last executing test programs:

52.746646082s ago: executing program 0 (id=128):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f0000000280)={&(0x7f00000008c0)='\x00', 0x1})
r1 = syz_open_dev$dri(&(0x7f0000000a40), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r1, 0xc01064bd, &(0x7f0000000040)={&(0x7f0000000a80)='a', 0x1, <r2=>0x0})
ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(r0, 0xc00464be, &(0x7f0000000000)={r2})

52.581532975s ago: executing program 0 (id=132):
r0 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfad6}, &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_FADVISE={0x18, 0x50, 0x0, @fd_index=0x6, 0x5, 0x0, 0x8001, 0x1, 0x1, {0x0, r3}})
io_uring_enter(r0, 0xdb4, 0x0, 0x0, 0x0, 0x0)

52.375521037s ago: executing program 0 (id=137):
r0 = syz_io_uring_setup(0x3d1a, &(0x7f0000000480), &(0x7f0000000080), &(0x7f0000000040))
io_uring_enter(r0, 0x0, 0x464f, 0x1, 0x0, 0x0)
io_uring_enter(r0, 0x75e6, 0xb433, 0xc, 0x0, 0x0)
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r0, 0x13, &(0x7f0000000000)=[0x0, 0xa9a], 0x2)
io_uring_enter(r0, 0x7c0c, 0xccf2, 0x4, 0x0, 0x0)

51.424339704s ago: executing program 0 (id=144):
syz_mount_image$ext4(&(0x7f0000000880)='ext2\x00', &(0x7f0000000000)='./file1\x00', 0x21000e, &(0x7f0000000380), 0xde, 0x529, &(0x7f00000008c0)="$eJzs3c1vHGcZAPBnxrvBaVzsAodSqR+iQUkF2Y1r2loc2iIQt0qgcg+WvbGsrLORd93GVoUc8QcgIQSVOHHigsSNCxLqn4CQKtE7AgRCkMKBAzBoZmdTZ5n1h7ofwf79pHf3nXd253nejXf2nY/MBHBuPRcRr0fEXES8EBGLZXtaljjol/x1H95/Zz0vefObf00iKdsiiuoDl8q3zfefKnX39m+ttdutnXK62du+0+zu7V/b2l7bbG22bq+sLL+8+srqS6vXx9LPvF+vfu2PP/zeT7/+6q+++Pbvbvz56nfypL9azh/0a3yKTy8+KB7r+WfxQC0idsYbbGbmyv7UZ50IAAAnko9SPxURnyvG/4sxV4zmCsNDuvnpZwcAAACMQ/baQvwricgAAACAM+u1iFiIJG2U5wIsRJo2Gv1zeD8Tj6XtTrf3hZud3dsb+byIpainN7farevlObVLUU/y6eWi/tH0i0PTKxHxRET8YPFiMd1Y77Q3Zr3zAwAAAM6JS0Pb//9Y7G//AwAAAGfM0qwTAAAAACZu1PZ/MuU8AAAAgMlx/B8AAADOtG+88UZessH9rzfe2tu91Xnr2kare6uxvbveWO/s3GlsdjqbxTX7to9aVj0i2p3OnS9F7N5t9lrdXrO7t39ju7N7u3djy/0DAQAAYFaeePa9D5KIOPjyxaLkLuQPcyPe4FwBODPS07z4D5PLA5i+UT/zJ3BhnHkA01ebdQLA7BzMOgFg1h661EfFoODwyTsP7TP49eRyAgAAxuvKZ6uP/9fK8/mBs+tUx/+BM+VjHP8H/s85/g/nV/1UI4B7E8wEmJXjbvUx8uIdVcf/K88MzrJjlwUAAEzUQlGeTRvlscCFSNNGI+Lx4r/615ObW+3W9Yj4ZET8drH+iXx6uXhn4vaAAAAAAAAAAAAAAAAAAAAAAAAAAHBCWZZEBgAAAJxpEemfkvL+X1cWLy8M7x+4kPxzMcpber394zd/dHet19tZztv/9qC9927Z/uIs9mAAAADAeVQ7cu5gO32wHQ8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4/Th/XfWB2Wacf/ylYhYqopfi/nieT7qEfHY35OoHXpfEhFzY4h/cC8inqyKn+RpxVKZxXD8NCIuTif+01mWVca/NIb4cJ69l69/Xq/6/qXxXPFc/f2vleXjemj9d+EXh+akD9Z/cyPWf4+fMMZT7/+8OTL+vYinatXrn0H8ZET856sWWPGhfPtb+/v/09hfeGQ/ibhS+fuTPBSr2du+0+zu7V/b2l7bbG22bq+sLL+8+srqS6vXmze32q3ysbKP33/6l/8Zavp31lf0P0bEXzqm/5fzSv1QYzYcpgz2/t37n+5X60OLKOJffb767+/JI+LnfxOfL38H8vlXBvWDfv2wZ372m2cqEyvjb4zo/3H//ldHLXTIC9/87u9P+FIAYAq6e/u31trt1s7EK+9mWTatWCevRHrSFxfDxal+YtOtDEZ3Ewsx/6j0dMqVy49GGqepjGPPFgAA8Kj5aNA/60wAAAAAAAAAAAAAAAAAAADg/OruRTrpy4kNxzyYTVcBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI703wAAAP//4wvZIQ==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
chdir(&(0x7f00000001c0)='./file0\x00')
readlink(&(0x7f0000000000)='./file0/file1\x00', &(0x7f00000003c0)=""/42, 0x2a)
readlink(&(0x7f0000000040)='./file0/file1\x00', &(0x7f0000000080)=""/42, 0x2a)

50.524826848s ago: executing program 0 (id=150):
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x8, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000280)={r1}, 0xc)

48.84206298s ago: executing program 4 (id=163):
r0 = syz_io_uring_setup(0x82e, &(0x7f0000000300)={0x0, 0x0, 0x10100, 0x400000, 0x40000}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r0, 0x16, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0, 0x0, 0x0, 0x700}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1)
r3 = socket(0x10, 0x3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_SEND={0x1a, 0x20, 0x0, r3, 0x0, 0x0, 0x0, 0x200440c0, 0x1})
io_uring_enter(r0, 0x27e2, 0x0, 0x0, 0x0, 0x0)

47.667931173s ago: executing program 4 (id=168):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x1, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_emit_ethernet(0xbe, &(0x7f0000000080)=ANY=[@ANYBLOB="ffffffffffff0000000000000800450000b00000000000019078ac1e0001ac1414aa0300907803240000450000000000000000010000ac1414aaac1414008671000000e17a536afd5b00000ce256b28c59881681fb520009789607671442eb000e74349543"], 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f00000000c0)=ANY=[@ANYBLOB="010000000000000001000000000000000000000000000000001b0300ff"])

47.587453325s ago: executing program 0 (id=169):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080))
sendmsg$BATADV_CMD_TP_METER(0xffffffffffffffff, 0x0, 0x4008011)
open_by_handle_at(r0, 0x0, 0x922c3)

47.26768521s ago: executing program 32 (id=169):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080))
sendmsg$BATADV_CMD_TP_METER(0xffffffffffffffff, 0x0, 0x4008011)
open_by_handle_at(r0, 0x0, 0x922c3)

47.255698067s ago: executing program 4 (id=172):
r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r0, 0xab00, r1)
ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0x9)
ioctl$NBD_DO_IT(r0, 0xab03)

46.283953977s ago: executing program 4 (id=176):
syz_mount_image$exfat(&(0x7f0000001500), &(0x7f0000000040)='./file1\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="6572726f72733d636f6e74696e75652c00a3a2a4e7417e941910c27d130b55ac2d5f7a61e59ec6d5de07239091924c32eeb367d16409d6d3ec1fb755f9a7989ebc4e96918e268f0b7acebf67c07bc4731250f87d27b5e9e61000e70f0c6a4e2432073d0d3e18f864e9ef64637d14e5485f36e53c821cb5898685c055a367ea51b653eff6581710f6c3824bc667bd24219163c60803099f985567be0d978e301b4f6603628606afadb04eee58f42f1853f2e8598a5e250e0f4c9a"], 0x3, 0x14fe, &(0x7f0000002ac0)="$eJzs3QuYjtX6MPB1r7UexjTxNslhWPe6H940WCZJckiSQ5IkSZJTQtIkSUJiyCkJSchxkhyGkBwmJo3z+ZBz0mRLkiSnnML6rqndtve//b/s/e39//y/Pffvutb1rvtaz72etd6beZ/nuebwQ9fhtZrUrt6IiMS/BH57SRFCxAghBgkh8gkhAiFE+fjy8dnjeRSk/GsnYf9ej6Zd6xWwa4nrn7Nx/XM2rn/OxvXP2bj+ORvXP2fj+udsXH/GcrKtMwvfwC3ntn/9+X/Mby/8/P//Q/z5n7Nx/f/TnM7zzxzN9f9Pctl7/89lcP1zNq5/zsb1z9m4/jkb1z9n4/ozlpNd6+fP3K5tu9b//hhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOM5Qzn/BVaCPF7/1qvizHGGGOMMcYYY/8+Pve1XgFjjDHGGGOMMcb+54GQQgktApFL5BYxIo+IFdeJOHG9yCvyiYi4QcSLG0V+cZMoIAqKQqKwSBBFRFFhBAorSISimCguouJmUULcIhJFSVFKlBZOlBFJ4lZRVtwmyonbRXlxh6gg7hQVRSVRWVQRd4mq4m5RTdwjqot7RQ1RU9QStcV9oo64X9QVD4h64kFRXzwkGoiHRUPxiGgkHhWNxWOiiXhcNBVPiGaiuWghWopW/1f5r4ie4lXRS/QWKaKP6CteE/1EfzFADBSDxOtisHhDDBFviqFimBgu3hIjxNtipHhHjBKjxRjxrhgrxonxYoKYKCaJVPGemCzeF1PEB2KqmCamixkiTcwUs8SHYraYI+aKj8Q88bGYLxaIhWKRSBefiMViicgQn4ql4jORKZaJ5WKFWClWidVijVgr1on1YoPYKDaJzWKL2Co+F9vEdrFD7BS7xG6xR3wh9oovxT7xlcgSX/+T+Wf/S343ECBAggQNGnJBLoiBGIiFWIiDOMgLeSECEYiHeMgP+aEAFIBCUAgSIAGKQlFAQCAgKAbFIApRKAElIBESoRSUAgcOkiAJysJtUA7KQXkoDxWgAlSESlAJqkAVqApVoRpUg+pQHWpADagFteA+uA/uh7pQF+pBPagP9aEBNICG0BAaQSNoDI2hCTSBptAUmkEzaAEtoBW0gtbQGtpAG2gH7aA9tIcO0AGSIRk6QkfoBJ2gM3SGLtAFukJX6AbdoTu8Aq/Aq/Aq9IYasg/0hb7QD/rBABgIA+F1GAxvwBvwJgyFYTAc3oK34G0YCWdgFIyGMTAGqspxMB4mAMlJkAqpMBkmwxSYAlNhGkyDGZAGM2EWzILZMAfmwEcwDz6Gj2EBLIBFkA7psBiWQAZkwFI4C5mwDJbDClgJq2AlrIG1sAbWwwZYD5tgE2yBLfA5fA7bYTvshJ2wG3bDF/AFfAlfwlDIgizYD/vhAByAg3AQDsEhOAyH4QgcgaNwFI7BMTgOJ+AknIDTcBrOwFk4B+fgAlyAi3ARLsPl7P/8MpuWWuaSuWSMjJGxMlbGyTiZV+aVERmR8TJe5pf5ZQFZQBaShWSCTJBFZVGJEiXJUBaTxWRURmUJWUImykRZSpaSTjqZJJNkWVlWlpPlZHl5h6wg75QVZSXZ1lWRVWRV2c5Vk/fI6rK6rCFrylqytqwt68g6sq6sK+vJerK+rC8byIdlQ9kHBsCjMrsyTeQwaCqHQzPZXLaQLeXb8KRsLUdCG9lWtpNPy9EwCjrI1i5ZPic7yvHQSb4gJ8CLsoucBF3ly7Kb7C57yFdkT9nG9ZK95VToI/vKGdBP9pcD5EA5G2rK7IrVkm/KoXKYHC7fkovgbTlSviNHydFyjHxXjpXj5Hg5QU6Uk2SqfE9Olu/LKfIDOVVOk9PlDJkmZ8pZ8kM5W86Rc+VHcp78WM6XC+RCuUimy0/kYrlEZshP5VL5mcyUy+RyuUKulKvkarlGrpXr5Hq5QW6Um+RmuUVulZ/LbXK73CF3yl1yt9wjv5B75Zdyn/xKZsmv5X75J3lAfiMPym/lIfmdPCy/l0fkD/Ko/FEekz/J4/KEPClPydPyZ3lGnpXn5Hl5Qf4iL8pL8rL0UihQUimlVaByqdwqRuVRseo6FaeuV3lVPhVRN6h4daPKr25SBVRBVUgVVgmqiCqqjEJlFalQFVPFVVTdrEqoW1SiKqlKqdLKqTIqSd2qyqrbVDl1uyqv7lAV1J2qoqqkKqsq6i5VVd2tqql7VHV1r6qhaqpaqra6T9VR96u66gFVTz2o6quHVAP1sGqoHlGN1KOqsXpMNVGPq6bqCdVMNVctVEvVSj2pWqunVBvVVrVTT6v26hnVQT2rktVzqqN6XnVSL6jO6kXVRb2kuqqXVTfVXfVQl9Rl5VUv1VulqD6qr3pN9VP91QA1UA1Sr6vB6g01RL2phqpharh6S41Qb6uR6h01So1WY9S7aqwap8arCWqimqRS1XtqsnpfTVEfqKlqmpquZqg0NVMN+PNMc/+B/Pf/Tv6QX8++RW1Vn6ttarvaoXaqXWq32qP2qL1qr9qn9qkslaX2q/3qgDqgDqqD6pA6pA6rw+qIOqKOqqPqmDqmjqsT6rw6pU6rn9UZdVadVefVBXVBXfzzeyA0aKmV1jrQuXRuHaPz6Fh9nY7T1+u8Op+O6Bt0vL5R59c36QK6oC6kC+sEXUQX1Uajtpp0qIvp4jqqb9Yl9C06UZfUpXRp7XQZnaRv/Zfzr7a+VrqVbq1b6za6jW6n2+n2ur3uoDvoZJ2sO+qOupPupDvrzrqL7qK76q66m+6me+geuqfuqb0QIkWn6L76Nd1P99cD9EA9SL+uB+vBeogeoofqoXq4Hq5H6BF6pB6pR+lReoweo8fqsXq8Hq8n6ok6VafqyXqynqKn6Kl6qp6up+s0naZn6Vl6tp6t5+q5ep6ep+fr+XqhXqjTdbperBfrDJ2hl+qlOlMv08v0Cr1Cr9Kr9Bq9Rq/T6/QGvUFv0pt0pv79GzR36B16l96l9+g9eq/eq/fpfTpLZ+n9er8+oA/og/qgPqQP6cP6sD6ij+ij+qg+po/p4/q4PqlP6tP6tD6jz+hz+py+oC/oi/qivqwvZ1/2BTKQgQ50kCvIFcQEMUFsEBvEBXFB3iBvEAkiQXwQH+QPbgoKBAWDQkHhICEoEhQNTICBDSgIg2JB8SAa3ByUCG4JEoOSQamgdOCCMkFScGtQNrgtKBfcHpQP7ggqBHcGFYNKQeWgSnBXUDW4O6gW3BNUD+4NagQ1g1pB7eC+oE5wf1A3eCCoFzwY1A8eChoEDwcNg0eCRsGjQePgsaBJ8HjQNHgiaBY0D1oELYNW/9b5vT9T8CnXy/Q2KaaP6WteM/1MfzPADDSDzOtmsHnDDDFvmqFmmBlu3jIjzNtmpHnHjDKjzRjzrhlrxpnxZoKZaCaZVPOemWzeN1PMB2aqmWammxkmzcw0s8yHZraZY+aaj8w887GZbxaYhWaRSTefmMVmickwn5ql5jOTaZaZ5WaFWWlWmdVmjVlr1pn1ZoPZaDaZzWaL2Wo+N9vMdrPD7DS7zG6zx3xh9povzT7zlckyX5v95k/mgPnGHDTfmkPmO3PYfG+OmB/MUfOjOWZ+MsfNCXPSnDKnzc/mjDlrzpnz5oL5xVw0l8xl47Mv7rM/3lGjxlyYC2MwBmMxFuMwDvNiXoxgBOMxHvNjfiyABbAQFsIETMCiWBSzERIWw2IYxSiWwBKYiIlYCkuhQ4dJmIRlsSyWw3JYHstjBayAFbEiVsbs+5G78G68G+/Be/BevBdrYk2sjbWxDtbBulgX62E9rI/1sQE2wIbYEBthI2yMjbEJNsGm2BSbYTNsgS2wFbbC1tga22AbbIftsD22xw7YAZMxGTtiR+yEnbAzdsYu2AW7Ylfsht2wB/bAntgTe2EvTMEU7It9sR/2wwE4AAfhIByMg3EIDsGhOBSH43AcgSNwJI7EUTgax+C7OBbH4XicgBNxEqZiKk7GyTgFp+BUnIrTcTqmYRrOwlk4G2fjXJyL83Aezsf5uBAXYjqm42JcjBmYgUtxKWZiJi7H5bgSV+JqXI1rcS2ux/W4ETfiZtyMW3ErbsNtuAN34C7chXtwD+7FvbgP92EWZuF+3I8H8AAexIN4CA/hYTyMR/AIHsWjeAyP4XE8DifxJJ7G03gGz+A5PIcX8Be8iJfwMnqMsXlsrL3OxtnrbV6bz8bYPL2FEH+JC9nCNsEWsUWtsQVswb+J0VqbaEvaUra0dbaMTbK3/iGuaCvZyraKvctWtXfban+I69j7bV37gK1nH7S17X1/E9e3D9kG9nHb0D5hG9nmtrFtaZvYx21T+4RtZpvbFralbW+fsR3sszbZPmc72uf/EC+2S+xau86utxvsXvulPWfP2yP2B3vB/mJ72d52kH3dDrZv2CH2TTvUDvtDPMa+a8facXa8nWAn2kl/iKfbGTbNzrSz7Id2tp3zhzjdfmLn2Qw73y6wC+2iX+PsNWXYT+1S+5nNtMvscrvCrrSr7Gq75i9rXWE32c12i91jv7Db7Ha7w+60u+zuX+PsfeyzX9ks+7U9bL+3B+w39qA9ag/Z736Ns/d31P5oj9mf7HF7wp60p+xp+7M9Y8/+uv/svZ+yl+xl660gIEmKNAWUi3JTDOWhWLqO4uh6ykv5KEI3UDzdSPnpJipABakQFaYEKkJFyRCSJaKQilFxitLNVIJuoUQqSaWoNDkqQ0l0K5Wl26gc3U7l6Q6qQHdSRapElakK3UVV6W6qRvdQdbqXalBNqkW16T6qQ/dTXXqA6tGDVJ8eogb0MDWkR6gRPUqN6TFqQo9TU3qCmlFzakEtqRU9Sa3pKWpDbakdPU3t6RnqQM9SMj1HHel56kQvUGd6kbrQS9SVXqZu1J160CvUk16lXtSbUqgP9aXXqB/1pwE0kAbR6zSY3qAh9CYNpWE0nN6iEfQ2jaR3aBSNpjH0Lo2lcTSeJtBEmkSp9B5NpvdpCn1AU2kaTacZlEYzaRZ9SLNpDs2lj2gefUzzaQEtpEWUTp/QYlpCGfQpLaXPKJOW0XJaQStpFa2mNbSW1tF62kAbaRNtpi20lT6nbbSddtBO2kW7aQ99QXvpS9pHX1EWfU376U90gL6hg/QtHaLv6DB9T0foBzpKP9Ix+omO0wk6SafoNP1MZ+gsnaPzdIF+oYt0iS6TJxFCKEMV6jAIc4W5w5gwTxgbXhfGhdeHecN8YSS8IYwPbwzzhzeFBcKCYaGwcJgQFgmLhibE0IYUhmGxsHgYDW8OS4S3hIlhybBUWDp0YZkwKbw1LBveFpYLbw/Lh3eEFcI7w4phpbByWCW8K6wa3h1WC+8Jq4f3hjXCmmGtsHZ4X1gnvD+sGz4Q1gsfDMuFD4UNwofDhuEjYaPw0bBx+FjYJHw8bBo+ETYLm4ctwpZhq/DJsHX4VNgmbBu2C58O24fPhB3CZ8Pk8LmwY/j8VcdTwj5h3/C18LXQ+wfUwuiiaHr0k+ji6JJoRvTT6NLoZ9HM6LLo8uiK6Mroqujq6Jro2ui66ProhujG6Kbo5uiWqPe1cwsHTjrltAtcLpfbxbg8LtZd5+Lc9S6vy+ci7gYX7250+d1NroAr6Aq5wi7BFXFFnXHorCMXumKuuIu6m10Jd4tLdCVdKVfaOVfGJbmWrpVr5Vq7p1wb19a1c0+7p90z7hn3rHvWPec6uuddJ/eC6+xedF3cS+4l97Lr5rq7Hu4V19O96nq53i7Fpbi+rq/r5/q5AW6AG+QGucFusBvihrihbqgb7oa7EW6EG+lGulFulBvjxrixbqwb78a7iW6iS3WpbrKb7Ka4KW6qm+qmu+kuzaW5WW6Wm+1mu7lurpvn5rn5br5b6Ba6dJfuFrvFLsNluKVuqct0mW65W+5WupVutVvt1rq1br1b7za6jW6z2+y2uq1um9vmdrgdbpfb5fa4PW6v2+v2uX0uy2W5/W6/O+AOuIPuW3fIfecOu+/dEfeDO+p+dMfcT+64O+FOulPutPvZnXFn3Tl33l1wv7iL7pK77LxLjbwXmRx5PzIl8kFkamRaZHpkRiQtMjMyK/JhZHZkTmRu5KPIvMjHkfmRBZGFkUWR9MgnkcWRJZGMyKeRpZHPIpmRZZHlkRWRlZFVEe+LbAt9MV/cR/3NvoS/xSf6kr6UL+2dL+OT/K2+rL/Nl/O3+/L+Dl/B3+kr+kq+sn/CN/PNfQvf0rfyT/rW/infxrf17fzTvr1/xnfwz/pk/5zv6J/3nfwLvrN/0XfxL/mu/mXfzXf3Pfwrvqd/1ffyvX2K7+P7+td8P9/fD/AD/SD/uh/s3/BD/Jt+qB/mh/u3/Aj/th/p3/Gj/Gg/xr/rx/pxfryf4Cf6ST7Vv+cn+/f9FP+Bn+qn+el+hk/zM/0s/6Gf7ef4uf4jP89/7Of7BX6hX+TT/Sd+sV/iM/ynfqn/zGf6ZX65X+FX+lV+tV/j1/p1fr3f4Df6TX6z3+K3+s/9Nr/d7/A7/S6/2+/xX/i9/ku/z3/ls/zXfr//kz/gv/EH/bf+kP/OH/bf+yP+B3/U/+iP+Z/8cX/Cn/Sn/Gn/sz/jz/pz/ry/4H/xF/0lf5l/Zo0xxhhj7B+irjLe57/JkX/u9xVCXL+98KH/Or6xwG/9/rkT2keEEM/17vro761GjZSUlD8fm6lEUHyBECJyJT+XuBIvE+3EMyJZtBVl/zIe81fn6i+7X6CrzB+9Q4jYv8rJzv89vjL/bX93//3luHlXnX+BEInFr+TkEVfiK/OX+2/mL9j6KvPn+SZViDZ/lRMnrsRX5k8ST4nnRfLfHMkYY4wxxhhjjP2mv6zc+Wr3t9n35wn6Sk5ucSX+e/fnjDHGGGOMMcYY+9/lxe49nn0yObltZ+78T3V8vt/e6v8t6+EOd/6BzrX+ysQYY4wxxhj7d7ty0X+tV8IYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjOVc/y9+ndjv57ra3xpkjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHG/lP9nwAAAP//sjE7Eg==")
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
lstat(&(0x7f0000008800)='./file0\x00', 0x0)

45.879056458s ago: executing program 4 (id=180):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$sock_int(r1, 0x1, 0x10, &(0x7f0000000100)=0xffff, 0x4)
shutdown(r0, 0x1)
setsockopt$sock_int(r1, 0x1, 0x22, &(0x7f0000000040)=0x7, 0x4)
recvmmsg(r1, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=""/26, 0x1a}, 0x2}], 0x1, 0x2302, 0x0)

44.358556508s ago: executing program 4 (id=193):
r0 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000000)=0x639)
r1 = syz_open_dev$sndpcmc(&(0x7f0000000300), 0x0, 0x0)
mmap$snddsp_control(&(0x7f0000000000/0x3000)=nil, 0x1000, 0x1, 0x11, r1, 0x82000000)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000040)=0x20b)

44.055800335s ago: executing program 33 (id=193):
r0 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000000)=0x639)
r1 = syz_open_dev$sndpcmc(&(0x7f0000000300), 0x0, 0x0)
mmap$snddsp_control(&(0x7f0000000000/0x3000)=nil, 0x1000, 0x1, 0x11, r1, 0x82000000)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000040)=0x20b)

6.31408024s ago: executing program 1 (id=569):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f0000000740)={0x0, 0x22, 0xf, {[@main=@item_4={0x3, 0x0, 0x0, "a8407a73"}, @local=@item_4={0x3, 0x2, 0x0, "93bf0280"}, @global=@item_4={0x3, 0x1, 0x0, "ec4260d6"}]}}, 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000000), 0x0, 0x0)
ioctl$HIDIOCSREPORT(r1, 0x400c4808, &(0x7f0000000040))

4.613672319s ago: executing program 2 (id=581):
openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r2 = dup(r0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}})

4.495337698s ago: executing program 2 (id=583):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x101880a, &(0x7f0000005a80)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c61636c2c6673796e635f6d6f64653d7374726963742c696e6c696e655f78617474722c6673796e635f6d6f64653d706f7369782c646973636172645f756e69743d7365676d656e742c6261636b67726f756e645f67633d6f6e2c6e6f696e6c696e655f78617474722c646973636172645f756e69743d626c6f636b2c6673796e635f6d6f64653d7374726963742c617467632c657874656e745f63616368652c6661756c745f696e6a656374696f6e3d30303030303030303030303030303031343033302c00271d57a599b8b169a579679e220c689eaaec4fa6229021e75c68a687d319b615573b0b0ceefba8e2e2419434463974ef8174b66469344931de0ccad650792761"], 0x1, 0x550b, &(0x7f0000000540)="$eJzs3M1rI2UYAPAn/dhv1yIevO3AIrSwiU0/Fr1V3cUP7FJWPXjSNElDdpNMadK09uTBo3jwPxEFTx79Gzx49iYeFG+Ckpmpbv0AoWlj298PJs+8b94887xhWXhmSgK4sOaSX34qxc24GhHTEXEjIjsvFUdmLQ/PRcStiJh64igV839MXIqIaxFxc5Q8z1kq3vrszvD26o9v/vz1t5dnrn/+1XeT2zUwac9HRHc7P9/r5jFt5fFRMV8btrPYXRkWMX+j+7gYp3nca25mGfZqh+tqWVxu5evT7d3+KG51avVRbLW3svntXn7B/rB1mCf7wKPaTjZuNDez2O6nWWwd5HXtH+T/tx30B3meRpHvwyx9DAaHMZ9v7jfz/Ww/zmK9Nyjm87xpo7k/isMiFpeLetppZHVsHueb/n97q93b3U+GzZ1+O+0lq5Xqi5Xq3XJ1J200B82Vcq3buLuSzLc6o2XlQbPWXWulaavTrNTT7kIy36rXy9VqMn+vudmu9ZJqtbJcWSyvLhRnd5LXHrybdBrJ/Ci+0u7tDtqdfrKV7iT5JxaSpcrySwvJ7Wry9vpGsvHw/v31jXfev/feg5fX33i1WPS3spL5pcWlpXJ1sbxUXbhA+/+4KHqM+4djKU26AICzR/8PTMLJ9f87DyNOvv8P/f9YnKn+9/z1/3svREx0/3As+n8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAvr+9kvXs9O5vLx9WL+qWLqmWJcioipiPjtH0zHpSM5p4s8s/+yfvYvNXxTiizD6BqXi+NaRKwVx69Pn/S3AAAAAOfXlx/d+jTv1vOXuUkXxGnKb9pM3fhgTPlKETE798OYsk2NXp4dU7Ls3/dM7I8pW3YD68qYkuW33GbGle0/mT4SrjwRSnmYOtVyAACAU3G0EzjdLgQAAIDT9MmkC2AySnH4KPPwWXD2l/d/PhC8emQEAAAAnEGlSRcAAAAAnLis//f7fwAAAHC+5b//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7NzP7eJA1EcgJ8NXth/WrTa+7ayNyhjS9jjHiMKSBMUkANpIQ1QA7mlhAgiPA6BiEMkj20l+j7JmYxlfrxBcJgZaQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu3Vfrxe3V7+u2Obt9O3lGAwAAAFyyrdaL+p9Z6n9t7n9vbv1s+kVElBFxae4+ik9nmaMmp3p5/ub0+epVDXcRdcLhPSbN9SUi/jTX44+uPwUAAAD4uDbL1TzN1tOf2dAF0ae0aFN++5spr4iIavaQKa085P3KFFZ/v8fxP1NavYA1zRSWltzGudLepP65H1ftpidNkZry4suORWYbOwAA0KPRWdPvLAQAAIA+/Ru6AIZRxPNW5nErcJKaZnvv81kPAAAAeIeKoQsAAAAAOlfP/3s6/2/v/D8AAAAYRjr/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC5tq/Vis1zN2+bs9u3kGQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyxP+8oEAJhEAZ713cmc//DSoOmpiZVIHz8jcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMX+vKRACARBFMwZ/zvp+x9WEvQMIkRAw6OKWjQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMXO/bzGUcUBAP/OzM7WtooxSg4RUfCgF5tua2tv4kEJHvwThJBua+zWH20QW4qYizfJuRfRo4igxFv/h55b6KXeethDBc/KzM5kp23A9dfMNvl84M377jDM+75ZCPnOewkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtfFb0zgrDguTOK3O3bp/bb3obz/UF25s31kuWhEnbSb9eHih+SFZioij3SUDAADAwZDV9X1E3M13Vos+XSjr/7y+pqj5v31qElf1/Gd1yfpw/V/X/kX75ed7z+0OtDAZp7jpuY3R8PijqfT+rznOu6f/8ope+eTLdy9Z+YWk7249O87L55l8ffPm2/0yPNRGtgDAP3Gs7qug/n2o6AddJgbAgdFrFN51/Z8tdJsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQBvGW3G0jpOIWO5N48Lt+9fW9+pvbN9Zrtvp69e348vpPYtb5BFxbmM0PN7qbObb5StXL6yNRsNL7QcvRkRXo79ZTf/C+zNcHNHJ8xH8R0Fafdnzks/jEXT4QwkAgH0pr1pR19/Nd1aLc8lixB/fPVj/v9KIY8b6/94Hp281x2rW/4PWZjj/VjYvfrJy+crV1zYurp0fnh9+9PqJwRuDk2dOnTqzUr4rWfHGBAAAgH+nX7Vm/Z8uPrr+f6QRx4z1/6ffDL5ojpWp//c0XfTrOhMAAICD7ZmXfv8t2eN80u/H52ubm5cGk+Pu5xOTYwep/m2Hqtas/7PFrrMCAAAA2jDeSh5Y/z/biGPG9f8nv3/+x+Y9s4g4XK3/H1v/eHS2venMtTb+nLjrOQIAANCtw1Vrrv/n5f7/dHfLQxoRr748iat/AzhT/Z+989UPzbGa+/9PtjfFuZQuTZ5H2S9F9Ja6zggAAID97ImqFcX+r/nO6oc/HXmvb/8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQNv+DAAA///fxzxy")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
pwritev2(r0, &(0x7f00000001c0)=[{&(0x7f0000000300)="ff", 0xfffd}], 0x1, 0xe7b, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143441, 0x98)
fallocate(r1, 0x10, 0xcf7, 0x2c03)

4.007732695s ago: executing program 1 (id=588):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000380)={[{@acl}, {@heartbeat_none}, {@err_ro}, {@coherency_full}, {@coherency_full}, {@localflocks}, {@intr}, {@noacl}]}, 0x1, 0x442a, &(0x7f0000008940)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3+5159pnD8MSJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAud/2MBAAAAAAAAAAAAAAAAAADgb2rz/f9cdKLJ+/9jyXGkRf31tzo/Rjpn4u2rYxcGh5L936Nt+a8nSb+c6wr9TfZ9z+7/fi5Tv/n+79v72a3G+Br99oUoHkidx/HAQAjfJBu/n4qOxKXyUuXVW+Xlhdk9G8YzKx3/+u79qegkG/q3G//RTPud3///v9uupur5zb27xJ5r6fh3tSz37adRW/E/n6m3H/Fn99Lx766l9W4tMFKfAKrx/7x75/iPZdrvVPyPhxByUXWsudQMUF3DVNNbrVdIS8f/UC0tNXUmH2Sr+//3TPwvZNo/qPl/JftFRFPp+P+rltaTKrF5//fHO9//FzPtH0T8q+Nf8f3flnT8D9cTu1NFap9ku/P/eKb9TsX/epyM83iUugJWo3p6q/9XR1o6/j3b8jef/+K21n+XMvX36/mv0W/j+a8x/b8c1Z//aC4d/96W5dq9/ycy9To9/4/U1n/sVjr+R2pp6bVzX+1nu/GfzLTfqfjXViU9jfhvzid/HK6nf23915Z0/P9dT4y3llip/ayt/6Kd1/+XM+0fxPqvOv6VuLO9Pi/S8T/aslw1/j+08f1/JVOv8/EPYdBaf9fS8T/Wslzt/u/ZOf5TmXqdjv9LnWwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Bkwmhz7QhQPpM7jeGAghPPJ+alwJJouzOanS+WZj5ZCGEvSc+FEdLtUni6U8nML5dlivlAqlWdCuJDknww90VKpXMnPF+5e3GirN7pTLCxWpouFSghhPEn/fzjWaGt6rjJfuBtCuLSR95+4vHj3TmEhPzu3+Obg4OBgmNgYQ39U/KRSXKjUe6/nhjC5Ubcv2jK4WvbljbEcjT4sLy8uFEq19Ctb6pTKM4XSljpTSd4XoT+qLC4vzBQqxXypfLvR30EaSY5jE9feu3ZlaFv+zah+HN3fYQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwFz0afuPLEEJ3/SwOIYw0fomalX/4uHg2/3Tq/trw6cnVB2tPWpUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JMdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7NIxSgNBFAbgN2Ohdh7DatntbFcU0cIVwRPoMTyMHsVLeIcUKdKmCIFkFsJmF7ZJqu9rHszPzHswDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHme3ruPt7qJSHG1uYz4+/pfHOYvpf7cj9+/OMOMnM7za/fwWDfl39NRfleOlm3epevV92eM1N7vYE+G+7TX97menGtq36bm6/veRMpVRLQlv005V9W8twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyw4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRR9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD///4CHxA=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file1\x00', &(0x7f00000001c0), &(0x7f0000000080)=ANY=[], 0x841, 0x0)
unlink(&(0x7f0000000180)='./file1\x00')
close$fd_v4l2_buffer(r0)

3.760161687s ago: executing program 3 (id=591):
r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r0, 0xab00, r1)
ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0x9)
ioctl$NBD_DO_IT(r0, 0xab03)

3.3702894s ago: executing program 2 (id=594):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec8500000050000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x3000000, &(0x7f00000006c0), 0x1, 0x512, &(0x7f0000000c40)="$eJzs3W1rZFcdAPD/vcmk2d3UTFVkLdgWW9ktujNJY9so0lYQfVVQ6/s1JpMQMsmEzKRuQtEsfgBBRAU/gG8EP4Ag+xFEWND3oqKI7upL3St35kbzMJMMySSzTn4/OJlz7sP5n3PJ3LkPh3sDuLJeioh3ImIsIl6NiOlielqk2OukfLnHjz5YzFMSWfbe35JIimn7deXl8Yi4Uaw2GRFf/0rEt5LjcZs7u2sL9XptqyhXW+ub1ebO7p3V9YWV2kptY25u9o35N+dfn5/JCufqZzki3vrSn370/Z99+a1ffebbv7/7l9vfyZv1hY912h0Ri+cK0EOn7lJ7W+zLt9HWRQQbkrw/pbFhtwIAgH7kx/gfjohPto//p2OsfTQHAAAAjJLs7an4VxKRAQAAACMrjYipSNJKMRZgKtK0UumM4f1oXE/rjWbr08uN7Y2lfF5EOUrp8mq9NlOMFS5HKcnLs8UY2/3ya0fKcxHxXET8cPpau1xZbNSXhn3xAwAAAK6IGy8ePv//53TazgMAAAAjptyzAAAAAIwKp/wAAAAw+pz/AwAAwEj76rvv5inbf4/30vs722uN9+8s1ZprlfXtxcpiY2uzstJorLSf2bd+Wn31RmPzs7Gxfa/aqjVb1ebO7t31xvZG6+7qoVdgAwAAAJfouRcf/C6JiL3PX2unKJ4DCHDIH4fdAGCQxobdAGBoxofdAGBoSqcuYQ8Boy45Zf7xwTuda4Xx64tpDwAAMHi3Pn78/v9EMe/0awPA/zNjfQDg6nF3D66u0llHAN4cdEuAYflQ5+OZXvN7Pryjj/v/nWsMWXamhgEAAAMz1U5JWimO06ciTSuViGfbrwUoJcur9dpMcX7w2+nSM3l5tr1mcuqYYQAAAAAAAAAAAAAAAAAAAAAAAACgI8uSyAAAAICRFpH+OWk/zT/i1vQrU4evDhx569dP3/vxvYVWa2s2YiL5+3Q+aSIiWj8ppr+WeSUAAAAAPAU65+nF5+ywWwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqHn86IPF/XSZcf/6xYgod4s/HpPtz8koRcT1fyQxfmC9JCLGBhB/735E3OwWP4knWZaVi1Z0i3/tguOX25ume/w0Im4MID5cZQ/y/c873b5/abzU/uz+/Rsv0nn13v+l/93/jfXY/zx7pNzL8w9/Ue0Z/37E8+Pd9z/78ZNO/EMh8sLLffbxm9/Y3e0640CV3eIfjFVtrW9Wmzu7d1bXF1ZqK7WNubnZN+bfnH99fqa6vFqvFX+7hvnBJ3755KT+X+8Rv3y4/8e2/yt99T6Lfz+89+gjnUKpW/zbL3f//b3ZI35a/PZ9qsjn82/t5/c6+YNe+PlvXjip/0s9+j95Sv9v99X/+NyrX/veH7rOObY1AIDL0NzZXVuo12tbJ2Qm+1jmkjNvPx3NGGAmno5mDCuTfbfz/3i+es65+rFMdp7Vx2MAzZg49j0di7NWmETs5XX1+Q8JAACMmP8d9J90BwkAAAAAAAAAAAAAAAAAAAC4SGd8LNlkRPS98NGYe8PpKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAif4TAAD//4RX0Xo=")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x0, 0x0)
open_by_handle_at(r1, &(0x7f0000000240)=@reiserfs_2={0x8, 0x2, {0xb}}, 0x0)

2.750919539s ago: executing program 3 (id=597):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000380)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@resgid}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
syz_mount_image$iso9660(&(0x7f0000000180), &(0x7f0000000040)='./file2\x00', 0x101080e, &(0x7f0000000100)=ANY=[@ANYRES64, @ANYRES64, @ANYRES32], 0x1, 0x683, &(0x7f0000000440)="$eJzs3V9v29YZx/Ef5X+KOwTFNgRBkCYnyQo4WKZQcuPAyIBVoymbmyQKpDzYwIAia+wiiJxuSQYsvil8sW4Dujewu15sF3sRA3a9V7HdbUCx3Q3YDQceUrZk/bNqJ2mT7ydoRZEPz3lIKnzASDwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQ4625btlRPWhubpnRvLUobIxZnrU2p5vZxM2J/UpO+p+KRV3MZl389tHiC+n/ruty9u6yiulLUftvXXj73rdmC931xyT0ZWjaBp8+3390v9PZeXKC2BlN3fyrpMIJgtb9ZhCHQaO67psgDs3qyop7e6MWm1pQ9+PtuO03jBf5hXYYmSXvpimvri4bv7QdbjbX16p1vzvz7vcqrrtifrSQHWhJpdjbCOr1oLluY9LFacxd89lPswC/2jBm92FnZ3lSkmlQ+SRBlUlBFbdSKZcrlfLKndU7d113dmCGm3LcQxqIOPMPLb5mzu7kDZxSIa3//3CkuopqalNbMkP/eFpTpFCNEctz3fr/7m1/bL+99b9b5S9KP8gXX5Kt/1eyd1dG1f8RuRgZu8KwJc6I+dP9mctbearn2tcj3VdHHe3oSb4nTtn+1dPm9+sz2EajvyeZ0RHr8tVUoFihAjVUtXNMPsdoVStakasPtKGaYhnVFKguX7G2Fast336iPEXyVVVboSIZLcnTTRmVtapVLcvIV0nbCrWppta1pqr+myTJrh7a/b48ZivUDSqPCFjoDaqMaelYMV/s1v+ffZJ9TvP671L/31TZ52AhP4uNiwG+ApL8+n9KV19MNgAAAAAA4EVw7L++O/a7+3ckJaoFdd991WkBAAAAAIAz5ChZ0GU5sj9p0ztyuP4HAAAAAOB149h77BxJi/ZH/c7RnVAn+UeAmZeQIgAAAAAAOCV75/+VeSmxg1ZclTPV9T8AAAAAAPga+G3PGPuz3TF2k+7X+gVJcWvB+cu/FxTNOQetre84e9V0SXUvjxn4BUC7dsk5nw/Ua1/mJdl3nn/ZyXvLB8E8HHfwi91JY/070bEE5md6GxiRgJP2vDKbv9Nnupatci0fZ/7BfkF2SdbLYi2o+yUvrN8rq1o9X2j7W+1fPn74Kyk63M7dh52d0ocfdx7YXA7SWQd7aaOf9KVTGL4zjnJ5ZsdbsPdcDNvic6p1u/xds7Ho2H7d7vbPqLpX6O1o3AE46vNTXc+O2fXFLHZx/3DE/XT7i+n2l0v2kPVtfTTnHGVRPr7lww7EiCyKNosbWcyNpRvZSze/tJ2CU/zujFQpDR6DviwqvVlM3hfOfwb2xbgs8n2xnGbxV30qaXgWy9NlMXBEAOBV2T2qQnYQ84G62y0P3ZPal6o7k6v7+/3V/dkfksSuMCPN5t9NjO2lqPSMvuTYOjQve2KdvTTkjO7mdaWoEXXFPUV1S/v689EzkPK0B7L4X5Ik98q2398fq6qfpyt8PrLfuF6ZSXfh7Wd7P7cD4Kc+2vlo53Glsrzivue6dyqas5uRv8zoeKb8ZhMAcIJn7EyMcN7TtSzi2oN/vZtN9VW8bx7+pKCkD/WxOnqgW91HCFwd3upiz88QbmVXreq5ajUX3r53TjoeW9atkVd1tpb2xFYOY+fUXaW/Uh/FLr/gowAAwMt1fUIdHl7/i331/5aWsoilS0Ovu/tr+fEnBI+KLU9O/v2z3hsAALwZ/OgLZ7H9GyeKgtYH5dXVcrW94Zso9H7sONK6b4Jm24+8jWpz3TetKGyHXlg3rUgLwZofm3iz1QqjtqmFkWmFcbBln/xu8ke/x36j2mwHXtyq+9XYN17YbFdnZNaC2DOtzR/Wg3jDj+zKccv3glrgVdtB2DRxuBl5fsmY2Pd7AoM1v9kOakE62TStKGhUo23zk7C+2fDNmh97UdBqh1mDti+vbYJmLYwattmSkqkfdAgAwOvo6fP9R/c7nZ0nYyYONDkmn5gf0iDfNwMA8BVzVK6nWKn4AhMCAAAAAAAAAAAAAAAAAAAAAAADTnL/31QTc8NuFpQO5/zi/LG1/qhh7Tg668SmmShMu1b3loj9R38bE3zucE539/fGHLy0DfznN6S37Bxlc2bPvq9zdm+8vAP3/d1sj46MSRcOXbRweCxmz/6vQzrx+E8jFiVJkoxffaF/H86P28D+iVlJT+ZPcQj6ThOMmwG8hv4fAAD//zOKP+M=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000040), 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file1\x00', &(0x7f00000001c0), &(0x7f00000006c0)=ANY=[], 0x841, 0x1)

2.611463938s ago: executing program 1 (id=598):
r0 = msgget$private(0x0, 0x0)
setresgid(0xee00, 0xee01, 0x0)
setgroups(0x0, 0x0)
setreuid(0xffffffffffffffff, 0xee01)
msgrcv(r0, 0x0, 0x0, 0xffffffffffffffff, 0x1000)

2.237470707s ago: executing program 3 (id=600):
r0 = add_key$user(&(0x7f0000000200), &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000002c0)="f5", 0x30, 0xfffffffffffffffe)
syz_open_dev$video(&(0x7f0000000180), 0x0, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000180)=0x8, 0x4)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000040)={r0, r1, r0}, &(0x7f0000000340)=""/83, 0x53, 0x0)

2.15544854s ago: executing program 2 (id=601):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xf, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x20)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r0, r1, 0x6, 0x0, @void}, 0x10)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r0, r1, 0x6, 0x0, @val=@tracing}, 0x40)
syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)

2.155191812s ago: executing program 1 (id=602):
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x80080, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x3)
ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000080)={0xffffffff, 0xe7, 0xfffffffe, 0x2, 0xb, "ea7174ddb80fc70000020000000000d3a2d975", 0x2, 0x4})
ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000024c0)=0x2)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000000c0))

2.112411231s ago: executing program 6 (id=603):
r0 = socket$rds(0x15, 0x5, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x4e01, @local}, 0x10)
sendmsg$rds(r0, &(0x7f0000000680)={&(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0)

1.983522028s ago: executing program 3 (id=605):
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x3, 0x0, @remote, 0x5}, 0x1c)
sendmsg(r0, &(0x7f00000000c0)={0x0, 0x953c, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xffbd}], 0x1, 0x0, 0x0, 0x2c}, 0x4)
setsockopt$inet6_int(r0, 0x29, 0x49, 0x0, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x3c, &(0x7f0000000200)=0x3, 0x4)

1.982838385s ago: executing program 1 (id=606):
r0 = syz_usb_connect(0x5, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000e00)={0x10, &(0x7f0000000c40)={0x20, 0x30, 0x1, "b9"}, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)

1.95342504s ago: executing program 2 (id=607):
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000000380)='./bus\x00', 0x8, &(0x7f00000000c0)={[{@space_cache_v1}, {@autodefrag}, {@ref_verify}, {@compress_algo={'compress', 0x3d, 'lzo'}}, {@clear_cache}, {@noacl}, {@noenospc_debug}, {@barrier}, {@nospace_cache}]}, 0x1, 0x55ae, &(0x7f000000ac40)="$eJzs3X9snHUdB/DnruvaFdeWMOuArGwDJFtEOjdNCCR2bNNpYTnphE3I+gNH0DmtY8NVCCtinIERijWMwQoLbn9MEYqucyiJBewqul8IJtNFBbPFNWOkOBExYTG9u+d299zaHhMpwuu1tM/zvc/z/d73njx/3PvW73MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEHwx+N3TL/t3roJ26+ru++8a85e+2D3kuMX3rq1avND20v2dTz31aNVq1qPLF1w0/2JpkfW93d3BkEs2S+W7t9w2fwrr69vuKI0HLDxc6ltZeVQT5nq+mKqMTbnwcF+uT9NQRAURwYoSm/npXfiOQNkdlfkDzisayf1tE4dP69x28qujc8uu3xL/ktnUOloT2C0pK+rgyeupdrk73jkiEw769KL5Vyiqf7RC+4deREAwFtSk0huMm9H029xM+22aD3Sro202yPt8B1Ce3bjVKTGHTvUPCdH66M0z9pUVCgZcp6Revr8Z9qJaP9IOxI13sI8cw9NR5rSoebZEqmP1jwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k0uuH5m/d49D7/8ldbf/u7h17/16sePrGq8ZaC7/qJ1ix/v2PG9vx2tWtV6ZOmCm+5PND2yvr+7Mwgqk/1iqe6xZ6ri8ZkDddseu6e3puFDC9cUpccNt2OyDg72hzsXVwRBc1blYDhsf3kQJHILyWawIb/wpeTOZ8ICAAAA7yVnJn/HM+1UHCzOaceSaTKW/BdKhcVrJ/W0Th0/r3Hbyq6Nzy67fMupj5cYYrzak46XaVee+IllBeMw/kbHO1EPD12RN87woiNG8/zpx/qnNdfdUHrl7gsWzphdv+XS4CfTD3csX3TfhBfHL9nXXpOX/yuHz//hmZP/AQAA+G/I/9FxhjdS/m+uqZh0cOp3ix67rur44fkP/Lyz7/kn4w8VD3Q//dLYcbf9cnVe/p+c85R5+T+ccZj/48Gp5X8AAAB4N/tf5//avHGGN1L+/8X+zZ//98pvTDk84187Xnj69xdvnVI+/7WyGTe8+cSCVxp2tf0pL//XFJb/x2RPO3xwVzjhZRVBUFP4SQUAAAByhP/vfuKjhTCvpz45iOb1y+4qe3LXG+tvjJ/V8o8zFvfPqv7i7tVf37ApNrChc92O5XNX5OX/2sLyf/E783IBAACAAvxm+y13V395ydYtew7N2XFnYvPYS+a+uuennVf1vXwsUfT8zX15+T9RWP4vGZ2XAwAAAJzEU+MmPnfo0UNfm7177YS9q9rmPD5t3+qFD/xz9t+veOnPxzddWJ6X/xsLy/9l6W165UOq087wrxA6KoKgdHCnJVXoC9o/mSkAAAAAb5Mwpzc1revduX7MrNfOPvzDNSuW/2rvpd++a2P1zQd+XXX7ucf2996Yl/9bhr//f3ing3D9f879//LW/2cVUnf9u8SNAQAAAHg/yl/PH94eP/XNBUN9/36h6/8/euaBko7m8ysnx7dVz3rig31Xra1+fVHHRZ/YfusbH46V//VTefm/rbD8X5S9fTu//w8AAABOwf/b9/8tzhtneCPd/79v3DPnrPnsPT+o/WbZU+e+eXfzd9oPTj9v87QzPlJ0fvecmX/4fl7+by8s/4fb07JfXk94fm6vCIKJgzvpuwluDae7LFLoKs4qpE58pEd92CNd6CrJKiS1RHp8rCIIpgzutEUKp4eF9khhoDxd2BQp7A0L6eshU3g0UugJr7R7y9PTjRZ+FhbSCyy6whUUp2WWRER6HBuqx2DhpD0OZJ4cAADgfSUMz+ksW5zbDKJRtis20gFlIx0QH+mAopEOGBM5IHrgUI8HjbmF8PEfz+1e+so1D9b1Xt1w9KzZe5bc0faBnkW9O7/wo55z/nL1Cws/nZf/NxWW/8NTMTa1GWr9fxCu/09/r2Fm/X9jWKiMFLrCQiJ6x4BE+BypsHtn+ByViXSPgYmZAgAAALynhZ8LFI3yPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sHfvcVJVd4LATzf9oJum6YgBY4ygRkR3aZomGEQcUXRXo4tNJKtjhtAIjXZoAwq4YsyKr3GV6GLUmBjZwY+jJg6r+CDqRIXoiElGJfE5Kz4HnciqS9BR45gs++m+dYqqW112IaC0+/3+0XWqfud569F17r11LgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/P/hsiX3Nrw58H9965ffW/f697409TdTD9m8y19uqHt3yDlPbT5ocN0tbw1asPCNtklnXtsyffk1G1YuDaGlq1xZUrzsoUHl5aP/cMxdt13xcNO0wVPOrcrUm4mHfp1/yjN3Loytvto/hLvLQqhIB0bUJYHKzP26WN8edSF8LmwJZEu01SYl0g2Hh2tCWBa2BLJV3VsTQl1OYMoTD666rDNxVU0I+4YQqtNtvFCdtFGTDgyrSgK16cCciiTw/uZENnBPeRKArVHV3YPxzZB90a9oyc/Q0H1lRV5/lR+3czuZ9PD6xERD8XxvHbaDO5Wj4Lls2aanrduXBttdwdtjtXdbL3i3FWznJZ623C9SmW8om7eEqkP5zLZZ0xd0zI+PlIfGxj7FatpBz/O6TefM2Jp0r3kdxg40bJfX4QO1k+ove3viwStP/uPp+85fO3Vbu/lczibNTe9o1SHzmus1z2M04dP7PNm8LYW3r539aSv4ljTUl64QwvF/+nzZM3Ne2n3jB6+eOPH2Fy6+etrCa6ZMfHbQL8b+47W73D3t8oL5f8NHz//jyznelufljq1+WJ/MzeMjdTGxsT6ZmwMAAECv0Rv2mn519KsvnfrQ3YteXH5cxXfH/eqk3eorzv5+x/G7rhz/xUuvbH98l4L5/9DSjv/HQ/51uaNdHcKErsQFA0LYrevxJPCz2J2TB4SwV1eqJT9wWCqwOoQvdCX2z1aVKtE3lhiaCvy+PhOYkAqsiYGWVODGGFiSClwYAytSgRkxsDoVODwGQnv+OA6oz4yj5EBNDLQmG3FFPAvhnfrYWmpbrctWBQAAsJ1kZoeV+XdzznXY1gxxermipqcM8QzsohmqUzWkZ7DZaVXRGip6qqG8pxqy41700cMvqLmsp5oLTsMoy8/w4ZDvlA+YuPeP7rpxxE3NL0787rtjj//Kn998d/X+//Tf7zln/nUHFMz/mz56/l/dTUfKCo7/hzC562/MXZ6JdGTjrS15GQAAAIBtcNVjS5+84YCj/s99L99355euvaF89dVf/7+vbLxg71HHDS/r+3ffXlEw/59Q2vn/cZ9In5zM4dG4G2L2gBCa8gNJtQcXBpKj3v0yAQAAAOgNssfjs8fC2zO3ySna6fl0Yf6WrcwfD/xP6Db/5Zv++tkvX/vkiQuH7bPhiv925gdlnx/7u12OXTvy8bf2HPYPDX0Lz/9vKe38/9r826QTa2IvrhwQQt+cwCOxl52BLkNj4OVD8wOZ8a+JG2BxrCpzYkK2qsWxRGsMNKUCy4qV+G22xG75gcyTlW38guw42jMlcgIAAADwiYu7A+Jx+Xj+/z2TD/jS/oNeGvPinvcufG3C0hNOrf3hPrfs+vqAjkljDpxwyBHPFMz/W7fu/P+ueXDB6f0d/UIYWRFCn/QPAx6tTRYGjIG6skzi/tqkrj7pqs6rDWF858DSVb2SWf+/Ir3G4BM1SVUxsNveP900rDNxQ00II3MDz3zz+jGdifmpQLbxb9SEMKRztOnGV/ZNGq9MN35N3xD2zAlkqzq5bwidjVWlq3qwOnMdg3RVt1WHMDAnkK3qwOoQFgYAeqn4r3Rm7oPzFp49e3pHR9sZOzAR9+HXhFntHW2NM+Z0zKwu0qeZqT7nLWN0XuGYSr3yzfOZJYqmDrl9eCnp7O8Em3LbyuzHLzhxMHM/fheq7Bpnc2Xe3dHpIQ/fp7CJkPNNqtiQy3fwkGtzK9nyJBbUH/NXhX6h74J5bWc0njV9/vwzRiV/S83enPyNh5mSbTUqva1qu+tbCS+PoqtlpXzcbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/PQx1v+6qTg118/Uljms7DnX3ipxKPolPDQkJid6WmL6k7PwJ0359/7f2WHPaWSft8fd7zBxx0l9d/pu5JzYeMvlX1//l2oL5/9yPnv/HT534yZ9Zn6HY8f+GeJg/eXzLYf7WGFhW6vH/hmJH87MnBgxNBRbFwCKH+QEAAPhsiLsj497MuFf6urp/uvvImTMOef+XJ0y5+m/Hjjv1rPX7Nlx89bFL/sP6d5asOuLtgvn/otJ+/7+d1v/PLl3/tWLL/O8fSzQVW/8/vcx/dv3/RcXW/08v859d/3/Zp7D+/4JsILVJ3rH+PwAA8Fnwya3/3+Py/ukLBBRk6HF5//QFAgoy9LiMf6kXCNjq9f/ndPxF7aDL54w7dMTcHz+yau8lA2/70vMTf73P0oNG3LvylvdG3Vow/19S2vzfwv0AAACw83jol32/ffG7w+5/6pH3jyy79Lcbbzr+r9oOOOQPA5tPmXx0zfdv+reC+f+y0ub/n/z6f6HY+f9DiwVaii0MaP0/AAAAeqli6//dPPDloavnj7jxsZ+/ectLrb+YOf61f7fkB1+ZPqzp5jXrftMwY33B/H9FafP/eNpFeV7u2JsP65M17UJ6TbuN9dmfDAAAAEDvUB4aGytLzJu3MuphH7/NdZmlQD8qnevp+watWlD+0FVl1Rt/cMm0QxrPPfbMOUdetP77tU/+pHZqY/UZBfP/1aXN//N+l/FA7aT6y96eePCHK0/+4+n7zl87dcvxfwAAAGDHKXW/BAAAAAAAAAAAAAAA8Ol7qnXpQR+MOvqNmXuN+tM3jn3hB4u/+M1H/ubaP5/588Pv26t987ApBb//D5O7yhX7/X+87l/8fcGuebljqz2v/5e5P+WYWxd2LVn4aH0I++QGZp8/+3Mhc23+/XIDq6buP7gzcX66xH0vHv5aZ2JaOnDUiF3e60yMTwVa4yKJX0gH4lUV3+ufCsTlFZ9MB+L2WJEOVGUCl/RPxlGW3lYb6pJtVZbeVs/VhTAgJ5DdVnfXJW2UpQd4VSqQHeDp6UAc4KRMoDzdq1v7Jb2KgbpY9G/6Jb0CAGCnFb8FVoZZ7R1tTfErfLzdvSL/Nspbsuy8wmrLSmz++czSZFOH3D68lHSf9HfRLdcarwzVnUMYVfB1NTdLWdcot08tPWy6XYsMuafV3sqLlEvb2k1XVXxENcmIGmfM6ZhZ2ePAR/ecpbmixyyjCiY7uVnKuzZpCbWU0JcSRlTitimhy/F+eWhs7JPKNS4GG0Kenl4Rpf5eP3edv2Kvgtw8f1tz7aV9Bvd5/9/GX/TQgwMqO06d3HbR7o/988BRM3/8wwdbr/l9wfy/obT5f3XuuN7LXAxgUbyy3sEDQmgtcUQAAADw2fc/z11+x4lz1myYtbri2d/9bnb5cSdWbj7nrnPOvui5+xcfdcm/v3lb4yvKntp04hubzvrrN37ylesePuulw2ecddekdYesb6u+8bt/sfzUIQXz/6Glzf/jHqzMoeBkb8fqeP3/CwaE0HVp/YYk8LM43JMHhLBXV6ollkguqP+1WKIpCfws7jDZP5Zobcmvqm8MrEgFfl+fCaxOBdbEQGYvxU9DZlfOFfUhjOlKTc4vMTeWaEgFjouBoalAYww0pQL9Y2BCKvBm/0ygJRX4xxgI7fnb6s7+mW0FAACwNTLzrMr8uyE9z1tR0VOGsp4y1PaUobynDNU9ZSg2inj/jpihMnXySllOpsp0rTWpWgoyxIvhb3W/CjKE3+bnTBcsaDqef5A936AsP8O4H97RetDX5v1408U/evzIAy88csmVb196dL/BVz77v9vP7dd/U23B/L+ptPl/bf5t0vqaOP/fcv2/JPBI7N6V8dTxoTHw8qH5gcyOgTVxsrs4W1VLpkRm0r44lpgQA0NTgbkxMCEVaJ2cCSwbnB/IzLSzjV+Qbbw9UyInAAAAAJ+4uIMg7qaJ8/+V48I7exz5fvPuVw6cO+7xR847YnrNrtU1/zx+7dLxl1Y/tF/fgvn/hNLm/7G9frmNXRh782r/EO4u29KbbGBEXRKI+zHq4s/j96gL4XM5OziyJdpqkxJVqYbDwzXJL9Sr0lXdW5OsMRDvT3niwVWXdSauqglh35y9L9k2XqhO2qhJB4ZVJYHadGBORRKIe36ygXvKkwBss+xewfiCypzqktXQfbkir7/PyjVB08Mr2AfaTb7ufnO1o1SnH8jsU83auqetoDp2iIK3x2rvtt74bmvwbsv9IpX5hrJ5S6g6lM9smzV9Qcf8+EjuL1kL7KDnOfdXqqWkt8PrcNHH723PqtMdaEp9fDR1X67712FZrO6B2kn1l7098eCVJ//x9H3nr51acjeKiD8UPvjWuQc8l7N5d7TqkHnN9brPkxafJ73x38BQT1sIYfkFs5584l/ef75iffN/OXDs8tvefGz5Tw56YNaIL2y45Msb33r3qIL5f0tp8/+K1G2XD+LGnDcghOE5G/fRuPknDkg+B3MCyafkwMJAcsh9fX3RT04AAADY3rK7O7L7C9ozt8kJ4el5cmH+lq3MH/dXTOg2f6n9HjjmH7536FWvf+Pr63e//NGlT637T2++csS0Qx/Y9PSKla83H/v5pwvm/60fPf/vm+qm4/+O/7ODOP7frZ19V3Tf9AOLtmlXdEF17BCO/3drZ3+3Of7fLcf/Hf/vjuP/PXD8v1s7+9NW8C1pri9dIYTWATfc/ova6cP7XXHOt2as/fnT7zSNe6Hu3KPv/B+HLw7XnLfqzwXz/7mlzf+t/9f9on3Z9f9ai63/N7fY+n+LrP8HAADsUEUWmkvP8wpW7yvIkF69ryBDjwsE9rjEoPX/tnr9v9qTzj7plfq39rpm4u3/+c7pFz5/0onP7tvn+RNuP+GmkVcPf+nLGwrm/4tKm//Hl0O/3NZ7y/p/QycXqWpJDMy1MCAAAAA7o2I7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPh0rXhw8Rc3L97noJue/fxNh//rsjWz9v7VAZtHjzm5cfjigWVX/t2/vDVowcI32iadeW3L9OXXbFi5NIT2rnJlSfGyhwaVl4/+wzF33XbFw03TBk85tzpTb2Xm9ot5uWOrH9aHsCznkbqY2FjfeWdLYMoxty6s6Ew8Wh/CPrmB2efP/lxn4sb6EPbLDayauv/gzsT56RL3vXj4a52JaenAUSN2ea8zMT4TKEt397r+SXfL0t29rH8IA3IC2e5+u39+Vdk2/mMmUJ5u4+a6pI0YqItFf1SXtBEDHbFEe98QRlaE0Cdd1a+rk6r6pKv6++qkqj7pqv5rdQjjQwgV6aperEqqqkiPfG1VUlUM7Lb3TzcN60wsqwphZG7gmW9eP6YzcXoqkG3861UhDOl8yaQbv6Myabwy3fhVlSHsGUKoSpf414qkRFW6xCsVIQzMCWQbP7UihIWBz4T44TMz98F5C8+ePb2jo+2MHZioyrRVE2a1d7Q1zpjTMbM61adiynLSm8/7+GN/ftM5Mzpvpw65fXgp6YpMucquLjdX5t0dvbP3PvarNreSLc9HQf0xf1XoF/oumNd2RuNZ0+fPP2NU8rfU7M3J3z6ZaLKtRvWWbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/22Oo13/yQ929IqeST+IDQEJCorclyvM+3Zp29g/ygi/6WzpaGaq7PqALphW5Wcq6Rrk9Bn3Yxxzxx/me0uOIRhVMHAqyNPecZXTBZGJLlpokS9f3uoLJYW5N5V2bNN4vD42NfYpth4b8u7mb961t2LzrMpuu1DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD/2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBYAAAAAECYv3UYPRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlwIAAP//WKHPZA==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x141042, 0x0)
pwritev2(r0, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0xfdef}], 0x1, 0xe7b, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x107842, 0x0)
sendfile(r1, r1, 0x0, 0x40000006)

1.865252764s ago: executing program 6 (id=609):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa10000000000000701"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180200000700000000000000fa7f0000850000007500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r0, 0x0, 0x0}, 0x10)

1.822880534s ago: executing program 3 (id=610):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000005140)='./file0\x00', 0x16, &(0x7f0000000080), 0x1, 0x5124, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac895ztz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVG7V/eUB6x0/eLuo5v2NjceP9yuX7109mT5pbNgYqUnsFLy8+rC4rnU7PweSfYo2l2nXq3nFM36pyfcv/IiAIAlmWp1FsXH0fwjbtHen9aTdjNpt5N2/ITQ7m4sRzbuqn7z3JDWV2iezSwqjPedZ1LP3/+i3Ur7J+0kaixhnr275pFmot8855L6Ss0TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4E7yyNujD1XVT12bPnNuprnzwJaZy/um150OodHZXsvKtdXvH27+9e3WYwd+3PzV8QvPP1bP+8XlaNfO4be48sRkCG90VS7EYS+uDaHVW+g0w5flwludlediAQAAgLvJ/Z3fI0U7i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLyi3Vj8qXUF4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6Pd044bf40T3jUZwtSgqQMAAAB9xP93X/xqIeb17JuDNK8/9ejBc1XjlfJ/c7j8P3ZLXxUAAABwM458sf3hqnop/7eGy//jt3XWAAAAwFK88+HEB1X1Uv6fHS7/r86X+ZUPWaef4l8hHJoMYWJhZS4r/BzaTxcFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/12F7K5/T7oxAAAAAPei8vX88fb42ZML+j1/f9jr/x/438FXq45fyv/7h8v/9e7lwPv/F5Md/Pw/AAAAWIb/2vP/tpfGqTbo/v/3ffTuL1X9S/m/PVz+j8s13S/vRHx/3psMYf3CSn43wW/i4XYlhfmxrkJHK+mxLfbIC/PjXYWOuaTH5skQHlxY2d+4nssK/4+FdtLjytq8cCQpnI6F/HwoCseSwol4pn2+Np9uWvg+FvILLObjFRRriksikh5X+/VYKNywx9ni4AAAAPeUGJ7zLDvW2wxplJ2vDdph9aAdRgbtUB+0w2iyQ7pjv+1htrcQt7fPbFza8/+PDJf/41uxKlv0u/4/xOv/8+caFtf/z8ZCIynMx0IrvWNAKx4jC7sfx2M0WnmPK+uLAgAAANzV4vcC9RWeBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwD/s3XuMXFd9OPAz+xrvw7ubwE+E/BAsUMe44PXaDg+1qVinqYpCKeuSElWIYmOvw+INNrZTcATIsUEpiqChRII/iuIIIZw/klokCGhAcSNhFDUkKFUjkigRaZ0gotA0gEIhEq5m7z2zd87deaztdbzh85G8c2a+53nn4Tn33jkXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA3w/HPvOxv28Vv/d3lz3y+JWTHz646cpnPnnZ+Q+EMDX3eCULVwau/8rkL2679PaDd224+c4Tl7+xLy+Xx8Ng7U9XfufTsdYTK0P4ViWEnjSwdigL9Ob3h2J9rxoK4bwwH6iXmB7ISqQNh+/3h3A4zAfqVX2nP4ShQuCKB++5+3O1xE39IawKIVTTNh6rZm30p4GL+rLAQBrY1ZMFfn0yUw98uysLwGmLb4b6i/7oVGOG0YXLNXn99Z6xjr240uF1x8Ro83w/37TEnSroSx+YOq2nrVQdS6L09jjm3bYM3m2l7Xyjp634RSr/hnJyPlQNXdund2y9ZnZffKQrjI93N6tpiZ7nh5/7xLbFpJfN6zB2YPSMvA4/f/+q27rXvOuHd65d9dSRNx16+nS7+ePCJi2ml1o15K+5ZfM8RpM+T5bB26/0LWnMl64Qwo4P/cG7W8VL8//R1vP/+HKOt10NuWOtLwxnc/P4yFBMPDuczc0BAABg2VgOe013jX/vba3qK83/xzo7/h8P+eeT+Wy0x0KYnEscGgnhgrnHs8CtsbkPjoTw2rnUVGNgUxI4FsIrv/D1PJhVlZRYEUuMJYGfDueBySRwPAamksDXYuDGJPDpGDiaBLbFwLEkcGkMhJn6OOYSfzicj6PjQH8MbMk24tF4FsIvh2NrU40lHq1XBQAAcIbks8PexruFcx1ON0OcXh7tb5chnoHdNEM1qSGdwdanVU1r6GlXQ1chQ6Uw1a9nqI/7QOvhl2qutOtb6TSMSmOGr/zq794TWijN/ydaz/+rC3SkUjr+H8Lmub8xd1cema3Ht0w1ZAAAAABOw+D/PvHVVvHS/H+ys/P/4z6R7kLmcF/cDbFzJISJxkBW7R+XA9lR78E8AAAAAMtB/Xh8/Vj4TH6bnaKdzqfL+acWmT8e+J9cMH/fse9uadXf0vx/qrPz/wcab7NOHI+9+OJICCsKgR/EXtYCc8Zi4Cdvbwzk4z8eN8ANsar8xIR6VTfEEltiYCIJHG5W4kf1Ehc0BvInq974ofo4ZvIShQAAAACcdXF3QDwuH8//f91vN3ysVbnS/H/L4s7/n5sHl07vnx0MYV1PCN3pDwPuG8gWBoyBoUqe+N5AVld3WtV1AyFcUhtYWtUT+fr/Pekagw/2Z1XFwAWvO/LcRbXEV/tDWFcMPPS+W95cS+xLAvXG/7o/hNfURps2/s0VWeO9aeNfWhHCqwuBelUfXBFCrbG+tKp7qvl1DNKq/rkawssKgXpVb6mGsD8AsEzF/0q3Fx/cu//anVtnZ6f3LGEi7sPvDztmZqfHt+2a3V5t0qftSZ8bljG6rjymTq9882i+RNF779g81Em6/jvBiWJb+X780omD+f34Xah3bpwbehvubkyH/IbXl5sIhW9SzYbctcRDHihWMv8kluqP+fvCYFhxzd7pPeMf37pv35712d9Os2/I/sbDTNm2Wp9uq4GF+tbBy6PpalmJU91Wq4uVrNt39e51e/dfu3bm6q1XTV81/ZH1b9kwcfHExom3XryuNqqJ7G+boa5eqOpkqCdv6XBcZ3CoF/YUKjkbnxoSEhLLLbFrcHXL/5NL8//dref/8VMnfvLn6zM0O/4/Gg/zZ4/PH+bfEgOHy8f/G/6XqB//H212NL9+YsBYEjgQAwcc5gcAAOClIU7y49w57pX+2ZpvPtWqXGn+f6Cz3/+fofX/60vXXz7SZJn/NbHERLP1/9Nl/uvr/x9otv5/usx/ff3/wy/C+v/X1APJJvml9f8BAICXgrO3/n/b5f3TCwSUMnS1y5BeIKCUoe0y/p1eIGDR6/8/9p9/89+hhdL8/8bO5v8W7gcAAIBzx6f+4mP/r1W8NP8/3Nn8/+yv/xeanf8/1iww1WxhQOv/AQAAsEw1W/9v9PqBD7QqV5r/H+1s/h9Pu+hqyB1rfWE4W9MupGvaPTtc/8kAAAAALA9dYXy8t8O8DSujbjr1Nh/OlwJtlS564s9OLO78/2Odzf8bfpfx+ftX3da95l0/fOHOtaueOvKmQ0/PH/8HAAAAlk6n+yUAAAAAAAAAAAAAAIAX3xP/cXBjq3jp9/9h89zjzX7/H6/7F39f8PKG3LHW9uv/5feveOft++eWLLxvOITXFwM7D+48L+TX5l9dDNz9/jWvqCUOpiW++/ilT9YSH0gD71h7/vO1xCVJYEtcJPGVaSBeVfH5lUkgLq/472kgbo+jaaAvD3x2ZTaOSrqtfjaUbatKuq0eGQphpBCob6tvDWVtVNIB3pQE6gP8aBqIA/zLPNCV9ur2waxXMTAUi948mPUKAIBzVvwW2Bt2zMxOT8Sv8PH2wp7G26hhybLrytVWOmz+0XxpsvfesXmok3R3+l10/lrjvaFaG8L60tfVYpbK3CjPTC1tNt3Lmwy53WpvXU3KpRa76fqaj6g/G9H4tl2z23vbDnxj+ywbetpmWV+a7BSzdM1t0g5q6aAvHYyow23TQZfj/a4wPt6d5PqjGBwNDdq9Ijr9vX5xnb9mr4Jino+cOPTrVvWV5v+jnc3/q8VxPZ9fDOBAvLLeP4xY5h8AAACW1mc3/ebL8d97rr/3oVZ5S/P/sc7m/3EPVn4oONvbcSxe///QSAhzl9YfzQK3xuY+OBLCa+dSU7FEdkH9y2OJiSxwa9xhsiaW2DLVWNWKGDiaBH46nAeOJYHjMZDvpTgS8l05XxgO4c1zqc2NJXbHEqNJ4N0xMJYExmNgIgmsjIHJJPDMyjwwlQT+LQbCTOO2umNlvq0AAAAWI59n9TbeDek872hPuwyVdhkG2mXoapeh2i5Ds1HE+9+IGXqTk1cqhUy9aa39SS2lDPFi+IvuVylD+FFjzrRgqel4/kH9fINKY4a73tZTDS2U5v8Tnc3/syfzZGPrx+P8f/76f1ngB7F7X4ynjo/FwE/e3hjIdwwcj5PdG+pVTeUl8kn7DbHEZAyMJYHdMTCZBLZszgOHX9EYyGfa9cYP1RufyUsUAgAAAHDWxR0EcTdNnP/fvPczg63Kleb/k53N/2N7g8XGPh1rPbEyhG9V5ntTD6wdygJxP8ZQ/Hn8q4ZCOK+wg6NeYnogK9GXNBy+35/9Qr0vreo7/dmPD+L9Kx685+7P1RI39YewqrD3pd7GY9Wsjf40cFFfFhhIA7t6skDc81MPfLsrC8Bpq+8VjC+o/FSXutGFyzV5/b1UrgmaDq+0D3SBfAv95mqplHa45vtU6xb3tLXcf8sZU3p7HPNuW47vtlHvtuIXqfwbysn5UDV0bZ/esfWa2X3xkeIvWUuW6Hku/kq1k/QZeB0eOPXetldNOzCRfHxMLFxu4ddhJVb3+ftX3da95l0/vHPtqqeOvOnQ0x13o4n4Q+F7PvmvQz8ubN6lVg35a27ZfZ5M+TxZjv8NjHnaQgibn/nSDa3ipfn/VGfz/57kds5v4sbcOxLCGwob9764+f90JPscLASyT8mXlQPZIff/Gm76yQkAAABnWn13R31/wUx+m50Qns6Ty/mnFpk/7q+YXDB/p/0e+Nv3r2oVL83/t7Se/69Iuun4v+P/LBHH/xd0ru+KXpE+cOC0dkWXqmNJOP6/oHP93eb4/4Ic/3f8fyGO/7fh+P+CzvWnrfQtabcvXSGEp/7ke4+0ipfm/7s7m/9b/2/hRfvq6/9tabb+3+5m6/8dsP4fAACwpJosNJfO80qr95UypKv3lTK0XSCw7RKD1v9b9Pp/T1742G/DQvKaSvP/A53N/+PLYbDY+nJZ/29sc5OqboyB3RYGBAAA4FzUbAcBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL667/vF/treK3/u7yx55/MrJDx/cdOUzn7zs/AdCmJl7vJKFKwPXf2XyF7ddevvBuzbcfOeJy99Yzcv15rf/vyF3rPWF4RAOFx4Ziolnh2t35gNXvPP2/T21xH3DIby+GNh5cOd5tcTXhkNYXQzc/f41r6glDqYlvvv4pU/WEh9IA+9Ye/7ztcQlW7uybqbd/aeVWXcraXc/tzKEkUKg3t0Pr8zaqKRt/Hke6Erb+PpQ1kYMDMWiXx7K2oiB2VhiZkUI63pC6E6rureaVdWdVvUv1ayq7rSqT1VDuCSE0JNW9XhfVlVPOvIH+rKqYuCC1x157qJa4nBfCOuKgYfed8uba4mPJoF643/VF8Jrai+ZtPFv9GaN96aN39QbwqtDCH1piV/1ZCX60hJP9ITwskKg3viHekLYH3hJiB8+DZ9oe/dfu3Pr7Oz0niVM9OVt9YcdM7PT49t2zW6vJn1qplJIn7zu1Mf+6HOf2Fa7fe8dm4c6Sffk5Xrnuryht+HuxnO997FfA8VK5p+PUv0xf18YDCuu2Tu9Z/zjW/ft27M++9tp9g3Z3+48mm2r9S22VXfxzou9rVYXK1m37+rd6/buv3btzNVbr5q+avoj69+yYeLiiY0Tb714XW1UE9nfzocamg71llMa5ZW3ZrenNNQLewo1nY0PgMUl4uY5V/ojIfH7mOhq+HSbONf/0yt90Z/vaG+ozn1Al6YVxSyVuVGeiUFvOsURn8r3lLYjWl+aOJSybGifZWNpMjGfpT/LMve9rjQ5LNbUNbdJ4/2uMD7e3Ww7jDbeLW7en5/G5n0433SdpgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+jx04EAAAAAAA8n9thKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqirswIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQeOBQAAAACE+VuH0bMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcCgAA//8aXSYE")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r0, 0x40789440, &(0x7f0000000840)={'\x00\x00\x00\x00\x00\x00\x00^\x00', 0x0, 0x0, {0x0, 0x3}, {0x7}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]})

1.683584341s ago: executing program 6 (id=611):
r0 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x40000, 0x0)
r1 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r2=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, r2, 0x0)
ioctl$BTRFS_IOC_SNAP_CREATE_V2(r0, 0x7040, 0x0)

1.578786764s ago: executing program 6 (id=612):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha20\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381893308a609c6cc5340dbd121e5a47b2f3caa73dcd2a6a370554375a", 0x20)
r1 = accept4(r0, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000440), r1)

971.920453ms ago: executing program 5 (id=616):
syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
getdents64(r0, 0x0, 0x0)

835.451517ms ago: executing program 5 (id=617):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, &(0x7f0000000080)=ANY=[@ANYRES16=r1])
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4048aecb, &(0x7f0000000080))

646.938969ms ago: executing program 5 (id=618):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103)
symlinkat(&(0x7f00000001c0)='./file2\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file6\x00')
r0 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0)
landlock_restrict_self(r0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000b80)='./file6\x00', 0xffffffffffffff9c, &(0x7f0000000bc0)='./file0\x00', 0x2)

646.685279ms ago: executing program 2 (id=619):
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000140)=@framed, &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'netdevsim0\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2, 0x25, 0x0, @void}, 0x10)

623.617914ms ago: executing program 6 (id=620):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo\x00')
fchdir(r0)
r1 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x10, 0x0)
landlock_restrict_self(r1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000640)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)

496.720539ms ago: executing program 5 (id=621):
r0 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000100)={0x40000000, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x2, 0x18, 0x0, 0x0, 0x2}, 0x10}}, 0x0)

496.501153ms ago: executing program 3 (id=622):
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaa"], 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x200)
ioctl$KVM_GET_MSRS(r2, 0xc008ae88, &(0x7f0000000040))

403.430416ms ago: executing program 6 (id=623):
syz_mount_image$ext4(&(0x7f0000000880)='ext2\x00', &(0x7f0000000000)='./file1\x00', 0x21000e, &(0x7f0000000380), 0xde, 0x529, &(0x7f00000008c0)="$eJzs3c1vHGcZAPBnxrvBaVzsAodSqR+iQUkF2Y1r2loc2iIQt0qgcg+WvbGsrLORd93GVoUc8QcgIQSVOHHigsSNCxLqn4CQKtE7AgRCkMKBAzBoZmdTZ5n1h7ofwf79pHf3nXd253nejXf2nY/MBHBuPRcRr0fEXES8EBGLZXtaljjol/x1H95/Zz0vefObf00iKdsiiuoDl8q3zfefKnX39m+ttdutnXK62du+0+zu7V/b2l7bbG22bq+sLL+8+srqS6vXx9LPvF+vfu2PP/zeT7/+6q+++Pbvbvz56nfypL9azh/0a3yKTy8+KB7r+WfxQC0idsYbbGbmyv7UZ50IAAAnko9SPxURnyvG/4sxV4zmCsNDuvnpZwcAAACMQ/baQvwricgAAACAM+u1iFiIJG2U5wIsRJo2Gv1zeD8Tj6XtTrf3hZud3dsb+byIpainN7farevlObVLUU/y6eWi/tH0i0PTKxHxRET8YPFiMd1Y77Q3Zr3zAwAAAM6JS0Pb//9Y7G//AwAAAGfM0qwTAAAAACZu1PZ/MuU8AAAAgMlx/B8AAADOtG+88UZessH9rzfe2tu91Xnr2kare6uxvbveWO/s3GlsdjqbxTX7to9aVj0i2p3OnS9F7N5t9lrdXrO7t39ju7N7u3djy/0DAQAAYFaeePa9D5KIOPjyxaLkLuQPcyPe4FwBODPS07z4D5PLA5i+UT/zJ3BhnHkA01ebdQLA7BzMOgFg1h661EfFoODwyTsP7TP49eRyAgAAxuvKZ6uP/9fK8/mBs+tUx/+BM+VjHP8H/s85/g/nV/1UI4B7E8wEmJXjbvUx8uIdVcf/K88MzrJjlwUAAEzUQlGeTRvlscCFSNNGI+Lx4r/615ObW+3W9Yj4ZET8drH+iXx6uXhn4vaAAAAAAAAAAAAAAAAAAAAAAAAAAHBCWZZEBgAAAJxpEemfkvL+X1cWLy8M7x+4kPxzMcpber394zd/dHet19tZztv/9qC9927Z/uIs9mAAAADAeVQ7cu5gO32wHQ8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4/Th/XfWB2Wacf/ylYhYqopfi/nieT7qEfHY35OoHXpfEhFzY4h/cC8inqyKn+RpxVKZxXD8NCIuTif+01mWVca/NIb4cJ69l69/Xq/6/qXxXPFc/f2vleXjemj9d+EXh+akD9Z/cyPWf4+fMMZT7/+8OTL+vYinatXrn0H8ZET856sWWPGhfPtb+/v/09hfeGQ/ibhS+fuTPBSr2du+0+zu7V/b2l7bbG22bq+sLL+8+srqS6vXmze32q3ysbKP33/6l/8Zavp31lf0P0bEXzqm/5fzSv1QYzYcpgz2/t37n+5X60OLKOJffb767+/JI+LnfxOfL38H8vlXBvWDfv2wZ372m2cqEyvjb4zo/3H//ldHLXTIC9/87u9P+FIAYAq6e/u31trt1s7EK+9mWTatWCevRHrSFxfDxal+YtOtDEZ3Ewsx/6j0dMqVy49GGqepjGPPFgAA8Kj5aNA/60wAAAAAAAAAAAAAAAAAAADg/OruRTrpy4kNxzyYTVcBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI703wAAAP//4wvZIQ==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
chdir(&(0x7f00000001c0)='./file0\x00')
readlink(&(0x7f0000000000)='./file0/file1\x00', &(0x7f00000003c0)=""/42, 0x2a)
readlink(&(0x7f0000000040)='./file0/file1\x00', &(0x7f0000000080)=""/42, 0x2a)

260.518627ms ago: executing program 5 (id=624):
symlink(&(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='./file0\x00')
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file5\x00', 0x2, 0x2006fc)
r0 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x10, 0x0)
landlock_restrict_self(r0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./file5\x00', 0x2)

649.052µs ago: executing program 1 (id=625):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
recvmmsg(r0, &(0x7f0000008a00)=[{{&(0x7f0000000780)=@nl, 0x80, &(0x7f0000000b80)=[{0x0}, {&(0x7f0000000880)=""/182, 0xb6}, {&(0x7f0000000b00)=""/67, 0x43}, {&(0x7f0000000a40)=""/135, 0x87}], 0x4}, 0xc45a}, {{0x0, 0x0, &(0x7f0000008340)=[{&(0x7f0000008240)=""/146, 0x92}], 0x1}, 0x1ff}, {{0x0, 0x0, &(0x7f0000008580)=[{&(0x7f00000084c0)=""/177, 0xb1}], 0x1}, 0x7}], 0x3, 0x10100, 0x0)
sendmmsg$inet6(r0, &(0x7f0000001600)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000002c0), 0x1}, {&(0x7f0000001680)="6ed351825c451ba1f97ef0d04d4ed9f2333d230e086c135bf3a594f9f4ee47445b9ffe1a5745ea4073cf839b2212a41fd94cd8f8ee783e8e1241f3d3ae9dbb056994c6da0680cbfbf23815c5923829e46897b5af6556e4a495f3a59b74d25bff832f00ce9843e63ee3cf2391a887ffa05f4d6429358740fef4372e616db9e645e6ed8c4aa4396c6d4d5b153f37928370b091030799a2438e0d4d0fae76546468c2ee3dd7de2f39f7a3fe8225d22484532c9d411133dc4430ac2bf1acf49b0184be88a25bd167144ed3fc21ad04850c6fc07f05ae04073e4cd688e4981d7c21bc38a310eafea3f142b7d12cda7855968d7c55e57206242552f23a271289cfc374399bdef9f57374b177d5f32f93b845557036d5621431bdfa5128ad94a17d01f632373229bd4fc7b849f289e9b0da74326a52a1687f97aa80b54d33b9ed18ae2cc7784bffa6425e918193fd3afec84af0e8cc940757a5ab89788806d1f4dcd38de23430a7f52b265ee60e9c59414949cae8a40c2f12b03fe7a76e75fa3201730f2b36eec5a57db8d19773561104cc294335785a779bbf40dbcc8d1aa34a6fe9474745f836c000da7875d41cd507d852de10704c18bb8edf59412f8e9d9a514aa1b155ed68a287a0fdbe4bd655144ebeba71b053986ba49cdec199988a808de1cc5f776e838f7fb393df9830f20b479d06b19621c6bcda471cd76aac1d73300524da5808e67cb8f869707b7d71a7620da0e96fc52008794c3099b37a73052ff8b12a59d477f86c7dca09a86219950994e48d9dfa83bffc6bfbea6475873ebf781213448f553cb5b35c1a55da27d3c1c3bb65499f775b03b5adf2c160595d3bc2b8c43a4ff14c7247a40869595320cecf06cb06433813088719037a079147888ea46ae6bf6474fdf0b3b62b0a980cd6214d5c042edd3de30cca138a4605aebfd193d7fc5261f766ba3314e253acdc745451defdf55e8da5a56f6c1b6f91a762d7d60d103fe45ca2cdc22864c1362499f2a9ee167f23f0e2869434edad430ffb93a4a7fefbf8d1d712e93ad7d9cf1c04fd925e637e0825d20dc0e1ee47a74770af60f4ee6e00f6f5d1ea1b59907e41f78331c21b693cc3c0e9a5956127720ca8e6cc298ccb97881dc81f2dbb617ff9119eb9302f07d97f36b95352ee417f96b6c6cd889e87f826b13e23cd173eedddd44cf467f9b7957a6108a597426763f79735fc57444295ead0b42d83e6f1f412a29033ee999c64220a6d98ccb5fdfad122c4013efd2f0088dbc0d00c8d64b86cbcbbf8f70c4f3efb1f7da601eae4f7b0ba02e8c6a703d51f9c758d5e11c544cdf8b0ba606c04aa07a2f032bb1ab44789af0136860ea4ea89b3048b7d0874b1daf12dc07b1a3f52949b8974319e5ef43898a91ddfdddb24a0a8b41d088affb10f383ec91d027596b712b3df77547a243f054b45d7569a3f08ff4b8395fdc34e7f9a4ec0d14107298ed54f121aa9f62ad08b983587b0840bc464bda8f06bb63cc0ca63587c7c24373b25fc8ab8c545e20ddbdefe319fb2965933ca98eb82e14cc734bd7763aa6544d26ecd168e7a34b21ee2f9274c70df334e72cb792115b30ec504371f6c1c654b0f36004ee1fe5af6230a53ba8cc31194d19fd577412fcf92046507529f3881effdf3d7ab348114a377e4cece3d86628bf3ae7c98fbdb12b7b874756832651e5ed8d54a674ebe6a227f90b174f5af5d511c4e47f89c146dd41559b6cc3cc947b8f310cd08068599bc39689598a73a7eb44f854f409f3b366aca59e505210eba1908ac72c7a84e90ad70e1cb16c66f636dfd7145c7c1ca01579893572a42ccb427e5ae6eb89f058e6bb057705cd0112563cc5c977777dbe01bc4c235874b06d474ee4af8f1959daec537546f0a577775f60f4e0e3661929561e60a6d3c62afa7d76966f4ab86322a28bd7795b265d2aa5c3aa458e86f1ef876a9a213bc43b5aca3f4371860db4987bfb7acd061ab38b3ed68d7562d0a427d5308c2c484ea949d90cb8af3286582af6549ca328ff12631a8a03c17a4c3736ff177c4d836c7f41bdcedfc5413da633e094eee71ccac74fb092e8d02ce4e40b37cc510c49f0e9114805b8ae614ae990e3ef7da5af5ca6ccacf93b4e1da956b3d0578f4618ca5f6787ad3cd2b502b8432e725cd42acac24e3dab57d39d0d86d935ea6209c2b82ca196a10eda400e176128b0799cade38e7b73edbe939ecc014b6695cde17eb761064b9ff55d0c916d6cf18b36ddf1565262b741ca267017c944fbefe761d8c0ccc0e2c08c22e868bdcb6d56732504593fcefb0d7b5ea89a94a80a9c20c3766f36dfb393189b772926549c80242d79a6cc7c17007b2e008cc9285478a1a044dded06fef1264610ff34f248a2ee7c0f5239c2af6c49522deab46cf779a0641963a576a04166e52a51ff8258ed371ec24a6a7286a4fb97575288d72040d860ddde912c00a3f2fdbe3cca836d68719cb50621f26e51f310128447e2c13a4fe2dfa2e4b5bc7c36b5f155caa0eb5e947c39e1307826c294f65272b3d3ceb5b9a357412cb83bbaf00e5888f429013ee589591dbe01b36b858e640154e4a28e4bd6607a7809faa4ea9f23f715ad0efd2f277bf25f5c4b33e4f9670044c419a7199730123203f33218e69104f0d42c09fc98ce3fc703a0b9d4d89f0518c334e69bf5c92124824d55e456d898e38b631003368077818d1c895c9012e4e72800d8a37ca22a1413bafba00a376a67a58bd9bf9255cc553c67e3e219ac2a189b10a959c2322a5cb74945cb840a911d56f8cee2fb8a768e4b3a4a86e57c1c4176ecf30e72d2fda524a1ca1671950beb04d2ab0dee8b9159dff28e2965de62649fb3f984c9eb5e5ffb0f170135967aaf3e476ddd68d1e205ff4fc03da102289cb9b857ac27d8a932ee470687d63408a6a468bd9cc67e2e90dd4b248b2ce33c942bf5623b2f7a322ef6077c19f6c94da248d42023fb33173714f335e2f8387abaf6049e4347f1cb69e6f98816a9fc1f437336667b3461f2606faf5b05b5f427ee36be9e03bf50fad16da4af9424e6a6663183ae7339d957aca86ffbf98322e9e44a11310181fdf17dcd2d01d669217041e8a347b6a4d2f49ccb658512201200bf5395633b9863228d47fcf406ca8269e575e193de5e2b71f957b4b494741e9f4917e32992595ab14641de52e5fe1e9270de0711208829af69cc251ce8270e6e244f7d744b52cc689858d128c43a550364ad32a265941c25210f6748693f104ad796b7e7c1f6dc7758b640a6a56802f1aaf596ff766e72431bb993329ddf28ccefd6e5411e6aa51f4a91814e224969adbff18466fee035ac348d580a8c3c7b113073731402f39e17ccf39139ebe45df31b9644a90a7d29223390a98e8e791cbfe30228f009d2858eba9c2a9f595e4ee840ff6594176cdd0efc94d93a2df8363b9b18cfdf84e3b44151a74d5a9b1d8a3896e34740587d845d4dc90111fb3d6976345b8fcceee6b704f89ffd7e6bb32512d4db5d91fc09d82a263e01d1cca5df9b3d2a5c7d89978f4ff436ad991b6d1d022aac37f65022d0ec4e52cb3ae2f8e2f5ba81b6ba9dc2b23db324b7c5172f817613a0293d16911f21a5003cc34270646d9e75569c64a7be78dc6a4532cc63c03d91c0659ad35c6d5ac29300c78c1174446897f8a572595c2767bd83b9a432eb13c1b271f32fa9fbfeef4d1fbaa3f0bbce3d73eb1930ea3e85a733a4593012a72a5f77d1408ce4e5a4171cc3deeaee1cfabcd3edf0d0e3166c008a972154b271c3544bbfc5b687f1166c05c0b5cc3c9ad304465190c391aefc04f400e320f745d8746f38e3cab7fafb6654dd3052d388353e9b818a884a38ee34474117bbf75cbcf97ac20b0140e9176497eb03346fdb1349837961515cf4b997dadd9606b34c35dcb0c8dfb762ff2be86432971c3e56f14c4bdd39885e145ea96b64a194146934de5dd96d5f60b74ef918a9d9f5293030c9a90364d589c3ac69a1f4438dc4da59d3801924ea8019b7c0812ee9a6eb03195584e9f7f43e1db39ca0e5e6c5aaa3f5127fa9192d9c08c5e39cca6bd0b2910f534f36cd55fc129457c065e3e50904106b702650ad4d0f6f850e8c0d98506d8eb1075fa337596c4e5a57b36936edefc7e053d3646f4336322593bd25008d8f51aa498cde205b974bb7ed53e2ff25ea5ad498bd5080f94dd3896cfe8d1fac08764bf7833be768dfc7eef78ec924b0d6a3cb73449c07b16c7c7eedc5cf80c8a73fbf226acbdd86cfa3b38f37446183482c02af2790de2e5be14e61050b8e3cfee74e9c804db36ba440c335becda4a676edd4838c35a70cab6217aa7d6feefd9aad906e2ab8541665bfeef697158d2a4c051c273b0f6eadb3e9da6b83c0e95d5017742ffd92cc79d01dee6e2a4a56b3ed2db58d7b4a1ac51a5c1667dbd8dfa8906e76c92a36ebdfc9bbeaab61e19b5228a4bf7c8c4d6e751db7948483a86459669285c20c9af86bb5dbc9da415871688e0f5f2692230fa4a42ed15b2f4f8abb22485fd8f945bdbb6aadefa95d6167fb9141041c4cbc882c5a8688c79807d3aae417cecfb1ee3abf8ef5173dc62eafc6c657ee2d380010dd0ce6d4a2c679b731ab8377b974157f2e1d7cf7160f2a82029c0b8b7ee81153dead3ba98444f370fc565c62543feb327d2a60e54f4435f2d405635677805b05be571aa5a07611a13cdba579561e047fefeaefa958c239573baa841852792c093d3dda47c9f9db75683d859885988c5c63674bb4b7f18a7435933cc83d0fb505bb95c87221054688ada5396992b6f3983f13c3c78b096fed38dd7ecc40368997932ec2d49485571acb92f25dc2e151d72221775998d8117d4ea33a229ee6f71b0213865cf8b3e8437471d384392e86511d5840dfc731e4ea2ea044c808f226d1b6815e3aba152e13f8faf4904ae9a2b89ac0a246febb8d00d7cb5f97f5105f2b3a1f1403933b5e7f1d45875f3dd07f598d1b574e881bfd5796f98be74b1dd368b5503310b44b1fa801543655085d187ceb1a55290d6734295b473af51fa4b0e47040a3cdd3dc63e1fb4a516ad9b367b3d576460234699ac277d09728cde225c5ec6c69cd7f2852f20e6b69a6831e46a2d8d0f1698f0e5b5ecd844024b02666aab844a5acc9b38fb7631cd1c9588ab310b9fc690e30feb9ecff8b89ccf5c86df043913b7e34eaf86d77e67dece7088a900d530db97bba128156d0bf2988c2400f8b0c0bd2dd59b17edd56176a1031a360fb1001f487430aac20a237510f83495b7b797ea8ab90019d8a9d170de23fddf69b727bf9acaba0803cadba711c884817c6425536ca971fe6677a4121a48018cae105e8ee44fbacb70d1c94bdf160d0240dbbfcb26dd796a879ef5964d090cb9ec3534fec6e15a30b39426852a1c4d534c761932cb1054aef1d7315faa70def70737557d184027c3aa853388ea2e9c434c0cc5af8d8ae20dc6dfb58409ce36143d359537fdc99aa559e19e6d88ea4722550048a75ae828f57b529f6a464ab58e3c51939f4f0ffa653ccd6634949a3806177c4921974429fe6b8a504efeb0a484deb234a84306e4224080c0ec0560301b7ddd79ac7b3473f7abedc6934b2152ea366c6c0b3d467dde7020a2e5469d5476f06b39222f9cdcba8415a1bca18032b887f3f30f9b21b7d4a7b095967447bd761155e57107f03b66c233efb7d527e6f6a494dabfe1edc146e89a1ace0089b9b1aee7762e1923d3f2138d0a0ddec87c1fd8c4e8bb3f452b1c558cea7525707628210219", 0x2b4}], 0x2}}, {{0x0, 0x0, &(0x7f0000000480), 0x1}}], 0x2, 0x80)

0s ago: executing program 5 (id=635):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x200000, &(0x7f0000000200), 0xfc, 0x56d, &(0x7f00000013c0)="$eJzs3c9rHFUcAPDvTJI2/aFJoRT1IIEerNRumsQfFTzUo2ixoHcNyTaUbLoluylNLNge7MWLFEHEgujdu8fiP+BfUdBCkRL00MvKbGbTbbObX910t93PB6Z9b2Y273135vv2zc4uG0DfGsv+SSNejYjvkoiRpm2DkW8cW9tv9cG1mWxJolb77J8kknxdY/8k//9QXnklIv74JuJkurHdyvLK/HSpVFzM6+PVhcvjleWVUxcXpueKc8VLk1NTZ96Zmnz/vXc7Fuub5//78dM7H5359vjqD7/dO3IribNxON/WHMdTuN5cGYux/DkZirNP7DjRgcZ6SdLtDrArA3meD0U2BozEQJ71LdVGnmXXgD32dZbWQJ9K5D/0qcY8oHFt36Hr4OfG/Q/XLoA2xj+49t5IDNevjQ6uJo9dGWXXu6MdaD9r4/e/b9/Klujc+xAAW7p+IyJODw5uHP+SfPzbvdPb2OfJNox/8OzcyeY/b7Wa/6Tr859oMf851CJ3d2Pr/E/vdaCZtrL53wct57/rN61GB/LaS/U531By4WKpmI1tL0fEiRjan9U3uZ/zZbp6t9ZuY/P8L1uy9htzwbwf9wb3P/6Y2enq9FMF3eT+jYjXWs5/k/Xjn7Q4/tnzcX6bbRwr3n693bat499btV8i3mh5/B/d0Uo2vz85Xj8fxhtnxUb/3jz2Z7v2ux1/dvwPbh7/aNJ8v7ay8zZ+Hn5YbLdtt+f/vuTzenlfvu7qdLW6OBGxL/lk4/rJR49t1Bv7Z/GfOL75+Nfq/D+QJfY247959GbzrsM7i39vZfHP7uj477xw9+OvfmrX/vaO/9v10ol8zXbGv+128GmeOwAAAAAAAOg1aUQcjiQtrJfTtFBY+3zH0TiYlsqV6skL5aVLs1H/ruxoDKWNO90jTZ+HmMg/D9uoTz5Rn4qIIxHx/cCBer0wUy7Ndjt4AAAAAAAAAAAAAAAAAAAA6BGHIoZbff8/89dAt3sH7LlNfvIbeMG1z/98Syd+6QnoSV7/oX/Jf+hfu8z/WttfNQWeG17/oX/Jf+hf8h/6l/yH/rWT/P/13B52BAAAAAAAAAAAAAAAAAAAAAAAAAAAAF4M58+dy5ba6oNrM1l99sry0nz5yqnZYmW+sLA0U5gpL14uzJXLc6ViYaa8sNXfK5XLlycmY+nqeLVYqY5Xlle+WCgvXXpYW1MceiZRAQAAAAAAAAAAAAAAAAAAwPOlsrwyP10qFRcVFHZVGOyNbnShkOY51Cv96WyhywMTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADT5PwAA//9RjD5B")
r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
rseq(&(0x7f0000000040), 0x20, 0x0, 0x0)
unshare(0x400)
sendfile(r0, r0, 0x0, 0x800000009)

kernel console output (not intermixed with test programs):

n 2025, please contact the netdev mailing list
[  101.888932][ T6053] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  101.915443][ T6053] bcachefs (loop4): initializing new filesystem
[  101.923210][ T6053] bcachefs (loop4): going read-write
[  101.938151][   T10] kernel write not supported for file bpf-prog (pid: 10 comm: kworker/0:1)
[  101.952569][ T6053] bcachefs (loop4): marking superblocks
[  101.990444][ T6053] bcachefs (loop4): initializing freespace
[  102.026249][ T6053] bcachefs (loop4): done initializing freespace
[  102.088718][ T6053] bcachefs (loop4): reading snapshots table
[  102.105614][ T6053] bcachefs (loop4): reading snapshots done
[  102.159208][ T6072] loop2: detected capacity change from 0 to 40427
[  102.170221][ T6072] F2FS-fs (loop2): build fault injection attr: rate: 690, type: 0x3fffff
[  102.181124][ T6072] F2FS-fs (loop2): Image doesn't support compression
[  102.195758][ T6072] F2FS-fs (loop2): heap/no_heap options were deprecated
[  102.204579][ T6072] F2FS-fs (loop2): Image doesn't support compression
[  102.219124][ T6053] bcachefs (loop4): done starting filesystem
[  102.230384][ T6072] F2FS-fs (loop2): invalid crc value
[  102.340096][ T6108] Zero length message leads to an empty skb
[  102.476262][   T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  102.550352][ T6053] syz.4.43 (6053) used greatest stack depth: 12872 bytes left
[  102.594287][ T6072] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  102.627991][ T6114] loop1: detected capacity change from 0 to 256
[  102.666011][ T6114] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  102.701063][   T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  102.720643][   T10] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 3
[  102.722478][ T5841] bcachefs (loop4): shutting down
[  102.729867][   T10] usb 4-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00
[  102.743983][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  102.750983][ T6114] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  102.761506][   T10] usb 4-1: config 0 descriptor??
[  102.774505][   T30] audit: type=1800 audit(1743172982.615:2): pid=6072 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.50" name="file1" dev="loop2" ino=10 res=0 errno=0
[  102.775066][ T6072] F2FS-fs (loop2): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_page+0x25d/0xfe0
[  102.806184][ T5841] bcachefs (loop4): going read-only
[  102.811453][ T5841] bcachefs (loop4): finished waiting for writes to stop
[  102.821596][ T5841] bcachefs (loop4): flushing journal and stopping allocators, journal seq 3
[  102.849941][ T6117] syz.2.50: attempt to access beyond end of device
[  102.849941][ T6117] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  102.895301][ T5841] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 4
[  102.915959][ T5841] bcachefs (loop4): clean shutdown complete, journal seq 5
[  102.941389][ T5841] bcachefs (loop4): marking filesystem clean
[  102.960571][ T5847] syz-executor: attempt to access beyond end of device
[  102.960571][ T5847] loop2: rw=2049, sector=45104, nr_sectors = 24 limit=40427
[  103.003389][ T5847] CPU: 0 UID: 0 PID: 5847 Comm: syz-executor Not tainted 6.14.0-next-20250328-syzkaller #0 PREEMPT(full) 
[  103.003415][ T5847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  103.003429][ T5847] Call Trace:
[  103.003436][ T5847]  <TASK>
[  103.003444][ T5847]  dump_stack_lvl+0x241/0x360
[  103.003476][ T5847]  ? __pfx_dump_stack_lvl+0x10/0x10
[  103.003501][ T5847]  ? _raw_spin_unlock_irqrestore+0xd9/0x140
[  103.003523][ T5847]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  103.003543][ T5847]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  103.003565][ T5847]  ? f2fs_hw_is_readonly+0x3a3/0x470
[  103.003595][ T5847]  f2fs_handle_critical_error+0x392/0x5a0
[  103.003628][ T5847]  f2fs_write_end_io+0x563/0x790
[  103.003651][ T5847]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  103.003679][ T5847]  ? bio_endio+0x7e4/0x890
[  103.003705][ T5847]  ? bio_endio+0x82a/0x890
[  103.003732][ T5847]  __submit_merged_bio+0x2a9/0x710
[  103.003771][ T5847]  ? f2fs_submit_merged_write_cond+0x101/0x380
[  103.003803][ T5847]  f2fs_submit_merged_write_cond+0x29f/0x380
[  103.003839][ T5847]  f2fs_write_data_pages+0x2f99/0x38d0
[  103.003924][ T5847]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  103.004002][ T5847]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  103.004033][ T5847]  ? kernel_text_address+0xa7/0xe0
[  103.004068][ T5847]  ? rcu_is_watching+0x15/0xb0
[  103.004109][ T5847]  ? check_noncircular+0xee/0x160
[  103.004141][ T5847]  ? lockdep_unlock+0x8d/0x120
[  103.004184][ T5847]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  103.004218][ T5847]  do_writepages+0x364/0x890
[  103.004248][ T5847]  ? __pfx_do_writepages+0x10/0x10
[  103.004266][ T5847]  ? __lock_acquire+0xad5/0xd80
[  103.004292][ T5847]  ? do_raw_spin_lock+0x151/0x370
[  103.004332][ T5847]  ? do_raw_spin_unlock+0x13c/0x8b0
[  103.004370][ T5847]  filemap_fdatawrite+0x1f2/0x2a0
[  103.004395][ T5847]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  103.004464][ T5847]  ? do_raw_spin_unlock+0x13c/0x8b0
[  103.004502][ T5847]  f2fs_sync_dirty_inodes+0x34f/0x860
[  103.004539][ T5847]  f2fs_write_checkpoint+0x857/0x1da0
[  103.004583][ T5847]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  103.004660][ T5847]  ? kill_f2fs_super+0x290/0x6d0
[  103.004699][ T5847]  kill_f2fs_super+0x2b8/0x6d0
[  103.004724][ T5847]  ? __pfx_kill_f2fs_super+0x10/0x10
[  103.004752][ T5847]  ? shrinker_free+0x2ca/0x3d0
[  103.004779][ T5847]  deactivate_locked_super+0xc4/0x130
[  103.004803][ T5847]  cleanup_mnt+0x422/0x4c0
[  103.004823][ T5847]  ? lockdep_hardirqs_on+0x9d/0x150
[  103.004850][ T5847]  task_work_run+0x251/0x310
[  103.004885][ T5847]  ? __pfx_task_work_run+0x10/0x10
[  103.004918][ T5847]  ? syscall_exit_to_user_mode+0xa3/0x340
[  103.004964][ T5847]  syscall_exit_to_user_mode+0x13f/0x340
[  103.004994][ T5847]  do_syscall_64+0x100/0x230
[  103.005021][ T5847]  ? clear_bhb_loop+0x45/0xa0
[  103.005058][ T5847]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.005076][ T5847] RIP: 0033:0x7f064d78e497
[  103.005098][ T5847] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  103.005112][ T5847] RSP: 002b:00007ffe7bdbda98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  103.005132][ T5847] RAX: 0000000000000000 RBX: 00007f064d80e08c RCX: 00007f064d78e497
[  103.005144][ T5847] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe7bdbdb50
[  103.005168][ T5847] RBP: 00007ffe7bdbdb50 R08: 0000000000000000 R09: 0000000000000000
[  103.005178][ T5847] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe7bdbebe0
[  103.005190][ T5847] R13: 00007f064d80e08c R14: 00000000000191ef R15: 00007ffe7bdbec20
[  103.005218][ T5847]  </TASK>
[  103.385397][ T5847] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  103.425746][ T6125] syz.0.69 uses obsolete (PF_INET,SOCK_PACKET)
[  103.441362][ T5847] CPU: 1 UID: 0 PID: 5847 Comm: syz-executor Not tainted 6.14.0-next-20250328-syzkaller #0 PREEMPT(full) 
[  103.441389][ T5847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  103.441400][ T5847] Call Trace:
[  103.441407][ T5847]  <TASK>
[  103.441414][ T5847]  dump_stack_lvl+0x241/0x360
[  103.441442][ T5847]  ? __pfx_dump_stack_lvl+0x10/0x10
[  103.441463][ T5847]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  103.441482][ T5847]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  103.441500][ T5847]  ? f2fs_hw_is_readonly+0x3a3/0x470
[  103.441526][ T5847]  f2fs_handle_critical_error+0x392/0x5a0
[  103.441555][ T5847]  f2fs_write_end_io+0x563/0x790
[  103.441592][ T5847]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  103.441613][ T5847]  ? bio_endio+0x7e4/0x890
[  103.441638][ T5847]  ? bio_endio+0x82a/0x890
[  103.441665][ T5847]  __submit_merged_bio+0x2a9/0x710
[  103.441688][ T5847]  ? f2fs_submit_merged_write_cond+0x101/0x380
[  103.441720][ T5847]  f2fs_submit_merged_write_cond+0x29f/0x380
[  103.441757][ T5847]  f2fs_write_data_pages+0x2f99/0x38d0
[  103.441824][ T5847]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  103.441897][ T5847]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  103.441925][ T5847]  ? kernel_text_address+0xa7/0xe0
[  103.441960][ T5847]  ? rcu_is_watching+0x15/0xb0
[  103.441998][ T5847]  ? check_noncircular+0xee/0x160
[  103.442028][ T5847]  ? lockdep_unlock+0x8d/0x120
[  103.442068][ T5847]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  103.442100][ T5847]  do_writepages+0x364/0x890
[  103.442128][ T5847]  ? __pfx_do_writepages+0x10/0x10
[  103.442145][ T5847]  ? __lock_acquire+0xad5/0xd80
[  103.442168][ T5847]  ? do_raw_spin_lock+0x151/0x370
[  103.442206][ T5847]  ? do_raw_spin_unlock+0x13c/0x8b0
[  103.442240][ T5847]  filemap_fdatawrite+0x1f2/0x2a0
[  103.442265][ T5847]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  103.442325][ T5847]  ? do_raw_spin_unlock+0x13c/0x8b0
[  103.442386][ T5847]  f2fs_sync_dirty_inodes+0x34f/0x860
[  103.442424][ T5847]  f2fs_write_checkpoint+0x857/0x1da0
[  103.442467][ T5847]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  103.442547][ T5847]  ? kill_f2fs_super+0x290/0x6d0
[  103.442572][ T5847]  kill_f2fs_super+0x2b8/0x6d0
[  103.442597][ T5847]  ? __pfx_kill_f2fs_super+0x10/0x10
[  103.442624][ T5847]  ? shrinker_free+0x2ca/0x3d0
[  103.442651][ T5847]  deactivate_locked_super+0xc4/0x130
[  103.442675][ T5847]  cleanup_mnt+0x422/0x4c0
[  103.442696][ T5847]  ? lockdep_hardirqs_on+0x9d/0x150
[  103.442723][ T5847]  task_work_run+0x251/0x310
[  103.442758][ T5847]  ? __pfx_task_work_run+0x10/0x10
[  103.442790][ T5847]  ? syscall_exit_to_user_mode+0xa3/0x340
[  103.442818][ T5847]  syscall_exit_to_user_mode+0x13f/0x340
[  103.442847][ T5847]  do_syscall_64+0x100/0x230
[  103.442872][ T5847]  ? clear_bhb_loop+0x45/0xa0
[  103.442894][ T5847]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.442912][ T5847] RIP: 0033:0x7f064d78e497
[  103.442930][ T5847] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  103.442945][ T5847] RSP: 002b:00007ffe7bdbda98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  103.442965][ T5847] RAX: 0000000000000000 RBX: 00007f064d80e08c RCX: 00007f064d78e497
[  103.442978][ T5847] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe7bdbdb50
[  103.442989][ T5847] RBP: 00007ffe7bdbdb50 R08: 0000000000000000 R09: 0000000000000000
[  103.443000][ T5847] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe7bdbebe0
[  103.443012][ T5847] R13: 00007f064d80e08c R14: 00000000000191ef R15: 00007ffe7bdbec20
[  103.443043][ T5847]  </TASK>
[  103.443051][ T5847] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  103.686928][ T5841] bcachefs (loop4): shutdown complete
[  103.810714][ T5847] CPU: 0 UID: 0 PID: 5847 Comm: syz-executor Not tainted 6.14.0-next-20250328-syzkaller #0 PREEMPT(full) 
[  103.810746][ T5847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  103.810756][ T5847] Call Trace:
[  103.810763][ T5847]  <TASK>
[  103.810770][ T5847]  dump_stack_lvl+0x241/0x360
[  103.810802][ T5847]  ? __pfx_dump_stack_lvl+0x10/0x10
[  103.810827][ T5847]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  103.810848][ T5847]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  103.810869][ T5847]  ? f2fs_hw_is_readonly+0x3a3/0x470
[  103.810899][ T5847]  f2fs_handle_critical_error+0x392/0x5a0
[  103.810932][ T5847]  f2fs_write_end_io+0x563/0x790
[  103.810955][ T5847]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  103.810976][ T5847]  ? bio_endio+0x7e4/0x890
[  103.811002][ T5847]  ? bio_endio+0x82a/0x890
[  103.811029][ T5847]  __submit_merged_bio+0x2a9/0x710
[  103.811050][ T5847]  ? f2fs_submit_merged_write_cond+0x101/0x380
[  103.811080][ T5847]  f2fs_submit_merged_write_cond+0x29f/0x380
[  103.811114][ T5847]  f2fs_write_data_pages+0x2f99/0x38d0
[  103.811201][ T5847]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  103.811270][ T5847]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  103.811295][ T5847]  ? kernel_text_address+0xa7/0xe0
[  103.811325][ T5847]  ? rcu_is_watching+0x15/0xb0
[  103.811358][ T5847]  ? check_noncircular+0xee/0x160
[  103.811384][ T5847]  ? lockdep_unlock+0x8d/0x120
[  103.811418][ T5847]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  103.811443][ T5847]  do_writepages+0x364/0x890
[  103.811468][ T5847]  ? __pfx_do_writepages+0x10/0x10
[  103.811481][ T5847]  ? __lock_acquire+0xad5/0xd80
[  103.811502][ T5847]  ? do_raw_spin_lock+0x151/0x370
[  103.811534][ T5847]  ? do_raw_spin_unlock+0x13c/0x8b0
[  103.811569][ T5847]  filemap_fdatawrite+0x1f2/0x2a0
[  103.811588][ T5847]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  103.811643][ T5847]  ? do_raw_spin_unlock+0x13c/0x8b0
[  103.811673][ T5847]  f2fs_sync_dirty_inodes+0x34f/0x860
[  103.811719][ T5847]  f2fs_write_checkpoint+0x857/0x1da0
[  103.811756][ T5847]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  103.811821][ T5847]  ? kill_f2fs_super+0x290/0x6d0
[  103.811843][ T5847]  kill_f2fs_super+0x2b8/0x6d0
[  103.811866][ T5847]  ? __pfx_kill_f2fs_super+0x10/0x10
[  103.811890][ T5847]  ? shrinker_free+0x2ca/0x3d0
[  103.811914][ T5847]  deactivate_locked_super+0xc4/0x130
[  103.811934][ T5847]  cleanup_mnt+0x422/0x4c0
[  103.811952][ T5847]  ? lockdep_hardirqs_on+0x9d/0x150
[  103.811976][ T5847]  task_work_run+0x251/0x310
[  103.812007][ T5847]  ? __pfx_task_work_run+0x10/0x10
[  103.812036][ T5847]  ? syscall_exit_to_user_mode+0xa3/0x340
[  103.812060][ T5847]  syscall_exit_to_user_mode+0x13f/0x340
[  103.812085][ T5847]  do_syscall_64+0x100/0x230
[  103.812106][ T5847]  ? clear_bhb_loop+0x45/0xa0
[  103.812127][ T5847]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.812142][ T5847] RIP: 0033:0x7f064d78e497
[  103.812157][ T5847] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  103.812170][ T5847] RSP: 002b:00007ffe7bdbda98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  103.812187][ T5847] RAX: 0000000000000000 RBX: 00007f064d80e08c RCX: 00007f064d78e497
[  103.812198][ T5847] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe7bdbdb50
[  103.812208][ T5847] RBP: 00007ffe7bdbdb50 R08: 0000000000000000 R09: 0000000000000000
[  103.812218][ T5847] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe7bdbebe0
[  103.812228][ T5847] R13: 00007f064d80e08c R14: 00000000000191ef R15: 00007ffe7bdbec20
[  103.812256][ T5847]  </TASK>
[  103.812538][ T5847] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  104.183018][   T10] Bluetooth: Can't get version to change to load ram patch err
[  104.191847][   T10] Bluetooth: Loading sysconfig file failed
[  104.198229][   T10] ath3k 4-1:0.0: probe with driver ath3k failed with error -71
[  104.214219][   T10] usb 4-1: USB disconnect, device number 2
[  104.390140][ T6131] loop0: detected capacity change from 0 to 512
[  104.437913][ T6131] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  104.479220][ T6131] ext4 filesystem being mounted at /16/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  104.629276][ T5845] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  104.838485][ T6136] loop3: detected capacity change from 0 to 8192
[  105.446406][ T6161] netlink: 8 bytes leftover after parsing attributes in process `syz.3.82'.
[  105.504803][ T6163] loop2: detected capacity change from 0 to 512
[  105.532635][ T6163] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  105.596981][ T6163] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  105.668956][ T6163] ext4 filesystem being mounted at /7/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  105.721767][ T6163] process 'syz.2.83' launched './file2' with NULL argv: empty string added
[  105.799435][ T6154] loop1: detected capacity change from 0 to 32768
[  105.816806][ T6154] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.80 (6154)
[  105.846453][ T6154] BTRFS info (device loop1): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928
[  105.861728][ T6154] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  105.878474][ T6154] BTRFS info (device loop1): using free-space-tree
[  106.045038][ T6154] BTRFS info (device loop1): rebuilding free space tree
[  106.070389][ T6158] loop0: detected capacity change from 0 to 32768
[  106.129034][ T6158] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  106.281539][ T6158] XFS (loop0): Ending clean mount
[  106.306747][ T6158] XFS (loop0): Quotacheck needed: Please wait.
[  106.345691][ T5843] BTRFS info (device loop1): last unmount of filesystem d552757d-9c39-40e3-95f0-16d819589928
[  106.367842][ T5847] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.431190][ T6158] XFS (loop0): Quotacheck: Done.
[  106.632205][ T5845] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  107.226626][ T6219] ubi31: attaching mtd0
[  107.254878][ T6219] ubi31: scanning is finished
[  107.262121][ T6219] ubi31: empty MTD device detected
[  107.429860][ T6219] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  107.473638][ T6219] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  107.491347][ T6219] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  107.518816][ T6219] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  107.544556][ T6219] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  107.563752][ T6219] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  107.592309][ T6219] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1035546046
[  107.594947][ T6232] loop2: detected capacity change from 0 to 2048
[  107.621478][ T6232] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  107.633229][ T6235] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  107.634856][ T6219] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  107.687260][ T6226] ubi31: background thread "ubi_bgt31d" started, PID 6226
[  107.921711][ T6243] loop0: detected capacity change from 0 to 512
[  107.957771][ T6243] EXT4-fs: Ignoring removed i_version option
[  107.983695][ T6243] EXT4-fs: Ignoring removed mblk_io_submit option
[  107.984429][ T6247] xt_hashlimit: size too large, truncated to 1048576
[  108.003981][ T6243] ext4: Unknown parameter 'seclabel'
[  108.172050][ T6254] loop0: detected capacity change from 0 to 1024
[  108.235581][ T6225] loop3: detected capacity change from 0 to 32768
[  108.251021][ T6225] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.100 (6225)
[  108.284225][ T6225] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  108.311792][ T6225] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  108.321850][ T6225] BTRFS info (device loop3): using free-space-tree
[  108.427475][ T6225] BTRFS info (device loop3): rebuilding free space tree
[  108.633391][ T5853] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  108.687445][ T6280] loop2: detected capacity change from 0 to 8192
[  108.945278][ T6290] loop4: detected capacity change from 0 to 512
[  109.053342][ T6296] netlink: 24 bytes leftover after parsing attributes in process `syz.3.118'.
[  109.067613][ T6290] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002]
[  109.115388][ T6290] System zones: 0-2, 18-18, 34-35
[  109.131890][ T6290] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  109.163124][ T6296] team0: entered promiscuous mode
[  109.193727][ T6290] ext4 filesystem being mounted at /19/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  109.206114][ T6296] team_slave_0: entered promiscuous mode
[  109.212098][ T6296] team_slave_1: entered promiscuous mode
[  109.226015][ T6296] batadv_slave_1: entered promiscuous mode
[  109.252461][ T6300] loop1: detected capacity change from 0 to 4096
[  109.282285][ T6300] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512).
[  109.330691][ T6306] loop2: detected capacity change from 0 to 128
[  109.341337][ T5841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.396660][ T6300] ntfs3(loop1): Failed to load $Extend (-22).
[  109.436622][ T6300] ntfs3(loop1): Failed to initialize $Extend.
[  109.629050][ T6320] loop2: detected capacity change from 0 to 512
[  109.691258][ T6322] loop4: detected capacity change from 0 to 1024
[  109.737223][ T6322] EXT4-fs: Ignoring removed oldalloc option
[  109.743198][ T6322] EXT4-fs: Ignoring removed bh option
[  109.749060][ T6320] EXT4-fs error (device loop2): ext4_orphan_get:1390: inode #15: comm syz.2.133: casefold flag without casefold feature
[  109.776000][ T6320] EXT4-fs error (device loop2): ext4_orphan_get:1395: comm syz.2.133: couldn't read orphan inode 15 (err -117)
[  109.798889][ T6320] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  109.836835][ T6322] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  109.905750][ T6322] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4115: comm syz.4.134: Allocating blocks 257-513 which overlap fs metadata
[  109.951270][ T5847] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  110.064760][ T5841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  110.382466][ T6335] loop1: detected capacity change from 0 to 65536
[  110.448457][ T6335] XFS (loop1): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  110.468082][ T6325] loop3: detected capacity change from 0 to 40427
[  110.490607][ T6325] F2FS-fs (loop3): build fault injection attr: rate: 771, type: 0x3fffff
[  110.501522][ T6335] XFS (loop1): Ending clean mount
[  110.518304][ T6325] F2FS-fs (loop3): invalid crc value
[  110.557998][ T5843] XFS (loop1): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  110.693983][ T6325] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  110.727578][ T6354] loop0: detected capacity change from 0 to 512
[  110.752966][ T6354] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  110.799646][ T6351] loop4: detected capacity change from 0 to 4096
[  110.819762][ T6354] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem
[  110.837955][ T6351] EXT4-fs: Ignoring removed orlov option
[  110.856978][ T6351] EXT4-fs (loop4): can't mount with data_err=abort, fs mounted w/o journal
[  110.857229][ T6354] EXT4-fs (loop0): warning: checktime reached, running e2fsck is recommended
[  110.904589][ T5853] syz-executor: attempt to access beyond end of device
[  110.904589][ T5853] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  110.920169][ T6354] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002]
[  110.928425][ T5853] CPU: 1 UID: 0 PID: 5853 Comm: syz-executor Not tainted 6.14.0-next-20250328-syzkaller #0 PREEMPT(full) 
[  110.928447][ T5853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  110.928458][ T5853] Call Trace:
[  110.928465][ T5853]  <TASK>
[  110.928472][ T5853]  dump_stack_lvl+0x241/0x360
[  110.928505][ T5853]  ? __pfx_dump_stack_lvl+0x10/0x10
[  110.928531][ T5853]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  110.928553][ T5853]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  110.928575][ T5853]  ? f2fs_hw_is_readonly+0x3a3/0x470
[  110.928606][ T5853]  f2fs_handle_critical_error+0x392/0x5a0
[  110.928640][ T5853]  f2fs_write_end_io+0x563/0x790
[  110.928663][ T5853]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  110.928685][ T5853]  ? bio_endio+0x7e4/0x890
[  110.928711][ T5853]  ? bio_endio+0x82a/0x890
[  110.928738][ T5853]  __submit_merged_bio+0x2a9/0x710
[  110.928760][ T5853]  ? f2fs_submit_merged_write_cond+0x101/0x380
[  110.928791][ T5853]  f2fs_submit_merged_write_cond+0x29f/0x380
[  110.928825][ T5853]  f2fs_write_data_pages+0x2f99/0x38d0
[  110.928895][ T5853]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  110.928936][ T5853]  ? __kernel_text_address+0xd/0x40
[  110.928994][ T5853]  ? rcu_is_watching+0x15/0xb0
[  110.929034][ T5853]  ? __lock_acquire+0xad5/0xd80
[  110.929057][ T5853]  ? do_raw_spin_lock+0x151/0x370
[  110.929089][ T5853]  ? do_raw_spin_unlock+0x13c/0x8b0
[  110.929118][ T5853]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  110.929148][ T5853]  do_writepages+0x364/0x890
[  110.929175][ T5853]  ? __pfx_do_writepages+0x10/0x10
[  110.929191][ T5853]  ? __lock_acquire+0xad5/0xd80
[  110.929214][ T5853]  ? do_raw_spin_lock+0x151/0x370
[  110.929250][ T5853]  ? do_raw_spin_unlock+0x13c/0x8b0
[  110.929283][ T5853]  filemap_fdatawrite+0x1f2/0x2a0
[  110.929305][ T5853]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  110.929322][ T5853]  ? mlock_drain_local+0x79/0x490
[  110.929382][ T5853]  ? do_raw_spin_unlock+0x13c/0x8b0
[  110.929415][ T5853]  f2fs_sync_dirty_inodes+0x34f/0x860
[  110.929447][ T5853]  f2fs_write_checkpoint+0x857/0x1da0
[  110.929485][ T5853]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  110.929542][ T5853]  ? kfree+0x198/0x430
[  110.929562][ T5853]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  110.929583][ T5853]  ? kill_f2fs_super+0x290/0x6d0
[  110.929606][ T5853]  kill_f2fs_super+0x2b8/0x6d0
[  110.929630][ T5853]  ? __pfx_kill_f2fs_super+0x10/0x10
[  110.929655][ T5853]  ? shrinker_free+0x2ca/0x3d0
[  110.929681][ T5853]  deactivate_locked_super+0xc4/0x130
[  110.929703][ T5853]  cleanup_mnt+0x422/0x4c0
[  110.929722][ T5853]  ? lockdep_hardirqs_on+0x9d/0x150
[  110.929749][ T5853]  task_work_run+0x251/0x310
[  110.929781][ T5853]  ? __pfx_task_work_run+0x10/0x10
[  110.929812][ T5853]  ? syscall_exit_to_user_mode+0xa3/0x340
[  110.929845][ T5853]  syscall_exit_to_user_mode+0x13f/0x340
[  110.929871][ T5853]  do_syscall_64+0x100/0x230
[  110.929895][ T5853]  ? clear_bhb_loop+0x45/0xa0
[  110.929917][ T5853]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.929934][ T5853] RIP: 0033:0x7f7bb7f8e497
[  110.929950][ T5853] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  110.929964][ T5853] RSP: 002b:00007ffe5c3f1f88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  110.929982][ T5853] RAX: 0000000000000000 RBX: 00007f7bb800e08c RCX: 00007f7bb7f8e497
[  110.929994][ T5853] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe5c3f2040
[  110.930004][ T5853] RBP: 00007ffe5c3f2040 R08: 0000000000000000 R09: 0000000000000000
[  110.930033][ T5853] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe5c3f30d0
[  110.930046][ T5853] R13: 00007f7bb800e08c R14: 000000000001b0e7 R15: 00007ffe5c3f3110
[  110.930080][ T5853]  </TASK>
[  110.930088][ T5853] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  111.149750][ T6354] System zones: 0-2, 18-18, 34-34
[  111.337540][ T6354] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1132: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  111.376775][ T6354] EXT4-fs (loop0): 1 truncate cleaned up
[  111.394833][ T6354] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  111.478811][ T6370] loop4: detected capacity change from 0 to 512
[  111.517420][ T5845] EXT4-fs error (device loop0): ext4_readdir:264: inode #2: block 3: comm syz-executor: path /29/file1: bad entry in directory: inode out of bounds - offset=0, inode=63, rec_len=12, size=4096 fake=1
[  111.569663][ T6370] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  111.701728][ T5841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.907727][ T6376] loop4: detected capacity change from 0 to 131072
[  112.926457][ T6376] F2FS-fs (loop4): Wrong CP boundary, start(512) end(1536) blocks(0)
[  112.934779][ T6376] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  112.983589][ T6376] F2FS-fs (loop4): invalid crc value
[  113.078590][ T6376] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  113.085922][ T6376] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  113.289328][   T36] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  113.408151][   T36] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  113.443812][   T59] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  113.511132][   T36] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  113.618949][   T36] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  113.635391][   T59] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  113.646062][   T59] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  113.670098][   T59] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  113.683575][   T59] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  113.711091][   T59] usb 3-1: SerialNumber: syz
[  113.809972][   T36] bridge_slave_1: left allmulticast mode
[  113.816211][   T47] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  113.833686][   T36] bridge_slave_1: left promiscuous mode
[  113.842057][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  113.880906][   T36] bridge_slave_0: left allmulticast mode
[  113.894780][   T36] bridge_slave_0: left promiscuous mode
[  113.901269][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  113.936377][   T59] usb 3-1: 0:2 : does not exist
[  113.991776][   T47] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[  114.001107][   T47] usb 4-1: config 1 has no interface number 0
[  114.011496][   T59] usb 3-1: USB disconnect, device number 2
[  114.021669][   T47] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  114.073315][   T47] usb 4-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  114.109360][   T47] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 29
[  114.139969][   T47] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  114.155366][   T47] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  114.169187][   T47] usb 4-1: Product: syz
[  114.173398][   T47] usb 4-1: Manufacturer: syz
[  114.203994][   T47] usb 4-1: SerialNumber: syz
[  114.338148][ T6416] netlink: 12 bytes leftover after parsing attributes in process `syz.1.167'.
[  114.372584][ T6074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  114.461531][ T6410] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  114.814634][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  114.847903][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  114.865341][   T36] bond0 (unregistering): Released all slaves
[  114.931134][ T6416] vlan2: entered promiscuous mode
[  114.943432][ T6416] batadv0: entered promiscuous mode
[  115.084632][ T6410] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  115.125570][   T47] cdc_ncm 4-1:1.1: bind() failure
[  115.337683][   T47] usb 4-1: USB disconnect, device number 3
[  115.386455][ T5846] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  115.394366][ T6428] loop1: detected capacity change from 0 to 512
[  115.395550][ T5846] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  115.408833][ T5846] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  115.414837][ T6428] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found
[  115.424722][ T5846] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  115.432799][ T5846] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  115.438371][ T6428] UDF-fs: Scanning with blocksize 512 failed
[  115.476589][ T6428] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found
[  115.494455][ T6428] UDF-fs: Scanning with blocksize 1024 failed
[  115.504624][ T6428] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found
[  115.505995][   T36] hsr_slave_0: left promiscuous mode
[  115.512215][ T6428] UDF-fs: Scanning with blocksize 2048 failed
[  115.534162][   T36] hsr_slave_1: left promiscuous mode
[  115.534480][ T6428] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  115.544948][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  115.559987][ T6428] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  115.596915][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  115.605306][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  115.612710][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  115.650821][   T36] veth1_macvtap: left promiscuous mode
[  115.661627][ T5856] block nbd4: Receive control failed (result -32)
[  115.662034][ T6422] block nbd4: shutting down sockets
[  115.685910][   T36] veth0_macvtap: left promiscuous mode
[  115.691667][   T36] veth1_vlan: left promiscuous mode
[  115.713974][   T36] veth0_vlan: left promiscuous mode
[  115.881347][ T6433] loop4: detected capacity change from 0 to 256
[  115.947894][ T6433] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  116.130831][ T6423] loop2: detected capacity change from 0 to 65536
[  116.163091][ T5841] exFAT-fs (loop4): error, data size is invalid(9000)
[  116.202975][ T5841] exFAT-fs (loop4): error, data size is invalid(9000)
[  116.233110][ T6423] XFS (loop2): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  116.304089][ T6423] XFS (loop2): Ending clean mount
[  116.399058][ T5847] XFS (loop2): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  116.840037][   T36] team0 (unregistering): Port device team_slave_1 removed
[  116.889132][   T36] team0 (unregistering): Port device team_slave_0 removed
[  117.352092][ T6456] unknown channel width for channel at 909000KHz?
[  117.493945][ T5856] Bluetooth: hci3: command tx timeout
[  118.081590][ T6479] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  118.109835][ T6427] chnl_net:caif_netlink_parms(): no params data found
[  118.164508][ T6470] loop3: detected capacity change from 0 to 32768
[  118.212167][ T6470] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.191 (6470)
[  118.263489][ T6470] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  118.280550][ T6470] BTRFS info (device loop3): using crc32c (crc32c-x86_64) checksum algorithm
[  118.304590][ T6470] BTRFS info (device loop3): disk space caching is enabled
[  118.312029][ T6470] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  118.419337][ T6495] loop2: detected capacity change from 0 to 256
[  118.478505][ T6495] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d)
[  118.493989][ T5854] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  118.499390][ T6495] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  118.503143][ T5854] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  118.522598][ T5854] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  118.531130][ T5854] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  118.535931][ T6470] BTRFS info (device loop3): rebuilding free space tree
[  118.540348][ T6427] bridge0: port 1(bridge_slave_0) entered blocking state
[  118.552543][ T5854] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  118.576262][ T6427] bridge0: port 1(bridge_slave_0) entered disabled state
[  118.585720][ T6470] BTRFS info (device loop3): disabling free space tree
[  118.593199][ T6470] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  118.598844][ T6427] bridge_slave_0: entered allmulticast mode
[  118.603448][ T6470] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  118.609216][ T5982] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  118.640774][ T6427] bridge_slave_0: entered promiscuous mode
[  118.666857][ T6427] bridge0: port 2(bridge_slave_1) entered blocking state
[  118.695043][ T6427] bridge0: port 2(bridge_slave_1) entered disabled state
[  118.702461][ T6427] bridge_slave_1: entered allmulticast mode
[  118.711623][ T6427] bridge_slave_1: entered promiscuous mode
[  118.790253][ T6427] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  118.803628][ T5982] usb 2-1: Using ep0 maxpacket: 32
[  118.817110][ T5982] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  118.838678][ T5982] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  118.852777][ T6427] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  118.861906][ T5853] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  118.861977][ T5982] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  118.897240][ T5982] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  118.934988][ T5982] usb 2-1: config 0 descriptor??
[  118.958129][ T5982] hub 2-1:0.0: USB hub found
[  118.989222][ T6427] team0: Port device team_slave_0 added
[  119.054703][ T6427] team0: Port device team_slave_1 added
[  119.148017][ T5982] hub 2-1:0.0: 1 port detected
[  119.157631][ T6427] batman_adv: batadv0: Adding interface: batadv_slave_0
[  119.168548][ T6427] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  119.198691][ T6427] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  119.219920][ T6427] batman_adv: batadv0: Adding interface: batadv_slave_1
[  119.233783][ T6427] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  119.272105][ T6427] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  119.443112][ T6521] loop3: detected capacity change from 0 to 2048
[  119.462403][ T6521] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  119.481268][ T6521] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  119.483152][ T6427] hsr_slave_0: entered promiscuous mode
[  119.497009][ T6427] hsr_slave_1: entered promiscuous mode
[  119.503354][ T6427] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  119.511817][ T6427] Cannot create hsr debugfs directory
[  119.561260][ T5982] usb 2-1: USB disconnect, device number 2
[  119.573749][ T5854] Bluetooth: hci3: command tx timeout
[  119.645168][ T6503] chnl_net:caif_netlink_parms(): no params data found
[  119.845719][ T6530] vivid-002: disconnect
[  119.864337][ T6529] vivid-002: reconnect
[  119.967654][ T6503] bridge0: port 1(bridge_slave_0) entered blocking state
[  119.977887][ T6503] bridge0: port 1(bridge_slave_0) entered disabled state
[  119.985410][ T6503] bridge_slave_0: entered allmulticast mode
[  119.993177][ T6503] bridge_slave_0: entered promiscuous mode
[  120.003957][ T6427] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  120.018271][ T6503] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.027393][ T6503] bridge0: port 2(bridge_slave_1) entered disabled state
[  120.034915][ T6503] bridge_slave_1: entered allmulticast mode
[  120.042592][ T6503] bridge_slave_1: entered promiscuous mode
[  120.049550][ T6427] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  120.109103][ T6427] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  120.137454][ T6503] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  120.153600][ T6427] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  120.175262][ T6503] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  120.199342][ T5908] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  120.300150][ T6503] team0: Port device team_slave_0 added
[  120.339554][ T6503] team0: Port device team_slave_1 added
[  120.380709][ T5908] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  120.398893][ T5908] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  120.409582][ T5908] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  120.427065][ T5908] usb 3-1: config 0 descriptor??
[  120.437036][ T5908] pwc: Askey VC010 type 2 USB webcam detected.
[  120.445504][ T6503] batman_adv: batadv0: Adding interface: batadv_slave_0
[  120.452469][ T6503] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  120.483986][   T59] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  120.503632][ T6503] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  120.517504][ T6503] batman_adv: batadv0: Adding interface: batadv_slave_1
[  120.525169][ T6503] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  120.552595][ T6503] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  120.603933][ T5854] Bluetooth: hci0: command tx timeout
[  120.674376][   T59] usb 2-1: Using ep0 maxpacket: 32
[  120.703596][   T59] usb 2-1: config 0 has an invalid interface number: 67 but max is 0
[  120.721973][   T59] usb 2-1: config 0 has no interface number 0
[  120.738276][   T59] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  120.753976][   T59] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  120.779277][   T59] usb 2-1: Product: syz
[  120.792205][ T6503] hsr_slave_0: entered promiscuous mode
[  120.799072][   T59] usb 2-1: Manufacturer: syz
[  120.804239][   T59] usb 2-1: SerialNumber: syz
[  120.811365][ T6503] hsr_slave_1: entered promiscuous mode
[  120.821658][   T59] usb 2-1: config 0 descriptor??
[  120.837724][ T6503] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  120.849413][   T59] smsc95xx v2.0.0
[  120.861673][ T6503] Cannot create hsr debugfs directory
[  120.875611][ T6427] 8021q: adding VLAN 0 to HW filter on device bond0
[  121.059127][ T5908] pwc: recv_control_msg error -32 req 02 val 2700
[  121.088220][ T5908] pwc: recv_control_msg error -32 req 02 val 2c00
[  121.089360][ T6427] 8021q: adding VLAN 0 to HW filter on device team0
[  121.109393][ T5908] pwc: recv_control_msg error -71 req 04 val 1000
[  121.131813][ T5908] pwc: recv_control_msg error -71 req 04 val 1300
[  121.156605][ T5908] pwc: recv_control_msg error -71 req 04 val 1400
[  121.172275][ T5908] pwc: recv_control_msg error -71 req 02 val 2000
[  121.181611][ T5908] pwc: recv_control_msg error -71 req 02 val 2100
[  121.191537][   T81] bridge0: port 1(bridge_slave_0) entered blocking state
[  121.192756][ T5908] pwc: recv_control_msg error -71 req 04 val 1500
[  121.198728][   T81] bridge0: port 1(bridge_slave_0) entered forwarding state
[  121.214885][ T5908] pwc: recv_control_msg error -71 req 02 val 2500
[  121.223301][ T5908] pwc: recv_control_msg error -71 req 02 val 2400
[  121.236031][   T81] bridge0: port 2(bridge_slave_1) entered blocking state
[  121.240908][ T5908] pwc: recv_control_msg error -71 req 02 val 2600
[  121.243190][   T81] bridge0: port 2(bridge_slave_1) entered forwarding state
[  121.270136][ T5908] pwc: recv_control_msg error -71 req 02 val 2900
[  121.285061][ T5908] pwc: recv_control_msg error -71 req 02 val 2800
[  121.302338][ T5908] pwc: recv_control_msg error -71 req 04 val 1100
[  121.322420][ T5908] pwc: recv_control_msg error -71 req 04 val 1200
[  121.342438][ T5908] pwc: Registered as video103.
[  121.357920][ T5908] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input5
[  121.396762][ T5908] usb 3-1: USB disconnect, device number 3
[  121.544385][ T6503] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  121.556961][ T6503] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  121.579547][ T6503] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  121.595218][ T6503] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  121.643700][ T5854] Bluetooth: hci3: command tx timeout
[  121.680252][   T59] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): EEPROM read operation timeout
[  121.703087][ T6550] loop3: detected capacity change from 0 to 512
[  121.779863][ T6503] 8021q: adding VLAN 0 to HW filter on device bond0
[  121.807206][ T6550] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  121.825242][ T6503] 8021q: adding VLAN 0 to HW filter on device team0
[  121.839424][ T6550] ext4 filesystem being mounted at /52/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  121.855285][ T2989] bridge0: port 1(bridge_slave_0) entered blocking state
[  121.862454][ T2989] bridge0: port 1(bridge_slave_0) entered forwarding state
[  121.872282][ T2989] bridge0: port 2(bridge_slave_1) entered blocking state
[  121.879455][ T2989] bridge0: port 2(bridge_slave_1) entered forwarding state
[  121.886166][   T59] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  121.911815][   T59] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -71
[  121.931300][ T6427] 8021q: adding VLAN 0 to HW filter on device batadv0
[  121.972288][   T59] usb 2-1: USB disconnect, device number 3
[  122.017249][ T5853] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  122.034131][ T5908] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  122.202205][ T5908] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  122.232017][ T5908] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  122.249856][ T5908] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  122.268348][ T5908] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  122.279918][ T5908] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  122.297719][ T5908] usb 3-1: config 0 descriptor??
[  122.389623][ T6503] 8021q: adding VLAN 0 to HW filter on device batadv0
[  122.453401][ T6427] veth0_vlan: entered promiscuous mode
[  122.509741][ T6427] veth1_vlan: entered promiscuous mode
[  122.654980][ T6427] veth0_macvtap: entered promiscuous mode
[  122.676447][ T6427] veth1_macvtap: entered promiscuous mode
[  122.685289][ T5854] Bluetooth: hci0: command tx timeout
[  122.723404][ T6427] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  122.735807][ T6427] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  122.750084][ T6427] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  122.758534][ T5908] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  122.761403][ T6427] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  122.779724][ T6427] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  122.792209][ T6427] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  122.816049][ T5908] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving
[  122.820085][ T6579] loop1: detected capacity change from 0 to 128
[  122.833576][ T6427] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  122.856838][ T6579] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  122.863724][ T6427] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  122.884110][ T6579] ext4 filesystem being mounted at /55/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  122.900398][ T5908] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  122.952570][ T6568] loop3: detected capacity change from 0 to 32768
[  122.959488][ T6427] batman_adv: batadv0: Interface activated: batadv_slave_0
[  123.008101][ T6427] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  123.020322][ T6427] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.031256][ T6427] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  123.041850][ T6427] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.051835][ T6427] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  123.053798][ T6568] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  123.062456][ T6427] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.081369][ T5908] usb 3-1: USB disconnect, device number 4
[  123.086620][ T6427] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  123.107597][ T6427] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.122957][ T5843] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  123.147059][ T6427] batman_adv: batadv0: Interface activated: batadv_slave_1
[  123.172964][ T6427] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  123.184078][ T6427] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  123.192882][ T6427] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  123.204689][ T6427] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  123.298917][ T6568] XFS (loop3): Ending clean mount
[  123.315114][ T6503] veth0_vlan: entered promiscuous mode
[  123.328798][ T6568] XFS (loop3): Quotacheck needed: Please wait.
[  123.374750][ T6503] veth1_vlan: entered promiscuous mode
[  123.384506][ T6568] XFS (loop3): Quotacheck: Done.
[  123.448589][ T1152] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.463098][ T1152] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.527137][ T1088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.543425][ T6503] veth0_macvtap: entered promiscuous mode
[  123.553191][ T1088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.579441][ T6503] veth1_macvtap: entered promiscuous mode
[  123.636629][ T6503] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  123.670500][ T6503] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.690910][ T6503] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  123.707979][ T6503] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.718394][ T6503] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  123.729282][ T5854] Bluetooth: hci3: command tx timeout
[  123.736220][ T6503] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.746599][ T6503] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  123.757483][ T6503] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.767928][ T6503] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  123.778742][ T6503] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.791180][ T6503] batman_adv: batadv0: Interface activated: batadv_slave_0
[  123.812970][ T6503] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  123.829281][ T6503] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.840640][ T6503] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  123.859527][ T6503] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.869894][ T6503] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  123.888862][ T6503] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.901332][ T6503] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  123.914286][ T6503] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.924228][ T6503] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  123.934803][ T6503] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.949292][ T6503] batman_adv: batadv0: Interface activated: batadv_slave_1
[  123.978598][ T6503] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  123.989114][ T6503] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  124.017255][ T6503] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  124.033216][ T6503] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  124.057849][ T5853] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  124.263003][ T6610] netlink: 'syz.1.227': attribute type 2 has an invalid length.
[  124.336870][ T6613] loop5: detected capacity change from 0 to 2048
[  124.392158][ T1152] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  124.421617][ T1152] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  124.429682][ T6613] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  124.463794][   T30] audit: type=1800 audit(1743173004.305:3): pid=6613 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.228" name="file2" dev="loop5" ino=16 res=0 errno=0
[  124.490259][ T6613] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  124.563994][ T2942] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  124.571855][ T2942] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  124.595509][ T6622] loop3: detected capacity change from 0 to 512
[  124.605001][ T2942] EXT4-fs (loop5): Delayed block allocation failed for inode 16 at logical offset 0 with max blocks 1 with error 28
[  124.631605][ T6620] loop1: detected capacity change from 0 to 2048
[  124.645179][ T2942] EXT4-fs (loop5): This should not happen!! Data will be lost
[  124.645179][ T2942] 
[  124.661092][ T6622] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  124.661876][ T2942] EXT4-fs (loop5): Total free blocks count 0
[  124.680089][ T6622] ext4 filesystem being mounted at /54/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  124.712148][ T2942] EXT4-fs (loop5): Free/Dirty block details
[  124.724879][ T6620]  loop1: p1 < > p4
[  124.752325][ T2942] EXT4-fs (loop5): free_blocks=2415919120
[  124.758694][ T2942] EXT4-fs (loop5): dirty_blocks=16
[  124.765301][ T6620] loop1: p4 size 8388608 extends beyond EOD, truncated
[  124.767069][ T5854] Bluetooth: hci0: command tx timeout
[  124.778275][ T2942] EXT4-fs (loop5): Block reservation details
[  124.784362][ T2942] EXT4-fs (loop5): i_reserved_data_blocks=1
[  124.793227][ T6427] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  124.823173][ T6622] overlayfs: invalid origin (000000790000000000000000000000000000000000000000000000000000000000000000000000000000000000000000)
[  124.999399][ T6632] netlink: 12 bytes leftover after parsing attributes in process `syz.5.231'.
[  125.063926][ T6632] netlink: 12 bytes leftover after parsing attributes in process `syz.5.231'.
[  125.131234][ T5853] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  125.238374][ T6638] loop1: detected capacity change from 0 to 64
[  125.284449][ T6640] netlink: 24 bytes leftover after parsing attributes in process `syz.5.236'.
[  125.337987][ T6638] minix_free_block (loop1:2): bit already cleared
[  125.364204][ T6638] minix_free_block (loop1:3): bit already cleared
[  125.366835][ T6643] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.235'.
[  125.370648][ T6638] minix_free_block (loop1:4): bit already cleared
[  125.426339][ T6642] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.235'.
[  125.552848][ T6649] vlan2: entered promiscuous mode
[  125.567146][ T6649] bond0: entered promiscuous mode
[  125.572220][ T6649] bond_slave_0: entered promiscuous mode
[  125.600870][ T6649] bond_slave_1: entered promiscuous mode
[  125.728332][ T6630] loop6: detected capacity change from 0 to 32768
[  125.779438][ T6630] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.194 (6630)
[  125.797027][ T6660] netlink: 72 bytes leftover after parsing attributes in process `syz.2.244'.
[  125.838192][ T6630] BTRFS info (device loop6): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  125.863775][ T6630] BTRFS info (device loop6): using sha256 (sha256-avx2) checksum algorithm
[  125.887275][ T6663] netlink: 12 bytes leftover after parsing attributes in process `syz.5.246'.
[  126.056477][ T6630] BTRFS info (device loop6): rebuilding free space tree
[  126.078291][ T6630] BTRFS info (device loop6): disabling free space tree
[  126.093030][ T6630] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  126.118792][ T6630] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  126.427922][ T6705] netlink: 28 bytes leftover after parsing attributes in process `syz.3.257'.
[  126.470032][ T6705] netlink: 'syz.3.257': attribute type 7 has an invalid length.
[  126.520521][ T6708] loop2: detected capacity change from 0 to 1024
[  126.523767][ T6705] netlink: 'syz.3.257': attribute type 8 has an invalid length.
[  126.541881][ T6705] netlink: 4 bytes leftover after parsing attributes in process `syz.3.257'.
[  126.567397][ T6705] gretap0: entered promiscuous mode
[  126.575257][ T6708] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  126.592980][ T6705] gretap0: left promiscuous mode
[  126.607354][ T6503] BTRFS info (device loop6): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  126.622473][   T30] audit: type=1800 audit(1743173006.465:4): pid=6708 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.259" name="file1" dev="loop2" ino=15 res=0 errno=0
[  126.712427][ T5847] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  126.844722][ T5854] Bluetooth: hci0: command tx timeout
[  127.512990][ T6747] team0: entered promiscuous mode
[  127.530076][ T6747] team_slave_0: entered promiscuous mode
[  127.537351][ T6747] team_slave_1: entered promiscuous mode
[  127.546084][ T6745] team0: left promiscuous mode
[  127.551584][ T6745] team_slave_0: left promiscuous mode
[  127.554960][ T6752] vxcan1: tx address claim with different name
[  127.558773][ T6745] team_slave_1: left promiscuous mode
[  127.637251][ T6753] loop2: detected capacity change from 0 to 2048
[  127.666914][ T6757] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  127.677546][ T6753] udf: Unknown parameter 'dont_measure'
[  127.765026][   T10] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  127.943722][   T10] usb 2-1: Using ep0 maxpacket: 32
[  127.982017][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  127.996397][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  128.007327][   T10] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  128.017647][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  128.040045][   T10] usb 2-1: config 0 descriptor??
[  128.185438][ T6779] loop6: detected capacity change from 0 to 2048
[  128.193141][ T6779] EXT4-fs: Ignoring removed nobh option
[  128.241863][ T6779] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  128.300232][ T6779] ext4 filesystem being mounted at /8/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  128.341616][ T6779] fs-verity: sha256 using implementation "sha256-avx2"
[  128.476144][ T6503] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  128.516241][   T10] savu 0003:1E7D:2D5A.0002: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0
[  128.787115][   T47] usb 2-1: USB disconnect, device number 4
[  128.941508][ T6807] team_slave_0: entered promiscuous mode
[  128.947396][ T6807] team_slave_1: entered promiscuous mode
[  128.966057][ T6807] vlan2: entered promiscuous mode
[  128.976981][ T6807] team0: entered promiscuous mode
[  128.989745][ T6808] capability: warning: `syz.2.295' uses deprecated v2 capabilities in a way that may be insecure
[  129.071488][ T6810] netlink: 24 bytes leftover after parsing attributes in process `syz.5.303'.
[  129.181060][ T6814] loop6: detected capacity change from 0 to 256
[  129.971976][ T6824] loop1: detected capacity change from 0 to 32768
[  130.008545][ T6824] ocfs2: Slot 0 on device (7,1) was already allocated to this node!
[  130.042379][ T6824] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  130.206520][ T6830] loop3: detected capacity change from 0 to 40427
[  130.236518][ T6830] F2FS-fs (loop3): invalid crc value
[  130.346836][ T6830] F2FS-fs (loop3): Start checkpoint disabled!
[  130.386899][ T6830] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  130.389408][ T5843] ocfs2: Unmounting device (7,1) on (node local)
[  130.453059][ T6849] loop6: detected capacity change from 0 to 256
[  130.498655][   T53] kworker/u8:3: attempt to access beyond end of device
[  130.498655][   T53] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  130.509928][ T6849] FAT-fs (loop6): Directory bread(block 64) failed
[  130.534594][   T53] CPU: 0 UID: 0 PID: 53 Comm: kworker/u8:3 Not tainted 6.14.0-next-20250328-syzkaller #0 PREEMPT(full) 
[  130.534622][   T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  130.534635][   T53] Workqueue: writeback wb_workfn (flush-7:3)
[  130.534665][   T53] Call Trace:
[  130.534673][   T53]  <TASK>
[  130.534682][   T53]  dump_stack_lvl+0x241/0x360
[  130.534716][   T53]  ? __pfx_dump_stack_lvl+0x10/0x10
[  130.534747][   T53]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  130.534771][   T53]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  130.534798][   T53]  ? f2fs_hw_is_readonly+0x3a3/0x470
[  130.534832][   T53]  f2fs_handle_critical_error+0x392/0x5a0
[  130.534871][   T53]  f2fs_write_end_io+0x563/0x790
[  130.534899][   T53]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  130.534924][   T53]  ? bio_endio+0x7e4/0x890
[  130.534955][   T53]  ? bio_endio+0x82a/0x890
[  130.534985][   T53]  __submit_merged_bio+0x2a9/0x710
[  130.535011][   T53]  ? f2fs_submit_merged_write_cond+0x101/0x380
[  130.535046][   T53]  f2fs_submit_merged_write_cond+0x29f/0x380
[  130.535087][   T53]  f2fs_write_data_pages+0x2f99/0x38d0
[  130.535160][   T53]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  130.535244][   T53]  ? stack_trace_save+0x11a/0x1d0
[  130.535306][   T53]  ? __update_page_owner_handle+0x5a/0x550
[  130.535340][   T53]  ? __lock_acquire+0xad5/0xd80
[  130.535366][   T53]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  130.535412][   T53]  do_writepages+0x364/0x890
[  130.535461][   T53]  ? __pfx_do_writepages+0x10/0x10
[  130.535493][   T53]  ? __page_table_check_zero+0xb8/0x510
[  130.535538][   T53]  ? __lock_acquire+0xad5/0xd80
[  130.535567][   T53]  ? reacquire_held_locks+0x12a/0x1e0
[  130.535605][   T53]  ? writeback_sb_inodes+0x43f/0x1360
[  130.535636][   T53]  __writeback_single_inode+0x14f/0x10d0
[  130.535666][   T53]  writeback_sb_inodes+0x822/0x1360
[  130.535720][   T53]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  130.535826][   T53]  ? rcu_is_watching+0x15/0xb0
[  130.535853][   T53]  ? queue_io+0x310/0x4d0
[  130.535882][   T53]  wb_writeback+0x415/0xb90
[  130.535911][   T53]  ? queue_io+0x2f1/0x4d0
[  130.535933][   T53]  ? __pfx_wb_writeback+0x10/0x10
[  130.535971][   T53]  wb_workfn+0x412/0x10b0
[  130.536010][   T53]  ? __pfx_wb_workfn+0x10/0x10
[  130.536027][   T53]  ? register_lock_class+0x54/0x330
[  130.536049][   T53]  ? __lock_acquire+0xad5/0xd80
[  130.536069][   T53]  ? lockdep_hardirqs_on+0x9d/0x150
[  130.536111][   T53]  ? process_scheduled_works+0x9cb/0x18e0
[  130.536130][   T53]  process_scheduled_works+0xac3/0x18e0
[  130.536178][   T53]  ? __pfx_process_scheduled_works+0x10/0x10
[  130.536208][   T53]  ? assign_work+0x367/0x3d0
[  130.536233][   T53]  worker_thread+0x870/0xd50
[  130.536268][   T53]  ? __kthread_parkme+0x1a8/0x200
[  130.536293][   T53]  ? __pfx_worker_thread+0x10/0x10
[  130.536314][   T53]  kthread+0x7b7/0x940
[  130.536340][   T53]  ? __pfx_worker_thread+0x10/0x10
[  130.536362][   T53]  ? __pfx_kthread+0x10/0x10
[  130.536383][   T53]  ? __pfx_kthread+0x10/0x10
[  130.536406][   T53]  ? __pfx_kthread+0x10/0x10
[  130.536430][   T53]  ? __pfx_kthread+0x10/0x10
[  130.536452][   T53]  ? _raw_spin_unlock_irq+0x23/0x50
[  130.536469][   T53]  ? lockdep_hardirqs_on+0x9d/0x150
[  130.536489][   T53]  ? __pfx_kthread+0x10/0x10
[  130.536514][   T53]  ret_from_fork+0x4b/0x80
[  130.536531][   T53]  ? __pfx_kthread+0x10/0x10
[  130.536555][   T53]  ret_from_fork_asm+0x1a/0x30
[  130.536586][   T53]  </TASK>
[  130.536594][   T53] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  130.544517][ T6849] FAT-fs (loop6): Directory bread(block 65) failed
[  130.887674][ T6849] FAT-fs (loop6): Directory bread(block 66) failed
[  130.894610][ T6849] FAT-fs (loop6): Directory bread(block 67) failed
[  130.901262][ T6849] FAT-fs (loop6): Directory bread(block 68) failed
[  130.907877][ T6849] FAT-fs (loop6): Directory bread(block 69) failed
[  130.914568][ T6849] FAT-fs (loop6): Directory bread(block 70) failed
[  130.921117][ T6849] FAT-fs (loop6): Directory bread(block 71) failed
[  130.927810][ T6849] FAT-fs (loop6): Directory bread(block 72) failed
[  130.934436][ T6849] FAT-fs (loop6): Directory bread(block 73) failed
[  131.003953][   T30] audit: type=1800 audit(1743173010.855:5): pid=6849 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.319" name="file1" dev="loop6" ino=17 res=0 errno=0
[  131.318649][ T6852] loop1: detected capacity change from 0 to 32768
[  131.332216][ T6852] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.317 (6852)
[  131.354967][ T6852] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  131.373653][ T6852] BTRFS info (device loop1): using crc32c (crc32c-x86_64) checksum algorithm
[  131.392755][ T6852] BTRFS info (device loop1): disk space caching is enabled
[  131.408739][ T6852] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  131.547921][ T6852] BTRFS info (device loop1): rebuilding free space tree
[  131.596132][ T6852] BTRFS info (device loop1): disabling free space tree
[  131.619915][ T6852] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  131.673035][ T6852] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  131.960312][ T6897] loop3: detected capacity change from 0 to 128
[  132.006670][ T5843] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  132.021373][ T6897] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  132.114661][ T6897] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  132.141247][ T6862] loop6: detected capacity change from 0 to 32768
[  132.141388][ T5897] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  132.194864][ T6862] XFS (loop6): Invalid device [./file0], error=-15
[  132.343742][ T5897] usb 6-1: Using ep0 maxpacket: 32
[  132.351155][ T5897] usb 6-1: config 0 has an invalid interface number: 12 but max is 0
[  132.388180][ T5897] usb 6-1: config 0 has no interface number 0
[  132.395206][ T6903] loop3: detected capacity change from 0 to 2048
[  132.403792][ T5897] usb 6-1: config 0 interface 12 has no altsetting 0
[  132.422085][ T6901] loop2: detected capacity change from 0 to 4096
[  132.443422][ T5897] usb 6-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  132.463225][ T5897] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  132.478736][ T6901] NILFS (loop2): invalid segment: Checksum error in segment payload
[  132.492239][ T5897] usb 6-1: Product: syz
[  132.496576][ T6901] NILFS (loop2): trying rollback from an earlier position
[  132.504792][ T6903] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  132.513034][ T5897] usb 6-1: Manufacturer: syz
[  132.539916][ T6901] NILFS (loop2): norecovery option specified, skipping roll-forward recovery
[  132.572702][ T5897] usb 6-1: SerialNumber: syz
[  132.609956][ T5897] usb 6-1: config 0 descriptor??
[  132.672542][ T5853] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  132.774254][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  132.780892][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  132.899420][ T6920] netlink: 'syz.2.341': attribute type 33 has an invalid length.
[  132.914010][   T30] audit: type=1326 audit(1743173012.765:6): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=unconfined pid=6921 comm="syz.3.342" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7bb7f8d169 code=0x0
[  132.936697][ T6920] netlink: 152 bytes leftover after parsing attributes in process `syz.2.341'.
[  133.022173][ T6924] Bluetooth: MGMT ver 1.23
[  133.206460][ T6930] loop1: detected capacity change from 0 to 4096
[  133.243682][ T5854] Bluetooth: hci0: command tx timeout
[  133.258375][ T6931] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  133.291954][   T30] audit: type=1800 audit(1743173013.145:7): pid=6930 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.346" name="file2" dev="loop1" ino=16 res=0 errno=0
[  133.319122][   T30] audit: type=1800 audit(1743173013.175:8): pid=6930 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.346" name="file2" dev="loop1" ino=16 res=0 errno=0
[  133.607136][ T6943] syz_tun: entered promiscuous mode
[  133.618473][ T6943] batadv_slave_0: entered promiscuous mode
[  133.628652][ T6943] debugfs: Directory 'hsr1' with parent 'hsr' already present!
[  133.637486][ T6943] Cannot create hsr debugfs directory
[  133.656721][ T5897] f81534 6-1:0.12: f81534_get_register: reg: 1003 failed: -71
[  133.678074][ T5897] f81534 6-1:0.12: f81534_find_config_idx: read failed: -71
[  133.690004][ T5897] f81534 6-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  133.700412][ T5897] f81534 6-1:0.12: probe with driver f81534 failed with error -71
[  133.728762][ T5897] usb 6-1: USB disconnect, device number 2
[  133.881097][ T6954] netlink: 'syz.6.356': attribute type 4 has an invalid length.
[  134.193145][ T6965] netlink: 12 bytes leftover after parsing attributes in process `syz.2.360'.
[  134.237580][ T6965] team_slave_0: entered promiscuous mode
[  134.243343][ T6965] team_slave_1: entered promiscuous mode
[  134.273422][ T6967] netlink: 12 bytes leftover after parsing attributes in process `syz.2.360'.
[  134.300549][ T6965] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  134.325404][ T6967] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  134.947291][ T6964] loop3: detected capacity change from 0 to 40427
[  134.968676][ T6964] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  134.980209][ T6964] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  135.009860][ T6964] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  135.122222][ T6964] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  135.135846][ T6964] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  135.613646][ T5897] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  135.773733][ T5897] usb 7-1: Using ep0 maxpacket: 8
[  135.797729][ T5897] usb 7-1: config 179 has an invalid interface number: 65 but max is 0
[  135.818435][ T5897] usb 7-1: config 179 has no interface number 0
[  135.844195][ T5897] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  135.860202][ T7019] loop2: detected capacity change from 0 to 128
[  135.866557][ T5897] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  135.866590][ T5897] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  135.866614][ T5897] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  135.866667][ T5897] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  135.866688][ T5897] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  135.876991][ T7005] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  135.961962][ T7022] netlink: 8 bytes leftover after parsing attributes in process `syz.3.382'.
[  136.071743][ T7019] EXT4-fs (loop2): Test dummy encryption mode enabled
[  136.107448][ T7019] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  136.147848][ T7019] ext4 filesystem being mounted at /90/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  136.395161][ T7019] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni"
[  136.494320][ T5927] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  136.516736][ T5847] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  136.556780][   T59] usb 7-1: USB disconnect, device number 2
[  136.556804][    C0] xpad 7-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  136.573658][    C0] dummy_hcd dummy_hcd.6: timer fired with no URBs pending?
[  136.695951][ T5927] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  136.704637][ T5927] usb 4-1: config 0 has no interface number 0
[  136.712489][ T5927] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  136.746253][ T5927] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  136.782244][ T7025] loop5: detected capacity change from 0 to 32768
[  136.792634][ T5927] usb 4-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.18
[  136.822742][ T5927] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  136.851412][ T5927] usb 4-1: config 0 descriptor??
[  136.872134][ T7025] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  136.964813][ T7035] loop1: detected capacity change from 0 to 32768
[  136.972009][ T7035] XFS: noikeep mount option is deprecated.
[  137.002706][ T7025] XFS (loop5): Ending clean mount
[  137.028995][ T7025] XFS (loop5): Quotacheck needed: Please wait.
[  137.049303][ T7035] XFS (loop1): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  137.137052][ T7025] XFS (loop5): Quotacheck: Done.
[  137.193006][ T7035] XFS (loop1): Ending clean mount
[  137.226743][ T7035] XFS (loop1): Quotacheck needed: Please wait.
[  137.298089][ T7035] XFS (loop1): Quotacheck: Done.
[  137.345246][ T5927] input: HID 04d9:a055 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.1/0003:04D9:A055.0003/input/input6
[  137.376732][ T6427] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  137.462844][ T5843] XFS (loop1): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  137.518845][ T5927] holtek_kbd 0003:04D9:A055.0003: input,hidraw0: USB HID v0.00 Keyboard [HID 04d9:a055] on usb-dummy_hcd.3-1/input1
[  137.580145][ T5927] usb 4-1: USB disconnect, device number 4
[  137.973382][ T7065] loop6: detected capacity change from 0 to 32768
[  137.988522][ T7065] XFS: ikeep mount option is deprecated.
[  138.036550][ T7065] XFS (loop6): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  138.085962][ T7065] XFS (loop6): Ending clean mount
[  138.094331][ T7065] XFS (loop6): Quotacheck needed: Please wait.
[  138.132627][ T7065] XFS (loop6): Quotacheck: Done.
[  138.240052][ T6503] XFS (loop6): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  138.302560][ T7069] loop1: detected capacity change from 0 to 32768
[  138.987904][ T7101] netlink: 'syz.1.405': attribute type 11 has an invalid length.
[  139.028976][ T7091] loop6: detected capacity change from 0 to 32768
[  139.230797][ T7105] ea_get: invalid extended attribute
[  139.249916][ T7105] ffff88805b7df1d0: 04 00 00 00                                      ....
[  139.387268][ T7108] loop5: detected capacity change from 0 to 4096
[  139.515115][ T7120] ieee802154 phy0 wpan0: encryption failed: -22
[  139.849296][ T7137] loop3: detected capacity change from 0 to 512
[  139.859344][ T7137] EXT4-fs: inline encryption not supported
[  139.889231][ T7137] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  139.941063][ T7137] ext4 filesystem being mounted at /83/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  140.049759][ T7144] loop5: detected capacity change from 0 to 128
[  140.098885][ T7144] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 ro without journal. Quota mode: none.
[  140.167937][ T7152] loop1: detected capacity change from 0 to 64
[  140.242103][ T7144] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  140.298267][ T5853] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  140.357590][ T7157] loop5: detected capacity change from 0 to 256
[  140.478943][ T7163] loop5: detected capacity change from 0 to 512
[  140.529821][ T7161] loop3: detected capacity change from 0 to 8192
[  140.552863][ T7163] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  140.655169][ T7163] ext4 filesystem being mounted at /43/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  140.708058][ T7163] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  140.883622][ T5908] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  141.053773][ T5908] usb 7-1: Using ep0 maxpacket: 32
[  141.089652][ T5908] usb 7-1: config 0 has an invalid interface number: 16 but max is 0
[  141.103121][ T7169] loop1: detected capacity change from 0 to 32768
[  141.112575][ T5908] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  141.131014][ T7169] ocfs2: Slot 0 on device (7,1) was already allocated to this node!
[  141.155759][ T5908] usb 7-1: config 0 has no interface number 0
[  141.157698][ T7169] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  141.173902][ T5908] usb 7-1: config 0 interface 16 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  141.229940][ T5908] usb 7-1: config 0 interface 16 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8
[  141.299588][ T5908] usb 7-1: New USB device found, idVendor=0499, idProduct=102a, bcdDevice=85.2d
[  141.332962][ T5908] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  141.361981][ T5908] usb 7-1: Product: syz
[  141.378959][ T5908] usb 7-1: Manufacturer: syz
[  141.395017][ T5908] usb 7-1: SerialNumber: syz
[  141.428035][ T5908] usb 7-1: config 0 descriptor??
[  141.447877][ T7171] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  141.463920][ T7171] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  141.489339][ T5908] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  141.545057][ T7173] loop5: detected capacity change from 0 to 40427
[  141.560501][ T5843] ocfs2: Unmounting device (7,1) on (node local)
[  141.577687][ T7173] F2FS-fs (loop5): build fault injection attr: rate: 771, type: 0x3fffff
[  141.615309][ T7173] F2FS-fs (loop5): invalid crc value
[  141.736109][ T5908] usb 7-1: USB disconnect, device number 3
[  141.854127][ T7177] loop3: detected capacity change from 0 to 32768
[  141.866732][ T7173] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  141.895673][ T7186] loop1: detected capacity change from 0 to 164
[  141.914919][ T7186] iso9660: Bad value for 'session'
[  141.939886][ T7177] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  141.960331][ T7181] loop2: detected capacity change from 0 to 32768
[  142.005918][ T7181] XFS (loop2): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  142.021615][ T6427] syz-executor: attempt to access beyond end of device
[  142.021615][ T6427] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  142.039398][ T6427] CPU: 0 UID: 0 PID: 6427 Comm: syz-executor Not tainted 6.14.0-next-20250328-syzkaller #0 PREEMPT(full) 
[  142.039424][ T6427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  142.039436][ T6427] Call Trace:
[  142.039443][ T6427]  <TASK>
[  142.039450][ T6427]  dump_stack_lvl+0x241/0x360
[  142.039484][ T6427]  ? __pfx_dump_stack_lvl+0x10/0x10
[  142.039511][ T6427]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  142.039552][ T6427]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  142.039576][ T6427]  ? f2fs_hw_is_readonly+0x3a3/0x470
[  142.039611][ T6427]  f2fs_handle_critical_error+0x392/0x5a0
[  142.039649][ T6427]  f2fs_write_end_io+0x563/0x790
[  142.039676][ T6427]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  142.039700][ T6427]  ? bio_endio+0x7e4/0x890
[  142.039730][ T6427]  ? bio_endio+0x82a/0x890
[  142.039761][ T6427]  __submit_merged_bio+0x2a9/0x710
[  142.039784][ T6427]  ? f2fs_submit_merged_write_cond+0x101/0x380
[  142.039818][ T6427]  f2fs_submit_merged_write_cond+0x29f/0x380
[  142.039860][ T6427]  f2fs_write_data_pages+0x2f99/0x38d0
[  142.039943][ T6427]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  142.040061][ T6427]  ? __mod_memcg_lruvec_state+0x301/0x4f0
[  142.040100][ T6427]  ? __pfx___mod_memcg_lruvec_state+0x10/0x10
[  142.040157][ T6427]  ? __lock_acquire+0xad5/0xd80
[  142.040186][ T6427]  ? do_raw_spin_lock+0x151/0x370
[  142.040228][ T6427]  ? do_raw_spin_unlock+0x13c/0x8b0
[  142.040262][ T6427]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  142.040298][ T6427]  do_writepages+0x364/0x890
[  142.040332][ T6427]  ? __pfx_do_writepages+0x10/0x10
[  142.040351][ T6427]  ? __lock_acquire+0xad5/0xd80
[  142.040380][ T6427]  ? do_raw_spin_lock+0x151/0x370
[  142.040426][ T6427]  ? do_raw_spin_unlock+0x13c/0x8b0
[  142.040467][ T6427]  filemap_fdatawrite+0x1f2/0x2a0
[  142.040494][ T6427]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  142.040514][ T6427]  ? mlock_drain_local+0x79/0x490
[  142.040595][ T6427]  ? do_raw_spin_unlock+0x13c/0x8b0
[  142.040636][ T6427]  f2fs_sync_dirty_inodes+0x34f/0x860
[  142.040678][ T6427]  f2fs_write_checkpoint+0x857/0x1da0
[  142.040728][ T6427]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  142.040806][ T6427]  ? kfree+0x198/0x430
[  142.040830][ T6427]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  142.040854][ T6427]  ? kill_f2fs_super+0x290/0x6d0
[  142.040884][ T6427]  kill_f2fs_super+0x2b8/0x6d0
[  142.040914][ T6427]  ? __pfx_kill_f2fs_super+0x10/0x10
[  142.040953][ T6427]  ? shrinker_free+0x2ca/0x3d0
[  142.040985][ T6427]  deactivate_locked_super+0xc4/0x130
[  142.041012][ T6427]  cleanup_mnt+0x422/0x4c0
[  142.041035][ T6427]  ? lockdep_hardirqs_on+0x9d/0x150
[  142.041067][ T6427]  task_work_run+0x251/0x310
[  142.041107][ T6427]  ? __pfx_task_work_run+0x10/0x10
[  142.041145][ T6427]  ? syscall_exit_to_user_mode+0xa3/0x340
[  142.041178][ T6427]  syscall_exit_to_user_mode+0x13f/0x340
[  142.041211][ T6427]  do_syscall_64+0x100/0x230
[  142.041252][ T6427]  ? clear_bhb_loop+0x45/0xa0
[  142.041277][ T6427]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.041296][ T6427] RIP: 0033:0x7f9b8098e497
[  142.041315][ T6427] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  142.041331][ T6427] RSP: 002b:00007fffed723cc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  142.041352][ T6427] RAX: 0000000000000000 RBX: 00007f9b80a0e08c RCX: 00007f9b8098e497
[  142.041365][ T6427] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffed723d80
[  142.041377][ T6427] RBP: 00007fffed723d80 R08: 0000000000000000 R09: 0000000000000000
[  142.041389][ T6427] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffed724e10
[  142.041402][ T6427] R13: 00007f9b80a0e08c R14: 0000000000022a6d R15: 00007fffed724e50
[  142.041437][ T6427]  </TASK>
[  142.041446][ T6427] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  142.180783][ T7181] XFS (loop2): Starting recovery (logdev: internal)
[  142.436750][ T5853] (syz-executor,5853,0):ocfs2_inode_is_valid_to_delete:886 ERROR: Skipping delete of system file 72
[  142.499754][ T5853] ocfs2: Unmounting device (7,3) on (node local)
[  142.518260][ T7181] XFS (loop2): Ending recovery (logdev: internal)
[  142.666919][ T7181] XFS (loop2): User initiated shutdown received.
[  142.678999][ T7181] XFS (loop2): Log I/O Error (0x6) detected at xfs_fs_goingdown+0xe2/0x160 (fs/xfs/xfs_fsops.c:476).  Shutting down filesystem.
[  142.753757][ T7181] XFS (loop2): Please unmount the filesystem and rectify the problem(s)
[  142.861034][ T5847] XFS (loop2): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  143.031989][ T7198] loop1: detected capacity change from 0 to 32768
[  143.049065][ T7209] loop5: detected capacity change from 0 to 512
[  143.084898][ T7209] EXT4-fs: inline encryption not supported
[  143.126928][ T7209] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  143.142531][   T10] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  143.142643][ T7209] ext4 filesystem being mounted at /45/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  143.347511][   T10] usb 7-1: config 0 has an invalid interface number: 117 but max is 0
[  143.363668][   T10] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  143.383389][   T10] usb 7-1: config 0 has no interface number 0
[  143.395260][   T10] usb 7-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  143.402759][ T6427] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  143.409027][   T10] usb 7-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  143.435986][   T10] usb 7-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[  143.453419][   T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.464315][   T10] usb 7-1: Product: syz
[  143.468607][   T10] usb 7-1: Manufacturer: syz
[  143.474792][   T10] usb 7-1: SerialNumber: syz
[  143.482888][   T10] usb 7-1: config 0 descriptor??
[  143.540471][ T7208] loop3: detected capacity change from 0 to 32768
[  143.548786][ T7208] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.442 (7208)
[  143.565329][ T7208] BTRFS info (device loop3): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  143.579849][ T7208] BTRFS info (device loop3): using crc32c (crc32c-x86_64) checksum algorithm
[  143.589498][ T7208] BTRFS info (device loop3): using free-space-tree
[  143.748184][ T7208] BTRFS error (device loop3): balance: invalid convert system profile raid6
[  143.847848][ T5853] BTRFS info (device loop3): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  144.156263][ T5927] usb 7-1: USB disconnect, device number 4
[  144.317316][ T7253] loop5: detected capacity change from 0 to 2048
[  144.345552][ T7253] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  144.498862][ T7260] netlink: 8 bytes leftover after parsing attributes in process `syz.1.460'.
[  144.530111][ T7260] netlink: 8 bytes leftover after parsing attributes in process `syz.1.460'.
[  144.802967][ T7275] loop2: detected capacity change from 0 to 256
[  144.822380][ T7275] exFAT-fs (loop2): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x009ea0b8, utbl_chksum : 0x7319d30d)
[  144.847627][ T7277] loop3: detected capacity change from 0 to 512
[  144.862006][ T7277] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  144.872566][ T7277] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[  144.875937][ T5982] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  144.906089][ T7277] EXT4-fs (loop3): warning: checktime reached, running e2fsck is recommended
[  144.922097][ T7277] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002]
[  144.935034][ T7277] System zones: 0-2, 18-18, 34-34
[  144.943781][ T7277] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1132: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  144.949055][ T7275] exFAT-fs (loop2): error, invalid access to FAT free cluster (entry 0x00000007)
[  144.975305][ T7277] EXT4-fs (loop3): 1 truncate cleaned up
[  144.983104][ T7277] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  144.985949][ T7275] exFAT-fs (loop2): Filesystem has been set read-only
[  145.019683][ T7281] syzkaller1: entered promiscuous mode
[  145.034488][ T7281] syzkaller1: entered allmulticast mode
[  145.072180][ T5982] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  145.103628][ T5982] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  145.126895][ T7277] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  145.140635][ T5982] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  145.171252][ T5982] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  145.189612][ T7283] loop2: detected capacity change from 0 to 1024
[  145.194233][ T5982] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  145.235786][ T5982] usb 2-1: config 0 descriptor??
[  145.244435][ T7285] loop3: detected capacity change from 0 to 256
[  145.261101][ T7283] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  145.293158][ T7283] ext4 filesystem being mounted at /109/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  145.427867][ T7292] capability: warning: `syz.3.473' uses 32-bit capabilities (legacy support in use)
[  145.456272][ T5847] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  145.512871][ T7294] loop3: detected capacity change from 0 to 1024
[  145.521282][ T7294] EXT4-fs: Ignoring removed nobh option
[  145.536924][ T7294] EXT4-fs: Ignoring removed bh option
[  145.581830][ T7294] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  145.656945][ T5982] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  145.706976][ T5982] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving
[  145.789850][ T5982] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  145.938701][ T7308] syz_tun: entered promiscuous mode
[  145.950466][ T7308] syz_tun: left promiscuous mode
[  145.968655][ T5853] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  146.360814][ T7302] loop2: detected capacity change from 0 to 32768
[  146.453106][ T7302] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  146.532124][ T7302] XFS (loop2): Ending clean mount
[  146.642859][ T7336] loop6: detected capacity change from 0 to 512
[  146.662670][ T7336] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  146.693830][ T7336] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  146.718283][ T5847] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  146.803696][ T7336] EXT4-fs (loop6): 1 truncate cleaned up
[  146.866059][ T7336] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  146.906804][ T7312] raw_sendmsg: syz.3.480 forgot to set AF_INET. Fix it!
[  147.159731][ T7345] netlink: 12 bytes leftover after parsing attributes in process `syz.5.491'.
[  147.187340][ T6503] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  147.724923][   T10] usb 2-1: USB disconnect, device number 5
[  147.919406][ T7369] smb3: Unknown parameter 'acl���!ῂe����L	�1�bwV���M_w��9����'
[  148.057700][ T7351] loop6: detected capacity change from 0 to 32768
[  148.064304][ T5982] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  148.111127][ T7351] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  148.124503][ T5897] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  148.246765][ T5982] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  148.266600][ T5982] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2
[  148.302572][ T5982] usb 6-1: config 1 has no interface number 0
[  148.313725][ T5897] usb 3-1: Using ep0 maxpacket: 32
[  148.320576][ T5897] usb 3-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  148.330187][ T5982] usb 6-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  148.349834][ T5897] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  148.365673][ T6503] ocfs2: Unmounting device (7,6) on (node local)
[  148.375034][ T5982] usb 6-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  148.389262][ T5897] usb 3-1: config 0 descriptor??
[  148.416983][ T5982] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  148.427326][ T5982] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  148.438054][ T7361] loop3: detected capacity change from 0 to 32768
[  148.438543][ T5897] gspca_main: nw80x-2.14.0 probing 055f:d001
[  148.461084][ T5982] usb 6-1: Product: syz
[  148.471210][ T5982] usb 6-1: Manufacturer: syz
[  148.481639][ T5982] usb 6-1: SerialNumber: syz
[  148.535815][ T7361] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  148.725272][ T7361] XFS (loop3): Ending clean mount
[  148.775540][ T7361] XFS (loop3): Quotacheck needed: Please wait.
[  148.862197][ T7361] XFS (loop3): Quotacheck: Done.
[  149.436265][ T5897] gspca_nw80x: reg_w err -71
[  149.441372][ T5897] nw80x 3-1:0.0: probe with driver nw80x failed with error -71
[  149.461007][ T5897] usb 3-1: USB disconnect, device number 5
[  149.517406][ T5982] cdc_ncm 6-1:1.1: bind() failure
[  149.527351][ T5982] usb 6-1: USB disconnect, device number 3
[  149.603903][ T5853] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  149.848333][ T7406] loop6: detected capacity change from 0 to 8192
[  149.908115][ T7408] batadv0: entered promiscuous mode
[  149.914728][ T7407] batadv0: left promiscuous mode
[  149.963587][ T5897] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  150.102886][ T7413] TCP: tcp_parse_options: Illegal window scaling value 112 > 14 received
[  150.159420][ T5897] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  150.183282][ T5897] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  150.216790][ T5897] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  150.252411][ T5897] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  150.272835][ T5897] usb 2-1: config 0 descriptor??
[  150.290209][ T5897] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  150.863725][   T10] usb 4-1: new full-speed USB device number 5 using dummy_hcd
[  150.875334][ T5844] usb 2-1: USB disconnect, device number 6
[  150.890528][ T7418] loop5: detected capacity change from 0 to 32768
[  151.038055][   T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  151.061339][   T10] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  151.061582][ T7432] ea_get: invalid extended attribute
[  151.078412][ T7432] ffff888079149ed8: 04 00 00 00                                      ....
[  151.131630][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[  151.169781][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  151.190070][   T10] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  151.221757][   T10] usb 4-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  151.237930][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  151.251215][   T10] usb 4-1: Product: syz
[  151.263562][   T10] usb 4-1: Manufacturer: syz
[  151.272554][   T10] usb 4-1: SerialNumber: syz
[  151.288447][   T10] usb 4-1: config 0 descriptor??
[  151.295179][ T7435] loop5: detected capacity change from 0 to 2048
[  151.331146][ T7435] UDF-fs: error (device loop5): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  151.380464][ T7435] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  151.521427][   T10] radio-si470x 4-1:0.0: DeviceID=0x0000 ChipID=0x0000
[  151.538529][   T10] radio-si470x 4-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[  151.728026][   T10] radio-si470x 4-1:0.0: software version 0, hardware version 0
[  151.746052][   T10] radio-si470x 4-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0.
[  151.773671][   T10] radio-si470x 4-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org
[  151.926021][   T10] radio-si470x 4-1:0.0: submitting int urb failed (-90)
[  152.157163][ T7441] loop6: detected capacity change from 0 to 32768
[  152.167535][ T7441] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.528 (7441)
[  152.227586][ T7441] BTRFS info (device loop6): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  152.246231][ T7441] BTRFS info (device loop6): using sha256 (sha256-avx2) checksum algorithm
[  152.270449][ T7441] BTRFS info (device loop6): using free-space-tree
[  152.326873][ T7446] loop2: detected capacity change from 0 to 32768
[  152.340257][   T10] radio-si470x 4-1:0.0: si470x_set_report: usb_control_msg returned -71
[  152.359391][   T10] radio-si470x 4-1:0.0: probe with driver radio-si470x failed with error -22
[  152.387526][   T10] usb 4-1: USB disconnect, device number 5
[  152.434939][ T7446] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  152.504398][ T7441] BTRFS info (device loop6): rebuilding free space tree
[  152.647856][ T7457] loop1: detected capacity change from 0 to 32768
[  152.657224][ T7446] XFS (loop2): Ending clean mount
[  152.675422][ T7446] XFS (loop2): Quotacheck needed: Please wait.
[  152.699204][ T7457] ERROR: (device loop1): xtTruncate: XT_GETPAGE: xtree page corrupt
[  152.699204][ T7457] 
[  152.747536][ T7446] XFS (loop2): Quotacheck: Done.
[  152.760877][ T7457] ERROR: (device loop1): remounting filesystem as read-only
[  152.785929][ T6503] BTRFS info (device loop6): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  152.968365][ T5847] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  153.066167][ T7459] loop5: detected capacity change from 0 to 32768
[  153.144285][ T7459] XFS (loop5): DAX unsupported by block device. Turning off DAX.
[  153.183804][ T7459] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  153.256110][   T59] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  153.331046][ T7499] netlink: 12 bytes leftover after parsing attributes in process `syz.1.538'.
[  153.340614][ T7499] tipc: Started in network mode
[  153.353244][ T7499] tipc: Node identity @emory.en, cluster identity 8
[  153.360201][ T7459] XFS (loop5): Ending clean mount
[  153.397739][ T7459] XFS (loop5): Quotacheck needed: Please wait.
[  153.446265][   T59] usb 4-1: config 0 interface 0 has no altsetting 0
[  153.452953][   T59] usb 4-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  153.482101][   T59] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  153.498699][ T7459] XFS (loop5): Quotacheck: Done.
[  153.541576][ T7506] netlink: 236 bytes leftover after parsing attributes in process `syz.1.544'.
[  153.546230][   T59] usb 4-1: config 0 descriptor??
[  153.677287][ T6427] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  153.788199][ T5844] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  153.953846][ T5844] usb 3-1: Using ep0 maxpacket: 16
[  153.969012][ T5844] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  153.994175][ T5844] usb 3-1: config 0 interface 0 has no altsetting 0
[  154.000997][ T5844] usb 3-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00
[  154.013604][ T5844] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  154.026260][ T5844] usb 3-1: config 0 descriptor??
[  154.461803][ T5854] block nbd1: Receive control failed (result -32)
[  154.472286][ T7509] block nbd1: shutting down sockets
[  154.475763][ T5844] hid (null): unknown global tag 0x14
[  154.483257][ T5844] hid (null): unknown global tag 0xe
[  154.506148][ T5844] cougar 0003:060B:500A.0005: usage count exceeds max: fixing up report descriptor
[  154.522322][ T5844] cougar 0003:060B:500A.0005: unexpected long global item
[  154.535374][ T5844] cougar 0003:060B:500A.0005: parse failed
[  154.541396][ T5844] cougar 0003:060B:500A.0005: probe with driver cougar failed with error -22
[  154.594299][   T59] video4linux radio48: keene_cmd_set failed (-71)
[  154.601512][   T59] radio-keene 4-1:0.0: V4L2 device registered as radio48
[  154.621063][   T59] usb 4-1: USB disconnect, device number 6
[  154.683447][ T5844] usb 3-1: USB disconnect, device number 6
[  155.307600][ T7530] loop5: detected capacity change from 0 to 40427
[  155.365347][ T7530] F2FS-fs (loop5): build fault injection attr: rate: 690, type: 0x3fffff
[  155.393622][ T7530] F2FS-fs (loop5): Image doesn't support compression
[  155.422313][ T7530] F2FS-fs (loop5): Image doesn't support compression
[  155.474154][ T7530] F2FS-fs (loop5): invalid crc value
[  155.662985][ T7555] netlink: 'syz.2.565': attribute type 3 has an invalid length.
[  155.703788][ T7555] netlink: 8 bytes leftover after parsing attributes in process `syz.2.565'.
[  155.743369][ T7530] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  155.792974][ T7530] syz.5.555: attempt to access beyond end of device
[  155.792974][ T7530] loop5: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  155.810931][ T7530] F2FS-fs (loop5): inject no more block in inc_valid_block_count of f2fs_reserve_new_blocks+0x197/0xcc0
[  155.874084][ T6427] syz-executor: attempt to access beyond end of device
[  155.874084][ T6427] loop5: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  155.915994][ T6427] CPU: 1 UID: 0 PID: 6427 Comm: syz-executor Not tainted 6.14.0-next-20250328-syzkaller #0 PREEMPT(full) 
[  155.916022][ T6427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  155.916034][ T6427] Call Trace:
[  155.916043][ T6427]  <TASK>
[  155.916051][ T6427]  dump_stack_lvl+0x241/0x360
[  155.916086][ T6427]  ? __pfx_dump_stack_lvl+0x10/0x10
[  155.916133][ T6427]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  155.916158][ T6427]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  155.916185][ T6427]  ? f2fs_hw_is_readonly+0x3a3/0x470
[  155.916221][ T6427]  f2fs_handle_critical_error+0x392/0x5a0
[  155.916272][ T6427]  f2fs_write_end_io+0x563/0x790
[  155.916299][ T6427]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  155.916323][ T6427]  ? bio_endio+0x7e4/0x890
[  155.916353][ T6427]  ? bio_endio+0x82a/0x890
[  155.916383][ T6427]  __submit_merged_bio+0x2a9/0x710
[  155.916406][ T6427]  ? f2fs_submit_merged_write_cond+0x101/0x380
[  155.916440][ T6427]  f2fs_submit_merged_write_cond+0x29f/0x380
[  155.916480][ T6427]  f2fs_write_data_pages+0x2f99/0x38d0
[  155.916556][ T6427]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  155.916585][ T6427]  ? 0xffffffffa00038c0
[  155.916618][ T6427]  ? __kernel_text_address+0xd/0x40
[  155.916685][ T6427]  ? __mod_memcg_lruvec_state+0x301/0x4f0
[  155.916720][ T6427]  ? __pfx___mod_memcg_lruvec_state+0x10/0x10
[  155.916782][ T6427]  ? __mod_zone_page_state+0xda/0x150
[  155.916817][ T6427]  ? folios_put_refs+0x711/0x800
[  155.916855][ T6427]  ? lockdep_hardirqs_on+0x9d/0x150
[  155.916880][ T6427]  ? __pfx_folios_put_refs+0x10/0x10
[  155.916904][ T6427]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  155.916925][ T6427]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  155.916957][ T6427]  do_writepages+0x364/0x890
[  155.916987][ T6427]  ? __pfx_do_writepages+0x10/0x10
[  155.917005][ T6427]  ? __lock_acquire+0xad5/0xd80
[  155.917032][ T6427]  ? do_raw_spin_lock+0x151/0x370
[  155.917074][ T6427]  ? do_raw_spin_unlock+0x13c/0x8b0
[  155.917111][ T6427]  filemap_fdatawrite+0x1f2/0x2a0
[  155.917136][ T6427]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  155.917154][ T6427]  ? mlock_drain_local+0x79/0x490
[  155.917229][ T6427]  ? do_raw_spin_unlock+0x13c/0x8b0
[  155.917267][ T6427]  f2fs_sync_dirty_inodes+0x34f/0x860
[  155.917306][ T6427]  f2fs_write_checkpoint+0x857/0x1da0
[  155.917350][ T6427]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  155.917430][ T6427]  ? kill_f2fs_super+0x290/0x6d0
[  155.917456][ T6427]  kill_f2fs_super+0x2b8/0x6d0
[  155.917483][ T6427]  ? __pfx_kill_f2fs_super+0x10/0x10
[  155.917513][ T6427]  ? shrinker_free+0x2ca/0x3d0
[  155.917541][ T6427]  deactivate_locked_super+0xc4/0x130
[  155.917566][ T6427]  cleanup_mnt+0x422/0x4c0
[  155.917587][ T6427]  ? lockdep_hardirqs_on+0x9d/0x150
[  155.917615][ T6427]  task_work_run+0x251/0x310
[  155.917652][ T6427]  ? __pfx_task_work_run+0x10/0x10
[  155.917686][ T6427]  ? syscall_exit_to_user_mode+0xa3/0x340
[  155.917714][ T6427]  syscall_exit_to_user_mode+0x13f/0x340
[  155.917749][ T6427]  do_syscall_64+0x100/0x230
[  155.917775][ T6427]  ? clear_bhb_loop+0x45/0xa0
[  155.917799][ T6427]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.917817][ T6427] RIP: 0033:0x7f9b8098e497
[  155.917833][ T6427] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  155.917848][ T6427] RSP: 002b:00007fffed723cc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  155.917869][ T6427] RAX: 0000000000000000 RBX: 00007f9b80a0e08c RCX: 00007f9b8098e497
[  155.917882][ T6427] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffed723d80
[  155.917895][ T6427] RBP: 00007fffed723d80 R08: 0000000000000000 R09: 0000000000000000
[  155.917904][ T6427] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffed724e10
[  155.917912][ T6427] R13: 00007f9b80a0e08c R14: 0000000000026098 R15: 00007fffed724e50
[  155.917937][ T6427]  </TASK>
[  155.917943][ T6427] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  156.433575][   T59] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  156.434536][ T5897] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  156.508323][ T7577] loop2: detected capacity change from 0 to 256
[  156.522837][ T7577] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  156.544173][ T7577] exFAT-fs (loop2): Medium has reported failures. Some data may be lost.
[  156.567361][ T7577] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  156.590945][   T59] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  156.612218][   T59] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  156.613665][ T5897] usb 7-1: Using ep0 maxpacket: 8
[  156.643963][   T59] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  156.664429][ T5897] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  156.678032][ T5897] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  156.690679][ T5897] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  156.693871][   T59] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  156.708530][ T5897] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  156.720957][ T5897] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  156.741703][ T5897] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  156.751352][ T5897] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  156.753573][   T59] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  156.804571][   T59] usb 2-1: config 0 descriptor??
[  156.871599][ T7579] loop2: detected capacity change from 0 to 2048
[  156.899768][ T7581] loop5: detected capacity change from 0 to 512
[  156.926923][ T7579]  loop2: p1 < > p4
[  156.933250][ T7579] loop2: p4 size 8388608 extends beyond EOD, truncated
[  156.953075][ T7581] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  156.966074][ T7581] ext4 filesystem being mounted at /77/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  157.007802][ T7572] loop3: detected capacity change from 0 to 32768
[  157.013461][ T5897] usb 7-1: GET_CAPABILITIES returned 0
[  157.019980][ T5897] usbtmc 7-1:16.0: can't read capabilities
[  157.065997][ T7572] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  157.151359][ T6427] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  157.210613][ T7572] XFS (loop3): Ending clean mount
[  157.234361][   T59] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  157.242942][   T59] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving
[  157.244800][   T10] usb 7-1: USB disconnect, device number 5
[  157.257959][   T59] plantronics 0003:047F:FFFF.0006: hiddev1,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  157.284262][ T7572] XFS (loop3): Quotacheck needed: Please wait.
[  157.339340][ T7572] XFS (loop3): Quotacheck: Done.
[  157.447189][ T5853] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  157.469234][   T10] usb 2-1: USB disconnect, device number 7
[  157.475112][ T5844] kernel write not supported for file /bluetooth/6lowpan_control (pid: 5844 comm: kworker/1:3)
[  157.557014][ T5897] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  157.729182][ T5897] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  157.749179][ T5897] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  157.779012][ T5897] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  157.801941][ T5897] usb 6-1: config 0 descriptor??
[  157.821664][ T5897] pwc: Askey VC010 type 2 USB webcam detected.
[  157.969798][ T7610] netlink: 4 bytes leftover after parsing attributes in process `syz.3.586'.
[  158.187684][ T7602] loop2: detected capacity change from 0 to 40427
[  158.206426][ T7602] F2FS-fs (loop2): build fault injection attr: rate: 771, type: 0x3fffff
[  158.241756][ T7602] F2FS-fs (loop2): invalid crc value
[  158.431604][ T5897] pwc: recv_control_msg error -32 req 02 val 2700
[  158.441740][ T5897] pwc: recv_control_msg error -32 req 02 val 2c00
[  158.463647][ T5897] pwc: recv_control_msg error -71 req 04 val 1000
[  158.473096][ T7602] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  158.484917][ T5897] pwc: recv_control_msg error -71 req 04 val 1300
[  158.519960][ T5897] pwc: recv_control_msg error -71 req 04 val 1400
[  158.536110][ T5897] pwc: recv_control_msg error -71 req 02 val 2000
[  158.556170][ T7602] syz.2.583: attempt to access beyond end of device
[  158.556170][ T7602] loop2: rw=2049, sector=77824, nr_sectors = 136 limit=40427
[  158.571878][ T5897] pwc: recv_control_msg error -71 req 02 val 2100
[  158.581586][ T5897] pwc: recv_control_msg error -71 req 04 val 1500
[  158.594685][ T5897] pwc: recv_control_msg error -71 req 02 val 2500
[  158.601952][ T5897] pwc: recv_control_msg error -71 req 02 val 2400
[  158.611030][ T5897] pwc: recv_control_msg error -71 req 02 val 2600
[  158.620914][ T7628] loop6: detected capacity change from 0 to 512
[  158.634158][ T5897] pwc: recv_control_msg error -71 req 02 val 2900
[  158.653124][ T5897] pwc: recv_control_msg error -71 req 02 val 2800
[  158.663808][ T5897] pwc: recv_control_msg error -71 req 04 val 1100
[  158.672865][ T5847] syz-executor: attempt to access beyond end of device
[  158.672865][ T5847] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  158.687769][ T7612] loop1: detected capacity change from 0 to 32768
[  158.691088][ T5897] pwc: recv_control_msg error -71 req 04 val 1200
[  158.695720][ T5847] CPU: 1 UID: 0 PID: 5847 Comm: syz-executor Not tainted 6.14.0-next-20250328-syzkaller #0 PREEMPT(full) 
[  158.695748][ T5847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  158.695770][ T5847] Call Trace:
[  158.695778][ T5847]  <TASK>
[  158.695787][ T5847]  dump_stack_lvl+0x241/0x360
[  158.695826][ T5847]  ? __pfx_dump_stack_lvl+0x10/0x10
[  158.695855][ T5847]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  158.695881][ T5847]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  158.695926][ T5847]  ? f2fs_hw_is_readonly+0x3a3/0x470
[  158.695964][ T5847]  f2fs_handle_critical_error+0x392/0x5a0
[  158.696005][ T5847]  f2fs_write_end_io+0x563/0x790
[  158.696034][ T5847]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  158.696059][ T5847]  ? bio_endio+0x7e4/0x890
[  158.696093][ T5847]  ? bio_endio+0x82a/0x890
[  158.696125][ T5847]  __submit_merged_bio+0x2a9/0x710
[  158.696152][ T5847]  ? f2fs_submit_merged_write_cond+0x101/0x380
[  158.696189][ T5847]  f2fs_submit_merged_write_cond+0x29f/0x380
[  158.696232][ T5847]  f2fs_write_data_pages+0x2f99/0x38d0
[  158.696308][ T5847]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  158.696392][ T5847]  ? __mod_memcg_lruvec_state+0x301/0x4f0
[  158.696431][ T5847]  ? __pfx___mod_memcg_lruvec_state+0x10/0x10
[  158.696485][ T5847]  ? __mod_zone_page_state+0xda/0x150
[  158.696524][ T5847]  ? folios_put_refs+0x711/0x800
[  158.696563][ T5847]  ? lockdep_hardirqs_on+0x9d/0x150
[  158.696592][ T5847]  ? __pfx_folios_put_refs+0x10/0x10
[  158.696619][ T5847]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  158.696644][ T5847]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  158.696680][ T5847]  do_writepages+0x364/0x890
[  158.696711][ T5847]  ? __pfx_do_writepages+0x10/0x10
[  158.696731][ T5847]  ? __lock_acquire+0xad5/0xd80
[  158.696765][ T5847]  ? do_raw_spin_lock+0x151/0x370
[  158.696809][ T5847]  ? do_raw_spin_unlock+0x13c/0x8b0
[  158.696850][ T5847]  filemap_fdatawrite+0x1f2/0x2a0
[  158.696878][ T5847]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  158.696898][ T5847]  ? mlock_drain_local+0x79/0x490
[  158.696970][ T5847]  ? do_raw_spin_unlock+0x13c/0x8b0
[  158.697009][ T5847]  f2fs_sync_dirty_inodes+0x34f/0x860
[  158.697049][ T5847]  f2fs_write_checkpoint+0x857/0x1da0
[  158.697096][ T5847]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  158.697168][ T5847]  ? kfree+0x198/0x430
[  158.697194][ T5847]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  158.697218][ T5847]  ? kill_f2fs_super+0x290/0x6d0
[  158.697247][ T5847]  kill_f2fs_super+0x2b8/0x6d0
[  158.697276][ T5847]  ? __pfx_kill_f2fs_super+0x10/0x10
[  158.697307][ T5847]  ? shrinker_free+0x2ca/0x3d0
[  158.697339][ T5847]  deactivate_locked_super+0xc4/0x130
[  158.697365][ T5847]  cleanup_mnt+0x422/0x4c0
[  158.697389][ T5847]  ? lockdep_hardirqs_on+0x9d/0x150
[  158.697442][ T5847]  task_work_run+0x251/0x310
[  158.697489][ T5847]  ? __pfx_task_work_run+0x10/0x10
[  158.697527][ T5847]  ? syscall_exit_to_user_mode+0xa3/0x340
[  158.697553][ T5847]  syscall_exit_to_user_mode+0x13f/0x340
[  158.697583][ T5847]  do_syscall_64+0x100/0x230
[  158.697630][ T5847]  ? clear_bhb_loop+0x45/0xa0
[  158.697658][ T5847]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.697683][ T5847] RIP: 0033:0x7f064d78e497
[  158.697704][ T5847] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  158.697730][ T5847] RSP: 002b:00007ffe7bdbda98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  158.697769][ T5847] RAX: 0000000000000000 RBX: 00007f064d80e08c RCX: 00007f064d78e497
[  158.697785][ T5847] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe7bdbdb50
[  158.697799][ T5847] RBP: 00007ffe7bdbdb50 R08: 0000000000000000 R09: 0000000000000000
[  158.697813][ T5847] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe7bdbebe0
[  158.697828][ T5847] R13: 00007f064d80e08c R14: 0000000000026b82 R15: 00007ffe7bdbec20
[  158.697863][ T5847]  </TASK>
[  158.697874][ T5847] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  158.715604][ T5897] pwc: Registered as video103.
[  158.839208][ T7628] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  158.940413][ T5897] input: PWC snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/input/input8
[  158.946506][ T7628] ext4 filesystem being mounted at /65/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  158.960728][ T5897] usb 6-1: USB disconnect, device number 4
[  158.975738][ T7612] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  159.134630][ T7628] overlayfs: invalid origin (000000790000000000000000000000000000000000000000000000000000000000000000000000000000000000000000)
[  159.186078][ T5854] block nbd3: Receive control failed (result -32)
[  159.206308][ T7624] block nbd3: shutting down sockets
[  159.324766][ T7639] loop3: detected capacity change from 0 to 1024
[  159.333087][ T7639] EXT4-fs: Ignoring removed nobh option
[  159.365951][ T7639] EXT4-fs: Ignoring removed bh option
[  159.378799][ T6503] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  159.419403][ T7639] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  159.440687][ T5843] ocfs2: Unmounting device (7,1) on (node local)
[  159.534389][ T7643] loop2: detected capacity change from 0 to 512
[  159.608745][ T7639] EXT4-fs error (device loop3): ext4_xattr_set_entry:1660: inode #15: comm syz.3.597: corrupted xattr entries
[  159.615310][ T7643] EXT4-fs (loop2): 1 orphan inode deleted
[  159.629830][ T1088] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  159.638413][ T7643] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  159.682871][ T1088] EXT4-fs error (device loop2): ext4_release_dquot:6971: comm kworker/u8:5: Failed to release dquot type 1
[  159.687124][ T7643] ext4 filesystem being mounted at /131/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  159.702986][ T7639] EXT4-fs error (device loop3): ext4_xattr_block_set:2210: inode #15: comm syz.3.597: bad block 113
[  159.740766][ T7649] syzkaller1: entered promiscuous mode
[  159.748517][ T7649] syzkaller1: entered allmulticast mode
[  159.753718][ T7646] netlink: 72 bytes leftover after parsing attributes in process `syz.6.596'.
[  159.805227][ T5853] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  159.858132][ T5847] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.237514][ T7670] loop5: detected capacity change from 0 to 512
[  160.294090][ T7670] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  160.315652][ T7670] ext4 filesystem being mounted at /82/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  160.403619][ T5897] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  160.459942][ T7670] overlayfs: invalid origin (000000790000000000000000000000000000000000000000000000000000000000000000000000000000000000000000)
[  160.569104][ T5897] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  160.602867][ T5897] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  160.624239][ T5897] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  160.646137][ T6427] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  160.647703][ T5897] usb 2-1: config 0 descriptor??
[  160.697998][ T5897] pwc: Askey VC010 type 2 USB webcam detected.
[  160.730949][ T7667] loop2: detected capacity change from 0 to 32768
[  160.755361][ T7667] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.607 (7667)
[  160.790885][ T7667] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  160.812009][ T7667] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  160.917529][ T7667] BTRFS info (device loop2): rebuilding free space tree
[  160.927643][ T7696] netlink: 72 bytes leftover after parsing attributes in process `syz.5.614'.
[  160.962500][ T7675] loop3: detected capacity change from 0 to 32768
[  160.965223][ T7667] BTRFS info (device loop2): disabling free space tree
[  160.973162][ T7675] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.610 (7675)
[  160.983023][ T7667] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  160.999932][ T7667] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  161.045753][ T7675] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  161.069325][ T7675] BTRFS info (device loop3): using crc32c (crc32c-x86_64) checksum algorithm
[  161.118570][ T7675] BTRFS info (device loop3): using free-space-tree
[  161.300042][ T5897] pwc: recv_control_msg error -32 req 02 val 2700
[  161.329418][ T5897] pwc: recv_control_msg error -32 req 02 val 2c00
[  161.356612][ T5897] pwc: recv_control_msg error -71 req 04 val 1000
[  161.370857][ T5897] pwc: recv_control_msg error -71 req 04 val 1300
[  161.376560][ T5847] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  161.404282][ T5897] pwc: recv_control_msg error -71 req 04 val 1400
[  161.423783][ T5897] pwc: recv_control_msg error -71 req 02 val 2000
[  161.445184][ T5897] pwc: recv_control_msg error -71 req 02 val 2100
[  161.453117][ T5897] pwc: recv_control_msg error -71 req 04 val 1500
[  161.484426][ T5897] pwc: recv_control_msg error -71 req 02 val 2500
[  161.499143][ T5897] pwc: recv_control_msg error -71 req 02 val 2400
[  161.527177][ T5897] pwc: recv_control_msg error -71 req 02 val 2600
[  161.548264][ T5897] pwc: recv_control_msg error -71 req 02 val 2900
[  161.563292][ T5897] pwc: recv_control_msg error -71 req 02 val 2800
[  161.582438][ T5897] pwc: recv_control_msg error -71 req 04 val 1100
[  161.608020][ T5897] pwc: recv_control_msg error -71 req 04 val 1200
[  161.634773][ T5897] pwc: Registered as video103.
[  161.635660][ T5853] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  161.665591][ T5897] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input9
[  161.714037][ T5897] usb 2-1: USB disconnect, device number 8
[  161.722435][ T7727] loop6: detected capacity change from 0 to 512
[  161.775675][ T7727] EXT4-fs (loop6): feature flags set on rev 0 fs, running e2fsck is recommended
[  161.828438][ T7727] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem
[  161.869719][ T7727] EXT4-fs (loop6): warning: checktime reached, running e2fsck is recommended
[  161.888649][ T7727] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002]
[  161.899896][ T7727] System zones: 0-2, 18-18, 34-34
[  161.910602][ T7727] EXT4-fs warning (device loop6): ext4_update_dynamic_rev:1132: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  161.957374][ T7727] EXT4-fs (loop6): 1 truncate cleaned up
[  161.975511][ T7727] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  162.069007][ T7733] ------------[ cut here ]------------
[  162.074974][ T7733] WARNING: CPU: 1 PID: 7733 at ./include/net/netdev_lock.h:54 dev_xdp_install+0x5e6/0x760
[  162.085267][ T7733] Modules linked in:
[  162.089220][ T7733] CPU: 1 UID: 0 PID: 7733 Comm: syz.2.619 Not tainted 6.14.0-next-20250328-syzkaller #0 PREEMPT(full) 
[  162.100376][ T7733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  162.106981][ T6503] EXT4-fs error (device loop6): ext4_readdir:264: inode #2: block 3: comm syz-executor: path /72/file1: bad entry in directory: inode out of bounds - offset=0, inode=63, rec_len=12, size=4096 fake=1
[  162.111605][ T7733] RIP: 0010:dev_xdp_install+0x5e6/0x760
[  162.137194][ T7733] Code: 06 48 3b 84 24 a0 00 00 00 0f 85 8e 01 00 00 89 d8 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 8b 63 d7 f7 90 <0f> 0b 90 e9 2d fc ff ff e8 7d 63 d7 f7 c6 05 f3 e9 5c 06 01 90 48
[  162.157183][ T7733] RSP: 0018:ffffc9000cbff980 EFLAGS: 00010283
[  162.163327][ T7733] RAX: ffffffff89ebed45 RBX: 0000000000000000 RCX: 0000000000080000
[  162.171423][ T7733] RDX: ffffc9000c72a000 RSI: 000000000000010d RDI: 000000000000010e
[  162.179487][ T7733] RBP: ffffc9000cbffa80 R08: ffffffff89ebe929 R09: 0000000000000000
[  162.187822][ T7733] R10: ffffc9000cbff9e0 R11: fffff5200197ff40 R12: ffffc9000bc09000
[  162.195854][ T7733] R13: 1ffff9200197ff38 R14: dffffc0000000000 R15: ffff88805c3bc000
[  162.210988][ T7733] FS:  00007f064e65d6c0(0000) GS:ffff8881250b9000(0000) knlGS:0000000000000000
[  162.221370][ T7733] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  162.228311][ T7733] CR2: 000000110c26bc11 CR3: 000000004cf52000 CR4: 00000000003526f0
[  162.236373][ T7733] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  162.244698][ T7733] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  162.252708][ T7733] Call Trace:
[  162.256099][ T7733]  <TASK>
[  162.259064][ T7733]  ? __pfx_nsim_bpf+0x10/0x10
[  162.263827][ T7733]  ? __pfx_dev_xdp_install+0x10/0x10
[  162.269168][ T7733]  ? __pfx_nsim_bpf+0x10/0x10
[  162.274263][ T7733]  dev_xdp_attach+0xc5d/0xfe0
[  162.279019][ T7733]  bpf_xdp_link_attach+0x3a2/0x760
[  162.284761][ T7733]  ? __pfx_bpf_xdp_link_attach+0x10/0x10
[  162.290479][ T7733]  ? __fget_files+0x39d/0x420
[  162.295929][ T7733]  ? __fget_files+0x2a/0x420
[  162.300563][ T7733]  ? attach_type_to_prog_type+0x316/0x460
[  162.306604][ T7733]  ? bpf_prog_attach_check_attach_type+0x2cb/0x4f0
[  162.313746][ T7733]  link_create+0x440/0x870
[  162.318201][ T7733]  __sys_bpf+0x5ba/0x8b0
[  162.322478][ T7733]  ? __pfx___sys_bpf+0x10/0x10
[  162.327580][ T7733]  ? __rseq_handle_notify_resume+0x3c8/0x15d0
[  162.334075][ T7733]  __x64_sys_bpf+0x7c/0x90
[  162.338544][ T7733]  do_syscall_64+0xf3/0x230
[  162.343092][ T7733]  ? clear_bhb_loop+0x45/0xa0
[  162.347869][ T7733]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.353941][ T7733] RIP: 0033:0x7f064d78d169
[  162.358394][ T7733] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  162.378718][ T7733] RSP: 002b:00007f064e65d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  162.387217][ T7733] RAX: ffffffffffffffda RBX: 00007f064d9a5fa0 RCX: 00007f064d78d169
[  162.395275][ T7733] RDX: 0000000000000010 RSI: 00002000000000c0 RDI: 000000000000001c
[  162.403284][ T7733] RBP: 00007f064d80e2a0 R08: 0000000000000000 R09: 0000000000000000
[  162.411732][ T7733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  162.420408][ T7733] R13: 0000000000000000 R14: 00007f064d9a5fa0 R15: 00007ffe7bdbe808
[  162.428760][ T7733]  </TASK>
[  162.431816][ T7733] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  162.439119][ T7733] CPU: 1 UID: 0 PID: 7733 Comm: syz.2.619 Not tainted 6.14.0-next-20250328-syzkaller #0 PREEMPT(full) 
[  162.450331][ T7733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  162.460407][ T7733] Call Trace:
[  162.463702][ T7733]  <TASK>
[  162.466636][ T7733]  dump_stack_lvl+0x241/0x360
[  162.471328][ T7733]  ? __pfx_dump_stack_lvl+0x10/0x10
[  162.476536][ T7733]  ? __pfx__printk+0x10/0x10
[  162.481145][ T7733]  ? vscnprintf+0x5d/0x90
[  162.485514][ T7733]  panic+0x349/0x880
[  162.489419][ T7733]  ? __warn+0x174/0x4d0
[  162.493604][ T7733]  ? __pfx_panic+0x10/0x10
[  162.498125][ T7733]  __warn+0x344/0x4d0
[  162.502111][ T7733]  ? dev_xdp_install+0x5e6/0x760
[  162.507053][ T7733]  report_bug+0x2b3/0x500
[  162.511385][ T7733]  ? dev_xdp_install+0x5e6/0x760
[  162.516329][ T7733]  ? dev_xdp_install+0x5e6/0x760
[  162.521288][ T7733]  ? dev_xdp_install+0x5e8/0x760
[  162.526232][ T7733]  handle_bug+0x89/0x170
[  162.530501][ T7733]  exc_invalid_op+0x1a/0x50
[  162.535014][ T7733]  asm_exc_invalid_op+0x1a/0x20
[  162.539863][ T7733] RIP: 0010:dev_xdp_install+0x5e6/0x760
[  162.545444][ T7733] Code: 06 48 3b 84 24 a0 00 00 00 0f 85 8e 01 00 00 89 d8 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 8b 63 d7 f7 90 <0f> 0b 90 e9 2d fc ff ff e8 7d 63 d7 f7 c6 05 f3 e9 5c 06 01 90 48
[  162.565051][ T7733] RSP: 0018:ffffc9000cbff980 EFLAGS: 00010283
[  162.571145][ T7733] RAX: ffffffff89ebed45 RBX: 0000000000000000 RCX: 0000000000080000
[  162.579117][ T7733] RDX: ffffc9000c72a000 RSI: 000000000000010d RDI: 000000000000010e
[  162.587087][ T7733] RBP: ffffc9000cbffa80 R08: ffffffff89ebe929 R09: 0000000000000000
[  162.595061][ T7733] R10: ffffc9000cbff9e0 R11: fffff5200197ff40 R12: ffffc9000bc09000
[  162.603033][ T7733] R13: 1ffff9200197ff38 R14: dffffc0000000000 R15: ffff88805c3bc000
[  162.611016][ T7733]  ? dev_xdp_install+0x1c9/0x760
[  162.615960][ T7733]  ? dev_xdp_install+0x5e5/0x760
[  162.621004][ T7733]  ? __pfx_nsim_bpf+0x10/0x10
[  162.625692][ T7733]  ? __pfx_dev_xdp_install+0x10/0x10
[  162.630991][ T7733]  ? __pfx_nsim_bpf+0x10/0x10
[  162.635682][ T7733]  dev_xdp_attach+0xc5d/0xfe0
[  162.640377][ T7733]  bpf_xdp_link_attach+0x3a2/0x760
[  162.645594][ T7733]  ? __pfx_bpf_xdp_link_attach+0x10/0x10
[  162.651280][ T7733]  ? __fget_files+0x39d/0x420
[  162.655971][ T7733]  ? __fget_files+0x2a/0x420
[  162.660567][ T7733]  ? attach_type_to_prog_type+0x316/0x460
[  162.666317][ T7733]  ? bpf_prog_attach_check_attach_type+0x2cb/0x4f0
[  162.672846][ T7733]  link_create+0x440/0x870
[  162.677287][ T7733]  __sys_bpf+0x5ba/0x8b0
[  162.681552][ T7733]  ? __pfx___sys_bpf+0x10/0x10
[  162.686319][ T7733]  ? __rseq_handle_notify_resume+0x3c8/0x15d0
[  162.692428][ T7733]  __x64_sys_bpf+0x7c/0x90
[  162.696867][ T7733]  do_syscall_64+0xf3/0x230
[  162.701380][ T7733]  ? clear_bhb_loop+0x45/0xa0
[  162.706063][ T7733]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.711961][ T7733] RIP: 0033:0x7f064d78d169
[  162.716375][ T7733] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  162.735989][ T7733] RSP: 002b:00007f064e65d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  162.744409][ T7733] RAX: ffffffffffffffda RBX: 00007f064d9a5fa0 RCX: 00007f064d78d169
[  162.752387][ T7733] RDX: 0000000000000010 RSI: 00002000000000c0 RDI: 000000000000001c
[  162.760361][ T7733] RBP: 00007f064d80e2a0 R08: 0000000000000000 R09: 0000000000000000
[  162.768339][ T7733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  162.776309][ T7733] R13: 0000000000000000 R14: 00007f064d9a5fa0 R15: 00007ffe7bdbe808
[  162.784307][ T7733]  </TASK>
[  162.787666][ T7733] Kernel Offset: disabled
[  162.791992][ T7733] Rebooting in 86400 seconds..