last executing test programs:

1m40.235677649s ago: executing program 2 (id=3):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f0000000640)={[{@utf8}, {@umask={'umask', 0x3d, 0x5}}, {@namecase}, {}, {@fmask={'fmask', 0x3d, 0xab}}, {@discard}, {@fmask={'fmask', 0x3d, 0x6}}, {@utf8}, {@allow_utime={'allow_utime', 0x3d, 0x1011e7be}}, {@allow_utime={'allow_utime', 0x3d, 0xce38}}]}, 0x1, 0x1528, &(0x7f00000037c0)="$eJzs3AuYT9X6OPD3XWvtMSS+TXIZ1lrv5ptclkmSXJLkkiRJkuSWkDTJkYTEEJI0JCG5DEkMIblMTBr3+/2SkCRNkoTklqz/M+FxOnX+p/M7/XKe37yf59mP9X73ftd+9/f9XvbeZubbrkNrNaldvRERwX8EL/yTBACxADAQAPICQAAA5ePKx2Wtzykx6T/bCftzPZh6pStgVxL3P3vj/mdv3P/sjfufvXH/szfuf/bG/c/euP+MZWebphW6hpfsu/D9/+yMv///D8ksM/bLNWWu6wYQ80dTuP/ZG/f//6zgj2zE/c/euP/ZVeyVLoD9F+D3f3aQ45+u4f5nb9x/xrKzK33/+UovEPkvew6O5LzQmL/q+BljjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMsb/AaX+ZAoBL4ytdF2OMMcYYY4wxxv48PseVroAxxhhjjDHGGGP/+xAESFAQQAzkgFjICblAAMDVkAfyQgSugTi4FvLBdZAfCkBBKATxUBiKgAYDFghCKArFIArXQ3G4AUpASSgFpcFBGUiAG6Es3ATl4GYoD7dABbgVKkIlqAxV4DaoCrdDNbgDqsOdUANqQi2oDXdBHbgb6sI9UA/uhfpwHzSA+6EhPACN4EFoDA9BE3gYmsIj0AyaQwtoCa3+R/nPQ094AXpBb0iCPtAXXoR+0B8GwEswEF6GQfAKDIZXIRmGwFB4DYbB6zAc3oARMBJGwZswGt6CMTAWxsF4SIEJMBHehknwDkyGd2EKTIVUmAbT4T2YATNhFrwPs+EDmANzYR7MhzT4EBbAQkiHj2ARfAwZsBiWwFJYBsthBayEVbAa1sBaWAfrYQNshE2wGbbAVtgG22EHfAI74VPYBbthD3wGe+HzfzP/1D/kd0NAQIECFSqMwRiMxVjMhbkwN+bGPJgHIxjBOIzDfJgP82N+LIgFMR7jsQgWQYMGCQmLYlGMYhSLY3EsgSWwFJZChw4TMAHL4k1YDstheSyPFbACVsRKWAmrYBWsilWxGlbD6lgda2ANrIW18C68C/tgXayL9bAe1sf6l25PYSNshI2xMTbBJtgUm2IzbIYtsAW2wlbYGltjG2yD7bAdtsf22AE7YCImYkfsiJ2wE3bGztgFu2BX7IrdsDt2z3w+B+AL+AL2xhqiD/bFvtgPk3MMwJfwJXwZB+Er+Aq+isk4BIfia/gavo7D8SSOwJE4CkdhVfEWjsGxSGI8pmAKTsSJOAknYVah7+JUTMVpOB2n4wyciTPxfZyNH+AHOBfn4nxMwzRcgAsxHdNxEZ7CDFyMS3ApLsPluAxX4ipciWtwLa7B9bgeN+JG3IybcStuxe24HT9BBYCf4m7cjcm4F/fiPtyH+3E/HsADmImZeBAP4iE8hIfxMB7BI3gUj+FxPIYn8ASexFN4Gk/jWTyL5/DZ+K8bf1JydTKILEooESNiRKyIFblELpFb5BZ5RB4RERERJ+JEPpFP5Bf5RUFRUMSLeFFEFBFGGEEijAEAERVRUVwUFyVECVFKlBJOOJEgEkRZUVaUE+VEeXGLqCBuFRVFJdHWVRFVRFXRzlUTd4jqorqoIWqKWqK2qC3qiDqirqgr6ol6or6oLxqI+0VD0QcH4IMiqzNNxBBsKoZiM9FcyIufYK3FcGwj2op24nExEkdgB9HaJYqnREcxBjuJv4mx+IzoIsZjV/Gc6Ca6ix7iedFTtHG9RG8xGfuIvmIq9hP9xQDxkpiBNcX7ODtnLfGqSBZDxFDxmpiPr4vh4g0xQowUo8SbYrR4S4wRY8U4MV6kiAlionhbTBLviMniXTFFTBWpYpqYLt4TM8RMMUu8L2aLD8QcMVfME/NFmvhQLBALRbr4SCwSH4sMsVgsEUvFMrFcrBArxSqxWqwRa8U6sV5sEBvFJrFZbBFbxTaxXewQn4id4lOxS+wWe8RnYq/4XOwTX4j94ktxQHwlMsXX4qD4RhwS34rD4jtxRHwvjopj4rj4QZwQP4qT4pQ4Lc6Is+IncU78LM4LL0CiFFJKJQMZI3PIWJlT5pJXydwyuPjsXiPj5LUyn7xO5pcFZEFZSMbLwrKI1NJIK0mGsqgsJqPyellc3iBLyJKylCwtnSwjE+SNsqy8SZaTN8vy8hZZQd4qK8pKsrKsIm+TVeXtEiIX9lFD1pS1ZG15l0yCu2VdeY+sJ++V9eV9soG8XzaUD8hG8kHZWD4km8iHZVP5iGwmm8sWsqVsJR+VreVjso1sK9vJx2V7+YTsIJ+UifIp2VH6iy+RZ2QX+azsKp+T3WR32UP+LM9LL3vJ3hL6gOwrX5T9ZH85IBYA5MtykHxFDpavymQ5RA6Vr8lh8nU5XL4hR8iRcpR8U46Wb8kxcqwcJ8fLFDlBTpRvy0nyHTlZviunyKkyVU6TA+TAX2aaJeW/zH/7d/IH/7L3jXKT3Cy3yK1ym9wud8hP5E65U+6Su+QeuUfulXvlPrlP7pf75QF5QGbKTHlQHpSH5CF5WB6WR+QReVQek2fkD/KE/FGelKfkKXlGnpVn5bmLzwEoVEJJpVSgYlQOFatyqlzqKpVbXa3yqLwqoq5RcepalU9dp/KrAqqgKqTiVWFVRGlllFWkQlVUFVNRdT1efMGoUqq0cqqMSlA3/jv5qri6QZVQJX+Vf6m+pH9SXyvVSrVWrVUb1Ua1U+1Ue9VedVAdVKJKVB1VR9VJdVKdVWfVRXVRXVVX1U11Uz1UD9VT9VS9VC+VpJJUX/Wi6qf6qwHqJTVQvawGqUFqsBqsklWyGqqGqmFqmBquhqsRaoQapUap0Wq0GqPGqHFqnEpRKWqimqgmqUlqspqspqgpKlWlqulqupqhZqhZapaarWarOWqOmqfmqTSVphaoBSpdpatFapHKUIvVYrVULVXL1XK1Uq1Uq9VqtVatVevVepWhNqlNaovaorapbWqH2qF2qp1ql9ql9qg9aq/aq/apfWq/2q8OqAMqU2Wqg+qgOqQOqcPqsDqijqij6qg6ro6rE+qEOqlOqtPqtDqrzqpz6pw6r85nnfYFIhCBClQQE8QEsUFskCvIFeQOcgd5gjxBJIgEcUFckC+4LsgfFAgKBoWC+KBwUCTQgQlsIC42PRpcHxQPbghKBCWDUkHpwAVlgoTgxqBscFNQLrg5KB/cElQIbg0qBpWCykGV4LaganB7UC24I6ge3BnUCGoGtYLawV1BneDuoG5wT1AvuDeoH9wXNAjuDxoGDwSNggeDxsFDQZPg4aBp8EjQLGgetAhaBq3+1Pm9P1ngMddL99ZJuo/uq1/U/XR/PUC/pAfql/Ug/YoerF/VyXqIHqpf08P063q4fkOP0CP1KP2mHq3f0mP0WD1Oj9cpeoKeqN/Wk/Q7erJ+V0/RU3Wqnqan6/f0DD1Tz9Lv69n6Az1Hz9Xz9Hydpj/UC/RCna4/0ov0xzpDL9ZL9FK9TC/XK/RKvUqv1mv0Wr1Or9cb9Ea9SW/WW/RWvU1v1zv0J3qn/lTv0rv1Hv2Z3qs/1/v0F3q//lIf0F/pTP21Pqi/0Yf0t/qw/k4f0d/ro/qYPq5/0Cf0j/qkPqVP6zP6rP5Jn9M/6/PaZ53cZ329G2WUiTExJtbEmlwml8ltcps8Jo+JmIiJM3Emn8ln8pv8pqApaOJNvCliipgsZMgUNUVN1ERNcVPclDAlTClTyjjjTIJJMGVNWVPOlDPlTXlTwVQwFU1FU9lUNreZ28zt5nZzh7nD3GnuNDVNTVPb1DZ1TB1T19Q19Uw9U9/UNw1MA9PQNDSNTCPT2DQ2TUwT09Q0Nc1MM9PCtDCtTCvT2rQ2bUwb0860M+1Ne9PBdDCJJtF0NB1NJ9PJdDadTRfTxXQ1XU030830MD1MT9PT9DK9TJJJMn1NX9PP9DMDzAAz0Aw0g8wgM9gMNskm2Qw1Q80wM8wMN8PNCDPSjMo6UTVvmTFmrBlnxpsUk2ImmolmkplkJpvJZoqZYlJNqpluppsZZoaZZWaZ2Wa2mWPmmHlmnkkzaWaBWWDSTbpZZBaZDJNhlpglZplZZlaYFWaVWWXWmDVmHawzG8wGs8lsMlvMFrPNbDM7zA6z0+w0u8wus8fsMXvNXrPP7DP7zX5zwBwwmSbTHDQHzSFzyBw2h80Rc8QcNUfNcXPcnDAnzElz0pw2p81ZU+Di96U3sTanzWWvsrnt1TaPzWv/MS5oC9l4W9gWsdrmtwV+FRtrbQlb0paypa2zZWyCvfE3cUVbyVa2Vexttqq93Vb7TVzH3m3r2ntsPXuvrW3v+lVc395nG9iHbUNEANvcNrYtbRP7sG1qH7HNbHPbwra07e0TtoN90ibap2xH+/Rv4gV2oV1lV9s1dq3dZXfb0/aMPWS/tWftT7aX7W0H2pftIPuKHWxftcl2yG/iUfZNO9q+ZcfYsXacHf+beIqdalPtNDvdvmdn2Jm/idPsh3a2Tbdz7Fw7z87/Jc6qKd1+ZBfZj22GDWCJXWqX2eV2hV15qVaf1663G+xGu9N+arfYrXab3W53XDoRtrvtHvuZ3Ws/twftN3a//dIesIdtpv36lzjr+A7b7+wR+709ao/Z4/YHe8L+qC5lZx37D/Zne956C4QEJElRQDGUg2IpJ+Wiqyg3XU15KC9F6BqKo2spH11H+akAFaRCFE+FqQhpMmSJKKSiVIyidD1dKq8UlSZHZSiBbqSydBOVo5upPN1CFehWqkiVqDJVoduoKt1O1egOqk53Ug2qSbWoNt1Fdehuqkv3UD26l+rTfdSA7qeG9AA1ogepMT1ETehhakqPUDNqTi2oJbWiR6k1PUZtqC21o8epPT1BHehJSqSnqCM9TZ3ob9SZnqEu9Cx1peeoG3WnHvQ89aQXqBf1piTqQ33pRepH/WkAvUQD6WUaRK/QYHqVkmkIDaXXaBi9TsPpDRpBI2kUvUmj6S0aQ2NpHI2nFJpAE+ltmkTv0GR6l6bQVEqlaTSd3qMZNJNm0fs0mz6gOTSX5tF8SqMPaQEtpHT6iBbRx5RBi2kJLaVltJxW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nXbQJ7STPqVdtJv20Ge0lz6nffQF7acv6QB9RZn0NR2kb+gQfUuH6Tvfm76no3SMjtMPdIJ+pJN0ik7TGTpLP9E5+pnOkycIMRShDFUYhDFhjjA2zBnmCq8Kc4dXh3nCvGEkvCaMC68N84XXhfnDAmHBsFAYHxYOi4Q6NKENKQzDomGxMBpeHxYPbwhLhCXDUmHp0IVlwoTwxrBseFNYLrw5LB/eElYIbw0rhpXCh++tEt4WVg1vD6uFd4TVwzvDGmHNsFZYO7wrrBPeHdYN7wnrhfeG5cL7wgbh/WHD8IGwUfhg2Dh8KGwSPhw2DR8Jm4XNwxZhy7BV+GjYOnwsbBO2DduFj4ftwyfCDuGTYWL4VNgxfPqX9fct/Ofrk8I+Yd/wxfDF0Pt75Lzo/Gha9MPogujCaHr0o+ii6MfRjOji6JLo0uiy6PLoiujK6Kro6uia6Nrouuj66Iboxqj3tXOAQyecdMoFLsblcLEup8vlrnK53dUuj8vrIu4aF+eudfncdS6/K+AKukIu3hV2RZx2xllHLnRFXTEXdde74u4GV8KVdKVcaedcGZfgWrpWrpVr7R5zbVxb18497h53T7gn3JPuSfeU6+iedp3c31xn94zr4p51z7rnXDfX3fVwz7uebkKeC+/JJNfX9XX9XD83wA1wA91AN8gNcoPdYJfskt1QN9QNc8PccDfcjXAj3Cg3yo12o90YN8aNc+NciktxE91EN8lNcpPdZDfFTXGpLtVNd9PdDDfDVZ15YS9z3Bw3z81zaS7NLXBZ54zpbpFb5DJchlvilrhlbplb4Va4VW6VW+PWuHVundvgNrhNbpPb4ra4bW6b2+F2uJ1up9vl816Y1O11+9w+t9/tdwfcVy7Tfe0Oum/cIfetO+y+c0fc9+6oO+aOux/cCfejO+lOudPujDvrfnLn3M/uvPMuJTIhMjHydmRS5J3I5Mi7kSmRqZHUyLTI9Mh7kRmRmZFZkfcjsyMfROZE5kbmReZH0iIfRhZEFkbSIx9FFkU+jmREFkeWRJZGlkWWR7wvvCX0RX0xH/XX++L+Bl/Cl/SlfGnvfBmf4G/0Zf1Nvpy/2Zf3t/gK/lZf0Vfylf0jvplv7lv4lr6Vf9S39o/5Nr6tb+cf9+39E76Df9In+qd8R/+07+T/5jv7Z3wX/6zv6p/z3Xx338M/73v6F3wv39sn+T6+r3/R9/P9/QD/kh/oX/aD/Ct+sH/VJ/shfqh/zQ/zr/vh/g0/wo/0o2Le9KMvXSLDeJ/iJ/iJ/m0/yb/jJ/t3/RQ/1af6aX66f8/P8DP9LP++n+0/8HP8XD/Pz/dp/kO/wC/06f4jv8h/7DP84ks3lf0Kv9Kv8qv9Gr/Wr/Pr/Qa/0W/ym/0Wv9Vv89v9Dv+J3+k/9bv8br/Hf+b3+s/9Pv+F3++/9Af8Vz7Tf+0P+m/8If+tP+y/80f89/6oP+aP+x/8Cf+jP+lP+dP+jD/rf/Ln/M/+PP/OGmOMMcbYHzLh8lD8es2F2/l9fidH/N3GfQHg6q2FMv9+fdYZ5br8F8b9RXz7CAA81bvrg5eWGjWSkpIubpshISg2F+DS/wRliYHL8WJoB09AIrSFsr9bf3/R/Sz9i/mjtwDk+rucWLgcX57/CwBM+p35H3181IIK4em4/8/8cwFKFLuckxMux4uh3S/3V9pCuX9Sf4HW/6L+nF+mALT5u5zccDm+XH8CPAZPQ+KvtmSMMcYYY4wxxi7oLyp3vnT9eeknPn/v+jxeXc7JAZfjf3V9zhhjjDHGGGOMsSvvme49nnw0MbFt539/UO1/lPWHB03hf2tmHvzuwHuAS48oAPgPJwTIGsi/8ig2/yX7Sr741vnHVcvO+AD+O1r5Zwyu8AcTY4wxxhhj7E93+aT/14+rK1UQY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDGWDf0Vf07sSh8jY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxdqX9vwAAAP//kfb+pw==")
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000000)='sysfs\x00', 0x0, 0x0)
r0 = fspick(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0)

1m39.902592324s ago: executing program 2 (id=7):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x332)

1m39.493091337s ago: executing program 2 (id=11):
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000280), 0x80a00, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000080)={0x1, "0600000000000000c64c3b6e6ff82a75e5318fca4288c2ffbdbec772020acd2c", <r1=>0xffffffffffffffff})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000040)={0x4800000, "251ff3cc3459335b3ba5528bc66aa24c8dcc181e60c7f0e6ac959567e93528a2"})
dup3(r1, r0, 0x0)

1m39.134821436s ago: executing program 32 (id=11):
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000280), 0x80a00, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000080)={0x1, "0600000000000000c64c3b6e6ff82a75e5318fca4288c2ffbdbec772020acd2c", <r1=>0xffffffffffffffff})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000040)={0x4800000, "251ff3cc3459335b3ba5528bc66aa24c8dcc181e60c7f0e6ac959567e93528a2"})
dup3(r1, r0, 0x0)

59.216397542s ago: executing program 1 (id=277):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
truncate(0x0, 0xad)

57.479387919s ago: executing program 1 (id=285):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18)
bind$can_j1939(r0, &(0x7f0000000040)={0x1d, r1, 0x2, {0x0, 0x1, 0xf7301c884a88aef5}, 0xfc}, 0x18)

57.235813021s ago: executing program 1 (id=289):
syz_mount_image$ocfs2(&(0x7f0000000140), &(0x7f0000000040)='./file1\x00', 0x8008c4, &(0x7f0000000480)=ANY=[@ANYBLOB='acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noacl,\x00'/119, @ANYRES32], 0x1, 0x4436, &(0x7f0000004480)="$eJzs3c9rm+cdAPDnfe0sdpZkdpZDBoMJFtjYhrFz2ubAHMeJYyeeR9aE0osi20riVraCLZcecnBvgZ4KPZQeQguFUnwKPvSa/gm99JieA+2hl0Ih1EXSK1vvawmrxrKb8PlA9Oh9fitfvY8eHeQnTlTuL67mFldzheVcef7u6oXc2+XS2lIxxIfkqMenM92Ik9gfndnLV/9/+0IIXy58/Xxra2srVPWGlkaanv/w/cP55rQhzrSp9tu6t4PyRgjh7K55VfWEEF7/IoQohHApyRtP0v4QwulQL7v98L07uQOazZNnxYv5FzOPNkfPT2883mz/2qMQPir94R/3lr79c8/oN387oOEBAAAAAAAAAAAAAAAAAHjJTd6cvfW/4ZHwNAq9G9Hu3+tOJmmL38fOfl5Ptw7Gnw7j5QIAAAAAAAAAAAAAAAAAAMCv0s7v/3PRmRa//59I0rE27bf+0/050j1T/52duDI8kpz/Hu0q/2eS9d2lnjDY4tz37PnvlzLtW5//vnuc/WrMrzHuQIjiodR1HA8NhfBJcvD7uehEXCqvVv5+t7y2vHBg03hppeNfP70/FZ3kQP9O4z+e6b/75///fte7qXp95+DeYq+0dPx72tb79N2oo/hfzrQ7jPizf+n499by+psrjNUXgGr83+/dO/4Tmf67Ff/TIYRcVJ1rLrUCVPcw1fx2+xXS0vE/VstLLZ3Jf2S7+//HTPyvZPo/qvV/PftBREvp+P+mlteXqrFz/w/Ge93/feHq9vP6G+co4l+d/7rP/46k43+8ntnb9JgsB52u/5OZ/rsV/1txMsPTUeodsBHV81v8vTpaSMe/b1f5zve/uKP937VM+8P6/tcYt/H9r7H8/zWqf/+jtXT8+9vW6/T+n8q06/b6P1bb/7Ff6fifqOWl984DtcdO4z+d6b9b8a/tSvoa8d9ZT346Xs//2P6vI+n4/7aeGTfXWK891vZ/0d77/+uZ/o9i/1ed/3rc3VFfFen4n2xb77PFKHzVwef/jUy7ar/HujP1bcP2+vuWjv+ptvVq93/f3vGfybTr9v3/l252DgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPASGE/SgRDFQ6nrOB4aCuFycn0unIjmCgv5uVJ5/q3VECaS/Fw4E90rlecKpfzicnmhmC+USuX5EK4k5WdDX7RaKlfyS4UHV7f76o/uFwsrlblioRJCmEzy/xhONfqaW6wsFR6EEK5tl/0uLq88uF9Yzi8srvx7eHh4OExtz2EwKr5TKS5X6qPXS0OY3m47EDVNrlZ8fXsuJ6M3y2sry4VSLf9GU5tSeb5Qamozk5R9EAajysra8nyhUsyXyvca4x2lsSSdmLr52s0bI7vK70T1dPxwpwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAL/R09F8fhhB661dxCCEXJU+i5F/Kk2fFi/kXM482R89PbzzefN6qDgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8zA4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV26RilgSAKA/CbAdHSY1gtu53tiiJauCJ4Aj2Gh9GjeAnvYJEibYoQSGYh7E6xTVJ9X/Ngfmbeg3kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMByj2/D+2vbRaS42l5G/H7+/R/nz6V+31UuX5xnRk7n6WW4f2i78u9plt+Wo1Wf9+lm/fURlTr6mezJdJ8O5n2mqvtWMc439r2OlJuI6Et+k3JummVvAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADs2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3jqJvAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4FcAAAD//6KfHYs=")
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x4)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0xc0185879, &(0x7f0000000000)={@desc={0x1, 0x0, @auto='\x00\x00&\x00'}})
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000280)='./bus\x00', 0x2081413, 0x0, 0x1, 0x0, &(0x7f0000000080))

55.748180887s ago: executing program 1 (id=296):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f00000000c0)='./file0\x00')
mount$afs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='dyn'])

54.853038093s ago: executing program 1 (id=303):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0xa402, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x0, 0x0, 0x20000000000000, 0x2000, &(0x7f0000000000/0x2000)=nil})

54.332364353s ago: executing program 1 (id=306):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000003700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4000})

53.764098609s ago: executing program 33 (id=306):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000003700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4000})

33.595041924s ago: executing program 0 (id=410):
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000280), 0x80a00, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000080)={0x1, "0600000000000000c64c3b6e6ff82a75e5318fca4288c2ffbdbec772020acd2c", <r1=>0xffffffffffffffff})
ppoll(&(0x7f0000000100)=[{r1, 0x25c0}], 0x1, &(0x7f0000000140), 0x0, 0x0)
dup3(r1, r0, 0x0)

33.203740149s ago: executing program 0 (id=413):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000008850000007600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
unshare(0x22020400)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)=@newtaction={0x78, 0x30, 0xffffffffffffffff, 0x0, 0x0, {}, [{0x64, 0x1, [@m_bpf={0x60, 0x1, 0x0, 0x0, {{0x8}, {0x38, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x1}}, @TCA_ACT_BPF_FD={0x8, 0x5, r1}, @TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}, @TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x9}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}}, 0x0)

32.919383966s ago: executing program 0 (id=415):
io_setup(0x3, &(0x7f0000000280)=<r0=>0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0)
io_submit(r0, 0x1, &(0x7f0000000700)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}])
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})

32.552236476s ago: executing program 0 (id=419):
syz_mount_image$jfs(&(0x7f0000000000), &(0x7f00000000c0)='./file1\x00', 0x20108c0, &(0x7f0000000280)=ANY=[@ANYBLOB="646973636172642c696f636861727365743d63703835352c6572726f72733d72656d6f756e742d726f2c696e746567726974792c6e6f646973636172642c646973636172643d3078303030303030303030303030303030382c6572726f72733d636f6e74696e7565006969736f383835392d342c756d61736b3d3078303030303030303030303030303038312c696f6368617257fd743d6d6163677265656b2c71756f74612c6572726f72733d72656d6f756e742d726f2c726573697a653d3078303030303030303030181829303030303030312c756d61736b3d3078303030303030303030303032303034352c66736d616769633d3078303030303030303030303030303030392c646566636f6e746578743d726f6f742c66736e616d653d757d407d587d5b2d292b2c000d1c13f7c892c8615d265c6376539175380511bac765713e83a65e4fdf011c705fc6838005120385ac61b970f45d1492a0612eb8000000000000808fc76f91b7b9a5ce77887858ea333961d1ef1e4eabd4c84e81dbf575c47e9b8eea9d6806fa159e0525146f6312b4931cffed0000000000000000000000ce7774e1702d7ff58725c46a3d9f5f98b7ab46fb7be980026851aefea20506f5caf84a78b5c15d6365b3d469ed0fa865bd9b8d80b8850ea8dc8209377972a176dfb1970200dade8e1c289f5eac9801413104891721392eb88dc6a9b42c2b5b8d382cbde928f38d2a77832ec7c440eec2aa839dd6043a3e7f108c21a9976be3eaedf2a10a95583da1e88a5147bd9d8fc1af1f38a2242c8d", @ANYRES64], 0xf6, 0x618a, &(0x7f000000c840)="$eJzs3c1vHGcdB/DfvvqltLV6qEqEkJuWl1KaxEkJgQJtD3Dg0gPKFSVy3SoiBZQElFYWceULB078BSAkjghxRBz4A3rgyo0TJyLZSKCeGDT288TjzW7t1PHO2s/nIzkzv3lmvc/4u7MvmZl9AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACI73/vByudiLj287RgKeIz0YvoRizU9XJELCwv5fX7EfFc7DTHsxExmIuob7/zz9MRr0bER09FbG2vr9aLLx6yH9/9499/98Mn3vrbHwbn//unO73XJq139+6v/vPne0fbZgAAAChNVVVVJ33MP5M+33fb7hQAMBX59b9K8vJTX//6n2/9ZZb6o1ar1Wr1FOqmarx7zSIiNpq3qd8zOBwPACfMRnzcdhdokfyL1o+IJ9ruBDDTOm13gGOxtb2+2kn5dpqvB8u77flckH35b3QeXN8xaXqQ0XNMpvX42oxePDOhPwtT6sMsyfl3R/O/tts+TOsdd/7TMin/4e6lT8XJ+fdG8x9xevLvjs2/VDn//iPl35M/AAAAAADMsPz//0stH/+dO/qmHMonHf9dnlIfAAAAAAAAAOBxO+r4fw8Y/w8AAABmVv1Zvfabp/aWTfoutnr51U7EkyPrA4VJF8sstt0PAAAAAAAAAAAAAChJf/cc3qudiEFEPLm4WFVV/dM0Wj+qo97+pCt9+6FkbT/JAwDAro+eGrmWvxMxHxFX03f9DRYXF6tqfmGxWqwW5vL72eHcfLXQ+Fybp/WyueEh3hD3h1X9y+Ybt2s66PPyQe2jv6++r2HVO0THHpNB+mtOaG4pbABIdl+NtrwinTJV9fSkNx+wj/3/FFqKpbYfV8y+th+mAAAAwPGrqqrqpK/zPpOO+Xfb7hQAMBX59X/0uMCR6u6E9ojH8/vVarVarVZ/qrqpGu9es4iIjeZt6vcMhuMHgBNmIz5uuwu0SP5F60fEc213AphpnbY7wLHY2l5f7aR8O83XgzS+ez4XZF/+G52d2+Xbj5seZPQck2k9vjajF89M6M+zU+rDLMn5d0fzv7bbPkzrHXf+0zIp/+HOJXPlyfn3RvMfcXry747Nv1Q5//4j5d+TPwAAAAAAzLD8//9Ljv/mTQYAAAAAAACAE2dre301X/eaj/9/bsx6rv88nXL+nUfNfyHNy/9Ey/l3R/L/8sh6vcb8/Tf39v9/b6+v/v7Ovz6bp4fNfy7PdNIjq5MeEZ10T51+mh5l6x62OegN63sadLq9fjrnpxq8EzfiZqzFhX3rdtPfY699ZV973dPBvvaL+9r7D7Vf2tc+SN87UC3k9nOxGj+Jm/H2TnvdNnfA9s8f0F4d0J7z73n+L1LOv9/4qfNfTO2dkWnt/ofdh/b75nTc/bxx4/O/vHD8m3Ogzeg92LamevvOttCfnb/JE8P42e21W+fuXr9z59ZKpMm+pRcjTR6znP9g52du7/n/hd32/Lzf3F/vfzh85PxnxWb0J+b/QmO+3t6Xpty3NuT8h+kn5/92ah+//5/k/Cfv/y+30B8AAAAAAAAAAAAAAAD4JFVV7Vwi+kZEXE7X/7R1bSYAMF359b9K8nK1Wq1Wq9Wnr26qxnu9WUTEX5u3qd8z/GLcLwMAZtn/IuIfbXeC1si/YPn7/urpi213Bpiq2+9/8KPrN2+u3brddk8AAAAAAAAAgE8rj/+53Bj/+cWIWBpZb9/4r2/G8lHH/+znmQcDjD7mgb4n2OwOe93GcOPPx8743Ocmjf99Nh4e/zuPidtrbscEgwPahwe0zx3QPj926V5aYy/0aMj5P98Y77zO/8zI8OsljP86OuZ9CXL+ZxuP5zr/L42s18y/+u3M5b9x2BU3o7sv//N33vvp+dvvf/DKjfeuv7v27tqPL62sXLh0+fKVK1fOv3Pj5tqF3X+Pp9czIOefx752HmhZcv45c/mXJef/hVTLvyw5/y+mWv5lyfnn93vyL0vOP3/2kX9Zcv4vpVr+Zcn5fyXV8i/L1vb6XJ3/y6mWf1ny/v/VVMu/LDn/V1It/7Lk/M+lWv5lyfmfT/Uh8vf18KdIzj8f4bL/lyXnv5Jq+Zcl538x1fIvS87/UqrlX5ac/6upln9Zcv5fS7X8y5Lzv5xq+Zcl5//1VMu/LDn/K6mWf1ly/t9ItfzLkvP/ZqrlX5ac/2upln9Zcv7fSrX8y5Lz/3aq5V+WnP93Ui3/suT8X0+1/Muy9/3/ZsyYMZNn2n5mAgAAAAAAAAAAAABGTeN04ra3EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/7MDBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzda4xcZ30/8DN7sdcOIQZCcPI3sHaMMc6SXV/iC/+6mHBLEyjNtaSX2K537Sz4Fq9dkjSSTQMlEo6KKqqmL9oCitpIFcKqeEGrlOZF1curpn1B31RUlZAaVSEKqEhtRbPVzHmexzOzs3N2veP17Dmfj2T/dmfOzDlz5szsftf+7gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACabfzw1JdqWZbV/zT+Wpdlb6p/vGZ0XeOyD1zrLQQAAACW6n8bf79+Q7rgwAJu1LTM377rH749Ozs7m3168HeHvzo7m64YzbLh1VnWuC669G8P15qXCZ7ORmoDTZ8PFKx+sOD6oYLrhwuuX1Vw/eqC60cKrp+zA+ZYk/88pnFnmxsfrst3aXZjNty4bnOHWz1dWz0wEH+W01Br3GZ2+Gg2nR3PprKJluXzZWuN5V/cWF/XXVlc10DTujbUj5AfPXUkbkMt7OPNLeu6fJ/RDz+Ujf74R08d+eOzr97caRbuhpb7y7dz66b6dn4hXJJvay1bnfZJ3M6Bpu3c0OE5GWzZzlrjdvWP27fz9QVu5+DlzVxW7c/5SDbQ+Pjlxn4aav6xXtpPG8Jl/3VrlmUXLm92+zJz1pUNZGtbLhm4/PyM5Edk/T7qh9Jbs6FFHacbF3Cc1ufk5tbjtP01EZ//jeF2Q/NsQ/PT9MPPr5rzvC/2OI3qj3q+10r7Mdjr10q/HIPxuHi58aCf6XgMbg6P/6kt8x+DHY+dDsdgetxNx+CmomNwYNVgY5vTk1Br3ObyMbi9ZfnBxppqjfnKlu7H4PjZE6fHZ5548v3TJw4fmzo2dXLn9u0TO3fv3rt37/jR6eNTE/nfV7i3+9/abCC9BjaFfRdfA+9tW7b5UJ39eu9ehyNdXofr2pbt9etwqP3B1ZbnBTn3mM5fGw/Ud/rIxYFsntdY4/nZtvTXYXrcTa/DoabXYcevKR1eh0MLeB3Wlzm9bWHfsww1/em0DVfra8G6pmOw/fuR9mOw19+P9MsxOBKOi3/ZNv/Xgg1he58ZW+z3I4NzjsH0cMN7T/2S9P3+yN7G6HRc3lK/4rpV2bmZqTO3P3747Nkz27MwlsXbmo6V9uN1bdNjyuYcrwOLPl4PTL/rmVs6XL4u7KuR99f/Gpn3uaovs+v27s9V46tb5/3ZcumOLIweW+792emreX1/pizZZX/Wl/nC+NK/F0+5tOn9d3ie99+Y+9/I15fu6unB4aH89TuY9s5wy/tx61M11HjvqjXW/fr4wt6Ph8Of5X4/vrHL+/H6tmV7/X483P7g4vtxreinHUvT/nyOhOPk+ET39+P6Mut3LPaYHOr6fnxrmLWw/98XkkLKRU3HznzHbVrX0NBweFxDcQ2tx+nOluWHQzarr+uFHVd2nG69Nb+vwfToLluu43S0bdleH6fp/Wq+47RW9NO3K9P+fI6E4+LGnd2P0/oyL+1a+nvnmvhh03vnqqJjcHhwVX2bh9NBmL/fz66Jx+Dt2ZHsVHY8m2xcu6pxPNUa6xq7Y2HH4KrwZ7nfK9d3OQa3ti3b62MwfR2b79irDc198D3Q/nyOhOPiuTu6H4P1ZT6yp7ffu24Nl6Rlmr53bf/52nw/87qlbTddzZ951bfzr/d0/9lsfZnjexebM7vvp9vCJdd12E/tr9/5XlOT2fLsp/VhO1/dO/9+qm9PfZmv7lvg8XQgy7Lzj93Z+Hlv+PeVPzv3vW+3/LtLp3/TOf/Yna9df/RvFrP9AKx8b+Rjbf61rulfphby7/8AAADAihBz/0CYifwPAAAApRFzf/xf4Yn8DwAAAKURc/9QmElF8v/6j7w6/cb5LDXzZ4N4fdoNd+fLxY7rRPh8dPay+uV3Pj/1k784v7B1D2RZ9tO7f6Pj8uvvjtuVGw3beemjrZfPveH5Ba3/0IOXl2vur38t3H98PAs9DDpVcCeyLHvxhmcb6xl9+GJjvnT3oca878IzT9eXeX1f/nm8/Stvy5f/g1D+PXD0cMvtXwn74QdhTtzTeX/E233r4vs27Hno8vri7Wqb3tx42M89kt9v/D05X3k6Xz7u5/m2/y+//MK36ss//p7O239+oPP2vxDu9/kw//ud+fLNz0H983i7L4btj+uLt7v9G9/tuP2XvpQvf/pj+XKHwozr3xo+3/yxV6eb99fjtcMtjyv7eL5cXP/E9367cX28v3j/7ds/cvBiy/5oPz5e+qf8fsbblo+Xx/VEf962/vr9NB+fcf0v/Nahlv1ctP5L973yzvr9tq//trblBttu3/4bm/7wi892XF/cngPfPN3yeA7cG17HYf3PPRKOx3D9/1x6tmW90aF7W99/4vJfW3e+5fFEd/04X/+lDx5rzH8f/cnvX/em69984d31fZdlL9+f31/R+o/90amW7f/6Tdsaz0e8Pnb029c/n7j+M58bO3lq5tz0ZNNebfzunE/k27N6ZM3a+vbeEN5b2z8/eOrso1NnRidGJ7JstLy/Qu+KfSPM1/JxYbG33/ZgeD5v+b0X1275xy/Hy//5gfzyi/fkX7feG5b7Srh8Xf78zdaWuP7nNt7UeH3XXso/b+mx98CGzf+xd0ELhsff/n1BPN5Pv/3Rxn6oX9f4uhFf10vc/u9P5vfznbBfZ8NvZt500+X1NS8ffzfCxfvz1/uS9194m4vP65+E5/uTP8jvP25XfLzfD9/HfHd96/tdPD6+c36g/f4bv8XjQng/yS7k18el4v6++PpNHTcv/h6S7MLNjc9/J93PzYt6mPOZeWJm/Pj0yXOPj5+dmjk7PvPEkwdPnDp38uzBxu/yPPiZottffn9a23h/mpzavSubWJNl2alsYhnesK7O9tc/Wtj2n37wyOSeiS2TU0cPnzt69sHTU2eOHZmZOTI1ObPl8NGjU58ruv305P7tO/bt3LNj7Nj05P69+/bt3Dc2ffJUfTPyjSqwe+KzYyfPHGzcZGb/rn3b77hj18TYiVOTU/v3TEyMnSu6feNr01j91r8+dmbq+OGz0yemxmamn5zav33f7t07Cn8b4InTR2dGx8+cOzl+bmbqzHj+WEbPNi6uf+0ruj3lNPOv+fez7Wr5L+LLPnXb7vT7Weue//y8d5Uv0vYLRF8Nv4vm799yeu9CPo+5fzjMpCL5HwAAAKog5v5VYSbyPwAAAJRGzP2rw0zkfwAAACiNmPtHwkwqkv/1//X/F9b/z6/X/69W///0Y3mvdKX3/2N/Xv+/Gq5x/3/J69f/1/8vX/9/4f35lb79+v/6/8zVb/3/mPvXZFkl8z8AAABUQcz9a8NM5H8AAAAojZj7rwszkf8BAACgNGLuf1OYSUXyv/7/gvr/O4oKV+Xv/zv/v/5/tjL7//HJ0f+vjEX37x96oOVT/f9A//+a9v/XzLN5+v/9vf36//r/tBue95pr1f+Puf/6MJOK5H8AAACogpj73xxmIv8DAABAacTcf0OYifwPAAAApRFz/7owk4rkf/1/5//X/9f/L3X/f6nn/2/aGP3/lcH5/7vT/y9wxf3/Eef/X4n9/+Hebn9/9/8LN1//n6ui387/H3P/W8JMKpL/AQAAoApi7n9rmIn8DwAAAKURc//bwkzkfwAAACiNmPtvDDOpSP7X/9f/1//X/9f/77z+4vP/5x/p//cX/f/u9P8L9Mn5//X/V+b293f/v9fn/x/+aPvt9f/ppN/6/zH3vz3MpCL5HwAAAKog5v6bwkzkfwAAACiNmPvfEWYi/wMAAEBpxNy/PsykIvlf/1//X/9f/1//v/P6i/v/Of3//qL/353+fwH9f/1//f+F9f87fPOr/08nven/Ny2yxP5/zP03h5lUJP8DAABAFcTcf0uYifwPAAAApRFz//8LM5H/AQAAoDRi7t8QZlKR/K//r/+v/1+t/v9tq/T/9f/LTf+/O/3/Avr/+v/6/ws8//9ci+n/ry66M0qjN/3/LOtV/z/m/neGmVQk/wMAAEAVxNz/rjAT+R8AAABKI+b+d4eZyP8AAABQGjH3j4aZVCT/6/+Xq///p3/13Lsz/X/9/4L1l7T/Hw8D/f+K0//vTv+/gP6//r/+/7L0/6mOfuv/x9y/McykIvkfAAAAqiDm/k1hJvI/AAAAlEbM/beGmcj/AAAAUBox928OM6lI/tf/L1f/P9L/1//vtv6S9v8T/f9q0//voOlFqv9fQP+/l/35oSzT/195/f/43a/+P73Rb/3/mPvfE2ZSkfwPAAAAVRBz/5YwE/kfAAAASiPm/veGmcj/AAAAUBox928NM6lI/tf/1//X/9f/1//vvH79/5VJ/7+7xfb/V+n/6/87/3/F+v/O/09v9Vv/P+b+94WZVCT/AwAAQBXE3L8tzET+BwAAgNKI/38z/3+v8j8AAACUUcz9Y2EmFcn/+v8L7P+HxzjfXev/t25/v/b/a/r/+v/6/6Wn/9+d8/8X0P/X/9f/1/+np/qt/x9z//vDTCqS/wEAAKAKYu6/PcxE/gcAAIDSiLl/PMxE/gcAAIDSiLl/IsykIvlf/9/5/6vU/3f+f/1//f/y0//vTv+/gP6//n/Z+v9Zpv/PNdVv/f+Y+7eHmVQk/wMAAEAVxNy/I8xE/gcAAIDSiLl/Z5iJ/A8AAAClEXP/rjCTiuR//X/9f/1//X/9/87r1/9fmfT/u9P/L6D/r/9ftv6/8/9zjfVb/z/m/jvCTCqS/wEAAKAKYu7fHWYi/wMAAEBpxNy/J8wk5P9O/68bAAAAWFli7t8bZlKRf//X/y9J//83/65l3fr/+v/d1t+b/v8a/f8w9f/7S0n7/+0viyum/19A/1//X/9f/5+e6rf+f8z9+8JMKpL/AQAAoApi7v9AmIn8DwAAAKURc///DzOR/wEAAKA0Yu7/mTCTiuR//f+S9P/b6P/r/3dbv/P/6/+XWUn7/z1Tqv7/gP6//n9/bb/+v/4/c139/n/8aGH9/5j794eZVCT/AwAAQBXE3P+zYSbyPwAAAJRGzP0fDDOR/wEAAKA0Yu4/EGZSkfyv/6//r/+v/391+v8fzNr1Y/+/fvDo/5eL/n93per/O/+//n+fbb/+v/4/c/Xb+f9j7v9QmElF8j8AAABUQcz9d4aZyP8AAABQGjH3fzjMRP4HAACA0oi5/yNhJhXJ//r/+v/6/1fW/7/QtL36/62c/78z/f/lof/fnf5/Af1//X/9f/1/eqrf+v8x9380zKQi+R8AAACqIOb+j4WZyP8AAABQGjH3fzzMRP4HAACA0oi5/64wk4rkf/1//X/9f+f/1//vvH79/5VJ/787/f8C+v/6//r/+v/0VL/1/2Pu/7kwk4rkfwAAAKiCmPvvDjOR/wEAAKA0Yu6/J8xE/gcAAIDSiLn/E2EmFcn/+v/6//r/+v/6/53Xr/+/Mun/d6f/X0D/X/9f/1//n57qt/5/zP2fDDOpSP4HAACAKoi5/+fDTOR/AAAAKI2Y+z8VZiL/AwAAQGnE3P8LYSYVyf/6//r//dX/nz3ffDv9f/3/rFf9//qN9P8rQf+/O/3/Ah36/6v1//X/9f/1/7li/db/j7n/3jCTiuR/AAAAqIKY++8LM5H/AQAAoDRi7r8/zET+BwAAgNKIuf+BMJOK5H/9/0r2/9ND7r/+v/P/6/87/7/+/9Lo/3en/1/A+f/1//X/9f/pqX7r/8fc/2CYSUXyPwAAAFRBzP0PhZnI/wAAAFAaMff/YpiJ/A8AAAClEXP/p8NMKpL/9f8r2f/v4/P/l63/P9RyfFSp/z/S9Hym41L/X/9/Gej/d6f/X0D/X/+/n/v/4WheM8/t9f/pR/3W/4+5/+Ewk4rkfwAAAKiCmPt/KcxE/gcAAIDSiLn/l8NM5H8AAAAojZj7fyXMpCL5X/9f/1//3/n/r0b/v/n5jPT/9f+Xg/5/d/r/BfT/9f/7uf9fQP+fftRv/f+Y+381zGTe4Pfafy7gYQIAAAB9JOb+R8JMKvLv/wAAAFAFMfcfDDOR/wEAAKA0Yu4/FGZSkfyv/9/e/49nVNX/1//X/19K/7/xPH6ztQ+r/6//vxx61/9/x/VZpv+v/6//r/+v/6//z1L0W/8/5v7DYSYVyf8AAABQBTH3/1qYifwPAAAApRFz/5EwE/kfAAAASiPm/skwk4rk/2vY/x/uz/6/8/9faf//p/r/+v+B/n9n+v/Lw/n/u9P/L6D/r/+v/6//T0/1W/8/5v6pMJOK5H8AAAAosfTj4Jj7j4aZyP8AAABQGjH3Hwszkf8BAACgNGLufzTMpCL53/n/9f+d//9a9P+HWpbX/8/p/+v/94L+f3f6/wX0//X/9f/1/+mpfuv/x9w/HWZSkfwPAAAAVRBz/2fCTOR/AAAAKI2Y+z8bZiL/AwAAQGnE3H88zKQi+V//X/+/6v3/WpZdcP5//f9O69f/X5n0/7vT/y+g/6//r/+v/09P9Vv/P+b+E2EmFcn/AAAAUAUx958MM5H//4+9+2iS67zuONymSYSV7W/gtVde2iv6I3jrnau8djnRtjJJ5SxROQcq55wliso550zlHKlIqQoqDs45wGAatwFMo/ve9zzP5hgowj0gh3T9jfrVCwAAAMPI3f8fcYv9DwAAAMPI3f+fcUuT/a//1/937/9Xe3n///Bfr/8/S/+v/9+GI/39tev/uotF4Rft///+H274V/2//l//P0n/r//X/3OhufX/ufv/K25psv8BAACgg9z9/x232P8AAAAwjNz9/xO32P8AAAAwjNz9N8QtTfa//l//r//X/x/q/2/X/+v/l837/9P0/xvo//X/+n/9P1s1t/4/d///xi1N9j8AAAB0kLv//+IW+x8AAACGkbv//+MW+x8AAACGkbv/HnFLk/2v/9f/6/+X0v+f8P7/Bb8f/b/+fx39/zT9/wb6f/2//l//z1bNrf/P3X/PuKXJ/gcAAIAOcvffK26x/wEAAGAYufvvHbfY/wAAADCM3P33iVua7H/9v/5f/7+U/n9H7//r//X/C3fr6tx/E/T/R+n/N9jQ/69W+v8pl9zPr//tLefrvwj9v/6fo+bW/+fuv2/c8k+r1Ykr/U0CAAAAs5K7/35xS5M//wcAAIAOcvffGLfY/wAAADCM3P03xS1N9r/+X/+v/9f/6//Xf77+f5m8/z/t+P3/3/31v/9b3/7f+//TvP+/7f7/7u8M/T/LNrf+P3f/zXFLk/0PAAAAHeTuv3/cYv8DAADAMHL3PyBusf8BAABgGLn7Hxi3NNn/+v/R+v+/PPTrzuv/D2oX/b/+X/+v/x+d/n+a9/83OPjP3On6of5f/+/9f/0/xzO3/j93/4Pilib7HwAAADrI3f/guMX+BwAAgGHk7n9I3GL/AwAAwDBy9z80bmmy//X/o/X/h3+d9//1/+s+X/+v/x+Z/n+a/n+DUd7/v8Lvmn3388e1769f/6//56i59f+5+x8WtzTZ/wAAANBB7v6Hxy32PwAAAAwjd/8j4hb7HwAAAIaRu/+RcUuT/a//1/8vo//PT9D/6/+vfv+f9P/LpP+fpv/fYJT+/wrtu59f+tev/9f/c9Tc+v/c/Y+KW5rsfwAAAOggd/+j4xb7HwAAAIaRu/8xcYv9DwAAAMPI3f/YuKXJ/tf/6/+X0f97/1//7/1//f+l0f9P0/9voP/X/+v/9f9s1dz6/9z9t8QtTfY/AAAAdJC7/3Fxi/0PAAAAw8jd//i4xf4HAACAYeTuf0Lc0mT/6//1//p//b/+f/3n6/+XSf8/Tf+/gf5f/6//1/+zVTPq/8/7VadWT4xbmux/AAAA6CB3/5PiFvsfAAAAhpG7/8lxi/0PAAAAw8jd/5S4pcn+1//Ppv8/yPnG6v9Pr1Yr/f+qaf9/+rx/nvV9qf/X/++A/n+a/n8D/b/+X/+v/2erZtT/H/w4d/9T45Ym+x8AAAA6yN3/tLjF/gcAAIBh5O5/etxi/wMAAMAwcvc/I25psv/1/7Pp/w+M1f97///C749O/b/3/4/S/++G/n+a/n8D/b/+X/+v/2er5tb/5+5/Ztx04ror/i0CAAAAM5O7/1lxS5M//wcAAIAOcvc/O26x/wEAAGChbjnyM7n7nxO3NNn/+v/t9v8nzvs5/b/+/8LvD/2//l//f/Xp/6fp/zfQ/+v/9f/6f7Zqbv1/7v7nxi1N9j8AAAB0kLv/1rjF/gcAAIBh5O5/Xtxi/wMAAMAwcvc/P25psv/1/97/1//r//X/6z9f/79M+v9p+v8N9P/6//32/yfP/Y/6f8ZwGf3/mTNnbrzq/X/u/hfELU32PwAAAHSQu/+FcYv9DwAAAMPI3f+iuMX+BwAAgGHk7n9x3NJk/+v/m/b/+a2+rP7/ptVK/6//1//r/6fp/6fp/zfQ/+v/vf+v/2er5vb+f+7+l8QtTfY/AAAAdJC7/6Vxi/0PAAAAw8jd/7K4xf4HAACAYeTuf3nc0mT/6/+b9v/e/9f/6/933f/ftdL/78Qi+v/TF//8uff/N+v/9f8T2vX///yPh36o/9f/c9Tc+v/c/a+IW5rsfwAAAOggd/8r4xb7HwAAAIaRu/9VcYv9DwAAAMPI3f/quOnaJvtf/6//1//r//X/6z9/x+//n1itVvr/LVhE/z9h7v3/dt7/v/Df8nP0//r/JX/9+n/9P0fNrf/P3f+auKXJ/gcAAIAOcve/Nm6x/wEAAGAYuftfF7fY/wAAADCM3P2vj1ua7H/9v/5f/6//H77/v3kR/b/3/7dE/z9tHv3/xen/9f9L/vr1//p/Lt2++v/c/W+IW5rsfwAAAOggd/8b4xb7HwAAAIaRu/9NcYv9DwAAAMPI3f/muKXJ/tf/6/8vp//Pr1P/P1b/f3J2/f+pQ//7mrz/r//fEv3/NP3/Bvp//b/+/xb9P9s0t/f/c/e/JW5psv8BAACgg9z9b41b/69b+x8AAACGkbv/bXGL/Q8AAADDyN3/9rilyf7X/+v/vf+v/9/x+/9/c9uu3//X/7ei/5+m/99A/6//1/97/5+tmlv/n7v/HXFLk/0PAAAAHeTuvy1usf8BAABgGLn73xm32P8AAAAwjNz9t8ctTfa//l//r//X/++4/7+E9/8P20X/f43+fxj6/2m76f9P6//1/9XP/0X8W6D/33f/v9L/sxdz6/9z978rbmmy/wEAAKCD3P3vjlvsfwAAABhG7v73xC32PwAAACzStWt+Lnf/e+OWJvtf/6//1//r//X/6z9f/79Me+n/85tC/+/9/9Cn///bQz9a2vv/F/7fr7H7f+//sx9z6/9z978vbmmy/wEAAKCD3P3vj1vsfwAAABhG7v4PxC32PwAAAAwjd/8H45Ym+1//r//X/+v/9f/rP1//v0ze/5+m/99A/7/X9/OX/vXr//X/HDW3/j93/4filib7HwAAADrI3f/huMX+BwAAgGHk7v9I3GL/AwAAwDAOdn/GZQ33v/5f/6//1//r/9d//nH6/9Oro/T/u6H/n6b/30D/r//X/+v/2aq59f8fPfhVp1Yfi1ua7H8AAADoIHf/x+MW+x8AAACGkbv/E3GL/Q8AAADDyN3/ybilyf7X/+v/l9H/nzlz5kb9v/7/8O/nXP9/x+z6/3X0/7uh/5+m/99A/6//1//r/9mqufX/ufs/Fbc02f8AAADQQe7+T8ct9j8AAAAMI3f/Z+IW+x8AAACGkbv/s3FLk/2v/59B/39K/+/9f/3/arD3/9fR/++G/n+a/n+DEfv/U5f+2993P39c+/769f/6f46aW/+fu/9zcUuT/Q8AAAAd5O7/fNxi/wMAAMAwcvd/IW6x/wEAAGAYufu/GLc02f/6/931/3f/vevy/v/p1fqvX/+v/9f/6/+vNv3/NP3/BiP2/5dh3/380r9+/b/+n6Pm1v/n7v9S3HJ4+F13eb9LAAAAYE5y9385bmny5/8AAADQQe7+r8Qt9j8AAAAMI3f/V+OWJvtf/z+D9/8H7P+9/7/++0P/P+v+/xr9/xj0/9P0/xvo//X/+v8t9f/53az/725u/X/u/q/FLU32PwAAAHSQu//rcYv9DwAAAMPI3f+NuMX+BwAAgGHk7r8jbjlv/69ru0eh/9f/6//1//r/9Z+v/18m/f+0S+3/T66O1/8n/b/+X//ftf/3/j9nza3/z93/zbjFn/8DAADA4lx3kZ/P3f+tuMX+BwAAgGHk7v923GL/AwAAwDBy938nbrnzmn19STul/9f/6//1//r/9Z+v/18m/f807/9voP/fRj9/vf5/jP5/tdL/c3xz6/9z9383bvHn/wAAADCM3P3fi1vsfwAAABhG7v7vxy32PwAAAAwjd/8P4pYm+1//r/8/Zv9/kGbq/8/S/5+l/19P/78b+v9p+v8N9P/e/9f/e/+frZpb/5+7/4dxS5P9DwAAAB3k7v9R3GL/AwAAwDBy9/84brH/AQAAYBi5+38StzTZ/3vr/+Nvtf5/8f2/9//1//p//f+s6P+n6f830P/r//X/+n+2am79f+7+n8YtTfY/AAAAdJC7/2dxi/0PAAAAw8jd//O4xf4HAACAYeTu/0Xc0mT/e/9f/6//1//r/9d/vv5/mfT/0/T/69U/KP2//l//r/9nq+bW/+fu/2Xc0mT/AwAAQAe5+38Vt9j/AAAAMIzc/XfGLfY/AAAADCN3/6/jlib7X/+v/9f/6//1/+s/X/+/TPr/afvs///lrzZ/rPf/997/55eg/9f/6//Zirn1/7n7fxO3NNn/AAAA0EHu/t/GLfY/AAAADCN3/+/iFvsfAAAAhpG7//dxS5P9v6H/P1l/of5/kv7/8Nev/1///aH/1//r/68+/f807/9voP/3/r/+X//PVs2t/8/d/4e4pcn+BwAAgA5y998Vt9j/AAAAMIzc/X+MW+x/AAAAGEbu/j/FLU32v/f/l9T/X6//1//r//X/+v8N9P/T9P8b6P/1//p//T9bNbf+P3f/nwMAAP//yRRTuA==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, 0x0)

31.071564803s ago: executing program 0 (id=427):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000009c0)=@bridge_dellink={0x2c, 0x13, 0x501, 0x0, 0x40000000, {0x7, 0x0, 0x0, r1}, [@IFLA_AF_SPEC={0xc, 0x1a, 0x0, 0x1, [@AF_INET={0x8, 0x5, 0x0, 0x1, {0x4, 0x4}}]}]}, 0x2c}}, 0x0)

30.555743933s ago: executing program 0 (id=429):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100000000000000000009000000440003800800010002000000140002007663616e3000000000000000000000000800030000000000140006"], 0x58}}, 0x0)

29.933128897s ago: executing program 34 (id=429):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100000000000000000009000000440003800800010002000000140002007663616e3000000000000000000000000800030000000000140006"], 0x58}}, 0x0)

4.354789456s ago: executing program 7 (id=572):
r0 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f00000000c0)={@multicast2, @local, @dev={0xac, 0x14, 0x14, 0xa}}, 0xc)
r1 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/9, 0x9}], 0x1, 0x2f, 0x0)

4.156618609s ago: executing program 7 (id=573):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000140)={0x1, 0x1, 0x81})

4.013378664s ago: executing program 3 (id=574):
creat(&(0x7f0000000080)='./file0\x00', 0x0)
syz_mount_image$bfs(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x1200084, &(0x7f0000000140), 0x1, 0x9a, &(0x7f0000000180)="$eJzsziGqAmEUBeAzU95LswGDO5g9uBQxapukCK7IrRiNgnaDYLKM6AiC2AQV+T74f+7h3nBWp2UvVdIukvZBM52Nh5PmePnDTyqT/CX5T9KvkiLJftDtinXRDYf5aHN7Hy0LAAC8pEx9D9trrp9f7t7WCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCbnAMAAP//Klglhg==")
r0 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
write$qrtrtun(r0, &(0x7f0000000bc0)="b8", 0x1)

3.737330091s ago: executing program 7 (id=575):
pipe2$watch_queue(&(0x7f0000001180)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
unshare(0xa000400)
r1 = add_key(&(0x7f0000000000)='id_resolver\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000080)="f8", 0x1, 0xfffffffffffffffe)
keyctl$KEYCTL_WATCH_KEY(0x20, r1, r0, 0xffffffffffffffff)

3.535195168s ago: executing program 3 (id=576):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r1 = fcntl$dupfd(r0, 0x0, r0)
write$sndseq(r1, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38)
ioctl$SG_IO(r1, 0x2285, &(0x7f00000005c0)={0x53, 0xfffffffffffffffc, 0x0, 0x8, @scatter={0x0, 0x0, 0x0}, 0x0, 0x0, 0x81, 0x10006, 0x1, 0x0})

3.369947529s ago: executing program 7 (id=578):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000140))
ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000180)={0x1, &(0x7f00000000c0)=[{0x6, 0xff}]})
ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000100)={0x0, 0x0})

3.246504901s ago: executing program 6 (id=580):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@updpolicy={0xc4, 0x19, 0xfd3649826d894c67, 0x70bd27, 0x0, {{@in6=@private0={0xfc, 0x0, '\x00', 0x2}, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x3, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0xfffffffffffffffc}, {}, 0x400}, [@policy_type={0xa, 0x10, {0x1}}]}, 0xc4}}, 0x4c050)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_buf(r1, 0x0, 0x8008000000010, &(0x7f0000000000)="17000000020001000003d68c5ee1768812003208020300ecff3f0002000300000a000000009afc5ad9485bbb6a880000d6c8db0000dba67e060180000a0000f10607bdff59100ab65761407a681f009cee4a5acb3da400001fb700674f39b44e09f9315033bf79ac2dff060115003901000000000000ea000000000000000009ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e000"/184, 0xb8)

3.235758278s ago: executing program 3 (id=581):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000280)='./file1\x00', 0x0, &(0x7f0000000240)=ANY=[], 0x1, 0x1237, &(0x7f00000006c0)="$eJzs3E1rXFUYAOB3kon5qPlQ61cXeqgbV5cmC1eCBklBMgupRmgFcWonOOQ6E3KHQERtXbkV/Bfi0p0g/gE3/gWX3bjsQrjivZNk0qStlTJj6fNs7ptz3jfnXA4MnMs99/ab332+s11k2+1BTDUaMbUbke6kSDEVh17ZrK9Xr22ut1obV1K6vP7B6hsppaVXf/noyx8v/jo49+FPSz/Pxm8rH9/+cy0ibv2T/1m3SN0i9fqD1E7X+/1B+3remY5usZOl9F7eaRed1O0Vnb3R/rSd93d3D1K7d2NxYXevUxSp3TtIO52DNOin5nBKvZRlWVpcCO5p5lTLJ3c3bv1wpyzLiLKciaeiLMtyPhbiXDwdi7FULeIz8Ww8F+fj+XghXoyX4uUqa4x3AQAAAAAAAAAAAAAAAAAAAE+A+53/X44V5/8BAAAAAAAAAAAAAAAAAABgDN6/em1zvdXauJLSXET+7f7W/lZ9rfvXt6MbeXTiUizHX1Gd/q/V8eV3WxuXUmUlvslvDutv7m9Nn6xfrT4nMKxvVn2H9at1fTpZPxsLo/VrsRznzx5/7Yz6me8jXn9tpD6L5fj90+hHHjeqsY/rv15N6Z1b9ZziaPwLVd6xRjRG/2yOZ30AAADgUcjSkaP9+9sj+/csO91f74/r+od4PnDX/r4ZF+yhJ644+GKnneedvZPB3KmWBwWNiPjXyfcKGsNHLGfmxFzEf/7PYw2mHrZqerga908+/O7m5G/wcQvm/x/TeKyCif0kMUbHi36y/Y+LR+H8+GcFAAAAAAAAAADAgzyydwajcdb7v82o3yybHR3zrfgqm9wdAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPA3O3AsAAAAACDM3zqNjg0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgpAAAAP//d+24Qg==")
r0 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
renameat2(r0, &(0x7f0000000180)='./file0\x00', r0, &(0x7f00000001c0)='./file1\x00', 0x2)

2.979824171s ago: executing program 6 (id=582):
capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x5, 0xffffffff, 0xfffffffd})
setrlimit(0x40000000000008, &(0x7f0000000000)={0x0, 0x5})
r0 = memfd_secret(0x80000)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x13, r0, 0x0)

2.846195016s ago: executing program 7 (id=583):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000340)='percpu_alloc_percpu\x00', r1}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x7, 0xb, &(0x7f00000003c0)=ANY=[@ANYBLOB="620ac4ff000000007110b300000000001801000000006c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000003000000850000000600000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

2.787056944s ago: executing program 6 (id=584):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001280)='/proc/consoles\x00', 0x0, 0x0)
read$hiddev(r0, &(0x7f00000000c0)=""/4092, 0xffc)
preadv(r0, &(0x7f00000012c0)=[{&(0x7f0000001800)=""/250, 0xfa}], 0x1, 0x40000004, 0x0)
read$hiddev(r0, &(0x7f0000001100)=""/234, 0xea)

2.678805865s ago: executing program 6 (id=585):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000780)={'dummy0\x00', <r2=>0x0})
sendmsg$ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010026bd6000000000002d9300000c00018008000100", @ANYRES32=r2], 0x20}, 0x1, 0x0, 0x0, 0xd4}, 0x24008000)

2.545264847s ago: executing program 7 (id=586):
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000000380)='./bus\x00', 0x8, &(0x7f00000000c0)={[{@space_cache_v1}, {@autodefrag}, {@ref_verify}, {@compress_algo={'compress', 0x3d, 'no'}}, {@clear_cache}, {@noacl}, {@space_cache_v1}, {@barrier}, {@nospace_cache}]}, 0x1, 0x55ae, &(0x7f000000ac40)="$eJzs3X9snHUdB/DnruvaFdeWMOuArGwDJFtEOjdNCCR2bNNpYTnphE3I+gNH0DmtY8NVCCtinIERijWMwQoLbn9MEYqucyiJBewqul8IJtNFBbPFNWOkOBExYTG9u+d299zaHhMpwuu1tM/zvc/z/d73njx/3PvW73MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEHwx+N3TL/t3roJ26+ru++8a85e+2D3kuMX3rq1avND20v2dTz31aNVq1qPLF1w0/2JpkfW93d3BkEs2S+W7t9w2fwrr69vuKI0HLDxc6ltZeVQT5nq+mKqMTbnwcF+uT9NQRAURwYoSm/npXfiOQNkdlfkDzisayf1tE4dP69x28qujc8uu3xL/ktnUOloT2C0pK+rgyeupdrk73jkiEw769KL5Vyiqf7RC+4deREAwFtSk0huMm9H029xM+22aD3Sro202yPt8B1Ce3bjVKTGHTvUPCdH66M0z9pUVCgZcp6Revr8Z9qJaP9IOxI13sI8cw9NR5rSoebZEqmP1jwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k0uuH5m/d49D7/8ldbf/u7h17/16sePrGq8ZaC7/qJ1ix/v2PG9vx2tWtV6ZOmCm+5PND2yvr+7Mwgqk/1iqe6xZ6ri8ZkDddseu6e3puFDC9cUpccNt2OyDg72hzsXVwRBc1blYDhsf3kQJHILyWawIb/wpeTOZ8ICAAAA7yVnJn/HM+1UHCzOaceSaTKW/BdKhcVrJ/W0Th0/r3Hbyq6Nzy67fMupj5cYYrzak46XaVee+IllBeMw/kbHO1EPD12RN87woiNG8/zpx/qnNdfdUHrl7gsWzphdv+XS4CfTD3csX3TfhBfHL9nXXpOX/yuHz//hmZP/AQAA+G/I/9FxhjdS/m+uqZh0cOp3ix67rur44fkP/Lyz7/kn4w8VD3Q//dLYcbf9cnVe/p+c85R5+T+ccZj/48Gp5X8AAAB4N/tf5//avHGGN1L+/8X+zZ//98pvTDk84187Xnj69xdvnVI+/7WyGTe8+cSCVxp2tf0pL//XFJb/x2RPO3xwVzjhZRVBUFP4SQUAAAByhP/vfuKjhTCvpz45iOb1y+4qe3LXG+tvjJ/V8o8zFvfPqv7i7tVf37ApNrChc92O5XNX5OX/2sLyf/E783IBAACAAvxm+y13V395ydYtew7N2XFnYvPYS+a+uuennVf1vXwsUfT8zX15+T9RWP4vGZ2XAwAAAJzEU+MmPnfo0UNfm7177YS9q9rmPD5t3+qFD/xz9t+veOnPxzddWJ6X/xsLy/9l6W165UOq087wrxA6KoKgdHCnJVXoC9o/mSkAAAAAb5Mwpzc1revduX7MrNfOPvzDNSuW/2rvpd++a2P1zQd+XXX7ucf2996Yl/9bhr//f3ing3D9f879//LW/2cVUnf9u8SNAQAAAHg/yl/PH94eP/XNBUN9/36h6/8/euaBko7m8ysnx7dVz3rig31Xra1+fVHHRZ/YfusbH46V//VTefm/rbD8X5S9fTu//w8AAABOwf/b9/8tzhtneCPd/79v3DPnrPnsPT+o/WbZU+e+eXfzd9oPTj9v87QzPlJ0fvecmX/4fl7+by8s/4fb07JfXk94fm6vCIKJgzvpuwluDae7LFLoKs4qpE58pEd92CNd6CrJKiS1RHp8rCIIpgzutEUKp4eF9khhoDxd2BQp7A0L6eshU3g0UugJr7R7y9PTjRZ+FhbSCyy6whUUp2WWRER6HBuqx2DhpD0OZJ4cAADgfSUMz+ksW5zbDKJRtis20gFlIx0QH+mAopEOGBM5IHrgUI8HjbmF8PEfz+1e+so1D9b1Xt1w9KzZe5bc0faBnkW9O7/wo55z/nL1Cws/nZf/NxWW/8NTMTa1GWr9fxCu/09/r2Fm/X9jWKiMFLrCQiJ6x4BE+BypsHtn+ByViXSPgYmZAgAAALynhZ8LFI3yPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sHfvcVJVd4LATzf9oJum6YgBY4ygRkR3aZomGEQcUXRXo4tNJKtjhtAIjXZoAwq4YsyKr3GV6GLUmBjZwY+jJg6r+CDqRIXoiElGJfE5Kz4HnciqS9BR45gs++m+dYqqW112IaC0+/3+0XWqfud569F17r11LgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/P/hsiX3Nrw58H9965ffW/f697409TdTD9m8y19uqHt3yDlPbT5ocN0tbw1asPCNtklnXtsyffk1G1YuDaGlq1xZUrzsoUHl5aP/cMxdt13xcNO0wVPOrcrUm4mHfp1/yjN3Loytvto/hLvLQqhIB0bUJYHKzP26WN8edSF8LmwJZEu01SYl0g2Hh2tCWBa2BLJV3VsTQl1OYMoTD666rDNxVU0I+4YQqtNtvFCdtFGTDgyrSgK16cCciiTw/uZENnBPeRKArVHV3YPxzZB90a9oyc/Q0H1lRV5/lR+3czuZ9PD6xERD8XxvHbaDO5Wj4Lls2aanrduXBttdwdtjtXdbL3i3FWznJZ623C9SmW8om7eEqkP5zLZZ0xd0zI+PlIfGxj7FatpBz/O6TefM2Jp0r3kdxg40bJfX4QO1k+ove3viwStP/uPp+85fO3Vbu/lczibNTe9o1SHzmus1z2M04dP7PNm8LYW3r539aSv4ljTUl64QwvF/+nzZM3Ne2n3jB6+eOPH2Fy6+etrCa6ZMfHbQL8b+47W73D3t8oL5f8NHz//jyznelufljq1+WJ/MzeMjdTGxsT6ZmwMAAECv0Rv2mn519KsvnfrQ3YteXH5cxXfH/eqk3eorzv5+x/G7rhz/xUuvbH98l4L5/9DSjv/HQ/51uaNdHcKErsQFA0LYrevxJPCz2J2TB4SwV1eqJT9wWCqwOoQvdCX2z1aVKtE3lhiaCvy+PhOYkAqsiYGWVODGGFiSClwYAytSgRkxsDoVODwGQnv+OA6oz4yj5EBNDLQmG3FFPAvhnfrYWmpbrctWBQAAsJ1kZoeV+XdzznXY1gxxermipqcM8QzsohmqUzWkZ7DZaVXRGip6qqG8pxqy41700cMvqLmsp5oLTsMoy8/w4ZDvlA+YuPeP7rpxxE3NL0787rtjj//Kn998d/X+//Tf7zln/nUHFMz/mz56/l/dTUfKCo7/hzC562/MXZ6JdGTjrS15GQAAAIBtcNVjS5+84YCj/s99L99355euvaF89dVf/7+vbLxg71HHDS/r+3ffXlEw/59Q2vn/cZ9In5zM4dG4G2L2gBCa8gNJtQcXBpKj3v0yAQAAAOgNssfjs8fC2zO3ySna6fl0Yf6WrcwfD/xP6Db/5Zv++tkvX/vkiQuH7bPhiv925gdlnx/7u12OXTvy8bf2HPYPDX0Lz/9vKe38/9r826QTa2IvrhwQQt+cwCOxl52BLkNj4OVD8wOZ8a+JG2BxrCpzYkK2qsWxRGsMNKUCy4qV+G22xG75gcyTlW38guw42jMlcgIAAADwiYu7A+Jx+Xj+/z2TD/jS/oNeGvPinvcufG3C0hNOrf3hPrfs+vqAjkljDpxwyBHPFMz/W7fu/P+ueXDB6f0d/UIYWRFCn/QPAx6tTRYGjIG6skzi/tqkrj7pqs6rDWF858DSVb2SWf+/Ir3G4BM1SVUxsNveP900rDNxQ00II3MDz3zz+jGdifmpQLbxb9SEMKRztOnGV/ZNGq9MN35N3xD2zAlkqzq5bwidjVWlq3qwOnMdg3RVt1WHMDAnkK3qwOoQFgYAeqn4r3Rm7oPzFp49e3pHR9sZOzAR9+HXhFntHW2NM+Z0zKwu0qeZqT7nLWN0XuGYSr3yzfOZJYqmDrl9eCnp7O8Em3LbyuzHLzhxMHM/fheq7Bpnc2Xe3dHpIQ/fp7CJkPNNqtiQy3fwkGtzK9nyJBbUH/NXhX6h74J5bWc0njV9/vwzRiV/S83enPyNh5mSbTUqva1qu+tbCS+PoqtlpXzcbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/PQx1v+6qTg118/Uljms7DnX3ipxKPolPDQkJid6WmL6k7PwJ0359/7f2WHPaWSft8fd7zBxx0l9d/pu5JzYeMvlX1//l2oL5/9yPnv/HT534yZ9Zn6HY8f+GeJg/eXzLYf7WGFhW6vH/hmJH87MnBgxNBRbFwCKH+QEAAPhsiLsj497MuFf6urp/uvvImTMOef+XJ0y5+m/Hjjv1rPX7Nlx89bFL/sP6d5asOuLtgvn/otJ+/7+d1v/PLl3/tWLL/O8fSzQVW/8/vcx/dv3/RcXW/08v859d/3/Zp7D+/4JsILVJ3rH+PwAA8Fnwya3/3+Py/ukLBBRk6HF5//QFAgoy9LiMf6kXCNjq9f/ndPxF7aDL54w7dMTcHz+yau8lA2/70vMTf73P0oNG3LvylvdG3Vow/19S2vzfwv0AAACw83jol32/ffG7w+5/6pH3jyy79Lcbbzr+r9oOOOQPA5tPmXx0zfdv+reC+f+y0ub/n/z6f6HY+f9DiwVaii0MaP0/AAAAeqli6//dPPDloavnj7jxsZ+/ectLrb+YOf61f7fkB1+ZPqzp5jXrftMwY33B/H9FafP/eNpFeV7u2JsP65M17UJ6TbuN9dmfDAAAAEDvUB4aGytLzJu3MuphH7/NdZmlQD8qnevp+watWlD+0FVl1Rt/cMm0QxrPPfbMOUdetP77tU/+pHZqY/UZBfP/1aXN//N+l/FA7aT6y96eePCHK0/+4+n7zl87dcvxfwAAAGDHKXW/BAAAAAAAAAAAAAAA8Ol7qnXpQR+MOvqNmXuN+tM3jn3hB4u/+M1H/ubaP5/588Pv26t987ApBb//D5O7yhX7/X+87l/8fcGuebljqz2v/5e5P+WYWxd2LVn4aH0I++QGZp8/+3Mhc23+/XIDq6buP7gzcX66xH0vHv5aZ2JaOnDUiF3e60yMTwVa4yKJX0gH4lUV3+ufCsTlFZ9MB+L2WJEOVGUCl/RPxlGW3lYb6pJtVZbeVs/VhTAgJ5DdVnfXJW2UpQd4VSqQHeDp6UAc4KRMoDzdq1v7Jb2KgbpY9G/6Jb0CAGCnFb8FVoZZ7R1tTfErfLzdvSL/Nspbsuy8wmrLSmz++czSZFOH3D68lHSf9HfRLdcarwzVnUMYVfB1NTdLWdcot08tPWy6XYsMuafV3sqLlEvb2k1XVXxENcmIGmfM6ZhZ2ePAR/ecpbmixyyjCiY7uVnKuzZpCbWU0JcSRlTitimhy/F+eWhs7JPKNS4GG0Kenl4Rpf5eP3edv2Kvgtw8f1tz7aV9Bvd5/9/GX/TQgwMqO06d3HbR7o/988BRM3/8wwdbr/l9wfy/obT5f3XuuN7LXAxgUbyy3sEDQmgtcUQAAADw2fc/z11+x4lz1myYtbri2d/9bnb5cSdWbj7nrnPOvui5+xcfdcm/v3lb4yvKntp04hubzvrrN37ylesePuulw2ecddekdYesb6u+8bt/sfzUIQXz/6Glzf/jHqzMoeBkb8fqeP3/CwaE0HVp/YYk8LM43JMHhLBXV6ollkguqP+1WKIpCfws7jDZP5Zobcmvqm8MrEgFfl+fCaxOBdbEQGYvxU9DZlfOFfUhjOlKTc4vMTeWaEgFjouBoalAYww0pQL9Y2BCKvBm/0ygJRX4xxgI7fnb6s7+mW0FAACwNTLzrMr8uyE9z1tR0VOGsp4y1PaUobynDNU9ZSg2inj/jpihMnXySllOpsp0rTWpWgoyxIvhb3W/CjKE3+bnTBcsaDqef5A936AsP8O4H97RetDX5v1408U/evzIAy88csmVb196dL/BVz77v9vP7dd/U23B/L+ptPl/bf5t0vqaOP/fcv2/JPBI7N6V8dTxoTHw8qH5gcyOgTVxsrs4W1VLpkRm0r44lpgQA0NTgbkxMCEVaJ2cCSwbnB/IzLSzjV+Qbbw9UyInAAAAAJ+4uIMg7qaJ8/+V48I7exz5fvPuVw6cO+7xR847YnrNrtU1/zx+7dLxl1Y/tF/fgvn/hNLm/7G9frmNXRh782r/EO4u29KbbGBEXRKI+zHq4s/j96gL4XM5OziyJdpqkxJVqYbDwzXJL9Sr0lXdW5OsMRDvT3niwVWXdSauqglh35y9L9k2XqhO2qhJB4ZVJYHadGBORRKIe36ygXvKkwBss+xewfiCypzqktXQfbkir7/PyjVB08Mr2AfaTb7ufnO1o1SnH8jsU83auqetoDp2iIK3x2rvtt74bmvwbsv9IpX5hrJ5S6g6lM9smzV9Qcf8+EjuL1kL7KDnOfdXqqWkt8PrcNHH723PqtMdaEp9fDR1X67712FZrO6B2kn1l7098eCVJ//x9H3nr51acjeKiD8UPvjWuQc8l7N5d7TqkHnN9brPkxafJ73x38BQT1sIYfkFs5584l/ef75iffN/OXDs8tvefGz5Tw56YNaIL2y45Msb33r3qIL5f0tp8/+K1G2XD+LGnDcghOE5G/fRuPknDkg+B3MCyafkwMJAcsh9fX3RT04AAADY3rK7O7L7C9ozt8kJ4el5cmH+lq3MH/dXTOg2f6n9HjjmH7536FWvf+Pr63e//NGlT637T2++csS0Qx/Y9PSKla83H/v5pwvm/60fPf/vm+qm4/+O/7ODOP7frZ19V3Tf9AOLtmlXdEF17BCO/3drZ3+3Of7fLcf/Hf/vjuP/PXD8v1s7+9NW8C1pri9dIYTWATfc/ova6cP7XXHOt2as/fnT7zSNe6Hu3KPv/B+HLw7XnLfqzwXz/7mlzf+t/9f9on3Z9f9ai63/N7fY+n+LrP8HAADsUEUWmkvP8wpW7yvIkF69ryBDjwsE9rjEoPX/tnr9v9qTzj7plfq39rpm4u3/+c7pFz5/0onP7tvn+RNuP+GmkVcPf+nLGwrm/4tKm//Hl0O/3NZ7y/p/QycXqWpJDMy1MCAAAAA7o2I7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPh0rXhw8Rc3L97noJue/fxNh//rsjWz9v7VAZtHjzm5cfjigWVX/t2/vDVowcI32iadeW3L9OXXbFi5NIT2rnJlSfGyhwaVl4/+wzF33XbFw03TBk85tzpTb2Xm9ot5uWOrH9aHsCznkbqY2FjfeWdLYMoxty6s6Ew8Wh/CPrmB2efP/lxn4sb6EPbLDayauv/gzsT56RL3vXj4a52JaenAUSN2ea8zMT4TKEt397r+SXfL0t29rH8IA3IC2e5+u39+Vdk2/mMmUJ5u4+a6pI0YqItFf1SXtBEDHbFEe98QRlaE0Cdd1a+rk6r6pKv6++qkqj7pqv5rdQjjQwgV6aperEqqqkiPfG1VUlUM7Lb3TzcN60wsqwphZG7gmW9eP6YzcXoqkG3861UhDOl8yaQbv6Myabwy3fhVlSHsGUKoSpf414qkRFW6xCsVIQzMCWQbP7UihIWBz4T44TMz98F5C8+ePb2jo+2MHZioyrRVE2a1d7Q1zpjTMbM61adiynLSm8/7+GN/ftM5Mzpvpw65fXgp6YpMucquLjdX5t0dvbP3PvarNreSLc9HQf0xf1XoF/oumNd2RuNZ0+fPP2NU8rfU7M3J3z6ZaLKtRvWWbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/22Oo13/yQ929IqeST+IDQEJCorclyvM+3Zp29g/ygi/6WzpaGaq7PqALphW5Wcq6Rrk9Bn3Yxxzxx/me0uOIRhVMHAqyNPecZXTBZGJLlpokS9f3uoLJYW5N5V2bNN4vD42NfYpth4b8u7mb961t2LzrMpuu1DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD/2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBYAAAAAECYv3UYPRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlwIAAP//WKHPZA==")
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
ioctl$FITRIM(r0, 0xc4009420, &(0x7f0000000180)={0x5, 0x7e00})
ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000000)={0x6, 0x495ffebd, 0x9})

2.487530777s ago: executing program 6 (id=587):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000005c0)={0x24, &(0x7f00000003c0)={0x40, 0x17, 0x1, '!'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

2.361658587s ago: executing program 3 (id=588):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r0, <r1=>0xffffffffffffffff}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1f, 0x1d, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}, @snprintf={{}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0xb3}}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, @void, @value}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r2}, 0xc)

2.193907147s ago: executing program 3 (id=590):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01"], 0x7c}}, 0x0)
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000005c0)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870fd00090582020002"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xa8, &(0x7f0000000400)=ANY=[@ANYBLOB="1b1b"])

1.941809678s ago: executing program 4 (id=592):
unshare(0x22020600)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000280))
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)

1.745252368s ago: executing program 5 (id=593):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, &(0x7f00000003c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x2a}, @snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0x28, 0x10, &(0x7f00000002c0)="0000ffffffffa000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

1.68309818s ago: executing program 4 (id=594):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffff, 0x3}, 0x6)
setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000100)={0x1, &(0x7f0000000180)=[{0x7, 0xf5, 0x7, 0x4}]}, 0x10)
write$binfmt_misc(r0, &(0x7f0000000100), 0x6)

1.522681873s ago: executing program 4 (id=595):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000003c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225c380fac12f8205d182f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05bea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d96ee1b84bb64b14aebc6b5194c55dd6890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b07838a3ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828bf209d0ed9829dec16ab67a4f59a504e09f55ab82bbd405087a17a229a149c53ee9145500db213cb36489a10957739e481a756e65bde579bbbfb404213f661eeaaffacbcfbfd60b1a715c366da2b37ac7e9e3033f8ec04db1c2412e02ccd0617d9fb646c4897750d068c936c3558a94b05d7c65c0d458c0d70d0aa864bc1e324d3f69b1b4061627da875a4b5c2668ab0990623fe6f3b54cd1c79da4baf256f88750c18486330589473e267fa44e220cf40db662b570c2a2fbba9a34a3dd7bbd8368fe506daa62b45797d4b397905a69e58eb436c08cc78963197adb1b16ad83a1a9b4"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000000)={@cgroup=r0, r0, 0x2e, 0x0, 0x0, @void, @value}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000002340)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4509c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a900d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a3c0db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05fea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848022e8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828bf209d0000000000000000000000000001545f0ec539c3b58facd2f62dc3307a6c91d6b"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000380)={@cgroup=r1, r1, 0x2f, 0x2014, 0x4, @value}, 0x20)

1.468052926s ago: executing program 5 (id=596):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000980)=ANY=[@ANYBLOB="18000000000000040000000000000000850000000e000000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000400)='io_uring_cqe_overflow\x00', r0}, 0x10)
r1 = syz_io_uring_setup(0x5078, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000940), &(0x7f0000000000))
io_uring_enter(r1, 0xb15, 0x0, 0x0, 0x0, 0xfffffd45)

1.266919608s ago: executing program 4 (id=597):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x33, &(0x7f0000000180)=0x6, 0x4)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2}, 0x1c)
sendto$inet6(r0, &(0x7f0000000040)='K', 0x1, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @rand_addr, 0x2}, 0x1c)

1.20902559s ago: executing program 5 (id=598):
syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000080)='./file0\x00', 0x4000, &(0x7f00000026c0)={[{@part={'part', 0x3d, 0x10ffff}}, {@umask={'umask', 0x3d, 0xffff}}, {@codepage={'codepage', 0x3d, 'iso8859-1'}}, {@iocharset={'iocharset', 0x3d, 'cp866'}}]}, 0x4, 0x343, &(0x7f0000000280)="$eJzs3U9r1EwcB/DvJLvb7LOlT562D4Xn9FAteCptPSgetEjx4hvwIMXabqE0VtAKWhCrZxFvguDRm2fRt6AX8Q0oHgqKJ70UD0ZmMvm3zmTT7bZp7fcD7mY38+c3yUwy01IDIjqyzs99eH5yS/4TdQAugDOAA8ADagD+xZh3a229a0FusiUQ5RS/pVlca5uyetA5NF9+qmEw+x3tjTAMw4/23Z/Oqrdv+xcQVUJkR3CGAwzAUSNR7ff2PbK9sSnbddRkzrDYxjZuY6jKcIiIqHr6/u/ou8Sgnr87DjCh5+GH/f6fm99sVxfHgZDc/53ocyjk8flb7ZLrvZX1oL0ULeHk2XfiVaKpLGOfCF009KZ6dwC3lZlyZWoxU7E4zeWVoD25qQp4gHNaJtmoel1C3BCZFLZodUTjhrVpgaK2F2upNtRlG2Ys8Y8U1WhcAL/+gifm6ubflohJvBHvxLzw8RRLyfyvFgp5cNTx8TuGShT/lL1E1Uo/SpVrZRr+P6qS/+Iz8OpF2sqm7bh6cGUsJrIU0Tl/9+M4HzfsuTCM/I8VotZN21unco0ANaE7V5prJkn0w5hrtLOu5nI9aE8uXg9snb6/jCs68UhcEuP4ipeYy8z/HZl6AvaRmRvlQqXUPaOwPTWV0nIec9QAvlZ+ZNZLp/zTXTCe6A6f8x8f4ipOY+jmnY3VhSBo36h+Ix4qPWb/v8/xRB1Rd0f5jXzPpIEnN2Qn7FulP8MwNO6qoWQ5cpD2HEY0oE49S5u8sbog9DVvdw2UV86OXbP2xABmAehv4itCL7XfS3INpAWWyv5dnm31jblDxlHtwwCJq8rtcjFQaqQ0e6j04t3VhaDnqxEdIulJx9jlqoOhKsh5l4jWf5n1ypS66sgXv2D9E3YrPFPitGUFNKxe/0pWcEqXNVfLvoJrxRtd1lzHTgDHG/kaHcQ13u8s1tdx4iD+VnLnv8oQc3iPK/z5PxERERERERERERERERERERERERHRYbPTv0bo5c8J8jVuHcH/eIOIiIiIiIiIiIiIiIiIiIiIiIiIiIiIaHfS5/8mz3dpmJ7/W/SkJsWNnhDj9eP5v26J5/+KzXINJCKrXwEAAP//HJ9f3A==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
getdents64(r0, &(0x7f0000000000)=""/52, 0x34)
getdents64(r0, 0xfffffffffffffffe, 0x29)

919.705401ms ago: executing program 4 (id=599):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x4, <r2=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000180)=@attr_arm64={0x0, 0x1, 0x1, &(0x7f0000000000)=0x9})

841.404088ms ago: executing program 5 (id=600):
r0 = socket(0x2b, 0x1, 0x0)
listen(r0, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c)
connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e22, 0x3, @dev={0xfe, 0x80, '\x00', 0x2d}, 0xffffffff}, 0x1c)

468.243708ms ago: executing program 5 (id=601):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000080)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x7}}, {@noload}, {@acl}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x1, 0x783, &(0x7f0000001000)="$eJzs3c9rHFUcAPDvbJKmSauJIGg9BQQNlG5Mja2Ch4oHESwU9Gy7bLahZpMt2U1pQg4tIngRVDwIeunZH/Xm1R9X/S88SEvVtFjxIJHZH+222U03bXY3kM8HXva9mdm89903P97sDDsB7FkT6Z9MxKGI+DiJGKtPTyJiqJobjDhRW+72+lo+TUlsbLz9Z1Jd5tb6Wj6a3pM6UC88HRE/fRBxOLO53vLK6nyuWCws1ctTlYXzU+WV1SPnFnJzhbnC4rHpmZmjx186fmznYv3719WD1z954/lvT/z7/lNXP/o5iRNxsD6vOY6dMhET9c9kKP0I7/H6TlfWZ0m/G8BDSTfNgdpWHodiLAaquTZGetkyAKBbNgCAPSgxBgCAPabxPcCt9bV8I/X3G4neuvFaROyvxd+4vlmbM1i/Zre/eh109FZyz5WRJCLGd6D+iYj48vt3v05T1PvBtTSgFy5djogz4xOb9//JpnsWtuuFrWZuDFdfJu6bvNeOP9BPP6Tjn5dbjf8yd8Y/0WL8M9xi230YD97+M9d2oJq20vHfq033tt1uir9ufKBeeqw65htKzp4rFtJ92+MRMRlDw2l5urpo65Hb5M3/brarv3n899en732V1p++3l0ic21w+N73zOYquUeNu+HG5YhnBlvFn9zp/6TN+PdUh3W8+cqHX7Sbl8afxttIm+Pvro0rEc+17P+7fZlseX/iVHV1mGqsFC1899vno+3qb+7/NKX1N84FeiHt/9Gt4x9Pmu/XLG+/jl+ujP3Ybt6D42+9/u9L3qnm99WnXcxVKkvTEfuStzZPP3r3vY1yY/k0/slnW2//tWpbr//pOeGZDuMfvP7HNw8ff3el8c9uq/+3n7l6e36gXf2d9f9MNTdZn9LJ/q/TBj7KZwcAAAAAAAAAAAAAAAAAAAAAAAAAncpExMFIMtk7+Uwmm609w/vJGM0US+XK4bOl5cXZqD4rezyGMo2fuhxr+j3U6frv4TfKR+8rvxgRT0TEZ8Mj1XI2XyrO9jt4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKg70Ob5/6nfh/vdOgCga/b3uwEAQM85/gPA3rO94/9I19oBAPSO838A2Hs6Pv6f6W47AIDecf4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAl506eTJNG/+sr+XT8uyFleX50oUjs4XyfHZhOZ/Nl5bOZ+dKpbliIZsvLbT9R5dqL8VS6fxMLC5fnKoUypWp8srq6YXS8mLl9LmF3FzhdGGoZ5EBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOfKK6vzuWKxsCSzZWZkdzRj12QGY1c0Q6Zrmea9xEj/dlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu9z/AQAA//+MoS4e")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f0000000140)='Q', 0x1, 0x200980)
ioctl$EXT4_IOC_CLEAR_ES_CACHE(r0, 0x6628)

448.90195ms ago: executing program 4 (id=602):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f00000001c0)={[{@treelog}, {@nodatacow}, {@max_inline={'max_inline', 0x3d, [0x6d, 0x33, 0x78, 0x39, 0x65, 0x36]}}, {@space_cache}, {@nodatasum}, {@nobarrier}, {@flushoncommit}, {@user_subvol_rm}, {@ref_verify}, {@noenospc_debug}, {@clear_cache}, {@commit={'commit', 0x3d, 0x3}}, {@ssd}, {@nobarrier}, {@max_inline={'max_inline', 0x3d, [0x32, 0x36, 0x38, 0x35, 0x36, 0x25]}}]}, 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x22)
pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xfecc)
lseek(r0, 0x8183, 0x3)

199.95533ms ago: executing program 6 (id=603):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000180)='./file0\x00', 0x20044e, &(0x7f0000000340)={[{@minixdf}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1ff}}, {@stripe}, {@noblock_validity}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6}}]}, 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==")
mkdir(&(0x7f0000000080)='./bus\x00', 0x0)
r0 = open(&(0x7f0000000980)='./bus\x00', 0x30000, 0x1b0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f00000004c0)=@v1={0x0, @adiantum, 0x8, @auto="5e05ab1e97bf1ec4"})

3.703373ms ago: executing program 5 (id=604):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ptrace$ARCH_SET_CPUID(0x1e, r0, 0x1, 0x1012)
ioprio_set$pid(0x3, 0x0, 0x0)

0s ago: executing program 3 (id=605):
r0 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
shutdown(r0, 0x1)
write(r0, &(0x7f0000000180)="b1f6a4e6086771339298ff93c614cda94476d7b36598b8cb08591ffc2467faa14eba6144e8129396", 0x28)

kernel console output (not intermixed with test programs):

byte 0 failed err ffffffb9
[  107.323860][ T5893] usb 5-1: USB disconnect, device number 2
[  107.339525][  T977] udl 5-1:0.0: [drm] Cannot find any crtc or sizes
[  107.339858][   T43] usb 1-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  107.387240][ T6153] XFS (loop1): Ending clean mount
[  107.417910][   T43] usb 1-1: config 0 interface 255 has no altsetting 0
[  107.426958][ T6153] XFS (loop1): Quotacheck needed: Please wait.
[  107.441212][ T5968] hsr_slave_0: entered promiscuous mode
[  107.451837][   T43] usb 1-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b
[  107.474557][ T5968] hsr_slave_1: entered promiscuous mode
[  107.480963][ T5968] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  107.493008][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  107.512304][   T43] usb 1-1: config 0 descriptor??
[  107.518249][ T5968] Cannot create hsr debugfs directory
[  107.549334][   T43] ums-realtek 1-1:0.255: USB Mass Storage device detected
[  107.568751][ T6153] XFS (loop1): Quotacheck: Done.
[  107.764673][ T5825] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  107.847854][ T6184] loop3: detected capacity change from 0 to 65
[  107.856124][ T5831] usb 1-1: USB disconnect, device number 3
[  107.879484][ T6184] BFS-fs: bfs_fill_super(): NOTE: filesystem loop3 was created with 512 inodes, the real maximum is 511, mounting anyway
[  108.338396][ T6196] loop3: detected capacity change from 0 to 256
[  108.381827][   T30] kauditd_printk_skb: 38 callbacks suppressed
[  108.381845][   T30] audit: type=1800 audit(1750337806.731:50): pid=6196 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.70" name="file1" dev="loop3" ino=1048607 res=0 errno=0
[  108.578160][ T5968] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  108.640583][ T5968] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  108.667333][ T5968] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  108.707183][ T5968] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  108.852998][ T6215] input: syz0 as /devices/virtual/input/input5
[  108.860415][    T9] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  109.043834][ T5920] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  109.051398][    T9] usb 1-1: Using ep0 maxpacket: 8
[  109.065442][    T9] usb 1-1: config index 0 descriptor too short (expected 74, got 45)
[  109.078968][ T5968] 8021q: adding VLAN 0 to HW filter on device bond0
[  109.087439][    T9] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024
[  109.116271][    T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  109.134949][ T5968] 8021q: adding VLAN 0 to HW filter on device team0
[  109.150527][    T9] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024
[  109.203809][    T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  109.227620][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.234823][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  109.239608][    T9] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  109.292375][    T9] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  109.295368][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.302786][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  109.308605][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  109.311429][ T5920] usb 4-1: Using ep0 maxpacket: 32
[  109.356332][ T5920] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  109.378100][ T5920] usb 4-1: config 0 has no interface number 0
[  109.397907][ T5920] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  109.409380][ T5920] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  109.448833][ T5920] usb 4-1: Product: syz
[  109.453103][ T5920] usb 4-1: Manufacturer: syz
[  109.471130][ T5920] usb 4-1: SerialNumber: syz
[  109.503138][ T5920] usb 4-1: config 0 descriptor??
[  109.525412][ T5920] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  109.568297][    T9] usb 1-1: GET_CAPABILITIES returned 0
[  109.578392][    T9] usbtmc 1-1:16.0: can't read capabilities
[  109.743870][ T5920] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  109.771686][ T5920] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  109.777806][    C0] usbtmc 1-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[  109.793816][ T6204] usbtmc 1-1:16.0: Unable to send data, error -71
[  109.824101][ T5893] usb 1-1: USB disconnect, device number 4
[  110.195687][    C1] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71
[  110.210029][ T5920] usb 4-1: USB disconnect, device number 2
[  110.210107][ T5968] 8021q: adding VLAN 0 to HW filter on device batadv0
[  110.244980][ T5920] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  110.299538][ T5920] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  110.343093][ T5920] quatech2 4-1:0.51: device disconnected
[  110.749424][ T6255] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  111.137057][ T6265] loop0: detected capacity change from 0 to 256
[  111.160345][ T5968] veth0_vlan: entered promiscuous mode
[  111.186520][   T30] audit: type=1800 audit(1750337809.531:51): pid=6265 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.83" name="file1" dev="loop0" ino=1048608 res=0 errno=0
[  111.277496][ T5968] veth1_vlan: entered promiscuous mode
[  111.277819][ T6270] loop1: detected capacity change from 0 to 16
[  111.354497][ T6270] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  111.384583][ T5968] veth0_macvtap: entered promiscuous mode
[  111.439702][ T5968] veth1_macvtap: entered promiscuous mode
[  111.530340][ T5968] batman_adv: batadv0: Interface activated: batadv_slave_0
[  111.563172][ T5968] batman_adv: batadv0: Interface activated: batadv_slave_1
[  111.616780][ T3005] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  111.653929][ T3005] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  111.662668][ T3005] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  111.709241][ T3005] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  111.893997][ T6282] netlink: 'syz.1.90': attribute type 7 has an invalid length.
[  111.922060][ T6282] netlink: 'syz.1.90': attribute type 8 has an invalid length.
[  111.966097][ T6282] netlink: 'syz.1.90': attribute type 4 has an invalid length.
[  112.045918][ T6282] netlink: 212 bytes leftover after parsing attributes in process `syz.1.90'.
[  112.067641][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  112.096846][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  112.194251][   T43] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  112.226420][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  112.242373][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  112.378832][   T43] usb 4-1: Using ep0 maxpacket: 32
[  112.401956][ T6299] loop0: detected capacity change from 0 to 1024
[  112.425788][   T43] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  112.437796][ T6299] EXT4-fs: Ignoring removed oldalloc option
[  112.446945][   T43] usb 4-1: config 0 has no interface number 0
[  112.478415][   T43] usb 4-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  112.507679][ T6299] EXT4-fs: Ignoring removed orlov option
[  112.509124][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  112.565325][   T43] usb 4-1: Product: syz
[  112.566902][ T6299] EXT4-fs (loop0): stripe (1570) is not aligned with cluster size (16), stripe is disabled
[  112.579761][   T43] usb 4-1: Manufacturer: syz
[  112.598613][   T43] usb 4-1: SerialNumber: syz
[  112.645561][   T43] usb 4-1: config 0 descriptor??
[  112.674274][   T43] usb 4-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  112.690406][   T43] usb 4-1: selecting invalid altsetting 1
[  112.696632][   T43] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  112.705131][ T6299] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  112.708751][   T43] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  112.732836][   T43] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  112.741216][   T43] usb 4-1: media controller created
[  112.766168][   T43] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  112.886092][ T6314] sch_tbf: burst 3287 is lower than device lo mtu (65550) !
[  112.934179][   T43] usb 4-1: dvb_usb_ce6230: usb_control_msg() failed=-32
[  112.952479][   T43] zl10353_read_register: readreg error (reg=127, ret==-32)
[  112.952919][ T6316] loop1: detected capacity change from 0 to 1024
[  113.024323][ T6317] EXT4-fs error (device loop0): mb_free_blocks:1948: group 0, inode 16: block 113:freeing already freed block (bit 7); block bitmap corrupt.
[  113.070429][ T6317] EXT4-fs (loop0): Remounting filesystem read-only
[  113.090724][ T6299] syz.0.97 (6299) used greatest stack depth: 19672 bytes left
[  113.099503][ T6316] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  113.099601][ T6316] ext4 filesystem being mounted at /21/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  113.151840][ T6316] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  113.193184][ T6316] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 65 with error 28
[  113.211428][ T6316] EXT4-fs (loop1): This should not happen!! Data will be lost
[  113.211428][ T6316] 
[  113.255140][ T6316] EXT4-fs (loop1): Total free blocks count 0
[  113.277917][ T6316] EXT4-fs (loop1): Free/Dirty block details
[  113.286639][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.299266][ T6316] EXT4-fs (loop1): free_blocks=4293918720
[  113.312473][ T6316] EXT4-fs (loop1): dirty_blocks=80
[  113.320534][ T6316] EXT4-fs (loop1): Block reservation details
[  113.328077][ T6316] EXT4-fs (loop1): i_reserved_data_blocks=5
[  113.428551][ T6327] loop4: detected capacity change from 0 to 2048
[  113.448316][ T5825] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.511484][ T6327] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  113.625678][ T6327] EXT4-fs (loop4): shut down requested (0)
[  113.853204][ T6338] can0: slcan on ptm0.
[  113.951265][ T5828] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  114.044048][ T6286] usb 4-1: dvb_usb_ce6230: usb_control_msg() failed=-110
[  114.190152][ T6336] can0 (unregistered): slcan off ptm0.
[  114.274314][ T6347] loop4: detected capacity change from 0 to 8
[  114.341979][   T43] usb 4-1: USB disconnect, device number 3
[  114.398064][ T6345] loop0: detected capacity change from 0 to 4096
[  114.634915][ T6345] ntfs3(loop0): ino=21, "file0" direct i/o + compressed not supported
[  115.317073][   T43] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[  115.523970][   T43] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  115.543452][   T43] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2
[  115.552452][   T43] usb 4-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  115.608959][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  115.663150][   T43] usb 4-1: config 0 descriptor??
[  115.678541][ T6392] loop5: detected capacity change from 0 to 2048
[  115.688628][   T43] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  115.727168][ T6392] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024)
[  115.736756][   T43] dvb-usb: bulk message failed: -22 (3/0)
[  115.747524][   T43] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  115.801327][   T43] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  115.821146][ T6399] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  115.829019][   T43] usb 4-1: media controller created
[  115.855810][   T43] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  115.860866][ T5886] udevd[5886]: incorrect nilfs2 checksum on /dev/loop5
[  115.930384][   T43] dvb-usb: bulk message failed: -22 (6/0)
[  115.945295][    T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  115.958643][   T43] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  116.039217][   T43] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input6
[  116.069414][ T6400] bridge0: port 2(bridge_slave_1) entered disabled state
[  116.116171][   T43] dvb-usb: schedule remote query interval to 150 msecs.
[  116.138971][   T43] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  116.153494][    T9] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  116.162680][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  116.227286][    T9] usb 2-1: config 0 descriptor??
[  116.278086][    T9] cp210x 2-1:0.0: cp210x converter detected
[  116.294753][   T24] dvb-usb: bulk message failed: -22 (1/0)
[  116.325411][   T24] dvb-usb: error while querying for an remote control event.
[  116.432439][ T6382] loop0: detected capacity change from 0 to 32768
[  116.494708][ T6382] XFS: noikeep mount option is deprecated.
[  116.507205][   T43] dvb-usb: bulk message failed: -22 (1/0)
[  116.537778][   T43] dvb-usb: error while querying for an remote control event.
[  116.571446][ T6382] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  116.610706][   T43] usb 4-1: USB disconnect, device number 4
[  116.685129][    T9] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32
[  116.711386][    T9] usb 2-1: cp210x converter now attached to ttyUSB0
[  116.714262][   T43] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  116.865099][ T6382] XFS (loop0): Ending clean mount
[  116.900167][ T6382] XFS (loop0): Quotacheck needed: Please wait.
[  116.931645][ T5893] usb 2-1: USB disconnect, device number 2
[  116.965314][ T5893] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  117.003059][ T6382] XFS (loop0): Quotacheck: Done.
[  117.028267][ T5893] cp210x 2-1:0.0: device disconnected
[  117.270034][ T5827] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  117.953796][ T6449] capability: warning: `syz.1.138' uses deprecated v2 capabilities in a way that may be insecure
[  117.977470][ T6450] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  118.061986][ T6424] loop5: detected capacity change from 0 to 32768
[  118.188486][ T6424] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  118.399138][ T6424] XFS (loop5): Ending clean mount
[  118.637924][ T5968] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  119.258193][ T6472] loop0: detected capacity change from 0 to 32768
[  119.311152][ T6472] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.142 (6472)
[  119.428151][ T6478] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  119.429755][ T6472] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  119.464320][ T6472] BTRFS info (device loop0): using sha256 (sha256-x86_64) checksum algorithm
[  119.469917][ T6478] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  119.535443][ T6478] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  119.564117][ T6478] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  119.709221][ T6472] BTRFS info (device loop0): rebuilding free space tree
[  119.764943][ T6478] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  119.774323][ T6472] BTRFS info (device loop0): disabling free space tree
[  119.781285][ T6472] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  119.834029][ T6478] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  119.842608][ T6472] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  119.945206][ T6478] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  119.974097][ T6478] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  120.058394][   T30] audit: type=1326 audit(1750337818.411:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6521 comm="syz.3.154" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbfea58e929 code=0x0
[  120.299815][ T5827] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  120.476213][ T6487] loop5: detected capacity change from 0 to 40427
[  120.554312][ T6487] F2FS-fs (loop5): invalid crc value
[  120.732481][ T6533] netlink: 12 bytes leftover after parsing attributes in process `syz.0.155'.
[  120.743015][ T6478] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  120.767082][ T6533] netlink: 28 bytes leftover after parsing attributes in process `syz.0.155'.
[  120.778088][ T6478] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  120.808667][ T6533] netlink: 12 bytes leftover after parsing attributes in process `syz.0.155'.
[  120.841805][ T6533] netlink: 28 bytes leftover after parsing attributes in process `syz.0.155'.
[  120.892047][ T6487] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  120.912627][ T6533] netlink: 'syz.0.155': attribute type 6 has an invalid length.
[  121.062951][   T30] audit: type=1800 audit(1750337819.411:53): pid=6487 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.148" name="bus" dev="loop5" ino=10 res=0 errno=0
[  121.177439][ T5968] syz-executor: attempt to access beyond end of device
[  121.177439][ T5968] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  121.227978][ T5968] CPU: 0 UID: 0 PID: 5968 Comm: syz-executor Not tainted 6.16.0-rc2-next-20250619-syzkaller #0 PREEMPT(full) 
[  121.228007][ T5968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  121.228018][ T5968] Call Trace:
[  121.228026][ T5968]  <TASK>
[  121.228035][ T5968]  dump_stack_lvl+0x189/0x250
[  121.228082][ T5968]  ? __pfx_dump_stack_lvl+0x10/0x10
[  121.228110][ T5968]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  121.228139][ T5968]  ? __pfx_queue_work_on+0x10/0x10
[  121.228191][ T5968]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  121.228220][ T5968]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  121.228251][ T5968]  ? f2fs_hw_is_readonly+0x39b/0x470
[  121.228286][ T5968]  f2fs_handle_critical_error+0x37c/0x540
[  121.228321][ T5968]  f2fs_write_end_io+0x495/0x810
[  121.228339][ T5968]  ? blkg_put+0x22/0x240
[  121.228383][ T5968]  __submit_merged_bio+0x27a/0x6a0
[  121.228419][ T5968]  __submit_merged_write_cond+0x255/0x530
[  121.228455][ T5968]  f2fs_write_data_pages+0x261d/0x3000
[  121.228536][ T5968]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  121.228582][ T5968]  ? arch_stack_walk+0xfc/0x150
[  121.228644][ T5968]  ? __mod_zone_page_state+0xd7/0x140
[  121.228686][ T5968]  ? folios_put_refs+0x560/0x640
[  121.228726][ T5968]  ? __lock_acquire+0xab9/0xd20
[  121.228763][ T5968]  ? do_raw_spin_lock+0x121/0x290
[  121.228799][ T5968]  ? do_raw_spin_unlock+0x122/0x240
[  121.228822][ T5968]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  121.228861][ T5968]  do_writepages+0x32e/0x550
[  121.228902][ T5968]  ? do_raw_spin_unlock+0x122/0x240
[  121.228930][ T5968]  filemap_fdatawrite+0x199/0x240
[  121.228967][ T5968]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  121.229050][ T5968]  ? do_raw_spin_unlock+0x122/0x240
[  121.229079][ T5968]  f2fs_sync_dirty_inodes+0x31f/0x830
[  121.229115][ T5968]  f2fs_write_checkpoint+0x95a/0x1df0
[  121.229163][ T5968]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  121.229225][ T5968]  ? try_to_wake_up+0x7e5/0x1290
[  121.229256][ T5968]  ? kill_f2fs_super+0x298/0x6c0
[  121.229282][ T5968]  kill_f2fs_super+0x2c3/0x6c0
[  121.229309][ T5968]  ? __pfx_kill_f2fs_super+0x10/0x10
[  121.229327][ T5968]  ? radix_tree_delete_item+0x2b6/0x400
[  121.229378][ T5968]  ? shrinker_free+0x2ce/0x3e0
[  121.229404][ T5968]  deactivate_locked_super+0xb9/0x130
[  121.229433][ T5968]  cleanup_mnt+0x425/0x4c0
[  121.229457][ T5968]  ? lockdep_hardirqs_on+0x9c/0x150
[  121.229490][ T5968]  task_work_run+0x1d1/0x260
[  121.229517][ T5968]  ? __pfx_task_work_run+0x10/0x10
[  121.229556][ T5968]  ? __x64_sys_umount+0x122/0x160
[  121.229592][ T5968]  ? exit_to_user_mode_loop+0x40/0x110
[  121.229625][ T5968]  exit_to_user_mode_loop+0xec/0x110
[  121.229654][ T5968]  do_syscall_64+0x2bd/0x3b0
[  121.229672][ T5968]  ? lockdep_hardirqs_on+0x9c/0x150
[  121.229703][ T5968]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.229723][ T5968]  ? clear_bhb_loop+0x60/0xb0
[  121.229748][ T5968]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.229767][ T5968] RIP: 0033:0x7fb3c458fc57
[  121.229791][ T5968] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  121.229807][ T5968] RSP: 002b:00007ffea774a9f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  121.229837][ T5968] RAX: 0000000000000000 RBX: 00007fb3c4610925 RCX: 00007fb3c458fc57
[  121.229856][ T5968] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffea774aab0
[  121.229869][ T5968] RBP: 00007ffea774aab0 R08: 0000000000000000 R09: 0000000000000000
[  121.229881][ T5968] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffea774bb40
[  121.229894][ T5968] R13: 00007fb3c4610925 R14: 000000000001d8e4 R15: 00007ffea774bb80
[  121.229928][ T5968]  </TASK>
[  121.230718][ T5968] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  121.688277][ T6530] loop4: detected capacity change from 0 to 32768
[  121.734915][ T6530] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  121.942630][ T6530] XFS (loop4): Ending clean mount
[  121.998410][ T6530] XFS (loop4): Quotacheck needed: Please wait.
[  122.117203][ T6530] XFS (loop4): Quotacheck: Done.
[  122.265626][   T30] audit: type=1800 audit(1750337820.621:54): pid=6530 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.156" name="file1" dev="loop4" ino=9285 res=0 errno=0
[  122.394657][ T5828] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  122.448602][ T6574] Bluetooth: MGMT ver 1.23
[  123.219062][ T6593] loop3: detected capacity change from 0 to 512
[  123.277499][ T6593] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  123.382707][ T6593] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c119, mo2=0002]
[  123.420442][ T6593] EXT4-fs error (device loop3): ext4_iget_extra_inode:5035: inode #15: comm syz.3.170: corrupted in-inode xattr: e_value size too large
[  123.497446][ T6593] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.170: couldn't read orphan inode 15 (err -117)
[  123.573142][ T6593] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  123.679380][ T6606] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  123.724634][ T6610] netlink: 4 bytes leftover after parsing attributes in process `syz.1.174'.
[  123.804378][    C1] Illegal XDP return value 16128 on prog  (id 12) dev lo, expect packet loss!
[  123.856030][ T5835] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  123.978010][ T6614] sch_tbf: burst 2 is lower than device ip6tnl0 mtu (1452) !
[  124.811355][ T6602] loop4: detected capacity change from 0 to 40427
[  124.840892][ T6602] F2FS-fs (loop4): build fault injection rate: 690
[  124.869785][ T6602] F2FS-fs (loop4): Image doesn't support compression
[  124.906830][ T6602] F2FS-fs (loop4): Image doesn't support compression
[  124.953161][ T6602] F2FS-fs (loop4): build fault injection type: 0x4
[  125.082889][ T6602] F2FS-fs (loop4): invalid crc value
[  125.533531][ T6602] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  125.824212][ T6680] loop1: detected capacity change from 0 to 256
[  125.831135][ T5828] syz-executor: attempt to access beyond end of device
[  125.831135][ T5828] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  125.853848][ T6680] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  125.873504][ T6680] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  125.876455][ T5828] CPU: 0 UID: 0 PID: 5828 Comm: syz-executor Not tainted 6.16.0-rc2-next-20250619-syzkaller #0 PREEMPT(full) 
[  125.876486][ T5828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  125.876500][ T5828] Call Trace:
[  125.876509][ T5828]  <TASK>
[  125.876519][ T5828]  dump_stack_lvl+0x189/0x250
[  125.876563][ T5828]  ? __pfx_dump_stack_lvl+0x10/0x10
[  125.876594][ T5828]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  125.876626][ T5828]  ? __pfx_queue_work_on+0x10/0x10
[  125.876662][ T5828]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  125.876694][ T5828]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  125.876728][ T5828]  ? f2fs_hw_is_readonly+0x39b/0x470
[  125.876764][ T5828]  f2fs_handle_critical_error+0x37c/0x540
[  125.876804][ T5828]  f2fs_write_end_io+0x495/0x810
[  125.876823][ T5828]  ? blkg_put+0x22/0x240
[  125.876870][ T5828]  __submit_merged_bio+0x27a/0x6a0
[  125.876910][ T5828]  __submit_merged_write_cond+0x255/0x530
[  125.876948][ T5828]  f2fs_write_data_pages+0x261d/0x3000
[  125.877024][ T5828]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  125.877116][ T5828]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  125.877146][ T5828]  ? lockdep_hardirqs_on+0x9c/0x150
[  125.877181][ T5828]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  125.877227][ T5828]  ? __lock_acquire+0xab9/0xd20
[  125.877268][ T5828]  ? do_raw_spin_lock+0x121/0x290
[  125.877306][ T5828]  ? do_raw_spin_unlock+0x122/0x240
[  125.877331][ T5828]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  125.877373][ T5828]  do_writepages+0x32e/0x550
[  125.877418][ T5828]  ? do_raw_spin_unlock+0x122/0x240
[  125.877448][ T5828]  filemap_fdatawrite+0x199/0x240
[  125.877501][ T5828]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  125.877595][ T5828]  ? do_raw_spin_unlock+0x122/0x240
[  125.877626][ T5828]  f2fs_sync_dirty_inodes+0x31f/0x830
[  125.877668][ T5828]  f2fs_write_checkpoint+0x95a/0x1df0
[  125.877722][ T5828]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  125.877799][ T5828]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  125.877822][ T5828]  ? kfree+0x18e/0x440
[  125.877856][ T5828]  ? kill_f2fs_super+0x298/0x6c0
[  125.877887][ T5828]  kill_f2fs_super+0x2c3/0x6c0
[  125.877919][ T5828]  ? __pfx_kill_f2fs_super+0x10/0x10
[  125.877938][ T5828]  ? radix_tree_delete_item+0x2b6/0x400
[  125.877982][ T5828]  ? shrinker_free+0x2ce/0x3e0
[  125.878012][ T5828]  deactivate_locked_super+0xb9/0x130
[  125.878046][ T5828]  cleanup_mnt+0x425/0x4c0
[  125.878074][ T5828]  ? lockdep_hardirqs_on+0x9c/0x150
[  125.878112][ T5828]  task_work_run+0x1d1/0x260
[  125.878143][ T5828]  ? __pfx_task_work_run+0x10/0x10
[  125.878168][ T5828]  ? __x64_sys_umount+0x122/0x160
[  125.878208][ T5828]  ? exit_to_user_mode_loop+0x40/0x110
[  125.878243][ T5828]  exit_to_user_mode_loop+0xec/0x110
[  125.878276][ T5828]  do_syscall_64+0x2bd/0x3b0
[  125.878296][ T5828]  ? lockdep_hardirqs_on+0x9c/0x150
[  125.878330][ T5828]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.878352][ T5828]  ? clear_bhb_loop+0x60/0xb0
[  125.878387][ T5828]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.878410][ T5828] RIP: 0033:0x7f693c18fc57
[  125.878430][ T5828] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  125.878449][ T5828] RSP: 002b:00007ffeb5ec0c28 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  125.878473][ T5828] RAX: 0000000000000000 RBX: 00007f693c210925 RCX: 00007f693c18fc57
[  125.878489][ T5828] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffeb5ec0ce0
[  125.878502][ T5828] RBP: 00007ffeb5ec0ce0 R08: 0000000000000000 R09: 0000000000000000
[  125.878517][ T5828] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffeb5ec1d70
[  125.878530][ T5828] R13: 00007f693c210925 R14: 000000000001eae6 R15: 00007ffeb5ec1db0
[  125.878568][ T5828]  </TASK>
[  125.878577][ T5828] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  126.115450][ T6680] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  126.150773][ T6681] loop3: detected capacity change from 0 to 256
[  126.364351][ T6684] loop0: detected capacity change from 0 to 1024
[  126.371767][ T6684] EXT4-fs: Ignoring removed oldalloc option
[  126.475256][ T6684] EXT4-fs (loop0): stripe (4) is not aligned with cluster size (16), stripe is disabled
[  126.532794][ T6689] loop5: detected capacity change from 0 to 1024
[  126.619114][ T6684] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  126.717055][ T6702] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  126.740174][ T6702] batadv_slave_1: entered promiscuous mode
[  126.819831][ T6702] netlink: 24 bytes leftover after parsing attributes in process `syz.1.204'.
[  126.906989][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  127.413145][ T6720] loop6: detected capacity change from 0 to 524287999
[  127.458294][ T6720] Buffer I/O error on dev loop6, logical block 0, async page read
[  127.503646][ T6720] Buffer I/O error on dev loop6, logical block 0, async page read
[  127.541530][ T6720] Buffer I/O error on dev loop6, logical block 0, async page read
[  127.569972][ T6720] Buffer I/O error on dev loop6, logical block 0, async page read
[  127.618798][ T6720] Buffer I/O error on dev loop6, logical block 0, async page read
[  127.655034][ T6720] Buffer I/O error on dev loop6, logical block 0, async page read
[  127.698750][ T6720] Buffer I/O error on dev loop6, logical block 0, async page read
[  127.731598][ T6720] Buffer I/O error on dev loop6, logical block 0, async page read
[  127.744098][ T6720] ldm_validate_partition_table(): Disk read failed.
[  127.761174][ T6720] Buffer I/O error on dev loop6, logical block 0, async page read
[  127.794546][ T6720] Buffer I/O error on dev loop6, logical block 0, async page read
[  127.823860][ T6720] Dev loop6: unable to read RDB block 0
[  127.853339][ T6720]  loop6: unable to read partition table
[  127.866054][ T6720] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[  127.922719][ T6735] Process accounting resumed
[  128.357631][ T6757] loop5: detected capacity change from 0 to 64
[  128.490193][   T30] audit: type=1800 audit(1750337826.841:55): pid=6757 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.221" name="file2" dev="loop5" ino=6 res=0 errno=0
[  128.604339][ T6760] openvswitch: netlink: Multiple metadata blocks provided
[  128.991023][ T6733] loop3: detected capacity change from 0 to 32768
[  129.176944][ T6733] ocfs2: Slot 0 on device (7,3) was already allocated to this node!
[  129.272169][ T6733] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  129.465501][ T5835] ocfs2: Unmounting device (7,3) on (node local)
[  129.573832][ T6750] loop0: detected capacity change from 0 to 32768
[  129.691186][ T6750] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  129.809909][ T6797] loop1: detected capacity change from 0 to 1024
[  129.845794][ T6750] XFS (loop0): Ending clean mount
[  129.888076][ T6750] XFS (loop0): Quotacheck needed: Please wait.
[  129.977599][ T6797] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  130.042407][ T6750] XFS (loop0): Quotacheck: Done.
[  130.065823][   T30] audit: type=1800 audit(1750337828.421:56): pid=6797 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.231" name="file1" dev="loop1" ino=15 res=0 errno=0
[  130.089600][ T6797] EXT4-fs error (device loop1): ext4_xattr_inode_iget:437: inode #11: comm syz.1.231: missing EA_INODE flag
[  130.158622][ T6797] EXT4-fs (loop1): Remounting filesystem read-only
[  130.190155][ T6797] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  130.245320][ T5827] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  130.386490][ T5825] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  130.721203][ T6815] loop5: detected capacity change from 0 to 4096
[  130.750073][ T6815] ntfs3(loop5): Different NTFS sector size (4096) and media sector size (512).
[  130.895427][ T6815] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  130.919786][ T6823] netlink: 28 bytes leftover after parsing attributes in process `syz.1.240'.
[  131.080945][ T6828] netlink: 8 bytes leftover after parsing attributes in process `syz.0.235'.
[  131.432661][ T6844] loop3: detected capacity change from 0 to 512
[  131.442473][ T6838] loop1: detected capacity change from 0 to 4096
[  131.516644][ T6844] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  131.543789][ T6844] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[  131.623615][ T6844] System zones: 0-1, 15-15, 18-18, 34-34
[  131.682335][ T6844] EXT4-fs (loop3): orphan cleanup on readonly fs
[  131.730415][ T6844] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=0
[  131.777857][ T6844] EXT4-fs warning (device loop3): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  131.904671][ T6844] EXT4-fs (loop3): Cannot turn on quotas: error -22
[  131.929085][ T6844] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.247: bg 0: block 40: padding at end of block bitmap is not set
[  132.002830][ T6844] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6548: Corrupt filesystem
[  132.012492][ T6844] EXT4-fs (loop3): 1 truncate cleaned up
[  132.056300][ T6844] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  132.210249][ T6844] EXT4-fs error (device loop3): ext4_encrypted_get_link:46: inode #16: comm syz.3.247: bad symlink.
[  132.362927][ T6874] loop4: detected capacity change from 0 to 256
[  132.393016][ T6874] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  132.427960][ T5835] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  132.470092][ T6878] can0: slcan on ttyS3.
[  132.478854][ T6874] exFAT-fs (loop4): Medium has reported failures. Some data may be lost.
[  132.519594][ T6874] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x4d3005c0, utbl_chksum : 0xe619d30d)
[  132.666030][ T6878] can0 (unregistered): slcan off ttyS3.
[  132.849526][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  132.859659][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  133.693267][ T6948] loop3: detected capacity change from 0 to 256
[  133.917698][ T6948] FAT-fs (loop3): Directory bread(block 64) failed
[  133.943456][ T5967] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  133.988875][ T6948] FAT-fs (loop3): Directory bread(block 65) failed
[  134.053499][ T6948] FAT-fs (loop3): Directory bread(block 66) failed
[  134.060063][ T6948] FAT-fs (loop3): Directory bread(block 67) failed
[  134.094237][ T6948] FAT-fs (loop3): Directory bread(block 68) failed
[  134.100795][ T6948] FAT-fs (loop3): Directory bread(block 69) failed
[  134.124003][ T5967] usb 2-1: Using ep0 maxpacket: 16
[  134.139693][ T5967] usb 2-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  134.158926][ T5967] usb 2-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[  134.169903][ T5967] usb 2-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28
[  134.184338][ T6948] FAT-fs (loop3): Directory bread(block 70) failed
[  134.190904][ T6948] FAT-fs (loop3): Directory bread(block 71) failed
[  134.217003][ T6948] FAT-fs (loop3): Directory bread(block 72) failed
[  134.228188][ T5967] usb 2-1: config 0 interface 0 has no altsetting 0
[  134.254655][ T5967] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  134.273579][ T6948] FAT-fs (loop3): Directory bread(block 73) failed
[  134.277423][ T5967] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.312927][ T5967] usb 2-1: config 0 descriptor??
[  134.479594][ T6894] loop5: detected capacity change from 0 to 32768
[  134.556375][ T6894] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.264 (6894)
[  134.625824][ T6894] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  134.676664][ T6894] BTRFS info (device loop5): using sha256 (sha256-x86_64) checksum algorithm
[  134.725790][ T6894] BTRFS info (device loop5): using free-space-tree
[  134.743966][ T6897] loop0: detected capacity change from 0 to 32768
[  134.773820][ T5967] hid (null): unknown global tag 0xd
[  134.774510][ T6897] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.263 (6897)
[  134.779155][ T5967] hid (null): invalid report_count 36671
[  134.870540][ T6897] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  134.933580][ T6897] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[  135.003822][ T6897] BTRFS info (device loop0): using free-space-tree
[  135.036612][    T9] usb 2-1: USB disconnect, device number 3
[  135.312452][ T5968] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  135.654553][ T5827] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  135.863506][   T24] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  136.075841][   T24] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  136.093440][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  136.224909][ T6960] loop4: detected capacity change from 0 to 40427
[  136.225797][   T24] usb 6-1: config 0 descriptor??
[  136.269717][ T7013] loop3: detected capacity change from 0 to 4096
[  136.276375][ T6960] F2FS-fs (loop4): build fault injection rate: 771
[  136.286864][   T24] cp210x 6-1:0.0: cp210x converter detected
[  136.305925][ T7013] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512).
[  136.326031][ T6960] F2FS-fs (loop4): invalid crc value
[  136.371064][ T7018] netlink: 142 bytes leftover after parsing attributes in process `syz.0.273'.
[  136.640399][ T6960] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  136.699464][   T24] cp210x 6-1:0.0: failed to get vendor val 0x000e size 3: -32
[  136.756885][   T24] usb 6-1: cp210x converter now attached to ttyUSB0
[  136.885305][ T5828] syz-executor: attempt to access beyond end of device
[  136.885305][ T5828] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  136.906495][ T7026] warning: `syz.3.279' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  136.932245][ T5828] CPU: 0 UID: 0 PID: 5828 Comm: syz-executor Not tainted 6.16.0-rc2-next-20250619-syzkaller #0 PREEMPT(full) 
[  136.932272][ T5828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  136.932283][ T5828] Call Trace:
[  136.932291][ T5828]  <TASK>
[  136.932299][ T5828]  dump_stack_lvl+0x189/0x250
[  136.932339][ T5828]  ? __pfx_dump_stack_lvl+0x10/0x10
[  136.932364][ T5828]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  136.932392][ T5828]  ? __pfx_queue_work_on+0x10/0x10
[  136.932423][ T5828]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  136.932450][ T5828]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  136.932479][ T5828]  ? f2fs_hw_is_readonly+0x39b/0x470
[  136.932513][ T5828]  f2fs_handle_critical_error+0x37c/0x540
[  136.932548][ T5828]  f2fs_write_end_io+0x495/0x810
[  136.932564][ T5828]  ? blkg_put+0x22/0x240
[  136.932608][ T5828]  __submit_merged_bio+0x27a/0x6a0
[  136.932643][ T5828]  __submit_merged_write_cond+0x255/0x530
[  136.932678][ T5828]  f2fs_write_data_pages+0x261d/0x3000
[  136.932751][ T5828]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  136.932835][ T5828]  ? stack_depot_save_flags+0x429/0x900
[  136.932880][ T5828]  ? cleanup_mnt+0x425/0x4c0
[  136.932900][ T5828]  ? task_work_run+0x1d1/0x260
[  136.932920][ T5828]  ? exit_to_user_mode_loop+0xec/0x110
[  136.932957][ T5828]  ? __lock_acquire+0xab9/0xd20
[  136.933004][ T5828]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  136.933034][ T5828]  do_writepages+0x32e/0x550
[  136.933076][ T5828]  ? do_raw_spin_unlock+0x122/0x240
[  136.933104][ T5828]  filemap_fdatawrite+0x199/0x240
[  136.933132][ T5828]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  136.933225][ T5828]  ? do_raw_spin_unlock+0x122/0x240
[  136.933253][ T5828]  f2fs_sync_dirty_inodes+0x31f/0x830
[  136.933291][ T5828]  f2fs_write_checkpoint+0x95a/0x1df0
[  136.933340][ T5828]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  136.933413][ T5828]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  136.933432][ T5828]  ? kfree+0x18e/0x440
[  136.933459][ T5828]  ? kill_f2fs_super+0x298/0x6c0
[  136.933484][ T5828]  kill_f2fs_super+0x2c3/0x6c0
[  136.933512][ T5828]  ? __pfx_kill_f2fs_super+0x10/0x10
[  136.933528][ T5828]  ? radix_tree_delete_item+0x2b6/0x400
[  136.933565][ T5828]  ? shrinker_free+0x2ce/0x3e0
[  136.933591][ T5828]  deactivate_locked_super+0xb9/0x130
[  136.933619][ T5828]  cleanup_mnt+0x425/0x4c0
[  136.933642][ T5828]  ? lockdep_hardirqs_on+0x9c/0x150
[  136.933675][ T5828]  task_work_run+0x1d1/0x260
[  136.933701][ T5828]  ? __pfx_task_work_run+0x10/0x10
[  136.933721][ T5828]  ? __x64_sys_umount+0x122/0x160
[  136.933755][ T5828]  ? exit_to_user_mode_loop+0x40/0x110
[  136.933786][ T5828]  exit_to_user_mode_loop+0xec/0x110
[  136.933820][ T5828]  do_syscall_64+0x2bd/0x3b0
[  136.933838][ T5828]  ? lockdep_hardirqs_on+0x9c/0x150
[  136.933865][ T5828]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.933884][ T5828]  ? clear_bhb_loop+0x60/0xb0
[  136.933908][ T5828]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.933926][ T5828] RIP: 0033:0x7f693c18fc57
[  136.933944][ T5828] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  136.933959][ T5828] RSP: 002b:00007ffeb5ec0c28 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  136.933979][ T5828] RAX: 0000000000000000 RBX: 00007f693c210925 RCX: 00007f693c18fc57
[  136.933991][ T5828] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffeb5ec0ce0
[  136.934003][ T5828] RBP: 00007ffeb5ec0ce0 R08: 0000000000000000 R09: 0000000000000000
[  136.934014][ T5828] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffeb5ec1d70
[  136.934026][ T5828] R13: 00007f693c210925 R14: 0000000000021606 R15: 00007ffeb5ec1db0
[  136.934061][ T5828]  </TASK>
[  136.977077][   T24] usb 6-1: USB disconnect, device number 2
[  137.048690][ T5828] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  137.341347][ T7034] loop3: detected capacity change from 0 to 256
[  137.360364][   T24] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  137.401120][ T7034] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  137.438300][   T24] cp210x 6-1:0.0: device disconnected
[  137.462852][ T7034] exFAT-fs (loop3): Medium has reported failures. Some data may be lost.
[  137.478983][ T7034] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  139.116065][ T7057] loop1: detected capacity change from 0 to 32768
[  139.165618][ T7057] JBD2: Ignoring recovery information on journal
[  139.303763][ T7057] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  139.410939][ T7067] loop5: detected capacity change from 0 to 32768
[  139.451120][ T7085] loop3: detected capacity change from 0 to 128
[  139.522453][ T7057] OCFS2: ERROR (device loop1): int ocfs2_validate_inode_block(struct super_block *, struct buffer_head *): Invalid dinode #65: signature = 
[  139.542686][ T7067] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  139.553127][ T7057] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  139.567239][ T7057] OCFS2: File system is now read-only.
[  139.574764][ T7057] (syz.1.289,7057,1):ocfs2_find_entry_id:407 ERROR: status = -30
[  139.580466][ T7085] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  139.696869][ T5825] ocfs2: Unmounting device (7,1) on (node local)
[  139.723590][ T7085] ext4 filesystem being mounted at /61/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  139.971473][   T43] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  139.992433][ T5835] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  140.040306][ T7067] XFS (loop5): Ending clean mount
[  140.059948][ T7067] XFS (loop5): Quotacheck needed: Please wait.
[  140.148295][   T43] usb 1-1: config 220 has an invalid interface number: 76 but max is 2
[  140.178752][   T43] usb 1-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  140.196154][ T7067] XFS (loop5): Quotacheck: Done.
[  140.226031][   T43] usb 1-1: config 220 contains an unexpected descriptor of type 0x1, skipping
[  140.273250][   T43] usb 1-1: config 220 has an invalid descriptor of length 1, skipping remainder of the config
[  140.304612][   T43] usb 1-1: config 220 has no interface number 2
[  140.326729][   T43] usb 1-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  140.376812][   T43] usb 1-1: config 220 interface 0 has no altsetting 0
[  140.415360][   T43] usb 1-1: config 220 interface 76 has no altsetting 0
[  140.422259][   T43] usb 1-1: config 220 interface 1 has no altsetting 0
[  140.460497][ T5968] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  140.467252][   T43] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  140.493456][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  140.511628][   T43] usb 1-1: Product: syz
[  140.515885][   T43] usb 1-1: Manufacturer: syz
[  140.520956][   T43] usb 1-1: SerialNumber: syz
[  140.813863][   T43] usb 1-1: selecting invalid altsetting 0
[  140.820072][   T43] usb 1-1: Found UVC 7.01 device syz (8086:0b07)
[  140.837292][   T43] usb 1-1: No valid video chain found.
[  140.876714][   T43] usb 1-1: selecting invalid altsetting 0
[  140.913585][   T43] usbtest 1-1:220.1: probe with driver usbtest failed with error -22
[  140.920002][ T7107] loop4: detected capacity change from 0 to 40427
[  140.933004][ T7107] F2FS-fs (loop4): Invalid log blocks per segment (4278190089)
[  140.947594][   T43] usb 1-1: USB disconnect, device number 5
[  140.948990][ T7107] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  141.046385][ T7107] F2FS-fs (loop4): invalid crc value
[  141.194358][ T7129] netlink: 'syz.5.302': attribute type 9 has an invalid length.
[  141.233661][ T7129] netlink: 146708 bytes leftover after parsing attributes in process `syz.5.302'.
[  141.246202][ T6920] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  141.322598][ T7107] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  141.353510][ T7107] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  141.395988][ T6920] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  141.463468][   T30] audit: type=1800 audit(1750337839.811:57): pid=7107 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.299" name="file2" dev="loop4" ino=10 res=0 errno=0
[  141.550932][ T5828] syz-executor: attempt to access beyond end of device
[  141.550932][ T5828] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  141.583487][ T5828] CPU: 1 UID: 0 PID: 5828 Comm: syz-executor Not tainted 6.16.0-rc2-next-20250619-syzkaller #0 PREEMPT(full) 
[  141.583517][ T5828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  141.583528][ T5828] Call Trace:
[  141.583536][ T5828]  <TASK>
[  141.583545][ T5828]  dump_stack_lvl+0x189/0x250
[  141.583583][ T5828]  ? __pfx_dump_stack_lvl+0x10/0x10
[  141.583610][ T5828]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  141.583639][ T5828]  ? __pfx_queue_work_on+0x10/0x10
[  141.583671][ T5828]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  141.583698][ T5828]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  141.583728][ T5828]  ? f2fs_hw_is_readonly+0x39b/0x470
[  141.583761][ T5828]  f2fs_handle_critical_error+0x37c/0x540
[  141.583834][ T5828]  f2fs_write_end_io+0x495/0x810
[  141.583851][ T5828]  ? blkg_put+0x22/0x240
[  141.583896][ T5828]  __submit_merged_bio+0x27a/0x6a0
[  141.583931][ T5828]  __submit_merged_write_cond+0x255/0x530
[  141.583967][ T5828]  f2fs_write_data_pages+0x261d/0x3000
[  141.583997][ T5828]  ? __lock_acquire+0xab9/0xd20
[  141.584062][ T5828]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  141.584146][ T5828]  ? __mod_zone_page_state+0xd7/0x140
[  141.584186][ T5828]  ? folios_put_refs+0x560/0x640
[  141.584222][ T5828]  ? __pfx_folios_put_refs+0x10/0x10
[  141.584243][ T5828]  ? rcu_is_watching+0x15/0xb0
[  141.584282][ T5828]  ? __lock_acquire+0xab9/0xd20
[  141.584327][ T5828]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  141.584359][ T5828]  do_writepages+0x32e/0x550
[  141.584401][ T5828]  ? do_raw_spin_unlock+0x122/0x240
[  141.584429][ T5828]  filemap_fdatawrite+0x199/0x240
[  141.584459][ T5828]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  141.584543][ T5828]  ? do_raw_spin_unlock+0x122/0x240
[  141.584570][ T5828]  f2fs_sync_dirty_inodes+0x31f/0x830
[  141.584608][ T5828]  f2fs_write_checkpoint+0x95a/0x1df0
[  141.584656][ T5828]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  141.584720][ T5828]  ? try_to_wake_up+0x7e5/0x1290
[  141.584749][ T5828]  ? kill_f2fs_super+0x298/0x6c0
[  141.584775][ T5828]  kill_f2fs_super+0x2c3/0x6c0
[  141.584802][ T5828]  ? __pfx_kill_f2fs_super+0x10/0x10
[  141.584820][ T5828]  ? radix_tree_delete_item+0x2b6/0x400
[  141.584859][ T5828]  ? shrinker_free+0x2ce/0x3e0
[  141.584886][ T5828]  deactivate_locked_super+0xb9/0x130
[  141.584915][ T5828]  cleanup_mnt+0x425/0x4c0
[  141.584940][ T5828]  ? lockdep_hardirqs_on+0x9c/0x150
[  141.584974][ T5828]  task_work_run+0x1d1/0x260
[  141.585002][ T5828]  ? __pfx_task_work_run+0x10/0x10
[  141.585035][ T5828]  ? __x64_sys_umount+0x122/0x160
[  141.585070][ T5828]  ? exit_to_user_mode_loop+0x40/0x110
[  141.585106][ T5828]  exit_to_user_mode_loop+0xec/0x110
[  141.585133][ T5828]  do_syscall_64+0x2bd/0x3b0
[  141.585150][ T5828]  ? lockdep_hardirqs_on+0x9c/0x150
[  141.585178][ T5828]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.585198][ T5828]  ? clear_bhb_loop+0x60/0xb0
[  141.585222][ T5828]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.585240][ T5828] RIP: 0033:0x7f693c18fc57
[  141.585258][ T5828] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  141.585274][ T5828] RSP: 002b:00007ffeb5ec0c28 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  141.585295][ T5828] RAX: 0000000000000000 RBX: 00007f693c210925 RCX: 00007f693c18fc57
[  141.585307][ T5828] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffeb5ec0ce0
[  141.585319][ T5828] RBP: 00007ffeb5ec0ce0 R08: 0000000000000000 R09: 0000000000000000
[  141.585330][ T5828] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffeb5ec1d70
[  141.585343][ T5828] R13: 00007f693c210925 R14: 000000000002288c R15: 00007ffeb5ec1db0
[  141.585376][ T5828]  </TASK>
[  141.586340][ T5828] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  141.749602][ T7134] loop5: detected capacity change from 0 to 128
[  141.878708][ T6920] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  142.095835][ T7134] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  142.155104][ T7134] ext4 filesystem being mounted at /41/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  142.248133][ T7127] loop3: detected capacity change from 0 to 32768
[  142.267018][ T6920] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  142.278291][ T7127] btrfs: Deprecated parameter 'usebackuproot'
[  142.344474][ T7127] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  142.383562][ T7127] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.305 (7127)
[  142.465523][ T5832] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  142.479472][ T5832] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  142.513583][ T7127] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  142.534863][ T5832] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  142.566143][ T5832] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  142.576203][ T5832] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  142.612450][ T5844] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  142.621517][ T5844] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  142.633657][ T5844] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  142.641715][ T5844] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  142.650203][ T5844] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  142.657375][ T7127] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm
[  142.693685][ T7127] BTRFS info (device loop3): using free-space-tree
[  142.942884][ T5968] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  142.967506][ T7127] BTRFS info (device loop3): rebuilding free space tree
[  143.131791][ T7135] loop0: detected capacity change from 0 to 32768
[  143.184593][ T6920] bridge_slave_1: left allmulticast mode
[  143.190299][ T6920] bridge_slave_1: left promiscuous mode
[  143.213448][   T30] audit: type=1800 audit(1750337841.561:58): pid=7127 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.305" name="file1" dev="loop3" ino=260 res=0 errno=0
[  143.232348][ T6920] bridge0: port 2(bridge_slave_1) entered disabled state
[  143.258886][ T7166] loop5: detected capacity change from 0 to 16
[  143.323241][ T7166] erofs (device loop5): mounted with root inode @ nid 36.
[  143.342131][ T6920] bridge_slave_0: left allmulticast mode
[  143.380798][ T6920] bridge_slave_0: left promiscuous mode
[  143.404254][ T6920] bridge0: port 1(bridge_slave_0) entered disabled state
[  143.460627][ T5835] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  143.683352][ T7176] loop5: detected capacity change from 0 to 8
[  143.758443][ T7176] MTD: Attempt to mount non-MTD device "/dev/loop5"
[  143.827471][ T6061] udevd[6061]: incorrect cramfs checksum on /dev/loop5
[  143.891407][ T7176] cramfs: bad data blocksize 503316507
[  143.931024][ T7176] cramfs: bad data blocksize 503316507
[  143.945302][ T6061] udevd[6061]: incorrect cramfs checksum on /dev/loop5
[  143.986031][   T30] audit: type=1800 audit(1750337842.341:59): pid=7176 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.316" name="file0" dev="overlay" ino=244 res=0 errno=0
[  144.481015][ T7193] loop0: detected capacity change from 0 to 2048
[  144.560053][ T7193] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  144.764138][ T5832] Bluetooth: hci0: command tx timeout
[  144.778899][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  145.296144][ T6920] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  145.310359][ T6920] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  145.321621][ T6920] bond0 (unregistering): Released all slaves
[  145.350098][ T7184] netlink: 20 bytes leftover after parsing attributes in process `syz.4.317'.
[  145.353454][ T5893] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  145.593143][ T5893] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  145.608846][ T7206] loop5: detected capacity change from 0 to 32768
[  145.615992][ T5893] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  145.640508][ T7206] 
[  145.640508][ T7206]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  145.640508][ T7206] 
[  145.653730][ T5893] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  145.678813][ T5893] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  145.709847][ T6922] 
[  145.709847][ T6922]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  145.709847][ T6922] 
[  145.710049][ T7208] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  145.751916][ T6922] 
[  145.751916][ T6922]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  145.751916][ T6922] 
[  145.778749][ T5893] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  145.788024][  T112] 
[  145.788024][  T112]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  145.788024][  T112] 
[  145.844595][ T7206] 
[  145.844595][ T7206]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  145.844595][ T7206] 
[  145.877988][ T7206] 
[  145.877988][ T7206]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  145.877988][ T7206] 
[  146.056561][ T5968] 
[  146.056561][ T5968]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  146.056561][ T5968] 
[  146.075113][ T5893] usb 4-1: USB disconnect, device number 5
[  146.150798][ T5968] 
[  146.150798][ T5968]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  146.150798][ T5968] 
[  146.600211][ T6920] hsr_slave_0: left promiscuous mode
[  146.618332][ T6920] hsr_slave_1: left promiscuous mode
[  146.637739][ T6920] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  146.664471][ T6920] batman_adv: batadv0: Removing interface: batadv_slave_0
[  146.696579][ T6920] batman_adv: batadv0: Removing interface: batadv_slave_1
[  146.786794][ T6920] veth1_macvtap: left promiscuous mode
[  146.818145][ T6920] veth0_macvtap: left promiscuous mode
[  146.843768][ T6920] veth1_vlan: left promiscuous mode
[  146.849738][ T5832] Bluetooth: hci0: command tx timeout
[  146.874823][ T6920] veth0_vlan: left promiscuous mode
[  146.987740][ T7247] Bluetooth: MGMT ver 1.23
[  147.105353][ T7250] netlink: 16215 bytes leftover after parsing attributes in process `syz.3.334'.
[  147.516094][ T7239] loop4: detected capacity change from 0 to 40427
[  147.530173][ T7239] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  147.539627][    T9] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  147.549475][ T7239] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  147.578207][ T7239] F2FS-fs (loop4): invalid crc value
[  147.723596][    T9] usb 4-1: Using ep0 maxpacket: 32
[  147.754116][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 1024, setting to 64
[  147.772368][    T9] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16
[  147.782093][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  147.806681][    T9] usb 4-1: Product: syz
[  147.811117][    T9] usb 4-1: Manufacturer: syz
[  147.820924][    T9] usb 4-1: SerialNumber: syz
[  147.844696][    T9] usb 4-1: config 0 descriptor??
[  147.875607][ T7239] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  147.882676][ T7239] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  147.912490][    T9] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  148.095469][ T6934] usb 4-1: Failed to submit usb control message: -71
[  148.107349][    T9] usb 4-1: USB disconnect, device number 6
[  148.114858][ T6934] usb 4-1: unable to send the bmi data to the device: -71
[  148.122006][ T6934] usb 4-1: unable to get target info from device
[  148.130170][ T6934] usb 4-1: could not get target info (-71)
[  148.143443][ T6934] usb 4-1: could not probe fw (-71)
[  148.535074][ T6920] team0 (unregistering): Port device team_slave_1 removed
[  148.695103][ T6920] team0 (unregistering): Port device team_slave_0 removed
[  148.937110][ T5832] Bluetooth: hci0: command tx timeout
[  149.036635][ T7276] loop3: detected capacity change from 0 to 512
[  149.090749][ T7276] EXT4-fs: Ignoring removed nomblk_io_submit option
[  149.120508][ T7276] EXT4-fs: Ignoring removed orlov option
[  149.143608][ T7276] EXT4-fs: Ignoring removed i_version option
[  149.175850][ T7276] EXT4-fs (loop3): 1 orphan inode deleted
[  149.194725][ T7276] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  149.235109][ T7276] EXT4-fs (loop3): shut down requested (2)
[  149.363271][ T5835] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  149.554287][ T7285] sctp: [Deprecated]: syz.4.347 (pid 7285) Use of int in max_burst socket option deprecated.
[  149.554287][ T7285] Use struct sctp_assoc_value instead
[  150.484829][ T7282] loop0: detected capacity change from 0 to 131072
[  150.501539][ T7282] F2FS-fs (loop0): Invalid log sectors per block(570425347) log sectorsize(9)
[  150.513098][ T7282] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[  150.526645][ T7282] F2FS-fs (loop0): invalid crc value
[  150.612597][ T7282] F2FS-fs (loop0): Try to recover 2th superblock, ret: -30
[  150.619978][ T7282] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b
[  151.006740][ T5832] Bluetooth: hci0: command tx timeout
[  151.460023][ T7289] loop4: detected capacity change from 0 to 40427
[  151.474584][ T7289] F2FS-fs (loop4): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[  151.482602][ T7289] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  151.516554][ T7289] F2FS-fs (loop4): invalid crc value
[  151.540313][ T7254] vxcan1: entered allmulticast mode
[  151.560040][ T7255] vxcan1: left allmulticast mode
[  151.575644][ T7139] chnl_net:caif_netlink_parms(): no params data found
[  151.877812][ T7289] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  151.907703][ T7289] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  152.251861][ T5828] syz-executor: attempt to access beyond end of device
[  152.251861][ T5828] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  152.283833][ T5828] CPU: 0 UID: 0 PID: 5828 Comm: syz-executor Not tainted 6.16.0-rc2-next-20250619-syzkaller #0 PREEMPT(full) 
[  152.283863][ T5828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  152.283875][ T5828] Call Trace:
[  152.283883][ T5828]  <TASK>
[  152.283892][ T5828]  dump_stack_lvl+0x189/0x250
[  152.283931][ T5828]  ? __pfx_dump_stack_lvl+0x10/0x10
[  152.283960][ T5828]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  152.283990][ T5828]  ? __pfx_queue_work_on+0x10/0x10
[  152.284024][ T5828]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  152.284051][ T5828]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  152.284082][ T5828]  ? f2fs_hw_is_readonly+0x39b/0x470
[  152.284118][ T5828]  f2fs_handle_critical_error+0x37c/0x540
[  152.284154][ T5828]  f2fs_write_end_io+0x495/0x810
[  152.284178][ T5828]  ? blkg_put+0x22/0x240
[  152.284222][ T5828]  __submit_merged_bio+0x27a/0x6a0
[  152.284258][ T5828]  __submit_merged_write_cond+0x255/0x530
[  152.284294][ T5828]  f2fs_write_data_pages+0x261d/0x3000
[  152.284365][ T5828]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  152.284460][ T5828]  ? folios_put_refs+0x559/0x640
[  152.284497][ T5828]  ? __pfx_folios_put_refs+0x10/0x10
[  152.284519][ T5828]  ? rcu_is_watching+0x15/0xb0
[  152.284559][ T5828]  ? __lock_acquire+0xab9/0xd20
[  152.284606][ T5828]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  152.284638][ T5828]  do_writepages+0x32e/0x550
[  152.284680][ T5828]  ? do_raw_spin_unlock+0x122/0x240
[  152.284709][ T5828]  filemap_fdatawrite+0x199/0x240
[  152.284740][ T5828]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  152.284823][ T5828]  ? do_raw_spin_unlock+0x122/0x240
[  152.284853][ T5828]  f2fs_sync_dirty_inodes+0x31f/0x830
[  152.284891][ T5828]  f2fs_write_checkpoint+0x95a/0x1df0
[  152.284938][ T5828]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  152.285006][ T5828]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  152.285026][ T5828]  ? kfree+0x18e/0x440
[  152.285055][ T5828]  ? kill_f2fs_super+0x298/0x6c0
[  152.285081][ T5828]  kill_f2fs_super+0x2c3/0x6c0
[  152.285109][ T5828]  ? __pfx_kill_f2fs_super+0x10/0x10
[  152.285126][ T5828]  ? radix_tree_delete_item+0x2b6/0x400
[  152.285165][ T5828]  ? shrinker_free+0x2ce/0x3e0
[  152.285200][ T5828]  deactivate_locked_super+0xb9/0x130
[  152.285229][ T5828]  cleanup_mnt+0x425/0x4c0
[  152.285254][ T5828]  ? lockdep_hardirqs_on+0x9c/0x150
[  152.285289][ T5828]  task_work_run+0x1d1/0x260
[  152.285317][ T5828]  ? __pfx_task_work_run+0x10/0x10
[  152.285338][ T5828]  ? __x64_sys_umount+0x122/0x160
[  152.285374][ T5828]  ? exit_to_user_mode_loop+0x40/0x110
[  152.285406][ T5828]  exit_to_user_mode_loop+0xec/0x110
[  152.285435][ T5828]  do_syscall_64+0x2bd/0x3b0
[  152.285453][ T5828]  ? lockdep_hardirqs_on+0x9c/0x150
[  152.285483][ T5828]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.285503][ T5828]  ? clear_bhb_loop+0x60/0xb0
[  152.285528][ T5828]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.285548][ T5828] RIP: 0033:0x7f693c18fc57
[  152.285566][ T5828] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  152.285582][ T5828] RSP: 002b:00007ffeb5ec0c28 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  152.285604][ T5828] RAX: 0000000000000000 RBX: 00007f693c210925 RCX: 00007f693c18fc57
[  152.285617][ T5828] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffeb5ec0ce0
[  152.285629][ T5828] RBP: 00007ffeb5ec0ce0 R08: 0000000000000000 R09: 0000000000000000
[  152.285640][ T5828] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffeb5ec1d70
[  152.285652][ T5828] R13: 00007f693c210925 R14: 0000000000025222 R15: 00007ffeb5ec1db0
[  152.285685][ T5828]  </TASK>
[  152.285709][ T5828] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  152.703186][ T7139] bridge0: port 1(bridge_slave_0) entered blocking state
[  152.710963][ T7139] bridge0: port 1(bridge_slave_0) entered disabled state
[  152.728761][ T7139] bridge_slave_0: entered allmulticast mode
[  152.750148][ T7139] bridge_slave_0: entered promiscuous mode
[  152.793607][ T7139] bridge0: port 2(bridge_slave_1) entered blocking state
[  152.800789][ T7139] bridge0: port 2(bridge_slave_1) entered disabled state
[  152.853772][ T7139] bridge_slave_1: entered allmulticast mode
[  152.872943][ T7139] bridge_slave_1: entered promiscuous mode
[  153.048135][ T7139] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  153.086342][ T7139] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  153.269049][ T7338] netlink: 'syz.3.363': attribute type 3 has an invalid length.
[  153.310300][ T7139] team0: Port device team_slave_0 added
[  153.335687][ T7139] team0: Port device team_slave_1 added
[  153.489604][ T7139] batman_adv: batadv0: Adding interface: batadv_slave_0
[  153.515467][ T7139] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  153.587610][ T7139] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  153.637324][ T7139] batman_adv: batadv0: Adding interface: batadv_slave_1
[  153.664873][ T7139] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  153.739143][ T7139] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  153.927762][ T7139] hsr_slave_0: entered promiscuous mode
[  153.963157][ T7139] hsr_slave_1: entered promiscuous mode
[  153.982764][ T7139] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  153.993443][ T7139] Cannot create hsr debugfs directory
[  154.534912][ T7365] loop5: detected capacity change from 0 to 4096
[  154.870969][ T7139] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  154.874420][ T7352] loop4: detected capacity change from 0 to 40427
[  154.939199][ T7352] F2FS-fs (loop4): invalid crc value
[  154.984501][ T7139] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  155.050602][ T7139] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  155.134226][ T7139] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  155.237068][ T7385] loop3: detected capacity change from 0 to 512
[  155.332832][ T7385] EXT4-fs error (device loop3): ext4_orphan_get:1419: comm syz.3.372: bad orphan inode 11862016
[  155.386650][ T7352] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  155.411644][ T7385] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  155.439150][ T7385] ext4 filesystem being mounted at /85/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  155.476989][ T7385] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000d40000 ro.
[  155.617157][ T7139] 8021q: adding VLAN 0 to HW filter on device bond0
[  155.642081][ T5828] syz-executor: attempt to access beyond end of device
[  155.642081][ T5828] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  155.654904][ T7139] 8021q: adding VLAN 0 to HW filter on device team0
[  155.687281][ T5835] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  155.712979][ T6920] bridge0: port 1(bridge_slave_0) entered blocking state
[  155.720199][ T6920] bridge0: port 1(bridge_slave_0) entered forwarding state
[  155.753479][ T5828] CPU: 0 UID: 0 PID: 5828 Comm: syz-executor Not tainted 6.16.0-rc2-next-20250619-syzkaller #0 PREEMPT(full) 
[  155.753513][ T5828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  155.753530][ T5828] Call Trace:
[  155.753540][ T5828]  <TASK>
[  155.753551][ T5828]  dump_stack_lvl+0x189/0x250
[  155.753589][ T5828]  ? __pfx_dump_stack_lvl+0x10/0x10
[  155.753609][ T5828]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  155.753630][ T5828]  ? __pfx_queue_work_on+0x10/0x10
[  155.753663][ T5828]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  155.753684][ T5828]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  155.753707][ T5828]  ? f2fs_hw_is_readonly+0x39b/0x470
[  155.753730][ T5828]  f2fs_handle_critical_error+0x37c/0x540
[  155.753754][ T5828]  f2fs_write_end_io+0x495/0x810
[  155.753768][ T5828]  ? blkg_put+0x22/0x240
[  155.753798][ T5828]  __submit_merged_bio+0x27a/0x6a0
[  155.753822][ T5828]  __submit_merged_write_cond+0x255/0x530
[  155.753846][ T5828]  f2fs_write_data_pages+0x261d/0x3000
[  155.753866][ T5828]  ? __lock_acquire+0xab9/0xd20
[  155.753910][ T5828]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  155.753962][ T5828]  ? __mod_zone_page_state+0xd7/0x140
[  155.753990][ T5828]  ? folios_put_refs+0x560/0x640
[  155.754016][ T5828]  ? __lock_acquire+0xab9/0xd20
[  155.754041][ T5828]  ? do_raw_spin_lock+0x121/0x290
[  155.754064][ T5828]  ? do_raw_spin_unlock+0x122/0x240
[  155.754080][ T5828]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  155.754101][ T5828]  do_writepages+0x32e/0x550
[  155.754129][ T5828]  ? do_raw_spin_unlock+0x122/0x240
[  155.754148][ T5828]  filemap_fdatawrite+0x199/0x240
[  155.754170][ T5828]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  155.754224][ T5828]  ? do_raw_spin_unlock+0x122/0x240
[  155.754243][ T5828]  f2fs_sync_dirty_inodes+0x31f/0x830
[  155.754267][ T5828]  f2fs_write_checkpoint+0x95a/0x1df0
[  155.754298][ T5828]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  155.754339][ T5828]  ? try_to_wake_up+0x7e5/0x1290
[  155.754359][ T5828]  ? kill_f2fs_super+0x298/0x6c0
[  155.754376][ T5828]  kill_f2fs_super+0x2c3/0x6c0
[  155.754394][ T5828]  ? __pfx_kill_f2fs_super+0x10/0x10
[  155.754406][ T5828]  ? radix_tree_delete_item+0x2b6/0x400
[  155.754431][ T5828]  ? shrinker_free+0x2ce/0x3e0
[  155.754449][ T5828]  deactivate_locked_super+0xb9/0x130
[  155.754470][ T5828]  cleanup_mnt+0x425/0x4c0
[  155.754487][ T5828]  ? lockdep_hardirqs_on+0x9c/0x150
[  155.754510][ T5828]  task_work_run+0x1d1/0x260
[  155.754529][ T5828]  ? __pfx_task_work_run+0x10/0x10
[  155.754544][ T5828]  ? __x64_sys_umount+0x122/0x160
[  155.754568][ T5828]  ? exit_to_user_mode_loop+0x40/0x110
[  155.754589][ T5828]  exit_to_user_mode_loop+0xec/0x110
[  155.754608][ T5828]  do_syscall_64+0x2bd/0x3b0
[  155.754621][ T5828]  ? lockdep_hardirqs_on+0x9c/0x150
[  155.754646][ T5828]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.754659][ T5828]  ? clear_bhb_loop+0x60/0xb0
[  155.754676][ T5828]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.754689][ T5828] RIP: 0033:0x7f693c18fc57
[  155.754702][ T5828] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  155.754714][ T5828] RSP: 002b:00007ffeb5ec0c28 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  155.754729][ T5828] RAX: 0000000000000000 RBX: 00007f693c210925 RCX: 00007f693c18fc57
[  155.754738][ T5828] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffeb5ec0ce0
[  155.754747][ T5828] RBP: 00007ffeb5ec0ce0 R08: 0000000000000000 R09: 0000000000000000
[  155.754755][ T5828] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffeb5ec1d70
[  155.754764][ T5828] R13: 00007f693c210925 R14: 0000000000025f46 R15: 00007ffeb5ec1db0
[  155.754804][ T5828]  </TASK>
[  155.754815][ T5828] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  155.996846][ T7139] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  156.193190][ T7139] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  156.215137][ T6939] bridge0: port 2(bridge_slave_1) entered blocking state
[  156.222298][ T6939] bridge0: port 2(bridge_slave_1) entered forwarding state
[  156.284300][ T7373] loop0: detected capacity change from 0 to 32768
[  156.298124][ T7373] XFS: attr2 mount option is deprecated.
[  156.452749][ T7373] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  156.569904][ T7373] XFS (loop0): Ending clean mount
[  156.621440][ T7373] XFS (loop0): Quotacheck needed: Please wait.
[  156.785893][ T7373] XFS (loop0): Quotacheck: Done.
[  156.915933][ T7427] netlink: 'syz.3.378': attribute type 1 has an invalid length.
[  157.017410][ T5827] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  157.111813][ T7139] 8021q: adding VLAN 0 to HW filter on device batadv0
[  157.360310][ T7401] loop5: detected capacity change from 0 to 32768
[  157.506108][ T7401] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  157.598524][ T7444] loop3: detected capacity change from 0 to 1024
[  157.614307][ T7444] EXT4-fs: Ignoring removed nobh option
[  157.625715][ T7444] EXT4-fs: Ignoring removed bh option
[  157.675629][ T7401] XFS (loop5): Ending clean mount
[  157.685098][ T7444] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  157.718205][ T7401] XFS (loop5): Quotacheck needed: Please wait.
[  157.818978][ T7456] netlink: 'syz.0.379': attribute type 8 has an invalid length.
[  157.827118][ T7401] XFS (loop5): Quotacheck: Done.
[  157.864282][ T7444] EXT4-fs error (device loop3): mb_free_blocks:1948: group 0, inode 15: block 129:freeing already freed block (bit 8); block bitmap corrupt.
[  157.891685][ T7456] netlink: 8 bytes leftover after parsing attributes in process `syz.0.379'.
[  157.932506][ T7456] bridge0: port 2(bridge_slave_1) entered disabled state
[  157.941749][ T7456] bridge0: port 1(bridge_slave_0) entered disabled state
[  157.959531][ T7456] bridge0: entered allmulticast mode
[  158.045926][ T5968] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  158.052792][ T7139] veth0_vlan: entered promiscuous mode
[  158.082506][ T7139] veth1_vlan: entered promiscuous mode
[  158.105675][ T5835] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  158.172503][ T7139] veth0_macvtap: entered promiscuous mode
[  158.233228][ T7139] veth1_macvtap: entered promiscuous mode
[  158.261560][ T7139] batman_adv: batadv0: Interface activated: batadv_slave_0
[  158.273673][ T7139] batman_adv: batadv0: Interface activated: batadv_slave_1
[  158.402022][ T7463] loop0: detected capacity change from 0 to 64
[  158.413945][ T6941] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  158.459867][ T6941] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  158.537182][ T6941] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  158.604142][ T6941] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  158.861650][ T6922] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  158.920634][ T6922] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  158.959126][ T7434] loop4: detected capacity change from 0 to 32768
[  159.015988][ T6939] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  159.025309][ T7434] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.376 (7434)
[  159.079678][ T6939] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  159.112844][ T7434] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  159.133619][ T7434] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  159.160343][ T7434] BTRFS info (device loop4): using free-space-tree
[  159.357245][ T7434] BTRFS info (device loop4): rebuilding free space tree
[  159.435248][ T7504] loop3: detected capacity change from 0 to 64
[  159.607245][ T7434] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_LZO (0x8)
[  159.840765][ T5828] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  159.877695][ T7515] netlink: 56 bytes leftover after parsing attributes in process `syz.6.394'.
[  160.629513][ T7477] loop5: detected capacity change from 0 to 32768
[  160.698975][ T7477] XFS (loop5): DAX unsupported by block device. Turning off DAX.
[  160.755594][ T7477] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  160.902349][ T7543] loop4: detected capacity change from 0 to 16
[  160.945422][ T7477] XFS (loop5): Ending clean mount
[  160.986395][ T7543] erofs (device loop4): blkszbits 0 isn't supported
[  161.038192][ T7477] XFS (loop5): Quotacheck needed: Please wait.
[  161.212683][ T7477] XFS (loop5): Quotacheck: Done.
[  161.446510][ T5968] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  161.456312][ T7523] loop6: detected capacity change from 0 to 32768
[  161.646730][ T7523] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  161.864019][   T30] audit: type=1400 audit(1750337860.211:60): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3A2020202030202020313420202020302020202030202020202030202020202020203020202020202020202020300A65727370616E303A202020202020203020202020202020302020202030202020203020202020302020202020302020202020202020202030202020202020202020302020202020202020302020202020202030202020313220202020302020202031202020202030202020202020203020202020202020202020300A69705F767469303A202020202020203020202020202020302020202030202020203020202020302020202020302020202020202020202030202020202020202020302020202020202020302020202020202030202020203020202020302020202030202020202030202020202020203020202020202020202020300A6970365F767469303A202020202020203020202020202020302020202030202020203020202020302020202020302020202020202020202030202020202020202020302020202020202020302020202020202030202020203820202020382020202030202020202030202020202020203820202020202020202020300A2020736974303A2020202020
[  162.276270][ T7139] ocfs2: Unmounting device (7,6) on (node local)
[  163.225560][ T7574] loop5: detected capacity change from 0 to 32768
[  164.051773][ T7598] loop0: detected capacity change from 0 to 32768
[  164.258597][ T7600] loop3: detected capacity change from 0 to 32768
[  165.150540][ T7620] loop6: detected capacity change from 0 to 40427
[  165.167968][ T3005] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  165.186308][ T7620] F2FS-fs (loop6): build fault injection rate: 771
[  165.259103][ T7620] F2FS-fs (loop6): invalid crc value
[  165.350023][ T3005] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  165.532945][ T7620] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  165.619611][ T3005] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  165.722148][ T7627] loop5: detected capacity change from 0 to 32768
[  165.763018][ T7139] syz-executor: attempt to access beyond end of device
[  165.763018][ T7139] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  165.790370][ T7627] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.426 (7627)
[  165.793482][ T7139] CPU: 1 UID: 0 PID: 7139 Comm: syz-executor Not tainted 6.16.0-rc2-next-20250619-syzkaller #0 PREEMPT(full) 
[  165.793510][ T7139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  165.793524][ T7139] Call Trace:
[  165.793532][ T7139]  <TASK>
[  165.793541][ T7139]  dump_stack_lvl+0x189/0x250
[  165.793583][ T7139]  ? __pfx_dump_stack_lvl+0x10/0x10
[  165.793614][ T7139]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  165.793644][ T7139]  ? __pfx_queue_work_on+0x10/0x10
[  165.793678][ T7139]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  165.793708][ T7139]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  165.793740][ T7139]  ? f2fs_hw_is_readonly+0x39b/0x470
[  165.793793][ T7139]  f2fs_handle_critical_error+0x37c/0x540
[  165.793832][ T7139]  f2fs_write_end_io+0x495/0x810
[  165.793850][ T7139]  ? blkg_put+0x22/0x240
[  165.793898][ T7139]  __submit_merged_bio+0x27a/0x6a0
[  165.793937][ T7139]  __submit_merged_write_cond+0x255/0x530
[  165.793977][ T7139]  f2fs_write_data_pages+0x261d/0x3000
[  165.794051][ T7139]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  165.794084][ T7139]  ? is_bpf_text_address+0x26/0x2b0
[  165.794138][ T7139]  ? arch_stack_walk+0xfc/0x150
[  165.794240][ T7139]  ? __lock_acquire+0xab9/0xd20
[  165.794281][ T7139]  ? do_raw_spin_lock+0x121/0x290
[  165.794319][ T7139]  ? do_raw_spin_unlock+0x122/0x240
[  165.794343][ T7139]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  165.794378][ T7139]  do_writepages+0x32e/0x550
[  165.794425][ T7139]  ? do_raw_spin_unlock+0x122/0x240
[  165.794454][ T7139]  filemap_fdatawrite+0x199/0x240
[  165.794488][ T7139]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  165.794578][ T7139]  ? do_raw_spin_unlock+0x122/0x240
[  165.794608][ T7139]  f2fs_sync_dirty_inodes+0x31f/0x830
[  165.794649][ T7139]  f2fs_write_checkpoint+0x95a/0x1df0
[  165.794701][ T7139]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  165.794777][ T7139]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  165.794799][ T7139]  ? kfree+0x18e/0x440
[  165.794830][ T7139]  ? kill_f2fs_super+0x298/0x6c0
[  165.794858][ T7139]  kill_f2fs_super+0x2c3/0x6c0
[  165.794887][ T7139]  ? __pfx_kill_f2fs_super+0x10/0x10
[  165.794907][ T7139]  ? radix_tree_delete_item+0x2b6/0x400
[  165.794949][ T7139]  ? shrinker_free+0x2ce/0x3e0
[  165.794979][ T7139]  deactivate_locked_super+0xb9/0x130
[  165.795012][ T7139]  cleanup_mnt+0x425/0x4c0
[  165.795039][ T7139]  ? lockdep_hardirqs_on+0x9c/0x150
[  165.795075][ T7139]  task_work_run+0x1d1/0x260
[  165.795105][ T7139]  ? __pfx_task_work_run+0x10/0x10
[  165.795134][ T7139]  ? __x64_sys_umount+0x122/0x160
[  165.795174][ T7139]  ? exit_to_user_mode_loop+0x40/0x110
[  165.795210][ T7139]  exit_to_user_mode_loop+0xec/0x110
[  165.795240][ T7139]  do_syscall_64+0x2bd/0x3b0
[  165.795260][ T7139]  ? lockdep_hardirqs_on+0x9c/0x150
[  165.795293][ T7139]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.795316][ T7139]  ? clear_bhb_loop+0x60/0xb0
[  165.795343][ T7139]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.795364][ T7139] RIP: 0033:0x7f00ad18fc57
[  165.795384][ T7139] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  165.795402][ T7139] RSP: 002b:00007fffe850c9d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  165.795427][ T7139] RAX: 0000000000000000 RBX: 00007f00ad210925 RCX: 00007f00ad18fc57
[  165.795441][ T7139] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffe850ca90
[  165.795456][ T7139] RBP: 00007fffe850ca90 R08: 0000000000000000 R09: 0000000000000000
[  165.795470][ T7139] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffe850db20
[  165.795484][ T7139] R13: 00007f00ad210925 R14: 00000000000286f6 R15: 00007fffe850db60
[  165.795520][ T7139]  </TASK>
[  165.795530][ T7139] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  166.245119][ T7627] BTRFS info (device loop5): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  166.287822][ T7627] BTRFS info (device loop5): using blake2b (blake2b-256-generic) checksum algorithm
[  166.297973][ T3005] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  166.343454][ T7627] BTRFS info (device loop5): using free-space-tree
[  166.709493][ T5844] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  166.719286][ T5844] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  166.727994][ T5844] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  166.736219][ T5844] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  166.743903][ T5844] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  166.997573][ T3005] bridge_slave_1: left allmulticast mode
[  167.019317][ T3005] bridge_slave_1: left promiscuous mode
[  167.050508][ T3005] bridge0: port 2(bridge_slave_1) entered disabled state
[  167.065449][ T7642] loop3: detected capacity change from 0 to 32768
[  167.119604][ T3005] bridge_slave_0: left allmulticast mode
[  167.139937][ T7642] XFS (loop3): DAX unsupported by block device. Turning off DAX.
[  167.151112][ T5968] BTRFS info (device loop5): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  167.167757][ T3005] bridge_slave_0: left promiscuous mode
[  167.175797][ T3005] bridge0: port 1(bridge_slave_0) entered disabled state
[  167.222869][ T7642] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  167.372512][ T7646] loop4: detected capacity change from 0 to 32768
[  167.394806][ T7642] XFS (loop3): Ending clean mount
[  167.450361][ T7646] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.432 (7646)
[  167.463662][ T5893] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  167.485801][ T7642] XFS (loop3): Quotacheck needed: Please wait.
[  167.578731][ T7646] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  167.590272][ T7642] XFS (loop3): Quotacheck: Done.
[  167.627745][ T7646] BTRFS info (device loop4): using sha256 (sha256-x86_64) checksum algorithm
[  167.664318][ T5893] usb 7-1: Using ep0 maxpacket: 32
[  167.688103][ T5893] usb 7-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  167.733445][ T5893] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  167.780069][ T5835] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  167.813573][ T5893] usb 7-1: config 0 descriptor??
[  167.897404][ T7646] BTRFS info (device loop4): rebuilding free space tree
[  167.961692][ T7646] BTRFS info (device loop4): disabling free space tree
[  168.006567][ T7646] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  168.069387][ T5893] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  168.093513][ T7646] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  168.116286][ T5893] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  168.187915][ T5893] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  168.216828][ T5893] usb 7-1: media controller created
[  168.266397][   T30] audit: type=1800 audit(1750337866.621:61): pid=7646 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.432" name="bus" dev="loop4" ino=263 res=0 errno=0
[  168.300062][ T7646] fs-verity: sha512 using implementation "sha512-avx2"
[  168.321714][ T5893] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  168.334795][ T7646] BTRFS info (device loop4): setting compat-ro feature flag for VERITY (0x4)
[  168.472414][ T5893] az6027: usb out operation failed. (-71)
[  168.547117][ T5893] az6027: usb out operation failed. (-71)
[  168.560806][ T5893] stb0899_attach: Driver disabled by Kconfig
[  168.588404][ T5828] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  168.610055][ T5893] az6027: no front-end attached
[  168.610055][ T5893] 
[  168.636163][ T5893] az6027: usb out operation failed. (-71)
[  168.641950][ T5893] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  168.671783][ T5893] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.6/usb7/7-1/input/input8
[  168.748328][ T5893] dvb-usb: schedule remote query interval to 400 msecs.
[  168.763824][ T5893] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  168.764591][ T5928] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  168.807643][ T5893] usb 7-1: USB disconnect, device number 2
[  168.852084][ T5832] Bluetooth: hci1: command tx timeout
[  168.974637][ T5928] usb 6-1: Using ep0 maxpacket: 16
[  169.006781][ T5928] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  169.040644][ T5893] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  169.047651][ T5928] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  169.080762][ T5928] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  169.096669][ T5928] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  169.141313][ T5928] usb 6-1: Product: syz
[  169.167720][ T5928] usb 6-1: Manufacturer: syz
[  169.191948][ T5928] usb 6-1: SerialNumber: syz
[  169.215059][ T5928] usb 6-1: config 0 descriptor??
[  169.251389][ T7727] loop6: detected capacity change from 0 to 128
[  169.260701][ T5928] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  169.300453][ T5928] em28xx 6-1:0.0: Audio interface 0 found (Vendor Class)
[  169.352121][ T7727] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  169.438782][ T7727] ext4 filesystem being mounted at /7/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  169.537612][ T3005] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  169.566531][ T3005] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  169.592352][ T3005] bond0 (unregistering): Released all slaves
[  169.639259][ T7139] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  169.849276][ T5928] em28xx 6-1:0.0: chip ID is em2884
[  169.924720][ T7738] loop4: detected capacity change from 0 to 256
[  170.007402][ T7739] loop6: detected capacity change from 0 to 1764
[  170.053087][ T5928] em28xx 6-1:0.0: Config register raw data: 0xfffffffb
[  170.090106][ T5928] em28xx 6-1:0.0: AC97 chip type couldn't be determined
[  170.138610][ T5928] em28xx 6-1:0.0: No AC97 audio processor
[  170.224372][ T5928] usb 6-1: USB disconnect, device number 3
[  170.250224][ T5928] em28xx 6-1:0.0: Disconnecting em28xx
[  170.319449][ T5928] em28xx 6-1:0.0: Freeing device
[  170.671146][ T7761] loop4: detected capacity change from 0 to 512
[  170.715513][ T7761] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  170.738765][ T3005] hsr_slave_0: left promiscuous mode
[  170.773727][ T7761] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  170.801911][ T3005] hsr_slave_1: left promiscuous mode
[  170.824507][ T3005] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  170.833735][ T7758] loop6: detected capacity change from 0 to 4096
[  170.838986][ T3005] batman_adv: batadv0: Removing interface: batadv_slave_0
[  170.884519][ T7761] EXT4-fs (loop4): 1 truncate cleaned up
[  170.914579][ T3005] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  170.922036][ T3005] batman_adv: batadv0: Removing interface: batadv_slave_1
[  170.930109][ T5832] Bluetooth: hci1: command tx timeout
[  170.957519][ T7761] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  171.079125][ T3005] veth1_macvtap: left promiscuous mode
[  171.113479][ T3005] veth0_macvtap: left promiscuous mode
[  171.122249][ T3005] veth1_vlan: left promiscuous mode
[  171.143045][ T7761] EXT4-fs error (device loop4): ext4_expand_extra_isize_ea:2798: inode #15: comm syz.4.450: corrupted xattr block 33: invalid header
[  171.158526][ T3005] veth0_vlan: left promiscuous mode
[  171.266666][ T7761] EXT4-fs (loop4): Remounting filesystem read-only
[  171.390680][ T5828] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  171.553564][ T7752] loop3: detected capacity change from 0 to 32768
[  171.637626][ T7752] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  172.432404][ T7752] XFS (loop3): Ending clean mount
[  172.467854][ T7752] XFS (loop3): Quotacheck needed: Please wait.
[  172.589733][ T7752] XFS (loop3): Quotacheck: Done.
[  172.684374][   T30] audit: type=1800 audit(1750337871.031:62): pid=7752 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.449" name="bus" dev="loop3" ino=9291 res=0 errno=0
[  172.729141][ T7788] loop5: detected capacity change from 0 to 131072
[  172.938154][ T5835] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  173.005412][ T5832] Bluetooth: hci1: command tx timeout
[  173.073888][ T7788] F2FS-fs (loop5): Test dummy encryption mode enabled
[  173.138143][ T7788] F2FS-fs (loop5): invalid crc value
[  173.260643][ T7788] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  173.338826][ T7788] fscrypt: AES-256-XTS using implementation "xts-aes-aesni-avx"
[  173.517255][ T3005] team0 (unregistering): Port device team_slave_1 removed
[  173.765471][ T3005] team0 (unregistering): Port device team_slave_0 removed
[  173.946970][ T7826] loop4: detected capacity change from 0 to 2048
[  174.103621][ T7826] UDF-fs: error (device loop4): udf_process_sequence: Primary Volume Descriptor not found!
[  174.166045][   T30] audit: type=1326 audit(1750337872.511:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7830 comm="syz.3.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfea58e929 code=0x7ffc0000
[  174.223592][ T7826] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  174.228631][   T30] audit: type=1326 audit(1750337872.511:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7830 comm="syz.3.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfea58e929 code=0x7ffc0000
[  174.315437][   T30] audit: type=1326 audit(1750337872.521:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7830 comm="syz.3.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7fbfea58e929 code=0x7ffc0000
[  174.326663][ T7826] UDF-fs: unknown compression code (0)
[  174.428808][   T30] audit: type=1326 audit(1750337872.521:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7830 comm="syz.3.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfea58e929 code=0x7ffc0000
[  174.483411][   T30] audit: type=1326 audit(1750337872.521:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7830 comm="syz.3.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfea58e929 code=0x7ffc0000
[  174.548705][   T30] audit: type=1326 audit(1750337872.521:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7830 comm="syz.3.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7fbfea58e929 code=0x7ffc0000
[  174.642596][   T30] audit: type=1326 audit(1750337872.521:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7830 comm="syz.3.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfea58e929 code=0x7ffc0000
[  174.739747][   T30] audit: type=1326 audit(1750337872.531:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7830 comm="syz.3.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=209 compat=0 ip=0x7fbfea58e929 code=0x7ffc0000
[  174.812657][   T30] audit: type=1326 audit(1750337872.531:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7830 comm="syz.3.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfea58e929 code=0x7ffc0000
[  175.084188][ T5832] Bluetooth: hci1: command tx timeout
[  175.501147][ T7834] loop6: detected capacity change from 0 to 32768
[  175.539486][ T7834] gfs2: fsid=norecovery: Trying to join cluster "lock_nolock", "norecovery"
[  175.548955][ T7834] gfs2: fsid=norecovery: Now mounting FS (format 1801)...
[  175.588538][   T30] audit: type=1326 audit(1750337873.941:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7854 comm="syz.5.480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3c458e929 code=0x7ffc0000
[  175.677779][ T7834] gfs2: fsid=norecovery.s: journal 0 mapped with 7 extents in 0ms
[  175.840293][ T7834] gfs2: fsid=norecovery.s: first mount done, others may mount
[  175.979700][ T7668] chnl_net:caif_netlink_parms(): no params data found
[  176.477085][ T7872] loop4: detected capacity change from 0 to 4096
[  176.518604][ T7878] loop6: detected capacity change from 0 to 2048
[  176.566334][ T7668] bridge0: port 1(bridge_slave_0) entered blocking state
[  176.594056][ T7668] bridge0: port 1(bridge_slave_0) entered disabled state
[  176.641414][ T7668] bridge_slave_0: entered allmulticast mode
[  176.648223][ T7878] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  176.677842][ T7668] bridge_slave_0: entered promiscuous mode
[  176.761004][ T7668] bridge0: port 2(bridge_slave_1) entered blocking state
[  176.826492][ T7668] bridge0: port 2(bridge_slave_1) entered disabled state
[  176.833762][ T7878] EXT4-fs (loop6): shut down requested (2)
[  176.857431][ T7668] bridge_slave_1: entered allmulticast mode
[  176.895393][ T7668] bridge_slave_1: entered promiscuous mode
[  177.000288][ T7139] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  177.168974][ T7668] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  177.226275][ T7668] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  177.591941][ T7668] team0: Port device team_slave_0 added
[  177.627340][  T977] IPVS: starting estimator thread 0...
[  177.671836][ T7668] team0: Port device team_slave_1 added
[  177.715273][ T7909] IPVS: using max 26 ests per chain, 62400 per kthread
[  177.897147][ T7668] batman_adv: batadv0: Adding interface: batadv_slave_0
[  177.904391][ T7918] capability: warning: `syz.3.499' uses 32-bit capabilities (legacy support in use)
[  177.937880][ T7668] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  178.011992][ T7668] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  178.075653][ T7886] loop5: detected capacity change from 0 to 32768
[  178.096765][ T7668] batman_adv: batadv0: Adding interface: batadv_slave_1
[  178.133705][ T7668] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  178.158515][    C0] hrtimer: interrupt took 65929 ns
[  178.161774][ T7668] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  178.176308][ T7920] loop6: detected capacity change from 0 to 4096
[  178.202315][ T7886] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  178.246458][ T7920] NILFS (loop6): invalid segment: Checksum error in segment payload
[  178.288023][ T7920] NILFS (loop6): trying rollback from an earlier position
[  178.376872][ T7920] NILFS (loop6): recovery complete
[  178.386239][ T7930] OCFS2: ERROR (device loop5): int ocfs2_reserve_local_alloc_bits(struct ocfs2_super *, u32, struct ocfs2_alloc_context *): local alloc inode 76 says it has 2 used bits, but a count shows 1
[  178.427663][ T7931] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  178.513442][ T7930] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  178.529169][ T7668] hsr_slave_0: entered promiscuous mode
[  178.548170][ T7668] hsr_slave_1: entered promiscuous mode
[  178.555664][ T7930] OCFS2: Returning error to the calling process.
[  178.569362][ T7930] (syz.5.488,7930,1):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -5
[  178.617576][ T7930] (syz.5.488,7930,0):ocfs2_reserve_clusters_with_limit:1172 ERROR: status = -5
[  178.707302][ T7930] (syz.5.488,7930,0):ocfs2_reserve_clusters_with_limit:1221 ERROR: status = -5
[  178.796921][ T7930] (syz.5.488,7930,1):ocfs2_mknod:357 ERROR: status = -5
[  178.832774][ T7937] mmap: syz.3.504 (7937) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  178.888319][ T7930] (syz.5.488,7930,1):ocfs2_mknod:502 ERROR: status = -5
[  178.929505][ T7930] (syz.5.488,7930,1):ocfs2_mkdir:658 ERROR: status = -5
[  179.003322][ T7941] loop4: detected capacity change from 0 to 128
[  179.024957][ T7886] syz.5.488 (7886) used greatest stack depth: 19272 bytes left
[  179.039069][ T7941] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  179.102521][ T7941] ext4 filesystem being mounted at /118/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  179.210569][   T30] kauditd_printk_skb: 6 callbacks suppressed
[  179.210589][   T30] audit: type=1800 audit(1750337877.551:79): pid=7941 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.506" name="file0" dev="loop4" ino=12 res=0 errno=0
[  179.332720][ T5968] ocfs2: Unmounting device (7,5) on (node local)
[  179.381528][ T5828] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  179.822240][ T7668] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  179.875433][ T7668] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  179.923646][ T7668] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  179.940819][   T24] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  179.966501][ T7668] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  180.133685][   T24] usb 4-1: Using ep0 maxpacket: 16
[  180.161005][   T24] usb 4-1: too many configurations: 85, using maximum allowed: 8
[  180.178436][   T24] usb 4-1: config 6 has no interfaces?
[  180.200659][   T24] usb 4-1: config 6 has no interfaces?
[  180.216543][   T24] usb 4-1: config 6 has no interfaces?
[  180.224711][   T24] usb 4-1: config 6 has no interfaces?
[  180.233722][   T24] usb 4-1: config 6 has no interfaces?
[  180.246047][   T24] usb 4-1: config 6 has no interfaces?
[  180.283284][   T24] usb 4-1: config 6 has no interfaces?
[  180.311977][   T24] usb 4-1: config 6 has no interfaces?
[  180.374188][   T24] usb 4-1: string descriptor 0 read error: -71
[  180.380446][ T7957] loop4: detected capacity change from 0 to 32768
[  180.380587][   T24] usb 4-1: New USB device found, idVendor=09c0, idProduct=0200, bcdDevice=58.3c
[  180.405252][ T5920] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  180.412992][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=236
[  180.459616][   T24] usb 4-1: rejected 8 configurations due to insufficient available bus power
[  180.508529][   T24] usb 4-1: no configuration chosen from 8 choices
[  180.574620][   T24] usb 4-1: USB disconnect, device number 7
[  180.610704][ T5920] usb 6-1: config 220 has an invalid interface number: 76 but max is 2
[  180.633887][ T5920] usb 6-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  180.642784][ T5920] usb 6-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  180.655487][ T7668] 8021q: adding VLAN 0 to HW filter on device bond0
[  180.685041][ T5920] usb 6-1: config 220 has no interface number 2
[  180.691378][ T5920] usb 6-1: config 220 interface 1 altsetting 5 bulk endpoint 0x1 has invalid maxpacket 32
[  180.706358][ T7668] 8021q: adding VLAN 0 to HW filter on device team0
[  180.718936][ T5920] usb 6-1: config 220 interface 1 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 12
[  180.736915][ T6941] bridge0: port 1(bridge_slave_0) entered blocking state
[  180.744099][ T6941] bridge0: port 1(bridge_slave_0) entered forwarding state
[  180.744381][ T5920] usb 6-1: config 220 interface 0 has no altsetting 0
[  180.758263][ T5920] usb 6-1: config 220 interface 76 has no altsetting 0
[  180.765433][ T5920] usb 6-1: config 220 interface 1 has no altsetting 0
[  180.776472][ T5920] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  180.792958][ T7957] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  180.792982][ T7957]   allowing incompatible features above 0.0: (unknown version)
[  180.792995][ T7957]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  180.793796][ T5920] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  180.855476][ T6941] bridge0: port 2(bridge_slave_1) entered blocking state
[  180.862681][ T6941] bridge0: port 2(bridge_slave_1) entered forwarding state
[  180.878465][ T5920] usb 6-1: Product: syz
[  180.882747][ T5920] usb 6-1: Manufacturer: syz
[  180.889021][ T5920] usb 6-1: SerialNumber: syz
[  180.946681][ T7957] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0
[  180.993936][ T7957] bcachefs (loop4): initializing new filesystem
[  181.100469][ T7957] bcachefs (loop4): going read-write
[  181.160408][ T5920] uvcvideo 6-1:220.1: Unknown video format 00000000-0000-0000-0000-000000000000
[  181.204519][ T7957] bcachefs (loop4): marking superblocks
[  181.214044][ T5920] usb 6-1: Found UVC 7.01 device syz (8086:0b07)
[  181.239333][ T5920] usb 6-1: No valid video chain found.
[  181.260334][ T5920] usb 6-1: selecting invalid altsetting 0
[  181.334902][ T5920] usb 6-1: selecting invalid altsetting 0
[  181.384639][ T7957] bcachefs (loop4): initializing freespace
[  181.396388][ T5920] usbtest 6-1:220.1: probe with driver usbtest failed with error -22
[  181.438287][ T8005] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  181.481968][ T7957] bcachefs (loop4): done initializing freespace
[  181.528945][ T7957] bcachefs (loop4): reading snapshots table
[  181.558304][ T7957] bcachefs (loop4): reading snapshots done
[  181.834007][ T5920] usb 6-1: USB disconnect, device number 4
[  181.847796][ T7957] bcachefs (loop4):  loop4: Superblock write was silently dropped! (seq 0 expected 42)
[  181.911165][ T7957] bcachefs (loop4): done starting filesystem
[  182.319612][ T7668] 8021q: adding VLAN 0 to HW filter on device batadv0
[  182.429806][ T7957] syz.4.508 (7957) used greatest stack depth: 17832 bytes left
[  182.610251][ T5828] bcachefs (loop4): shutting down
[  182.628857][ T8028] loop5: detected capacity change from 0 to 512
[  182.661505][ T5828] bcachefs (loop4): going read-only
[  182.677894][ T5828] bcachefs (loop4): finished waiting for writes to stop
[  182.709877][ T8028] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  182.749029][ T5828] bcachefs (loop4): flushing journal and stopping allocators, journal seq 3
[  182.805041][ T8028] EXT4-fs (loop5): 1 truncate cleaned up
[  182.833082][ T8028] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  182.907028][ T8012] loop3: detected capacity change from 0 to 32768
[  182.937057][ T5828] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 3
[  182.947613][ T8012] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.517 (8012)
[  182.997258][ T8028] EXT4-fs error (device loop5): __ext4_iget:5379: inode #12: block 2: comm syz.5.521: invalid block
[  183.009531][ T5828] bcachefs (loop4): clean shutdown complete, journal seq 4
[  183.023195][ T5828] bcachefs (loop4): marking filesystem clean
[  183.029658][ T8028] EXT4-fs (loop5): Remounting filesystem read-only
[  183.031528][ T8028] EXT4-fs (loop5): shut down requested (0)
[  183.066181][ T8012] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  183.128534][ T8012] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm
[  183.167420][ T8012] BTRFS info (device loop3): disk space caching is enabled
[  183.204993][ T5828] bcachefs (loop4): shutdown complete
[  183.219038][ T8012] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  183.322443][ T5968] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  183.363493][ T7668] veth0_vlan: entered promiscuous mode
[  183.388577][ T7668] veth1_vlan: entered promiscuous mode
[  183.431770][ T7668] veth0_macvtap: entered promiscuous mode
[  183.451712][ T7668] veth1_macvtap: entered promiscuous mode
[  183.555773][ T7668] batman_adv: batadv0: Interface activated: batadv_slave_0
[  183.578943][ T7668] batman_adv: batadv0: Interface activated: batadv_slave_1
[  183.632096][ T6939] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  183.652221][ T6939] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  183.676036][ T8012] BTRFS info (device loop3): rebuilding free space tree
[  183.679259][ T6939] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  183.749037][ T8012] BTRFS info (device loop3): disabling free space tree
[  183.793644][ T8012] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  183.814496][ T6939] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  183.856426][ T8012] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  184.072595][ T6934] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  184.101604][ T6934] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  184.211994][ T6941] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  184.263731][ T6941] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  184.275160][ T5835] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  185.003664][ T8088] loop6: detected capacity change from 0 to 512
[  185.022391][ T8061] loop5: detected capacity change from 0 to 32768
[  185.128053][ T8088] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  185.205727][ T8061] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  185.272257][ T8088] ext4 filesystem being mounted at /37/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  185.411181][ T8061] XFS (loop5): Ending clean mount
[  185.442779][ T8061] XFS (loop5): Quotacheck needed: Please wait.
[  185.450550][ T8088] EXT4-fs error (device loop6): ext4_do_update_inode:5568: inode #2: comm syz.6.532: corrupted inode contents
[  185.542513][ T8061] XFS (loop5): Quotacheck: Done.
[  185.547682][ T8088] EXT4-fs error (device loop6): ext4_dirty_inode:6459: inode #2: comm syz.6.532: mark_inode_dirty error
[  185.573942][ T8088] EXT4-fs error (device loop6): ext4_do_update_inode:5568: inode #2: comm syz.6.532: corrupted inode contents
[  185.688767][ T8088] EXT4-fs error (device loop6): __ext4_ext_dirty:206: inode #2: comm syz.6.532: mark_inode_dirty error
[  185.746677][ T8104] EXT4-fs error (device loop6): ext4_do_update_inode:5568: inode #2: comm syz.6.532: corrupted inode contents
[  185.836057][ T8104] EXT4-fs error (device loop6): ext4_dirty_inode:6459: inode #2: comm syz.6.532: mark_inode_dirty error
[  185.881426][ T5968] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  185.903518][ T8104] EXT4-fs error (device loop6): ext4_do_update_inode:5568: inode #2: comm syz.6.532: corrupted inode contents
[  185.946370][ T8105] EXT4-fs error (device loop6): ext4_do_update_inode:5568: inode #2: comm syz.6.532: corrupted inode contents
[  185.960918][ T8105] EXT4-fs error (device loop6): ext4_append:88: inode #2: comm syz.6.532: mark_inode_dirty error
[  186.033238][ T8105] EXT4-fs error (device loop6) in ext4_append:100: Corrupt filesystem
[  186.263144][ T8090] loop7: detected capacity change from 0 to 32768
[  186.357664][ T7139] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  186.716642][ T8119] netlink: 8 bytes leftover after parsing attributes in process `syz.3.536'.
[  186.796381][ T8119] netlink: 16 bytes leftover after parsing attributes in process `syz.3.536'.
[  186.903364][ T8117] loop6: detected capacity change from 0 to 32768
[  187.006492][ T8117] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  187.023481][ T5967] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  187.155660][ T8117] XFS (loop6): Ending clean mount
[  187.176078][ T8117] XFS (loop6): Metadata corruption detected at xfs_dinode_verify+0x1a6/0x1570, inode 0x2443 dinode
[  187.187136][ T8117] XFS (loop6): Unmount and run xfs_repair
[  187.192885][ T8117] XFS (loop6): First 128 bytes of corrupted metadata buffer:
[  187.200327][ T8117] 00000000: 49 4e 41 ed 03 01 00 00 00 00 00 00 00 00 00 00  INA.............
[  187.209252][ T8117] 00000010: 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  187.218291][ T8117] 00000020: 34 f7 58 68 a5 e2 bf 3d 34 f7 58 68 a5 e2 bf 3d  4.Xh...=4.Xh...=
[  187.227229][ T8117] 00000030: 34 f7 58 68 a5 e2 bf 3d 00 00 00 00 00 00 00 20  4.Xh...=....... 
[  187.237017][ T8117] 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  187.246126][ T5967] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  187.246158][ T5967] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  187.246199][ T5967] usb 6-1: New USB device found, idVendor=05ac, idProduct=4262, bcdDevice= 0.00
[  187.246222][ T5967] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  187.249538][ T5967] usb 6-1: config 0 descriptor??
[  187.257927][ T8117] 00000050: 00 00 00 02 00 00 00 00 00 00 00 00 54 01 7a fc  ............T.z.
[  187.257971][ T8117] 00000060: ff ff ff ff 4c 7b c2 21 00 00 00 00 00 00 00 04  ....L{.!........
[  187.257988][ T8117] 00000070: 00 00 00 01 00 00 00 80 00 00 00 00 00 00 00 08  ................
[  187.384247][ T7139] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  187.789605][ T5967] hid-generic 0003:05AC:4262.0002: unbalanced delimiter at end of report description
[  187.824307][ T5967] hid-generic 0003:05AC:4262.0002: probe with driver hid-generic failed with error -22
[  188.045040][   T43] usb 6-1: USB disconnect, device number 5
[  188.331199][ T6934] Bluetooth: hci5: Frame reassembly failed (-84)
[  188.526296][ T8168] netlink: 'syz.3.548': attribute type 10 has an invalid length.
[  188.546767][ T8168] netlink: 40 bytes leftover after parsing attributes in process `syz.3.548'.
[  188.662168][ T8143] loop4: detected capacity change from 0 to 32768
[  188.718896][ T8168] team0: Port device geneve0 added
[  189.240151][ T8189] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  189.663109][ T8200] loop5: detected capacity change from 0 to 164
[  189.713974][ T5920] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  189.718364][ T8200] rock: directory entry would overflow storage
[  189.767553][ T8200] rock: sig=0x66, size=4, remaining=3
[  189.908109][ T5920] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  189.925740][ T5920] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  189.954366][ T5920] usb 5-1: Product: syz
[  189.971207][ T5920] usb 5-1: Manufacturer: syz
[  189.985116][ T5920] usb 5-1: SerialNumber: syz
[  190.017839][ T5920] usb 5-1: config 0 descriptor??
[  190.264010][ T5920] usb 5-1: USB disconnect, device number 3
[  190.363596][ T5832] Bluetooth: hci5: command 0x1003 tx timeout
[  190.363608][ T5844] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  190.466723][ T8221] loop5: detected capacity change from 0 to 128
[  190.586092][ T8221] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  190.600060][ T8221] ext4 filesystem being mounted at /89/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  190.660625][ T8221] fscrypt (loop5, inode 12): Mutually exclusive encryption flags (0x1e)
[  190.763592][ T8229] block nbd0: server does not support multiple connections per device.
[  190.787373][ T8229] block nbd0: shutting down sockets
[  190.929099][ T5968] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  191.263786][ T8243] dvmrp5: entered allmulticast mode
[  191.311342][ T8247] loop5: detected capacity change from 0 to 512
[  191.319985][ T8245] pimreg: entered allmulticast mode
[  191.359008][ T8243] pimreg: left allmulticast mode
[  191.377447][ T8243] dvmrp5: left allmulticast mode
[  191.420318][ T8247] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a054c028, mo2=0002]
[  191.481298][ T8247] System zones: 0-2, 18-18, 34-35
[  191.512772][ T8247] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  191.534385][ T8254] loop3: detected capacity change from 0 to 64
[  191.601677][ T8247] ext4 filesystem being mounted at /90/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  191.784841][ T8247] EXT4-fs error (device loop5): ext4_empty_dir:3078: inode #12: comm syz.5.569: Directory hole found for htree leaf block 0
[  191.878180][ T8247] EXT4-fs (loop5): Remounting filesystem read-only
[  191.999758][ T5920] kernel write not supported for file /media0 (pid: 5920 comm: kworker/1:4)
[  192.053038][ T5968] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  192.083309][ T6920] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  192.117887][ T6920] Quota error (device loop5): write_blk: dquota write failed
[  192.143491][ T6920] Quota error (device loop5): free_dqentry: Can't write quota data block 5
[  192.170537][ T6920] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  192.216838][ T6920] Quota error (device loop5): write_blk: dquota write failed
[  192.239468][ T6920] Quota error (device loop5): free_dqentry: Can't write quota data block 5
[  192.470092][ T8281] loop5: detected capacity change from 0 to 512
[  192.537455][ T8281] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  192.618839][ T8281] EXT4-fs (loop5): 1 truncate cleaned up
[  192.636034][ T8276] loop3: detected capacity change from 0 to 8192
[  192.690457][ T8281] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  192.730024][ T8276] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  193.029561][ T5968] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  193.253444][ T5920] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  193.453591][ T5920] usb 7-1: Using ep0 maxpacket: 16
[  193.471395][ T5920] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  193.504357][ T5920] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  193.534037][  T977] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  193.538814][ T5920] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  193.561394][ T5920] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  193.582087][ T5920] usb 7-1: Product: syz
[  193.611667][ T5920] usb 7-1: Manufacturer: syz
[  193.626902][ T5920] usb 7-1: SerialNumber: syz
[  193.664563][ T5920] usb 7-1: config 0 descriptor??
[  193.688108][ T5920] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  193.717079][  T977] usb 4-1: Using ep0 maxpacket: 32
[  193.724883][  T977] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  193.733022][  T977] usb 4-1: config 0 has no interface number 0
[  193.748596][ T5920] em28xx 7-1:0.0: Audio interface 0 found (Vendor Class)
[  193.771864][  T977] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  193.823433][  T977] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  193.832387][  T977] usb 4-1: Product: syz
[  193.846477][  T977] usb 4-1: Manufacturer: syz
[  193.868033][  T977] usb 4-1: SerialNumber: syz
[  193.923419][  T977] usb 4-1: config 0 descriptor??
[  193.961730][  T977] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  194.142507][ T8299] loop7: detected capacity change from 0 to 32768
[  194.179522][  T977] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  194.215303][ T8299] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.586 (8299)
[  194.257790][  T977] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  194.281013][ T8299] BTRFS info (device loop7): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  194.288175][ T8329] loop5: detected capacity change from 0 to 64
[  194.304057][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  194.322245][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  194.328977][ T5920] em28xx 7-1:0.0: chip ID is em2750
[  194.387926][ T8299] BTRFS info (device loop7): using sha256 (sha256-x86_64) checksum algorithm
[  194.529655][ T5920] em28xx 7-1:0.0: Config register raw data: 0xfffffffb
[  194.554109][ T5920] em28xx 7-1:0.0: AC97 chip type couldn't be determined
[  194.571502][ T5920] em28xx 7-1:0.0: No AC97 audio processor
[  194.599014][    C0] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71
[  194.602397][   T43] usb 4-1: USB disconnect, device number 8
[  194.664446][ T8299] BTRFS info (device loop7): rebuilding free space tree
[  194.679102][   T43] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  194.722236][ T5920] usb 7-1: USB disconnect, device number 3
[  194.782606][ T5920] em28xx 7-1:0.0: Disconnecting em28xx
[  194.786608][ T8299] BTRFS info (device loop7): disabling free space tree
[  194.789096][   T43] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  194.800539][ T8299] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  194.843989][ T5920] em28xx 7-1:0.0: Freeing device
[  194.849787][   T43] quatech2 4-1:0.51: device disconnected
[  194.865943][ T8299] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  195.062284][ T8356] loop5: detected capacity change from 0 to 2048
[  195.187998][ T8299] BTRFS info (device loop7): balance: start -d -m
[  195.198546][ T8356] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  195.365503][ T6934] BTRFS warning (device loop7): Skipping commit of aborted transaction.
[  195.385919][   T36] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  195.416979][ T6934] ------------[ cut here ]------------
[  195.422645][ T6934] BTRFS: Transaction aborted (error -28)
[  195.439469][   T36] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  195.440943][ T8299] BTRFS info (device loop7 state A): 1 enospc errors during balance
[  195.462929][ T8367] loop6: detected capacity change from 0 to 512
[  195.463990][ T6934] WARNING: fs/btrfs/transaction.c:2021 at btrfs_commit_transaction+0x2f67/0x3950, CPU#1: kworker/u8:16/6934
[  195.480773][ T6934] Modules linked in:
[  195.484821][ T6934] CPU: 1 UID: 0 PID: 6934 Comm: kworker/u8:16 Not tainted 6.16.0-rc2-next-20250619-syzkaller #0 PREEMPT(full) 
[  195.496636][ T6934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  195.507201][ T6934] Workqueue: events_unbound btrfs_async_reclaim_metadata_space
[  195.514978][ T6934] RIP: 0010:btrfs_commit_transaction+0x2f67/0x3950
[  195.521522][ T6934] Code: 0f 08 e0 fd 84 c0 74 2b e8 f6 38 f9 fd eb 73 e8 ef 38 f9 fd 90 48 c7 c7 60 ad cd 8b 8b 5c 24 18 89 de e8 dc e8 bc fd 89 d9 90 <0f> 0b 90 90 e9 1a 01 00 00 e8 2b 40 a6 07 89 c3 31 ff 89 c6 e8 00
[  195.541309][ T6934] RSP: 0018:ffffc900037d7500 EFLAGS: 00010246
[  195.548352][ T6934] RAX: 9069aa1377383500 RBX: 00000000ffffffe4 RCX: 00000000ffffffe4
[  195.553566][   T36] EXT4-fs (loop5): This should not happen!! Data will be lost
[  195.553566][   T36] 
[  195.556405][ T6934] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
[  195.576367][ T6934] RBP: ffffc900037d7830 R08: 0000000000000003 R09: 0000000000000004
[  195.584417][ T6934] R10: dffffc0000000000 R11: fffffbfff1bfaa2c R12: ffff888026b1b078
[  195.592428][ T6934] R13: ffff88805599c000 R14: ffff88805599c000 R15: 0000000000000000
[  195.600730][ T6934] FS:  0000000000000000(0000) GS:ffff888125d28000(0000) knlGS:0000000000000000
[  195.603485][   T36] EXT4-fs (loop5): Total free blocks count 0
[  195.609753][ T6934] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  195.622303][ T6934] CR2: 00007f311294de9c CR3: 000000007794c000 CR4: 00000000003526f0
[  195.630422][ T6934] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  195.633545][   T36] EXT4-fs (loop5): Free/Dirty block details
[  195.638866][ T6934] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  195.644687][   T36] EXT4-fs (loop5): free_blocks=2415919504
[  195.644716][   T36] EXT4-fs (loop5): dirty_blocks=32
[  195.644731][   T36] EXT4-fs (loop5): Block reservation details
[  195.644745][   T36] EXT4-fs (loop5): i_reserved_data_blocks=2
[  195.675627][ T6934] Call Trace:
[  195.676744][ T8367] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  195.678924][ T6934]  <TASK>
[  195.678942][ T6934]  ? btrfs_commit_transaction+0x161/0x3950
[  195.697632][ T6934]  ? __pfx_btrfs_commit_transaction+0x10/0x10
[  195.703891][ T6934]  ? do_raw_spin_unlock+0x122/0x240
[  195.706278][ T6920] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 1025 with max blocks 1 with error 28
[  195.709117][ T6934]  ? join_transaction+0x41b/0xd70
[  195.726862][ T6934]  ? btrfs_record_root_in_trans+0x91/0x180
[  195.732722][ T6934]  ? start_transaction+0x439/0x1620
[  195.738429][ T6934]  flush_space+0x48b/0xcd0
[  195.742909][ T6934]  ? __pfx_btrfs_get_alloc_profile+0x10/0x10
[  195.749336][ T6934]  ? __pfx_flush_space+0x10/0x10
[  195.754338][ T6934]  ? do_raw_spin_lock+0x121/0x290
[  195.759404][ T6934]  ? do_raw_spin_unlock+0x122/0x240
[  195.764744][ T6934]  do_async_reclaim_metadata_space+0x144/0x390
[  195.770946][ T6934]  btrfs_async_reclaim_metadata_space+0x89/0xe0
[  195.777270][ T6934]  ? process_scheduled_works+0x9ef/0x17b0
[  195.783081][ T6934]  process_scheduled_works+0xae1/0x17b0
[  195.788770][ T6934]  ? __pfx_process_scheduled_works+0x10/0x10
[  195.794875][ T6934]  worker_thread+0x8a0/0xda0
[  195.799549][ T6934]  kthread+0x70e/0x8a0
[  195.800871][ T8299] BTRFS info (device loop7 state A): balance: canceled
[  195.803685][ T6934]  ? __pfx_worker_thread+0x10/0x10
[  195.803723][ T6934]  ? __pfx_kthread+0x10/0x10
[  195.803750][ T6934]  ? _raw_spin_unlock_irq+0x23/0x50
[  195.803780][ T6934]  ? lockdep_hardirqs_on+0x9c/0x150
[  195.803810][ T6934]  ? __pfx_kthread+0x10/0x10
[  195.803835][ T6934]  ret_from_fork+0x3fc/0x770
[  195.803867][ T6934]  ? __pfx_ret_from_fork+0x10/0x10
[  195.803903][ T6934]  ? __switch_to_asm+0x39/0x70
[  195.803924][ T6934]  ? __switch_to_asm+0x33/0x70
[  195.803943][ T6934]  ? __pfx_kthread+0x10/0x10
[  195.803968][ T6934]  ret_from_fork_asm+0x1a/0x30
[  195.804006][ T6934]  </TASK>
[  195.804028][ T6934] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  195.804043][ T6934] CPU: 1 UID: 0 PID: 6934 Comm: kworker/u8:16 Not tainted 6.16.0-rc2-next-20250619-syzkaller #0 PREEMPT(full) 
[  195.804068][ T6934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  195.804082][ T6934] Workqueue: events_unbound btrfs_async_reclaim_metadata_space
[  195.804107][ T6934] Call Trace:
[  195.804117][ T6934]  <TASK>
[  195.804128][ T6934]  dump_stack_lvl+0x99/0x250
[  195.804165][ T6934]  ? __asan_memcpy+0x40/0x70
[  195.804199][ T6934]  ? __pfx_dump_stack_lvl+0x10/0x10
[  195.804233][ T6934]  ? __pfx__printk+0x10/0x10
[  195.804278][ T6934]  panic+0x2db/0x790
[  195.804318][ T6934]  ? __pfx_panic+0x10/0x10
[  195.804368][ T6934]  ? ret_from_fork_asm+0x1a/0x30
[  195.804398][ T6934]  __warn+0x334/0x4c0
[  195.804430][ T6934]  ? btrfs_commit_transaction+0x2f67/0x3950
[  195.804469][ T6934]  ? btrfs_commit_transaction+0x2f67/0x3950
[  195.804502][ T6934]  report_bug+0x2be/0x4f0
[  195.804535][ T6934]  ? btrfs_commit_transaction+0x2f67/0x3950
[  195.804580][ T6934]  ? btrfs_commit_transaction+0x2f67/0x3950
[  195.804614][ T6934]  ? btrfs_commit_transaction+0x2f69/0x3950
[  195.804648][ T6934]  handle_bug+0x84/0x160
[  195.804675][ T6934]  exc_invalid_op+0x1a/0x50
[  195.804698][ T6934]  asm_exc_invalid_op+0x1a/0x20
[  195.804721][ T6934] RIP: 0010:btrfs_commit_transaction+0x2f67/0x3950
[  195.804758][ T6934] Code: 0f 08 e0 fd 84 c0 74 2b e8 f6 38 f9 fd eb 73 e8 ef 38 f9 fd 90 48 c7 c7 60 ad cd 8b 8b 5c 24 18 89 de e8 dc e8 bc fd 89 d9 90 <0f> 0b 90 90 e9 1a 01 00 00 e8 2b 40 a6 07 89 c3 31 ff 89 c6 e8 00
[  195.804778][ T6934] RSP: 0018:ffffc900037d7500 EFLAGS: 00010246
[  195.804798][ T6934] RAX: 9069aa1377383500 RBX: 00000000ffffffe4 RCX: 00000000ffffffe4
[  195.804816][ T6934] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
[  195.804829][ T6934] RBP: ffffc900037d7830 R08: 0000000000000003 R09: 0000000000000004
[  195.804845][ T6934] R10: dffffc0000000000 R11: fffffbfff1bfaa2c R12: ffff888026b1b078
[  195.804863][ T6934] R13: ffff88805599c000 R14: ffff88805599c000 R15: 0000000000000000
[  195.804905][ T6934]  ? btrfs_commit_transaction+0x161/0x3950
[  195.804968][ T6934]  ? __pfx_btrfs_commit_transaction+0x10/0x10
[  195.805010][ T6934]  ? do_raw_spin_unlock+0x122/0x240
[  195.805035][ T6934]  ? join_transaction+0x41b/0xd70
[  195.805079][ T6934]  ? btrfs_record_root_in_trans+0x91/0x180
[  195.805115][ T6934]  ? start_transaction+0x439/0x1620
[  195.805172][ T6934]  flush_space+0x48b/0xcd0
[  195.805202][ T6934]  ? __pfx_btrfs_get_alloc_profile+0x10/0x10
[  195.805241][ T6934]  ? __pfx_flush_space+0x10/0x10
[  195.805261][ T6934]  ? do_raw_spin_lock+0x121/0x290
[  195.805298][ T6934]  ? do_raw_spin_unlock+0x122/0x240
[  195.805329][ T6934]  do_async_reclaim_metadata_space+0x144/0x390
[  195.805370][ T6934]  btrfs_async_reclaim_metadata_space+0x89/0xe0
[  195.805393][ T6934]  ? process_scheduled_works+0x9ef/0x17b0
[  195.805428][ T6934]  process_scheduled_works+0xae1/0x17b0
[  195.805496][ T6934]  ? __pfx_process_scheduled_works+0x10/0x10
[  195.805562][ T6934]  worker_thread+0x8a0/0xda0
[  195.805648][ T6934]  kthread+0x70e/0x8a0
[  195.805680][ T6934]  ? __pfx_worker_thread+0x10/0x10
[  195.805715][ T6934]  ? __pfx_kthread+0x10/0x10
[  195.805744][ T6934]  ? _raw_spin_unlock_irq+0x23/0x50
[  195.805777][ T6934]  ? lockdep_hardirqs_on+0x9c/0x150
[  195.805810][ T6934]  ? __pfx_kthread+0x10/0x10
[  195.805838][ T6934]  ret_from_fork+0x3fc/0x770
[  195.805874][ T6934]  ? __pfx_ret_from_fork+0x10/0x10
[  195.805916][ T6934]  ? __switch_to_asm+0x39/0x70
[  195.805938][ T6934]  ? __switch_to_asm+0x33/0x70
[  195.805960][ T6934]  ? __pfx_kthread+0x10/0x10
[  195.805988][ T6934]  ret_from_fork_asm+0x1a/0x30
[  195.806032][ T6934]  </TASK>
[  195.811242][ T6934] Kernel Offset: disabled