridge_slave_0: left allmulticast mode
[  170.360256][ T5944] bridge_slave_0: left promiscuous mode
[  170.373644][ T5944] bridge0: port 1(bridge_slave_0) entered disabled state
[  170.399787][   T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  170.411907][   T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  170.423479][   T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  170.435695][   T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  170.443534][   T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  170.738103][ T5915] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  170.766186][ T5915] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -71
[  170.805693][ T5915] usb 5-1: USB disconnect, device number 7
[  170.828176][ T7352] loop1: detected capacity change from 0 to 32768
[  171.175294][  T110] ==================================================================
[  171.183425][  T110] BUG: KASAN: slab-use-after-free in jfs_lazycommit+0x749/0xaa0
[  171.191091][  T110] Read of size 4 at addr ffff88802941c894 by task jfsCommit/110
[  171.198747][  T110] 
[  171.201088][  T110] CPU: 1 UID: 0 PID: 110 Comm: jfsCommit Not tainted syzkaller #0 PREEMPT(full) 
[  171.201117][  T110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  171.201129][  T110] Call Trace:
[  171.201137][  T110]  <TASK>
[  171.201145][  T110]  dump_stack_lvl+0xe8/0x150
[  171.201175][  T110]  print_report+0xba/0x230
[  171.201198][  T110]  ? jfs_lazycommit+0x749/0xaa0
[  171.201220][  T110]  kasan_report+0x117/0x150
[  171.201242][  T110]  ? jfs_lazycommit+0x749/0xaa0
[  171.201267][  T110]  jfs_lazycommit+0x749/0xaa0
[  171.201292][  T110]  ? __pfx_jfs_lazycommit+0x10/0x10
[  171.201314][  T110]  ? __pfx_default_wake_function+0x10/0x10
[  171.201338][  T110]  ? __kthread_parkme+0x7a/0x1f0
[  171.201366][  T110]  kthread+0x388/0x470
[  171.201393][  T110]  ? __pfx_jfs_lazycommit+0x10/0x10
[  171.201413][  T110]  ? __pfx_kthread+0x10/0x10
[  171.201440][  T110]  ret_from_fork+0x51b/0xa40
[  171.201465][  T110]  ? __pfx_ret_from_fork+0x10/0x10
[  171.201486][  T110]  ? __switch_to+0xc7d/0x1400
[  171.201508][  T110]  ? __pfx_kthread+0x10/0x10
[  171.201535][  T110]  ret_from_fork_asm+0x1a/0x30
[  171.201570][  T110]  </TASK>
[  171.201576][  T110] 
[  171.313424][  T110] Allocated by task 7352:
[  171.317749][  T110]  kasan_save_track+0x3e/0x80
[  171.322438][  T110]  __kasan_kmalloc+0x93/0xb0
[  171.327204][  T110]  __kmalloc_cache_noprof+0x31c/0x660
[  171.332582][  T110]  jfs_fill_super+0xc2/0xd80
[  171.337259][  T110]  get_tree_bdev_flags+0x431/0x4f0
[  171.342372][  T110]  vfs_get_tree+0x92/0x2a0
[  171.346788][  T110]  do_new_mount+0x341/0xd30
[  171.351288][  T110]  __se_sys_mount+0x31d/0x420
[  171.355964][  T110]  do_syscall_64+0xe2/0xf80
[  171.360555][  T110]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.366449][  T110] 
[  171.368772][  T110] Freed by task 5837:
[  171.372742][  T110]  kasan_save_track+0x3e/0x80
[  171.377424][  T110]  kasan_save_free_info+0x46/0x50
[  171.382451][  T110]  __kasan_slab_free+0x5c/0x80
[  171.387222][  T110]  kfree+0x1c1/0x610
[  171.391153][  T110]  generic_shutdown_super+0x13d/0x2d0
[  171.396527][  T110]  kill_block_super+0x44/0x90
[  171.401209][  T110]  deactivate_locked_super+0xbc/0x130
[  171.406583][  T110]  cleanup_mnt+0x437/0x4d0
[  171.411006][  T110]  task_work_run+0x1d9/0x270
[  171.415591][  T110]  exit_to_user_mode_loop+0xed/0x480
[  171.420877][  T110]  do_syscall_64+0x2b7/0xf80
[  171.425468][  T110]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.431356][  T110] 
[  171.433674][  T110] The buggy address belongs to the object at ffff88802941c800
[  171.433674][  T110]  which belongs to the cache kmalloc-256 of size 256
[  171.447724][  T110] The buggy address is located 148 bytes inside of
[  171.447724][  T110]  freed 256-byte region [ffff88802941c800, ffff88802941c900)
[  171.461516][  T110] 
[  171.463835][  T110] The buggy address belongs to the physical page:
[  171.470239][  T110] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2941c
[  171.478991][  T110] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  171.487487][  T110] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  171.495025][  T110] page_type: f5(slab)
[  171.499010][  T110] raw: 00fff00000000040 ffff88813ffa6b40 dead000000000100 dead000000000122
[  171.507597][  T110] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  171.516179][  T110] head: 00fff00000000040 ffff88813ffa6b40 dead000000000100 dead000000000122
[  171.524842][  T110] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  171.533507][  T110] head: 00fff00000000001 ffffea0000a50701 00000000ffffffff 00000000ffffffff
[  171.542175][  T110] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  171.550834][  T110] page dumped because: kasan: bad access detected
[  171.557238][  T110] page_owner tracks the page as allocated
[  171.562955][  T110] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5841, tgid 5841 (syz-executor), ts 100284427391, free_ts 100261590717
[  171.584485][  T110]  post_alloc_hook+0x231/0x280
[  171.589265][  T110]  get_page_from_freelist+0x24dc/0x2580
[  171.594807][  T110]  __alloc_frozen_pages_noprof+0x18d/0x380
[  171.600607][  T110]  allocate_slab+0x7b/0x660
[  171.605114][  T110]  refill_objects+0x33a/0x3d0
[  171.609787][  T110]  __pcs_replace_empty_main+0x2b9/0x620
[  171.615342][  T110]  __kmalloc_noprof+0x474/0x760
[  171.620198][  T110]  fib_create_info+0x171d/0x31f0
[  171.625136][  T110]  fib_table_insert+0xc8/0x1b50
[  171.629984][  T110]  fib_magic+0x434/0x510
[  171.634223][  T110]  fib_add_ifaddr+0x144/0x5f0
[  171.638896][  T110]  fib_netdev_event+0x382/0x490
[  171.643743][  T110]  notifier_call_chain+0x19d/0x3a0
[  171.648854][  T110]  __dev_notify_flags+0x1a9/0x310
[  171.653893][  T110]  netif_change_flags+0xe8/0x1a0
[  171.658858][  T110]  do_setlink+0xf82/0x4590
[  171.663289][  T110] page last free pid 5948 tgid 5948 stack trace:
[  171.669620][  T110]  __free_frozen_pages+0xc01/0xd80
[  171.674745][  T110]  __slab_free+0x263/0x2b0
[  171.679166][  T110]  qlist_free_all+0x97/0x100
[  171.683759][  T110]  kasan_quarantine_reduce+0x148/0x160
[  171.689221][  T110]  __kasan_slab_alloc+0x22/0x80
[  171.694080][  T110]  kmem_cache_alloc_noprof+0x2bc/0x650
[  171.699539][  T110]  do_getname+0x2e/0x250
[  171.703785][  T110]  do_sys_openat2+0xca/0x200
[  171.708379][  T110]  __x64_sys_openat+0x138/0x170
[  171.713233][  T110]  do_syscall_64+0xe2/0xf80
[  171.717736][  T110]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.723626][  T110] 
[  171.725946][  T110] Memory state around the buggy address:
[  171.731570][  T110]  ffff88802941c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  171.739626][  T110]  ffff88802941c800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  171.747687][  T110] >ffff88802941c880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  171.755737][  T110]                          ^
[  171.760319][  T110]  ffff88802941c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  171.768378][  T110]  ffff88802941c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  171.776432][  T110] ==================================================================
[  171.784504][  T110] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  171.791713][  T110] CPU: 1 UID: 0 PID: 110 Comm: jfsCommit Not tainted syzkaller #0 PREEMPT(full) 
[  171.800831][  T110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  171.810890][  T110] Call Trace:
[  171.814175][  T110]  <TASK>
[  171.817110][  T110]  vpanic+0x56c/0xa60
[  171.821813][  T110]  ? __pfx_vpanic+0x10/0x10
[  171.826344][  T110]  panic+0xc5/0xd0
[  171.830081][  T110]  ? __pfx_panic+0x10/0x10
[  171.834500][  T110]  ? jfs_lazycommit+0x749/0xaa0
[  171.839360][  T110]  ? rcu_is_watching+0x15/0xb0
[  171.844131][  T110]  ? jfs_lazycommit+0x749/0xaa0
[  171.848985][  T110]  ? jfs_lazycommit+0x749/0xaa0
[  171.853841][  T110]  check_panic_on_warn+0x89/0xb0
[  171.858781][  T110]  ? jfs_lazycommit+0x749/0xaa0
[  171.863638][  T110]  end_report+0x6f/0x140
[  171.867882][  T110]  kasan_report+0x128/0x150
[  171.872381][  T110]  ? jfs_lazycommit+0x749/0xaa0
[  171.877238][  T110]  jfs_lazycommit+0x749/0xaa0
[  171.881917][  T110]  ? __pfx_jfs_lazycommit+0x10/0x10
[  171.887119][  T110]  ? __pfx_default_wake_function+0x10/0x10
[  171.892924][  T110]  ? __kthread_parkme+0x7a/0x1f0
[  171.897869][  T110]  kthread+0x388/0x470
[  171.901941][  T110]  ? __pfx_jfs_lazycommit+0x10/0x10
[  171.907135][  T110]  ? __pfx_kthread+0x10/0x10
[  171.911733][  T110]  ret_from_fork+0x51b/0xa40
[  171.916329][  T110]  ? __pfx_ret_from_fork+0x10/0x10
[  171.921532][  T110]  ? __switch_to+0xc7d/0x1400
[  171.926211][  T110]  ? __pfx_kthread+0x10/0x10
[  171.930805][  T110]  ret_from_fork_asm+0x1a/0x30
[  171.935580][  T110]  </TASK>
[  171.938944][  T110] Kernel Offset: disabled
[  171.943258][  T110] Rebooting in 86400 seconds..