last executing test programs:

14.030596111s ago: executing program 3 (id=822):
openat$dir(0xffffffffffffff9c, 0x0, 0x20000, 0x0)
fanotify_init(0xf00, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000000040)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$netlink(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r4 = socket(0x80000000000000a, 0x5, 0x0)
setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000600)={0x0, {{0xa, 0x0, 0x2c, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @mcast2}}}, 0x108)
setsockopt$inet6_group_source_req(r4, 0x29, 0x2c, 0x0, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000001a40)=@raw={'raw\x00', 0x8, 0x3, 0x310, 0x0, 0xe138, 0x198, 0x0, 0x198, 0x278, 0x358, 0x358, 0x278, 0x358, 0x3, 0x0, {[{{@ip={@broadcast, @loopback, 0x0, 0x0, 'netdevsim0\x00', 'veth0_to_bond\x00'}, 0x0, 0x130, 0x198, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'fsm\x00', "0d0080ff0000050000000404fff0cf81dfd28c89544e14cd3e01dd24289831867846c88621039b284c3ff45c42995560a99952bed40cf5a8c1df6cdbdb7e2378d5afd35f4c16827f55b3af494e39e8fb330200000000000032b6a99a8d87298e88a94cb519f5c17631af916a0002000000000000000000000000000000000049", 0x4}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0x98, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x370)
bind$netlink(r2, &(0x7f00000004c0)={0x10, 0x0, 0x2ddfdbff, 0x2ffffffff}, 0xc)
listen(0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(0xffffffffffffffff, 0x40089413, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r1, 0x541b, &(0x7f0000000040)={<r5=>0xffffffffffffffff})
close_range(r5, 0xffffffffffffffff, 0x0)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00')
socket(0x400000000010, 0x3, 0x0)
r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x24}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r6, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa)
read$eventfd(0xffffffffffffffff, &(0x7f0000000340), 0x8)

13.694045714s ago: executing program 2 (id=823):
syz_io_uring_setup(0xa4d, &(0x7f0000000500)={0x0, 0x3177, 0x80, 0x1, 0x24f}, &(0x7f00000000c0)=<r0=>0x0, &(0x7f0000000340)=<r1=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_submit(r0, r1, &(0x7f0000000200)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x42, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x1, {0x2}})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r4, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
ioctl$SNDCTL_DSP_SYNC(r4, 0x5001, 0x0)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x6)
io_uring_setup(0x5237, &(0x7f0000009a80)={0x0, 0x25d1, 0x400, 0x0, 0x210})
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
read$msr(r5, &(0x7f0000000580)=""/179, 0xb3)
landlock_add_rule$LANDLOCK_RULE_NET_PORT(0xffffffffffffffff, 0x2, &(0x7f00000001c0)={0x2, 0x8}, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000000100)=0x3)
close_range(r4, 0xffffffffffffffff, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r6, 0x6, 0x14, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0xa, 0xd, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000000000000000000000000000851000000100000095000000000000001800000020646c2500000000002020207b1af8ff00000000bd21ffff0000000007010000f8ffffffb502020008040000b70300000000000085000000a400000095"], &(0x7f0000000080)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41000}, 0x94)

11.236939993s ago: executing program 0 (id=825):
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
r0 = socket$netlink(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, 0x0, 0x4000050)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB='8\x00\x00\x00\n'], 0x38}, 0x1, 0x0, 0x0, 0x10048047}, 0x4000050)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

10.26210321s ago: executing program 0 (id=827):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002cbd70100400000005000000080009000200000008000c00a80a000008000b000000000006000100"], 0x34}}, 0x0)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0x4c, &(0x7f0000000140)={@link_local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2a}, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x16, 0x11, 0x0, @remote, @local, {[], {0x0, 0xe22, 0x16, 0x0, @gue={{0x2, 0x0, 0x0, 0x3}, "30b00afe4e70"}}}}}}}, 0x0)

10.255507815s ago: executing program 4 (id=828):
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
r0 = socket$netlink(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x10048047}, 0x4000050)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB='8\x00\x00\x00\n'], 0x38}, 0x1, 0x0, 0x0, 0x10048047}, 0x4000050)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

10.237302307s ago: executing program 3 (id=829):
syz_mount_image$jfs(&(0x7f0000005d00), &(0x7f0000005d40)='./file0\x00', 0x0, &(0x7f0000005d80), 0x1, 0x5d17, &(0x7f000000bac0)="$eJzs3U1vHVcZB/Dnvvj6pbSNKlSFiEWaQmkpzXsC5a0pCxawAAllTSLXrQIpoMQgWlnElReIFV8BNt2w6FfgA/QzID4AkWxWXVAGjX1OMh5f5zokvnPt8/tJzswz547vmfw9nns9M/cEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA/+uHPLvQi4sbv0oITEV+IQUQ/YrGuT0c9cy0/fhgRJ2O7OV6MiMF8RL3+9j/PR1yOiE+fi9jcWluuF188YD+unF+98/mPf/CPP/554+Qv3vn5x+32n37x0id/uhdx4idvfvL5vaez7QAAAFCKqqqqXnqbfyq9v+933SkAYCry8b9K8nK1Wq1Wq9XHr26qxrvXLCJivblO/ZrB6XgAOGLW47Ouu0CH5F+0YUQ803UngJnW67oDHIrNrbXlXsq31zwenN5pz9eC7Mp/vffg/o79ppO0rzGZ1s/XRgzihX36szilPsySnH+/nf+NnfZRetxh5z8t++U/2rn1qTg5/0E7/5bjk39/bP6lyvkPHyv/gfwBAAAAAGCG5b//n+j4/O/8k2/KgTzq/O/pKfUBAAAAAAAAAJ62Jx3/7wHj/wEAAMDMqt+r1/7y3MNl+30WW738ei/i2dbjgcKkm2WWuu4HAAAAAAAAAAAAAJRkuHMN7/VexFxEPLu0VFVV/dXUrh/Xk65/1JW+/VCyrn/JAwDAjk+fa93L34tYiIjr6bP+5paWlqpqYXGpWqoW5/Pr2dH8QrXYeF+bp/Wy+dEBXhAPR1X9zRYa6zVNer88qb39/ernGlWDA3RsOjoMHAAiYudotOmIdMxU1fPR9ascjgb7//Fj/+cguv45BQAAAA5fVVVVL32c96l0zr/fdacAgKnIx//2eQG1Wq1Wq9XHr26qxrvXLCJivblO/ZrBcPwAcMSsx2ddd4EOyb9ow4g42XUngJnW67oDHIrNrbXlXsq31zwepPHd87Ugu/Jf722vl9cfN52kfY3JtH6+NmIQL+zTnxen1IdZkvPvt/O/sdM+So877PynZb/86+080UF/upbzH7Tzbzk++ffH5l+qnP/wsfIfyB8AAAAAAGZY/vv/Ced/8yYDAAAAAAAAwJGzubW2nO97zef/vzzmce7/PJ5y/j35Fynn32/n37ogZ9CYv//2w/z/vbW2/PHqv76UpzOf/9xgVD/3XK8/GKZrfqq5d+NW3I6VOL/n8cNd7Rf2tM/tar84of3SnvZR3b6Y28/Gcvw6bsc7D9rnJ1wYtTChvZrQnvMf2P+LlPMfNr7q/JdSe681rd3/qL9nv29Oxz3Ptb/955W9e9f0bcTgwbY11dt3poP+bP+fPDOK395duXP29zdXV+9ciDTZtfRipMlTlvOfS185/1df3mnPv/eb++v9j0aPnf+s2Ijhvvm/3Jivt/e1KfetCzn/UfrK+ecj0Pj9/yjnv//+/3oH/QEAAAAAAAAAAAAAAIBHqapq+xbRaxFxNd3/09W9mQDAdOXjf5Xk5Wq1Wq1Wq49f3VSN91aziIi/N9epXzP8Ydw3AwBm2X8j4p9dd4LOyL9g+fP+6ulXuu4MMFV3P/jwlzdv3165c7frngAAAAAAAAAA/688/ufpxvjP29cBtcaN3jX+69tx+siO/9kfDbbHOk8b9FI8evzvM/Ho8b+HE55vbkL7aEL7/IT2hQntY2/0aMj5v5QyzvmfShtW0vivr3bQn67l/M+ksZ5z/l9rPa6Zf/XXo5x/f1f+51bf/825ux98+Mat92++t/Leyq8unL96+dKVy5euXDn37q3bK+d3/u2wx4cr55/HvnYdaFly/jlz+Zcl5//VVMu/LDn/V1It/7Lk/PPrPfmXJeef3/vIvyw5/9dSLf+y5Py/nmr5lyXn/3qq5V+WnP83Ui3/suT830i1/MuS8z+bavmXJed/LtXyL0vOP5/hkn9Zcv75ygb5lyXnfzHV8i9Lzv9SquVflpz/5VTLvyw5/yupln9Zcv5XUy3/suT8v5lq+Zcl5/+tVMu/LDn/N1Mt/7Lk/L+davmXJef/nVTLvyw5/++mWv5lyfl/L9XyL0vO//upln9Zcv5vpVr+ZXn4+f9mzJgxk2e6/s0EAAAAAAAAAAAAALRN43LirrcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOB/7MCBAAAAAACQ/2sjVFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWEHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKe/cWI1d93wH87M1eGwJuuBMHbHMzsLC7voFDDCYJKSW9UBLSpiU1jr02Tnyrd81NqGwKbYmCVKT2gT40TaI0itRWoCpSU4lGSI3UvjVPjXiJWikPfoDKQUmlVIGtzsz///fM7HrOGnvwzPl/PpH9886cM/OfM2dm97vRdwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABotf7jM382VBRF+afx15qiuLD896piZ/nl/LbzvUIAAADgbL3T+PvvL04X7FzGTi3b/Ns1//HdhYWFheILb5949y8WFtIV64piZGVRNK6L/v0XP19o3SZ4rhgfGm75erji7kcqrh+tuH6s4voVFdevrLh+vOL6RQdgkVXN38c0buz6xj/XNA9pcWkx1rju+iX2em5o5fBw/F1Ow1Bjn4WxfcWB4mAxU0wt2meo8b+ieG19eV/3F/G+hlvua21RFCd/+syeuIahcIyvL9rurKH1uXvr3mLd2z99Zs+35968aqlZeRgWrbQoNm4o1/l8UZz6dVUxVKxMxySuc7hlnWuXWOdI2zqHGvuV/+5c58llrjM+7vGwzh92WefacNmT1xVFMV+cdptOzxXDxeqOe03He7x5RpS3UT6VHyxGz+g8Wb+M86Tc5yfXtZ8nnedkPP7rwzEZPc0aWp+Ot768YtFxf6/nSfmo++FcLW/7wfJOx8dbf7Xadq6W2zxzw+nPgSWfuyXOgXQut5wDG6rOgeEVI41zYPjUmje0nQPTi/YZLoYa93Xihu7nwOTcoaOTs089fduBQ7v3z+yfOTw9tW3L5q1bNm/dOrnvwMGZqebfZ3ZIB8jqYjidgxvCe008B2/q2Lb1lFz4xrl7HYz3yeugfOyfubFc0IXDxWnO8XKb5zee/esgfd9veR2MtrwOlnxPXeJ1MLqM10G5zcmNy/ueOdryZ6k19Oq9cE3LOXA+vx+W9/nIzad/L1wb1vXCLWf6/XBk0TkQH9ZQeO2Vl6Sf98bvDMdl8XlxdXnFBSuK47Mzx25/cvfc3LHpIoz3xSUtz1Xn+bK65TEVi86X4TM+X3b+3S9vvHqJy9eEYzV+a/fnqtxmy0T356rx7r708Wy7dFMRxjn2fh/Ppb6blcczZYkux7Pc5vnbzv5nwZRLWt7/xqre/0bGRpvvfyPpaIy1vf8tfmpGGisripO3Le/9byz8eb/f/y7tk/e/8lg9cnv3c6Dc5oXJMz0HRru+/10X5lBYz80hMYy35P53G9fPN0/Tluey8rwZHR0L581ovMf282bzon3KWyvve+PUeztvNl7X/ly1/dxSw/OmPFZ/OdX9vCm3eX367N87VsV/trx3rKg6B8ZGVpTrHUsnQfP9bmFVPAduL/YUR4qDxd60T/ksl/c1sWl558CK8Of9fu+4sk/OgfJYvbyp+zlQbvODzef2Z6eN4ZK0TcvPTp2/Xzhd5r969NTtdR62c535y3V+Ykv33w2V27y55UxzRvfjdGu45IIljlPn6+d05/Te4v05TleGdR7c2v13U+U2l25b5vm0syiKN6bfaPy+K/x+9x+P/+d3237vu9TvlN+YfuOByYd+dCbrBwDgvXu38ff8iubPmi3/j/Vy/v9/AAAAYCDE3D8cZiL/AwAAQG3E3D8SZiL/AwAAQG3E3D8aZpJJ/n/szu2vvPNskT4NcCGI18fD8ODdze1ix3s+fL1u4ZTy8o99a+yVrzy7vPseLorilw98aMntH7s7rqvpaFznR9ovX+TKa5d1/48+fGq71s9POLm9efvx8Sz3NIhd5dcmNzVud91T0435+gNFYz40/8Jzzdtvfh23P7G5uf1fhw8t2blvqG3/jWE914e5LnymzIM7Tx2Hcsb9Xll7zb9e8tlT9xf3G9pwUeNhvvxHzduNnxH10iXN7ePjPt36/+Wr33ml3P7JG5Ze/7PDS6//RLjdn4T5ix3N7VuP+Vda1v8nYf3x/uJ+t3/z+0uu/9Urmtu/Gs6Lr4fZuf57//zD7yz1fMX72XlXc794/1P/u6WxX7y9ePud6x9/drrteHTe/utvN29nx+M/G2ndPl4e7yd69K7283soPL9tPfKiKL7zp0XbcS4+2tzvnzvWH2/v6F1Lr//WjnUeHbq2sf+px7Om7XF97W83Lfl443p2/sOatsfz0n3h+L09+YPydk88FM7HcP3//bB5e52fZfrqfe3vN3H7r69pvm7j7U12rP+ljvXPX1seu+r13/92c/2v3rOybf07PxnOp/ubs2r9+//m4rb9v/Ht5vNx7ImJw0dmjx/Y23JUW1/HK8dXrb7gwg9cdHF4L+38eteRucdmjq2bWjdVFOsG8CMDe73+b4b5P80xf+7voelHP2uedy9+qvl966afN79+KVz+aHg+4/fHr/3VWNv52vm8z9/TnGe7/lvCOpbriq/+97XL2vDE5187/k9//GbnzwXx8Ry9bLzx+F5ef3njuqHXm9d3vl9V+a/L2l/XPx6daszvheO6ED6ZecPlzfvrvP342SQvfrr5+o0/ycX9i47PE1kz0v44znb9Pw4/x3z/yvb3v3h+fO/Zjk9zXlMMlUuYD+8PxXzz+rhVPN4vnrx8yfuLn8NTzF91Jss8rdmnZicPHjh8/MnJuZnZucnZp57edejI8cNzuxqfXbrri1X7n3p9r268vvfObNtSNF7tR5qjx873+o8+vGfvHVM37p3Zt/v4vrmHj84c279ndnbPzN7ZG3fv2zfzRNX+B/bumN60ffMdmyb2H9i7487t2zdvnzhw+Ei5jOaiKmyb+tLE4WO7GrvM7tiyfXrr1i1TE4eO7J3ZccfU1MTxqv0b35smyr0fnzg2c3D33IFDMxOzB56e2TG9fdu2TZWf/njo6L7ZdZPHjh+ePD47c2yy+VjWzTUuLr/3Ve1PHmaPhPe7DkPhp/PP3botfT5u6VtfPu1NNTdp//G0eCt8FlT8/lb1dcz9Y2EmmeR/AAAAyEHM/eGD/09dIf8DAABAbcTcvzLMRP4HAACA2oi5fzzMJJP8r/+v/6//r/+v/6//30v6//r/3ej/6/8P8vr1//X/qdZv/f+Y+1cVRZb5HwAAAHIQc//qMBP5HwAAAGoj5v4LwkzkfwAAAKiNmPsvDDPJJP/r/+v/6//r/+v/6//3kv6//n83+v/6/4O8fv1//X+q9Vv/P+b+D4SZZJL/AQAAIAcx918UZiL/AwAAQG3E3H9xmIn8DwAAALURc/+aMJNM8r/+v/6//r/+v/6//n8v6f/r/3ej/6//P8jr1//X/6dav/X/Y+7/lTCTTPI/AAAA5CDm/g+Gmcj/AAAAUBsx918SZiL/AwAAQG3E3H9pmEkm+V//X/9f/1//X/9f/7+X9P/1/7vR/9f/H+T16//r/1Ot3/r/MfdfFmaSSf4HAACAHMTcf3mYifwPAAAAtRFz/xVhJvI/AAAA1EbM/VeGmWSS//X/9f/1//X/9f/1/3tJ/1//vxv9f/3/QV6//r/+P9X6rf8fc/9VYSaZ5H8AAADIQcz9V4eZyP8AAABQGzH3fyjMRP4HAACA2oi5f22YSSb5X/9f/1//X/9f/1//v5f0//X/u9H/1/8f5PXr/+v/U63f+v8x9384zCST/A8AAAA5iLn/mjAT+R8AAABqI+b+a8NM5H8AAACojZj714WZZJL/9f/1//X/9f/1//X/e0n/X/+/G/1//f9BXr/+v/4/1fqt/x9z//owk0zyPwAAAOQg5v4NYSbyPwAAANRGzP3XhZnI/wAAAFAbMfdfH2aSSf7X/9f/1//X/9f/1//vJf1//f9u9P/1/wd5/fr/+v9U67f+f8z9N4SZZJL/AQAAIAcx998YZiL/AwAAQG3E3H9TmIn8DwAAALURc//GMJNM8r/+v/6//r/+v/6//n8v6f/r/3ej/6//P8jr1//X/6dav/X/Y+6/Ocwkk/wPAAAAOYi5/5YwE/kfAAAAaiPm/lvDTOR/AAAAqI2Y+yfCTDLJ//r/+v/6//r/+v/6/72k/6//343+v/7/IK9f/1//n2r91v+Puf+2MJNM8j8AAADkIOb+28NM5H8AAACojZj7J8NM5H8AAACojZj7p8JMMsn/+v/6//r/+v/6//r/vaT/r//fjf6//v8gr1//X/+fav3W/4+5fzrMJJP8DwAAADmIuX9TmIn8DwAAALURc//mMBP5HwAAAGoj5v4tYSaZ5H/9f/1//X/9f/1//f9e0v/X/+9G/1//f5DXr/+v/0+1fuv/x9y/Ncwkk/wPAAAAOYi5f1uYifwPAAAAtRFz/x1hJvI/AAAA1EbM/XeGmWSS//X/9f/1//X/9f/1/3tJ/1//vxv9f/3/QV6//r/+P9X6rf8fc//2MJNM8j8AAADkIOb+j4SZyP8AAABQGzH33xVmIv8DAABAbcTc/9Ewk0zyv/6//r/+v/6//r/+fy+d7/7/+Dm6H/3/Jv3/dvr/+v/6//r/dNdv/f+Y+3eEmWSS/wEAACAHMfffHWYi/wMAAEBtxNx/T5iJ/A8AAAC1EXP/zjCTTPK//r/+v/6//r/+v/5/L53v/v+5ov/fpP/fTv9f/1//X/+f7vqt/x9z/71hJpnkfwAAAMhBzP0fCzOR/wEAAKA2Yu7/eJiJ/A8AAAC1EXP/J8JMMsn/+v/6//r/+v/6//r/vaT/r//fjf6//v8gr1//X/+fav3W/4+5/74wk0zyPwAAAOQg5v5PhpnI/wAAAFAbMff/apiJ/A8AAAC1EXP//WEmmeR//X/9f/1//X/9f/3/XtL/1//vRv9f/3+Q16//r/9PtX7r/8fc/2thJpnkfwAAAMhBzP0PhJnI/wAAAFAbMfd/KsxE/gcAAIDaiLn/18NMMsn/+v/6//r/+v/6//r/vaT/r//fjf6//v8gr1//X/+fav3W/4+5/zfCTDLJ/wAAAJCDmPt/M8xE/gcAAIDaiLn/t8JM5H8AAACojZj7HwwzyST/6//r/+v/6//r/+v/95L+v/5/N/r/+v+DvH79f/1/qvVb/z/m/t8OM8kk/wMAAEAOYu5/KMxE/gcAAIDaiLn/02Em8j8AAADURsz9nwkzyST/6//r/+v/6//r/+v/95L+v/5/N/r/+v+DvH79f/1/qvVb/z/m/ofDTDLJ/wAAAJCDmPs/G2Yi/wMAAEBtxNz/O2Em8j8AAADURsz9vxtmkkn+1//X/9f/1//X/9f/7yX9f/3/bvT/9f8Hef36//r/VOu3/n/M/Z8LM8kk/wMAAEAOYu7/vTAT+R8AAABqI+b+3w8zkf8BAACgNmLufyTMJJP8r/+v/6//r/+v/6//30v6//r/3ej/6/8P8vr1//X/qdZv/f+Y+z8fZpJJ/gcAAIAcxNz/B2Em8j8AAADURsz9u8JM5H8AAACojZj7Hw0zyST/6//r/+v/6//r/+v/95L+v/5/N/r/+v+DvH79f/1/qvVb/z/m/t1hJpnkfwAAAMhBzP1fCDOR/wEAAKA2Yu7fE2Yi/wMAAEBtxNy/N8wkk/yv/6//r/+v/6//r//fS/r/+v/d6P/r/w/y+vX/9f+p1m/9/5j7Z8JMMsn/AAAAkIOY+/eFmcj/AAAAUBsx9+8PM5H/AQAAoDZi7n8szCST/K//r/+v/6//r/+v/99L+v/6/93o/+v/D/L69f/1/6nWb/3/mPsPhJlkkv8BAAAgBzH3fzHMRP4HAACA2oi5/0thJvI/AAAA1EbM/QfDTDLJ/2fQ/19R6P+flv7/0uvX/9f/1//X/9f/1//vRv9f/3+Q16//r/9PtX7r/8fcfyjMJJP8DwAAADmIuf9wmIn8DwAAALURc/+RMBP5HwAAAGoj5v6jYSaZ5H///X/9f/1//X/9f/3/XtL/1//vRv9f/3+Q16//r/9PtX7r/8fc/4dhJpnkfwAAAMhBzP3HwkzkfwAAAKiNmPtnw0zkfwAAAKiNmPvnwkwyyf/6//r/+v/Z9P/TG5z+fzv9/97S/9f/70b/X/9/kNev/6//T7V+6//H3H88zCST/A8AAAA5iLn/8TAT+R8AAABqI+b+J8JM5H8AAACojZj7nwwzyST/6//r/+v/Z9P/99//1/8/L/T/9f+70f/X/x/k9ev/6/9Trd/6/zH3PxVmkkn+BwAAgBzE3P90mIn8DwD8P3t3zQPAkcNxtL7PfMzMzMzMzMzMzHdh5iJFbKeItFutMmO/17idaqV/8dMCAG3k7n9i3GL/AwAAQBu5+58UtwzZ//p//b/+X/+v/9f/X0n/r/8/ov/X/+/8fv2//p9zq/X/ufufHLcM2f8AAAAwQe7+p8Qt9j8AAAC0kbv/qXGL/Q8AAABt5O5/WtwyZP/r//X/+n/9v/5f/38l/b/+/4j+X/+/8/v1//p/zq3W/+fuf3rcMmT/AwAAwAS5+58Rt9j/AAAA0Ebu/mfGLfY/AAAAtJG7/1lxy5D9r//X/+v/9f/6f/3/lfT/+v8j+n/9/87v1//r/zm3Wv+fu//ZccuQ/Q8AAAAT5O5/Ttxi/wMAAEAbufufG7fY/wAAANBG7v7nxS1D9r/+X/+v/9f/6//1/1fS/+v/H/1qP5b+X/+/8/v1//p/zq3W/+fuf37cMmT/AwAAwAS5+18Qt9j/AAAA0Ebu/hfGLfY/AAAAtJG7/0Vxy5D9r//X/+v/9f/6f/3/lfT/+v8j+n/9/87vf9z6/yc8cvT/7GC1/j93/4vjliH7HwAAACbI3f+SuMX+BwAAgDZy9780brH/AQAAoI3c/S+LW4bsf/2//l//r//X/+v/r6T/1/8f0f/r/3d+v///6/85t1r/n7v/5XHLkP0PAAAAE+Tuf0XcYv8DAABAG7n7Xxm32P8AAADQRu7+V8UtQ/a//l//r//X/+v/9f9X0v/r/4/o//X/O79f/6//59xq/X/u/lfHLUP2PwAAAEyQu/81cYv9DwAAAG3k7n9t3GL/AwAAQBu5+18XtwzZ//p//b/+X/+v/9f/X0n/r/8/ov/X/+/8fv2//p9zq/X/uftfH7cM2f8AAAAwQe7+N8Qt9j8AAAC0kbv/jXGL/Q8AAABt5O5/U9wyZP/r//X/+n/9v/5f/38l/b/+/4j+X/+/8/v1//p/zq3W/+fuf3PcMmT/AwAAwAS5+98St9j/AAAA0Ebu/rfGLfY/AAAAtJG7/21xy5D9r//X/+v/9f/6f/3/lfT/+v8j+n/9/87v1//r/zm3Wv+fu//tccuQ/Q8AAAAT5O5/R9xi/wMAAEAbufvfGbfY/wAAANBG7v53xS1D9r/+X/+v/9f/6//1/1fS/+v/j+j/9f87v1//r//n3Gr9f+7+d8ctQ/Y/AAAATJC7/z1xi/0PAAAAbeTuf2/cYv8DAABAG7n73xe3DNn/+n/9v/5f/6//1/9fSf+v/z+i/9f/7/x+/b/+n3Or9f+5+98ftwzZ/wAAADBB7v4PxC32PwAAALSRu/+DcYv9DwAAAG3k7v9Q3DJk/+v/9f/6f/2//l//fyX9v/7/iP5f/7/z+/X/+n/Ordb/5+7/cNwyZP8DAADABLn7PxK32P8AAADQRu7+j8Yt9j8AAAC0kbv/Y3HLkP2v/9f/6//1//p//f+V9P/6/yP6f/3/zu/X/+v/Obda/5+7/+Nxy5D9DwAAABPk7v9E3GL/AwAAQBu5+z8Zt9j/AAAA0Ebu/k/FLUP2v/5f/6//1//r//X/V9L/6/+P6P/1/zu/X/+v/+fcav1/7v5Pxy1D9j8AAABMkLv/M3GL/Q8AAABt5O7/bNxi/wMAAEAbufs/F7cM2f/6f/2//l//r//X/19J/6//P6L/1//v/H79v/6fc6v1/7n7Px+3DNn/AAAAMEHu/i/ELfY/AAAAtJG7/4txi/0PAAAAbeTu/1LcMmT/6//1//p//b/+X/9/Jf2//v+I/l//v/P79f/6f86t1v/n7v9y3DJk/wMAAMAEufu/ErfY/wAAANBG7v6vxi32PwAAALSRu/9rccuQ/a//1//r//X/+n/9/5X0//r/I/p//f/O79f/6/85t1r/n7v/63HLkP0PAAAAE+Tu/0bcYv8DAABAG7n7vxm32P8AAADQRu7+b8UtQ/a//l//r//X/+v/9f9X0v/r/4/o//X/O79f/6//59xq/X/u/m/HLUP2PwAAAEyQu/87cYv9DwAAAG3k7v9u3GL/AwAAQBu5+78XtwzZ//p//b/+X/+v/9f/X0n/r/8/ov/X/+/8fv2//p9zq/X/ufu/H7cM2f8AAAAwQe7+H8Qt9j8AAAC0kbv/h3GL/Q8AAABt5O7/UdwyZP/r//X/+n/9v/5f/38l/b/+/4j+X/+/8/v1//p/zq3W/+fu/3HcMmT/AwAAwAS5+38St9j/AAAA0Ebu/p/GLfY/AAAAtJG7/2dxy5D9r//X/+v/9f/6f/3/lfT/+v8j+n/9/87v1//r/zm3Wv+fu//nccuQ/Q8AAAAT5O7/Rdxi/wMAAEAbuft/GbfY/wAAANBG7v5fxS1D9r/+X/+v/9f/6//1/1fS/+v/j+j/9f87v1//r//n3Gr9f+7+X8ctQ/Y/AAAATJC7/zdxi/0PAAAAbeTu/23cYv8DAABAG7n7fxe3DNn/+n/9v/5f/6//1/9fSf+v/z+i/9f/7/x+/b/+n3Or9f+5+38ftwzZ/wAAADBB7v4/xC32PwAAALSRu/+PcYv9DwAAAG3k7v9T3DJk/+v/9f/6f/2//l//fyX9v/7/iP5f/7/z+/X/+n/Ordb/5+7/c9wyZP8DAADABLn7/xK32P8AAADQRu7+v8Yt9j8AAAC0kbv/b3HLkP2v/9f/6//1//p//f+V9P/6/yP6f/3/zu/X/+v/Obda/5+7/+9xy5D9DwAAABPk7v9H3GL/AwAAQBu5+/8Zt9j/AAAA0Ebu/n/FLUP2v/5f/6//1//r//X/V9L/6/+P6P/1/zu/X/+v/+fcav1/7v5/xy1D9j8AAABMkLv/P3GL/Q8AAABt5O7/b9xi/wMAAEAbufv/F7cM2f/6f/2//l//r//X/19J/6//P6L/1//v/H79v/6fc6v1/7n7/x+3DNn/AAAAMEHu/hviFvsfAAAA2sjdf2PcYv8DAABAG7n7b4pbhux//b/+X/+v/9f/6/+vpP/X/x/R/+v/d36//l//z7nV+v/c/TfHLUP2PwAAAEyQu/+WuMX+BwAAgDZy998at9j/AAAA0Ebu/tviliH7X/+v/9f/6//1//r/K+n/9f9H9P/6/53fr//X/3Nutf4/d//tccuQ/Q8AAAAT5O6/I26x/wEAAKCN3P13xi32PwAAALSRu/+uuGXI/tf/6//1//p//b/+/0r6f/3/Ef2//n/n9+v/9f+cW63/z91/d9wyZP8DAADABLn774lb7H8AAABoI3f/vXGL/Q8AAABt5O6/L24Zsv/1//p//b/+X/+v/7+S/l//f0T/r//f+f36f/0/51br/3P33x+3DNn/AAAAMEHu/gfiFvsfAAAA2sjd/2DcYv8DAABAG7n7H4pbhux//b/+X/+v/9f/6/+vpP/X/x/R/+v/d36//l//z7nV+v/c/Q8HAAD//1hEP40=")
open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
rename(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpu.stat\x00', 0x275a, 0x0)
creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
lseek(r0, 0x1000001, 0x0)
getdents64(r0, 0x0, 0x0)

10.024939272s ago: executing program 2 (id=830):
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_ifreq(r3, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x7})
ioctl$sock_netdev_private(r3, 0x8949, &(0x7f0000000000))
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000380)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB='\x00'/12, @ANYRES32=0x0, @ANYRES64], 0x20)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000006c0)={'tunl0\x00', &(0x7f0000000600)={'gre0\x00', 0x0, 0x10, 0x40, 0xb, 0x1ff, {{0x1a, 0x4, 0x1, 0x35, 0x68, 0x66, 0x0, 0xa6, 0x4, 0x0, @remote, @broadcast, {[@generic={0x82, 0xe, "f605a64058236f9f242e4d74"}, @timestamp_prespec={0x44, 0x44, 0x6c, 0x3, 0x7, [{@empty}, {@private=0xa010100, 0xdd}, {@remote, 0x7}, {@local, 0xfff80000}, {@empty, 0x1ff}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x1000}, {@remote, 0x4}, {@remote, 0x3}]}]}}}}})
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000700)={0x8}, 0x8)
r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42f82, 0x0)
ioctl$SNDCTL_DSP_SPEED(r4, 0xc0045002, &(0x7f0000000180)=0x4)
write$dsp(r4, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
r5 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000100)={'vxcan0\x00'})
sendmsg$can_bcm(r5, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000740)=ANY=[@ANYBLOB="8100000000000000000000000000000073b16c908c27b50bff9ac17dae008b54154e5297302bf863d9d49adc034c779589697cc87d44456c8e1cd4f7ceadf0865ac1a72514193dafaff3532df676ad0796ea40d6b4cc7816492ca9ec86e0924cda2faa6fb282fa1c231022ef9888a4573a6caf74f7998a8a06bca52bc79b7eebf2000ca1212a4c23ed6ef7ca3ed5553376adf4bead5efae64d7247d0501f01e76e21d0e3fd9083334db6fc84c30e0e3bbc128132c52b22dbe724a70556a27791d7ed46b335e901145e8187fac45bbc5285c615a1fcb89710a6dc9ec33eb96cabc8604b1c30afd8237cae31e37a45bd62ad0d006c89b6f2eec58d369bebda811c0e363a8a89fee8245a745797", @ANYRES64=0x0, @ANYBLOB="2be97832070e9de781c2433284ffa268048a2c447a8d8d62468d2f29ebfdd456016076d732499b2c27f073cc8d48c355a09ccc05a24b74ce6c66f1f69738fd3148334937ef4c967b1c6af5609c820d61c684e82190183e83abea078c981e160f8be35145a464ddf403b21862", @ANYRES64=0x77359400, @ANYRESHEX, @ANYBLOB="00000080010000008e04be686f"], 0x48}}, 0x0)

10.023747028s ago: executing program 4 (id=831):
syz_io_uring_setup(0xa4d, &(0x7f0000000500)={0x0, 0x3177, 0x80, 0x1, 0x24f}, &(0x7f00000000c0)=<r0=>0x0, &(0x7f0000000340)=<r1=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_submit(r0, r1, &(0x7f0000000200)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x42, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x1, {0x2}})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r3, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
ioctl$SNDCTL_DSP_SYNC(r3, 0x5001, 0x0)
r4 = socket$nl_crypto(0x10, 0x3, 0x15)
fcntl$addseals(r4, 0x409, 0x6)
io_uring_setup(0x5237, &(0x7f0000009a80)={0x0, 0x25d1, 0x400, 0x0, 0x210})
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
read$msr(r5, &(0x7f0000000580)=""/179, 0xb3)
landlock_add_rule$LANDLOCK_RULE_NET_PORT(0xffffffffffffffff, 0x2, &(0x7f00000001c0)={0x2, 0x8}, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000100)=0x3)
close_range(r3, 0xffffffffffffffff, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r6, 0x6, 0x14, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0xa, 0xd, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000000000000000000000000000851000000100000095000000000000001800000020646c2500000000002020207b1af8ff00000000bd21ffff0000000007010000f8ffffffb502020008040000b70300000000000085000000a400000095"], &(0x7f0000000080)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41000}, 0x94)

9.932978292s ago: executing program 0 (id=832):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000400)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000002c0)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1c, 0x0, 0x0, 0x8000, 0x2000}, 0x50)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
renameat2(r3, &(0x7f0000000c00)='./file1\x00', 0xffffffffffffffff, 0x0, 0x2)
setsockopt$RDS_CANCEL_SENT_TO(r3, 0x114, 0x1, &(0x7f0000000000)={0x2, 0x4e21, @local}, 0x10)
r4 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r4, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$rds(r4, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
sendmsg$rds(r4, &(0x7f0000000680)={&(0x7f00000000c0)={0x2, 0x8, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0)
syz_genetlink_get_family_id$wireguard(&(0x7f00000005c0), 0xffffffffffffffff)
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x2000042, &(0x7f0000002240)={[{@nombcache}, {@orlov}, {@inlinecrypt}, {@delalloc}, {@orlov}, {@delalloc}, {@noload}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@lazytime}]}, 0x3, 0x4ea, &(0x7f00000006c0)="$eJzs3UtvG1sdAPD/OPa9yW3AuYVFqURb+lCKoE7S9BGxKK3EY1UJUfZpSJwoihNXidM2UQXuJwChCpBYsWKDxAdAQv0ICKkS7FiwAlWQ0gUbZDR+tI1jh+TWjdvk95NO58w59fz/x4/xnJlRHMCRdSYibkbEQERciIh8sz3TLFFtlPT/vdh6NJuWJGq1O/9MImm2tW/zWPNhqe9/N+KHyc64axubSzOlUnF1e/PmpcXlmYXiQnFlcnLi2tT1qatT43scSZLdrXc4Im586+XPf/Kb79z4w9cf/G36Hxd/lKZ1t9nfaRy90Bh6LgZbDdV3EaV/0vdNtj5CAAA+BOcj4nhEnI2Ir0Y+BmLXw2gAAADgA1T75vDHrSoAAABwOGXq98YmmULzft/hyGQKhcY9vF+MTzKl8lrla/Pl9ZW5xj20I5HLzC+WiuPNe4VHIpek6xP1+uv1y23rkxHxaUQ8yQ+l6/U+AAAA4GAca5v/v8w35v8AAADAIeNiPAAAABx+5v8AAABw+Jn/AwAAwKH2vdu301J7sfWo/jsAc/c31pfK9y/NFdeWCsvrs4XZ8uq9wkK5vFAqFgb+//ZK5fK9K7Gy/nCskl2rjK1tbE4vl9dXKtP13/WeLh4/gDEBAAAA2316+ulfkoiofmOoXlIfNftyfc0MeI8k2baGu1/pUyZAT+zhlP52Z9bfTSLAgWv/TgeODnN8IGlvaDswGOx2qPDH/cdyzAEAAP0x+iXX/+GoyvQ7AaBvftrvBIC+cS4ejq7c/u8ABA6ZHdf/2wx269jz9f9abV8JAQAAPTfcWFSjeS1wODKZQuHVZcFkfrFUHI+Iz0fEn/O5j9P1iT7mCwAAAAAAAAAAAAAAAAAAAAAAAAAfolotiRoAAABwqEVk/p40f/9rNH9+uP38wEfJf/L1ZUQ8+NWdXzycqVRWJ9L2f71qr/yy2X65H2cwAAAA4CjK7drbmqe35vEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Esvth7NtspBxn1+K4ZipFP8bAzWl4ORi4hP/p1E9o3HJREx0IP41ccRcaJT/CRNK0aaWbTHz0TEUJ/jH+tBfDjKnt6KiJudPn+ZOFNfdv78ZZvlbT2/Vf+Qd4zf2v8NdNn/fW6PMU4++91Y1/iPI05mO+9/WvGTLvHP7TH+3R9sbnbrq/06YrTj90+yLdZYZfne2NrG5qXF5ZmF4kJxZXJy4trU9amrU+Nj84ulYvPfjjF+9uXfV590HX+mvnwzfmucI40Mf9xt/Of3OP7/Pnu49YVGNbczfsTFc51f/xP1ZefnP31PXGh+D6T9o616tVF/06nf/ulUt9zS+HNdnv/G65+vdRv/xb0Nf8eYAYD+WtvYXJoplYqrB1A5e6V3G0wOKGeVLpXB9yONg658+6230zocfpvt/LVn40rnDJ27+rxjAgAAeu71QX+/MwEAAAAAAAAAAAAAAAAAAICj6zP98bDT+3tUe8xqf4YKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALCr/wUAAP//GpnIcw==")
quotactl$Q_GETQUOTA(0xffffffff80000702, &(0x7f0000000080)=@loop={'/dev/loop', 0x0}, 0x0, 0x0)

8.795264572s ago: executing program 0 (id=833):
syz_usb_connect$hid(0x3, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000018bbdecde39739fcd1df176dde746ec834120600000000003b814e50a959736d6572462abc30ef5b65c70f73ecea54b5e5bea9836c319f653557e79a002208ce996dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e3686873600000000005493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1034e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc36160191acf5ae7469c82ab4145b595b987d75912a0fcd1c061835294cc0c618aba204f8adaa20c80108d356cd88cc86177056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6020d90ea79b8027cf75964dd86c2ed2b5e75779677aa8c76b848dd03dab190b5f02ec52830a17b01eaae1c3df076000000000000000000000000000083a48a6b926c668b9b90195018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac0111701b125cc6799c43aa4ff708dc4a00a6decad26f0378072a571da000000b1a6bdf03fd56697e348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0df04f20020ee84075b4e1a2ad43d1be1138de4668e7b6137545708790c501f1ed7f6a571d500000000000000"], 0x25, 0x5586, &(0x7f00000079c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx44SsumCJWPBPEEisWPIbWMASdogFiB0SyDMTaNoGSuM4avs80vjMHL8+874jK9KZiRzAU2sh/e2XJE7FsYiYi4iTSeT7SblF3Im4XIx9LiJOR0Tlri0p838lDkfE8Yg4NSle1EzKtz47Oz5z8ec3f/362yOHTnz+1XcHunDgQD0fEf3VYn+jX8SsU8RbZb4x7uaxf2FcxtUdNfpZkd9or+QVNhrb4xp5PN8pxmer68NJvNlrNCex072Z51cHxQmH4852nckH0luNtfy41V7JY3eY5bGzVZx3c6v427Y1HBV1WmW9j/LyMRptxyLf3mwX61m9ncfmYFTmi7pZq705ieMylqeLZtZr5fNYecSL/Bh4qztY30zH7bVhNxukF2v1F2r1S9X6WtZqj9oXqo1+69KFdLHTmwyrjtqN/uVOlnV67Voz6y+li51ms1qvp4tX2ivdxiCt12vna+eqF5fKvbPpa9ffS3utdHESX+kO1kfd3jC9ma2lxSeW0uXa+ReX0jP19J1rN9Ibb1+9eu3Gux9cef/6y9feeLUcdN+00sXlc8vL1fq56nJ96Sla/8flpP/D+pMHp3/4fm+XDQq7fMEA2N19/X/c2/+H/h+Yur30//3b5fH+9P/xMP1/TLP/n7RU+v9/738rB9D/zof+fx/XD3vyaP3/4anPAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAmftx/ovX852F4vhEmf9fmXqmPE4iohIRfzzAXBzeUXOurDO/y/j5e+bwTRJ5hck5jpTb8Yi4XG6//3+/rwIAAAA8ub68c/rTolsvXhYOekLMUnHTpnLywynVSyJifuGnKVWrTF6enVKx/Pt9KDanVC2/gXV0SsWKW26HplXtocztCEfvCkkRKjOdDgAAMBM7O4HZdiEAAADM0if/+O5LM5sHM5bE9qPM7WfB+X/e//1A8NiO9wAAAIDHUHLQEwAAAAD2Xd7/+/0/AAAAeLIVv/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf7JzP7lpA1EcgJ8Nhv5VUdV9r9IdHKNH6LLLwgF6CY5Ar9ALcAYiZZEjRBBhT5CcgBSJMU7Q90m2M+Po5xlg88bSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXbqpVrN/f77/PTdnuztPntkAAAAAx2yq1az+Y9K0P6b+z6nra2oXEVFGxLHafRCjVuYg5VQn/r96Mob/EXXCvn+cjg8R8SMd91+6/hQAAADgeq0Xy2lTrTentARw2++ouJBm0ab89DNTXhER1eQuU1q5P33LFFb/vofxO1NavYD1LlNYs+Q2PH5vlOshbYPW5XEm8/pLrFtlN88FAAD61K4ETlQhAAAAXIFffQ+AS3he2heH0+E947i5pBeC71stAAAA4A0q+h4AAAAA0Lm6/n9N+/8V9v8DAACA7Jr9/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjSplrN1ovl9NT9+Qtztrvz5JsRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLA/7ygQAmEQBnvXdyZz/8NKg4bGJlUgfPyNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxf68pEAIBEEUzBn/O+n7H1YS9AwiREDDo4paNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxb799EZRhgEAf3anu1DUWKtpYtVgwkEvUhYEuRqjaTz4EUyassXqIgo9CGnEXryZnrkYPRpjoqm3fgfONOGCNw491MSTh5r5V2bbFRqUmUJ/v+Td99nZ4f23E9Jn3lkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKm+/Gq+0iTtKXiTwuj93eWp5P641ddWp99c50WtK4VfO4nwCvVd8cn2puIAAAABweSZnfR8TdztpsWrcnsvy/U56T5vw/PJfHZT6/O+/f2Fo+Wnw0Xeb/v/9276WdjiaSrJ+00YXFQf/U3qGMPaYpHnjPP/SMsWzls3svSfaFtD9ceXGzk61n67tbt97vZuGROkYLADyKk2VdBOXfQ2nda3JgABwaY5XEu8z/k4lmxwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQh82VeKaMWxExPXY/Tm1sLc+Pqr9ZvTO9XpRzN2+uVttMm+hExMLioH+qxrkcXOVqXv9sbjDoX7l6re7geESM+OjG/v55Ugz/X8/pRsTQkRMvj2jn4330taudPUFxeUa9aziezu+hJ7eGjrT2LPh727kmLoC6gnbx/TyOLsZr/96Hg/La+/9brvm/IwAAnnqdoqSZ6N3O2mx6rDUZsf3jcP7/RiWOobx/+0Z+JH+/Xsn/731y7na1r2r+36tpfk+CmaVLX8xcvXb9rcVLcxf7F/ufv326907vzPmzZ8/PZPdKZhai7Y4JAAAA/0G3KNX8vz25d///WCWOB+z/51vCef7/5fe9r6t9JfL/ke5v+jU9EgAAgMOouxO98Ppff7ZGnNHqduOruaWlK738def96fy11uE+oiNFqeb/yWTTowIAAADqsLnSGtr/v1CJ4wH7/9Xn/5/96ZVfqm0mETEecTki+ifnLw8u1DedA62OHypnHXWbnikAAABNGS9Kdf+/kz3/39555KEdEW+eiPi7+A1/7DP/Tz749udqX9Xn/8/UOsuDpz2Vr0dWT0WMTTU9IgAAAJ5mR4uSJvt/dNZmP/312Eddz/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1O2fAAAA//+FVSwP")
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pipe(&(0x7f0000000240))
r3 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r3, 0x2007ffc)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x40942, 0x0)
copy_file_range(r3, 0x0, r4, 0x0, 0xfffffbffa003e45b, 0x700000000000000)

8.734047726s ago: executing program 4 (id=834):
r0 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket(0x2a, 0x2, 0x0)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0)
getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0xfffa, 0x2}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x800}, @TCA_FLOWER_KEY_IP_PROTO={0x5, 0x9, 0x73}]}}]}, 0x44}}, 0x24000000)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)

8.527377943s ago: executing program 4 (id=835):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1d, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000300)='rcu_utilization\x00', r0, 0x0, 0x4}, 0x18)
syz_usb_connect(0x0, 0x3f, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000d0918108ac051582588f0000000109022d00010000000009040000030b0800e209058da203002a000009050505000000000009058b", @ANYRES64], 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x23, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x2682, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, 0x0, 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_RESET(0xffffffffffffffff, 0x4141, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r5, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r6})
ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, &(0x7f0000000180)={0x28, 0x2, r6, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x100000000})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='io.stat\x00', 0x26e1, 0x0)
close(r7)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x8901, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$can_j1939(0x1d, 0x2, 0x7)

8.433822655s ago: executing program 3 (id=836):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0)
r1 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x4, 0x0, 0x3, 0xc}, &(0x7f0000000380)=<r2=>0x0, &(0x7f00000002c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd=r0, 0x0, 0x0, 0x4, 0x1})
io_uring_enter(r1, 0x20061d4, 0xfcc4, 0x64, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000002340)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05fea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca0200000000000000adcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828bf209d070490893616810a121ff4feedd1d176b313b9fc7bf31ddff431a4a50760ce18a76c4b7aa73cec3eec984c76d16f798c436410f3f4a41715e736a132c3cb9421be0b3c2bd40b75896c007fa2d47e3d8392d905d582b8eff689b0f493770c91e8c2e8bd0b08ffa4fd0289b04b0ea024768d196ef721314d68d29988b01871c6ea39f95a0b77744caadd24867acab274e8e4bf3fb44df31e15ffdce52f9f60ffe"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48)
bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000600)=ANY=[@ANYRES32=r4, @ANYRES32, @ANYBLOB="370000000000000004000000", @ANYRES32, @ANYBLOB="70da94b76fd1f834c8343e1b184259d1350d85fbe9338e78b28023fed5926029ab92b9a9717f3795fe4e664986088cc1c20ff4452c3ec46dbef492bfb598a1af1fb066f64df3defa271f4a9aab0015008c967fda84c1e87af9123ca1e3a5eab4e16af647cf1726f4acb9f105fad0d32df8d3fdd187c410953425bec2be214ddc8ca42118dbdf9e73b652e343bb706ae164c20f87248b2a6c2f", @ANYRES64=0x0], 0x20)
syz_io_uring_setup(0x10f, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_mount_image$squashfs(&(0x7f0000000000), &(0x7f0000000200)='./file1\x00', 0x10000, &(0x7f0000000240)=ANY=[], 0x1, 0x1a0, &(0x7f0000000440)="$eJzs0D9rU1EYx/Hvc+7JnwrVRsWhgg1YjDdUk5uqg1NwipALDo4GDWlsioma3gy2tNhFBKl28A3opKMKOokoOBcHwUGvSzdphuLgJJF774nga/B8hvu7zwPnnIenE/SDDPB7b61FlZjDfj4haGBGkp5SSb4x9Q+TW0lwwdSbJp+bnA5WVm80u932cv58ntw/DeBn3PvbCl5yRDEUqsiXvbVWU675jKr01IJPrk7xIU6DvvuIaT3J4as4jAqbXFT0pVCHA6VB73YpWFk9tdRrLrYX2zcrlflz5TPl8tlK6fpSt11+jbgPRPGEdVyfjM+Eu06qwb1tvY85QdyOCh0pDkk32Np2Th6fG6LcXUYI7wtDMt90J68uc4LslWj4GoeEpzg+s3UmFJr4oRpySb0ST3/Wv1KK7IbjnG7d6i4wlSxGdrPi7ZAqeFSKHvPRajjIB+6HzIbUQp6F7HxnRt5Gr4z3qjei7wtTHeUYpLnTHAyWvTR8FO0/noK70ZHJ+DoVz5WDd+aMCb6OfyzLsizLsizLsqz/wJ8AAAD//yIxYYY=")
mount(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x2012024, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
semctl$SETVAL(0x0, 0x1, 0x10, 0x0)
sendmsg$NFNL_MSG_CTHELPER_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x58}}, 0x0)
r6 = add_key$user(&(0x7f0000000040), &(0x7f0000000180)={'syz', 0x0}, &(0x7f0000000080)='\x00', 0x1, 0xfffffffffffffffb)
pipe2$watch_queue(&(0x7f0000000140)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x80)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(r8, 0x5760, 0x14)
keyctl$KEYCTL_WATCH_KEY(0x20, r6, r8, 0x100000000000f7)
keyctl$revoke(0x3, r6)
read$watch_queue(r7, &(0x7f0000000300)=""/62, 0x3e)

6.364683692s ago: executing program 2 (id=837):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000980)='ext4_request_blocks\x00', r0}, 0x15)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x800041, &(0x7f0000000080), 0x62, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV")

6.227514891s ago: executing program 3 (id=839):
syz_io_uring_setup(0xa4d, 0x0, &(0x7f00000000c0)=<r0=>0x0, &(0x7f0000000340))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, 0x0, 0x0, 0x4)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
ioctl$SNDCTL_DSP_SYNC(r2, 0x5001, 0x0)
r3 = socket$nl_crypto(0x10, 0x3, 0x15)
fcntl$addseals(r3, 0x409, 0x6)
io_uring_setup(0x5237, &(0x7f0000009a80)={0x0, 0x25d1, 0x400, 0x0, 0x210})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)

5.332228864s ago: executing program 4 (id=841):
socket(0x1e, 0x4, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pread64(r0, 0x0, 0x0, 0xce2)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x6a)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f0000000480)='cgroup.threads\x00', 0x2, 0x0)
sendfile(r4, r4, 0x0, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000200)={@dev}, 0x14)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r7=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r6, 0x3ba0, &(0x7f00000007c0)={0x48, 0x2, r7})
ioctl$IOMMU_IOAS_MAP$PAGES(r6, 0x3b85, &(0x7f0000000100)={0x28, 0x4, r7, 0x0, &(0x7f0000c00000/0x400000)=nil, 0x400000, 0x51e})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

5.222588193s ago: executing program 3 (id=842):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x6, 0x4, 0x0, 0x0, 0x1}, 0x94)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xf, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0)
ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000800)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet(0x2, 0x1, 0x100)
setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, 0x0, 0x0)
bind$inet(r2, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
sendto$inet(r2, &(0x7f00000012c0), 0x0, 0x11, 0x0, 0x0)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x200007fd, 0x0, 0x0)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, &(0x7f0000000000)={&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000002240)=""/4096, 0x1000, 0x0, 0x0}, &(0x7f0000000040)=0x40)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0x7)

5.13857986s ago: executing program 0 (id=843):
ioctl$VIDIOC_SUBDEV_S_FMT(0xffffffffffffffff, 0xc0585605, 0x0)
syz_mount_image$ocfs2(&(0x7f0000004740), &(0x7f0000004780)='./file0\x00', 0x100000a, &(0x7f00000002c0)={[{@journal_async_commit}, {@heartbeat_none}, {@usrquota}, {@barrier={'barrier', 0x3d, 0x7}}, {@heartbeat_none}, {@inode64}]}, 0x1, 0x4703, &(0x7f0000004800)="$eJzs212IXFcBB/BzJ6vZpMl2P9ImafoxSQQXLcumT9X6ENeqjabNh7bVVFlnN9vN6uzMujujBYPUIIiCoARBxQ+qQulLLYiBvtQiFPxAWoVSUbS+iBSq4INBG+jKzNybnXtntneyk7S0/f2gnb3n3nPumf3vPXfOPZNCrHZqYaW4sFIsVYrV2ftXbil+rlquL86FwqvktT4/vbkSOcn+tXPkfR/4yD23hPCHY1/70Orq6mpoGA5dHWj7+fy/T8+2vyYKmTqNdru31vLH+iMv/fwtr3REnhMhhB0d/WrYFEL42C9C2BxCGInLRuPXLSGEbSGEKITw6G/+9ePBfrrQ5uy9Lzx37MzhfWemHn/smQvzR9c9MArhu+XdN88vvrh/023Pv+MynR4AAF7RB48fufvo5IHwZBSGzg10fl7fGb8mn4/vfNun7np4YG3/Kr3Z9CqGCgAAABlr8//h6OUu63XJylqyJPjEAyfufipa229i+/p26K4jt79/8kC8/ht17L81Lvrnezc111Cz677Z9d+RTP3u679r53n4q8/+svLWjfc/6V9y3uEQFSZS24XCxEQIx6Za27uirYVydaX2zvur9crJjZ/3jSKdf3b1fm1Bv9f8RzPV89b/d3/i8z/bMtDPOxgL2b/axnax80+ZLtL5rz+W/+RLUU/5j2Xq5eV/x9Pbz/9qcz/vIHtGLkU6/9aFuK/9gGJrAGjk/82B/Px3ZNrPy//7U+cePbGB7/80xpnhqNHXwdQI8HJcvs5XmMhI598KIjV0xr/I9a7//2XyvybTfl7+d1b/8bu/9XH/X2/8H5/qp803j3T+rSCKqSPWrv+RQv71f22m/bz8f3vqz89+sq97dWf+jf6Pu//3JJ1/fCNOD57N32Sv4//OTPt5+e8au++hhQ30+8Nb4n4ORWGs7Vun5xq3sKG19ermlKaxe2kDJ3kTSOff+q2lLp2h1kvz+h/OH/93ZdrPy/+hPV9/z+m+vv/bffyfNP73JJ3/lmbZpeT/Uib/3Zn28/L/4em//+W+yzz+N7YPyr8n6fy3duxfe/5T6Gn+d12mft7zn32jTz3y1z7m/0n/kvMmz3+S5xDjUev5D92l879q3eN6vf/vydTLu/6/9Z/nn97fz/gfDXoC0Id0/ttahV0mgL3mf32m/bz8v3DPlz/+pw3M/5qf+AaT/Nvm/5tb5UeN/z1J57+9VZj6x1APNv/fvP9Hnbn/N5P/DZn28/K/cGhi4CuX+f7f6P94l0fZdErnP7TucY38f9/D/f/GTL28/L+496cv3tzX5/8QJs31Nyyd/9XrHte8/gfz878pUy8v/+9849dPPNhH/9/eR12y+bfu9anLKf5s3uv8v5hpPy//H42fP7v/Csz/bnX/70k6/9aq+aXkn53/7820n5f/9478YHngCjz/uUP+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGzIavw6HqDCR2i4UJiZCGIu3d4Wt0Uzp5PRMuTr7mZUQdsTlxTAazZerM6Xy9EKlenJuulQuV2dDuCbevyMMRivlam16sbR07cW2tkSn5krLtZm5Ui2EsDMuvz5sT9qaWagtlpaaxyZ1ropKn61Xa6WJ+srccth9sXxbUj6/XK0vXXexrasL1eWlU6XK9MmF5XdPTk5Ohj0X+zwSzT1Qm6vUWr1t7W3USeoOR21vprn7hrbzfbpaX66Uys3yG9vqlKuzpXJbnZvazldbrldmS7W56XJ1Pjlfsa1u23tr7t4b7xsPI6n3l9TNOhi/3n7o+EePHz7Qsb8YpfOu1BfnJrd3/5sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4I3rydve9e0QwkBrqxBCOJj8EMX/pZy994Xnjp05vO/M1OOPPXNh/mi3YwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4PztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYuZ+XKro4DsBnxve+FkgpbYRcBoaI6E7Cgn4RSeU1smWb1kGtEjIoCgwjWhYEQVC7qCBoFVT+BVELl62qTS1aGERQMTqTlzvCDS90zHkeGM4Mc++ZLwzcO3M+hwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB+nN2x2JW1l3ZtXtq6+0PozM/9H0IYTZb3P+/tCD0hhK9fZk6HVdpCT1P/bybnxstXTX7v7R9/eH00WXv9xXeL63aHJB1qON6ZpOnQ0Nr736juDD6bHkxCSGMXQhQLY0/O1EIIHbELIYqfH+cvZr/v/8UuhCj6P9ztyu5/LXYhRLF196e+Wv6MR/Wcr18YbPzvb/UI3sYjOuvQ25NX3qVuauW9zN//k3zzPlgNsyeOvH8euwiimZ2bOhq7BgAA4O861yL/D1uW9+9fTkJPdzn3/9aU//c29b96/r/i3vYbYzNthRDbSmOT2fHwvnb63PhODVy9/bpmvKeq5P/VJv+vNvl/tcn/q03+X23yfzKv5P+V9PjmnsUXsYsgGvk/AABUz6HjE1P14ZHs5X/Tj85yXt+Xt/U8T39wa3rgUcO4kfzw33b42MSBg8Mj+X0vDwiurP+QLp39ns/3aG4Lk03zLlqt/9D7dGH+Wmf5E/U/nL9R1Fdc1/oPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAvdueehkEwCsPod1sRtdGqaMLCT4IPNDAiACnMaEAHEwZgIAQUMJBzlnuTZ3kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA5/tXeV18f2mM9Foj0lR22bV/jqfZz9y3w/I+e9y4FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZ24EAGAAAAQJi/dR7tBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4KkAAAD//8Oayzs=")
quotactl$Q_SETQUOTA(0xffffffff80000800, &(0x7f0000000040)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000080)={0x5, 0xffffffff, 0x2000000000000000, 0x3, 0x2, 0x5, 0x7b, 0xfffffffffffffffd, 0x2f})
syz_emit_ethernet(0x74, &(0x7f0000000000)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x73, 0x0, @private=0x300, @multicast1=0xac1414aa}, {0x0, 0x0, 0xfffffe9a, 0x0, @gue={{0x2}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000780)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x6, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_GET(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x1409, 0xd3dc9b1fa9ebf133}, 0x10}}, 0x0)
r3 = creat(&(0x7f0000000000)='./file0\x00', 0x175)
close(r3)
epoll_create(0x5)
r4 = fanotify_init(0x12, 0x1000)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x7c}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(r5, &(0x7f0000000440)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000680)={0xc4, r6, 0x2, 0x70bd28, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x97}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x8}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}]}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x49}]}, @IPVS_CMD_ATTR_SERVICE={0x54, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x8, 0xa}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e23}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x9, 0x14}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_FWMARK={0x8}]}, @IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_DAEMON={0x18, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @private1}]}]}, 0xc4}, 0x1, 0x0, 0x0, 0x44040}, 0x80)
sendmsg$NFT_BATCH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DIRECTION={0x5, 0x3, 0x1}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x17}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, 0x0, 0x0}, 0x94)

4.533742326s ago: executing program 2 (id=844):
syz_usb_connect(0x0, 0x24, &(0x7f00000004c0)={{0x12, 0x1, 0x200, 0xe0, 0x1, 0x4, 0x10, 0x34ef, 0x202b, 0x3609, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x84, 0x65, 0x20, 0x9, [{{0x9, 0x4, 0x4, 0x0, 0x0, 0x5d, 0x8e, 0xb8, 0x9}}]}}]}}, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x6, 0x4, 0x1, 0x1}, 0x50)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, r5}, 0x38)
mmap(&(0x7f0000688000/0x2000)=nil, 0x2000, 0x2000000, 0x40010, r1, 0x7b0fa000)
syz_open_dev$dri(&(0x7f0000000000), 0x29, 0x0)
syz_clone(0x70980000, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000003100)='/sys/kernel/uevent_seqnum', 0x400, 0x40)
read$char_usb(r6, &(0x7f0000003140)=""/121, 0x79)
getsockopt$bt_BT_SNDMTU(r6, 0x112, 0xc, &(0x7f0000000880)=0xd, &(0x7f00000008c0)=0x2)

3.528744738s ago: executing program 1 (id=845):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {0x0, 0x0, 0x6}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x8800}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)={0x54, 0x9, 0x6, 0x201, 0x0, 0x0, {0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP2={0x18, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @private0}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e22}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4f21}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x10040003}, 0x8880)

3.363576464s ago: executing program 3 (id=846):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000680)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6e6f757365725f78617474722c636f686572656e63793d66756c6c2c646174613d77726974656261636b2c6c6f63616c616c6c6f633d30303030303030303030303030303030303030312c61636c2c6e6f61636c2c6c6f63616c616c6c6f633d30303030303030303030303030303030303030302c00a89f6b8d5800aa954e6c8735dcd52921ce08462fb4ce7c1600883251443ac332f4d17b77d29867e4321610936dbc5963e9fb59a032c92e32ebffc3b739951e866d52bff6bd63136a656222062a8eea0cf97480bc8ac6c0e8a2aa38ffa8fa758cd54b9ef39a7f536d7b85173a83c34d78e210ecf4d040817bbe989e9eb015acb84bb90577b8b405a48292eeca69f5275cb7b7027d4bf643bd69b034c0221a30"], 0x1, 0x442d, &(0x7f0000004480)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3fGeefeYw+8SJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAsh9HX+7wUAAAAAAAAAAAAAAAAAAIC/o833/3PRiSbv/48lx5EW9dff6vwY6ZyJt6+OXRgcSvZ/j7blv54k/XKuK/Q32fc9u//7uUz95vu/b+9ntxrja/TbF6J4IHUexwMDIXyTbPx+KjoSl8pLlVdvlZcXZvdsGM+sdPzru/enopNs6N9u/Ecz7Xd+////bruaquc39+4Se66l49/Vsty3n0Ztxf98pt5+xJ/dS8e/u5bWu7XASH0CqMb/8+6d4z+Wab9T8T8eQshF1bHmUjNAdQ1TTW+1XiEtHf9DtbTU1Jn8I1vd/79n4n8h0/5Bzf8r2Q8imkrH/1+1tJ5Uic37vz/e+f6/mGn/IOJfHf+Kz/+2pON/uJ7YnSpS+0+2O/+PZ9rvVPyvx8k4j0epK2A1qqe3+r460tLx79mWv/n8F7e1/ruUqb9fz3+NfhvPf43p/+Wo/vxHc+n497Ys1+79P5Gp1+n5f6S2/mO30vE/UktLr53rX8rZbvwnM+13Kv61VUlPI/6b88kfh+vpX1v/tSUd/3/XE+OtJVZqP2vrv2jn9f/lTPsHsf6rjn8l7myvz4t0/I+2LFeN/w9tfP5fydTrfPxDGLTW37V0/I+1LFe7/3t2jv9Upl6n4/9SJxsHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeAaMJse+EMUDqfM4HhgI4XxyfiociaYLs/npUnnmo6UQxpL0XDgR3S6Vpwul/NxCebaYL5RK5ZkQLiT5J0NPtFQqV/LzhbsXN9rqje4UC4uV6WKhEkIYT9L/H4412pqeq8wX7oYQLm3k/ScuL969U1jIz84tvjk4ODgYJjbG0B8VP6kUFyr13uu5IUxu1O2Ltgyuln15YyxHow/Ly4sLhVIt/cqWOqXyTKG0pc5UkvdF6I8qi8sLM4VKMV8q3270d5BGkuPYxLX3rl0Z2pZ/M6ofR/d3WAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8RY+G3/gyhNBdP4tDCCONX6Jm5R8+Lp7NP526vzZ8enL1wdqTVuUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgT3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwS8coDQRRGIDfjIXaeQyrZbezXVFEC1cET6DH8DB6FC/hHVKkSJsiBJJZCJtd2Capvq95MD8z78E8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJ6n9+7jrW4iUlxtLiP+vv4Xh/lLqT/34/cvzjAjp/P82j081k3593SU35WjZZt36Xr1/Rkjtfc72JPhPu31fa4n55rat6n5+r43kXIVEW3Jb1POVTXvLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAtO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdiBYwEAAAAAYf7WUfRtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPwKAAD//+UFHyA=")
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
pwritev2(r0, &(0x7f0000000500)=[{&(0x7f00000011c0)='(', 0x1}], 0x1, 0x1000000, 0x0, 0x0)
r1 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r1, 0x2007ffa)
sendfile(0xffffffffffffffff, r0, 0x0, 0x0)
sendfile(r1, r1, 0x0, 0x800000009)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x40942, 0x0)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0)
r4 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
sendfile(r3, r4, 0x0, 0x1000000201005)
syz_usb_connect$hid(0x2, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201500200000040"], 0x0)
copy_file_range(r2, 0x0, r1, 0x0, 0xfffffbffa003e458, 0x700000000000000)
ioctl$TIOCL_GETKMSGREDIRECT(r4, 0x541c, &(0x7f00000008c0))
writev(r4, &(0x7f0000000280)=[{&(0x7f00000001c0)='>#Cd', 0x4}], 0x1)
r5 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r5, 0x4c09, 0x8000)
r6 = syz_usb_connect$uac1(0x2, 0xb7, &(0x7f0000000cc0)=ANY=[@ANYBLOB="12010102000000206b1d01014000010203010902a50003015e20080904000000010100000a240105005e0201020924050106275573be0904010000010200000904010101010200000724013c05040009240201010105000307240100030300112402010004af070bd17038faa57021350b250202800007000736ef0a2402027fff0500090909050109e80009047407250102f4ff010904020000011200000904020101010200000905820908000ec80207250100bb090047810fb3be2f6ad2f7a5223dbb467481000000000000002ee75414cd9995d1243c67cedcde8b6359a7af9bf3dd4237c3a4438cbcaf2e134edade8ff53f0e2ad51dd797c873071010fe2ff8b28ca305c87158609ac7dcc5c4f7b9fd8c28fd25c2fc1b004b4644dbae71d6ff56bc62d18271891157f9b2124e047dec73312cf781edd11794a586641205133bf4a9e16ded5e13e11c7f13991b50971077d842d854c4ae4e7c274aba7c4a3921240b1509800b0376915126cba2e7103ac6b79c99dcf8425ad1253caabb8bad77be448916d1d2c915fabc63ff184054f780bd2a1f494406733cf5d3ca7cb5872b09c8a3f41f09664f727d097f48c78d042e7e3d3aae03d29c1abdb17fb8e951c228acc8e10e785ed8a916670dfbe4a5aa5382aafa4d0d4d78876d64b21dbe3b9f9b34a86d6775bc675fcc8133b767c5a5014b6466d0d3660dc74aa83f734d96c1ed095b88f519e43f2a6eaaf580ec2a550a4625ac7423f8b30aff82bec698fd982cf919d6a94879ecf59447a6830b013a71edbccc94d26f0d"], &(0x7f0000000400)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x110, 0x5, 0x80, 0x0, 0x48, 0x1}, 0x10, &(0x7f0000000100)={0x5, 0xf, 0x10, 0x1, [@wireless={0xb, 0x10, 0x1, 0x2, 0x4, 0x82, 0x87, 0x8, 0xa7}]}, 0x5, [{0x7e, &(0x7f0000000140)=@string={0x7e, 0x3, "abf945d2a9dfad07b2e65e062d00fd84ca01123c1df4049f8e979d2b8365fc53117b7099e4f9b7c659e488a0936d0461981e61394019a67e371eb9959e70253a5f03682ecb59266446d1e889acdcf5137bbdea3043fd860603e90738fceb75cd5c37ecee758e48e686c23a7c2ef6f04aeb7b64486d24ad2174bdb98f"}}, {0xbd, &(0x7f0000000240)=@string={0xbd, 0x3, "b9e9e9331f17142dbfd4947283b872d5e0506fb3845dbf55313b19111ce2ce4e04b9d05c0ab2a826ce99ec369e697777f03734f18628a109d64c132333cc3e431858979b308b44015b09d76af20a34107ab719a9cdd463868e295656f5385806b31dc656e3ff4df2ad8e3422f6b53f01beb423ec2fae4350ac6d7a3b78d8c33cb24accb4f1593b8c8997a171bea0e1fe80a26fcc2a40c39c1966b7b352843f84d1c70e2befa4736e98a5694c62ad20c4d8a215f8008161a8470800"}}, {0x1f, &(0x7f0000000300)=@string={0x1f, 0x3, "7c6e8c52851c26a35db5a88f96bc924f57d2dbd8433aba46fb4b069d45"}}, {0x57, &(0x7f0000000a40)=ANY=[@ANYBLOB="5703019b12fc61e8b5d5b590fbfc99ee47394cd09f77cc1781f6f15a8410d15ca45a532dcbbd0104000067e9f6611fe5a58cda11d5b379d3a187ddca55ede86f4cd48314c0ed296faf1851b38290b8fc5301427d8487dbed5cca5633e14d16ef12684e753b3017d55905168aa36fb98cedef53b6f44f6fd05c45fd162db251d267eb22306cf27c4a0cd5915c7c3ca56234701d30808f987611ede7fc7fcb29a0ef5b97c4"]}, {0x13, &(0x7f0000000940)=@string={0x13, 0x3, "3e1983b4ac5ebd8a549636bc485837f8cf"}}]})
syz_pidfd_open(0x0, 0x0)
syz_usb_control_io$uac1(r6, &(0x7f0000000580)={0x14, &(0x7f0000000480)={0xb7a50193ecae814, 0x22, 0x96, {0x96, 0xd, "35306dd75d08db975e33b31a4b21e5128a0fa292d4b18d526a8423b176feaa1fdc35a62440955c6164cf1f4f2d4c10bb75cda23e20a8dc59769df1c7a92b2ea9f267728d1cf9236dc931adbc21a7ad8ea4b1962b6f504cb458c1c418e355376d501dd550e7caeeecd3ab657c9c71988aebcbda55b10b794cdef2d8174f44a1e42c62e1553ed9b13e66b57ecc4d8a1da7a0e5aa55"}}, &(0x7f0000000540)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x446}}}, &(0x7f0000000840)={0x44, &(0x7f00000005c0)={0x60, 0x1, 0x8e, "a11483abf7c5e7890e9c0702403feb10edfdf6439cd55baeae9481fb4e2f2ffd60518fb69907d67f65537c2139b086efdc4b3f3d4ffa6f7667997d90feb778bf66b12bda2628bce25152ad3e71c4f607128e1e227403eb9c8a76929c7002ab7f58141b4b71497ef440d6299b17040f25fdc90ce023fcd8313d280443a1b915389fa0b4f52948c9580dd4a079bd67"}, 0x0, &(0x7f00000006c0)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000000700)={0x20, 0x81, 0x3, "9b947d"}, &(0x7f0000000740)=ANY=[@ANYBLOB="20820300007d6ef6ad"], &(0x7f0000000780)={0x20, 0x83, 0x1, "e6"}, &(0x7f00000007c0)={0x20, 0x84, 0x2, "f59f"}, &(0x7f0000000800)={0x20, 0x85, 0x3, "21248f"}})

3.241429553s ago: executing program 1 (id=847):
r0 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket(0x2a, 0x2, 0x0)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0)
getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x24000000)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="1100"])
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)

3.110490926s ago: executing program 4 (id=848):
r0 = openat$procfs(0xffffff9c, &(0x7f0000000140)='/proc/sysvipc/sem\x00', 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000bc0)={0x2020}, 0x2020)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x7b}]}, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$FIBMAP(r3, 0x1, 0x0)
setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4)
sendmsg$inet(r4, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000)
r5 = socket$packet(0x11, 0x3, 0x300)
syz_open_dev$evdev(&(0x7f00000001c0), 0x8, 0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f00000000c0)={0x2, 0x3, 0x0, 0x2, 0x10, 0x0, 0x0, 0x0, [@sadb_key={0x2, 0x8, 0x10, 0x0, "041f"}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @dev}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x9}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1}}]}, 0x80}, 0x1, 0x7}, 0x0)
madvise(&(0x7f0000ffd000/0x1000)=nil, 0x7fe4d2ddf000, 0x11)
r7 = syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000059770c40c009030243d3000000010902120001000000000904"], 0x0)
syz_usb_control_io(r7, 0x0, &(0x7f0000000a00)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r7, &(0x7f00000007c0)={0x2c, &(0x7f0000000540)={0x20, 0x3, 0x86, {0x86, 0x983ff1208b8cdcec, "64c1e440d4f111a4fc323cd85c50633cb7011ff1d91ca2da761cce50c602cba99b71a9394a7aacd8742e4dcd5975fa1f7f05453c936d0bef7750176e26e40c1d505f98857eed4a1468b079567db765045f51bd9252ec034e273bf33cca2d271d8d00ad4ef7a4ac557a979b82ae4fbddede2a75edb0a07398a55bb434ab4567cb9d158be1"}}, &(0x7f00000004c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1c0a}}, 0x0, &(0x7f0000000740)={0x20, 0x29, 0xf, {0xf, 0x29, 0x2, 0x0, 0x1, 0x32, "73655ac5", "8db1d1f9"}}, &(0x7f0000000780)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x7f, 0x3, 0x3, 0x40, 0x0, 0xfffa, 0x5}}}, &(0x7f0000000d00)={0x84, &(0x7f0000000800)={0x0, 0xe, 0x62, "f5cb1ec016ddd24c3200804d05d2873f851851baadf14b0fe97858c77f5d6a5c1e7dc681cd5d6ec98920956d1709c92b8ea0360ab5d4a109d207265bf31c24ae7f83314397ec51feec84cc8ebdef76d7214e160a6de0b98453b2828c79b23867a645"}, &(0x7f0000000940)={0x0, 0xa, 0x1, 0x5}, &(0x7f0000000980)={0x0, 0x8, 0x1, 0x4}, &(0x7f00000009c0)={0x20, 0x0, 0x4, {0x1}}, &(0x7f0000000dc0)={0x20, 0x0, 0x8, {0x0, 0x0, [0xf00]}}, &(0x7f0000000a40)={0x40, 0x7, 0x2, 0x89f7}, 0x0, &(0x7f0000000ac0)={0x40, 0xb, 0x2, "8d22"}, &(0x7f0000000b00)={0x40, 0xf, 0x2, 0xa}, &(0x7f0000000b40)={0x40, 0x13, 0x6, @broadcast}, &(0x7f0000000b80)={0x40, 0x17, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000bc0)={0x40, 0x19, 0x2, "5dfc"}, &(0x7f0000000c00)={0x40, 0x1a, 0x2, 0xc5ee}, &(0x7f0000000c40)={0x40, 0x1c, 0x1, 0x1}, &(0x7f0000000c80)={0x40, 0x1e, 0x1, 0xa0}, &(0x7f0000000cc0)={0x40, 0x21, 0x1, 0x2}})
getsockopt$sock_buf(r5, 0x1, 0x38, &(0x7f0000000080)=""/232, &(0x7f0000000180)=0xe8)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x480000, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000002c0)=ANY=[@ANYRESOCT=r4, @ANYRESOCT=r5, @ANYBLOB="3a19459dcb397b607ee7046b6a51b2944645567df9d450eaa11fa207076b3951338da73f95f76d", @ANYRESOCT=r1, @ANYRESHEX, @ANYRES64=0x0], 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94)
r8 = syz_usb_connect(0x0, 0x24, &(0x7f0000000180)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0)
syz_usb_control_io(r8, 0x0, &(0x7f0000000080)={0x44, &(0x7f0000000040)=ANY=[@ANYBLOB="00000100000005"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

3.097369185s ago: executing program 1 (id=849):
r0 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000001540)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'veth0_macvtap\x00', <r4=>0x0})
socket$nl_route(0x10, 0x3, 0x0)
r5 = gettid()
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_mptcp(0x2, 0x1, 0x106)
socket$packet(0x11, 0x3, 0x300)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
r6 = socket(0x10, 0x803, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x403, 0xfffffff9, 0x25dfdbfe, {0x0, 0x0, 0x74, r4, 0x19c04, 0x55007}, [@IFLA_NET_NS_PID={0x8, 0x13, r5}, @IFLA_IFNAME={0x14, 0x3, 'veth0_virt_wifi\x00'}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4802}, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r7, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x641, 0x0, 0x4}]})
r8 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
ioctl$HIDIOCGFIELDINFO(r8, 0xc038480a, &(0x7f0000001140)={0x3, 0x100, 0x0, 0xc722, 0x4424, 0x5, 0x0, 0x82, 0x0, 0x0, 0x8001, 0x7fffffff, 0x8, 0x9564})
syz_init_net_socket$x25(0x9, 0x5, 0x0)

1.680141605s ago: executing program 1 (id=850):
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
r0 = socket$netlink(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10048047}, 0x4000050)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB='8\x00\x00\x00\n'], 0x38}, 0x1, 0x0, 0x0, 0x10048047}, 0x4000050)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

1.537724641s ago: executing program 1 (id=851):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000400)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000002c0)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000004c0)='rcu_utilization\x00', r3}, 0x18)
r4 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1c, 0x0, 0x0, 0x8000, 0x2000}, 0x50)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
renameat2(r4, &(0x7f0000000c00)='./file1\x00', 0xffffffffffffffff, 0x0, 0x2)
setsockopt$RDS_CANCEL_SENT_TO(r4, 0x114, 0x1, &(0x7f0000000000)={0x2, 0x4e21, @local}, 0x10)
r5 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r5, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$rds(r5, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
sendmsg$rds(r5, &(0x7f0000000680)={&(0x7f00000000c0)={0x2, 0x8, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0)
syz_genetlink_get_family_id$wireguard(&(0x7f00000005c0), 0xffffffffffffffff)
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x2000042, &(0x7f0000002240)={[{@nombcache}, {@orlov}, {@inlinecrypt}, {@delalloc}, {@orlov}, {@delalloc}, {@noload}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@lazytime}]}, 0x3, 0x4ea, &(0x7f00000006c0)="$eJzs3UtvG1sdAPD/OPa9yW3AuYVFqURb+lCKoE7S9BGxKK3EY1UJUfZpSJwoihNXidM2UQXuJwChCpBYsWKDxAdAQv0ICKkS7FiwAlWQ0gUbZDR+tI1jh+TWjdvk95NO58w59fz/x4/xnJlRHMCRdSYibkbEQERciIh8sz3TLFFtlPT/vdh6NJuWJGq1O/9MImm2tW/zWPNhqe9/N+KHyc64axubSzOlUnF1e/PmpcXlmYXiQnFlcnLi2tT1qatT43scSZLdrXc4Im586+XPf/Kb79z4w9cf/G36Hxd/lKZ1t9nfaRy90Bh6LgZbDdV3EaV/0vdNtj5CAAA+BOcj4nhEnI2Ir0Y+BmLXw2gAAADgA1T75vDHrSoAAABwOGXq98YmmULzft/hyGQKhcY9vF+MTzKl8lrla/Pl9ZW5xj20I5HLzC+WiuPNe4VHIpek6xP1+uv1y23rkxHxaUQ8yQ+l6/U+AAAA4GAca5v/v8w35v8AAADAIeNiPAAAABx+5v8AAABw+Jn/AwAAwKH2vdu301J7sfWo/jsAc/c31pfK9y/NFdeWCsvrs4XZ8uq9wkK5vFAqFgb+//ZK5fK9K7Gy/nCskl2rjK1tbE4vl9dXKtP13/WeLh4/gDEBAAAA2316+ulfkoiofmOoXlIfNftyfc0MeI8k2baGu1/pUyZAT+zhlP52Z9bfTSLAgWv/TgeODnN8IGlvaDswGOx2qPDH/cdyzAEAAP0x+iXX/+GoyvQ7AaBvftrvBIC+cS4ejq7c/u8ABA6ZHdf/2wx269jz9f9abV8JAQAAPTfcWFSjeS1wODKZQuHVZcFkfrFUHI+Iz0fEn/O5j9P1iT7mCwAAAAAAAAAAAAAAAAAAAAAAAAAfolotiRoAAABwqEVk/p40f/9rNH9+uP38wEfJf/L1ZUQ8+NWdXzycqVRWJ9L2f71qr/yy2X65H2cwAAAA4CjK7drbmqe35vEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Esvth7NtspBxn1+K4ZipFP8bAzWl4ORi4hP/p1E9o3HJREx0IP41ccRcaJT/CRNK0aaWbTHz0TEUJ/jH+tBfDjKnt6KiJudPn+ZOFNfdv78ZZvlbT2/Vf+Qd4zf2v8NdNn/fW6PMU4++91Y1/iPI05mO+9/WvGTLvHP7TH+3R9sbnbrq/06YrTj90+yLdZYZfne2NrG5qXF5ZmF4kJxZXJy4trU9amrU+Nj84ulYvPfjjF+9uXfV590HX+mvnwzfmucI40Mf9xt/Of3OP7/Pnu49YVGNbczfsTFc51f/xP1ZefnP31PXGh+D6T9o616tVF/06nf/ulUt9zS+HNdnv/G65+vdRv/xb0Nf8eYAYD+WtvYXJoplYqrB1A5e6V3G0wOKGeVLpXB9yONg658+6230zocfpvt/LVn40rnDJ27+rxjAgAAeu71QX+/MwEAAAAAAAAAAAAAAAAAAICj6zP98bDT+3tUe8xqf4YKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALCr/wUAAP//GpnIcw==")
quotactl$Q_GETQUOTA(0xffffffff80000702, &(0x7f0000000080)=@loop={'/dev/loop', 0x0}, 0x0, 0x0)

512.639236ms ago: executing program 1 (id=852):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1d, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000300)='rcu_utilization\x00', r0, 0x0, 0x4}, 0x18)
syz_usb_connect(0x0, 0x3f, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000d0918108ac051582588f0000000109022d00010000000009040000030b0800e209058da203002a000009050505000000000009058b", @ANYRES64], 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x23, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x2682, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, 0x0, 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_RESET(0xffffffffffffffff, 0x4141, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r5, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r6})
ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, &(0x7f0000000180)={0x28, 0x2, r6, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x100000000})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='io.stat\x00', 0x26e1, 0x0)
close(r7)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x8901, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$can_j1939(0x1d, 0x2, 0x7)

436.565141ms ago: executing program 2 (id=853):
syz_io_uring_setup(0xa4d, 0x0, &(0x7f00000000c0)=<r0=>0x0, &(0x7f0000000340))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, 0x0, 0x0, 0x4)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
ioctl$SNDCTL_DSP_SYNC(r2, 0x5001, 0x0)
r3 = socket$nl_crypto(0x10, 0x3, 0x15)
fcntl$addseals(r3, 0x409, 0x6)
io_uring_setup(0x5237, &(0x7f0000009a80)={0x0, 0x25d1, 0x400, 0x0, 0x210})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)

31.910093ms ago: executing program 2 (id=854):
syz_usb_connect$hid(0x3, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000018bbdecde39739fcd1df176dde746ec834120600000000003b814e50a959736d6572462abc30ef5b65c70f73ecea54b5e5bea9836c319f653557e79a002208ce996dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e3686873600000000005493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1034e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc36160191acf5ae7469c82ab4145b595b987d75912a0fcd1c061835294cc0c618aba204f8adaa20c80108d356cd88cc86177056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6020d90ea79b8027cf75964dd86c2ed2b5e75779677aa8c76b848dd03dab190b5f02ec52830a17b01eaae1c3df076000000000000000000000000000083a48a6b926c668b9b90195018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac0111701b125cc6799c43aa4ff708dc4a00a6decad26f0378072a571da000000b1a6bdf03fd56697e348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0df04f20020ee84075b4e1a2ad43d1be1138de4668e7b6137545708790c501f1ed7f6a571d500000000000000"], 0x25, 0x5586, &(0x7f00000079c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx44SsumCJWPBPEEisWPIbWMASdogFiB0SyDMTaNoGSuM4avs80vjMHL8+874jK9KZiRzAU2sh/e2XJE7FsYiYi4iTSeT7SblF3Im4XIx9LiJOR0Tlri0p838lDkfE8Yg4NSle1EzKtz47Oz5z8ec3f/362yOHTnz+1XcHunDgQD0fEf3VYn+jX8SsU8RbZb4x7uaxf2FcxtUdNfpZkd9or+QVNhrb4xp5PN8pxmer68NJvNlrNCex072Z51cHxQmH4852nckH0luNtfy41V7JY3eY5bGzVZx3c6v427Y1HBV1WmW9j/LyMRptxyLf3mwX61m9ncfmYFTmi7pZq705ieMylqeLZtZr5fNYecSL/Bh4qztY30zH7bVhNxukF2v1F2r1S9X6WtZqj9oXqo1+69KFdLHTmwyrjtqN/uVOlnV67Voz6y+li51ms1qvp4tX2ivdxiCt12vna+eqF5fKvbPpa9ffS3utdHESX+kO1kfd3jC9ma2lxSeW0uXa+ReX0jP19J1rN9Ibb1+9eu3Gux9cef/6y9feeLUcdN+00sXlc8vL1fq56nJ96Sla/8flpP/D+pMHp3/4fm+XDQq7fMEA2N19/X/c2/+H/h+Yur30//3b5fH+9P/xMP1/TLP/n7RU+v9/738rB9D/zof+fx/XD3vyaP3/4anPAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAmftx/ovX852F4vhEmf9fmXqmPE4iohIRfzzAXBzeUXOurDO/y/j5e+bwTRJ5hck5jpTb8Yi4XG6//3+/rwIAAAA8ub68c/rTolsvXhYOekLMUnHTpnLywynVSyJifuGnKVWrTF6enVKx/Pt9KDanVC2/gXV0SsWKW26HplXtocztCEfvCkkRKjOdDgAAMBM7O4HZdiEAAADM0if/+O5LM5sHM5bE9qPM7WfB+X/e//1A8NiO9wAAAIDHUHLQEwAAAAD2Xd7/+/0/AAAAeLIVv/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf7JzP7lpA1EcgJ8Nhv5VUdV9r9IdHKNH6LLLwgF6CY5Ar9ALcAYiZZEjRBBhT5CcgBSJMU7Q90m2M+Po5xlg88bSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXbqpVrN/f77/PTdnuztPntkAAAAAx2yq1az+Y9K0P6b+z6nra2oXEVFGxLHafRCjVuYg5VQn/r96Mob/EXXCvn+cjg8R8SMd91+6/hQAAADgeq0Xy2lTrTentARw2++ouJBm0ab89DNTXhER1eQuU1q5P33LFFb/vofxO1NavYD1LlNYs+Q2PH5vlOshbYPW5XEm8/pLrFtlN88FAAD61K4ETlQhAAAAXIFffQ+AS3he2heH0+E947i5pBeC71stAAAA4A0q+h4AAAAA0Lm6/n9N+/8V9v8DAACA7Jr9/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjSplrN1ovl9NT9+Qtztrvz5JsRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLA/7ygQAmEQBnvXdyZz/8NKg4bGJlUgfPyNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxf68pEAIBEEUzBn/O+n7H1YS9AwiREDDo4paNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxb799EZRhgEAf3anu1DUWKtpYtVgwkEvUhYEuRqjaTz4EUyassXqIgo9CGnEXryZnrkYPRpjoqm3fgfONOGCNw491MSTh5r5V2bbFRqUmUJ/v+Td99nZ4f23E9Jn3lkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKm+/Gq+0iTtKXiTwuj93eWp5P641ddWp99c50WtK4VfO4nwCvVd8cn2puIAAAABweSZnfR8TdztpsWrcnsvy/U56T5vw/PJfHZT6/O+/f2Fo+Wnw0Xeb/v/9276WdjiaSrJ+00YXFQf/U3qGMPaYpHnjPP/SMsWzls3svSfaFtD9ceXGzk61n67tbt97vZuGROkYLADyKk2VdBOXfQ2nda3JgABwaY5XEu8z/k4lmxwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQh82VeKaMWxExPXY/Tm1sLc+Pqr9ZvTO9XpRzN2+uVttMm+hExMLioH+qxrkcXOVqXv9sbjDoX7l6re7geESM+OjG/v55Ugz/X8/pRsTQkRMvj2jn4330taudPUFxeUa9aziezu+hJ7eGjrT2LPh727kmLoC6gnbx/TyOLsZr/96Hg/La+/9brvm/IwAAnnqdoqSZ6N3O2mx6rDUZsf3jcP7/RiWOobx/+0Z+JH+/Xsn/731y7na1r2r+36tpfk+CmaVLX8xcvXb9rcVLcxf7F/ufv326907vzPmzZ8/PZPdKZhai7Y4JAAAA/0G3KNX8vz25d///WCWOB+z/51vCef7/5fe9r6t9JfL/ke5v+jU9EgAAgMOouxO98Ppff7ZGnNHqduOruaWlK738def96fy11uE+oiNFqeb/yWTTowIAAADqsLnSGtr/v1CJ4wH7/9Xn/5/96ZVfqm0mETEecTki+ifnLw8u1DedA62OHypnHXWbnikAAABNGS9Kdf+/kz3/39555KEdEW+eiPi7+A1/7DP/Tz749udqX9Xn/8/UOsuDpz2Vr0dWT0WMTTU9IgAAAJ5mR4uSJvt/dNZmP/312Eddz/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1O2fAAAA//+FVSwP")
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pipe(&(0x7f0000000240))
r3 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r3, 0x2007ffc)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x40942, 0x0)
copy_file_range(r3, 0x0, r4, 0x0, 0xfffffbffa003e45b, 0x700000000000000)

0s ago: executing program 0 (id=855):
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
r0 = socket$netlink(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x14, 0x9, 0x6, 0x201}, 0x14}, 0x1, 0x0, 0x0, 0x10048047}, 0x4000050)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB='8\x00\x00\x00\n'], 0x38}, 0x1, 0x0, 0x0, 0x10048047}, 0x4000050)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

kernel console output (not intermixed with test programs):

b9/0x130
[  321.853403][ T5850]  cleanup_mnt+0x425/0x4c0
[  321.853423][ T5850]  ? lockdep_hardirqs_on+0x9c/0x150
[  321.853444][ T5850]  task_work_run+0x1d4/0x260
[  321.853465][ T5850]  ? __pfx_task_work_run+0x10/0x10
[  321.853481][ T5850]  ? __x64_sys_umount+0x122/0x160
[  321.853501][ T5850]  ? exit_to_user_mode_loop+0x40/0x110
[  321.853525][ T5850]  exit_to_user_mode_loop+0xec/0x110
[  321.853545][ T5850]  do_syscall_64+0x2bd/0x3b0
[  321.853563][ T5850]  ? lockdep_hardirqs_on+0x9c/0x150
[  321.853580][ T5850]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  321.853594][ T5850]  ? clear_bhb_loop+0x60/0xb0
[  321.853612][ T5850]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  321.853625][ T5850] RIP: 0033:0x7f31c4d8fc57
[  321.853639][ T5850] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  321.853651][ T5850] RSP: 002b:00007fff41050f28 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  321.853667][ T5850] RAX: 0000000000000000 RBX: 00007f31c4e10925 RCX: 00007f31c4d8fc57
[  321.853677][ T5850] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff41050fe0
[  321.853685][ T5850] RBP: 00007fff41050fe0 R08: 0000000000000000 R09: 0000000000000000
[  321.853694][ T5850] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff41052070
[  321.853704][ T5850] R13: 00007f31c4e10925 R14: 000000000004e463 R15: 00007fff410520b0
[  321.853729][ T5850]  </TASK>
[  321.853739][ T5850] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  322.069603][ T8396] loop3: detected capacity change from 0 to 32768
[  322.237640][ T8392] loop4: detected capacity change from 0 to 32768
[  322.276980][ T8396] (syz.3.560,8396,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  322.437596][ T8396] (syz.3.560,8396,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  322.868150][ T8400] loop0: detected capacity change from 0 to 40427
[  322.876037][ T8400] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  322.883848][ T8400] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  322.896669][ T8400] F2FS-fs (loop0): invalid crc value
[  322.898059][ T8396] JBD2: Ignoring recovery information on journal
[  322.997645][ T8400] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  323.006480][ T8400] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  323.069319][ T8396] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  323.091198][   T30] audit: type=1800 audit(1752036252.842:188): pid=8407 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.562" name="file1" dev="loop0" ino=10 res=0 errno=0
[  325.120579][ T5862] ocfs2: Unmounting device (7,3) on (node local)
[  325.413823][ T8411] loop4: detected capacity change from 0 to 40427
[  325.432742][ T8411] F2FS-fs (loop4): heap/no_heap options were deprecated
[  325.439750][ T8411] F2FS-fs (loop4): build fault injection rate: 19
[  325.472696][ T8411] F2FS-fs (loop4): build fault injection type: 0x3bfe8c
[  325.505712][ T8411] F2FS-fs (loop4): invalid crc value
[  325.538856][ T8411] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970
[  325.587466][ T5859] syz-executor: attempt to access beyond end of device
[  325.587466][ T5859] loop0: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  325.619217][ T5859] CPU: 0 UID: 0 PID: 5859 Comm: syz-executor Not tainted 6.16.0-rc5-next-20250708-syzkaller #0 PREEMPT(full) 
[  325.619242][ T5859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  325.619252][ T5859] Call Trace:
[  325.619259][ T5859]  <TASK>
[  325.619267][ T5859]  dump_stack_lvl+0x189/0x250
[  325.619296][ T5859]  ? __pfx_dump_stack_lvl+0x10/0x10
[  325.619313][ T5859]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  325.619336][ T5859]  ? __pfx_queue_work_on+0x10/0x10
[  325.619357][ T5859]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  325.619379][ T5859]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  325.619401][ T5859]  ? f2fs_hw_is_readonly+0x39b/0x470
[  325.619432][ T5859]  f2fs_handle_critical_error+0x37c/0x540
[  325.619464][ T5859]  f2fs_write_end_io+0x495/0x810
[  325.619482][ T5859]  ? blkg_put+0x22/0x240
[  325.619517][ T5859]  __submit_merged_bio+0x27a/0x6a0
[  325.619540][ T5859]  ? up_write+0x1c4/0x420
[  325.619565][ T5859]  __submit_merged_write_cond+0x44c/0x530
[  325.619598][ T5859]  f2fs_sync_node_pages+0x1869/0x1a00
[  325.619655][ T5859]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  325.619711][ T5859]  ? f2fs_write_checkpoint+0xe43/0x1df0
[  325.619736][ T5859]  ? up_write+0x1c4/0x420
[  325.619753][ T5859]  ? do_raw_spin_unlock+0x122/0x240
[  325.619779][ T5859]  f2fs_write_checkpoint+0xe6f/0x1df0
[  325.619826][ T5859]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  325.619888][ T5859]  ? try_to_wake_up+0x7e5/0x1290
[  325.619917][ T5859]  ? kill_f2fs_super+0x298/0x6c0
[  325.619942][ T5859]  kill_f2fs_super+0x2c3/0x6c0
[  325.619969][ T5859]  ? __pfx_kill_f2fs_super+0x10/0x10
[  325.619986][ T5859]  ? radix_tree_delete_item+0x2b6/0x400
[  325.620017][ T5859]  ? shrinker_free+0x2ce/0x3e0
[  325.620037][ T5859]  deactivate_locked_super+0xb9/0x130
[  325.620059][ T5859]  cleanup_mnt+0x425/0x4c0
[  325.620084][ T5859]  ? lockdep_hardirqs_on+0x9c/0x150
[  325.620110][ T5859]  task_work_run+0x1d4/0x260
[  325.620137][ T5859]  ? __pfx_task_work_run+0x10/0x10
[  325.620156][ T5859]  ? __x64_sys_umount+0x122/0x160
[  325.620183][ T5859]  ? exit_to_user_mode_loop+0x40/0x110
[  325.620211][ T5859]  exit_to_user_mode_loop+0xec/0x110
[  325.620235][ T5859]  do_syscall_64+0x2bd/0x3b0
[  325.620257][ T5859]  ? lockdep_hardirqs_on+0x9c/0x150
[  325.620278][ T5859]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  325.620296][ T5859]  ? clear_bhb_loop+0x60/0xb0
[  325.620318][ T5859]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  325.620335][ T5859] RIP: 0033:0x7f6d5e18fc57
[  325.620351][ T5859] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  325.620366][ T5859] RSP: 002b:00007ffee67b35c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  325.620385][ T5859] RAX: 0000000000000000 RBX: 00007f6d5e210925 RCX: 00007f6d5e18fc57
[  325.620397][ T5859] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffee67b3680
[  325.620408][ T5859] RBP: 00007ffee67b3680 R08: 0000000000000000 R09: 0000000000000000
[  325.620419][ T5859] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffee67b4710
[  325.620430][ T5859] R13: 00007f6d5e210925 R14: 000000000004f18a R15: 00007ffee67b4750
[  325.620463][ T5859]  </TASK>
[  325.620470][ T5859] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  325.745704][ T8428] netlink: 'syz.3.565': attribute type 10 has an invalid length.
[  325.884376][ T8411] F2FS-fs (loop4): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x20a/0x3f0
[  326.023228][ T8411] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  326.052320][ T8411] F2FS-fs (loop4): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  326.090805][ T8421] loop2: detected capacity change from 0 to 32768
[  326.129226][ T8430] F2FS-fs (loop4): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  326.207407][ T8411] F2FS-fs (loop4): inject inconsistent footer in sanity_check_node_footer of f2fs_convert_inline_inode+0x722/0x880
[  326.232541][ T8411] F2FS-fs (loop4): inconsistent node block, node_type:1, nid:10, node_footer[nid:10,ino:10,ofs:0,cpver:0,blkaddr:0]
[  326.753795][ T8432] sp0: Synchronizing with TNC
[  326.802384][ T8419] loop1: detected capacity change from 0 to 32768
[  326.809415][ T5854] syz-executor: attempt to access beyond end of device
[  326.809415][ T5854] loop4: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  326.855422][ T8419] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.561 (8419)
[  326.895675][ T5854] CPU: 1 UID: 0 PID: 5854 Comm: syz-executor Not tainted 6.16.0-rc5-next-20250708-syzkaller #0 PREEMPT(full) 
[  326.895701][ T5854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  326.895711][ T5854] Call Trace:
[  326.895718][ T5854]  <TASK>
[  326.895726][ T5854]  dump_stack_lvl+0x189/0x250
[  326.895755][ T5854]  ? __pfx_dump_stack_lvl+0x10/0x10
[  326.895773][ T5854]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  326.895795][ T5854]  ? __pfx_queue_work_on+0x10/0x10
[  326.895817][ T5854]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  326.895838][ T5854]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  326.895861][ T5854]  ? f2fs_hw_is_readonly+0x39b/0x470
[  326.895893][ T5854]  f2fs_handle_critical_error+0x37c/0x540
[  326.895927][ T5854]  f2fs_write_end_io+0x495/0x810
[  326.895944][ T5854]  ? blkg_put+0x22/0x240
[  326.895982][ T5854]  __submit_merged_bio+0x27a/0x6a0
[  326.896013][ T5854]  __submit_merged_write_cond+0x255/0x530
[  326.896047][ T5854]  f2fs_write_data_pages+0x261d/0x3000
[  326.896109][ T5854]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  326.896193][ T5854]  ? folios_put_refs+0x559/0x640
[  326.896224][ T5854]  ? __pfx_folios_put_refs+0x10/0x10
[  326.896239][ T5854]  ? rcu_is_watching+0x15/0xb0
[  326.896271][ T5854]  ? __lock_acquire+0xab9/0xd20
[  326.896317][ T5854]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  326.896346][ T5854]  do_writepages+0x32e/0x550
[  326.896381][ T5854]  ? do_raw_spin_unlock+0x122/0x240
[  326.896409][ T5854]  filemap_fdatawrite+0x199/0x240
[  326.896430][ T5854]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  326.896514][ T5854]  ? do_raw_spin_unlock+0x122/0x240
[  326.896541][ T5854]  f2fs_sync_dirty_inodes+0x31f/0x830
[  326.896581][ T5854]  f2fs_write_checkpoint+0x95a/0x1df0
[  326.896633][ T5854]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  326.896702][ T5854]  ? try_to_wake_up+0x7e5/0x1290
[  326.896733][ T5854]  ? kill_f2fs_super+0x298/0x6c0
[  326.896760][ T5854]  kill_f2fs_super+0x2c3/0x6c0
[  326.896788][ T5854]  ? __pfx_kill_f2fs_super+0x10/0x10
[  326.896805][ T5854]  ? radix_tree_delete_item+0x2b6/0x400
[  326.896837][ T5854]  ? shrinker_free+0x2ce/0x3e0
[  326.896859][ T5854]  deactivate_locked_super+0xb9/0x130
[  326.896880][ T5854]  cleanup_mnt+0x425/0x4c0
[  326.896906][ T5854]  ? lockdep_hardirqs_on+0x9c/0x150
[  326.896930][ T5854]  task_work_run+0x1d4/0x260
[  326.896957][ T5854]  ? __pfx_task_work_run+0x10/0x10
[  326.896977][ T5854]  ? __x64_sys_umount+0x122/0x160
[  326.897003][ T5854]  ? exit_to_user_mode_loop+0x40/0x110
[  326.897032][ T5854]  exit_to_user_mode_loop+0xec/0x110
[  326.897056][ T5854]  do_syscall_64+0x2bd/0x3b0
[  326.897078][ T5854]  ? lockdep_hardirqs_on+0x9c/0x150
[  326.897099][ T5854]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  326.897117][ T5854]  ? clear_bhb_loop+0x60/0xb0
[  326.897139][ T5854]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  326.897156][ T5854] RIP: 0033:0x7f9992b8fc57
[  326.897173][ T5854] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  326.897188][ T5854] RSP: 002b:00007fff692b9e48 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  326.897206][ T5854] RAX: 0000000000000000 RBX: 00007f9992c10925 RCX: 00007f9992b8fc57
[  326.897219][ T5854] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff692b9f00
[  326.897230][ T5854] RBP: 00007fff692b9f00 R08: 0000000000000000 R09: 0000000000000000
[  326.897241][ T5854] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff692baf90
[  326.897253][ T5854] R13: 00007f9992c10925 R14: 000000000004fb3a R15: 00007fff692bafd0
[  326.897288][ T5854]  </TASK>
[  326.897295][ T5854] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  327.270747][ T5854] CPU: 1 UID: 0 PID: 5854 Comm: syz-executor Not tainted 6.16.0-rc5-next-20250708-syzkaller #0 PREEMPT(full) 
[  327.270773][ T5854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  327.270783][ T5854] Call Trace:
[  327.270791][ T5854]  <TASK>
[  327.270799][ T5854]  dump_stack_lvl+0x189/0x250
[  327.270828][ T5854]  ? __pfx_dump_stack_lvl+0x10/0x10
[  327.270846][ T5854]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  327.270867][ T5854]  ? __pfx_queue_work_on+0x10/0x10
[  327.270888][ T5854]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  327.270910][ T5854]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  327.270934][ T5854]  ? f2fs_hw_is_readonly+0x39b/0x470
[  327.270966][ T5854]  f2fs_handle_critical_error+0x37c/0x540
[  327.271001][ T5854]  f2fs_write_end_io+0x495/0x810
[  327.271018][ T5854]  ? blkg_put+0x22/0x240
[  327.271058][ T5854]  __submit_merged_bio+0x27a/0x6a0
[  327.271090][ T5854]  __submit_merged_write_cond+0x255/0x530
[  327.271124][ T5854]  f2fs_write_data_pages+0x261d/0x3000
[  327.271181][ T5854]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  327.271264][ T5854]  ? folios_put_refs+0x559/0x640
[  327.271309][ T5854]  ? __pfx_folios_put_refs+0x10/0x10
[  327.271323][ T5854]  ? rcu_is_watching+0x15/0xb0
[  327.271352][ T5854]  ? __lock_acquire+0xab9/0xd20
[  327.271397][ T5854]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  327.271417][ T5854]  do_writepages+0x32e/0x550
[  327.271453][ T5854]  ? do_raw_spin_unlock+0x122/0x240
[  327.271479][ T5854]  filemap_fdatawrite+0x199/0x240
[  327.271499][ T5854]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  327.271576][ T5854]  ? do_raw_spin_unlock+0x122/0x240
[  327.271602][ T5854]  f2fs_sync_dirty_inodes+0x31f/0x830
[  327.271642][ T5854]  f2fs_write_checkpoint+0x95a/0x1df0
[  327.271691][ T5854]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  327.271760][ T5854]  ? try_to_wake_up+0x7e5/0x1290
[  327.271788][ T5854]  ? kill_f2fs_super+0x298/0x6c0
[  327.271816][ T5854]  kill_f2fs_super+0x2c3/0x6c0
[  327.271845][ T5854]  ? __pfx_kill_f2fs_super+0x10/0x10
[  327.271862][ T5854]  ? radix_tree_delete_item+0x2b6/0x400
[  327.271893][ T5854]  ? shrinker_free+0x2ce/0x3e0
[  327.271915][ T5854]  deactivate_locked_super+0xb9/0x130
[  327.271937][ T5854]  cleanup_mnt+0x425/0x4c0
[  327.271963][ T5854]  ? lockdep_hardirqs_on+0x9c/0x150
[  327.271989][ T5854]  task_work_run+0x1d4/0x260
[  327.272015][ T5854]  ? __pfx_task_work_run+0x10/0x10
[  327.272034][ T5854]  ? __x64_sys_umount+0x122/0x160
[  327.272062][ T5854]  ? exit_to_user_mode_loop+0x40/0x110
[  327.272091][ T5854]  exit_to_user_mode_loop+0xec/0x110
[  327.272116][ T5854]  do_syscall_64+0x2bd/0x3b0
[  327.272138][ T5854]  ? lockdep_hardirqs_on+0x9c/0x150
[  327.272159][ T5854]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  327.272176][ T5854]  ? clear_bhb_loop+0x60/0xb0
[  327.272199][ T5854]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  327.272216][ T5854] RIP: 0033:0x7f9992b8fc57
[  327.272232][ T5854] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  327.272246][ T5854] RSP: 002b:00007fff692b9e48 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  327.272264][ T5854] RAX: 0000000000000000 RBX: 00007f9992c10925 RCX: 00007f9992b8fc57
[  327.272283][ T5854] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff692b9f00
[  327.272294][ T5854] RBP: 00007fff692b9f00 R08: 0000000000000000 R09: 0000000000000000
[  327.272305][ T5854] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff692baf90
[  327.272316][ T5854] R13: 00007f9992c10925 R14: 000000000004fb3a R15: 00007fff692bafd0
[  327.272351][ T5854]  </TASK>
[  327.272358][ T5854] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  327.652046][ T8419] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  327.693349][ T8419] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  327.702219][ T8419] BTRFS info (device loop1): using free-space-tree
[  328.067607][ T5850] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  329.901352][ T8463] loop3: detected capacity change from 0 to 32768
[  330.238396][ T8479] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  330.607310][ T8482] netlink: 'syz.2.576': attribute type 4 has an invalid length.
[  330.717310][ T8465] loop0: detected capacity change from 0 to 40427
[  330.757593][ T8465] F2FS-fs (loop0): heap/no_heap options were deprecated
[  330.791522][ T8465] F2FS-fs (loop0): build fault injection rate: 19
[  330.840089][ T8465] F2FS-fs (loop0): build fault injection type: 0x3bfe8c
[  330.863739][ T8484] netlink: 'syz.4.577': attribute type 10 has an invalid length.
[  330.871646][ T8484] bridge0: port 2(bridge_slave_1) entered disabled state
[  330.879066][ T8484] bridge0: port 1(bridge_slave_0) entered disabled state
[  330.917614][ T8465] F2FS-fs (loop0): invalid crc value
[  330.960253][ T8465] F2FS-fs (loop0): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970
[  331.089947][ T8494] loop1: detected capacity change from 0 to 512
[  331.189530][ T8494] EXT4-fs (loop1): orphan cleanup on readonly fs
[  331.272155][ T8494] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.580: bg 0: block 248: padding at end of block bitmap is not set
[  331.450895][ T8494] Quota error (device loop1): write_blk: dquota write failed
[  331.497513][ T8494] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  331.528134][ T8465] F2FS-fs (loop0): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x20a/0x3f0
[  331.577099][ T8494] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.580: Failed to acquire dquot type 1
[  331.668715][ T8494] EXT4-fs (loop1): 1 truncate cleaned up
[  331.961824][ T8489] loop2: detected capacity change from 0 to 40427
[  331.980653][ T8489] F2FS-fs (loop2): heap/no_heap options were deprecated
[  331.988816][ T8503] loop4: detected capacity change from 0 to 40427
[  331.996623][ T8503] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  332.003112][ T8489] F2FS-fs (loop2): build fault injection rate: 19
[  332.004389][ T8503] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  332.024197][ T8489] F2FS-fs (loop2): build fault injection type: 0x3bfe8c
[  332.048087][ T8503] F2FS-fs (loop4): invalid crc value
[  332.057558][ T8494] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  332.074059][ T8489] F2FS-fs (loop2): invalid crc value
[  332.156507][ T8503] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  332.163630][ T8503] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  332.168301][ T8489] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970
[  332.352066][ T5850] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  333.217122][   T30] audit: type=1800 audit(1752036262.262:189): pid=8512 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.583" name="file1" dev="loop4" ino=10 res=0 errno=0
[  333.375366][ T8489] F2FS-fs (loop2): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x20a/0x3f0
[  333.513674][ T8489] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  333.579505][ T8489] F2FS-fs (loop2): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  333.702272][ T8489] F2FS-fs (loop2): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  333.919964][ T8518] loop1: detected capacity change from 0 to 8
[  333.929337][ T8489] F2FS-fs (loop2): inject inconsistent footer in sanity_check_node_footer of f2fs_convert_inline_inode+0x722/0x880
[  333.957855][ T8489] F2FS-fs (loop2): inconsistent node block, node_type:1, nid:10, node_footer[nid:10,ino:10,ofs:0,cpver:0,blkaddr:0]
[  334.688359][ T5858] syz-executor: attempt to access beyond end of device
[  334.688359][ T5858] loop2: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  334.717678][ T5858] CPU: 1 UID: 0 PID: 5858 Comm: syz-executor Not tainted 6.16.0-rc5-next-20250708-syzkaller #0 PREEMPT(full) 
[  334.717702][ T5858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  334.717713][ T5858] Call Trace:
[  334.717721][ T5858]  <TASK>
[  334.717729][ T5858]  dump_stack_lvl+0x189/0x250
[  334.717758][ T5858]  ? __pfx_dump_stack_lvl+0x10/0x10
[  334.717776][ T5858]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  334.717799][ T5858]  ? __pfx_queue_work_on+0x10/0x10
[  334.717820][ T5858]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  334.717841][ T5858]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  334.717865][ T5858]  ? f2fs_hw_is_readonly+0x39b/0x470
[  334.717897][ T5858]  f2fs_handle_critical_error+0x37c/0x540
[  334.717931][ T5858]  f2fs_write_end_io+0x495/0x810
[  334.717948][ T5858]  ? blkg_put+0x22/0x240
[  334.717986][ T5858]  __submit_merged_bio+0x27a/0x6a0
[  334.718020][ T5858]  __submit_merged_write_cond+0x255/0x530
[  334.718062][ T5858]  f2fs_write_data_pages+0x261d/0x3000
[  334.718124][ T5858]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  334.718140][ T5858]  ? is_bpf_text_address+0x26/0x2b0
[  334.718178][ T5858]  ? arch_stack_walk+0xfc/0x150
[  334.718235][ T5858]  ? rcu_read_lock_sched_held+0x89/0x100
[  334.718295][ T5858]  ? __lock_acquire+0xab9/0xd20
[  334.718340][ T5858]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  334.718360][ T5858]  do_writepages+0x32e/0x550
[  334.718396][ T5858]  ? do_raw_spin_unlock+0x122/0x240
[  334.718423][ T5858]  filemap_fdatawrite+0x199/0x240
[  334.718444][ T5858]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  334.718523][ T5858]  ? do_raw_spin_unlock+0x122/0x240
[  334.718550][ T5858]  f2fs_sync_dirty_inodes+0x31f/0x830
[  334.718589][ T5858]  f2fs_write_checkpoint+0x95a/0x1df0
[  334.718640][ T5858]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  334.718708][ T5858]  ? try_to_wake_up+0x7e5/0x1290
[  334.718738][ T5858]  ? kill_f2fs_super+0x298/0x6c0
[  334.718765][ T5858]  kill_f2fs_super+0x2c3/0x6c0
[  334.718791][ T5858]  ? __pfx_kill_f2fs_super+0x10/0x10
[  334.718807][ T5858]  ? radix_tree_delete_item+0x2b6/0x400
[  334.718839][ T5858]  ? shrinker_free+0x2ce/0x3e0
[  334.718859][ T5858]  deactivate_locked_super+0xb9/0x130
[  334.718881][ T5858]  cleanup_mnt+0x425/0x4c0
[  334.718906][ T5858]  ? lockdep_hardirqs_on+0x9c/0x150
[  334.718933][ T5858]  task_work_run+0x1d4/0x260
[  334.718960][ T5858]  ? __pfx_task_work_run+0x10/0x10
[  334.718979][ T5858]  ? __x64_sys_umount+0x122/0x160
[  334.719006][ T5858]  ? exit_to_user_mode_loop+0x40/0x110
[  334.719035][ T5858]  exit_to_user_mode_loop+0xec/0x110
[  334.719066][ T5858]  do_syscall_64+0x2bd/0x3b0
[  334.719089][ T5858]  ? lockdep_hardirqs_on+0x9c/0x150
[  334.719109][ T5858]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  334.719127][ T5858]  ? clear_bhb_loop+0x60/0xb0
[  334.719150][ T5858]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  334.719166][ T5858] RIP: 0033:0x7fa6c778fc57
[  334.719181][ T5858] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  334.719196][ T5858] RSP: 002b:00007ffe6e8cc358 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  334.719214][ T5858] RAX: 0000000000000000 RBX: 00007fa6c7810925 RCX: 00007fa6c778fc57
[  334.719226][ T5858] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe6e8cc410
[  334.719237][ T5858] RBP: 00007ffe6e8cc410 R08: 0000000000000000 R09: 0000000000000000
[  334.719249][ T5858] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe6e8cd4a0
[  334.719261][ T5858] R13: 00007fa6c7810925 R14: 0000000000051894 R15: 00007ffe6e8cd4e0
[  334.719294][ T5858]  </TASK>
[  334.719302][ T5858] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  334.828447][ T8517] loop0: detected capacity change from 0 to 32768
[  334.838872][ T5858] CPU: 1 UID: 0 PID: 5858 Comm: syz-executor Not tainted 6.16.0-rc5-next-20250708-syzkaller #0 PREEMPT(full) 
[  334.838896][ T5858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  334.838906][ T5858] Call Trace:
[  334.838914][ T5858]  <TASK>
[  334.838921][ T5858]  dump_stack_lvl+0x189/0x250
[  334.838950][ T5858]  ? __pfx_dump_stack_lvl+0x10/0x10
[  334.838967][ T5858]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  334.838989][ T5858]  ? __pfx_queue_work_on+0x10/0x10
[  334.839010][ T5858]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  334.839031][ T5858]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  334.839061][ T5858]  ? f2fs_hw_is_readonly+0x39b/0x470
[  334.839093][ T5858]  f2fs_handle_critical_error+0x37c/0x540
[  334.839126][ T5858]  f2fs_write_end_io+0x495/0x810
[  334.839143][ T5858]  ? blkg_put+0x22/0x240
[  334.839180][ T5858]  __submit_merged_bio+0x27a/0x6a0
[  334.839213][ T5858]  __submit_merged_write_cond+0x255/0x530
[  334.839247][ T5858]  f2fs_write_data_pages+0x261d/0x3000
[  334.839307][ T5858]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  334.839323][ T5858]  ? is_bpf_text_address+0x26/0x2b0
[  334.839362][ T5858]  ? arch_stack_walk+0xfc/0x150
[  334.839419][ T5858]  ? rcu_read_lock_sched_held+0x89/0x100
[  334.839477][ T5858]  ? __lock_acquire+0xab9/0xd20
[  334.839522][ T5858]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  334.839542][ T5858]  do_writepages+0x32e/0x550
[  334.839576][ T5858]  ? do_raw_spin_unlock+0x122/0x240
[  334.839603][ T5858]  filemap_fdatawrite+0x199/0x240
[  334.839624][ T5858]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  334.839702][ T5858]  ? do_raw_spin_unlock+0x122/0x240
[  334.839728][ T5858]  f2fs_sync_dirty_inodes+0x31f/0x830
[  334.839767][ T5858]  f2fs_write_checkpoint+0x95a/0x1df0
[  334.839814][ T5858]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  334.839880][ T5858]  ? try_to_wake_up+0x7e5/0x1290
[  334.839909][ T5858]  ? kill_f2fs_super+0x298/0x6c0
[  334.839935][ T5858]  kill_f2fs_super+0x2c3/0x6c0
[  334.839962][ T5858]  ? __pfx_kill_f2fs_super+0x10/0x10
[  334.839979][ T5858]  ? radix_tree_delete_item+0x2b6/0x400
[  334.840010][ T5858]  ? shrinker_free+0x2ce/0x3e0
[  334.840031][ T5858]  deactivate_locked_super+0xb9/0x130
[  334.840056][ T5858]  cleanup_mnt+0x425/0x4c0
[  334.840081][ T5858]  ? lockdep_hardirqs_on+0x9c/0x150
[  334.840108][ T5858]  task_work_run+0x1d4/0x260
[  334.840134][ T5858]  ? __pfx_task_work_run+0x10/0x10
[  334.840153][ T5858]  ? __x64_sys_umount+0x122/0x160
[  334.840179][ T5858]  ? exit_to_user_mode_loop+0x40/0x110
[  334.840208][ T5858]  exit_to_user_mode_loop+0xec/0x110
[  334.840233][ T5858]  do_syscall_64+0x2bd/0x3b0
[  334.840254][ T5858]  ? lockdep_hardirqs_on+0x9c/0x150
[  334.840276][ T5858]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  334.840292][ T5858]  ? clear_bhb_loop+0x60/0xb0
[  334.840315][ T5858]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  334.840331][ T5858] RIP: 0033:0x7fa6c778fc57
[  334.840347][ T5858] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  334.840362][ T5858] RSP: 002b:00007ffe6e8cc358 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  334.840381][ T5858] RAX: 0000000000000000 RBX: 00007fa6c7810925 RCX: 00007fa6c778fc57
[  334.840393][ T5858] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe6e8cc410
[  334.840404][ T5858] RBP: 00007ffe6e8cc410 R08: 0000000000000000 R09: 0000000000000000
[  334.840415][ T5858] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe6e8cd4a0
[  334.840427][ T5858] R13: 00007fa6c7810925 R14: 0000000000051894 R15: 00007ffe6e8cd4e0
[  334.840460][ T5858]  </TASK>
[  334.840467][ T5858] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  334.945053][ T8517] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.584 (8517)
[  335.375033][ T8528] loop3: detected capacity change from 0 to 512
[  335.490226][ T8528] EXT4-fs: Ignoring removed orlov option
[  335.509808][ T8528] EXT4-fs: inline encryption not supported
[  335.520935][ T8517] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  335.521301][ T8528] EXT4-fs: Ignoring removed orlov option
[  335.538814][ T8528] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  335.606204][ T8517] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[  335.625983][ T5854] syz-executor: attempt to access beyond end of device
[  335.625983][ T5854] loop4: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  335.640548][ T8517] BTRFS info (device loop0): using free-space-tree
[  335.702937][ T5854] CPU: 1 UID: 0 PID: 5854 Comm: syz-executor Not tainted 6.16.0-rc5-next-20250708-syzkaller #0 PREEMPT(full) 
[  335.702961][ T5854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  335.702972][ T5854] Call Trace:
[  335.702987][ T5854]  <TASK>
[  335.702994][ T5854]  dump_stack_lvl+0x189/0x250
[  335.703023][ T5854]  ? __pfx_dump_stack_lvl+0x10/0x10
[  335.703041][ T5854]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  335.703064][ T5854]  ? __pfx_queue_work_on+0x10/0x10
[  335.703085][ T5854]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  335.703106][ T5854]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  335.703128][ T5854]  ? f2fs_hw_is_readonly+0x39b/0x470
[  335.703160][ T5854]  f2fs_handle_critical_error+0x37c/0x540
[  335.703192][ T5854]  f2fs_write_end_io+0x495/0x810
[  335.703209][ T5854]  ? blkg_put+0x22/0x240
[  335.703244][ T5854]  __submit_merged_bio+0x27a/0x6a0
[  335.703265][ T5854]  ? up_write+0x1c4/0x420
[  335.703288][ T5854]  __submit_merged_write_cond+0x44c/0x530
[  335.703322][ T5854]  f2fs_sync_node_pages+0x1869/0x1a00
[  335.703371][ T5854]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  335.703427][ T5854]  ? f2fs_write_checkpoint+0xe43/0x1df0
[  335.703453][ T5854]  ? up_write+0x1c4/0x420
[  335.703470][ T5854]  ? do_raw_spin_unlock+0x122/0x240
[  335.703495][ T5854]  f2fs_write_checkpoint+0xe6f/0x1df0
[  335.703541][ T5854]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  335.703605][ T5854]  ? try_to_wake_up+0x7e5/0x1290
[  335.703633][ T5854]  ? kill_f2fs_super+0x298/0x6c0
[  335.703660][ T5854]  kill_f2fs_super+0x2c3/0x6c0
[  335.703686][ T5854]  ? __pfx_kill_f2fs_super+0x10/0x10
[  335.703704][ T5854]  ? radix_tree_delete_item+0x2b6/0x400
[  335.703732][ T5854]  ? shrinker_free+0x2ce/0x3e0
[  335.703753][ T5854]  deactivate_locked_super+0xb9/0x130
[  335.703775][ T5854]  cleanup_mnt+0x425/0x4c0
[  335.703800][ T5854]  ? lockdep_hardirqs_on+0x9c/0x150
[  335.703826][ T5854]  task_work_run+0x1d4/0x260
[  335.703853][ T5854]  ? __pfx_task_work_run+0x10/0x10
[  335.703872][ T5854]  ? __x64_sys_umount+0x122/0x160
[  335.703898][ T5854]  ? exit_to_user_mode_loop+0x40/0x110
[  335.703926][ T5854]  exit_to_user_mode_loop+0xec/0x110
[  335.703951][ T5854]  do_syscall_64+0x2bd/0x3b0
[  335.703979][ T5854]  ? lockdep_hardirqs_on+0x9c/0x150
[  335.704001][ T5854]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  335.704018][ T5854]  ? clear_bhb_loop+0x60/0xb0
[  335.704041][ T5854]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  335.704057][ T5854] RIP: 0033:0x7f9992b8fc57
[  335.704074][ T5854] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  335.704090][ T5854] RSP: 002b:00007fff692b9e48 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  335.704108][ T5854] RAX: 0000000000000000 RBX: 00007f9992c10925 RCX: 00007f9992b8fc57
[  335.704121][ T5854] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff692b9f00
[  335.704132][ T5854] RBP: 00007fff692b9f00 R08: 0000000000000000 R09: 0000000000000000
[  335.704143][ T5854] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff692baf90
[  335.704153][ T5854] R13: 00007f9992c10925 R14: 0000000000051835 R15: 00007fff692bafd0
[  335.704187][ T5854]  </TASK>
[  335.704194][ T5854] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  336.422330][ T8528] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.586: bg 0: block 64: padding at end of block bitmap is not set
[  336.521369][ T8528] Quota error (device loop3): write_blk: dquota write failed
[  336.556496][ T8528] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  336.649638][ T8528] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.586: Failed to acquire dquot type 0
[  336.734070][ T8528] EXT4-fs (loop3): 1 truncate cleaned up
[  336.746307][ T5859] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  336.778991][ T8528] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  337.648589][ T8540] loop2: detected capacity change from 0 to 32768
[  338.536520][ T8569] loop0: detected capacity change from 0 to 512
[  338.699765][ T8569] EXT4-fs (loop0): orphan cleanup on readonly fs
[  339.059502][ T8569] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.595: bg 0: block 248: padding at end of block bitmap is not set
[  339.072718][ T8563] loop1: detected capacity change from 0 to 32768
[  339.074435][ T8569] Quota error (device loop0): write_blk: dquota write failed
[  339.090033][ T8569] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  339.100319][ T8569] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.595: Failed to acquire dquot type 1
[  339.120571][ T8569] EXT4-fs (loop0): 1 truncate cleaned up
[  339.147096][ T8563] (syz.1.592,8563,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  339.172699][ T5862] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  339.174756][ T8569] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  339.207553][ T8563] (syz.1.592,8563,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  339.232471][ T8563] JBD2: Ignoring recovery information on journal
[  339.291476][ T8563] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  339.494191][ T5859] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  340.886389][ T8585] sp0: Synchronizing with TNC
[  341.608312][ T5850] ocfs2: Unmounting device (7,1) on (node local)
[  341.722732][ T8605] loop4: detected capacity change from 0 to 4096
[  341.833275][ T8605] NILFS error (device loop4): nilfs_bmap_lookup_at_level: broken bmap (inode number=6)
[  341.839147][ T8610] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  341.877483][ T8605] NILFS (loop4): mounting fs with errors
[  342.139253][ T8613] SET target dimension over the limit!
[  342.390489][ T8614] loop0: detected capacity change from 0 to 8
[  342.965035][   T30] audit: type=1326 audit(1752036272.722:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8602 comm="syz.4.601" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9992b8e929 code=0x7fc00000
[  343.155627][ T5997] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  343.254048][ T8623] loop0: detected capacity change from 0 to 4096
[  343.385256][ T8623] NILFS error (device loop0): nilfs_bmap_lookup_at_level: broken bmap (inode number=6)
[  343.397922][ T8629] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  343.525909][ T8623] NILFS (loop0): mounting fs with errors
[  343.674469][ T5997] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  343.686114][ T5997] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  343.699352][ T5997] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  343.709544][ T5997] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  343.749539][ T5997] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  343.752707][ T8631] SET target dimension over the limit!
[  343.772938][ T5997] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  343.842179][ T5997] usb 3-1: config 0 descriptor??
[  343.929354][ T8632] loop4: detected capacity change from 0 to 8
[  344.548195][   T30] audit: type=1326 audit(1752036274.312:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8619 comm="syz.0.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d5e18e929 code=0x7fc00000
[  344.699613][ T8622] loop1: detected capacity change from 0 to 32768
[  344.742632][ T8622] (syz.1.608,8622,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  344.794355][ T8622] (syz.1.608,8622,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  345.811595][ T8646] sp0: Synchronizing with TNC
[  345.852510][ T5997] usbhid 3-1:0.0: can't add hid device: -71
[  345.861553][ T8622] JBD2: Ignoring recovery information on journal
[  345.904402][ T5997] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  345.930150][ T5997] usb 3-1: USB disconnect, device number 6
[  345.967213][ T8622] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  346.733638][ T8668] loop2: detected capacity change from 0 to 512
[  346.740748][ T8668] EXT4-fs: Ignoring removed orlov option
[  346.746540][ T8668] EXT4-fs: inline encryption not supported
[  346.752353][ T8668] EXT4-fs: Ignoring removed orlov option
[  347.252521][ T8668] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  347.327596][ T8668] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.617: bg 0: block 64: padding at end of block bitmap is not set
[  347.346604][ T8668] Quota error (device loop2): write_blk: dquota write failed
[  347.354129][ T8668] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  347.364105][ T8668] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.617: Failed to acquire dquot type 0
[  347.407078][ T8668] EXT4-fs (loop2): 1 truncate cleaned up
[  347.452389][ T8668] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  347.507614][ T5850] ocfs2: Unmounting device (7,1) on (node local)
[  347.653461][ T5858] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  347.897626][ T8677] loop4: detected capacity change from 0 to 4096
[  347.996657][ T8682] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  348.013717][ T8677] NILFS error (device loop4): nilfs_bmap_lookup_at_level: broken bmap (inode number=6)
[  348.032016][ T8677] NILFS (loop4): mounting fs with errors
[  348.150439][ T8683] loop2: detected capacity change from 0 to 4096
[  348.637295][ T8683] NILFS error (device loop2): nilfs_bmap_lookup_at_level: broken bmap (inode number=6)
[  348.639404][ T8693] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  348.661389][ T8683] NILFS (loop2): mounting fs with errors
[  348.671969][ T8691] netlink: 4 bytes leftover after parsing attributes in process `syz.0.623'.
[  348.794054][ T8677] SET target dimension over the limit!
[  348.944518][ T8695] sp0: Synchronizing with TNC
[  349.232391][ T8696] SET target dimension over the limit!
[  349.745479][   T30] audit: type=1326 audit(1752036279.502:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8672 comm="syz.4.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9992b8e929 code=0x7fc00000
[  349.946589][   T30] audit: type=1326 audit(1752036279.542:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8679 comm="syz.2.621" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6c778e929 code=0x7fc00000
[  350.772682][ T8707] netlink: 24 bytes leftover after parsing attributes in process `syz.0.631'.
[  351.341585][ T8719] netlink: 'syz.1.632': attribute type 4 has an invalid length.
[  351.620082][ T8725] loop0: detected capacity change from 0 to 512
[  351.627391][ T8725] EXT4-fs: Ignoring removed orlov option
[  351.633149][ T8725] EXT4-fs: inline encryption not supported
[  351.638964][ T8725] EXT4-fs: Ignoring removed orlov option
[  352.157577][ T8725] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  352.236674][ T8725] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.633: bg 0: block 64: padding at end of block bitmap is not set
[  352.275013][ T8725] Quota error (device loop0): write_blk: dquota write failed
[  352.282550][ T8725] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  352.293334][ T8725] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.633: Failed to acquire dquot type 0
[  352.311439][ T8725] EXT4-fs (loop0): 1 truncate cleaned up
[  352.318872][ T8725] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  353.293086][ T8708] loop2: detected capacity change from 0 to 40427
[  353.370067][ T8708] F2FS-fs (loop2): heap/no_heap options were deprecated
[  353.407667][ T8740] sp0: Synchronizing with TNC
[  353.453776][ T8708] F2FS-fs (loop2): build fault injection rate: 19
[  353.460354][ T8708] F2FS-fs (loop2): build fault injection type: 0x3bfe8c
[  353.489014][ T8708] F2FS-fs (loop2): invalid crc value
[  353.501081][ T5859] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  353.528242][ T8708] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970
[  354.085760][ T8751] sp0: Synchronizing with TNC
[  354.276255][ T8708] F2FS-fs (loop2): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x20a/0x3f0
[  355.248914][ T8768] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  356.306456][ T8776] loop0: detected capacity change from 0 to 512
[  356.318216][ T8776] EXT4-fs: Ignoring removed orlov option
[  356.324007][ T8776] EXT4-fs: inline encryption not supported
[  356.329906][ T8776] EXT4-fs: Ignoring removed orlov option
[  356.831570][ T8776] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  356.861909][ T8776] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.647: bg 0: block 64: padding at end of block bitmap is not set
[  356.878260][ T8776] Quota error (device loop0): write_blk: dquota write failed
[  356.885721][ T8776] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  356.895777][ T8776] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.647: Failed to acquire dquot type 0
[  356.911105][ T8776] EXT4-fs (loop0): 1 truncate cleaned up
[  356.921670][ T8776] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  357.466291][ T5859] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  357.757289][ T8783] loop3: detected capacity change from 0 to 40427
[  357.797241][ T8783] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  357.805040][ T8783] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  357.827005][ T8783] F2FS-fs (loop3): invalid crc value
[  357.970498][ T8783] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  357.977597][ T8783] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  359.478134][   T30] audit: type=1800 audit(1752036289.242:194): pid=8797 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.649" name=07 dev="loop3" ino=10 res=0 errno=0
[  360.636675][ T8807] sp0: Synchronizing with TNC
[  361.851473][ T8816] loop0: detected capacity change from 0 to 40427
[  361.870028][ T8816] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  361.879057][ T8816] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  361.901301][ T8816] F2FS-fs (loop0): invalid crc value
[  362.021234][ T8816] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  362.028357][ T8816] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  362.262850][ T8811] sp0: Synchronizing with TNC
[  363.278488][   T30] audit: type=1800 audit(1752036292.112:195): pid=8826 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.657" name="file1" dev="loop0" ino=10 res=0 errno=0
[  364.258330][ T8831] loop2: detected capacity change from 0 to 512
[  364.265472][ T8831] EXT4-fs: Ignoring removed orlov option
[  364.272847][ T8831] EXT4-fs: inline encryption not supported
[  364.278691][ T8831] EXT4-fs: Ignoring removed orlov option
[  364.528702][ T8831] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  364.564068][ T8831] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.660: bg 0: block 64: padding at end of block bitmap is not set
[  364.582347][ T8831] Quota error (device loop2): write_blk: dquota write failed
[  364.589928][ T8831] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  364.600443][ T8831] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.660: Failed to acquire dquot type 0
[  364.617824][ T8831] EXT4-fs (loop2): 1 truncate cleaned up
[  364.626597][ T8831] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  364.812860][ T5858] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  364.826305][ T8837] loop4: detected capacity change from 0 to 4096
[  364.883240][ T8824] loop1: detected capacity change from 0 to 40427
[  364.898998][ T8838] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  364.899647][ T8837] NILFS error (device loop4): nilfs_bmap_lookup_at_level: broken bmap (inode number=6)
[  364.925970][ T8824] F2FS-fs (loop1): heap/no_heap options were deprecated
[  364.941212][ T8824] F2FS-fs (loop1): build fault injection rate: 19
[  364.966999][ T8824] F2FS-fs (loop1): build fault injection type: 0x3bfe8c
[  364.998803][ T8837] NILFS (loop4): mounting fs with errors
[  364.999060][ T8824] F2FS-fs (loop1): invalid crc value
[  365.068522][ T8824] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970
[  365.367343][ T8846] SET target dimension over the limit!
[  365.740308][ T5859] syz-executor: attempt to access beyond end of device
[  365.740308][ T5859] loop0: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  365.755629][ T8847] loop2: detected capacity change from 0 to 4096
[  365.822741][ T5859] CPU: 0 UID: 0 PID: 5859 Comm: syz-executor Not tainted 6.16.0-rc5-next-20250708-syzkaller #0 PREEMPT(full) 
[  365.822768][ T5859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  365.822777][ T5859] Call Trace:
[  365.822782][ T5859]  <TASK>
[  365.822786][ T5859]  dump_stack_lvl+0x189/0x250
[  365.822805][ T5859]  ? __pfx_dump_stack_lvl+0x10/0x10
[  365.822815][ T5859]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  365.822828][ T5859]  ? __pfx_queue_work_on+0x10/0x10
[  365.822839][ T5859]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  365.822851][ T5859]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  365.822863][ T5859]  ? f2fs_hw_is_readonly+0x39b/0x470
[  365.822882][ T5859]  f2fs_handle_critical_error+0x37c/0x540
[  365.822899][ T5859]  f2fs_write_end_io+0x495/0x810
[  365.822909][ T5859]  ? blkg_put+0x22/0x240
[  365.822928][ T5859]  __submit_merged_bio+0x27a/0x6a0
[  365.822941][ T5859]  ? up_write+0x1c4/0x420
[  365.822955][ T5859]  __submit_merged_write_cond+0x44c/0x530
[  365.822974][ T5859]  f2fs_sync_node_pages+0x1869/0x1a00
[  365.823000][ T5859]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  365.823033][ T5859]  ? f2fs_write_checkpoint+0xe43/0x1df0
[  365.823046][ T5859]  ? up_write+0x1c4/0x420
[  365.823055][ T5859]  ? do_raw_spin_unlock+0x122/0x240
[  365.823069][ T5859]  f2fs_write_checkpoint+0xe6f/0x1df0
[  365.823094][ T5859]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  365.823126][ T5859]  ? try_to_wake_up+0x7e5/0x1290
[  365.823141][ T5859]  ? kill_f2fs_super+0x298/0x6c0
[  365.823155][ T5859]  kill_f2fs_super+0x2c3/0x6c0
[  365.823170][ T5859]  ? __pfx_kill_f2fs_super+0x10/0x10
[  365.823179][ T5859]  ? radix_tree_delete_item+0x2b6/0x400
[  365.823196][ T5859]  ? shrinker_free+0x2ce/0x3e0
[  365.823207][ T5859]  deactivate_locked_super+0xb9/0x130
[  365.823219][ T5859]  cleanup_mnt+0x425/0x4c0
[  365.823233][ T5859]  ? lockdep_hardirqs_on+0x9c/0x150
[  365.823248][ T5859]  task_work_run+0x1d4/0x260
[  365.823262][ T5859]  ? __pfx_task_work_run+0x10/0x10
[  365.823273][ T5859]  ? __x64_sys_umount+0x122/0x160
[  365.823288][ T5859]  ? schedule+0x16f/0x360
[  365.823301][ T5859]  exit_to_user_mode_loop+0xec/0x110
[  365.823316][ T5859]  do_syscall_64+0x2bd/0x3b0
[  365.823329][ T5859]  ? lockdep_hardirqs_on+0x9c/0x150
[  365.823341][ T5859]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  365.823350][ T5859]  ? clear_bhb_loop+0x60/0xb0
[  365.823362][ T5859]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  365.823374][ T5859] RIP: 0033:0x7f6d5e18fc57
[  365.823384][ T5859] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  365.823392][ T5859] RSP: 002b:00007ffee67b35c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  365.823404][ T5859] RAX: 0000000000000000 RBX: 00007f6d5e210925 RCX: 00007f6d5e18fc57
[  365.823410][ T5859] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffee67b3680
[  365.823416][ T5859] RBP: 00007ffee67b3680 R08: 0000000000000000 R09: 0000000000000000
[  365.823422][ T5859] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffee67b4710
[  365.823428][ T5859] R13: 00007f6d5e210925 R14: 0000000000058fb5 R15: 00007ffee67b4750
[  365.823445][ T5859]  </TASK>
[  365.823449][ T5859] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  365.919784][ T8824] F2FS-fs (loop1): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x20a/0x3f0
[  366.234803][   T30] audit: type=1326 audit(1752036295.982:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8835 comm="syz.4.661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9992b8e929 code=0x7fc00000
[  366.397008][ T8847] NILFS error (device loop2): nilfs_bmap_lookup_at_level: broken bmap (inode number=6)
[  366.423414][ T8852] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  366.465475][ T8847] NILFS (loop2): mounting fs with errors
[  367.115531][   T30] audit: type=1326 audit(1752036296.872:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8844 comm="syz.2.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6c778e929 code=0x7fc00000
[  367.161422][ T8859] netlink: 'syz.3.668': attribute type 10 has an invalid length.
[  367.606248][ T8864] sp0: Synchronizing with TNC
[  367.844471][ T8861] loop2: detected capacity change from 0 to 8
[  368.771086][ T8869] loop2: detected capacity change from 0 to 40427
[  368.782406][ T8867] sp0: Synchronizing with TNC
[  368.813314][ T8869] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  368.821058][ T8869] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  368.836578][ T8869] F2FS-fs (loop2): invalid crc value
[  369.737277][ T8877] loop3: detected capacity change from 0 to 512
[  369.811997][ T8869] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  369.819242][ T8869] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  369.888840][ T8877] EXT4-fs (loop3): orphan cleanup on readonly fs
[  369.905272][ T8877] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.673: bg 0: block 248: padding at end of block bitmap is not set
[  370.056351][ T8884] loop0: detected capacity change from 0 to 512
[  370.066187][ T8884] EXT4-fs: Ignoring removed orlov option
[  370.071897][ T8884] EXT4-fs: inline encryption not supported
[  370.077801][ T8884] EXT4-fs: Ignoring removed orlov option
[  370.303204][ T8884] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  370.376242][ T8877] Quota error (device loop3): write_blk: dquota write failed
[  370.471207][ T8884] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.674: bg 0: block 64: padding at end of block bitmap is not set
[  370.487178][ T8884] Quota error (device loop0): write_blk: dquota write failed
[  370.495200][ T8884] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  370.505388][ T8884] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.674: Failed to acquire dquot type 0
[  370.525685][ T8884] EXT4-fs (loop0): 1 truncate cleaned up
[  370.538790][ T8884] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  370.613930][ T8877] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  370.625297][ T8877] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.673: Failed to acquire dquot type 1
[  370.640510][ T8877] EXT4-fs (loop3): 1 truncate cleaned up
[  370.649282][ T8877] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  370.790592][   T30] audit: type=1800 audit(1752036300.552:198): pid=8892 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.672" name="file1" dev="loop2" ino=10 res=0 errno=0
[  370.884441][ T5859] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  371.042161][ T5862] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  372.564836][ T8909] openvswitch: netlink: Flow key attr not present in new flow.
[  372.639406][ T8911] netlink: 'syz.0.681': attribute type 10 has an invalid length.
[  372.766125][ T8914] loop3: detected capacity change from 0 to 512
[  372.927176][ T8914] EXT4-fs (loop3): orphan cleanup on readonly fs
[  372.989978][ T8914] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.682: bg 0: block 248: padding at end of block bitmap is not set
[  373.022500][ T8914] Quota error (device loop3): write_blk: dquota write failed
[  373.050588][ T8914] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  373.092068][ T8914] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.682: Failed to acquire dquot type 1
[  373.193386][ T8914] EXT4-fs (loop3): 1 truncate cleaned up
[  373.346385][ T8914] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  373.551462][ T5862] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  374.031226][ T8930] loop3: detected capacity change from 0 to 512
[  374.041586][ T8930] EXT4-fs: Ignoring removed orlov option
[  374.047433][ T8930] EXT4-fs: inline encryption not supported
[  374.053410][ T8930] EXT4-fs: Ignoring removed orlov option
[  374.640038][ T8930] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  374.755877][ T8930] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.687: bg 0: block 64: padding at end of block bitmap is not set
[  374.771875][ T8930] Quota error (device loop3): write_blk: dquota write failed
[  374.779995][ T8930] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  374.790173][ T8930] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.687: Failed to acquire dquot type 0
[  374.804937][ T8930] EXT4-fs (loop3): 1 truncate cleaned up
[  374.818076][ T8930] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  375.027516][ T5862] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  375.065015][ T5997] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  375.145301][ T7394] kworker/u8:13: attempt to access beyond end of device
[  375.145301][ T7394] loop2: rw=1, sector=77824, nr_sectors = 2096 limit=40427
[  375.175270][ T7394] kworker/u8:13: attempt to access beyond end of device
[  375.175270][ T7394] loop2: rw=1, sector=79920, nr_sectors = 1504 limit=40427
[  375.255876][ T5997] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  375.297570][ T5997] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  375.337273][ T5997] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  375.360398][ T5997] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  375.387920][ T5997] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  375.410077][ T5997] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  375.477627][ T5997] usb 1-1: config 0 descriptor??
[  375.562436][ T8941] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  376.405094][ T5997] usbhid 1-1:0.0: can't add hid device: -71
[  376.436591][ T5997] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  376.857722][ T5997] usb 1-1: USB disconnect, device number 4
[  377.261271][ T8955] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  377.484189][ T8965] loop0: detected capacity change from 0 to 512
[  377.515032][ T8965] EXT4-fs (loop0): orphan cleanup on readonly fs
[  377.544277][    T9] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  377.588998][ T8965] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.697: bg 0: block 248: padding at end of block bitmap is not set
[  377.615373][ T8965] Quota error (device loop0): write_blk: dquota write failed
[  377.630670][ T8965] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  377.643349][ T8965] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.697: Failed to acquire dquot type 1
[  377.659581][ T8965] EXT4-fs (loop0): 1 truncate cleaned up
[  377.674434][ T8965] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  377.754752][    T9] usb 4-1: Using ep0 maxpacket: 8
[  377.770224][    T9] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 3
[  377.790585][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 7
[  377.819480][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[  377.859265][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[  377.926480][ T5859] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  378.538391][    T9] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  378.588404][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  378.604698][ T1306] ieee802154 phy0 wpan0: encryption failed: -22
[  378.625078][ T1306] ieee802154 phy1 wpan1: encryption failed: -22
[  379.061619][ T8977] loop2: detected capacity change from 0 to 40427
[  379.069712][ T8980] loop0: detected capacity change from 0 to 512
[  379.076892][ T8980] EXT4-fs: Ignoring removed orlov option
[  379.082543][ T8980] EXT4-fs: inline encryption not supported
[  379.088512][ T8980] EXT4-fs: Ignoring removed orlov option
[  379.098288][ T8977] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  379.109726][ T8977] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  379.127530][ T8977] F2FS-fs (loop2): invalid crc value
[  379.136444][ T8980] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  379.161985][    T9] usb 4-1: config 0 descriptor??
[  379.178263][ T8980] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.699: bg 0: block 64: padding at end of block bitmap is not set
[  379.193325][ T8980] Quota error (device loop0): write_blk: dquota write failed
[  379.200821][ T8980] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  379.210861][ T8980] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.699: Failed to acquire dquot type 0
[  379.228040][ T8980] EXT4-fs (loop0): 1 truncate cleaned up
[  379.236344][ T8980] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  379.265187][ T8977] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  379.272283][ T8977] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  379.281290][ T8959] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  379.475208][ T8959] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  379.562433][ T5859] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  380.018317][   T30] audit: type=1800 audit(1752036309.722:199): pid=8992 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.700" name="file1" dev="loop2" ino=10 res=0 errno=0
[  380.038686][    C0] vkms_vblank_simulate: vblank timer overrun
[  380.223761][ T8959] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  380.252453][    T9] usb 4-1: string descriptor 0 read error: -71
[  380.345121][    T9] usb 4-1: USB disconnect, device number 10
[  380.614464][ T8997] sp0: Synchronizing with TNC
[  382.469047][ T9008] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  382.952737][    T9] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  383.096006][ T8999] loop3: detected capacity change from 0 to 40427
[  383.256603][ T9010] loop1: detected capacity change from 0 to 32768
[  383.305543][    T9] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  383.307081][ T8999] F2FS-fs (loop3): heap/no_heap options were deprecated
[  383.321912][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  383.348035][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  383.348053][ T9010] (syz.1.707,9010,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  383.361279][ T8999] F2FS-fs (loop3): build fault injection rate: 19
[  383.378168][    T9] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  383.426625][ T8999] F2FS-fs (loop3): build fault injection type: 0x3bfe8c
[  383.526866][ T9010] (syz.1.707,9010,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  383.556649][ T8999] F2FS-fs (loop3): invalid crc value
[  383.670801][ T8999] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970
[  383.692632][    T9] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  383.695750][ T9010] JBD2: Ignoring recovery information on journal
[  383.701669][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  383.714307][    T9] usb 1-1: config 0 descriptor??
[  383.851615][ T9010] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  383.911595][ T8999] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x20a/0x3f0
[  384.310238][ T9030] loop4: detected capacity change from 0 to 4096
[  384.400746][ T9034] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  384.431627][   T30] audit: type=1800 audit(1752036314.192:200): pid=9030 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.712" name="file1" dev="loop4" ino=15 res=0 errno=0
[  384.828556][    T9] usbhid 1-1:0.0: can't add hid device: -71
[  384.829714][ T5850] ocfs2: Unmounting device (7,1) on (node local)
[  384.902711][    T9] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  385.197551][    T9] usb 1-1: USB disconnect, device number 5
[  387.684966][ T9049] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  387.701436][ T9053] netlink: 'syz.1.713': attribute type 10 has an invalid length.
[  391.612846][ T9064] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  393.284373][ T9072] loop2: detected capacity change from 0 to 512
[  393.368944][ T9080] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  393.637669][ T9072] EXT4-fs (loop2): orphan cleanup on readonly fs
[  393.844911][ T9072] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.720: bg 0: block 248: padding at end of block bitmap is not set
[  393.900598][ T9083] loop0: detected capacity change from 0 to 40427
[  393.917027][ T9083] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  393.924808][ T9083] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  394.037856][ T9083] F2FS-fs (loop0): invalid crc value
[  394.119451][ T9083] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  394.126713][ T9083] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  394.132679][ T9072] Quota error (device loop2): write_blk: dquota write failed
[  394.314099][ T9072] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  395.102688][   T30] audit: type=1800 audit(1752036324.162:201): pid=9093 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.723" name="file1" dev="loop0" ino=10 res=0 errno=0
[  395.149925][ T9072] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.720: Failed to acquire dquot type 1
[  396.244175][ T9072] EXT4-fs (loop2): 1 truncate cleaned up
[  396.278965][ T9072] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  396.364031][ T5858] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  396.913476][ T9105] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  396.950885][ T5859] syz-executor: attempt to access beyond end of device
[  396.950885][ T5859] loop0: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  397.197067][ T5859] CPU: 0 UID: 0 PID: 5859 Comm: syz-executor Not tainted 6.16.0-rc5-next-20250708-syzkaller #0 PREEMPT(full) 
[  397.197093][ T5859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  397.197104][ T5859] Call Trace:
[  397.197111][ T5859]  <TASK>
[  397.197118][ T5859]  dump_stack_lvl+0x189/0x250
[  397.197148][ T5859]  ? __pfx_dump_stack_lvl+0x10/0x10
[  397.197165][ T5859]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  397.197185][ T5859]  ? __pfx_queue_work_on+0x10/0x10
[  397.197207][ T5859]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  397.197225][ T5859]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  397.197247][ T5859]  ? f2fs_hw_is_readonly+0x39b/0x470
[  397.197279][ T5859]  f2fs_handle_critical_error+0x37c/0x540
[  397.197312][ T5859]  f2fs_write_end_io+0x495/0x810
[  397.197328][ T5859]  ? blkg_put+0x22/0x240
[  397.197365][ T5859]  __submit_merged_bio+0x27a/0x6a0
[  397.197388][ T5859]  ? up_write+0x1c4/0x420
[  397.197415][ T5859]  __submit_merged_write_cond+0x44c/0x530
[  397.197448][ T5859]  f2fs_sync_node_pages+0x1869/0x1a00
[  397.197501][ T5859]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  397.197561][ T5859]  ? f2fs_write_checkpoint+0xe43/0x1df0
[  397.197587][ T5859]  ? up_write+0x1c4/0x420
[  397.197605][ T5859]  ? do_raw_spin_unlock+0x122/0x240
[  397.197632][ T5859]  f2fs_write_checkpoint+0xe6f/0x1df0
[  397.197685][ T5859]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  397.197753][ T5859]  ? try_to_wake_up+0x7e5/0x1290
[  397.197783][ T5859]  ? kill_f2fs_super+0x298/0x6c0
[  397.197809][ T5859]  kill_f2fs_super+0x2c3/0x6c0
[  397.197837][ T5859]  ? __pfx_kill_f2fs_super+0x10/0x10
[  397.197855][ T5859]  ? radix_tree_delete_item+0x2b6/0x400
[  397.197887][ T5859]  ? shrinker_free+0x2ce/0x3e0
[  397.197908][ T5859]  deactivate_locked_super+0xb9/0x130
[  397.197930][ T5859]  cleanup_mnt+0x425/0x4c0
[  397.197955][ T5859]  ? lockdep_hardirqs_on+0x9c/0x150
[  397.197991][ T5859]  task_work_run+0x1d4/0x260
[  397.198018][ T5859]  ? __pfx_task_work_run+0x10/0x10
[  397.198038][ T5859]  ? __x64_sys_umount+0x122/0x160
[  397.198065][ T5859]  ? exit_to_user_mode_loop+0x40/0x110
[  397.198095][ T5859]  exit_to_user_mode_loop+0xec/0x110
[  397.198119][ T5859]  do_syscall_64+0x2bd/0x3b0
[  397.198144][ T5859]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  397.198160][ T5859]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  397.198175][ T5859]  ? clear_bhb_loop+0x60/0xb0
[  397.198199][ T5859]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  397.198216][ T5859] RIP: 0033:0x7f6d5e18fc57
[  397.198234][ T5859] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  397.198249][ T5859] RSP: 002b:00007ffee67b35c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  397.198268][ T5859] RAX: 0000000000000000 RBX: 00007f6d5e210925 RCX: 00007f6d5e18fc57
[  397.198280][ T5859] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffee67b3680
[  397.198291][ T5859] RBP: 00007ffee67b3680 R08: 0000000000000000 R09: 0000000000000000
[  397.198302][ T5859] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffee67b4710
[  397.198313][ T5859] R13: 00007f6d5e210925 R14: 0000000000060946 R15: 00007ffee67b4750
[  397.198348][ T5859]  </TASK>
[  397.198356][ T5859] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  397.202220][ T9108] netlink: 'syz.1.728': attribute type 4 has an invalid length.
[  397.768950][ T9116] netlink: 'syz.2.730': attribute type 10 has an invalid length.
[  398.337348][ T9123] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  399.668561][ T9132] netlink: 52 bytes leftover after parsing attributes in process `syz.4.735'.
[  399.677732][ T9132] netlink: 52 bytes leftover after parsing attributes in process `syz.4.735'.
[  399.891088][ T9131] loop4: detected capacity change from 0 to 40427
[  399.917942][ T9131] F2FS-fs (loop4): Unrecognized mount option "" or missing value
[  401.626100][ T9147] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  402.207342][ T9149] loop1: detected capacity change from 0 to 40427
[  402.237965][ T9149] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  402.245759][ T9149] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  402.302156][ T9149] F2FS-fs (loop1): invalid crc value
[  402.379421][ T9149] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  402.386551][ T9149] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  403.520931][   T30] audit: type=1800 audit(1752036332.382:202): pid=9155 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.740" name="file1" dev="loop1" ino=10 res=0 errno=0
[  404.385782][ T9164] netlink: 'syz.2.744': attribute type 10 has an invalid length.
[  404.431897][ T9162] netlink: 'syz.4.743': attribute type 4 has an invalid length.
[  405.810003][ T5850] syz-executor: attempt to access beyond end of device
[  405.810003][ T5850] loop1: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  405.824396][ T5850] CPU: 1 UID: 0 PID: 5850 Comm: syz-executor Not tainted 6.16.0-rc5-next-20250708-syzkaller #0 PREEMPT(full) 
[  405.824419][ T5850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  405.824429][ T5850] Call Trace:
[  405.824437][ T5850]  <TASK>
[  405.824445][ T5850]  dump_stack_lvl+0x189/0x250
[  405.824476][ T5850]  ? __pfx_dump_stack_lvl+0x10/0x10
[  405.824500][ T5850]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  405.824522][ T5850]  ? __pfx_queue_work_on+0x10/0x10
[  405.824544][ T5850]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  405.824566][ T5850]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  405.824590][ T5850]  ? f2fs_hw_is_readonly+0x39b/0x470
[  405.824623][ T5850]  f2fs_handle_critical_error+0x37c/0x540
[  405.824658][ T5850]  f2fs_write_end_io+0x495/0x810
[  405.824676][ T5850]  ? blkg_put+0x22/0x240
[  405.824715][ T5850]  __submit_merged_bio+0x27a/0x6a0
[  405.824739][ T5850]  ? up_write+0x1c4/0x420
[  405.824767][ T5850]  __submit_merged_write_cond+0x44c/0x530
[  405.824803][ T5850]  f2fs_sync_node_pages+0x1869/0x1a00
[  405.824861][ T5850]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  405.824911][ T5850]  ? f2fs_write_checkpoint+0xe43/0x1df0
[  405.824938][ T5850]  ? up_write+0x1c4/0x420
[  405.824953][ T5850]  ? do_raw_spin_unlock+0x122/0x240
[  405.824982][ T5850]  f2fs_write_checkpoint+0xe6f/0x1df0
[  405.825034][ T5850]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  405.825107][ T5850]  ? try_to_wake_up+0x7e5/0x1290
[  405.825137][ T5850]  ? kill_f2fs_super+0x298/0x6c0
[  405.825164][ T5850]  kill_f2fs_super+0x2c3/0x6c0
[  405.825194][ T5850]  ? __pfx_kill_f2fs_super+0x10/0x10
[  405.825211][ T5850]  ? radix_tree_delete_item+0x2b6/0x400
[  405.825242][ T5850]  ? shrinker_free+0x2ce/0x3e0
[  405.825265][ T5850]  deactivate_locked_super+0xb9/0x130
[  405.825288][ T5850]  cleanup_mnt+0x425/0x4c0
[  405.825313][ T5850]  ? lockdep_hardirqs_on+0x9c/0x150
[  405.825340][ T5850]  task_work_run+0x1d4/0x260
[  405.825367][ T5850]  ? __pfx_task_work_run+0x10/0x10
[  405.825386][ T5850]  ? __x64_sys_umount+0x122/0x160
[  405.825414][ T5850]  ? exit_to_user_mode_loop+0x40/0x110
[  405.825445][ T5850]  exit_to_user_mode_loop+0xec/0x110
[  405.825470][ T5850]  do_syscall_64+0x2bd/0x3b0
[  405.825497][ T5850]  ? lockdep_hardirqs_on+0x9c/0x150
[  405.825519][ T5850]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  405.825536][ T5850]  ? clear_bhb_loop+0x60/0xb0
[  405.825559][ T5850]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  405.825576][ T5850] RIP: 0033:0x7f31c4d8fc57
[  405.825593][ T5850] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  405.825608][ T5850] RSP: 002b:00007fff41050f28 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  405.825628][ T5850] RAX: 0000000000000000 RBX: 00007f31c4e10925 RCX: 00007f31c4d8fc57
[  405.825641][ T5850] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff41050fe0
[  405.825652][ T5850] RBP: 00007fff41050fe0 R08: 0000000000000000 R09: 0000000000000000
[  405.825663][ T5850] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff41052070
[  405.825675][ T5850] R13: 00007f31c4e10925 R14: 0000000000062940 R15: 00007fff410520b0
[  405.825712][ T5850]  </TASK>
[  405.825720][ T5850] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  406.021510][ T9160] loop3: detected capacity change from 0 to 40427
[  406.422638][ T9160] F2FS-fs (loop3): heap/no_heap options were deprecated
[  406.525972][ T9160] F2FS-fs (loop3): build fault injection rate: 19
[  406.532495][ T9160] F2FS-fs (loop3): build fault injection type: 0x3bfe8c
[  406.664409][ T9179] netlink: 52 bytes leftover after parsing attributes in process `syz.2.749'.
[  406.673667][ T9179] netlink: 52 bytes leftover after parsing attributes in process `syz.2.749'.
[  406.890405][ T9178] loop2: detected capacity change from 0 to 40427
[  407.001739][ T9160] F2FS-fs (loop3): invalid crc value
[  407.694882][ T9178] F2FS-fs (loop2): Unrecognized mount option "" or missing value
[  407.938023][ T9160] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970
[  408.697407][ T9193] sp0: Synchronizing with TNC
[  409.592984][ T9160] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x20a/0x3f0
[  409.867457][ T9202] netlink: 'syz.2.755': attribute type 10 has an invalid length.
[  410.249182][ T9204] loop2: detected capacity change from 0 to 40427
[  410.274712][ T9204] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  410.282455][ T9204] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  410.311545][ T9204] F2FS-fs (loop2): invalid crc value
[  410.515762][ T9204] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  410.522857][ T9204] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  410.798978][ T9209] loop0: detected capacity change from 0 to 40427
[  410.807148][ T9209] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  410.815258][ T9209] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  410.854996][ T9209] F2FS-fs (loop0): invalid crc value
[  411.598334][   T30] audit: type=1800 audit(1752036340.642:203): pid=9212 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.756" name="file1" dev="loop2" ino=10 res=0 errno=0
[  411.753846][ T9209] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  411.760939][ T9209] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  412.964665][   T30] audit: type=1800 audit(1752036342.192:204): pid=9218 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.758" name="file1" dev="loop0" ino=10 res=0 errno=0
[  414.244993][ T5858] syz-executor: attempt to access beyond end of device
[  414.244993][ T5858] loop2: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  414.296346][ T5859] syz-executor: attempt to access beyond end of device
[  414.296346][ T5859] loop0: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  414.312994][ T5858] CPU: 0 UID: 0 PID: 5858 Comm: syz-executor Not tainted 6.16.0-rc5-next-20250708-syzkaller #0 PREEMPT(full) 
[  414.313019][ T5858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  414.313030][ T5858] Call Trace:
[  414.313038][ T5858]  <TASK>
[  414.313046][ T5858]  dump_stack_lvl+0x189/0x250
[  414.313075][ T5858]  ? __pfx_dump_stack_lvl+0x10/0x10
[  414.313093][ T5858]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  414.313115][ T5858]  ? __pfx_queue_work_on+0x10/0x10
[  414.313136][ T5858]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  414.313157][ T5858]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  414.313181][ T5858]  ? f2fs_hw_is_readonly+0x39b/0x470
[  414.313211][ T5858]  f2fs_handle_critical_error+0x37c/0x540
[  414.313243][ T5858]  f2fs_write_end_io+0x495/0x810
[  414.313261][ T5858]  ? blkg_put+0x22/0x240
[  414.313296][ T5858]  __submit_merged_bio+0x27a/0x6a0
[  414.313319][ T5858]  ? up_write+0x1c4/0x420
[  414.313345][ T5858]  __submit_merged_write_cond+0x44c/0x530
[  414.313378][ T5858]  f2fs_sync_node_pages+0x1869/0x1a00
[  414.313429][ T5858]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  414.313486][ T5858]  ? f2fs_write_checkpoint+0xe43/0x1df0
[  414.313511][ T5858]  ? up_write+0x1c4/0x420
[  414.313528][ T5858]  ? do_raw_spin_unlock+0x122/0x240
[  414.313555][ T5858]  f2fs_write_checkpoint+0xe6f/0x1df0
[  414.313609][ T5858]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  414.313673][ T5858]  ? try_to_wake_up+0x7e5/0x1290
[  414.313702][ T5858]  ? kill_f2fs_super+0x298/0x6c0
[  414.313729][ T5858]  kill_f2fs_super+0x2c3/0x6c0
[  414.313756][ T5858]  ? __pfx_kill_f2fs_super+0x10/0x10
[  414.313773][ T5858]  ? radix_tree_delete_item+0x2b6/0x400
[  414.313804][ T5858]  ? shrinker_free+0x2ce/0x3e0
[  414.313824][ T5858]  deactivate_locked_super+0xb9/0x130
[  414.313845][ T5858]  cleanup_mnt+0x425/0x4c0
[  414.313869][ T5858]  ? lockdep_hardirqs_on+0x9c/0x150
[  414.313895][ T5858]  task_work_run+0x1d4/0x260
[  414.313921][ T5858]  ? __pfx_task_work_run+0x10/0x10
[  414.313940][ T5858]  ? __x64_sys_umount+0x122/0x160
[  414.313965][ T5858]  ? exit_to_user_mode_loop+0x40/0x110
[  414.313994][ T5858]  exit_to_user_mode_loop+0xec/0x110
[  414.314018][ T5858]  do_syscall_64+0x2bd/0x3b0
[  414.314040][ T5858]  ? lockdep_hardirqs_on+0x9c/0x150
[  414.314061][ T5858]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  414.314078][ T5858]  ? clear_bhb_loop+0x60/0xb0
[  414.314100][ T5858]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  414.314116][ T5858] RIP: 0033:0x7fa6c778fc57
[  414.314133][ T5858] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  414.314147][ T5858] RSP: 002b:00007ffe6e8cc358 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  414.314165][ T5858] RAX: 0000000000000000 RBX: 00007fa6c7810925 RCX: 00007fa6c778fc57
[  414.314176][ T5858] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe6e8cc410
[  414.314186][ T5858] RBP: 00007ffe6e8cc410 R08: 0000000000000000 R09: 0000000000000000
[  414.314195][ T5858] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe6e8cd4a0
[  414.314206][ T5858] R13: 00007fa6c7810925 R14: 0000000000064d2a R15: 00007ffe6e8cd4e0
[  414.314239][ T5858]  </TASK>
[  414.314247][ T5858] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  414.339984][ T5859] CPU: 1 UID: 0 PID: 5859 Comm: syz-executor Not tainted 6.16.0-rc5-next-20250708-syzkaller #0 PREEMPT(full) 
[  414.340007][ T5859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  414.340017][ T5859] Call Trace:
[  414.340025][ T5859]  <TASK>
[  414.340032][ T5859]  dump_stack_lvl+0x189/0x250
[  414.340062][ T5859]  ? __pfx_dump_stack_lvl+0x10/0x10
[  414.340079][ T5859]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  414.340100][ T5859]  ? __pfx_queue_work_on+0x10/0x10
[  414.340120][ T5859]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  414.340141][ T5859]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  414.340165][ T5859]  ? f2fs_hw_is_readonly+0x39b/0x470
[  414.340196][ T5859]  f2fs_handle_critical_error+0x37c/0x540
[  414.340230][ T5859]  f2fs_write_end_io+0x495/0x810
[  414.340247][ T5859]  ? blkg_put+0x22/0x240
[  414.340284][ T5859]  __submit_merged_bio+0x27a/0x6a0
[  414.340306][ T5859]  ? up_write+0x1c4/0x420
[  414.340333][ T5859]  __submit_merged_write_cond+0x44c/0x530
[  414.340367][ T5859]  f2fs_sync_node_pages+0x1869/0x1a00
[  414.340421][ T5859]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  414.340481][ T5859]  ? f2fs_write_checkpoint+0xe43/0x1df0
[  414.340507][ T5859]  ? up_write+0x1c4/0x420
[  414.340524][ T5859]  ? do_raw_spin_unlock+0x122/0x240
[  414.340550][ T5859]  f2fs_write_checkpoint+0xe6f/0x1df0
[  414.340612][ T5859]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  414.340680][ T5859]  ? try_to_wake_up+0x7e5/0x1290
[  414.340709][ T5859]  ? kill_f2fs_super+0x298/0x6c0
[  414.340736][ T5859]  kill_f2fs_super+0x2c3/0x6c0
[  414.340763][ T5859]  ? __pfx_kill_f2fs_super+0x10/0x10
[  414.340793][ T5859]  ? shrinker_free+0x2ce/0x3e0
[  414.340814][ T5859]  deactivate_locked_super+0xb9/0x130
[  414.340836][ T5859]  cleanup_mnt+0x425/0x4c0
[  414.340869][ T5859]  ? lockdep_hardirqs_on+0x9c/0x150
[  414.340895][ T5859]  task_work_run+0x1d4/0x260
[  414.340922][ T5859]  ? __pfx_task_work_run+0x10/0x10
[  414.340941][ T5859]  ? __x64_sys_umount+0x122/0x160
[  414.340971][ T5859]  ? exit_to_user_mode_loop+0x40/0x110
[  414.341000][ T5859]  exit_to_user_mode_loop+0xec/0x110
[  414.341025][ T5859]  do_syscall_64+0x2bd/0x3b0
[  414.341047][ T5859]  ? lockdep_hardirqs_on+0x9c/0x150
[  414.341069][ T5859]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  414.341086][ T5859]  ? clear_bhb_loop+0x60/0xb0
[  414.341107][ T5859]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  414.341124][ T5859] RIP: 0033:0x7f6d5e18fc57
[  414.341140][ T5859] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  414.341156][ T5859] RSP: 002b:00007ffee67b35c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  414.341175][ T5859] RAX: 0000000000000000 RBX: 00007f6d5e210925 RCX: 00007f6d5e18fc57
[  414.341186][ T5859] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffee67b3680
[  414.341197][ T5859] RBP: 00007ffee67b3680 R08: 0000000000000000 R09: 0000000000000000
[  414.341208][ T5859] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffee67b4710
[  414.341219][ T5859] R13: 00007f6d5e210925 R14: 0000000000064d19 R15: 00007ffee67b4750
[  414.341254][ T5859]  </TASK>
[  414.352970][ T5859] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  414.614847][ T9220] netlink: 8 bytes leftover after parsing attributes in process `syz.1.747'.
[  415.068248][ T9222] loop3: detected capacity change from 0 to 32768
[  415.152012][ T9227] loop4: detected capacity change from 0 to 4096
[  415.241202][ T9227] NILFS error (device loop4): nilfs_bmap_lookup_at_level: broken bmap (inode number=6)
[  415.252161][ T9230] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  415.295593][ T9227] NILFS (loop4): mounting fs with errors
[  415.488109][ T9233] SET target dimension over the limit!
[  416.074297][   T30] audit: type=1326 audit(1752036345.772:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9225 comm="syz.4.761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9992b8e929 code=0x7fc00000
[  416.096506][    C0] vkms_vblank_simulate: vblank timer overrun
[  417.652993][ T9242] sp0: Synchronizing with TNC
[  417.829779][ T9244] openvswitch: netlink: Message has 16 unknown bytes.
[  417.847012][ T9244] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  417.890148][ T9232] loop1: detected capacity change from 0 to 32768
[  418.024390][ T9248] loop0: detected capacity change from 0 to 8
[  419.464203][ T9258] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  419.576823][ T9239] loop4: detected capacity change from 0 to 32768
[  420.343455][ T9266] loop1: detected capacity change from 0 to 40427
[  420.369910][ T9266] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  420.377704][ T9266] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  420.396630][ T9266] F2FS-fs (loop1): invalid crc value
[  420.856678][ T9266] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  420.863875][ T9266] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  421.764588][   T30] audit: type=1800 audit(1752036350.872:206): pid=9274 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.770" name="file1" dev="loop1" ino=10 res=0 errno=0
[  423.069229][ T9279] loop2: detected capacity change from 0 to 40427
[  423.081656][ T9278] sp0: Synchronizing with TNC
[  423.097180][ T9279] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  423.105012][ T9279] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  423.116905][ T9279] F2FS-fs (loop2): invalid crc value
[  423.213919][ T9279] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  423.220994][ T9279] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  423.504156][ T5850] syz-executor: attempt to access beyond end of device
[  423.504156][ T5850] loop1: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  424.483104][ T5850] CPU: 1 UID: 0 PID: 5850 Comm: syz-executor Not tainted 6.16.0-rc5-next-20250708-syzkaller #0 PREEMPT(full) 
[  424.483131][ T5850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  424.483141][ T5850] Call Trace:
[  424.483149][ T5850]  <TASK>
[  424.483156][ T5850]  dump_stack_lvl+0x189/0x250
[  424.483186][ T5850]  ? __pfx_dump_stack_lvl+0x10/0x10
[  424.483204][ T5850]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  424.483228][ T5850]  ? __pfx_queue_work_on+0x10/0x10
[  424.483249][ T5850]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  424.483269][ T5850]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  424.483291][ T5850]  ? f2fs_hw_is_readonly+0x39b/0x470
[  424.483322][ T5850]  f2fs_handle_critical_error+0x37c/0x540
[  424.483355][ T5850]  f2fs_write_end_io+0x495/0x810
[  424.483372][ T5850]  ? blkg_put+0x22/0x240
[  424.483407][ T5850]  __submit_merged_bio+0x27a/0x6a0
[  424.483430][ T5850]  ? up_write+0x1c4/0x420
[  424.483456][ T5850]  __submit_merged_write_cond+0x44c/0x530
[  424.483490][ T5850]  f2fs_sync_node_pages+0x1869/0x1a00
[  424.483540][ T5850]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  424.483597][ T5850]  ? f2fs_write_checkpoint+0xe43/0x1df0
[  424.483622][ T5850]  ? up_write+0x1c4/0x420
[  424.483639][ T5850]  ? do_raw_spin_unlock+0x122/0x240
[  424.483665][ T5850]  f2fs_write_checkpoint+0xe6f/0x1df0
[  424.483714][ T5850]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  424.483776][ T5850]  ? try_to_wake_up+0x7e5/0x1290
[  424.483806][ T5850]  ? kill_f2fs_super+0x298/0x6c0
[  424.483832][ T5850]  kill_f2fs_super+0x2c3/0x6c0
[  424.483860][ T5850]  ? __pfx_kill_f2fs_super+0x10/0x10
[  424.483877][ T5850]  ? radix_tree_delete_item+0x2b6/0x400
[  424.483908][ T5850]  ? shrinker_free+0x2ce/0x3e0
[  424.483929][ T5850]  deactivate_locked_super+0xb9/0x130
[  424.483951][ T5850]  cleanup_mnt+0x425/0x4c0
[  424.483976][ T5850]  ? lockdep_hardirqs_on+0x9c/0x150
[  424.484001][ T5850]  task_work_run+0x1d4/0x260
[  424.484038][ T5850]  ? __pfx_task_work_run+0x10/0x10
[  424.484057][ T5850]  ? __x64_sys_umount+0x122/0x160
[  424.484083][ T5850]  ? exit_to_user_mode_loop+0x40/0x110
[  424.484111][ T5850]  exit_to_user_mode_loop+0xec/0x110
[  424.484136][ T5850]  do_syscall_64+0x2bd/0x3b0
[  424.484158][ T5850]  ? lockdep_hardirqs_on+0x9c/0x150
[  424.484180][ T5850]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  424.484197][ T5850]  ? clear_bhb_loop+0x60/0xb0
[  424.484219][ T5850]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  424.484236][ T5850] RIP: 0033:0x7f31c4d8fc57
[  424.484253][ T5850] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  424.484268][ T5850] RSP: 002b:00007fff41050f28 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  424.484287][ T5850] RAX: 0000000000000000 RBX: 00007f31c4e10925 RCX: 00007f31c4d8fc57
[  424.484299][ T5850] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff41050fe0
[  424.484310][ T5850] RBP: 00007fff41050fe0 R08: 0000000000000000 R09: 0000000000000000
[  424.484321][ T5850] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff41052070
[  424.484332][ T5850] R13: 00007f31c4e10925 R14: 0000000000067189 R15: 00007fff410520b0
[  424.484365][ T5850]  </TASK>
[  424.484443][ T5850] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  424.822139][   T30] audit: type=1800 audit(1752036353.332:207): pid=9285 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.774" name="file1" dev="loop2" ino=10 res=0 errno=0
[  425.217169][ T9288] loop4: detected capacity change from 0 to 4096
[  425.288831][ T9293] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  425.304455][ T9288] NILFS error (device loop4): nilfs_bmap_lookup_at_level: broken bmap (inode number=6)
[  425.352497][ T9288] NILFS (loop4): mounting fs with errors
[  425.460435][ T9294] SET target dimension over the limit!
[  425.472724][   T48] usb 4-1: new full-speed USB device number 11 using dummy_hcd
[  425.765478][   T48] usb 4-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  425.897775][   T48] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  426.012106][   T48] usb 4-1: config 0 descriptor??
[  426.027573][ T5858] syz-executor: attempt to access beyond end of device
[  426.027573][ T5858] loop2: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  426.072965][ T5858] CPU: 0 UID: 0 PID: 5858 Comm: syz-executor Not tainted 6.16.0-rc5-next-20250708-syzkaller #0 PREEMPT(full) 
[  426.072989][ T5858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  426.072999][ T5858] Call Trace:
[  426.073006][ T5858]  <TASK>
[  426.073013][ T5858]  dump_stack_lvl+0x189/0x250
[  426.073041][ T5858]  ? __pfx_dump_stack_lvl+0x10/0x10
[  426.073057][ T5858]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  426.073079][ T5858]  ? __pfx_queue_work_on+0x10/0x10
[  426.073098][ T5858]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  426.073118][ T5858]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  426.073140][ T5858]  ? f2fs_hw_is_readonly+0x39b/0x470
[  426.073172][ T5858]  f2fs_handle_critical_error+0x37c/0x540
[  426.073204][ T5858]  f2fs_write_end_io+0x495/0x810
[  426.073223][ T5858]  ? blkg_put+0x22/0x240
[  426.073257][ T5858]  __submit_merged_bio+0x27a/0x6a0
[  426.073281][ T5858]  ? up_write+0x1c4/0x420
[  426.073307][ T5858]  __submit_merged_write_cond+0x44c/0x530
[  426.073339][ T5858]  f2fs_sync_node_pages+0x1869/0x1a00
[  426.073387][ T5858]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  426.073445][ T5858]  ? f2fs_write_checkpoint+0xe43/0x1df0
[  426.073471][ T5858]  ? up_write+0x1c4/0x420
[  426.073488][ T5858]  ? do_raw_spin_unlock+0x122/0x240
[  426.073515][ T5858]  f2fs_write_checkpoint+0xe6f/0x1df0
[  426.073561][ T5858]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  426.073622][ T5858]  ? try_to_wake_up+0x7e5/0x1290
[  426.073649][ T5858]  ? kill_f2fs_super+0x298/0x6c0
[  426.073674][ T5858]  kill_f2fs_super+0x2c3/0x6c0
[  426.073701][ T5858]  ? __pfx_kill_f2fs_super+0x10/0x10
[  426.073719][ T5858]  ? radix_tree_delete_item+0x2b6/0x400
[  426.073750][ T5858]  ? shrinker_free+0x2ce/0x3e0
[  426.073770][ T5858]  deactivate_locked_super+0xb9/0x130
[  426.073792][ T5858]  cleanup_mnt+0x425/0x4c0
[  426.073816][ T5858]  ? lockdep_hardirqs_on+0x9c/0x150
[  426.073867][ T5858]  task_work_run+0x1d4/0x260
[  426.073895][ T5858]  ? __pfx_task_work_run+0x10/0x10
[  426.073915][ T5858]  ? __x64_sys_umount+0x122/0x160
[  426.073942][ T5858]  ? exit_to_user_mode_loop+0x40/0x110
[  426.073970][ T5858]  exit_to_user_mode_loop+0xec/0x110
[  426.073995][ T5858]  do_syscall_64+0x2bd/0x3b0
[  426.074017][ T5858]  ? lockdep_hardirqs_on+0x9c/0x150
[  426.074039][ T5858]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  426.074056][ T5858]  ? clear_bhb_loop+0x60/0xb0
[  426.074078][ T5858]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  426.074093][ T5858] RIP: 0033:0x7fa6c778fc57
[  426.074109][ T5858] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  426.074124][ T5858] RSP: 002b:00007ffe6e8cc358 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  426.074143][ T5858] RAX: 0000000000000000 RBX: 00007fa6c7810925 RCX: 00007fa6c778fc57
[  426.074155][ T5858] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe6e8cc410
[  426.074166][ T5858] RBP: 00007ffe6e8cc410 R08: 0000000000000000 R09: 0000000000000000
[  426.074176][ T5858] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe6e8cd4a0
[  426.074188][ T5858] R13: 00007fa6c7810925 R14: 0000000000067bca R15: 00007ffe6e8cd4e0
[  426.074220][ T5858]  </TASK>
[  426.074228][ T5858] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  426.137508][   T48] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  426.427859][   T48] gp8psk: usb in 128 operation failed.
[  426.650748][   T48] gp8psk: usb in 146 operation failed.
[  426.662253][   T48] gp8psk: failed to get FW version
[  426.730588][   T48] gp8psk: usb in 149 operation failed.
[  426.780272][ T9299] sp0: Synchronizing with TNC
[  426.795038][   T48] gp8psk: failed to get FPGA version
[  426.821965][   T48] gp8psk: usb in 138 operation failed.
[  426.936465][   T48] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  426.968667][   T48] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[  426.999745][   T48] usb 4-1: USB disconnect, device number 11
[  427.200071][ T9301] loop4: detected capacity change from 0 to 8
[  427.350298][ T9289] loop0: detected capacity change from 0 to 40427
[  427.380848][ T9289] F2FS-fs (loop0): heap/no_heap options were deprecated
[  427.405847][ T9289] F2FS-fs (loop0): build fault injection rate: 19
[  427.432017][ T9289] F2FS-fs (loop0): build fault injection type: 0x3bfe8c
[  427.513381][ T9289] F2FS-fs (loop0): invalid crc value
[  427.561281][ T9289] F2FS-fs (loop0): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970
[  427.562973][    T9] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  427.803052][    T9] usb 2-1: Using ep0 maxpacket: 8
[  427.826697][    T9] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 3
[  427.850166][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 7
[  427.885945][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[  427.886531][ T9289] F2FS-fs (loop0): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x20a/0x3f0
[  427.900408][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[  427.922264][    T9] usb 2-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  427.933295][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  428.025547][    T9] usb 2-1: config 0 descriptor??
[  428.031893][ T9303] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  428.050514][ T9303] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  428.704336][ T9315] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  429.533681][ T9306] loop3: detected capacity change from 0 to 32768
[  430.106719][ T9318] loop2: detected capacity change from 0 to 40427
[  430.128100][ T9318] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  430.135897][ T9318] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  430.156708][ T9318] F2FS-fs (loop2): invalid crc value
[  430.210558][ T9318] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  430.218632][ T9318] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  430.394545][    T9] usb 2-1: string descriptor 0 read error: -71
[  430.453949][    T9] usb 2-1: USB disconnect, device number 6
[  431.212785][   T30] audit: type=1800 audit(1752036360.272:208): pid=9325 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.785" name="file1" dev="loop2" ino=10 res=0 errno=0
[  432.685638][ T9331] sp0: Synchronizing with TNC
[  433.025813][ T9339] loop4: detected capacity change from 0 to 512
[  433.032989][ T9339] EXT4-fs: Ignoring removed orlov option
[  433.038640][ T9339] EXT4-fs: inline encryption not supported
[  433.044487][ T9339] EXT4-fs: Ignoring removed orlov option
[  433.385024][ T9339] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  433.674072][ T5858] syz-executor: attempt to access beyond end of device
[  433.674072][ T5858] loop2: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  433.712695][ T5858] CPU: 1 UID: 0 PID: 5858 Comm: syz-executor Not tainted 6.16.0-rc5-next-20250708-syzkaller #0 PREEMPT(full) 
[  433.712719][ T5858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  433.712730][ T5858] Call Trace:
[  433.712737][ T5858]  <TASK>
[  433.712745][ T5858]  dump_stack_lvl+0x189/0x250
[  433.712773][ T5858]  ? __pfx_dump_stack_lvl+0x10/0x10
[  433.712790][ T5858]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  433.712812][ T5858]  ? __pfx_queue_work_on+0x10/0x10
[  433.712833][ T5858]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  433.712853][ T5858]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  433.712877][ T5858]  ? f2fs_hw_is_readonly+0x39b/0x470
[  433.712908][ T5858]  f2fs_handle_critical_error+0x37c/0x540
[  433.712941][ T5858]  f2fs_write_end_io+0x495/0x810
[  433.712958][ T5858]  ? blkg_put+0x22/0x240
[  433.712993][ T5858]  __submit_merged_bio+0x27a/0x6a0
[  433.713017][ T5858]  ? up_write+0x1c4/0x420
[  433.713043][ T5858]  __submit_merged_write_cond+0x44c/0x530
[  433.713075][ T5858]  f2fs_sync_node_pages+0x1869/0x1a00
[  433.713125][ T5858]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  433.713182][ T5858]  ? f2fs_write_checkpoint+0xe43/0x1df0
[  433.713207][ T5858]  ? up_write+0x1c4/0x420
[  433.713223][ T5858]  ? do_raw_spin_unlock+0x122/0x240
[  433.713250][ T5858]  f2fs_write_checkpoint+0xe6f/0x1df0
[  433.713297][ T5858]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  433.713368][ T5858]  ? try_to_wake_up+0x7e5/0x1290
[  433.713396][ T5858]  ? kill_f2fs_super+0x298/0x6c0
[  433.713421][ T5858]  kill_f2fs_super+0x2c3/0x6c0
[  433.713449][ T5858]  ? __pfx_kill_f2fs_super+0x10/0x10
[  433.713466][ T5858]  ? radix_tree_delete_item+0x2b6/0x400
[  433.713496][ T5858]  ? shrinker_free+0x2ce/0x3e0
[  433.713516][ T5858]  deactivate_locked_super+0xb9/0x130
[  433.713535][ T5858]  cleanup_mnt+0x425/0x4c0
[  433.713559][ T5858]  ? lockdep_hardirqs_on+0x9c/0x150
[  433.713584][ T5858]  task_work_run+0x1d4/0x260
[  433.713610][ T5858]  ? __pfx_task_work_run+0x10/0x10
[  433.713630][ T5858]  ? __x64_sys_umount+0x122/0x160
[  433.713655][ T5858]  ? exit_to_user_mode_loop+0x40/0x110
[  433.713684][ T5858]  exit_to_user_mode_loop+0xec/0x110
[  433.713707][ T5858]  do_syscall_64+0x2bd/0x3b0
[  433.713732][ T5858]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  433.713748][ T5858]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  433.713763][ T5858]  ? clear_bhb_loop+0x60/0xb0
[  433.713785][ T5858]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  433.713801][ T5858] RIP: 0033:0x7fa6c778fc57
[  433.713817][ T5858] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  433.713831][ T5858] RSP: 002b:00007ffe6e8cc358 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  433.713850][ T5858] RAX: 0000000000000000 RBX: 00007fa6c7810925 RCX: 00007fa6c778fc57
[  433.713862][ T5858] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe6e8cc410
[  433.713873][ T5858] RBP: 00007ffe6e8cc410 R08: 0000000000000000 R09: 0000000000000000
[  433.713890][ T5858] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe6e8cd4a0
[  433.713902][ T5858] R13: 00007fa6c7810925 R14: 0000000000069693 R15: 00007ffe6e8cd4e0
[  433.713933][ T5858]  </TASK>
[  433.713940][ T5858] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  434.390190][ T9339] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.787: bg 0: block 64: padding at end of block bitmap is not set
[  434.406197][ T9339] Quota error (device loop4): write_blk: dquota write failed
[  434.415942][ T9339] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  434.425937][ T9339] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.787: Failed to acquire dquot type 0
[  434.442883][ T9339] EXT4-fs (loop4): 1 truncate cleaned up
[  434.450247][ T9339] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  435.089853][ T5854] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  435.578718][ T9355] sp0: Synchronizing with TNC
[  436.231477][ T9360] loop4: detected capacity change from 0 to 4096
[  436.284748][ T9362] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  436.294880][ T9360] NILFS error (device loop4): nilfs_bmap_lookup_at_level: broken bmap (inode number=6)
[  436.335737][ T9360] NILFS (loop4): mounting fs with errors
[  436.468848][ T9363] SET target dimension over the limit!
[  437.046516][ T9369] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  437.989082][ T9376] loop3: detected capacity change from 0 to 8
[  438.240667][ T9378] loop4: detected capacity change from 0 to 4096
[  438.426869][ T9382] loop0: detected capacity change from 0 to 40427
[  438.442494][ T9382] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  438.450294][ T9382] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  438.502310][ T9382] F2FS-fs (loop0): invalid crc value
[  438.563829][ T9378] NILFS error (device loop4): nilfs_bmap_lookup_at_level: broken bmap (inode number=6)
[  438.574207][ T9388] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  438.595371][ T9382] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  438.602412][ T9382] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  438.740680][ T9383] loop1: detected capacity change from 0 to 4096
[  439.552106][ T9378] NILFS (loop4): mounting fs with errors
[  439.574840][   T30] audit: type=1800 audit(1752036368.602:209): pid=9392 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.798" name="file1" dev="loop0" ino=10 res=0 errno=0
[  439.807230][ T9383] NILFS error (device loop1): nilfs_bmap_lookup_at_level: broken bmap (inode number=6)
[  439.820228][ T9394] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  439.935822][ T1306] ieee802154 phy0 wpan0: encryption failed: -22
[  440.133316][ T1306] ieee802154 phy1 wpan1: encryption failed: -22
[  440.146410][ T9383] NILFS (loop1): mounting fs with errors
[  440.253182][ T9395] SET target dimension over the limit!
[  440.916705][ T9399] SET target dimension over the limit!
[  441.302740][   T30] audit: type=1326 audit(1752036371.052:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9375 comm="syz.4.796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9992b8e929 code=0x7fc00000
[  441.330362][ T5859] syz-executor: attempt to access beyond end of device
[  441.330362][ T5859] loop0: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  441.448996][ T5859] CPU: 0 UID: 0 PID: 5859 Comm: syz-executor Not tainted 6.16.0-rc5-next-20250708-syzkaller #0 PREEMPT(full) 
[  441.449013][ T5859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  441.449019][ T5859] Call Trace:
[  441.449024][ T5859]  <TASK>
[  441.449028][ T5859]  dump_stack_lvl+0x189/0x250
[  441.449047][ T5859]  ? __pfx_dump_stack_lvl+0x10/0x10
[  441.449057][ T5859]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  441.449070][ T5859]  ? __pfx_queue_work_on+0x10/0x10
[  441.449082][ T5859]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  441.449094][ T5859]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  441.449107][ T5859]  ? f2fs_hw_is_readonly+0x39b/0x470
[  441.449126][ T5859]  f2fs_handle_critical_error+0x37c/0x540
[  441.449144][ T5859]  f2fs_write_end_io+0x495/0x810
[  441.449154][ T5859]  ? blkg_put+0x22/0x240
[  441.449173][ T5859]  __submit_merged_bio+0x27a/0x6a0
[  441.449186][ T5859]  ? up_write+0x1c4/0x420
[  441.449200][ T5859]  __submit_merged_write_cond+0x44c/0x530
[  441.449219][ T5859]  f2fs_sync_node_pages+0x1869/0x1a00
[  441.449245][ T5859]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  441.449275][ T5859]  ? f2fs_write_checkpoint+0xe43/0x1df0
[  441.449289][ T5859]  ? up_write+0x1c4/0x420
[  441.449298][ T5859]  ? do_raw_spin_unlock+0x122/0x240
[  441.449313][ T5859]  f2fs_write_checkpoint+0xe6f/0x1df0
[  441.449337][ T5859]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  441.449369][ T5859]  ? try_to_wake_up+0x7e5/0x1290
[  441.449385][ T5859]  ? kill_f2fs_super+0x298/0x6c0
[  441.449399][ T5859]  kill_f2fs_super+0x2c3/0x6c0
[  441.449413][ T5859]  ? __pfx_kill_f2fs_super+0x10/0x10
[  441.449422][ T5859]  ? radix_tree_delete_item+0x2b6/0x400
[  441.449439][ T5859]  ? shrinker_free+0x2ce/0x3e0
[  441.449450][ T5859]  deactivate_locked_super+0xb9/0x130
[  441.449462][ T5859]  cleanup_mnt+0x425/0x4c0
[  441.449476][ T5859]  ? lockdep_hardirqs_on+0x9c/0x150
[  441.449490][ T5859]  task_work_run+0x1d4/0x260
[  441.449505][ T5859]  ? __pfx_task_work_run+0x10/0x10
[  441.449516][ T5859]  ? __x64_sys_umount+0x122/0x160
[  441.449530][ T5859]  ? exit_to_user_mode_loop+0x40/0x110
[  441.449547][ T5859]  exit_to_user_mode_loop+0xec/0x110
[  441.449560][ T5859]  do_syscall_64+0x2bd/0x3b0
[  441.449573][ T5859]  ? lockdep_hardirqs_on+0x9c/0x150
[  441.449585][ T5859]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  441.449594][ T5859]  ? clear_bhb_loop+0x60/0xb0
[  441.449606][ T5859]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  441.449615][ T5859] RIP: 0033:0x7f6d5e18fc57
[  441.449625][ T5859] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  441.449633][ T5859] RSP: 002b:00007ffee67b35c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  441.449644][ T5859] RAX: 0000000000000000 RBX: 00007f6d5e210925 RCX: 00007f6d5e18fc57
[  441.449651][ T5859] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffee67b3680
[  441.449657][ T5859] RBP: 00007ffee67b3680 R08: 0000000000000000 R09: 0000000000000000
[  441.449663][ T5859] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffee67b4710
[  441.449670][ T5859] R13: 00007f6d5e210925 R14: 000000000006b723 R15: 00007ffee67b4750
[  441.449686][ T5859]  </TASK>
[  441.449690][ T5859] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  442.681852][ T9405] loop1: detected capacity change from 0 to 512
[  442.689108][ T9405] EXT4-fs: Ignoring removed orlov option
[  442.694812][ T9405] EXT4-fs: inline encryption not supported
[  442.700603][ T9405] EXT4-fs: Ignoring removed orlov option
[  442.709936][ T9405] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  442.851751][ T9405] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.802: bg 0: block 64: padding at end of block bitmap is not set
[  442.867827][ T9405] Quota error (device loop1): write_blk: dquota write failed
[  442.875371][ T9405] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  442.885346][ T9405] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.802: Failed to acquire dquot type 0
[  442.898212][ T9405] EXT4-fs (loop1): 1 truncate cleaned up
[  442.905675][ T9405] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  443.124296][ T5850] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  443.600419][ T9412] loop2: detected capacity change from 0 to 40427
[  443.619271][ T9412] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  443.631349][ T9412] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  443.655743][ T9412] F2FS-fs (loop2): invalid crc value
[  443.830757][ T9412] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  443.839053][ T9412] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  445.082846][   T30] audit: type=1800 audit(1752036373.912:211): pid=9424 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.804" name="file1" dev="loop2" ino=10 res=0 errno=0
[  445.541768][ T9416] sp0: Synchronizing with TNC
[  445.754411][ T9428] loop3: detected capacity change from 0 to 4096
[  445.824188][ T9431] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  445.824395][ T9428] NILFS error (device loop3): nilfs_bmap_lookup_at_level: broken bmap (inode number=6)
[  445.880103][ T9428] NILFS (loop3): mounting fs with errors
[  446.028303][ T9432] SET target dimension over the limit!
[  446.541395][ T5858] syz-executor: attempt to access beyond end of device
[  446.541395][ T5858] loop2: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  447.092816][ T5858] CPU: 0 UID: 0 PID: 5858 Comm: syz-executor Not tainted 6.16.0-rc5-next-20250708-syzkaller #0 PREEMPT(full) 
[  447.092841][ T5858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  447.092850][ T5858] Call Trace:
[  447.092857][ T5858]  <TASK>
[  447.092865][ T5858]  dump_stack_lvl+0x189/0x250
[  447.092895][ T5858]  ? __pfx_dump_stack_lvl+0x10/0x10
[  447.092913][ T5858]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  447.092935][ T5858]  ? __pfx_queue_work_on+0x10/0x10
[  447.092956][ T5858]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  447.092978][ T5858]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  447.093000][ T5858]  ? f2fs_hw_is_readonly+0x39b/0x470
[  447.093032][ T5858]  f2fs_handle_critical_error+0x37c/0x540
[  447.093064][ T5858]  f2fs_write_end_io+0x495/0x810
[  447.093081][ T5858]  ? blkg_put+0x22/0x240
[  447.093116][ T5858]  __submit_merged_bio+0x27a/0x6a0
[  447.093139][ T5858]  ? up_write+0x1c4/0x420
[  447.093165][ T5858]  __submit_merged_write_cond+0x44c/0x530
[  447.093199][ T5858]  f2fs_sync_node_pages+0x1869/0x1a00
[  447.093249][ T5858]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  447.093305][ T5858]  ? f2fs_write_checkpoint+0xe43/0x1df0
[  447.093331][ T5858]  ? up_write+0x1c4/0x420
[  447.093348][ T5858]  ? do_raw_spin_unlock+0x122/0x240
[  447.093376][ T5858]  f2fs_write_checkpoint+0xe6f/0x1df0
[  447.093423][ T5858]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  447.093493][ T5858]  ? try_to_wake_up+0x7e5/0x1290
[  447.093521][ T5858]  ? kill_f2fs_super+0x298/0x6c0
[  447.093548][ T5858]  kill_f2fs_super+0x2c3/0x6c0
[  447.093574][ T5858]  ? __pfx_kill_f2fs_super+0x10/0x10
[  447.093591][ T5858]  ? radix_tree_delete_item+0x2b6/0x400
[  447.093621][ T5858]  ? shrinker_free+0x2ce/0x3e0
[  447.093642][ T5858]  deactivate_locked_super+0xb9/0x130
[  447.093664][ T5858]  cleanup_mnt+0x425/0x4c0
[  447.093689][ T5858]  ? lockdep_hardirqs_on+0x9c/0x150
[  447.093715][ T5858]  task_work_run+0x1d4/0x260
[  447.093741][ T5858]  ? __pfx_task_work_run+0x10/0x10
[  447.093759][ T5858]  ? __x64_sys_umount+0x122/0x160
[  447.093786][ T5858]  ? exit_to_user_mode_loop+0x40/0x110
[  447.093815][ T5858]  exit_to_user_mode_loop+0xec/0x110
[  447.093839][ T5858]  do_syscall_64+0x2bd/0x3b0
[  447.093864][ T5858]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  447.093881][ T5858]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  447.093897][ T5858]  ? clear_bhb_loop+0x60/0xb0
[  447.093919][ T5858]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  447.093936][ T5858] RIP: 0033:0x7fa6c778fc57
[  447.093953][ T5858] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  447.093968][ T5858] RSP: 002b:00007ffe6e8cc358 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  447.093987][ T5858] RAX: 0000000000000000 RBX: 00007fa6c7810925 RCX: 00007fa6c778fc57
[  447.093999][ T5858] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe6e8cc410
[  447.094010][ T5858] RBP: 00007ffe6e8cc410 R08: 0000000000000000 R09: 0000000000000000
[  447.094021][ T5858] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe6e8cd4a0
[  447.094033][ T5858] R13: 00007fa6c7810925 R14: 000000000006cbba R15: 00007ffe6e8cd4e0
[  447.094066][ T5858]  </TASK>
[  447.094073][ T5858] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  448.339140][ T9442] loop4: detected capacity change from 0 to 4096
[  448.676619][ T9442] NILFS error (device loop4): nilfs_bmap_lookup_at_level: broken bmap (inode number=6)
[  448.687079][ T9445] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  448.714797][ T9442] NILFS (loop4): mounting fs with errors
[  448.737405][ T9442] SET target dimension over the limit!
[  450.154971][ T9464] loop0: detected capacity change from 0 to 8
[  450.369236][ T9468] loop2: detected capacity change from 0 to 8
[  451.141513][ T9473] loop1: detected capacity change from 0 to 40427
[  451.162391][ T9473] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  451.170160][ T9473] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  451.220336][ T9473] F2FS-fs (loop1): invalid crc value
[  451.300121][ T9473] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  451.307270][ T9473] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  452.657558][   T30] audit: type=1800 audit(1752036381.302:212): pid=9482 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.820" name="file1" dev="loop1" ino=10 res=0 errno=0
[  454.104341][ T5850] syz-executor: attempt to access beyond end of device
[  454.104341][ T5850] loop1: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  454.152860][ T5850] CPU: 0 UID: 0 PID: 5850 Comm: syz-executor Not tainted 6.16.0-rc5-next-20250708-syzkaller #0 PREEMPT(full) 
[  454.152886][ T5850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  454.152897][ T5850] Call Trace:
[  454.152904][ T5850]  <TASK>
[  454.152911][ T5850]  dump_stack_lvl+0x189/0x250
[  454.152940][ T5850]  ? __pfx_dump_stack_lvl+0x10/0x10
[  454.152957][ T5850]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  454.152980][ T5850]  ? __pfx_queue_work_on+0x10/0x10
[  454.153011][ T5850]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  454.153033][ T5850]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  454.153055][ T5850]  ? f2fs_hw_is_readonly+0x39b/0x470
[  454.153087][ T5850]  f2fs_handle_critical_error+0x37c/0x540
[  454.153120][ T5850]  f2fs_write_end_io+0x495/0x810
[  454.153138][ T5850]  ? blkg_put+0x22/0x240
[  454.153174][ T5850]  __submit_merged_bio+0x27a/0x6a0
[  454.153197][ T5850]  ? up_write+0x1c4/0x420
[  454.153223][ T5850]  __submit_merged_write_cond+0x44c/0x530
[  454.153256][ T5850]  f2fs_sync_node_pages+0x1869/0x1a00
[  454.153305][ T5850]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  454.153362][ T5850]  ? f2fs_write_checkpoint+0xe43/0x1df0
[  454.153387][ T5850]  ? up_write+0x1c4/0x420
[  454.153404][ T5850]  ? do_raw_spin_unlock+0x122/0x240
[  454.153430][ T5850]  f2fs_write_checkpoint+0xe6f/0x1df0
[  454.153477][ T5850]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  454.153540][ T5850]  ? try_to_wake_up+0x81b/0x1290
[  454.153569][ T5850]  ? kill_f2fs_super+0x298/0x6c0
[  454.153595][ T5850]  kill_f2fs_super+0x2c3/0x6c0
[  454.153621][ T5850]  ? __pfx_kill_f2fs_super+0x10/0x10
[  454.153637][ T5850]  ? radix_tree_delete_item+0x2b6/0x400
[  454.153669][ T5850]  ? shrinker_free+0x2ce/0x3e0
[  454.153690][ T5850]  deactivate_locked_super+0xb9/0x130
[  454.153711][ T5850]  cleanup_mnt+0x425/0x4c0
[  454.153736][ T5850]  ? lockdep_hardirqs_on+0x9c/0x150
[  454.153761][ T5850]  task_work_run+0x1d4/0x260
[  454.153787][ T5850]  ? __pfx_task_work_run+0x10/0x10
[  454.153806][ T5850]  ? __x64_sys_umount+0x122/0x160
[  454.153833][ T5850]  ? schedule+0x16f/0x360
[  454.153856][ T5850]  exit_to_user_mode_loop+0xec/0x110
[  454.153881][ T5850]  do_syscall_64+0x2bd/0x3b0
[  454.153906][ T5850]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  454.153922][ T5850]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  454.153938][ T5850]  ? clear_bhb_loop+0x60/0xb0
[  454.153960][ T5850]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  454.153976][ T5850] RIP: 0033:0x7f31c4d8fc57
[  454.153993][ T5850] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  454.154013][ T5850] RSP: 002b:00007fff41050f28 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  454.154032][ T5850] RAX: 0000000000000000 RBX: 00007f31c4e10925 RCX: 00007f31c4d8fc57
[  454.154045][ T5850] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff41050fe0
[  454.154055][ T5850] RBP: 00007fff41050fe0 R08: 0000000000000000 R09: 0000000000000000
[  454.154066][ T5850] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff41052070
[  454.154078][ T5850] R13: 00007f31c4e10925 R14: 000000000006e871 R15: 00007fff410520b0
[  454.154110][ T5850]  </TASK>
[  454.154144][ T5850] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  455.463914][ T9512] loop0: detected capacity change from 0 to 512
[  455.473879][ T9512] EXT4-fs: Ignoring removed orlov option
[  455.479596][ T9512] EXT4-fs: inline encryption not supported
[  455.485543][ T9512] EXT4-fs: Ignoring removed orlov option
[  456.071853][ T9512] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  456.152456][ T9512] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.832: bg 0: block 64: padding at end of block bitmap is not set
[  456.170833][ T9512] Quota error (device loop0): write_blk: dquota write failed
[  456.178416][ T9512] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  456.188406][ T9512] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.832: Failed to acquire dquot type 0
[  456.209038][ T9512] EXT4-fs (loop0): 1 truncate cleaned up
[  456.217761][ T9512] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  456.395085][ T5859] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  456.589440][ T9503] loop3: detected capacity change from 0 to 32768
[  456.973033][ T9528] loop3: detected capacity change from 0 to 8
[  457.022682][ T5997] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  457.182724][ T5997] usb 5-1: Using ep0 maxpacket: 8
[  457.206353][ T5997] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 3
[  457.245739][ T5997] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 7
[  457.276822][ T5997] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[  457.312029][ T5997] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[  457.699571][ T5997] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  458.106219][ T5997] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  458.137711][ T5997] usb 5-1: config 0 descriptor??
[  458.161283][ T9525] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  458.181187][ T9525] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  458.307388][ T9520] loop0: detected capacity change from 0 to 40427
[  458.328976][ T9520] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  458.349862][ T9520] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  458.372145][ T9520] F2FS-fs (loop0): invalid crc value
[  458.612291][ T9520] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  458.623329][ T9520] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  458.653385][ T9537] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  459.018690][ T9540] loop2: detected capacity change from 0 to 512
[  459.053840][ T9540] EXT4-fs (loop2): orphan cleanup on readonly fs
[  459.190842][ T9540] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.837: bg 0: block 248: padding at end of block bitmap is not set
[  459.672775][ T9540] Quota error (device loop2): write_blk: dquota write failed
[  459.680273][ T9540] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  459.699654][ T9540] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.837: Failed to acquire dquot type 1
[  459.756725][ T9540] EXT4-fs (loop2): 1 truncate cleaned up
[  459.856325][ T9540] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  460.250170][ T5997] usb 5-1: string descriptor 0 read error: -71
[  460.657359][ T5997] usb 5-1: USB disconnect, device number 11
[  460.804178][ T5858] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  461.096620][ T9557] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  461.356937][ T9555] sp0: Synchronizing with TNC
[  461.922867][   T48] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  462.126688][   T48] usb 3-1: Using ep0 maxpacket: 16
[  462.156116][   T48] usb 3-1: config 132 has an invalid interface number: 4 but max is 0
[  462.167084][   T48] usb 3-1: config 132 has no interface number 0
[  462.191754][   T48] usb 3-1: New USB device found, idVendor=34ef, idProduct=202b, bcdDevice=36.09
[  462.215696][   T48] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  462.235239][   T48] usb 3-1: Product: syz
[  462.239411][   T48] usb 3-1: Manufacturer: syz
[  462.254358][   T48] usb 3-1: SerialNumber: syz
[  462.462759][ T5997] usb 5-1: new full-speed USB device number 12 using dummy_hcd
[  462.632544][ T9566] loop3: detected capacity change from 0 to 32768
[  462.716332][ T9566] ocfs2: Mounting device (7,3) on (node local, slot 0) with writeback data mode.
[  462.800398][ T5997] usb 5-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  463.334147][   T30] audit: type=1800 audit(1752036393.022:213): pid=9566 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.846" name="file1" dev="loop3" ino=17059 res=0 errno=0
[  463.406513][ T5997] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  463.418774][ T5997] usb 5-1: config 0 descriptor??
[  463.427346][ T5997] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  463.479398][ T9579] loop0: detected capacity change from 0 to 32768
[  463.518036][ T9579] (syz.0.843,9579,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  463.575125][ T9579] (syz.0.843,9579,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  463.627946][ T5997] gp8psk: usb in 128 operation failed.
[  463.646876][ T9579] JBD2: Ignoring recovery information on journal
[  463.732283][ T9579] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  463.754157][ T5916] usb 4-1: new full-speed USB device number 12 using dummy_hcd
[  463.908006][ T9592] loop1: detected capacity change from 0 to 512
[  463.918964][ T9592] EXT4-fs: Ignoring removed orlov option
[  463.924825][ T9592] EXT4-fs: inline encryption not supported
[  463.930809][ T9592] EXT4-fs: Ignoring removed orlov option
[  464.012093][ T9592] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  464.083025][ T9570] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  464.224543][ T9592] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.851: bg 0: block 64: padding at end of block bitmap is not set
[  464.267702][ T9592] Quota error (device loop1): write_blk: dquota write failed
[  464.275851][ T9592] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  464.286298][ T9592] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.851: Failed to acquire dquot type 0
[  464.325095][ T9592] EXT4-fs (loop1): 1 truncate cleaned up
[  464.346499][ T9592] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  464.413231][ T9570] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  464.595232][ T5997] gp8psk: usb in 146 operation failed.
[  464.600807][ T5997] gp8psk: failed to get FW version
[  464.708436][   T48] usb 3-1: USB disconnect, device number 7
[  464.744428][ T5997] gp8psk: usb in 149 operation failed.
[  464.766936][ T5997] gp8psk: failed to get FPGA version
[  464.786638][ T5997] gp8psk: usb in 138 operation failed.
[  464.792138][ T5997] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  464.838046][ T9584] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  464.860000][ T5997] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[  464.869012][ T5850] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  464.894934][ T9584] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  464.932919][ T5997] usb 5-1: USB disconnect, device number 12
[  465.117062][ T9292] Buffer I/O error on dev loop0, logical block 32760, async page read
[  465.159964][ T9292] Buffer I/O error on dev loop0, logical block 32761, async page read
[  465.185164][ T9590] ------------[ cut here ]------------
[  465.190715][ T9590] WARNING: fs/buffer.c:1125 at bdev_getblk+0x580/0x660, CPU#1: jbd2/loop0-29/9590
[  465.200456][ T9590] Modules linked in:
[  465.204835][ T9590] CPU: 1 UID: 0 PID: 9590 Comm: jbd2/loop0-29 Not tainted 6.16.0-rc5-next-20250708-syzkaller #0 PREEMPT(full) 
[  465.207442][ T9292] Buffer I/O error on dev loop0, logical block 32762, async page read
[  465.217050][ T9590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  465.235652][ T9590] RIP: 0010:bdev_getblk+0x580/0x660
[  465.240867][ T9590] Code: 26 fb ff ff e8 61 ef 78 ff 48 c7 c7 a0 fc 99 8b 48 c7 c6 29 0b a0 8d 4c 89 fa 4c 89 e9 e8 48 e1 e0 fe eb bd e8 41 ef 78 ff 90 <0f> 0b 90 48 b8 00 00 00 00 00 fc ff df 41 80 3c 07 00 74 08 48 89
[  465.260531][  T982] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  465.270778][ T9590] RSP: 0018:ffffc9001b687658 EFLAGS: 00010293
[  465.277197][ T9590] RAX: ffffffff8246bcef RBX: ffff888022e6c518 RCX: ffff8880309a9e00
[  465.285483][ T9590] RDX: 0000000000000000 RSI: 0000000000000200 RDI: 0000000000000000
[  465.293816][ T9590] RBP: 0000000000000200 R08: 0000000000000000 R09: ffffffff8216f34d
[  465.295162][ T9292] Buffer I/O error on dev loop0, logical block 32763, async page read
[  465.301784][ T9590] R10: 0000000000000406 R11: 0000000000000000 R12: ffff888022e6c538
[  465.301801][ T9590] R13: ffff888022e6c500 R14: 0000000000000200 R15: 1ffff110045cd8a3
[  465.301815][ T9590] FS:  0000000000000000(0000) GS:ffff888125cd7000(0000) knlGS:0000000000000000
[  465.337907][ T9590] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  465.346018][ T9590] CR2: 00007ffee67b2e18 CR3: 0000000011662000 CR4: 00000000003526f0
[  465.355326][ T9590] Call Trace:
[  465.358614][ T9590]  <TASK>
[  465.361559][ T9590]  jbd2_journal_get_descriptor_buffer+0x147/0x420
[  465.368367][ T9590]  journal_submit_commit_record+0xec/0x8b0
[  465.374503][ T9590]  ? __pfx_journal_submit_commit_record+0x10/0x10
[  465.381226][ T9590]  jbd2_journal_commit_transaction+0x2c6f/0x5a00
[  465.387654][ T9590]  ? __pfx_jbd2_journal_commit_transaction+0x10/0x10
[  465.394381][ T9590]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  465.400749][ T9590]  ? rcu_is_watching+0x15/0xb0
[  465.405563][ T9590]  ? __try_to_del_timer_sync+0x34a/0x3a0
[  465.410960][ T9292] Buffer I/O error on dev loop0, logical block 32764, async page read
[  465.419405][ T9590]  ? __pfx___timer_delete_sync+0x10/0x10
[  465.419448][ T9590]  kjournald2+0x3cf/0x750
[  465.419483][ T9590]  ? __pfx_kjournald2+0x10/0x10
[  465.419501][ T9590]  ? __pfx_autoremove_wake_function+0x10/0x10
[  465.441495][ T9590]  ? __kthread_parkme+0x7b/0x200
[  465.447319][ T9590]  ? __kthread_parkme+0x1a1/0x200
[  465.452392][ T9590]  kthread+0x711/0x8a0
[  465.456778][ T9590]  ? __pfx_kjournald2+0x10/0x10
[  465.461658][ T9590]  ? __pfx_kthread+0x10/0x10
[  465.462823][  T982] usb 2-1: Using ep0 maxpacket: 8
[  465.466335][ T9590]  ? _raw_spin_unlock_irq+0x23/0x50
[  465.473694][ T9292] Buffer I/O error on dev loop0, logical block 32765, async page read
[  465.476547][ T9590]  ? lockdep_hardirqs_on+0x9c/0x150
[  465.489903][ T9590]  ? __pfx_kthread+0x10/0x10
[  465.492366][  T982] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 3
[  465.494632][ T9590]  ret_from_fork+0x3fc/0x770
[  465.494658][ T9590]  ? __pfx_ret_from_fork+0x10/0x10
[  465.494683][ T9590]  ? __switch_to_asm+0x39/0x70
[  465.518895][ T9590]  ? __switch_to_asm+0x33/0x70
[  465.523782][ T9590]  ? __pfx_kthread+0x10/0x10
[  465.528413][ T9590]  ret_from_fork_asm+0x1a/0x30
[  465.533384][ T9590]  </TASK>
[  465.536440][ T9590] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  465.543719][ T9590] CPU: 1 UID: 0 PID: 9590 Comm: jbd2/loop0-29 Not tainted 6.16.0-rc5-next-20250708-syzkaller #0 PREEMPT(full) 
[  465.555431][ T9590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  465.565481][ T9590] Call Trace:
[  465.568751][ T9590]  <TASK>
[  465.571668][ T9590]  dump_stack_lvl+0x99/0x250
[  465.576246][ T9590]  ? __asan_memcpy+0x40/0x70
[  465.580826][ T9590]  ? __pfx_dump_stack_lvl+0x10/0x10
[  465.586011][ T9590]  ? __pfx__printk+0x10/0x10
[  465.590597][ T9590]  panic+0x2e2/0x7b0
[  465.594482][ T9590]  ? __pfx_panic+0x10/0x10
[  465.598902][ T9590]  ? ret_from_fork_asm+0x1a/0x30
[  465.603930][ T9590]  __warn+0x334/0x4c0
[  465.607914][ T9590]  ? bdev_getblk+0x580/0x660
[  465.612501][ T9590]  ? bdev_getblk+0x580/0x660
[  465.617079][ T9590]  report_bug+0x2be/0x4f0
[  465.621400][ T9590]  ? bdev_getblk+0x580/0x660
[  465.625977][ T9590]  ? bdev_getblk+0x580/0x660
[  465.630559][ T9590]  ? bdev_getblk+0x582/0x660
[  465.635144][ T9590]  handle_bug+0x84/0x160
[  465.639372][ T9590]  exc_invalid_op+0x1a/0x50
[  465.643858][ T9590]  asm_exc_invalid_op+0x1a/0x20
[  465.648692][ T9590] RIP: 0010:bdev_getblk+0x580/0x660
[  465.653881][ T9590] Code: 26 fb ff ff e8 61 ef 78 ff 48 c7 c7 a0 fc 99 8b 48 c7 c6 29 0b a0 8d 4c 89 fa 4c 89 e9 e8 48 e1 e0 fe eb bd e8 41 ef 78 ff 90 <0f> 0b 90 48 b8 00 00 00 00 00 fc ff df 41 80 3c 07 00 74 08 48 89
[  465.673476][ T9590] RSP: 0018:ffffc9001b687658 EFLAGS: 00010293
[  465.679533][ T9590] RAX: ffffffff8246bcef RBX: ffff888022e6c518 RCX: ffff8880309a9e00
[  465.687517][ T9590] RDX: 0000000000000000 RSI: 0000000000000200 RDI: 0000000000000000
[  465.695572][ T9590] RBP: 0000000000000200 R08: 0000000000000000 R09: ffffffff8216f34d
[  465.703534][ T9590] R10: 0000000000000406 R11: 0000000000000000 R12: ffff888022e6c538
[  465.711488][ T9590] R13: ffff888022e6c500 R14: 0000000000000200 R15: 1ffff110045cd8a3
[  465.719458][ T9590]  ? fs_reclaim_acquire+0x7d/0x100
[  465.724570][ T9590]  ? bdev_getblk+0x57f/0x660
[  465.729159][ T9590]  ? bdev_getblk+0x57f/0x660
[  465.733743][ T9590]  jbd2_journal_get_descriptor_buffer+0x147/0x420
[  465.740157][ T9590]  journal_submit_commit_record+0xec/0x8b0
[  465.745968][ T9590]  ? __pfx_journal_submit_commit_record+0x10/0x10
[  465.752380][ T9590]  jbd2_journal_commit_transaction+0x2c6f/0x5a00
[  465.758724][ T9590]  ? __pfx_jbd2_journal_commit_transaction+0x10/0x10
[  465.765398][ T9590]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  465.771717][ T9590]  ? rcu_is_watching+0x15/0xb0
[  465.776471][ T9590]  ? __try_to_del_timer_sync+0x34a/0x3a0
[  465.782101][ T9590]  ? __pfx___timer_delete_sync+0x10/0x10
[  465.787736][ T9590]  kjournald2+0x3cf/0x750
[  465.792075][ T9590]  ? __pfx_kjournald2+0x10/0x10
[  465.796911][ T9590]  ? __pfx_autoremove_wake_function+0x10/0x10
[  465.802967][ T9590]  ? __kthread_parkme+0x7b/0x200
[  465.807889][ T9590]  ? __kthread_parkme+0x1a1/0x200
[  465.812905][ T9590]  kthread+0x711/0x8a0
[  465.816965][ T9590]  ? __pfx_kjournald2+0x10/0x10
[  465.821793][ T9590]  ? __pfx_kthread+0x10/0x10
[  465.826373][ T9590]  ? _raw_spin_unlock_irq+0x23/0x50
[  465.831569][ T9590]  ? lockdep_hardirqs_on+0x9c/0x150
[  465.836754][ T9590]  ? __pfx_kthread+0x10/0x10
[  465.841330][ T9590]  ret_from_fork+0x3fc/0x770
[  465.845915][ T9590]  ? __pfx_ret_from_fork+0x10/0x10
[  465.851016][ T9590]  ? __switch_to_asm+0x39/0x70
[  465.855769][ T9590]  ? __switch_to_asm+0x33/0x70
[  465.860524][ T9590]  ? __pfx_kthread+0x10/0x10
[  465.865103][ T9590]  ret_from_fork_asm+0x1a/0x30
[  465.869868][ T9590]  </TASK>
[  465.873094][ T9590] Kernel Offset: disabled
[  465.877400][ T9590] Rebooting in 86400 seconds..