last executing test programs:

12m22.793079931s ago: executing program 4 (id=25):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300))
socketpair$unix(0x1, 0x3, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7)
r1 = getpid()
r2 = syz_pidfd_open(r1, 0x0)
pidfd_getfd(r2, r2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
io_uring_enter(0xffffffffffffffff, 0x64f5, 0x90f4, 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{}, 0x0, 0x0}, 0x20)

12m21.709787286s ago: executing program 4 (id=27):
syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000180)='./file1\x00', 0x804000, &(0x7f0000000f00)=ANY=[@ANYBLOB="6c617374626c6f636b3d30303030303030303030303030303030303030302c756d61736b3d30303030303030303030303030303030303030303030302c756e64656c6574652c6c6f6e6761642c73686f727461642c7569643d666f726765742c756e64656c6574652c696f636861727365743d757466382c73686f727461642c696f636861727365743d64656661756c742c7569643d666f726765742c6e6f7374726963742c73657373696f6e3d30303030303030303030303030303030303030302c706172746974696f6e3d30303030303030303030303030303030303030362c00b2e01f5c0b5c8fb2623d8f888e41dfceb3ecf959d23d90b071660660b17884bd109d37086024cf83fa"], 0x2, 0xc2d, &(0x7f00000001c0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x275a, 0x0)
modify_ldt$write(0x1, &(0x7f0000000a40)={0x476, 0x20000000, 0x1000, 0x0, 0x1, 0x0, 0x1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x80008000, 0x0, 0x0, 0x0, 0x0, 0x0)

12m14.922087521s ago: executing program 4 (id=41):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000000080)='./file1\x00', 0x4000, &(0x7f0000000040)=ANY=[], 0xff, 0x60c0, &(0x7f000000d800)="$eJzs3U1vHVf9B/DfffC147RpVP1V5R+xcFMeWkrznEB5asqCBSxAQl2TyHWrlBRQEhCtIuLKC8QGeAmw6YZFJV4BL6CvASGxJVLSVReUQWOf44xvrn3tJp659vl8pJuZ35w7vmfyveOZ65m5EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA/OD7PznXi4irv04Tjkc8FYOIfsSRul6KeuRKfv4wIk7EenM8FxGD+Yh6/vV/nom4GBEfH4u4/+DOcj35/C77cens7Zuf/fB7//jdH9dOvPPmTz8cb//x/1346Pd3I47/6NWPPrv7ZJYdAAAASlFVVdVLH/NPps/3/a47BQC0Im//qyRPV6vVavUTrf/Q38vznzradX/Vh7Ruqia72ywiYrU5T73P4HA8ABwwq/Fp112gQ/Iv2jAijnbdCWCm9bruAPvi/oM7y72Ub6+5PVjaaM9/p9yS/2pv8/qO7YbTjJ9j0tb7ay0G8ew2/TnSUh9mSc6/P57/1Y32UXrefufflu3yH21c+lScnP9gPP8xW/L/U0Qc2Pz7E/MvVc5/uJf8VwcHeP2XPwAAAAAAh1/++//xjo//zj/+ouzKTsd/l1rqAwAAAAAAAAA8aY97/79N7v8HAAAAM6v+rF7787GH07b7LrZ6+hu9iKfHng8UZqnx5YAAAAAAAAAAAAAAQDuGEYvpvP65iHh6cbGqqvrRNF7v1ePOf9CVvvxQsq5/yQMAwIaPj41dy9+LWIiIN9J3/c0tLi5W1VxELFZH5vP+7Gh+oTrS+Fybh/W0+dEudoiHo6r+YQuN+ZqmfV6e1j7+8+rXGlWDXXSsHR0GDgARsbE1um+LdMhU1TPR9V4OB4P1//Cx/rMbXb9PAQAAgP1XVVXVS1/nfTId8+933SkAoBV5+z9+XECtVquLqT/ZmDgz/VGr97Fuqia72ywiYrU5T73P4Hb8AHDArManXXeBDsm/aMOIONF1J4CZ1uu6A+yL+w/uLPdSvr3m9mBpoz2fC7Il/9Xe+nx5/knDacbPMWnr/bUWg3h2m/4811IfZknOvz+e/9WN9nyL/818FvYn/7Zsl3+9nMc76E/Xcv6D8fzH7Pf635a16E/Mv1Q5/+Ge8h/IHwAAAAAAZlj++/9xx3/zIgMAAAAAAADAgXP/wZ3lfN1rPv7/hQnP6zXHXP95aOT8e7vO3/W/h0nOvz+e/9gJOYPG+L3XH+b/yYM7yx/e/vf/5+HM5z83GNWvPdfrD4bpnJ9q7q24HjdiJc4+8vzhlvZzj7TPbWk/P6X9wiPto7r9SG4/Hcvxi7gRb262z085MWphSns1pT3nP7D+FynnP2w86vwXU3tvbFi790H/kfW+OZz0Olf++p8vP7p2tWG4pVqLweayNRyr/znVWp8eWv8/OTqKX91auXn6N9du3755LtJgy9TzkQZPWM5/Lj1y/i++sNGef+8319d7H4z2nP+sWIvhpPzX398vNMbr5X2p5b51Iec/So+cf94CTV7/D3L+E9f/9eV7uYP+AAAAAAAAAAAAAAAAwE6qqlq/RPRKRFxO1/90dW0mANCuvP2vkjxdre6g/tffZqs/arVavbXuzVh/PkfdVE32WrOIiL8356n3GX476YcBALPsvxHxz647QWfkX7D8fX/18ItddwZo1a333v/ZtRs3Vm7e6ronAAAAAAAAAMDnle//udS4//P6eUBj943ecv/X12PpwN7/sz8arN/rPC3Q87Hz/b9Pxc73/x5Oeb25Ke2jKe3zU9oXprRPvNCjIef/fMo4538yLVhJ9399sYP+dC3nfyrd6znn/5Wx5zXzr/5ykPPvb8n/zO13f3nm1nvvv3L93Wtvr7y98vNzZy9fvHDp4oVLl868df3GytmNfzvs8f7K+ed7XzsPtCw5/5y5/MuS8/9SquVflpT/5m6o/MuS1/+8vyf/suT882cf+Zcl5/9SquVflpz/V1Mt/7Lk/F9OtfzLkvP/WqrlX5ac/yupln9Zcv6nUy3/suT8z6Ra/mXJ+ecjXPIvS84/n9kg/7Lk/M+nWv5lyflfSLX8y5Lzv5hq+Zcl538p1fIvS87/cqrlX5ac/9dTLf+y5Py/kWr5lyXn/2qq5V+WnP83Uy3/suT8v5Vq+Zcl5//tVO+U/zst9ot25Py/k2rrf1ly/t9NtfzLkvN/LdXyL8vD7/83sueRxdnoRpsjVRUxA90wsu8jXf9mAgAAAAAAAAAAAADGtXE6cdfLCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwP/YgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRX27jVGrrO+H/izV6+TQPwnIYQQiO1cMGST3fUtMcFgrv809JIGQksLdYy9dgy+1buGBKFmaWgLAqmR2hf0RSkgQEhtlahCKpUoilSk9k1VXhVFlVArIdWVoDIRVKICtjpznufZmdnZmV3vrj1zzueD4p+9M2fmmTNnZve76DsHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABotuNts380FEIo/mv8sS2E64q/bw2Hin8u7L/aKwQAAADW6+eNP//q+vyFQ6vYqOk6//iaf/n64uLiYvjgixd/8SeLi/mC7SGMbAmhcVnyTz/9yWLzdaKnw8TQcNO/h3vc/UiPy0d7XD7W4/LxHpdv6XH5RI/Ll+2AZbaWv49p3Ngdjb9uK3dpuDGMNS67o8NWTw9tGR5Ov8tpGGpsszh2PJwMp8JsmF62zVDjfyF8c0dxXw+GdF/DTfd1awjh0o8+fjStYSju4ztCy501ND93P3xL2P7ijz5+9KvzP3hlp9lzNyxbaQi7dhbr/GQIS7+uCkNhS94naZ3DTeu8tcM6R1rWOdTYrvh7+zovrXKd6XFPxHV+p8s6b41fe+L2EMJCWPE67Z4Ow+GatnvN+3uiPCKK2yieypeF0TUdJztWcZwU23z/9tbjpP2YTPt/R9wnoyusofnp+OEnxpft98s9TopH3Q/HanHbDxd3OjHR/KvVlmO1uM7H71z5GOj43HU4BvKx3HQM7Ox1DAyPjzSOgeGlNe9sOQZmlm0zHIYa93Xxzu7HwNT86XNTc09+7J6Tp4+cmD0xe2Zmev/ePfv27tm3b+r4yVOz0+Wfa9ulA+SaMJyPwZ3xvSYdg69tu27zIbn4xY17HUz0yeugeOzvuatY0HXDYYVjvLjOJ3et/3WQv+83vQ5Gm14HHd9TO7wORlfxOiiuc2nX6r5njjb912kNm/VeuK3pGLia3w+L+3z/61Z+L7w1rutTr1/r98ORZcdAelhD8bVXfCX/vDdxf9wvy4+LW4oLrh0PF+Zmz9/7xJH5+fMzIY4r4oam56r9eLmm6TGFZcfL8JqPl0N/+bO7bunw9W1xX03cvfRcjXd4Horr7J3s/lw13t0778+Wr+4OcWywK70/O303K/ZnzhJdjv3iOp+8Z/0/C+Zc0vT+N9br/W9kbLR8/xvJe2Os5f1v+VMz0lhZCJfuWd3731j870q//93YJ+9/xb56/73dj4HiOp+aWusxMNr1/e/2OIfiel4XE8NEU+7/RePyhfIwbXouex43o6Nj8bgZTffYetzsWbZNcWvFfe+avrzjZtftrc9Vy88tFTxuin31p9Pdj5viOs/PrP+9Y2v6a9N7x3ivY2BsZLxY71g+CMr3u8Wt6Ri4NxwNZ8OpcCxvUzzLxX1N7l7dMTAe/7vS7x0398kxUOyrz+3ufgwU1/n2no392WlX/Eq+TtPPTu2/X1gp898yunR77bttozN/sc637+3+u6HiOj/Yu9ac0X0/3R2/cm2H/dT++lnpmD4Wrsx+ujmu89S+7r+bKq5z4/5VHk+HQggvzLzQ+H1X/P3u31z416+3/N630++UX5h54aGpR767lvUDAHD5ftH4c2G8/Fmz6f+xXs3//w8AAAAMhJT7h+PM5H8AAACojJT7R+LM5H8AAACojJT7R+PMapL/H7//wLM/fyrkTwNcjNLlaTc8/KbyeqnjvRD/vX1xSfH1t3557NlPP7W6+x4OIfzsoVd1vP7jb0rrKp1L63xD69eXufm2Vd3/Y48uXa/58xMuHShvPz2e1R4Gqav8zandjdvd/uRMYz7/UGjMRxY+9XR5++W/0/Uv7imv/+fxQ0sOHR9q2X5XXM8dcW6Pnynz8KGl/VDMtN2zt77mH25479L9pe2Gdr608TA/93vl7abPiHrmhvL66XGvtP6//8zXni2u/8Sdndf/1HDn9V+Mt/v9OH96sLx+8z7/dNP6/yCuP91f2u7eL32r4/qfe0V5/eficfGFONvX/5Y/fvXPOz1f6X4OPVBul+5/+n/2NrZLt5duv339E0/NtOyP9tt//sXydg5+5McjzddPX0/3kzz2QOvxPRSf35YeeQjha38YWvZzeGO53d+1rT/d3rkHOq//7rZ1nhu6rbH90uPZ1vK4Pv+V3R0fb1rPob/e1vJ4nnlH3H8vTn27uN2Lj8TjMV7+v98pb6/9s0yfe0fr+026/he2la/bdHtTbet/pm39C7cV+673+h98sVz/c2/e0rL+Q++Mx9OD5ey1/hN/cX3L9l/8avl8nP/o5JmzcxdOHosPZlvb63jLxNZrrr3uJS+9Pr6Xtv/78Nn5x2fPb5/ePh3C9gH8yMDNXv+X4vzvcixs/D2Uvvvj8rj77LvK71uv/Un572fi1x+Lz2f6/vj5PxtrOV7bn/eFN5dzvet/fVzHar3iM/9xW4cv/+eyz/y9+IFvXvjb3/9B+88F6fGce/lE4/F9bsdNjcuGni8vb3+/6uXfX976uv7e6HRjfiPu18X4ycw7byrvr/3202eTfPbd5es3/SSXtg9tnyeybaT1cax3/d+LP8d86+bW9790fHzjqbZPc94WhoolLMT3h7BQXp6ulfb3Zy/d1PH+0ufwhIVXrmWZK5p7cm7q1MkzF56Ymp+dm5+ae/Jjh0+fvXBm/nDjs0sPf6jX9kuv72sar+9js/v3hsar/Ww5NtnVXv+5R48eu2/6rmOzx49cOD7/6LnZ8yeOzs0dnT02d9eR48dnP9pr+5PHDs7sPrDnvt2TJ04eO3j/gQN7DkyePHO2WEa5qB72T3948sz5w41N5g7uPTCzb9/e6cnTZ4/NHrxvenryQq/tG9+bJoutPzJ5fvbUkfmTp2cn505+bPbgzIH9+3f3/PTH0+eOz22fOn/hzNSFudnzU+Vj2T7f+HLxva/X9tTD3Nn4ftdmKP50/r679+fPxy18+RMr3lR5ldYfT8MP42dBpe9vvf6dcv9YnFlN8j8AAADUQcr98YP/ly6Q/wEAAKAyUu7fEmcm/wMAAEBlpNw/EWdWk/yv/6//r/+v/6//fwX7/0H/f6Pp/29I/385/f9V0f/X/9f/1/+nu37r/6fcvzWEWuZ/AAAAqIOU+6+JM5P/AQAAoDJS7r82zkz+BwAAgMpIuf+6OLN65P+x9r/q/+v/6/839//TdfX/g/6//v9l0v/X/+9G/1//f5DX34f9/636//Sbfuv/p9z/kjizeuR/AAAAqIWU+18aZyb/AwAAQGWk3H99nJn8DwAAAJWRcv+2OLOa5P8NPP//Z+JF+v/6/4Pe/z+djmPn/9f/1/9fP/1//f9u9P/1/wd5/X3Y/3f+f/pOv/X/U+7/f3FmNcn/AAAAUAcp978szkz+BwAAgMpIuf+GODP5HwAAACoj5f4b48xqkv83sP/v/P/6/1Xp/zed/1//v5n+v/7/5dD/1//vRv9f/3/j1z8Uf0zQ/++1vf4/V0K/9f9T7n95nFlN8j8AAADUQcr9N8WZyf8AAABQGSn3vyLOTP4HAACAyki5/+Y4s5rkf/1//X/9f/1//X/9/82k/6//343+v/7/IK9f/1//n976rf+fcv8r48xqkv8BAACgDlLuvyXOTP4HAACAyki5/1VxZvI/AAAAVEbK/bfGmdUk/+v/91X//8mg/7+8/z+s/6//X1pr/79hoff69f8312D1/4dXvET/v6T/30r/X/9f/1//n+76rf+fcv+r48xqkv8BAACgDlLuf02cmfwPAAAAlZFy/21xZvI/AAAAVEbK/dvjzGqS//X/+6r/7/z/zv+v/+/8/0v9//kh/f9VcP5//f+g/3/ZrnZ/ftDXr/+v/09v/db/T7l/R5xZTfI/AAAA1EHK/TvjzOR/AAAAqIyU+2+PM5P/AQAAoDJS7r8jzqwm+V///zL7/1tb/6n/33n9+v/6//r/zv+v/6//343+v/7/IK9f/391/f/xXjdEpfVb/z/l/jvjzGqS/wEAAKAOUu6/K85M/gcAAIDKSLn/tXFm8j8AAABURsr9u+LMapL/9f+d/1//X/9f/1//fzPp/6+6/7/1cta1Kf3/9Car/9+T/r/+/6D0/yc6bO/8/1wJ/db/T7n/dXFmNcn/AAAAUAcp978+zkz+BwAAgMpIuf/uODP5HwAAACoj5f7JOLOa5H/9f/1//X/9f/1//f/NVNX+f34fdf5//X/9f/3/Te7/f2WF7Qfl/P/UW7/1/1PuvyfOrCb5HwAAAOog5f5748zkfwAAAKiMlPun4szkfwAAAKiMlPun48xqkv+r3/9vbxaX9P9L+v/6/0H/X/9/k1W1/99+/v8Qgv6//n+m/6//32/n/+9E/58rYf39//G8SePPdfb/U+6fiTOrSf4HAACAOki5f3ecmfwPAAAAlZFy/544M/kfAAAAKiPl/r1xZjXJ/9Xv/3em/1/S/9f/D/r/+v+brC79f+f/Ly/X/y/p/+v/6//r/9fRcIevrb//v7RJ48919v9T7t8XZ1aT/A8AAAB1kHL//jgz+R8AAAAqI+X+++LM5H8AAACojJT7748zq0n+1//X/9f/1//v3/5/6/1vXv//v/T/N5H+v/5/N/r/+v+DvH79f/1/etvY/v/16+7/p9x/IM6sJvkfAAAA6iDl/jfEmcn/AAAAUBkp9z8QZyb/AwAAwEDpdB7CJOX+N8aZ1ST/6/9Xvf+/uEX/X/9/cPv/rfvT+f/1/zuJb5/6/6tUr/7/1mX3p//f6mr35wd9/fr/+v/0trH9/2U/nq65/59y/8E4s5rkfwAAAKiDlPvfFGcm/wMAAEBlpNz/5jgz+R8AAAAqI+X+Q3FmNcn/+v9V7//33/n/h8Lg9v9H9f/1//X/18z5//X/u3H+/8Hs/6fP3dD/75/+f3EM6f/Tj/qt/59y/1vizGqS/wEAAKAOUu5/a5yZ/A8AAACVkXL/2+LM5H8AAACojJT73x5nVpP8r/+v/+/8/87/r/+v/7+Z9P/1/7vR/x/M/n+i/98//X/n/6df9Vv/P+X+d8SZ1ST/AwAAQB2k3P/OODP5HwAAACoj5f7/H2cm/wMAAEBlpNz/YJxZTfJ/hfr/Y3Hq/+v/6//r/zfo//cH/X/9/270//X/B3n9+v/6//TWb/3/lPt/Kc6sJvkfAAAA6iDl/ofizOR/AAAAqIyU+98VZyb/AwAAQGWk3P/LcWY1yf8V6v+X+vT8/8P59vX/9f/1//X/9f830oD2/yf0/0v6//r/g7x+/X/9f3rrt/5/yv2/EmdWk/wPAAAAdZBy/6/Gmcn/AAAAUBkp9/9anJn8DwAAAJWRcv/DcWY1yf/6/87/r/+v/9+3/f/R1v2p/6//38mA9v+d/z/S/9f/H+T16//r/9Nbv/X/U+7/9TizmuR/AAAAqIOU+x+JM5P/AQAAoDJS7n93nJn8DwAAAJWRcv974sxqkv/1//X/9f/1//u2/9+2P/X/+7X//29dL9X/1//vRv9f/3+Q16//r/9Pb/3W/0+5/9E4s5rkfwAAAKiDlPvfG2cm/wMAAEBlpNz/G3Fm8j8AAABURsr9vxlnNpj5f3itG+j/6//r/+v/r7r/vxBC0P/X/18j/f/l/f/iPexq9v/HV3NF/f9V0f/X/9f/1/+nu37r/6fc/744s8HM/wAAAEAHKff/VpyZ/A8AAACVkXL/b8eZyf8AAABQGSn3vz/OrCb5X/9f/1//X//f+f/1/zeT/n+9zv8/HvT/g/6//r/+v/4/Wb/1/1Pu/0CcWU3yPwAAANRByv2/E2cm/wMAAEBlpNx/OM5M/gcAAIDKSLn/sTizmuR//f+r1P/fWl5f/1//vzr9/0X9f/3/jvT/69X/d/7/kv6//r/+v/4/pX7r/6fcfyTOrCb5HwAAAOog5f4PxpnJ/wAAAFAZKfcfjTOT/wEAAKAyUu4/FmdWk/yv/+/8//r/+v/O/6//v5n0//X/u9H/1/8f5PXr/+v/01u/9f9T7p+NM6tJ/gcAAIA6SLn/eJyZ/A8AAACVkXL/iTgz+R8AAAAqI+X+x+PMapL/9f/1/1fV/x8L+v/6//r/+v+XRf9f/78b/X/9/0Fev/6//j+9bVz//583pP+fcv/JOLOa5H8AAACog5T7PxRnJv8DAABAZaTc/+E4M/kfAAAAKiPl/lNxZjXJ//r/+v/O/1/B/v+o/n/Q/+8b+v/6/93o/+v/D/L69f/1/+ltKGxU/z9sSP8/5f7TcWY1yf8AAABQByn3n4kzk/8BAACgMlLuPxtnJv8DAABAZaTcfy7OrCb5X/9f/1//v4L9f+f/b9D/7w/6//r/3ej/6/8P8vr1//X/6W3jzv+/Mf3/lPt/N86sJvkfAAAA6iDl/v9j7z6a5LyrPY63riWPVK5bd3X3vAV27OAd+DWwYUuRc44GTE4m55yTiSbnnIPJORlMBkOVKWvOOfZIPd2t0fT08/zP57PgMGaseayhxvUr1beee8ct9j8AAAAMI3f/feIW+x8AAACGkbv/vnFLk/2v/9f/6//1//p//f826f/1/6vo/+fT/59Z8vfr//X/+n/WmVr/n7v/fnFLk/0PAAAAHeTuv3/cYv8DAADAMHL3PyBusf8BAABgGLn7Hxi3NNn/+n/9v/5/Mv3/fuen/9f/6/8vif5f/7/Ydf9/Lj4YvP9fRv+v/9f/s87U+v/c/Q+KW5rsfwAAAOggd/+D4xb7HwAAAIaRu/8hcYv9DwAAAMPI3f/QuKXJ/tf/6//H7f/35tb/e/9/fl9H7P9P3f5l9f/HS/+v/1/suv9v8v7/ZfT/+n/9P+tMrf/P3f+wuKXJ/gcAAIAOcvc/PG6x/wEAAGAYufsfEbfY/wAAADCM3P2PjFua7H/9v/5/3P5/du//1//n93WI/v9c/Tre/6//1/8fTv+v/5/z8+v/9f+sN7X+P3f/o+KWJvsfAAAAOsjd/+i4xf4HAACAYeTuf0zcYv8DAADAMHL3PzZuabL/9f/6f/2//l//fwLv/9f/6//1/0vp//X/c35+/b/+n/Wm1v/n7n9c3NJk/wMAAEAHufsfH7fY/wAAADCM3P1PiFvsfwAAABhG7v4nxi1N9v+l9f+n9P+H0P8vf379v/5f/6//1//r/1fR/+v/5/z8+n/9P+ttvf+/+przd9P+P3f/NXFLk/0PAAAAHeTuf1LcYv8DAADAMHL3Pzlusf8BAABgGLn7nxK3NNn/S/r/KxYzfv//2c2+tP4/vv7B/v/WU/p//f80+/9b4qeM/l//f7F59/9n9f876//39P8r+/nNfif0//p//T/rbL3/X9P7X/hx7v5r45Ym+x8AAAA6yN3/1LjF/gcAAIBh5O5/Wtxi/wMAAMAwcvc/PW5psv8v7f3/0+//vf9/t+//z193C/3/mWXPr//v0v/v8/5//f8y8+7/vf9/i/3/PfI30/v/D7frfn7uz7+q/7/rBs+v/6eDqfX/ufufEbc02f8AAADQQe7+Z8Yt9j8AAAAMI3f/s+IW+x8AAACGkbv/2XFLg/1/Wv9fz5H0/97/v1H/f27/79f/H3we/b/+fxn9v/5/ld29/1//v5hAPz/35/f+//X9/1XrfhGGN7X+P3f/c+KWBvsfAAAAusjd/9y4xf4HAACAYeTuf17cYv8DAADAMHL3Pz9uabL/9f/6f/2/9/9fVv9/xTb6/9NLfz/1//r/ZfT/+v+F/v/Idt3Pz/359f/e/896U+v/c/dfF7fU8Dt9hH9KAAAAYEpy978gbmny5/8AAADQQe7+F8Yt9j8AAAAMI3f/i+KWJvtf/6//1//r/73/X/+/Tfr/4fr/U/r/2+n/9f/6f/0/q02t/8/d/+K4pcn+BwAAgA5y978kbrH/AQAAYBi5+18at9j/AAAAMIzc/S+LW5rsf/2//l//r//X/+v/t0n/P1z/7/3/d6D/1//r//X/rDa1/j93/8vjlib7HwAAADrI3f+KuMX+BwAAgGHk7n9l3GL/AwAAwDBy978qbpnd/r+woN2M/l//r//X/+v/9f/bNP3+/8xGn6X/36f/P2hb/f/ZQ76e/n9az388/X9+9/X/jGkC/f/d7vhx7v5Xxy2z2/8AAADAYXL3vyZusf8BAABgGLn7Xxu32P8AAAAwjNz9r4tbmuz/w/r/m6/a/9/X9P/5G6b/j6v/1/8v9P9F/6//X8yi/9+M/n+f/v8g7//X/3v/v/6f1SbQ/x/4OHf/6+OWJvsfAAAAOsjd/4a4xf4HAACAYeTuf2PcYv8DAADAMHL3vyluabL/vf9f/6//1//r//X/26T/1/+vMqP+f2/ZX9T/6//1//p/Vpta/5+7/81xS5P9DwAAAB3k7n9L3GL/AwAAwDBy9781brH/AQAAYBi5+98WtzTZ//p//f/O+///GbL/P/+I+n/9v/5f/6//X21G/f9S+n/9v/5f/89qU+v/c/e/PW5psv8BAACgg9z974hb7H8AAAAYRu7+d8Yt9j8AAAAMI3f/u+KWJvtf/6//33n/7/3/Rf8f31f9v/7/Euj/9f8L/f+R7bqfn/vz6//1/6w3tf4/d/+745Ym+x8AAAA6yN3/nrjF/gcAAIBh5O6/Pm6x/wEAAGAYufvfG7c02f/6f/2//l//r//X/2+T/l//v8rJ9v/X3qz/P2jX/fzcn1//r/9nvan1/7n73xe3NNn/AAAA0EHu/vfHLfY/AAAADCN3/wfiFvsfAAAAhpG7/4NxS5P9r/+fe/9/95viCabW/+en6P/1/yv7/73FxfT/+v9Lof/X/y+28v7/C39SLKf/1//r//X/rHZi/f89r77XXW77L2v6/9z9H4pbmux/AAAA6CB3/w1xi/0PAAAAw8jd/+G4xf4HAACAYeTu/0jc0mT/9+j/z1z0aeP0/97/r/+fdP+fP1S9/1//r//X/y813f5/M/p//b/+X//PalN7/3/u/o/GLU32PwAAAHSQu/9jcYv9DwAAAMPI3f/xuMX+BwAAgGHk7v9E3NJk//fo/y+m/9937P3/rf+n/9f/l03e/6//1/9fLv2//n+h/z+yXffzc3/+ofv/Uwv9P8diav1/7v5Pxi1N9j8AAAB0kLv/U3GL/Q8AAADDyN3/6bjF/gcAAIBh5O7/TNxw5//d3SOdKP2//t/7//X/+n/9/zbp/4/Q/586vfFz6f/36f+PZtf9/Nyff+j+3/v/OSZT6/9z9382bvHn/wAAADCM3P2fi1vsfwAAABhG7v7Pxy32PwAAAAxgv3fP3f+FuKXJ/l/T/+/l5x25/z93+NfW/+v/F/p//b/+X/9/mYbs/y+B/n+f/v9odt3Pz/35Z9f/X3/wQ/0/J2FJ/3/+J/Gu+v/c/V+MW5rsfwAAAOggd/+X4hb7HwAAAIaRu//LcYv9DwAAAMPI3f+VuKXJ/l/a/+95/7/+X/+v/1/o//X/x0L/r/9fRf+v/5/z88+u/7+A/p+TMLX3/+fu/2rc0mT/AwAAQAe5+78Wt9j/AAAAMIzc/V+PW+x/AAAAGEbu/m/ELU32/5r3/+v/N/tH0f/r/5f+/0H/r//fsP8/s9D/H5n+X/+/0P8f2a77+bk//+X0/+f0/zQxtf4/d/8345Ym+x8AAAA6yN3/rbjF/gcAAIBh5O7/dtxi/wMAAMAwcvd/J25psv9H7v9XfZr+f5/+X/+/0P9Pof/3/v/LoP/X/y/0/0e2635+7s/v/f/6f9abWv+fu/+7cUuT/Q8AAAAd5O7/Xtxi/wMAAMAwcvffuFjcYP8DAADAmG48/59nF9+PW5rs/5H7/1X0//v0//r/hf5f/79l+n/9/yr6f/3/nJ9f/6//Z72p9f+5+38QtzTZ/wAAANBB7v4fxi32PwAAAAwjd/+P4hb7HwAAAIaRu//HcUuT/a//1//r//X/+n/9/zbp//X/q+j/9f9zfn79v/6f9abW/+fu/0nc0mT/AwAAQAe5+38at9j/AAAAMIzc/T+LW+x/AAAAGEbu/p/HLU32v/5f/6//1//r//X/26T/1/+vov/X/8/5+fX/+n/Wm1r/n7v/F3FLk/0PAAAAHeTu/2XcYv8DAADAMHL3/ypusf8BAABgGLn7fx23NNn/+v/bnuNc/XX9v/5f/6//T/r/49G2/7/tX6v6/7X0//r/OT+//l//z3pT6/9z9/8mbmmy/wEAAKCD3P2/jVvsfwAAABhG7v7fxS32PwAAAAwjd//v45Ym+1//7/3/+n/9/zz6/yv1//r/pSbb/3v//0b0//r/OT+//l//z3pT6/9z998UtzTZ/wAAANBB7v4/xC32PwAAAAwjd/8f4xb7HwAAAIaRu//muKXJ/tf/6/+H7P/39P/j9f/e/z/L/v9O+n/9/2r6f/3/nJ9f/6//Z72p9f+5+/8UtzTZ/wAAANBB7v4/xy32PwAAAAwjd/9f4hb7HwAAAIaRu/+vcUuT/a//1/8P2f97/7/+X/8/Gfp//f8q+n/9/5yfX/+v/2e9qfX/ufv/Frc02f8AAADQQe7+v8ct9j8AAAAMI3f/P+IW+x8AAACGkbv/n3FLk/2v/9f/6//1//p//f826f/n2/9fuThC/3/dQv+v/9f/6//1/5Sp9f+5+/8VtzTZ/wAAANBB7v5b4pal+///T+ipAAAAgOOUu//fcYs//wcAAIBh5O7/T9zSZP/r//X/+n/9v/5f/79N+v/59v/e/7+e/l//r//X/7Pa1Pr/3P3/DQAA///E7/7M")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0xc6081, 0xcc)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x82200, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket(0xa, 0x3, 0xff)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000040000000030a01010000000000000000010000000900030073797a310000000014000480080002400000000008000140000000000900010073797a30000000007c000000060a0104000000000000000001000000540004802000018007000100727400001400028008000240000000030800014000000003240c01800b00010072656a656374000014000280080101400000000105000200000000000c000180080001006669620008000b400000000009000100"], 0x104}}, 0x0)
socket$kcm(0x2, 0x200000000000001, 0x106)
sendfile(r0, r1, 0x0, 0x20fffe85)
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000140)='.\x00', 0x1a4a438, &(0x7f00000008c0)=ANY=[], 0xc, 0x0, &(0x7f0000000000))
creat(&(0x7f0000000040)='./bus\x00', 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000002c80)={0x2020}, 0x1c93)
pread64(0xffffffffffffffff, &(0x7f0000000180)=""/75, 0x4b, 0xa0ef)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
openat(0xffffffffffffff9c, &(0x7f0000000440)='.\x00', 0x0, 0x80)

12m11.333509802s ago: executing program 4 (id=45):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
openat(0xffffffffffffff9c, 0x0, 0x46942, 0x0)
mount$binder(0x0, &(0x7f00000021c0)='.\x00', &(0x7f0000002200), 0x1200850, &(0x7f0000002240))

12m10.542093898s ago: executing program 4 (id=46):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r2, 0x0, <r3=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r1, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r3, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x334e8b})
ioctl$IOMMU_IOAS_UNMAP$ALL(r1, 0x3b86, 0x0)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000980)={0x48, 0x5, r2, 0x0, 0x0})
ioctl$IOMMU_TEST_OP_ACCESS_RW(r0, 0x3ba0, 0x0)

12m10.230298232s ago: executing program 4 (id=49):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000080), 0x5, 0xc000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r1)
r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi0\x00', 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f00000000c0)={'dt2815\x00', [0x4f27, 0x5, 0x5, 0x47, 0x2, 0xcc7, 0x8, 0x7, 0x5, 0x3ff, 0x7f, 0x15fe, 0x1, 0x0, 0xdc, 0xe1cb, 0xff7fffc0, 0x0, 0x2f, 0x295, 0x80000089, 0xfffffffc, 0x7, 0x9, 0xffffeadb, 0x3, 0x1003c, 0x5, 0x4, 0x8000000, 0x5]})
r3 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
fallocate(r3, 0x0, 0x0, 0x8ffff)
sched_setaffinity(0x0, 0xfffffffffffffe02, &(0x7f00000002c0)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
ioctl$USBDEVFS_REAPURB(0xffffffffffffffff, 0x4008550c, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = mq_open(&(0x7f0000000a00)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xafUD\x9dA\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb\x00\x00\x00\x00\x00', 0x42, 0x1f0, 0x0)
mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0)
mq_unlink(&(0x7f0000000000)='eth0\x00')
creat(0x0, 0x0)
pipe2$9p(0x0, 0x0)
r6 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x5)
ioctl$SG_GET_REQUEST_TABLE(r6, 0x2286, &(0x7f0000000440))
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc1}, 0x4000040)
mq_timedsend(r5, 0x0, 0x0, 0x3, 0x0)
r7 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil)
shmat(r7, &(0x7f0000ffc000/0x3000)=nil, 0x4000)
shmctl$IPC_RMID(r7, 0x0)
remap_file_pages(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x8, 0x0, 0x4000000)
mq_timedsend(0xffffffffffffffff, 0x0, 0x55, 0x0, 0x0)

11m54.279085506s ago: executing program 32 (id=49):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000080), 0x5, 0xc000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r1)
r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi0\x00', 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f00000000c0)={'dt2815\x00', [0x4f27, 0x5, 0x5, 0x47, 0x2, 0xcc7, 0x8, 0x7, 0x5, 0x3ff, 0x7f, 0x15fe, 0x1, 0x0, 0xdc, 0xe1cb, 0xff7fffc0, 0x0, 0x2f, 0x295, 0x80000089, 0xfffffffc, 0x7, 0x9, 0xffffeadb, 0x3, 0x1003c, 0x5, 0x4, 0x8000000, 0x5]})
r3 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
fallocate(r3, 0x0, 0x0, 0x8ffff)
sched_setaffinity(0x0, 0xfffffffffffffe02, &(0x7f00000002c0)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
ioctl$USBDEVFS_REAPURB(0xffffffffffffffff, 0x4008550c, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = mq_open(&(0x7f0000000a00)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xafUD\x9dA\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb\x00\x00\x00\x00\x00', 0x42, 0x1f0, 0x0)
mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0)
mq_unlink(&(0x7f0000000000)='eth0\x00')
creat(0x0, 0x0)
pipe2$9p(0x0, 0x0)
r6 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x5)
ioctl$SG_GET_REQUEST_TABLE(r6, 0x2286, &(0x7f0000000440))
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc1}, 0x4000040)
mq_timedsend(r5, 0x0, 0x0, 0x3, 0x0)
r7 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil)
shmat(r7, &(0x7f0000ffc000/0x3000)=nil, 0x4000)
shmctl$IPC_RMID(r7, 0x0)
remap_file_pages(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x8, 0x0, 0x4000000)
mq_timedsend(0xffffffffffffffff, 0x0, 0x55, 0x0, 0x0)

6m50.383427718s ago: executing program 1 (id=750):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SECCOMP(0x27, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x40400d5)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000002200)='/proc/diskstats\x00', 0x0, 0x0)
read$FUSE(r3, &(0x7f0000000180)={0x2020}, 0x2024)

6m49.006588291s ago: executing program 1 (id=752):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0)
io_setup(0x2017, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000004200)={0x2020}, 0x2020)
timerfd_create(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102384, 0x18ff0)
syz_open_dev$dvb_demux(0x0, 0x5, 0x2a4000)
r1 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x3000011, 0x13, r1, 0x0)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x11, 0xffffffffffffffff, 0x0)
r2 = socket$kcm(0x29, 0x2, 0x0)
write$cgroup_pressure(r2, &(0x7f0000000140)={'full'}, 0xfffffdef)

6m47.041998242s ago: executing program 1 (id=754):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r0, 0xffffffffffffffff, 0x0)

6m45.577708069s ago: executing program 1 (id=758):
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000009c0)=@migrate={0xa0, 0x21, 0x1, 0x0, 0x4, {{@in6=@private2, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@migrate={0x50, 0x11, [{@in6=@mcast2, @in=@private=0xa010100, @in=@private=0xa010100, @in=@rand_addr=0x6, 0x3c, 0x0, 0x0, 0x0, 0xa, 0xa}]}]}, 0xa0}}, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0xf, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$inet(0x2, 0x3, 0x2)
getdents(0xffffffffffffffff, &(0x7f0000001fc0)=""/184, 0xb8)

6m43.358593195s ago: executing program 1 (id=762):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
r0 = syz_clone(0x111, 0x0, 0x0, 0x0, 0x0, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x100809, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0])
mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040))
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x180)
chdir(&(0x7f0000000000)='./file0\x00')
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r2 = socket$unix(0x1, 0x5, 0x0)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r3=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, r3, 0x0)
setpgid(r0, r0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)

6m41.187631783s ago: executing program 1 (id=765):
open_tree(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4)

6m25.925364482s ago: executing program 33 (id=765):
open_tree(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4)

6m11.953218568s ago: executing program 3 (id=828):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x40001e0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x1)
socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x8916, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r3)
mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000040)='.\x00', &(0x7f0000000140)='zonefs\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000100)=ANY=[@ANYRES32=r7, @ANYRES32=r6, @ANYBLOB='&'], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r7}, &(0x7f0000000000), &(0x7f0000000080)=r3}, 0x20)
sendmsg$inet(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0)
recvfrom(r4, &(0x7f0000004000)=""/4112, 0xfffffffffffffedc, 0x2080, 0x0, 0x0)

6m10.882198953s ago: executing program 3 (id=829):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdir(0x0, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmsg$alg(r4, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@assoc={0x18, 0x117, 0x4, 0x202}], 0x18}, 0x0)

6m9.877732235s ago: executing program 3 (id=831):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
mount$nfs4(0x0, 0x0, &(0x7f0000001a00), 0x10080, &(0x7f0000001a80)=ANY=[])
r1 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_REWIND(r1, 0xc0844123, 0x0)

6m9.490093136s ago: executing program 3 (id=833):
syz_mount_image$f2fs(&(0x7f000000e000), &(0x7f0000000080)='./file0\x00', 0x10, &(0x7f00000002c0)=ANY=[@ANYBLOB="6e6f6c617a7974696d652c6661756c745f696e6a656374696f6e3d30303030303030303030303030303030313235342c6661756c745f747970653d30303030303030303030303030303033323736372c6772706a71756f74613d2c6e6f666c7573685f6d657267652c6e6f636865636b706f696e745f6d657267652c61636c2c67635f6d657267652c636f6d70726573735f63616368652c616c6c6f635f6d6f64653d64656661756c742c6e6f696e6c696e655f78617474722c6261636b67726f756e645f67633d6f66662c636865636b706f696e743d64697361626c652c00cef235c93369e015a17ee2ff7fb3ad2b9406058804552c36be902e976d7836f82ef7fe1a91fd5fe53fa7c93ff6227910f46434ee3e5b851845bcaeb4a5731075f9887d22e18a989131940a04c4b9064af9cc9519dd7aa9078ad5ac798fbd81aa90dd19ce130ce6f37c3303199b6026122d39fdf5de1d4949e33dfbf7"], 0x4, 0x550c, &(0x7f00000089c0)="$eJzs3M1rI2UYAPAn7Xa/XYt48LYDi9DKJjT9WPRWdRc/sEtZ9eBJ0yQN2U0ypUnT2pMHj+LB/0QUPHn0b/Dg2Zt4ULwJSmYmuvUDhKaN3f5+MHnmffPmmecNy8IzUxLAuTWf/PJTKW7ElYiYjYjrEdl5qTgy63l4LiJuRsTMY0epmP9j4mJEXI2IG6Pkec5S8dZnt4e31n588+evv7104drnX303vV0D0/Z8RHR38vP9bh7TVh4fFvO1YTuL3dVhEfM3uo+KcZrH/eZWlmG/Nl5Xy+JKK1+f7uz1R3G7U6uPYqu9nc3v9PIL9oetcZ7sAw9ru9m40dzKYrufZrF1mNd1cJj/33bYH+R5GkW+D7P0MRiMYz7fPGjm+9l5lMV6b1DM53nTRvNgFIdFLC4X9bTTyOrYOs43/f/2Vru3d5AMm7v9dtpL1irVFyvVO+XqbtpoDpqr5Vq3cWc1WWh1RsvKg2atu95K01anWamn3cVkoVWvl6vVZOFuc6td6yXVamWlslReWyzObiev3X836TSShVF8pd3bG7Q7/WQ73U3yTywmy5WVlxaTW9Xk7Y3NZPPBvXsbm++8f/e9+y9vvPFqsehvZb0Qy0vLy+XqUnm5uniO9v9xUXSyMLH9w7GUpl0AwNmj/wem4eT6/90HESff/4f+fyLOVP87LmuC/e953z8ci/4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODc+n7ui9ezk/l8fK2Yf6qYeqYYlyJiJiJ++wezcfFIztkiz9y/rJ/7Sw3flCLLMLrGpeK4GhHrxfHr0yf9LQAAAMCT68uPbn6ad+v5y/y0C+I05TdtZq5/MKF8pYiYm/9hQtlmRi/PTihZ9u/7QhxMKFt2A+vyhJLlt9wuTCrbfzJ7JFx+LJTyMHOq5QAAAKfiaCdwul0IAAAAp+mTaRfAdJRi/Chz/Cw4+8v7Px8IXjkyAgAAAM6g0rQLAAAAAE5c1v/7/T8AAAB4suW//wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzOzv3cJg5EcQB+Nnhh/2nRau/byt6gjC1hj3uMKCBNUEAOpIU0QA3klhIiiPA4BCIOkTy2lej7JGcylvnxBsFhZqQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALt1X68Xt1e/rtjm7fTt5RgMAAABcsq3Wi/qfWep/be5/b279bPpFRJQRcWnuPopPZ5mjJqd6ef7m9PnqVQ13EXXC4T0mzfUlIv401+OPrj8FAAAA+Lg2y9U8zdbTn9nQBdGntGhTfvubKa+IiGr2kCmtPOT9yhRWf7/H8T9TWr2ANc0UlpbcxrnS3qT+uR9X7aYnTZGa8uLLjkVmGzsAANCj0VnT7ywEAACAPv0bugCGUcTzVuZxK3CSmmZ77/NZDwAAAHiHiqELAAAAADpXz/97Ov9v7/w/AAAAGEY6/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAubav1YrNczdvm7Pbt5BkNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwxP68o0AIhEEY7F3fmcz9DysNmpqaVIHw8TcGAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX+/OSAiEQBFEwZ/zvpO9/WEnQM4gQAQ2PKmrRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXO/fzGkcVBwD8zc7OxlbFNcoeIqLgQS92u62tvYkHJXjwTxBCuq2xW3+0OdhSxFy8Sc69iB5FBCXe+j/0nEAu8ZbDHiJ4jszszO7kB7j+6Mwm+XzgzfvuMMz7vlkI+c57CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBh+O4kjtNDexQ38nObew+W037rUJ96tL69kLY0jqpM+mR4ufwh6ozDvTqSAQAA4GyIi/o+hLCTbCymfaOd1f9JcU1a83//7Cgu6vnDdX/RF7V/2n77dffF8UDt0TjpTW+sDPoXj6bSfHKznG3P/e0VzezJZ+9e4uwLaXyw9sIwyZ5n9O3jx++1snCuimwBgH/jQtHnQfH7UNr36kwMgDOjWSq8i/o/btebEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAVhmvh6SKOQggLzUmc2tp7sHxc/2h9e6FoVx8+XA9fT+6Z3iIJIdxYGfQvVjqb2Xb33v1bS4NB/071wSshhLpGfyef/q2Pprg4hFqej+D/Cfbn8i97RvI5IUGNP5QAADiVkryldf1OsrGYnovmQ9j/4WD9/3opDlPW/7sfX90sj1Wu/3uVzXD2dVdvf969e+/+myu3l272b/Y/fetS7+3e5WtXrlzrZu9Kut6YAAAA8N+08lau/xvzR9f/z5fiMGX9/8V3va/KY8Xq/2NNFv3qzgQAAOBse/7VP/+IjjkftVrhy6XV1Tu90XH8+dLoWEOq/9hc3sr1fzxfd1YAAABAFYZr0YH1/+ulOEy5/v/Mjy/9XL5nHEI4l6//X1j+bHC9uunMtCr+nLjuOQIAAFCvc3krr/8n2f7/xnjLQyOE8MZrozj/N4BT1f/x+9/8VB6rvP//cnVTnEmNzuh5ZH0nhGan7owAAAA4zZ7KW1rs/55sLH7yy/kPW/b/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFTtrwAAAP//RAE/8A==")
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
symlink(&(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000800)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4, 0x1)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(r0, &(0x7f0000000440)='./bus\x00', 0x41)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

6m6.148913594s ago: executing program 3 (id=838):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x6)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0)
r4 = socket$inet6(0xa, 0x3, 0x6)
setsockopt$inet6_buf(r4, 0x29, 0x39, &(0x7f0000000040)="ff02040000b5ffffffffffffffff2e2be82db1af00000000", 0x18)
connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e20, 0x1000040, @private1={0xfc, 0x1, '\x00', 0xa}, 0xae3c}, 0x1c)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x800448d2, &(0x7f00000002c0)="fd")
sendmmsg$inet6(r4, &(0x7f0000002940)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}}], 0x62, 0x0)
ioctl$F2FS_IOC_START_ATOMIC_WRITE(r3, 0x8008330e, 0x0)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x8)
r5 = eventfd(0xfffffff9)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r5)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r5})
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
getsockopt(r6, 0x2c, 0x0, 0xffffffffffffffff, &(0x7f0000000100))

6m2.613232982s ago: executing program 3 (id=842):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
mount$nfs4(0x0, 0x0, &(0x7f0000001a00), 0x10080, &(0x7f0000001a80)=ANY=[])
r1 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_REWIND(r1, 0xc0844123, 0x0)

6m2.098049257s ago: executing program 34 (id=842):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
mount$nfs4(0x0, 0x0, &(0x7f0000001a00), 0x10080, &(0x7f0000001a80)=ANY=[])
r1 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_REWIND(r1, 0xc0844123, 0x0)

11.82468173s ago: executing program 6 (id=1679):
r0 = syz_usb_connect(0x5, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100001a77aa4094225b4210a20102030109022400010000000009040000029233500009050602ff030000000905ba3e79"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000380)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="40091a000000ed72e22f9f"], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)

11.548086396s ago: executing program 0 (id=1680):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r0 = userfaultfd(0x801)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}], 0x1, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f000040a000/0x800000)=nil, 0x800000}, 0x1})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x15)

11.218487107s ago: executing program 0 (id=1681):
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x40001e0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r3)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000100)=ANY=[@ANYRES32=r7, @ANYRES32=r6, @ANYBLOB='&'], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r7}, &(0x7f0000000000), &(0x7f0000000080)=r3}, 0x20)
sendmsg$inet(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0)
recvfrom(r4, &(0x7f0000004000)=""/4112, 0xfffffffffffffedc, 0x2080, 0x0, 0x0)

9.839765813s ago: executing program 2 (id=1683):
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_mark(0xffffffffffffffff, 0x1, 0x4800003e, r0, 0x0)
r1 = dup2(0xffffffffffffffff, r0)
creat(&(0x7f0000000140)='./bus\x00', 0x43)
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000080))
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x1000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000005580)=""/102392, 0x18ff8)
openat$kvm(0xffffffffffffff9c, 0x0, 0x40, 0x0)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$UI_DEV_SETUP(r3, 0x405c5503, &(0x7f0000000100)={{0x104, 0x80, 0x0, 0x6a8}, 'syz1\x00', 0x2f})
ioctl$UI_SET_LEDBIT(r3, 0x40045569, 0x4)
ioctl$UI_DEV_CREATE(r3, 0x5501)
r4 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r4, &(0x7f0000006300)={0x2020, 0x0, <r5=>0x0, <r6=>0x0, <r7=>0x0}, 0x2020)
write$FUSE_INIT(r4, &(0x7f0000000040)={0x50, 0x0, r5, {0x7, 0x1f, 0x0, 0x34014c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
syz_fuse_handle_req(r4, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000001d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r4, 0x0, 0x0, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={0x78, 0x0, 0x6, {0xfeffffffffffffff, 0x0, 0x0, {0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x1, 0x3966, 0x1, 0x8000, 0xfffffffc, r6, r7, 0x3, 0x4}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
read$FUSE(r1, &(0x7f0000000680)={0x2020}, 0x2020)
r8 = getuid()
fstat(r3, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0})
setxattr$system_posix_acl(&(0x7f0000000040)='./bus\x00', &(0x7f0000000180)='system.posix_acl_default\x00', &(0x7f0000000340)={{}, {0x1, 0x4}, [{0x2, 0x1}, {0x2, 0x1}, {0x2, 0x7}, {0x2, 0x4, r6}, {0x2, 0x4, 0xffffffffffffffff}, {0x2, 0x1, r8}], {0x4, 0x2}, [{0x8, 0x4}, {0x8, 0x0, r9}], {0x10, 0x1}, {0x20, 0x2}}, 0x64, 0x1)

9.538589923s ago: executing program 2 (id=1684):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000500)={@flat=@binder={0x73622a85, 0xa, 0x2}, @fd, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x0, 0xf}}, &(0x7f0000000240)={0x0, 0x18, 0x30}}, 0x1000}], 0x0, 0x0, 0x0})

9.428496305s ago: executing program 7 (id=1685):
syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000000000040cb06a7810000000000010902"], 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet_udp(0x2, 0x2, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
getdents64(r0, &(0x7f0000002f40)=""/4090, 0xffa)

9.348103784s ago: executing program 2 (id=1687):
prlimit64(0x0, 0xe, &(0x7f0000000180)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000340)='./file1\x00', 0x0, &(0x7f0000000000)={[{@space_cache_v1}, {@clear_cache}, {@compress_algo={'compress', 0x3d, 'zstd'}}]}, 0xff, 0x50d4, &(0x7f00000051c0)="$eJzs3U+IVWUfB/Dnzjg6KDjXnbp48QW3wiQKRURDaFaYc82CosVMLYIQYVAwFy3EgpIWDgha4cJgWmR/nFVFC3GVBEEQBcEgzEKQdkIxGC6Ke8957pz7HO+5dyZ1TD+fmDnnOb/zPOeZy1nc783n3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhhJNz585V1bdemTm7Y2DP1Us3T+w8NTE6H0KtdbyW1yeeeuaFNw5MPD8cO0zuz7b1erchs67zWWN1x8Fmv86f10IIQ8kAg/l292Bp1OLu4fKAlfZfXNh25NbeXTPHxg9dOLp5qvyn0zS80hNYKfl9dW3xXhpr/R5Izmi3C7dereMWzfqnN9w9+SMAgCUZbbQ27bej+Vvcdvt4Wk/aY0l7OmnHdwjTxcZyZOOu7jbPLWl9heY5lkWFNd3mWU/q+evfbjeSekjbnVFjCfPsPDWPNMPd5jmV1FdqngAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD3k6c/+eJ6VX3rlZmzOwb2XL1088TOUxOj8yHUW8drWbn2xMLcwqa3dj/63e4vP/6zPn5yMO8Xt6sKJ4ff4s5jIyG8Xqhci8P+vj6ERmeh1QwflQtvtnaejQUAAAAeJJtavwfa7SwODnW0a600WWv9F2Vhcf/FhW1Hbu3dNXNs/NCFo5unlj9eo8t4Y7cdr92uL/7UCsE4xt90vMV6PPVwaZxq6Yhpnn959MPtVf1L+b9enf/jKyf/AwAA8G/I/+k41Xrl//nPX91X1b+U/7d0XLKU/+OMY/4fCMvL/wAAAHA/u9v5f6w0TrVe+f/r9/edrupfyv+j/eX/VcVpx4M/xgkfHAlhtNfUAQAAgC7i/3df/Ggh5vXsk4M0r7+49fpQ1Xil/D/WX/6vHBQAAAC4p34488jfVfVS/m/0l//X3NVZAwAAAEvxv/cmD1TVS/l/sr/8vzbf5isfsk7fx3+FcHokhOHmzlRWuBKmn2wXAAAAgDsk5vSXvt18tOq8Uv6fqn7+f3zSQVz/3/H8v9L6/0Ihe+rf4x4MAAAAwMOovJ4/Ph4/++aCbt+/3+/6/09//nVD1fVL+f94f/l/sLi9k9//BwAAAMvwX/v+v1dK41Tr9fz/t9/dsLT8P91f/o/bdcU/73J8fd4ZCWFjcyd/muBn8XIHk8LsUKHQ0kh6HIg98sLsmkKhZSrpsX0khP83d44nhQ2xMJ0UbqzPC+eTwk+xkN8P7cJXSeFyvNPOrM+nmxa+iYV8gcVsXEGxrr0kIunxR7cezcJte8y1Lw4AAPBQieE5z7JDnc2QRtnZWq8T1vY6YaDXCYO9TliVnJCe2O14mOwsxON//TL+XKhQyv/n+8v/8aVYnW26rf8Pcf1//r2G7fX/k7FQTwqzsdBInxjQiNfIwu4H8Rr1Rt7jxsZ2AQAAAB5o8XOBwRWeBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAPe/ceY8dVHw787PN61+vdDUHKQxYxL0N+ktdrOw7WLyCcVBEIpGQtov6DQtbYm9TxBhs/Co4s1RhUlCKEC66IQh+2RFSnEsgqbXmEEosqQVUtGoU2fziPpgWEKkGjFNclSiRX986c2bln9j78WNsbPh/Je8+933POzDn33vGcmblnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgt8PV373hy+3i7/jR1796U+8HXvjBbw6u/9I9ky+FMNV4vScL97zvzHNnrvvU7Ru+d/s3Hjk9fudDg3m5PB6W1v/05k8+F2v92bIQvt0TQn8aWDWSBQby5yOxvuUjIVwV5gJFiZnhrES64PDkUAhHwlygqOq7QyGMlAJ3PfPDJ75YTxweCuGdIYRauowXatkyhtLAysEsMJwGdvRngf89mykC3+nNAnDB4peh+NAfn2rOMD5/uRafv4GLtmKXV9q8vpgYb53vV7cu8EqVDKYvTF3Q21apjgVR+Xqc8G1bBN+2Sj8f8raVd6TyPZSzc6Fa6N06c+/mvbN74iu9YWKir1VNC/Q+n3pl/5ZzSS+az2FcgfGL8jm8//DNzw5+7I4XH3n98f2na19bfqGr2ap7F1ot5J+5RfM+RhttTxbB16+yl7TCTlcI4fSJk/vbxSvj//H24//4cY6PvU25Y62vjWZj8/jKSEy8PJqNzQEAAGDRWAxHTQdX/OtP29VXGf+v6O78fzzlnw/ms9aeCGFjI/HZsRCubbyeBR6Li/v4WAhvbaSmmgO3JoETIVzXSNxYVJWUWBJLrEgCvxjNAxuTwFMxMJUEHo2BQ0ngczFwPAlsiYETSeC2GAjbmtvx/0bzdnQdGIqB6awTj8erEH49GpeW9NVzRVUAAAAXST46HGh+WrrW4UIzxOHl8aFOGeIV2C0z1JIa0hFsMaxqWUN/pxp6O9VQtPtA++ZXau7pVHPlMoye5gz/c+qaHaGNyvh/sv34vzbPivRUzv+HyU2Nh5i7N4/MFhmmp5oyAAAAABfg9948vbldvDL+39jd9f/xmEhfKXM4GQ9DbB8LYbI5kFV7SzWQnfVemgcAAABgMSjOxxfnwrflj9kl2ul4upp/6hzzxxP/G+fNv+PH//J4u/WtjP+nurv+f7j5MVuJp+JafGUshCWlwI/iWtYDDSti4KX3Nwfy9j8VO+ALsar8woSiqi/EEtMxMJkEjrQq8XRR4trmQP5mFQv/bNGObXmJUgAAAAAuuXg4IJ6Xj9f/r/nbP3yyXbnK+H/63K7/b4yDK5f3zy4NYXV/CH3pDwNODmcTA8bASE+e+PvhrK6+tKqDwyHcUm9YWtV/5PP/96dzDP5kKKsqBq5927FXVtYTXx8KYXU58OxHj66vJ/YmgWLhvzsUwg311qYL/7sl2cIH0oU/vCSEt5QCRVVbloRQX9hgWtU/1PL7GKRVHa+FcHUpUFT1nloI+wIAi1X8v3Rr+cXd+x7cvnl2dmbXAibiQfyhcO+22ZmJLTtmt9ZarNPWZJ2b5jH6TLVN3d765vk4R9Hdx8a6SRc/FJwsLys/kF+5cjB/HneGBhrtXDvQ9HRd2uR3v726iFDalWrV5N4FbvJwuZK5N7FSf8w/GJaGJXt3z+ya+PTmPXt2rcn+dpt9bfY3nmfK+mpN2lfD861bFx+PltNlJc63r1aWK1m954Gdq3fve3DVtgc23zdz38wnNkyuW7vh5sn171ldb9Rk9rdDS1fOV3PS0rNHu2zWRWzp9f2lSi7FRkNCQmKxJQYH7jzVbvNTGf/vbD/+j1uduOHP52dodf5/PJ7mz16fO80/HQNHuj3/P97qbH5xYcCKJHAgBg44zQ8AAMAbQzwcGY9mxoPSB971wvvalauM/w909/v/izT/fzF1/YdaTfN/Yywx2Wr+/3Sa/2L+/wOt5v9Pp/kv5v8/chnm/99bBJIu+bX5/wEAgDeCSzf/f8fp/dMbBFQydJzeP71BQCVDx2n8u71BwDnP//83v1yzPrRRGf8f6m78b+J+AAAAuHJcc9sNP24Xr4z/j3Q3/r/08/+FVtf/r2gVmGo1MaD5/wAAAFikWs3/98xHdr6/XbnK+P94d+P/eNlFb1PuWOtro9mcdiGd0+7l0eInAwAAALA49IaJiYEu8zZNjHrr+S/zVJwKtE267NDnj53b7/9PdDf+b/pdxv2Hb3528GN3vPjaI68/vv907WvL587/AwAAAAun2+MSAAAAAAAAAAAAAADA5ffo1d+ad16AqPL7/7Cp8Xqr3//H+/413TTxTD4Z4IE4s/6XxkzzBwAAAAvroVtffTj+u+/Lf/Rf7fJWxv/j3Y3/4/0F8vvgZbfeOxHv//fZsRAat9YbzwKPxcV9fCyEtzZSU7FEdkO9D8USk1ngsThh4o2xxPRUc1VLYuB4EvjFaB44kQSeioH8KMWxeGPAPx4NYX0jtam5xM5YYjwJ3BkDK5LARAxMJoFlMbAxCfxyWR6YSgL/FAP5zQeLvvrWsryvAAAAzkU+zhpofhrScd7x/k4Zejpl6LiI4U4ZejtlqLXIEJ//dVyHgfJ8/HmG+NJAWutQUkslQ7wZ3vk3vZiu7+nmnGnByqL7YsHx5pwxw85/vukroY3K+H9Fd+P/y3j///Ru/htjYEUS2BkDG5PA9KY8cOSa5oD7/wMAAHBla3X//9G3/NWhduUq4//J7sb/8UDEm5tyx1o73/8/f37Xh7+5r7HKJ0dDeHs5sP3g9qvqiUdHQ3hXOfDE3Tc2Ru0H0xLff/G2n9cT96SBD65605l64r1JYDp20nVpIB5VObMsCcTu/UkaiP1xPA0M5oGHlmXt6En76j9Hsr7qSfvq1Eh2eUVP2lffHsmW0ZM28HASKBr4yTQQG3hHHuhN1+qbS7O1ioGRWPQvlhYXfQAAcGWKe4ED4d5tszOT6U94r+9vfoyabln+mWq1PV0u/vl4a/K7j411k+5L90VrRVUDoVZvwprK7mo5S0+jlRenlg5d9+YWTe50t/feFuVS59p1g61bNJS1aGLLjtmtAx0bvq5zlrX9HbOsqQx2yll6G13aRS1drEsXLeqyb7pY5fi8N0xM9CW5/n8MjocmnT4R3d6vr3yf/1afgnKeo5//91fb1VcZ/2/sbvwf27M0lD7On4u1/mxZCN/umTsaUQRWjWSB2NyRODxePhLCVaV+KErMDGclBpMFhyeHshHqYFrVd4eyYwzx+V3P/PCJL9YTh4dCeGfpvSqW8UItW8ZQGlg5mAWG08CO/iwQr/woAt/pzQJwwYqNQvxA5T91KYzPX67F5++Nck/QtHmVa6DmyTffNneh1NIX8muqCuf2tlWqY0FUvh4nfNsW47ct+LaVd6TyPZSzc6Fa6N06c+/mvbN74ivlPdmKBXqfy3up3aQvwufwwPmvbWe1dAUmk83H5Pzl5v8c9sTq7j9887ODH7vjxUdef3z/6drXlne9Gi3EgcKT//2mq8rdu9BqIf/MLbrtyZTtyWL8b2Dc2xZCOPTnQ59sF6+M/6e6G//3J48Nr8bO3D0WwrtLnXsydv/vjGXbwVIg20peXQ1kl9z/dLTllhMAAAAutuJwR3G8YFv+mP0gPB0nV/NPnWP+eLxi47z5u13v/U/+/mPt4pXx/3T78f+SZDWd/3f+nwXi/P+8rvRD0UvSFw5c0KHoSnUsCOf/53Wlf9uc/5+X8//O/8/H+f8OnP+f15X+tlX2knba6QohnL1+4OF28cr4f2d34//fsvn/09n8i/n/00n7i/n/p1vN/7+z1fz/B8z/DwAALKgWE82n47zK5PyVDOnk/JUMPUmGc7/FQMdp9M3/n87/f/DPbtkT2qiM/w90N/6PH4eR8tIXy/z/45talNi4qXl1i8ChGNjpjgEAAABcRvEAQbzovdsZJgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFhYd7x6ZnO7+Dt+9PWv3tT7gRd+8JuD6790z+RLIWxrvN6ThXved+a5M9d96vYN37v9G4+cHr/zoVpebiB/XN6UO9b62mgIR0qvjMTEy6P1J3OBuz78zX399cTJ0RDeXg5sP7j9qnri0dEQ3lUOPHH3jdfUEwfTEt9/8baf1xP3pIEPrnrTmXrivXmgJ13dP12WrW5PurpfXBbCWClQrO79y5qrKpbxgTzQmy7jL0eyZcTASCz68Ei2jBiYjSW2LQlhdX8IfWlV/1jLqupLq/peLauqL63qD2oh3BJC6E+r+rfBrKr+tOVPD2ZVxcC1bzv2ysp64uhgCKvLgWc/enR9PbErCRQL/8hgCDfUPzLpwr81kC18IF34nwyE8JZSoKhqeiCE+sIG06pO9GdVDaZVfaM/hKtLgaKqm/pD2Be4XOKGZGv5xd37Hty+eXZ2ZtcCJgbzZQ2Fe7fNzkxs2TG7tZasUys9pfTZz5x/259/Zf+WRuLuY2PdpIv1miyvy9NTlRfLz/vzpwONdq4daHq6brE0ebhcydybWKk/5h8MS8OSvbtndk18evOePbvWZH+7zb42+9uXR7O+WrNY+mpluZLVex7YuXr3vgdXbXtg830z9818YsPkurUbbp5c/57V9UZNZn8vRkuPXvqWXt9fquRSbDQkJCQWW6K3aes2eaVvxys7+nMrOhBqjQ10ZVhRztLTaOXFaPSt59Ha3Lk2ujIkqbRoTWXgUMmytnOWdZUxw1yWoSxLY1+wMjgs19Tb6NL4vDdMTPS16ofx5qfl7v3VBXTvqdh1XaYBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4P3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhR04FgAAAAAQ5m8dRs8GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXAoAAP//Qczu7Q==")
fanotify_init(0x0, 0x400)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x120, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.swap.current\x00', 0x275a, 0x0)
ftruncate(r3, 0x3)

8.466355914s ago: executing program 6 (id=1688):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000500)={@local, @random="fad1e0480100", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x1, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x8}}}}}, 0x0)
setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f00000002c0)=0x3f7, 0x4)
recvmmsg(r0, &(0x7f00000007c0)=[{{0x0, 0x0, 0x0}, 0x9}], 0x1, 0x0, 0x0)

8.336626445s ago: executing program 6 (id=1689):
ioperm(0x4, 0x8, 0x5)
r0 = msgget$private(0x0, 0x0)
msgsnd(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="01"], 0x8, 0x0)
msgrcv(r0, &(0x7f00000004c0)={0x0, ""/84}, 0x5c, 0xda72ed5a9dc29567, 0x2000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r2 = socket$inet(0x2, 0x3, 0x2f)
getsockopt$IP_VS_SO_GET_INFO(r2, 0x0, 0x481, &(0x7f0000000040), 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000d40)=@nat={'nat\x00', 0x2, 0x5, 0x4b0, 0x4000000, 0xf0, 0xffffffff, 0x0, 0x310, 0x3e0, 0x3e0, 0xffffffff, 0x3e0, 0x3e0, 0x5, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @remote, [], [], 'batadv0\x00', 'veth0_to_batadv\x00'}, 0x0, 0xa8, 0xf0}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x0, @ipv4=@empty, @ipv6=@remote}}}, {{@ipv6={@dev, @loopback, [], [], 'batadv0\x00', 'veth1_vlan\x00'}, 0x0, 0xe8, 0x130, 0x0, {}, [@common=@unspec=@connlimit={{0x40}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x0, @ipv4=@loopback, @ipv6=@private0, @icmp_id, @icmp_id}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @multicast1}, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @gre_key, @gre_key}}}, {{@ipv6={@remote, @mcast1, [], [], 'ipvlan0\x00', 'pim6reg\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x510)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="460001"], 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0x2f}, @call={0x85, 0x0, 0x0, 0x5}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

8.128621215s ago: executing program 0 (id=1690):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f00000000c0)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(r1, 0x1, &(0x7f0000000180)=0x3)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x804, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x9, 0x3, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x94)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0)
mmap$binder(&(0x7f000023d000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x6)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r4, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10)
sendto$inet(r4, &(0x7f00000013c0)="bd31", 0x2, 0x0, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, &(0x7f00000000c0)={'fl512\x00', [0x4fa7, 0x105, 0x2, 0x10000421, 0x2000001, 0xcc7, 0x7ffffffe, 0x5c952398, 0x5, 0x3ff, 0x2, 0x300, 0x1, 0x1, 0x9, 0x0, 0x40400, 0x8, 0x48f3, 0x1ff, 0x80000089, 0xa, 0x1400000, 0x20001e54, 0xffffeadb, 0x3, 0x3d, 0x8, 0x4, 0x7ffffff, 0x485b]})
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000007, 0x12, r6, 0xbc7ae000)
sendmsg$NFT_BATCH(r5, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a050000000000000000000700000a0900010073797a30000000003c000000090a010400000000000000000700000308000a40000000000900020073797a31000000000900010073797a30000000000800054000000021900000000c0a01030000000000000000070000000900020073797a31000000000900010073797a3000000000640003806000008004000180580007800b000100746172676574000048000280080002400000000230000300b08c674515113085726709225a7547b6f14c1aa7a7202afc0811618e3b5a514fb651ff7360e7749fe5bee39009000100534e4154"], 0x114}}, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f00000019c0)=@raw={'raw\x00', 0x4001, 0x3, 0xa38, 0x0, 0xb, 0x148, 0x0, 0x148, 0x9a0, 0x240, 0x240, 0x9a0, 0x215, 0x3, 0x0, {[{{@ip={@local, @local, 0x0, 0x0, 'ip6gretap0\x00', 'veth0\x00', {}, {}, 0x11}, 0x2e8, 0x880, 0x8e8, 0x0, {0xff0f000000000000}, [@common=@inet=@udp={{0x30}}, @common=@unspec=@u32={{0x7e0}, {[], 0x1}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}, {{@ip={@broadcast, @broadcast, 0x0, 0x0, 'team0\x00', 'netpci0\x00'}, 0xec010000, 0x98, 0xb8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0xa98)

7.90882455s ago: executing program 6 (id=1692):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$l2tp6(0xa, 0x2, 0x73)
connect$l2tp6(r2, &(0x7f0000000f40)={0xa, 0x0, 0x0, @empty}, 0x20)
sendmmsg$inet6(r2, &(0x7f0000000ac0)=[{{&(0x7f0000000180)={0xa, 0x0, 0x0, @empty}, 0x1b, 0x0}}], 0x17fd147c801ae9af, 0xff00)

7.856807596s ago: executing program 7 (id=1693):
syz_open_dev$cec(&(0x7f00000000c0), 0xffffffffffffffff, 0x80243)
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x2, 0x31, 0x7d, 0x55, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
r2 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000640)=@newqdisc={0x38, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x2, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_EVICT_TIMEOUT={0x8, 0x6, 0xfffffff7}]}}]}, 0x38}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000300)={0x34, &(0x7f0000000440)=ANY=[@ANYBLOB="001255"], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$sierra_net(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000700)={0x84, &(0x7f0000000200)={0x20, 0x3, 0x6, "a6d2fd5d95bf"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x40, 0xb, 0x2, "b58b"}, 0x0, 0x0, &(0x7f0000000580)={0x40, 0x17, 0x6, @remote}, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc"], 0x0)
write$binfmt_script(r4, &(0x7f0000000100), 0x208e24b)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x40, 0x1ff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0)
syz_usb_control_io$uac1(r0, &(0x7f0000000000)={0x14, &(0x7f0000000080)={0x0, 0x11, 0x2, {0x2, 0x6}}, &(0x7f0000000280)=ANY=[@ANYBLOB="0003020000000203847a409f05aafb8271934f68e264185c8c3a314ba0133433c0f6e42ac2ee2b01da29816e7a9337c67de37de48e088f4292e7a261f85a63cbc98959"]}, &(0x7f00000005c0)={0x44, &(0x7f0000000140)=ANY=[@ANYBLOB="000d39000000a0e6c22cde67441e2752a3bc50c21fa5450000000000000d8cad3a7d38f16e0aebf47cd57afb895f979757d4909e9786b0a140f52dc5"], 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x84, 0x2, "ec49"}, 0x0})
ioctl$DRM_IOCTL_GET_MAP(0xffffffffffffffff, 0xc0286404, &(0x7f0000000400)={&(0x7f00002ee000/0x3000)=nil})

7.381667328s ago: executing program 5 (id=1695):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
sendto$inet(r3, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10)
listen(r3, 0xda90)
accept4(r3, 0x0, 0x0, 0x0)

6.537752605s ago: executing program 2 (id=1696):
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$inet6(0xa, 0x802, 0x0)
connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback, 0x3}, 0x31)
sendmmsg$inet6(r2, &(0x7f0000002940), 0x40000000000017d, 0x811)

5.525379466s ago: executing program 5 (id=1697):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000500)={@flat=@binder={0x73622a85, 0xa, 0x2}, @fd, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x0, 0xf}}, &(0x7f0000000240)={0x0, 0x18, 0x30}}, 0x1000}], 0x0, 0x0, 0x0})

5.307331292s ago: executing program 6 (id=1698):
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000100)={{0x1, 0x0, 0x0, 0x3}})
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xa7d286f)
openat$ptp0(0xffffffffffffff9c, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000010c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
request_key(0x0, 0x0, 0x0, 0x0)
close(0xffffffffffffffff)
r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x1, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_QBUF(r3, 0xc058560f, &(0x7f00000002c0)=@multiplanar_mmap={0x0, 0x2, 0x4, 0x0, 0x0, {}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x0, "f4ffffff"}, 0x20000000, 0x1, {0x0}})
ioctl$vim2m_VIDIOC_STREAMOFF(r3, 0x40045612, &(0x7f0000000280)=0x2)

5.214107721s ago: executing program 5 (id=1699):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x5, &(0x7f0000006680))
setgroups(0x0, 0x0)

5.049747514s ago: executing program 5 (id=1700):
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x40001e0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r3)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000100)=ANY=[@ANYRES32=r7, @ANYRES32=r6, @ANYBLOB='&'], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r7}, &(0x7f0000000000), &(0x7f0000000080)=r3}, 0x20)
sendmsg$inet(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0)
recvfrom(r4, &(0x7f0000004000)=""/4112, 0xfffffffffffffedc, 0x2080, 0x0, 0x0)

4.998563212s ago: executing program 7 (id=1701):
prlimit64(0x0, 0xe, &(0x7f0000000480)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setpriority(0x0, r0, 0x5)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3fe, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4})
socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000080), 0x4)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4)

4.894056009s ago: executing program 0 (id=1702):
ioperm(0x4, 0x8, 0x5)
r0 = msgget$private(0x0, 0x0)
msgsnd(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="01"], 0x8, 0x0)
msgrcv(r0, &(0x7f00000004c0)={0x0, ""/84}, 0x5c, 0xda72ed5a9dc29567, 0x2000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$inet(0x2, 0x3, 0x2f)
getsockopt$IP_VS_SO_GET_INFO(r4, 0x0, 0x481, &(0x7f0000000040), 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000d40)=@nat={'nat\x00', 0x2, 0x5, 0x4b0, 0x4000000, 0xf0, 0xffffffff, 0x0, 0x310, 0x3e0, 0x3e0, 0xffffffff, 0x3e0, 0x3e0, 0x5, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @remote, [], [], 'batadv0\x00', 'veth0_to_batadv\x00'}, 0x0, 0xa8, 0xf0}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x0, @ipv4=@empty, @ipv6=@remote}}}, {{@ipv6={@dev, @loopback, [], [], 'batadv0\x00', 'veth1_vlan\x00'}, 0x0, 0xe8, 0x130, 0x0, {}, [@common=@unspec=@connlimit={{0x40}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x0, @ipv4=@loopback, @ipv6=@private0, @icmp_id, @icmp_id}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @multicast1}, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @gre_key, @gre_key}}}, {{@ipv6={@remote, @mcast1, [], [], 'ipvlan0\x00', 'pim6reg\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x510)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r6, &(0x7f0000000580)=ANY=[@ANYBLOB="460001"], 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0x2f}, @call={0x85, 0x0, 0x0, 0x5}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

4.492361197s ago: executing program 0 (id=1703):
syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000000000040cb06a7810000000000010902"], 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet_udp(0x2, 0x2, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
getdents64(r0, &(0x7f0000002f40)=""/4090, 0xffa)

3.462306195s ago: executing program 7 (id=1704):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r0 = userfaultfd(0x801)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}], 0x1, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f000040a000/0x800000)=nil, 0x800000}, 0x1})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x15)

3.280947835s ago: executing program 6 (id=1705):
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_mark(0xffffffffffffffff, 0x1, 0x4800003e, r0, 0x0)
r1 = dup2(0xffffffffffffffff, r0)
creat(&(0x7f0000000140)='./bus\x00', 0x43)
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000080))
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x1000}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000005580)=""/102392, 0x18ff8)
openat$kvm(0xffffffffffffff9c, 0x0, 0x40, 0x0)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$UI_DEV_SETUP(r3, 0x405c5503, &(0x7f0000000100)={{0x104, 0x80, 0x0, 0x6a8}, 'syz1\x00', 0x2f})
ioctl$UI_SET_LEDBIT(r3, 0x40045569, 0x4)
ioctl$UI_DEV_CREATE(r3, 0x5501)
r4 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r4, &(0x7f0000006300)={0x2020, 0x0, <r5=>0x0, <r6=>0x0, <r7=>0x0}, 0x2020)
write$FUSE_INIT(r4, &(0x7f0000000040)={0x50, 0x0, r5, {0x7, 0x1f, 0x0, 0x34014c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
syz_fuse_handle_req(r4, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000001d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r4, 0x0, 0x0, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={0x78, 0x0, 0x6, {0xfeffffffffffffff, 0x0, 0x0, {0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x1, 0x3966, 0x1, 0x8000, 0xfffffffc, r6, r7, 0x3, 0x4}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
read$FUSE(r1, &(0x7f0000000680)={0x2020}, 0x2020)
r8 = getuid()
fstat(r3, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0})
setxattr$system_posix_acl(&(0x7f0000000040)='./bus\x00', &(0x7f0000000180)='system.posix_acl_default\x00', &(0x7f0000000340)={{}, {0x1, 0x4}, [{0x2, 0x1}, {0x2, 0x1}, {0x2, 0x7}, {0x2, 0x4, r6}, {0x2, 0x4, 0xffffffffffffffff}, {0x2, 0x1, r8}], {0x4, 0x2}, [{0x8, 0x4}, {0x8, 0x0, r9}], {0x10, 0x1}, {0x20, 0x2}}, 0x64, 0x1)

3.219179851s ago: executing program 7 (id=1706):
prlimit64(0x0, 0xe, &(0x7f0000000180)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000340)='./file1\x00', 0x0, &(0x7f0000000000)={[{@space_cache_v1}, {@clear_cache}, {@compress_algo={'compress', 0x3d, 'zstd'}}]}, 0xff, 0x50d4, &(0x7f00000051c0)="$eJzs3U+IVWUfB/Dnzjg6KDjXnbp48QW3wiQKRURDaFaYc82CosVMLYIQYVAwFy3EgpIWDgha4cJgWmR/nFVFC3GVBEEQBcEgzEKQdkIxGC6Ke8957pz7HO+5dyZ1TD+fmDnnOb/zPOeZy1nc783n3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhhJNz585V1bdemTm7Y2DP1Us3T+w8NTE6H0KtdbyW1yeeeuaFNw5MPD8cO0zuz7b1erchs67zWWN1x8Fmv86f10IIQ8kAg/l292Bp1OLu4fKAlfZfXNh25NbeXTPHxg9dOLp5qvyn0zS80hNYKfl9dW3xXhpr/R5Izmi3C7dereMWzfqnN9w9+SMAgCUZbbQ27bej+Vvcdvt4Wk/aY0l7OmnHdwjTxcZyZOOu7jbPLWl9heY5lkWFNd3mWU/q+evfbjeSekjbnVFjCfPsPDWPNMPd5jmV1FdqngAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD3k6c/+eJ6VX3rlZmzOwb2XL1088TOUxOj8yHUW8drWbn2xMLcwqa3dj/63e4vP/6zPn5yMO8Xt6sKJ4ff4s5jIyG8Xqhci8P+vj6ERmeh1QwflQtvtnaejQUAAAAeJJtavwfa7SwODnW0a600WWv9F2Vhcf/FhW1Hbu3dNXNs/NCFo5unlj9eo8t4Y7cdr92uL/7UCsE4xt90vMV6PPVwaZxq6Yhpnn959MPtVf1L+b9enf/jKyf/AwAA8G/I/+k41Xrl//nPX91X1b+U/7d0XLKU/+OMY/4fCMvL/wAAAHA/u9v5f6w0TrVe+f/r9/edrupfyv+j/eX/VcVpx4M/xgkfHAlhtNfUAQAAgC7i/3df/Ggh5vXsk4M0r7+49fpQ1Xil/D/WX/6vHBQAAAC4p34488jfVfVS/m/0l//X3NVZAwAAAEvxv/cmD1TVS/l/sr/8vzbf5isfsk7fx3+FcHokhOHmzlRWuBKmn2wXAAAAgDsk5vSXvt18tOq8Uv6fqn7+f3zSQVz/3/H8v9L6/0Ihe+rf4x4MAAAAwMOovJ4/Ph4/++aCbt+/3+/6/09//nVD1fVL+f94f/l/sLi9k9//BwAAAMvwX/v+v1dK41Tr9fz/t9/dsLT8P91f/o/bdcU/73J8fd4ZCWFjcyd/muBn8XIHk8LsUKHQ0kh6HIg98sLsmkKhZSrpsX0khP83d44nhQ2xMJ0UbqzPC+eTwk+xkN8P7cJXSeFyvNPOrM+nmxa+iYV8gcVsXEGxrr0kIunxR7cezcJte8y1Lw4AAPBQieE5z7JDnc2QRtnZWq8T1vY6YaDXCYO9TliVnJCe2O14mOwsxON//TL+XKhQyv/n+8v/8aVYnW26rf8Pcf1//r2G7fX/k7FQTwqzsdBInxjQiNfIwu4H8Rr1Rt7jxsZ2AQAAAB5o8XOBwRWeBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAPe/ceY8dVHw787PN61+vdDUHKQxYxL0N+ktdrOw7WLyCcVBEIpGQtov6DQtbYm9TxBhs/Co4s1RhUlCKEC66IQh+2RFSnEsgqbXmEEosqQVUtGoU2fziPpgWEKkGjFNclSiRX986c2bln9j78WNsbPh/Je8+933POzDn33vGcmblnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgt8PV373hy+3i7/jR1796U+8HXvjBbw6u/9I9ky+FMNV4vScL97zvzHNnrvvU7Ru+d/s3Hjk9fudDg3m5PB6W1v/05k8+F2v92bIQvt0TQn8aWDWSBQby5yOxvuUjIVwV5gJFiZnhrES64PDkUAhHwlygqOq7QyGMlAJ3PfPDJ75YTxweCuGdIYRauowXatkyhtLAysEsMJwGdvRngf89mykC3+nNAnDB4peh+NAfn2rOMD5/uRafv4GLtmKXV9q8vpgYb53vV7cu8EqVDKYvTF3Q21apjgVR+Xqc8G1bBN+2Sj8f8raVd6TyPZSzc6Fa6N06c+/mvbN74iu9YWKir1VNC/Q+n3pl/5ZzSS+az2FcgfGL8jm8//DNzw5+7I4XH3n98f2na19bfqGr2ap7F1ot5J+5RfM+RhttTxbB16+yl7TCTlcI4fSJk/vbxSvj//H24//4cY6PvU25Y62vjWZj8/jKSEy8PJqNzQEAAGDRWAxHTQdX/OtP29VXGf+v6O78fzzlnw/ms9aeCGFjI/HZsRCubbyeBR6Li/v4WAhvbaSmmgO3JoETIVzXSNxYVJWUWBJLrEgCvxjNAxuTwFMxMJUEHo2BQ0ngczFwPAlsiYETSeC2GAjbmtvx/0bzdnQdGIqB6awTj8erEH49GpeW9NVzRVUAAAAXST46HGh+WrrW4UIzxOHl8aFOGeIV2C0z1JIa0hFsMaxqWUN/pxp6O9VQtPtA++ZXau7pVHPlMoye5gz/c+qaHaGNyvh/sv34vzbPivRUzv+HyU2Nh5i7N4/MFhmmp5oyAAAAABfg9948vbldvDL+39jd9f/xmEhfKXM4GQ9DbB8LYbI5kFV7SzWQnfVemgcAAABgMSjOxxfnwrflj9kl2ul4upp/6hzzxxP/G+fNv+PH//J4u/WtjP+nurv+f7j5MVuJp+JafGUshCWlwI/iWtYDDSti4KX3Nwfy9j8VO+ALsar8woSiqi/EEtMxMJkEjrQq8XRR4trmQP5mFQv/bNGObXmJUgAAAAAuuXg4IJ6Xj9f/r/nbP3yyXbnK+H/63K7/b4yDK5f3zy4NYXV/CH3pDwNODmcTA8bASE+e+PvhrK6+tKqDwyHcUm9YWtV/5PP/96dzDP5kKKsqBq5927FXVtYTXx8KYXU58OxHj66vJ/YmgWLhvzsUwg311qYL/7sl2cIH0oU/vCSEt5QCRVVbloRQX9hgWtU/1PL7GKRVHa+FcHUpUFT1nloI+wIAi1X8v3Rr+cXd+x7cvnl2dmbXAibiQfyhcO+22ZmJLTtmt9ZarNPWZJ2b5jH6TLVN3d765vk4R9Hdx8a6SRc/FJwsLys/kF+5cjB/HneGBhrtXDvQ9HRd2uR3v726iFDalWrV5N4FbvJwuZK5N7FSf8w/GJaGJXt3z+ya+PTmPXt2rcn+dpt9bfY3nmfK+mpN2lfD861bFx+PltNlJc63r1aWK1m954Gdq3fve3DVtgc23zdz38wnNkyuW7vh5sn171ldb9Rk9rdDS1fOV3PS0rNHu2zWRWzp9f2lSi7FRkNCQmKxJQYH7jzVbvNTGf/vbD/+j1uduOHP52dodf5/PJ7mz16fO80/HQNHuj3/P97qbH5xYcCKJHAgBg44zQ8AAMAbQzwcGY9mxoPSB971wvvalauM/w909/v/izT/fzF1/YdaTfN/Yywx2Wr+/3Sa/2L+/wOt5v9Pp/kv5v8/chnm/99bBJIu+bX5/wEAgDeCSzf/f8fp/dMbBFQydJzeP71BQCVDx2n8u71BwDnP//83v1yzPrRRGf8f6m78b+J+AAAAuHJcc9sNP24Xr4z/j3Q3/r/08/+FVtf/r2gVmGo1MaD5/wAAAFikWs3/98xHdr6/XbnK+P94d+P/eNlFb1PuWOtro9mcdiGd0+7l0eInAwAAALA49IaJiYEu8zZNjHrr+S/zVJwKtE267NDnj53b7/9PdDf+b/pdxv2Hb3528GN3vPjaI68/vv907WvL587/AwAAAAun2+MSAAAAAAAAAAAAAADA5ffo1d+ad16AqPL7/7Cp8Xqr3//H+/413TTxTD4Z4IE4s/6XxkzzBwAAAAvroVtffTj+u+/Lf/Rf7fJWxv/j3Y3/4/0F8vvgZbfeOxHv//fZsRAat9YbzwKPxcV9fCyEtzZSU7FEdkO9D8USk1ngsThh4o2xxPRUc1VLYuB4EvjFaB44kQSeioH8KMWxeGPAPx4NYX0jtam5xM5YYjwJ3BkDK5LARAxMJoFlMbAxCfxyWR6YSgL/FAP5zQeLvvrWsryvAAAAzkU+zhpofhrScd7x/k4Zejpl6LiI4U4ZejtlqLXIEJ//dVyHgfJ8/HmG+NJAWutQUkslQ7wZ3vk3vZiu7+nmnGnByqL7YsHx5pwxw85/vukroY3K+H9Fd+P/y3j///Ru/htjYEUS2BkDG5PA9KY8cOSa5oD7/wMAAHBla3X//9G3/NWhduUq4//J7sb/8UDEm5tyx1o73/8/f37Xh7+5r7HKJ0dDeHs5sP3g9qvqiUdHQ3hXOfDE3Tc2Ru0H0xLff/G2n9cT96SBD65605l64r1JYDp20nVpIB5VObMsCcTu/UkaiP1xPA0M5oGHlmXt6En76j9Hsr7qSfvq1Eh2eUVP2lffHsmW0ZM28HASKBr4yTQQG3hHHuhN1+qbS7O1ioGRWPQvlhYXfQAAcGWKe4ED4d5tszOT6U94r+9vfoyabln+mWq1PV0u/vl4a/K7j411k+5L90VrRVUDoVZvwprK7mo5S0+jlRenlg5d9+YWTe50t/feFuVS59p1g61bNJS1aGLLjtmtAx0bvq5zlrX9HbOsqQx2yll6G13aRS1drEsXLeqyb7pY5fi8N0xM9CW5/n8MjocmnT4R3d6vr3yf/1afgnKeo5//91fb1VcZ/2/sbvwf27M0lD7On4u1/mxZCN/umTsaUQRWjWSB2NyRODxePhLCVaV+KErMDGclBpMFhyeHshHqYFrVd4eyYwzx+V3P/PCJL9YTh4dCeGfpvSqW8UItW8ZQGlg5mAWG08CO/iwQr/woAt/pzQJwwYqNQvxA5T91KYzPX67F5++Nck/QtHmVa6DmyTffNneh1NIX8muqCuf2tlWqY0FUvh4nfNsW47ct+LaVd6TyPZSzc6Fa6N06c+/mvbN74ivlPdmKBXqfy3up3aQvwufwwPmvbWe1dAUmk83H5Pzl5v8c9sTq7j9887ODH7vjxUdef3z/6drXlne9Gi3EgcKT//2mq8rdu9BqIf/MLbrtyZTtyWL8b2Dc2xZCOPTnQ59sF6+M/6e6G//3J48Nr8bO3D0WwrtLnXsydv/vjGXbwVIg20peXQ1kl9z/dLTllhMAAAAutuJwR3G8YFv+mP0gPB0nV/NPnWP+eLxi47z5u13v/U/+/mPt4pXx/3T78f+SZDWd/3f+nwXi/P+8rvRD0UvSFw5c0KHoSnUsCOf/53Wlf9uc/5+X8//O/8/H+f8OnP+f15X+tlX2knba6QohnL1+4OF28cr4f2d34//fsvn/09n8i/n/00n7i/n/p1vN/7+z1fz/B8z/DwAALKgWE82n47zK5PyVDOnk/JUMPUmGc7/FQMdp9M3/n87/f/DPbtkT2qiM/w90N/6PH4eR8tIXy/z/45talNi4qXl1i8ChGNjpjgEAAABcRvEAQbzovdsZJgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFhYd7x6ZnO7+Dt+9PWv3tT7gRd+8JuD6790z+RLIWxrvN6ThXved+a5M9d96vYN37v9G4+cHr/zoVpebiB/XN6UO9b62mgIR0qvjMTEy6P1J3OBuz78zX399cTJ0RDeXg5sP7j9qnri0dEQ3lUOPHH3jdfUEwfTEt9/8baf1xP3pIEPrnrTmXrivXmgJ13dP12WrW5PurpfXBbCWClQrO79y5qrKpbxgTzQmy7jL0eyZcTASCz68Ei2jBiYjSW2LQlhdX8IfWlV/1jLqupLq/peLauqL63qD2oh3BJC6E+r+rfBrKr+tOVPD2ZVxcC1bzv2ysp64uhgCKvLgWc/enR9PbErCRQL/8hgCDfUPzLpwr81kC18IF34nwyE8JZSoKhqeiCE+sIG06pO9GdVDaZVfaM/hKtLgaKqm/pD2Be4XOKGZGv5xd37Hty+eXZ2ZtcCJgbzZQ2Fe7fNzkxs2TG7tZasUys9pfTZz5x/259/Zf+WRuLuY2PdpIv1miyvy9NTlRfLz/vzpwONdq4daHq6brE0ebhcydybWKk/5h8MS8OSvbtndk18evOePbvWZH+7zb42+9uXR7O+WrNY+mpluZLVex7YuXr3vgdXbXtg830z9818YsPkurUbbp5c/57V9UZNZn8vRkuPXvqWXt9fquRSbDQkJCQWW6K3aes2eaVvxys7+nMrOhBqjQ10ZVhRztLTaOXFaPSt59Ha3Lk2ujIkqbRoTWXgUMmytnOWdZUxw1yWoSxLY1+wMjgs19Tb6NL4vDdMTPS16ofx5qfl7v3VBXTvqdh1XaYBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4P3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhR04FgAAAAAQ5m8dRs8GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXAoAAP//Qczu7Q==")
fanotify_init(0x0, 0x400)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x120, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.swap.current\x00', 0x275a, 0x0)
ftruncate(r3, 0x3)

2.168100832s ago: executing program 2 (id=1707):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
sendto$inet(r3, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10)
listen(r3, 0xda90)
accept4(r3, 0x0, 0x0, 0x0)

2.053428258s ago: executing program 0 (id=1708):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$l2tp6(0xa, 0x2, 0x73)
connect$l2tp6(r2, &(0x7f0000000f40)={0xa, 0x0, 0x0, @empty}, 0x20)
sendmmsg$inet6(r2, &(0x7f0000000ac0)=[{{&(0x7f0000000180)={0xa, 0x0, 0x0, @empty}, 0x1b, 0x0}}], 0x17fd147c801ae9af, 0xff00)

1.101433597s ago: executing program 5 (id=1709):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000500)={@flat=@binder={0x73622a85, 0xa, 0x2}, @fd, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x0, 0xf}}, &(0x7f0000000240)={0x0, 0x18, 0x30}}, 0x1000}], 0x0, 0x0, 0x0})

856.870046ms ago: executing program 5 (id=1710):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000"], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000010000)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0})
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000a40)={&(0x7f0000000140)=[{0x18, 0x4000, 0x1, &(0x7f00000001c0)='\x00'}], 0x1})

72.877222ms ago: executing program 7 (id=1711):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x1, @dev={0xfe, 0x80, '\x00', 0x39}, 0x3e}, 0x1c)
recvmmsg(r0, &(0x7f0000001700)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000001780)=""/4096, 0x1000}], 0x1}, 0x3}, {{&(0x7f0000000000)=@ieee802154, 0x80, &(0x7f00000015c0)=[{&(0x7f00000002c0)=""/4096, 0x1000}], 0x1}, 0x3}], 0x2, 0x30180, 0x0)

0s ago: executing program 2 (id=1712):
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="580000000206030000000000000000000300000705000100070000000900020073797a31000000000c00078008001240000000050500050002000000050004000100000011000300686173683a69702c706f7274"], 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a3100000000050001000700"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x90)

kernel console output (not intermixed with test programs):

g disk space caching
[  538.083003][T10237] BTRFS info (device loop2): force clearing of disk cache
[  538.091996][T10237] BTRFS info (device loop2): use zstd compression, level 3
[  538.656784][ T9782] usb 6-1: new full-speed USB device number 13 using dummy_hcd
[  538.893304][ T5836] BTRFS info (device loop2): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  538.946273][ T9782] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  538.979784][ T9782] usb 6-1: config 0 has no interface number 0
[  539.017793][ T9782] usb 6-1: config 0 interface 1 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  539.066608][ T9782] usb 6-1: config 0 interface 1 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0
[  539.103249][ T9782] usb 6-1: config 0 interface 1 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  539.147727][ T9782] usb 6-1: config 0 interface 1 has no altsetting 0
[  539.154420][ T9782] usb 6-1: New USB device found, idVendor=145f, idProduct=0212, bcdDevice= 0.00
[  539.177011][ T9782] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  539.237722][ T9782] usb 6-1: config 0 descriptor??
[  539.893473][ T9782] uclogic 0003:145F:0212.0003: pen parameters not found
[  540.644813][ T9782] uclogic 0003:145F:0212.0003: interface is invalid, ignoring
[  540.667802][ T9782] usb 6-1: USB disconnect, device number 13
[  541.347298][T10292] loop6: detected capacity change from 0 to 512
[  541.462453][T10292] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  541.571978][T10292] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  541.659185][T10292] ext4 filesystem being mounted at /22/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  541.823741][ T9322] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  542.108735][T10302] loop2: detected capacity change from 0 to 8
[  542.119428][T10302] SQUASHFS error: zlib decompression failed, data probably corrupt
[  542.127428][T10302] SQUASHFS error: Failed to read block 0x9b: -5
[  542.133697][T10302] SQUASHFS error: Unable to read metadata cache entry [99]
[  542.141259][T10302] SQUASHFS error: Unable to read inode 0x127
[  542.530368][T10307] binder: 10304:10307 ioctl c0306201 0 returned -14
[  543.705793][T10303] loop6: detected capacity change from 0 to 32768
[  543.726024][T10316] loop7: detected capacity change from 0 to 32768
[  543.735222][T10316] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.973 (10316)
[  543.753564][T10316] BTRFS info (device loop7): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  543.765036][T10316] BTRFS info (device loop7): using crc32c checksum algorithm
[  543.772725][T10316] BTRFS warning (device loop7): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  543.898308][T10316] BTRFS info (device loop7): rebuilding free space tree
[  543.947530][T10316] BTRFS info (device loop7): disabling free space tree
[  543.954545][T10316] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  543.965040][T10316] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  543.980482][T10316] BTRFS info (device loop7): enabling ssd optimizations
[  543.987552][T10316] BTRFS info (device loop7): turning on async discard
[  543.994399][T10316] BTRFS info (device loop7): enabling disk space caching
[  544.001869][T10316] BTRFS info (device loop7): force clearing of disk cache
[  544.009492][T10316] BTRFS info (device loop7): use zstd compression, level 3
[  544.804362][T10342] loop5: detected capacity change from 0 to 4096
[  544.923631][   T10] IPVS: starting estimator thread 0...
[  545.109849][T10346] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  545.171527][T10342] NILFS error (device loop5): nilfs_check_folio: bad entry in directory #2: rec_len is too small for name_len - offset=0, inode=2, rec_len=16, name_len=11
[  545.265424][ T9591] BTRFS info (device loop7): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  545.337863][T10345] IPVS: using max 25 ests per chain, 60000 per kthread
[  546.926681][ T5908] usb 8-1: new full-speed USB device number 2 using dummy_hcd
[  547.239432][T10362] lo speed is unknown, defaulting to 1000
[  547.682057][ T5908] usb 8-1: config 0 has an invalid interface number: 1 but max is 0
[  547.710156][ T5908] usb 8-1: config 0 has no interface number 0
[  547.757949][ T5908] usb 8-1: config 0 interface 1 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  547.836759][ T5908] usb 8-1: config 0 interface 1 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0
[  547.884259][ T5908] usb 8-1: config 0 interface 1 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  547.934509][ T5908] usb 8-1: config 0 interface 1 has no altsetting 0
[  548.096328][ T5908] usb 8-1: New USB device found, idVendor=145f, idProduct=0212, bcdDevice= 0.00
[  548.128910][ T5908] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  548.240747][ T5908] usb 8-1: config 0 descriptor??
[  549.511611][ T5908] uclogic 0003:145F:0212.0004: pen parameters not found
[  549.539013][ T5908] uclogic 0003:145F:0212.0004: interface is invalid, ignoring
[  549.580201][ T5908] usb 8-1: USB disconnect, device number 2
[  550.656016][T10395] loop7: detected capacity change from 0 to 32768
[  550.681036][T10395] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.986 (10395)
[  550.715272][T10395] BTRFS info (device loop7): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  550.726798][T10395] BTRFS info (device loop7): using crc32c checksum algorithm
[  550.735409][T10395] BTRFS warning (device loop7): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  550.969048][T10395] BTRFS info (device loop7): rebuilding free space tree
[  551.020995][T10395] BTRFS info (device loop7): disabling free space tree
[  551.029940][T10395] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  551.036350][T10409] loop5: detected capacity change from 0 to 512
[  551.039721][T10395] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  551.077342][T10395] BTRFS info (device loop7): enabling ssd optimizations
[  551.084363][T10395] BTRFS info (device loop7): turning on async discard
[  551.091260][T10395] BTRFS info (device loop7): enabling disk space caching
[  551.098451][T10395] BTRFS info (device loop7): force clearing of disk cache
[  551.105606][T10395] BTRFS info (device loop7): use zstd compression, level 3
[  551.611631][T10409] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  551.712899][T10409] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  551.725767][T10409] ext4 filesystem being mounted at /172/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  551.780588][ T9591] BTRFS info (device loop7): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  551.897494][ T6236] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  552.741604][T10427] input: syz1 as /devices/virtual/input/input13
[  554.436520][T10439] loop5: detected capacity change from 0 to 32768
[  554.445687][T10439] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.994 (10439)
[  554.480396][T10439] BTRFS info (device loop5): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  554.490594][T10439] BTRFS info (device loop5): using crc32c checksum algorithm
[  554.498141][T10439] BTRFS warning (device loop5): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  554.842063][T10439] BTRFS info (device loop5): rebuilding free space tree
[  554.857610][T10439] BTRFS info (device loop5): disabling free space tree
[  554.864723][T10439] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  554.874576][T10439] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  554.890042][T10439] BTRFS info (device loop5): enabling ssd optimizations
[  554.897290][T10439] BTRFS info (device loop5): turning on async discard
[  554.904194][T10439] BTRFS info (device loop5): enabling disk space caching
[  554.911867][T10439] BTRFS info (device loop5): force clearing of disk cache
[  554.919714][T10439] BTRFS info (device loop5): use zstd compression, level 3
[  554.943262][T10420] loop6: detected capacity change from 0 to 40427
[  555.065378][T10420] F2FS-fs (loop6): Image doesn't support compression
[  555.147156][T10420] F2FS-fs (loop6): build fault injection rate: 684
[  555.153766][T10420] F2FS-fs (loop6): build fault injection type: 0x35f7
[  555.247803][T10420] F2FS-fs (loop6): invalid crc value
[  555.253426][T10420] F2FS-fs (loop6): Failed to initialize F2FS segment manager (-4)
[  555.745026][T10466] loop7: detected capacity change from 0 to 64
[  555.756876][T10466] hfs: unable to locate alternate MDB
[  555.762325][T10466] hfs: continuing without an alternate MDB
[  555.818152][ T6236] BTRFS info (device loop5): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  557.051201][T10468] loop6: detected capacity change from 0 to 32768
[  557.135425][T10468] XFS (loop6): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  557.144288][ T9782] usb 3-1: new full-speed USB device number 7 using dummy_hcd
[  557.224037][T10468] XFS (loop6): Ending clean mount
[  557.340109][ T9782] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  557.397752][ T9782] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  557.446712][ T9322] XFS (loop6): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  557.495276][ T9782] usb 3-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95
[  557.515550][ T9782] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  557.530336][ T9782] usb 3-1: Product: syz
[  557.534599][ T9782] usb 3-1: Manufacturer: syz
[  557.539737][ T9782] usb 3-1: SerialNumber: syz
[  557.587105][ T9782] usb 3-1: config 0 descriptor??
[  557.842673][ T5922] usb 3-1: USB disconnect, device number 7
[  558.022364][T10491] loop0: detected capacity change from 0 to 128
[  558.052291][T10491] FAT-fs (loop0): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1)
[  560.587629][T10510] input: syz1 as /devices/virtual/input/input14
[  562.781845][T10517] loop2: detected capacity change from 0 to 40427
[  562.827025][T10517] F2FS-fs (loop2): Image doesn't support compression
[  562.848590][T10517] F2FS-fs (loop2): build fault injection rate: 684
[  562.873173][T10517] F2FS-fs (loop2): build fault injection type: 0x35f7
[  562.903563][T10517] F2FS-fs (loop2): invalid crc value
[  563.058039][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[  563.064436][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[  563.984103][T10517] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  563.995346][T10517] F2FS-fs (loop2): Start checkpoint disabled!
[  564.060628][T10517] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  566.001613][T10553] No such timeout policy "syz1"
[  569.103850][T10562] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  569.823526][T10562] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  569.881942][T10562] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  569.888153][T10562] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  572.125038][T10608] loop6: detected capacity change from 0 to 1024
[  572.139661][T10608] EXT4-fs: Ignoring removed i_version option
[  572.145760][T10608] EXT4-fs: inline encryption not supported
[  572.411916][T10608] EXT4-fs (loop6): Test dummy encryption mode enabled
[  572.472911][T10612] No such timeout policy "syz1"
[  572.908871][T10608] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  573.075790][T10562] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  573.115805][T10562] Bluetooth: hci5: Error when powering off device on rfkill (-4)
[  573.273308][T10562] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  573.593560][T10562] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  573.927002][ T9322] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  573.960050][T10562] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  573.982899][T10562] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  575.403560][T10644] input: syz1 as /devices/virtual/input/input15
[  577.396716][T10660] loop0: detected capacity change from 0 to 2048
[  577.455610][T10660] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  582.699296][T10727] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1054'.
[  583.520651][T10738] xt_hashlimit: size too large, truncated to 1048576
[  584.156071][T10752] loop2: detected capacity change from 0 to 4096
[  584.267744][T10754] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  584.285530][ T5922] IPVS: starting estimator thread 0...
[  584.769756][T10753] IPVS: using max 27 ests per chain, 64800 per kthread
[  585.307541][T10759] loop0: detected capacity change from 0 to 512
[  585.433315][T10759] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  586.196014][T10779] xt_hashlimit: overflow, try lower: 18446744073709551615/255
[  587.100335][T10782] No such timeout policy "syz1"
[  587.568609][ T5830] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  588.581646][T10794] : entered promiscuous mode
[  588.668990][T10798] loop2: detected capacity change from 0 to 64
[  589.139656][T10803] loop0: detected capacity change from 0 to 16
[  589.153793][T10803] erofs: Unknown parameter 'ÿÿÿÿ0xffffffffffffffffœôS2òç/¾b*üDObêhÄ*w³Rþ
[  589.153793][T10803] ýß±Ì�ùÀùè™êšçÃZ+'
[  590.255993][T10810] loop6: detected capacity change from 0 to 32768
[  591.036727][ T5994] usb 1-1: new full-speed USB device number 13 using dummy_hcd
[  591.298291][ T5994] usb 1-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  591.376659][ T5994] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  591.448229][ T5994] usb 1-1: config 0 descriptor??
[  591.519039][T10827] input: syz1 as /devices/virtual/input/input16
[  592.322469][T10837] No such timeout policy "syz1"
[  592.954276][ T5994] pegasus 1-1:0.0: probe with driver pegasus failed with error -71
[  593.011404][ T5994] usb 1-1: USB disconnect, device number 13
[  594.251649][T10862] No such timeout policy "syz1"
[  594.705047][T10863] loop5: detected capacity change from 0 to 64
[  595.266478][T10869] lo speed is unknown, defaulting to 1000
[  596.009740][T10868] loop7: detected capacity change from 0 to 32768
[  597.086944][  T803] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  597.287045][  T803] usb 6-1: Using ep0 maxpacket: 32
[  597.813529][  T803] usb 6-1: config 0 has an invalid interface number: 111 but max is 0
[  597.854315][  T803] usb 6-1: config 0 has no interface number 0
[  597.858993][   T10] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  597.906215][T10885] loop6: detected capacity change from 0 to 4096
[  597.973845][  T803] usb 6-1: New USB device found, idVendor=044e, idProduct=3001, bcdDevice=44.b0
[  598.005416][  T803] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  598.036609][  T803] usb 6-1: Product: syz
[  598.047571][  T803] usb 6-1: Manufacturer: syz
[  598.052231][  T803] usb 6-1: SerialNumber: syz
[  598.069419][T10892] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  598.086723][   T10] usb 1-1: Using ep0 maxpacket: 16
[  598.101614][  T803] usb 6-1: config 0 descriptor??
[  598.131064][   T10] usb 1-1: config 0 has an invalid interface number: 132 but max is 0
[  598.165905][   T10] usb 1-1: config 0 has no interface number 0
[  598.201952][   T10] usb 1-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  598.213175][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  598.222449][   T10] usb 1-1: Product: syz
[  598.227004][   T10] usb 1-1: Manufacturer: syz
[  598.231913][   T10] usb 1-1: SerialNumber: syz
[  598.259403][   T10] usb 1-1: config 0 descriptor??
[  598.339028][   T10] hub 1-1:0.132: bad descriptor, ignoring hub
[  598.345176][   T10] hub 1-1:0.132: probe with driver hub failed with error -5
[  598.361677][  T803] usb 6-1: USB disconnect, device number 14
[  598.409821][   T10] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.132/input/input17
[  598.951703][T10905] No such timeout policy "syz1"
[  599.471706][T10906] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  599.547255][T10906] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  600.075046][T10909] loop7: detected capacity change from 0 to 64
[  600.129372][T10909] hfs: unable to locate alternate MDB
[  600.159588][  T803] usb 1-1: USB disconnect, device number 14
[  600.167661][T10909] hfs: continuing without an alternate MDB
[  600.174251][T10912] loop5: detected capacity change from 0 to 128
[  604.755500][T10927] loop0: detected capacity change from 0 to 40427
[  604.934347][T10927] F2FS-fs (loop0): Image doesn't support compression
[  605.006748][T10927] F2FS-fs (loop0): build fault injection rate: 684
[  605.686716][T10927] F2FS-fs (loop0): build fault injection type: 0x35f7
[  605.717310][T10927] F2FS-fs (loop0): invalid crc value
[  606.027725][T10958] random: crng reseeded on system resumption
[  607.560327][T10927] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  607.835285][T10927] F2FS-fs (loop0): Start checkpoint disabled!
[  608.289127][T10927] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0
[  609.676094][T10990] loop5: detected capacity change from 0 to 4096
[  609.868212][T10990] NILFS error (device loop5): nilfs_check_folio: bad entry in directory #2: rec_len is too small for name_len - offset=0, inode=2, rec_len=16, name_len=11
[  609.890453][T10991] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  610.992153][T10999] binder: 10994:10999 ioctl c0306201 0 returned -14
[  611.894350][T11007] input: syz1 as /devices/virtual/input/input18
[  612.295840][T11013] random: crng reseeded on system resumption
[  612.456750][ T5922] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  612.735548][T11017] loop7: detected capacity change from 0 to 32768
[  612.760293][T11018] loop0: detected capacity change from 0 to 128
[  612.811452][ T5922] usb 3-1: Using ep0 maxpacket: 8
[  613.056014][ T5922] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  613.076664][ T5922] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  613.096981][ T5922] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  613.813298][ T5922] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  613.900252][ T5922] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  613.965328][ T5922] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  614.014652][ T5922] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  614.890052][ T5922] usb 3-1: GET_CAPABILITIES returned 0
[  614.937656][ T5922] usbtmc 3-1:16.0: can't read capabilities
[  615.166387][T11011] usbtmc 3-1:16.0: usb_control_msg returned -71
[  615.175414][ T5922] usb 3-1: USB disconnect, device number 8
[  615.981109][T11037] loop6: detected capacity change from 0 to 4096
[  616.025242][T11036] NILFS error (device loop6): nilfs_check_folio: bad entry in directory #2: rec_len is too small for name_len - offset=0, inode=2, rec_len=16, name_len=11
[  616.043748][T11038] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  616.066892][  T803] IPVS: starting estimator thread 0...
[  616.212352][T11039] IPVS: using max 26 ests per chain, 62400 per kthread
[  616.606650][   T10] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  616.783302][   T10] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  616.826063][   T10] usb 6-1: config 0 has no interface number 0
[  616.868190][   T10] usb 6-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  616.916953][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  616.944953][   T10] usb 6-1: Product: syz
[  616.974940][   T10] usb 6-1: Manufacturer: syz
[  616.995519][   T10] usb 6-1: SerialNumber: syz
[  617.047676][   T10] usb 6-1: config 0 descriptor??
[  617.283287][T11054] binder: 11048:11054 ioctl c0306201 0 returned -14
[  617.568200][   T10] usb 6-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  617.579803][T11052] input: syz1 as /devices/virtual/input/input19
[  617.606802][   T10] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  617.640901][   T10] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  617.670123][   T10] usb 6-1: media controller created
[  617.790304][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  618.953326][   T10] i2c i2c-1: ec100: i2c rd failed=-71 reg=33
[  620.088293][   T10] usb 6-1: USB disconnect, device number 15
[  620.709014][T11080] loop6: detected capacity change from 0 to 1024
[  620.743811][T11080] EXT4-fs: Ignoring removed orlov option
[  620.764609][T11080] EXT4-fs: Ignoring removed bh option
[  620.805794][T11080] ext4: Unknown parameter 'seclabel'
[  620.984255][T11080] loop6: detected capacity change from 0 to 1024
[  621.196821][T11080] EXT4-fs: Ignoring removed i_version option
[  621.846665][T11080] EXT4-fs: inline encryption not supported
[  621.899552][T11080] EXT4-fs (loop6): Test dummy encryption mode enabled
[  621.983362][T11080] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  622.043408][T11092] input: syz1 as /devices/virtual/input/input20
[  623.557282][ T9322] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  624.406899][T11113] loop6: detected capacity change from 0 to 128
[  624.443672][T11113] FAT-fs (loop6): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1)
[  624.488409][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[  624.494938][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[  624.890980][T11118] loop5: detected capacity change from 0 to 128
[  626.619601][T11131] loop0: detected capacity change from 0 to 512
[  626.639941][T11112] loop2: detected capacity change from 0 to 40427
[  626.650358][T11132] loop7: detected capacity change from 0 to 64
[  626.660575][T11131] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  626.706827][T11112] F2FS-fs (loop2): Image doesn't support compression
[  626.713586][T11112] F2FS-fs (loop2): build fault injection rate: 684
[  626.727241][T11132] hfs: unable to locate alternate MDB
[  626.732689][T11132] hfs: continuing without an alternate MDB
[  626.783033][T11112] F2FS-fs (loop2): build fault injection type: 0x35f7
[  626.817528][T11131] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  626.855405][T11112] F2FS-fs (loop2): invalid crc value
[  627.063391][T11131] EXT4-fs error (device loop0): ext4_map_blocks:776: inode #2: block 18: comm syz.0.1156: lblock 23 mapped to illegal pblock 18 (length 1)
[  627.109739][T11131] EXT4-fs error (device loop0): ext4_readdir:265: inode #2: block 3: comm syz.0.1156: path (unknown): bad entry in directory: directory entry overrun - offset=12, inode=514, rec_len=2048, size=2048 fake=0
[  627.258280][T11139] EXT4-fs error (device loop0): ext4_map_blocks:776: inode #2: block 18: comm syz.0.1156: lblock 23 mapped to illegal pblock 18 (length 1)
[  627.342835][T11140] EXT4-fs error (device loop0): ext4_map_blocks:776: inode #2: block 18: comm syz.0.1156: lblock 23 mapped to illegal pblock 18 (length 1)
[  627.359191][T11112] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  627.403944][T11112] F2FS-fs (loop2): Start checkpoint disabled!
[  627.420385][T11139] EXT4-fs error (device loop0): ext4_readdir:265: inode #2: block 3: comm syz.0.1156: path (unknown): bad entry in directory: directory entry overrun - offset=12, inode=514, rec_len=2048, size=2048 fake=0
[  627.455370][T11131] EXT4-fs error (device loop0): ext4_readdir:265: inode #2: block 12: comm syz.0.1156: path (unknown): bad entry in directory: directory entry overrun - offset=0, inode=5066064, rec_len=65536, size=2048 fake=0
[  627.489055][T11141] EXT4-fs error (device loop0): ext4_map_blocks:776: inode #2: block 18: comm syz.0.1156: lblock 23 mapped to illegal pblock 18 (length 1)
[  627.538983][T11112] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  627.585718][T11142] EXT4-fs error (device loop0): ext4_map_blocks:776: inode #2: block 18: comm syz.0.1156: lblock 23 mapped to illegal pblock 18 (length 1)
[  627.649501][T11139] EXT4-fs error (device loop0): ext4_readdir:265: inode #2: block 12: comm syz.0.1156: path (unknown): bad entry in directory: directory entry overrun - offset=0, inode=5066064, rec_len=65536, size=2048 fake=0
[  627.818034][ T5830] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1142: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  627.922862][ T5830] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  628.256222][T11146] tipc: Started in network mode
[  628.278175][T11146] tipc: Node identity ca10ebb87a5f, cluster identity 4711
[  628.307285][T11146] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  628.331232][T11149] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(6)
[  628.338054][T11149] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  628.386722][T11149] vhci_hcd vhci_hcd.0: Device attached
[  628.411911][T11153] random: crng reseeded on system resumption
[  628.428375][T11145] tipc: Disabling bearer <eth:syzkaller0>
[  628.646779][  T803] usb 46-1: SetAddress Request (2) to port 0
[  628.697042][  T803] usb 46-1: new SuperSpeed USB device number 2 using vhci_hcd
[  628.801231][T11151] vhci_hcd: connection reset by peer
[  628.842269][T11159] loop5: detected capacity change from 0 to 128
[  628.865165][   T49] vhci_hcd vhci_hcd.6: stop threads
[  628.880482][T11159] FAT-fs (loop5): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1)
[  628.898054][   T49] vhci_hcd vhci_hcd.6: release socket
[  628.955412][   T49] vhci_hcd vhci_hcd.6: disconnect device
[  631.774646][T11182] loop7: detected capacity change from 0 to 256
[  632.269275][T11182] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0x8f9fe1ed, utbl_chksum : 0xe619d30d)
[  632.849153][T11189] loop5: detected capacity change from 0 to 128
[  633.856718][  T803] usb 46-1: device descriptor read/8, error -110
[  634.055644][T11183] loop0: detected capacity change from 0 to 40427
[  634.075138][T11183] F2FS-fs (loop0): Image doesn't support compression
[  634.088757][T11201] loop6: detected capacity change from 0 to 128
[  634.097538][T11183] F2FS-fs (loop0): build fault injection rate: 684
[  634.133797][T11201] FAT-fs (loop6): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1)
[  634.153697][T11183] F2FS-fs (loop0): build fault injection type: 0x35f7
[  634.201585][T11183] F2FS-fs (loop0): invalid crc value
[  634.231554][T11194] syzkaller0: entered promiscuous mode
[  634.264494][T11194] syzkaller0: entered allmulticast mode
[  634.271834][  T803] usb usb46-port1: attempt power cycle
[  634.398413][T11183] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  634.441193][T11183] F2FS-fs (loop0): Start checkpoint disabled!
[  634.468103][T11183] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0
[  634.517060][T11183] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  634.657388][  T112] kworker/u8:5: attempt to access beyond end of device
[  634.657388][  T112] loop0: rw=2049, sector=45096, nr_sectors = 32 limit=40427
[  634.685747][  T112] CPU: 0 UID: 0 PID: 112 Comm: kworker/u8:5 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  634.685777][  T112] Tainted: [L]=SOFTLOCKUP
[  634.685783][  T112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  634.685793][  T112] Workqueue: writeback wb_workfn (flush-7:0)
[  634.685819][  T112] Call Trace:
[  634.685825][  T112]  <TASK>
[  634.685832][  T112]  dump_stack_lvl+0xe8/0x150
[  634.685857][  T112]  f2fs_handle_critical_error+0x37c/0x540
[  634.685885][  T112]  f2fs_write_end_io+0xcdb/0xff0
[  634.685914][  T112]  __submit_merged_bio+0x256/0x700
[  634.685942][  T112]  __submit_merged_write_cond+0x3c9/0x4e0
[  634.685970][  T112]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  634.686009][  T112]  f2fs_write_data_pages+0x2975/0x35e0
[  634.686051][  T112]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  634.686076][  T112]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  634.686117][  T112]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  634.686157][  T112]  ? __lock_acquire+0x6b5/0x2cf0
[  634.686187][  T112]  ? lock_list_lru_of_memcg+0x2e/0x4c0
[  634.686208][  T112]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  634.686224][  T112]  do_writepages+0x32e/0x550
[  634.686252][  T112]  ? reacquire_held_locks+0x104/0x190
[  634.686274][  T112]  ? writeback_sb_inodes+0x477/0x1a20
[  634.686300][  T112]  __writeback_single_inode+0x133/0x11a0
[  634.686322][  T112]  ? do_raw_spin_unlock+0xf5/0x210
[  634.686342][  T112]  writeback_sb_inodes+0x992/0x1a20
[  634.686377][  T112]  ? __lock_acquire+0x6b5/0x2cf0
[  634.686403][  T112]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  634.686422][  T112]  ? do_raw_spin_lock+0x12b/0x2f0
[  634.686468][  T112]  ? rcu_is_watching+0x15/0xb0
[  634.686529][  T112]  wb_writeback+0x456/0xb70
[  634.686561][  T112]  ? queue_io+0x1e1/0x4a0
[  634.686595][  T112]  ? __pfx_wb_writeback+0x10/0x10
[  634.686619][  T112]  ? do_raw_spin_lock+0x12b/0x2f0
[  634.686659][  T112]  wb_workfn+0x414/0xf50
[  634.686685][  T112]  ? look_up_lock_class+0x57/0x110
[  634.686725][  T112]  ? __pfx_wb_workfn+0x10/0x10
[  634.686751][  T112]  ? do_raw_spin_lock+0x12b/0x2f0
[  634.686777][  T112]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  634.686822][  T112]  ? process_one_work+0x87c/0x1650
[  634.686850][  T112]  process_one_work+0x949/0x1650
[  634.686901][  T112]  ? __pfx_process_one_work+0x10/0x10
[  634.686926][  T112]  ? do_raw_spin_lock+0x12b/0x2f0
[  634.686968][  T112]  worker_thread+0xb46/0x1140
[  634.687026][  T112]  kthread+0x388/0x470
[  634.687047][  T112]  ? __pfx_worker_thread+0x10/0x10
[  634.687074][  T112]  ? __pfx_kthread+0x10/0x10
[  634.687096][  T112]  ret_from_fork+0x51e/0xb90
[  634.687128][  T112]  ? __pfx_ret_from_fork+0x10/0x10
[  634.687155][  T112]  ? __switch_to+0xc7d/0x1450
[  634.687185][  T112]  ? __pfx_kthread+0x10/0x10
[  634.687208][  T112]  ret_from_fork_asm+0x1a/0x30
[  634.687248][  T112]  </TASK>
[  634.987002][  T112] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  635.088579][  T112] CPU: 1 UID: 0 PID: 112 Comm: kworker/u8:5 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  635.088608][  T112] Tainted: [L]=SOFTLOCKUP
[  635.088614][  T112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  635.088624][  T112] Workqueue: writeback wb_workfn (flush-7:0)
[  635.088656][  T112] Call Trace:
[  635.088662][  T112]  <TASK>
[  635.088670][  T112]  dump_stack_lvl+0xe8/0x150
[  635.088696][  T112]  f2fs_handle_critical_error+0x37c/0x540
[  635.088725][  T112]  f2fs_write_end_io+0xcdb/0xff0
[  635.088757][  T112]  __submit_merged_bio+0x256/0x700
[  635.088785][  T112]  __submit_merged_write_cond+0x3c9/0x4e0
[  635.088816][  T112]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  635.088858][  T112]  f2fs_write_data_pages+0x2975/0x35e0
[  635.088904][  T112]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  635.088932][  T112]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  635.088979][  T112]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  635.089022][  T112]  ? __lock_acquire+0x6b5/0x2cf0
[  635.089054][  T112]  ? lock_list_lru_of_memcg+0x2e/0x4c0
[  635.089076][  T112]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  635.089113][  T112]  do_writepages+0x32e/0x550
[  635.089154][  T112]  ? reacquire_held_locks+0x104/0x190
[  635.089190][  T112]  ? writeback_sb_inodes+0x477/0x1a20
[  635.089216][  T112]  __writeback_single_inode+0x133/0x11a0
[  635.089239][  T112]  ? do_raw_spin_unlock+0xf5/0x210
[  635.089260][  T112]  writeback_sb_inodes+0x992/0x1a20
[  635.089298][  T112]  ? __lock_acquire+0x6b5/0x2cf0
[  635.089324][  T112]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  635.089343][  T112]  ? do_raw_spin_lock+0x12b/0x2f0
[  635.089399][  T112]  ? rcu_is_watching+0x15/0xb0
[  635.089432][  T112]  wb_writeback+0x456/0xb70
[  635.089456][  T112]  ? queue_io+0x1e1/0x4a0
[  635.089483][  T112]  ? __pfx_wb_writeback+0x10/0x10
[  635.089502][  T112]  ? do_raw_spin_lock+0x12b/0x2f0
[  635.089533][  T112]  wb_workfn+0x414/0xf50
[  635.089552][  T112]  ? look_up_lock_class+0x57/0x110
[  635.089586][  T112]  ? __pfx_wb_workfn+0x10/0x10
[  635.089606][  T112]  ? do_raw_spin_lock+0x12b/0x2f0
[  635.089626][  T112]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  635.089667][  T112]  ? process_one_work+0x87c/0x1650
[  635.089687][  T112]  process_one_work+0x949/0x1650
[  635.089727][  T112]  ? __pfx_process_one_work+0x10/0x10
[  635.089746][  T112]  ? do_raw_spin_lock+0x12b/0x2f0
[  635.089778][  T112]  worker_thread+0xb46/0x1140
[  635.089823][  T112]  kthread+0x388/0x470
[  635.089840][  T112]  ? __pfx_worker_thread+0x10/0x10
[  635.089860][  T112]  ? __pfx_kthread+0x10/0x10
[  635.089878][  T112]  ret_from_fork+0x51e/0xb90
[  635.089903][  T112]  ? __pfx_ret_from_fork+0x10/0x10
[  635.089923][  T112]  ? __switch_to+0xc7d/0x1450
[  635.089946][  T112]  ? __pfx_kthread+0x10/0x10
[  635.089963][  T112]  ret_from_fork_asm+0x1a/0x30
[  635.089993][  T112]  </TASK>
[  635.089999][  T112] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  635.481440][  T803] usb usb46-port1: unable to enumerate USB device
[  635.490122][  T112] CPU: 1 UID: 0 PID: 112 Comm: kworker/u8:5 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  635.490156][  T112] Tainted: [L]=SOFTLOCKUP
[  635.490163][  T112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  635.490177][  T112] Workqueue: writeback wb_workfn (flush-7:0)
[  635.490212][  T112] Call Trace:
[  635.490220][  T112]  <TASK>
[  635.490230][  T112]  dump_stack_lvl+0xe8/0x150
[  635.490263][  T112]  f2fs_handle_critical_error+0x37c/0x540
[  635.490301][  T112]  f2fs_write_end_io+0xcdb/0xff0
[  635.490366][  T112]  __submit_merged_bio+0x256/0x700
[  635.490405][  T112]  __submit_merged_write_cond+0x3c9/0x4e0
[  635.490446][  T112]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  635.490509][  T112]  f2fs_write_data_pages+0x2975/0x35e0
[  635.490569][  T112]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  635.490605][  T112]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  635.490667][  T112]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  635.490724][  T112]  ? __lock_acquire+0x6b5/0x2cf0
[  635.490766][  T112]  ? lock_list_lru_of_memcg+0x2e/0x4c0
[  635.490797][  T112]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  635.490820][  T112]  do_writepages+0x32e/0x550
[  635.490859][  T112]  ? reacquire_held_locks+0x104/0x190
[  635.490891][  T112]  ? writeback_sb_inodes+0x477/0x1a20
[  635.490927][  T112]  __writeback_single_inode+0x133/0x11a0
[  635.490958][  T112]  ? do_raw_spin_unlock+0xf5/0x210
[  635.490987][  T112]  writeback_sb_inodes+0x992/0x1a20
[  635.491038][  T112]  ? __lock_acquire+0x6b5/0x2cf0
[  635.491073][  T112]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  635.491099][  T112]  ? do_raw_spin_lock+0x12b/0x2f0
[  635.491165][  T112]  ? rcu_is_watching+0x15/0xb0
[  635.491206][  T112]  wb_writeback+0x456/0xb70
[  635.491238][  T112]  ? queue_io+0x1e1/0x4a0
[  635.491275][  T112]  ? __pfx_wb_writeback+0x10/0x10
[  635.491301][  T112]  ? do_raw_spin_lock+0x12b/0x2f0
[  635.491342][  T112]  wb_workfn+0x414/0xf50
[  635.491369][  T112]  ? look_up_lock_class+0x57/0x110
[  635.491413][  T112]  ? __pfx_wb_workfn+0x10/0x10
[  635.491440][  T112]  ? do_raw_spin_lock+0x12b/0x2f0
[  635.491474][  T112]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  635.491523][  T112]  ? process_one_work+0x87c/0x1650
[  635.491550][  T112]  process_one_work+0x949/0x1650
[  635.491604][  T112]  ? __pfx_process_one_work+0x10/0x10
[  635.491630][  T112]  ? do_raw_spin_lock+0x12b/0x2f0
[  635.491672][  T112]  worker_thread+0xb46/0x1140
[  635.491732][  T112]  kthread+0x388/0x470
[  635.491755][  T112]  ? __pfx_worker_thread+0x10/0x10
[  635.491783][  T112]  ? __pfx_kthread+0x10/0x10
[  635.491807][  T112]  ret_from_fork+0x51e/0xb90
[  635.491840][  T112]  ? __pfx_ret_from_fork+0x10/0x10
[  635.491868][  T112]  ? __switch_to+0xc7d/0x1450
[  635.491898][  T112]  ? __pfx_kthread+0x10/0x10
[  635.491922][  T112]  ret_from_fork_asm+0x1a/0x30
[  635.491961][  T112]  </TASK>
[  635.492086][  T112] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  635.774946][  T112] CPU: 1 UID: 0 PID: 112 Comm: kworker/u8:5 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  635.774979][  T112] Tainted: [L]=SOFTLOCKUP
[  635.774987][  T112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  635.775000][  T112] Workqueue: writeback wb_workfn (flush-7:0)
[  635.775035][  T112] Call Trace:
[  635.775043][  T112]  <TASK>
[  635.775052][  T112]  dump_stack_lvl+0xe8/0x150
[  635.775085][  T112]  f2fs_handle_critical_error+0x37c/0x540
[  635.775124][  T112]  f2fs_write_end_io+0xcdb/0xff0
[  635.775167][  T112]  __submit_merged_bio+0x256/0x700
[  635.775205][  T112]  __submit_merged_write_cond+0x3c9/0x4e0
[  635.775245][  T112]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  635.775300][  T112]  f2fs_write_data_pages+0x2975/0x35e0
[  635.775362][  T112]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  635.775398][  T112]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  635.775469][  T112]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  635.775525][  T112]  ? __lock_acquire+0x6b5/0x2cf0
[  635.775568][  T112]  ? lock_list_lru_of_memcg+0x2e/0x4c0
[  635.775597][  T112]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  635.775621][  T112]  do_writepages+0x32e/0x550
[  635.775659][  T112]  ? reacquire_held_locks+0x104/0x190
[  635.775690][  T112]  ? writeback_sb_inodes+0x477/0x1a20
[  635.775725][  T112]  __writeback_single_inode+0x133/0x11a0
[  635.775755][  T112]  ? do_raw_spin_unlock+0xf5/0x210
[  635.775783][  T112]  writeback_sb_inodes+0x992/0x1a20
[  635.775834][  T112]  ? __lock_acquire+0x6b5/0x2cf0
[  635.775868][  T112]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  635.775894][  T112]  ? do_raw_spin_lock+0x12b/0x2f0
[  635.775959][  T112]  ? rcu_is_watching+0x15/0xb0
[  635.776000][  T112]  wb_writeback+0x456/0xb70
[  635.776032][  T112]  ? queue_io+0x1e1/0x4a0
[  635.776069][  T112]  ? __pfx_wb_writeback+0x10/0x10
[  635.776094][  T112]  ? do_raw_spin_lock+0x12b/0x2f0
[  635.776135][  T112]  wb_workfn+0x414/0xf50
[  635.776162][  T112]  ? look_up_lock_class+0x57/0x110
[  635.776206][  T112]  ? __pfx_wb_workfn+0x10/0x10
[  635.776234][  T112]  ? do_raw_spin_lock+0x12b/0x2f0
[  635.776260][  T112]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  635.776308][  T112]  ? process_one_work+0x87c/0x1650
[  635.776336][  T112]  process_one_work+0x949/0x1650
[  635.776388][  T112]  ? __pfx_process_one_work+0x10/0x10
[  635.776414][  T112]  ? do_raw_spin_lock+0x12b/0x2f0
[  635.776465][  T112]  worker_thread+0xb46/0x1140
[  635.776525][  T112]  kthread+0x388/0x470
[  635.776548][  T112]  ? __pfx_worker_thread+0x10/0x10
[  635.776575][  T112]  ? __pfx_kthread+0x10/0x10
[  635.776598][  T112]  ret_from_fork+0x51e/0xb90
[  635.776633][  T112]  ? __pfx_ret_from_fork+0x10/0x10
[  635.776660][  T112]  ? __switch_to+0xc7d/0x1450
[  635.776691][  T112]  ? __pfx_kthread+0x10/0x10
[  635.776714][  T112]  ret_from_fork_asm+0x1a/0x30
[  635.776752][  T112]  </TASK>
[  636.145304][  T112] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  636.686718][ T5908] usb 7-1: new full-speed USB device number 5 using dummy_hcd
[  637.123193][ T5908] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[  637.145793][ T5908] usb 7-1: config 0 has no interface number 0
[  637.317282][ T5908] usb 7-1: config 0 interface 1 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  637.338684][ T5908] usb 7-1: config 0 interface 1 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0
[  637.931691][ T5908] usb 7-1: config 0 interface 1 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  637.946658][ T5908] usb 7-1: config 0 interface 1 has no altsetting 0
[  637.953702][ T5908] usb 7-1: New USB device found, idVendor=145f, idProduct=0212, bcdDevice= 0.00
[  637.963412][ T5908] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  637.985944][ T5908] usb 7-1: config 0 descriptor??
[  638.804433][ T5908] uclogic 0003:145F:0212.0005: pen parameters not found
[  638.822263][ T5908] uclogic 0003:145F:0212.0005: interface is invalid, ignoring
[  638.835078][ T5908] usb 7-1: USB disconnect, device number 5
[  639.689035][T11228] loop0: detected capacity change from 0 to 1024
[  639.704785][T11228] EXT4-fs: Ignoring removed i_version option
[  639.723355][T11228] EXT4-fs: inline encryption not supported
[  639.742530][T11228] EXT4-fs (loop0): Test dummy encryption mode enabled
[  639.793816][T11228] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  640.478778][ T5150] Bluetooth: hci3: command 0x1003 tx timeout
[  640.485473][   T51] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  641.348975][T11244] loop5: detected capacity change from 0 to 128
[  641.369783][T11244] FAT-fs (loop5): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1)
[  643.044865][ T5830] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  644.707139][ T5994] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  644.891401][ T5994] usb 6-1: Using ep0 maxpacket: 32
[  644.915364][ T5994] usb 6-1: config 0 has an invalid interface number: 67 but max is 0
[  644.933969][ T5994] usb 6-1: config 0 has no interface number 0
[  644.943433][ T5994] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  644.964191][ T5994] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  644.973453][ T5994] usb 6-1: Product: syz
[  644.984161][ T5994] usb 6-1: Manufacturer: syz
[  644.993405][ T5994] usb 6-1: SerialNumber: syz
[  645.019563][ T5994] usb 6-1: config 0 descriptor??
[  645.549758][T11280] loop2: detected capacity change from 0 to 128
[  645.992245][T11283] loop7: detected capacity change from 0 to 40427
[  646.041984][T11283] F2FS-fs (loop7): Insane cp_payload (553648128 >= 504)
[  646.049225][T11283] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  646.075192][T11283] F2FS-fs (loop7): invalid crc value
[  646.151114][T11283] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  646.196236][T11283] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[  646.203893][T11283] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  648.314225][ T5994] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000030: -71
[  648.325255][ T5994] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error writing E2P_CMD
[  648.336383][ T5994] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  648.347888][ T5994] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -71
[  648.359356][ T5994] usb 6-1: USB disconnect, device number 16
[  648.563451][T11300] loop0: detected capacity change from 0 to 1024
[  648.587083][T11300] EXT4-fs: Ignoring removed i_version option
[  648.593947][T11300] EXT4-fs: inline encryption not supported
[  648.612588][T11300] EXT4-fs (loop0): Test dummy encryption mode enabled
[  648.669716][T11300] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  649.175162][T11309] loop7: detected capacity change from 0 to 128
[  649.186305][T11309] FAT-fs (loop7): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1)
[  649.982019][T11316] random: crng reseeded on system resumption
[  651.295141][T11323] loop7: detected capacity change from 0 to 32768
[  651.309644][T11323] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.1206 (11323)
[  651.325132][T11323] BTRFS info (device loop7): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  651.335945][T11323] BTRFS info (device loop7): using crc32c checksum algorithm
[  651.343406][T11323] BTRFS warning (device loop7): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  651.426825][T11323] BTRFS info (device loop7): rebuilding free space tree
[  651.460835][T11323] BTRFS info (device loop7): disabling free space tree
[  651.467852][T11323] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  651.477746][T11323] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  651.502572][T11323] BTRFS info (device loop7): enabling ssd optimizations
[  651.509708][T11323] BTRFS info (device loop7): turning on async discard
[  651.516812][T11323] BTRFS info (device loop7): enabling disk space caching
[  651.523857][T11323] BTRFS info (device loop7): force clearing of disk cache
[  651.531130][T11323] BTRFS info (device loop7): use zstd compression, level 3
[  652.019510][ T9591] BTRFS info (device loop7): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  652.161352][ T5830] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  654.665275][T11369] random: crng reseeded on system resumption
[  655.617238][ T5908] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  655.787151][ T5908] usb 8-1: Using ep0 maxpacket: 32
[  655.804768][ T5908] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  655.830136][T11366] loop5: detected capacity change from 0 to 40427
[  655.838908][ T5908] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  655.893768][ T5908] usb 8-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  655.958062][ T5908] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  655.981809][T11366] F2FS-fs (loop5): Image doesn't support compression
[  656.026875][T11366] F2FS-fs (loop5): build fault injection rate: 684
[  656.103617][T11366] F2FS-fs (loop5): build fault injection type: 0x35f7
[  656.132967][ T5908] usb 8-1: config 0 descriptor??
[  656.212859][T11366] F2FS-fs (loop5): invalid crc value
[  656.810964][ T5908] ft260 0003:0403:6030.0006: unknown main item tag 0x0
[  656.828313][ T5908] ft260 0003:0403:6030.0006: unknown main item tag 0x0
[  656.878793][T11366] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  656.921722][T11366] F2FS-fs (loop5): Start checkpoint disabled!
[  656.944359][T11366] F2FS-fs (loop5): f2fs_disable_checkpoint() finish, err:0
[  656.977434][T11366] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  657.010540][ T5908] ft260 0003:0403:6030.0006: chip code: 0000 0000
[  657.285973][ T5908] ft260 0003:0403:6030.0006: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.7-1/input0
[  657.443045][T11400] loop9: detected capacity change from 0 to 7
[  657.462439][T11400] Buffer I/O error on dev loop9, logical block 0, async page read
[  657.471687][T11400] Buffer I/O error on dev loop9, logical block 0, async page read
[  657.484079][T11400] Buffer I/O error on dev loop9, logical block 0, async page read
[  657.492970][T11400] Buffer I/O error on dev loop9, logical block 0, async page read
[  657.502403][T11400] Buffer I/O error on dev loop9, logical block 0, async page read
[  657.511512][T11400] Buffer I/O error on dev loop9, logical block 0, async page read
[  657.524061][T11400] Buffer I/O error on dev loop9, logical block 0, async page read
[  657.532442][T11400] ldm_validate_partition_table(): Disk read failed.
[  657.576702][T11400] Buffer I/O error on dev loop9, logical block 0, async page read
[  657.606378][T11400] Buffer I/O error on dev loop9, logical block 0, async page read
[  657.613017][ T5908] ft260 0003:0403:6030.0006: failed to retrieve status: -32, no wakeup
[  657.624122][T11400] Buffer I/O error on dev loop9, logical block 0, async page read
[  657.633062][T11400] Dev loop9: unable to read RDB block 0
[  657.639545][T11400]  loop9: unable to read partition table
[  657.647848][T11400] loop9: partition table beyond EOD, truncated
[  657.654516][T11400] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dG¤´à–ƒÝ¡¯ �â·û
[  657.654516][T11400] 
) failed (rc=-5)
[  658.085311][   T58] kworker/u8:4: attempt to access beyond end of device
[  658.085311][   T58] loop5: rw=2049, sector=45096, nr_sectors = 24 limit=40427
[  658.148610][   T58] CPU: 1 UID: 0 PID: 58 Comm: kworker/u8:4 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  658.148645][   T58] Tainted: [L]=SOFTLOCKUP
[  658.148653][   T58] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  658.148666][   T58] Workqueue: writeback wb_workfn (flush-7:5)
[  658.148698][   T58] Call Trace:
[  658.148707][   T58]  <TASK>
[  658.148715][   T58]  dump_stack_lvl+0xe8/0x150
[  658.148749][   T58]  f2fs_handle_critical_error+0x37c/0x540
[  658.148792][   T58]  f2fs_write_end_io+0xcdb/0xff0
[  658.148835][   T58]  __submit_merged_bio+0x256/0x700
[  658.148873][   T58]  __submit_merged_write_cond+0x3c9/0x4e0
[  658.148913][   T58]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  658.148967][   T58]  f2fs_write_data_pages+0x2975/0x35e0
[  658.149025][   T58]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  658.149060][   T58]  ? __lock_acquire+0x6b5/0x2cf0
[  658.149118][   T58]  ? unwind_next_frame+0xa5/0x23c0
[  658.149158][   T58]  ? unwind_next_frame+0xa5/0x23c0
[  658.149201][   T58]  ? __lock_acquire+0x6b5/0x2cf0
[  658.149236][   T58]  ? __lock_acquire+0x6b5/0x2cf0
[  658.149282][   T58]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  658.149306][   T58]  do_writepages+0x32e/0x550
[  658.149343][   T58]  ? reacquire_held_locks+0x104/0x190
[  658.149375][   T58]  ? writeback_sb_inodes+0x477/0x1a20
[  658.149419][   T58]  __writeback_single_inode+0x133/0x11a0
[  658.149450][   T58]  ? do_raw_spin_unlock+0xf5/0x210
[  658.149478][   T58]  writeback_sb_inodes+0x992/0x1a20
[  658.149528][   T58]  ? ret_from_fork_asm+0x1a/0x30
[  658.149556][   T58]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  658.149583][   T58]  ? do_raw_spin_lock+0x12b/0x2f0
[  658.149647][   T58]  ? rcu_is_watching+0x15/0xb0
[  658.149694][   T58]  wb_writeback+0x456/0xb70
[  658.149726][   T58]  ? queue_io+0x1e1/0x4a0
[  658.149764][   T58]  ? __pfx_wb_writeback+0x10/0x10
[  658.149789][   T58]  ? do_raw_spin_lock+0x12b/0x2f0
[  658.149829][   T58]  wb_workfn+0x414/0xf50
[  658.149856][   T58]  ? look_up_lock_class+0x57/0x110
[  658.149901][   T58]  ? __pfx_wb_workfn+0x10/0x10
[  658.149927][   T58]  ? do_raw_spin_lock+0x12b/0x2f0
[  658.149954][   T58]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  658.150002][   T58]  ? process_one_work+0x87c/0x1650
[  658.150029][   T58]  process_one_work+0x949/0x1650
[  658.150082][   T58]  ? __pfx_process_one_work+0x10/0x10
[  658.150109][   T58]  ? do_raw_spin_lock+0x12b/0x2f0
[  658.150151][   T58]  worker_thread+0xb46/0x1140
[  658.150210][   T58]  kthread+0x388/0x470
[  658.150233][   T58]  ? __pfx_worker_thread+0x10/0x10
[  658.150267][   T58]  ? __pfx_kthread+0x10/0x10
[  658.150291][   T58]  ret_from_fork+0x51e/0xb90
[  658.150325][   T58]  ? __pfx_ret_from_fork+0x10/0x10
[  658.150353][   T58]  ? __switch_to+0xc7d/0x1450
[  658.150389][   T58]  ? __pfx_kthread+0x10/0x10
[  658.150418][   T58]  ret_from_fork_asm+0x1a/0x30
[  658.150457][   T58]  </TASK>
[  658.177708][   T58] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  658.451392][   T58] CPU: 0 UID: 0 PID: 58 Comm: kworker/u8:4 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  658.451475][   T58] Tainted: [L]=SOFTLOCKUP
[  658.451484][   T58] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  658.451497][   T58] Workqueue: writeback wb_workfn (flush-7:5)
[  658.451533][   T58] Call Trace:
[  658.451541][   T58]  <TASK>
[  658.451550][   T58]  dump_stack_lvl+0xe8/0x150
[  658.451586][   T58]  f2fs_handle_critical_error+0x37c/0x540
[  658.451627][   T58]  f2fs_write_end_io+0xcdb/0xff0
[  658.451674][   T58]  __submit_merged_bio+0x256/0x700
[  658.451715][   T58]  __submit_merged_write_cond+0x3c9/0x4e0
[  658.451758][   T58]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  658.451819][   T58]  f2fs_write_data_pages+0x2975/0x35e0
[  658.451888][   T58]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  658.451927][   T58]  ? __lock_acquire+0x6b5/0x2cf0
[  658.451992][   T58]  ? unwind_next_frame+0xa5/0x23c0
[  658.452031][   T58]  ? unwind_next_frame+0xa5/0x23c0
[  658.452078][   T58]  ? __lock_acquire+0x6b5/0x2cf0
[  658.452116][   T58]  ? __lock_acquire+0x6b5/0x2cf0
[  658.452167][   T58]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  658.452190][   T58]  do_writepages+0x32e/0x550
[  658.452231][   T58]  ? reacquire_held_locks+0x104/0x190
[  658.452263][   T58]  ? writeback_sb_inodes+0x477/0x1a20
[  658.452301][   T58]  __writeback_single_inode+0x133/0x11a0
[  658.452332][   T58]  ? do_raw_spin_unlock+0xf5/0x210
[  658.452362][   T58]  writeback_sb_inodes+0x992/0x1a20
[  658.452441][   T58]  ? ret_from_fork_asm+0x1a/0x30
[  658.452471][   T58]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  658.452497][   T58]  ? do_raw_spin_lock+0x12b/0x2f0
[  658.452573][   T58]  ? rcu_is_watching+0x15/0xb0
[  658.452616][   T58]  wb_writeback+0x456/0xb70
[  658.452650][   T58]  ? queue_io+0x1e1/0x4a0
[  658.452689][   T58]  ? __pfx_wb_writeback+0x10/0x10
[  658.452714][   T58]  ? do_raw_spin_lock+0x12b/0x2f0
[  658.452759][   T58]  wb_workfn+0x414/0xf50
[  658.452787][   T58]  ? look_up_lock_class+0x57/0x110
[  658.452834][   T58]  ? __pfx_wb_workfn+0x10/0x10
[  658.452863][   T58]  ? do_raw_spin_lock+0x12b/0x2f0
[  658.452891][   T58]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  658.452944][   T58]  ? process_one_work+0x87c/0x1650
[  658.452973][   T58]  process_one_work+0x949/0x1650
[  658.453031][   T58]  ? __pfx_process_one_work+0x10/0x10
[  658.453057][   T58]  ? do_raw_spin_lock+0x12b/0x2f0
[  658.453103][   T58]  worker_thread+0xb46/0x1140
[  658.453168][   T58]  kthread+0x388/0x470
[  658.453192][   T58]  ? __pfx_worker_thread+0x10/0x10
[  658.453219][   T58]  ? __pfx_kthread+0x10/0x10
[  658.453243][   T58]  ret_from_fork+0x51e/0xb90
[  658.453277][   T58]  ? __pfx_ret_from_fork+0x10/0x10
[  658.453305][   T58]  ? __switch_to+0xc7d/0x1450
[  658.453337][   T58]  ? __pfx_kthread+0x10/0x10
[  658.453361][   T58]  ret_from_fork_asm+0x1a/0x30
[  658.453402][   T58]  </TASK>
[  658.453419][   T58] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  658.473492][  T803] usb 8-1: reset high-speed USB device number 3 using dummy_hcd
[  658.479246][   T58] CPU: 0 UID: 0 PID: 58 Comm: kworker/u8:4 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  658.479277][   T58] Tainted: [L]=SOFTLOCKUP
[  658.479284][   T58] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  658.479298][   T58] Workqueue: writeback wb_workfn (flush-7:5)
[  658.479329][   T58] Call Trace:
[  658.479336][   T58]  <TASK>
[  658.479346][   T58]  dump_stack_lvl+0xe8/0x150
[  658.479375][   T58]  f2fs_handle_critical_error+0x37c/0x540
[  658.479421][   T58]  f2fs_write_end_io+0xcdb/0xff0
[  658.479554][   T58]  __submit_merged_bio+0x256/0x700
[  658.479679][   T58]  __submit_merged_write_cond+0x3c9/0x4e0
[  658.479781][   T58]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  658.479933][   T58]  f2fs_write_data_pages+0x2975/0x35e0
[  658.480113][   T58]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  658.480213][   T58]  ? __lock_acquire+0x6b5/0x2cf0
[  658.480377][   T58]  ? unwind_next_frame+0xa5/0x23c0
[  658.480505][   T58]  ? unwind_next_frame+0xa5/0x23c0
[  658.480624][   T58]  ? __lock_acquire+0x6b5/0x2cf0
[  658.480715][   T58]  ? __lock_acquire+0x6b5/0x2cf0
[  658.480843][   T58]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  658.480900][   T58]  do_writepages+0x32e/0x550
[  658.481053][   T58]  ? reacquire_held_locks+0x104/0x190
[  658.481140][   T58]  ? writeback_sb_inodes+0x477/0x1a20
[  658.481236][   T58]  __writeback_single_inode+0x133/0x11a0
[  658.481320][   T58]  ? do_raw_spin_unlock+0xf5/0x210
[  658.481401][   T58]  writeback_sb_inodes+0x992/0x1a20
[  658.481553][   T58]  ? ret_from_fork_asm+0x1a/0x30
[  658.481630][   T58]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  658.481694][   T58]  ? do_raw_spin_lock+0x12b/0x2f0
[  658.481883][   T58]  ? rcu_is_watching+0x15/0xb0
[  658.481996][   T58]  wb_writeback+0x456/0xb70
[  658.482086][   T58]  ? queue_io+0x1e1/0x4a0
[  658.482182][   T58]  ? __pfx_wb_writeback+0x10/0x10
[  658.482252][   T58]  ? do_raw_spin_lock+0x12b/0x2f0
[  658.482388][   T58]  wb_workfn+0x414/0xf50
[  658.482512][   T58]  ? look_up_lock_class+0x57/0x110
[  658.482635][   T58]  ? __pfx_wb_workfn+0x10/0x10
[  658.482704][   T58]  ? do_raw_spin_lock+0x12b/0x2f0
[  658.482777][   T58]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  658.482916][   T58]  ? process_one_work+0x87c/0x1650
[  658.482991][   T58]  process_one_work+0x949/0x1650
[  658.483144][   T58]  ? __pfx_process_one_work+0x10/0x10
[  658.483209][   T58]  ? do_raw_spin_lock+0x12b/0x2f0
[  658.483329][   T58]  worker_thread+0xb46/0x1140
[  658.483509][   T58]  kthread+0x388/0x470
[  658.483573][   T58]  ? __pfx_worker_thread+0x10/0x10
[  658.483648][   T58]  ? __pfx_kthread+0x10/0x10
[  658.483723][   T58]  ret_from_fork+0x51e/0xb90
[  658.483846][   T58]  ? __pfx_ret_from_fork+0x10/0x10
[  658.483920][   T58]  ? __switch_to+0xc7d/0x1450
[  658.484005][   T58]  ? __pfx_kthread+0x10/0x10
[  658.484069][   T58]  ret_from_fork_asm+0x1a/0x30
[  658.484184][   T58]  </TASK>
[  658.484208][   T58] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  659.624404][ T9782] usb 8-1: USB disconnect, device number 3
[  662.896617][ T5894] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  662.925919][ T5908] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  663.160622][ T5908] usb 3-1: Using ep0 maxpacket: 16
[  663.213481][ T5908] usb 3-1: config 0 has an invalid interface number: 132 but max is 0
[  663.272397][ T5908] usb 3-1: config 0 has no interface number 0
[  663.388544][ T5908] usb 3-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  663.398762][ T5894] usb 7-1: Using ep0 maxpacket: 8
[  663.413671][ T5894] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  663.424061][ T5908] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  663.441894][ T5894] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  663.462384][ T5908] usb 3-1: Product: syz
[  663.481143][ T5894] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  663.628358][ T5894] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  663.641557][ T5908] usb 3-1: Manufacturer: syz
[  663.641584][ T5908] usb 3-1: SerialNumber: syz
[  663.675383][ T5894] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  663.705631][ T5894] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  663.727994][ T5908] usb 3-1: config 0 descriptor??
[  663.753313][ T5908] hub 3-1:0.132: bad descriptor, ignoring hub
[  663.761880][ T5908] hub 3-1:0.132: probe with driver hub failed with error -5
[  663.820150][ T5908] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.132/input/input21
[  663.959637][ T5894] usb 7-1: GET_CAPABILITIES returned 0
[  663.976071][ T5894] usbtmc 7-1:16.0: can't read capabilities
[  664.049353][T11470] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  664.069610][T11470] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  664.686629][    C0] usbtmc 7-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  664.720954][ T5894] usb 7-1: USB disconnect, device number 6
[  664.808578][T11474] loop0: detected capacity change from 0 to 128
[  664.856120][T11474] FAT-fs (loop0): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1)
[  664.947231][T11474] FAT-fs (loop0): error, invalid FAT chain (i_pos 548, last_block 8)
[  664.964124][T11474] FAT-fs (loop0): Filesystem has been set read-only
[  665.683706][T11474] FAT-fs (loop0): error, corrupted file size (i_pos 548, 522)
[  665.691095][ T5994] usb 3-1: USB disconnect, device number 9
[  666.006045][T11483] evm: overlay not supported
[  666.012659][T11485] capability: warning: `syz.6.1252' uses deprecated v2 capabilities in a way that may be insecure
[  667.973110][T11500] wg1: entered promiscuous mode
[  667.984190][T11500] wg1: entered allmulticast mode
[  669.033669][T11517] loop6: detected capacity change from 0 to 4096
[  669.156563][T11517] NILFS error (device loop6): nilfs_check_folio: bad entry in directory #2: rec_len is too small for name_len - offset=0, inode=2, rec_len=16, name_len=11
[  669.182013][T11518] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  669.789149][T11524] loop7: detected capacity change from 0 to 64
[  669.944987][T11524] hfs: unable to locate alternate MDB
[  669.987338][T11524] hfs: continuing without an alternate MDB
[  670.220711][ T9782] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  670.471261][ T9782] usb 7-1: Using ep0 maxpacket: 16
[  670.520982][ T9782] usb 7-1: config 0 has an invalid interface number: 132 but max is 0
[  670.530446][ T9782] usb 7-1: config 0 has no interface number 0
[  670.696207][ T9782] usb 7-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  670.705466][ T9782] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  670.713563][ T9782] usb 7-1: Product: syz
[  671.331214][ T9782] usb 7-1: Manufacturer: syz
[  671.338088][ T9782] usb 7-1: SerialNumber: syz
[  671.354265][ T9782] usb 7-1: config 0 descriptor??
[  671.378853][ T9782] hub 7-1:0.132: bad descriptor, ignoring hub
[  671.407328][ T9782] hub 7-1:0.132: probe with driver hub failed with error -5
[  671.430986][ T9782] input: bcm5974 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.132/input/input22
[  671.618638][T11527] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  671.826690][T11527] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  673.097800][T11547] loop7: detected capacity change from 0 to 512
[  673.125023][T11547] EXT4-fs (loop7): feature flags set on rev 0 fs, running e2fsck is recommended
[  673.183765][T11547] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  673.207711][T11547] EXT4-fs error (device loop7): ext4_map_blocks:776: inode #2: block 18: comm syz.7.1271: lblock 23 mapped to illegal pblock 18 (length 1)
[  673.224658][T11547] EXT4-fs error (device loop7): ext4_readdir:265: inode #2: block 3: comm syz.7.1271: path (unknown): bad entry in directory: directory entry overrun - offset=12, inode=514, rec_len=2048, size=2048 fake=0
[  673.248819][T11547] EXT4-fs error (device loop7): ext4_readdir:265: inode #2: block 12: comm syz.7.1271: path (unknown): bad entry in directory: directory entry overrun - offset=0, inode=5066064, rec_len=65536, size=2048 fake=0
[  673.281099][T11553] EXT4-fs error (device loop7): ext4_map_blocks:776: inode #2: block 18: comm syz.7.1271: lblock 23 mapped to illegal pblock 18 (length 1)
[  673.298418][T11547] EXT4-fs error (device loop7): ext4_readdir:265: inode #2: block 13: comm syz.7.1271: path (unknown): bad entry in directory: directory entry overrun - offset=0, inode=3653246737, rec_len=65536, size=2048 fake=0
[  673.329572][T11553] EXT4-fs error (device loop7): ext4_map_blocks:776: inode #2: block 18: comm syz.7.1271: lblock 23 mapped to illegal pblock 18 (length 1)
[  673.346241][T11547] EXT4-fs error (device loop7): ext4_map_blocks:776: inode #2: block 18: comm syz.7.1271: lblock 23 mapped to illegal pblock 18 (length 1)
[  673.362364][T11547] EXT4-fs error (device loop7): ext4_readdir:265: inode #2: block 3: comm syz.7.1271: path (unknown): bad entry in directory: directory entry overrun - offset=12, inode=514, rec_len=2048, size=2048 fake=0
[  673.380116][T11555] loop0: detected capacity change from 0 to 128
[  673.394116][T11547] EXT4-fs error (device loop7): ext4_readdir:265: inode #2: block 12: comm syz.7.1271: path (unknown): bad entry in directory: directory entry overrun - offset=0, inode=5066064, rec_len=65536, size=2048 fake=0
[  673.432329][T11547] EXT4-fs error (device loop7): ext4_readdir:265: inode #2: block 13: comm syz.7.1271: path (unknown): bad entry in directory: directory entry overrun - offset=0, inode=3653246737, rec_len=65536, size=2048 fake=0
[  674.108566][ T9591] EXT4-fs warning (device loop7): ext4_update_dynamic_rev:1142: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  674.169571][ T9591] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  676.286178][T11580] loop7: detected capacity change from 0 to 64
[  676.501352][T11580] hfs: unable to locate alternate MDB
[  676.524457][T11580] hfs: continuing without an alternate MDB
[  677.277126][T11584] random: crng reseeded on system resumption
[  677.829629][T11595] loop7: detected capacity change from 0 to 128
[  677.966774][ T9024] usb 7-1: reset high-speed USB device number 7 using dummy_hcd
[  678.184120][T11596] loop0: detected capacity change from 0 to 40427
[  678.670938][T11596] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504)
[  678.678085][T11596] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  678.718167][T11596] F2FS-fs (loop0): invalid crc value
[  679.064172][T11596] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  679.087615][T11596] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  679.094814][T11596] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  680.276116][T11592] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  680.315747][T11592] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  680.986978][  T803] usb 7-1: USB disconnect, device number 7
[  683.404825][T11632] random: crng reseeded on system resumption
[  683.561502][T11637] loop7: detected capacity change from 0 to 64
[  683.620486][T11637] hfs: unable to locate alternate MDB
[  683.646792][T11637] hfs: continuing without an alternate MDB
[  684.297423][T11646] loop6: detected capacity change from 0 to 128
[  685.953855][T11659] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1303'.
[  685.986146][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[  685.993541][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[  686.596619][ T5894] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  687.326572][ T5894] usb 8-1: Using ep0 maxpacket: 16
[  687.333792][ T5894] usb 8-1: config 0 has an invalid interface number: 132 but max is 0
[  687.342547][ T5894] usb 8-1: config 0 has no interface number 0
[  687.352507][ T5894] usb 8-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  687.362860][ T5894] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  687.371233][ T5894] usb 8-1: Product: syz
[  687.375551][ T5894] usb 8-1: Manufacturer: syz
[  687.380615][ T5894] usb 8-1: SerialNumber: syz
[  687.428459][ T5894] usb 8-1: config 0 descriptor??
[  687.445204][ T5894] hub 8-1:0.132: bad descriptor, ignoring hub
[  687.453904][ T5894] hub 8-1:0.132: probe with driver hub failed with error -5
[  687.478403][ T5894] input: bcm5974 as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.132/input/input23
[  687.561105][T11672] random: crng reseeded on system resumption
[  687.748620][T11661] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  687.761541][T11661] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  689.199464][  T803] usb 7-1: new full-speed USB device number 8 using dummy_hcd
[  689.510728][T11690] zonefs (nullb0) ERROR: Not a zoned block device
[  690.013308][  T803] usb 7-1: unable to get BOS descriptor or descriptor too short
[  690.038555][  T803] usb 7-1: not running at top speed; connect to a high speed hub
[  690.066710][  T803] usb 7-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[  690.210249][  T803] usb 7-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=26.db
[  690.392847][  T803] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  691.140420][  T803] usb 7-1: Product: syz
[  691.144629][  T803] usb 7-1: Manufacturer: syz
[  691.180129][T11696] No control pipe specified
[  691.185698][  T803] usb 7-1: SerialNumber: syz
[  692.049892][T11710] binder: BINDER_SET_CONTEXT_MGR already set
[  692.056387][T11710] binder: 11708:11710 ioctl 4018620d 200000000040 returned -16
[  692.199563][ T1232] usb 8-1: USB disconnect, device number 4
[  693.350206][  T803] usb 7-1: reset full-speed USB device number 8 using dummy_hcd
[  695.138851][  T803] usb 7-1: USB disconnect, device number 8
[  695.212299][T11734] No control pipe specified
[  695.495111][T11736] loop2: detected capacity change from 0 to 40427
[  695.502902][T11736] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  695.510774][T11736] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  695.542931][T11736] F2FS-fs (loop2): invalid crc value
[  695.596932][ T5894] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  695.608777][T11736] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  695.807193][T11736] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  695.814305][T11736] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  695.946629][ T5894] usb 8-1: device descriptor read/64, error -71
[  696.186735][ T5894] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  696.409089][ T5894] usb 8-1: device descriptor read/64, error -71
[  696.517855][ T5894] usb usb8-port1: attempt power cycle
[  696.878111][ T5894] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  696.910532][ T5894] usb 8-1: device descriptor read/8, error -71
[  697.597643][ T5894] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  697.650743][ T5894] usb 8-1: device descriptor read/8, error -71
[  697.779511][ T5894] usb usb8-port1: unable to enumerate USB device
[  698.058089][T11752] loop6: detected capacity change from 0 to 40427
[  698.106992][T11752] F2FS-fs (loop6): Image doesn't support compression
[  698.113851][T11752] F2FS-fs (loop6): build fault injection rate: 684
[  698.142738][T11752] F2FS-fs (loop6): build fault injection type: 0x35f7
[  698.184711][T11752] F2FS-fs (loop6): invalid crc value
[  698.433912][T11752] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  698.443814][T11752] F2FS-fs (loop6): Start checkpoint disabled!
[  698.456688][T11752] F2FS-fs (loop6): f2fs_disable_checkpoint() finish, err:0
[  698.474723][T11752] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[  699.499679][T10576] kworker/u8:12: attempt to access beyond end of device
[  699.499679][T10576] loop6: rw=2049, sector=45096, nr_sectors = 32 limit=40427
[  699.555770][T10576] CPU: 0 UID: 0 PID: 10576 Comm: kworker/u8:12 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  699.555806][T10576] Tainted: [L]=SOFTLOCKUP
[  699.555815][T10576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  699.555836][T10576] Workqueue: writeback wb_workfn (flush-7:6)
[  699.555873][T10576] Call Trace:
[  699.555881][T10576]  <TASK>
[  699.555891][T10576]  dump_stack_lvl+0xe8/0x150
[  699.555925][T10576]  f2fs_handle_critical_error+0x37c/0x540
[  699.555965][T10576]  f2fs_write_end_io+0xcdb/0xff0
[  699.556006][T10576]  __submit_merged_bio+0x256/0x700
[  699.556045][T10576]  __submit_merged_write_cond+0x3c9/0x4e0
[  699.556085][T10576]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  699.556140][T10576]  f2fs_write_data_pages+0x2975/0x35e0
[  699.556202][T10576]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  699.556239][T10576]  ? __lock_acquire+0x6b5/0x2cf0
[  699.556297][T10576]  ? unwind_next_frame+0xa5/0x23c0
[  699.556337][T10576]  ? unwind_next_frame+0xa5/0x23c0
[  699.556384][T10576]  ? unwind_next_frame+0xa5/0x23c0
[  699.556417][T10576]  ? ret_from_fork_asm+0x1a/0x30
[  699.556437][T10576]  ? ret_from_fork_asm+0x1a/0x30
[  699.556481][T10576]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  699.556503][T10576]  do_writepages+0x32e/0x550
[  699.556542][T10576]  ? reacquire_held_locks+0x104/0x190
[  699.556574][T10576]  ? writeback_sb_inodes+0x477/0x1a20
[  699.556609][T10576]  __writeback_single_inode+0x133/0x11a0
[  699.556639][T10576]  ? do_raw_spin_unlock+0xf5/0x210
[  699.556668][T10576]  writeback_sb_inodes+0x992/0x1a20
[  699.556718][T10576]  ? unwind_next_frame+0xa5/0x23c0
[  699.556758][T10576]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  699.556783][T10576]  ? do_raw_spin_lock+0x12b/0x2f0
[  699.556856][T10576]  ? rcu_is_watching+0x15/0xb0
[  699.556899][T10576]  wb_writeback+0x456/0xb70
[  699.556931][T10576]  ? queue_io+0x1e1/0x4a0
[  699.556968][T10576]  ? __pfx_wb_writeback+0x10/0x10
[  699.556993][T10576]  ? do_raw_spin_lock+0x12b/0x2f0
[  699.557034][T10576]  wb_workfn+0x414/0xf50
[  699.557061][T10576]  ? look_up_lock_class+0x57/0x110
[  699.557105][T10576]  ? __pfx_wb_workfn+0x10/0x10
[  699.557133][T10576]  ? do_raw_spin_lock+0x12b/0x2f0
[  699.557158][T10576]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  699.557206][T10576]  ? process_one_work+0x87c/0x1650
[  699.557234][T10576]  process_one_work+0x949/0x1650
[  699.557287][T10576]  ? __pfx_process_one_work+0x10/0x10
[  699.557314][T10576]  ? do_raw_spin_lock+0x12b/0x2f0
[  699.557363][T10576]  worker_thread+0xb46/0x1140
[  699.557404][T10576]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  699.557446][T10576]  kthread+0x388/0x470
[  699.557470][T10576]  ? __pfx_worker_thread+0x10/0x10
[  699.557497][T10576]  ? __pfx_kthread+0x10/0x10
[  699.557521][T10576]  ret_from_fork+0x51e/0xb90
[  699.557554][T10576]  ? __pfx_ret_from_fork+0x10/0x10
[  699.557581][T10576]  ? __switch_to+0xc7d/0x1450
[  699.557611][T10576]  ? __pfx_kthread+0x10/0x10
[  699.557636][T10576]  ret_from_fork_asm+0x1a/0x30
[  699.557675][T10576]  </TASK>
[  699.915936][T10576] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  699.975111][T10576] CPU: 0 UID: 0 PID: 10576 Comm: kworker/u8:12 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  699.975147][T10576] Tainted: [L]=SOFTLOCKUP
[  699.975155][T10576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  699.975169][T10576] Workqueue: writeback wb_workfn (flush-7:6)
[  699.975204][T10576] Call Trace:
[  699.975213][T10576]  <TASK>
[  699.975223][T10576]  dump_stack_lvl+0xe8/0x150
[  699.975259][T10576]  f2fs_handle_critical_error+0x37c/0x540
[  699.975300][T10576]  f2fs_write_end_io+0xcdb/0xff0
[  699.975347][T10576]  __submit_merged_bio+0x256/0x700
[  699.975389][T10576]  __submit_merged_write_cond+0x3c9/0x4e0
[  699.975433][T10576]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  699.975495][T10576]  f2fs_write_data_pages+0x2975/0x35e0
[  699.975563][T10576]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  699.975603][T10576]  ? __lock_acquire+0x6b5/0x2cf0
[  699.975668][T10576]  ? unwind_next_frame+0xa5/0x23c0
[  699.975710][T10576]  ? unwind_next_frame+0xa5/0x23c0
[  699.975767][T10576]  ? unwind_next_frame+0xa5/0x23c0
[  699.975802][T10576]  ? ret_from_fork_asm+0x1a/0x30
[  699.975823][T10576]  ? ret_from_fork_asm+0x1a/0x30
[  699.975869][T10576]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  699.975893][T10576]  do_writepages+0x32e/0x550
[  699.975934][T10576]  ? reacquire_held_locks+0x104/0x190
[  699.975974][T10576]  ? writeback_sb_inodes+0x477/0x1a20
[  699.976011][T10576]  __writeback_single_inode+0x133/0x11a0
[  699.976043][T10576]  ? do_raw_spin_unlock+0xf5/0x210
[  699.976074][T10576]  writeback_sb_inodes+0x992/0x1a20
[  699.976128][T10576]  ? unwind_next_frame+0xa5/0x23c0
[  699.976169][T10576]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  699.976196][T10576]  ? do_raw_spin_lock+0x12b/0x2f0
[  699.976271][T10576]  ? rcu_is_watching+0x15/0xb0
[  699.976315][T10576]  wb_writeback+0x456/0xb70
[  699.976348][T10576]  ? queue_io+0x1e1/0x4a0
[  699.976388][T10576]  ? __pfx_wb_writeback+0x10/0x10
[  699.976413][T10576]  ? do_raw_spin_lock+0x12b/0x2f0
[  699.976458][T10576]  wb_workfn+0x414/0xf50
[  699.976488][T10576]  ? look_up_lock_class+0x57/0x110
[  699.976534][T10576]  ? __pfx_wb_workfn+0x10/0x10
[  699.976564][T10576]  ? do_raw_spin_lock+0x12b/0x2f0
[  699.976592][T10576]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  699.976643][T10576]  ? process_one_work+0x87c/0x1650
[  699.976672][T10576]  process_one_work+0x949/0x1650
[  699.976731][T10576]  ? __pfx_process_one_work+0x10/0x10
[  699.976758][T10576]  ? do_raw_spin_lock+0x12b/0x2f0
[  699.976803][T10576]  worker_thread+0xb46/0x1140
[  699.976848][T10576]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  699.976895][T10576]  kthread+0x388/0x470
[  699.976919][T10576]  ? __pfx_worker_thread+0x10/0x10
[  699.976947][T10576]  ? __pfx_kthread+0x10/0x10
[  699.976980][T10576]  ret_from_fork+0x51e/0xb90
[  699.977015][T10576]  ? __pfx_ret_from_fork+0x10/0x10
[  699.977044][T10576]  ? __switch_to+0xc7d/0x1450
[  699.977076][T10576]  ? __pfx_kthread+0x10/0x10
[  699.977101][T10576]  ret_from_fork_asm+0x1a/0x30
[  699.977144][T10576]  </TASK>
[  701.037005][T10576] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  701.044294][T10576] CPU: 0 UID: 0 PID: 10576 Comm: kworker/u8:12 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  701.044325][T10576] Tainted: [L]=SOFTLOCKUP
[  701.044333][T10576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  701.044347][T10576] Workqueue: writeback wb_workfn (flush-7:6)
[  701.044381][T10576] Call Trace:
[  701.044390][T10576]  <TASK>
[  701.044398][T10576]  dump_stack_lvl+0xe8/0x150
[  701.044433][T10576]  f2fs_handle_critical_error+0x37c/0x540
[  701.044471][T10576]  f2fs_write_end_io+0xcdb/0xff0
[  701.044513][T10576]  __submit_merged_bio+0x256/0x700
[  701.044553][T10576]  __submit_merged_write_cond+0x3c9/0x4e0
[  701.044614][T10576]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  701.044670][T10576]  f2fs_write_data_pages+0x2975/0x35e0
[  701.044730][T10576]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  701.044766][T10576]  ? __lock_acquire+0x6b5/0x2cf0
[  701.044825][T10576]  ? unwind_next_frame+0xa5/0x23c0
[  701.044863][T10576]  ? unwind_next_frame+0xa5/0x23c0
[  701.044917][T10576]  ? unwind_next_frame+0xa5/0x23c0
[  701.044950][T10576]  ? ret_from_fork_asm+0x1a/0x30
[  701.044970][T10576]  ? ret_from_fork_asm+0x1a/0x30
[  701.045012][T10576]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  701.045035][T10576]  do_writepages+0x32e/0x550
[  701.045074][T10576]  ? reacquire_held_locks+0x104/0x190
[  701.045105][T10576]  ? writeback_sb_inodes+0x477/0x1a20
[  701.045140][T10576]  __writeback_single_inode+0x133/0x11a0
[  701.045170][T10576]  ? do_raw_spin_unlock+0xf5/0x210
[  701.045199][T10576]  writeback_sb_inodes+0x992/0x1a20
[  701.045249][T10576]  ? unwind_next_frame+0xa5/0x23c0
[  701.045289][T10576]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  701.045315][T10576]  ? do_raw_spin_lock+0x12b/0x2f0
[  701.045382][T10576]  ? rcu_is_watching+0x15/0xb0
[  701.045423][T10576]  wb_writeback+0x456/0xb70
[  701.045456][T10576]  ? queue_io+0x1e1/0x4a0
[  701.045492][T10576]  ? __pfx_wb_writeback+0x10/0x10
[  701.045516][T10576]  ? do_raw_spin_lock+0x12b/0x2f0
[  701.045557][T10576]  wb_workfn+0x414/0xf50
[  701.045583][T10576]  ? look_up_lock_class+0x57/0x110
[  701.045627][T10576]  ? __pfx_wb_workfn+0x10/0x10
[  701.045655][T10576]  ? do_raw_spin_lock+0x12b/0x2f0
[  701.045682][T10576]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  701.045734][T10576]  ? process_one_work+0x87c/0x1650
[  701.045762][T10576]  process_one_work+0x949/0x1650
[  701.045819][T10576]  ? __pfx_process_one_work+0x10/0x10
[  701.045845][T10576]  ? do_raw_spin_lock+0x12b/0x2f0
[  701.045887][T10576]  worker_thread+0xb46/0x1140
[  701.045934][T10576]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  701.045977][T10576]  kthread+0x388/0x470
[  701.046000][T10576]  ? __pfx_worker_thread+0x10/0x10
[  701.046027][T10576]  ? __pfx_kthread+0x10/0x10
[  701.046051][T10576]  ret_from_fork+0x51e/0xb90
[  701.046084][T10576]  ? __pfx_ret_from_fork+0x10/0x10
[  701.046112][T10576]  ? __switch_to+0xc7d/0x1450
[  701.046142][T10576]  ? __pfx_kthread+0x10/0x10
[  701.046166][T10576]  ret_from_fork_asm+0x1a/0x30
[  701.046205][T10576]  </TASK>
[  701.046214][T10576] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  701.281967][T11788] loop7: detected capacity change from 0 to 40427
[  701.356306][T11788] F2FS-fs (loop7): Invalid log_blocksize (268), supports only 12
[  701.366655][T11788] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  701.377389][T11788] F2FS-fs (loop7): invalid crc value
[  701.383105][T10576] CPU: 1 UID: 0 PID: 10576 Comm: kworker/u8:12 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  701.383139][T10576] Tainted: [L]=SOFTLOCKUP
[  701.383147][T10576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  701.383160][T10576] Workqueue: writeback wb_workfn (flush-7:6)
[  701.383192][T10576] Call Trace:
[  701.383200][T10576]  <TASK>
[  701.383209][T10576]  dump_stack_lvl+0xe8/0x150
[  701.383242][T10576]  f2fs_handle_critical_error+0x37c/0x540
[  701.383280][T10576]  f2fs_write_end_io+0xcdb/0xff0
[  701.383319][T10576]  __submit_merged_bio+0x256/0x700
[  701.383357][T10576]  __submit_merged_write_cond+0x3c9/0x4e0
[  701.383398][T10576]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  701.383453][T10576]  f2fs_write_data_pages+0x2975/0x35e0
[  701.383512][T10576]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  701.383549][T10576]  ? __lock_acquire+0x6b5/0x2cf0
[  701.383607][T10576]  ? unwind_next_frame+0xa5/0x23c0
[  701.383654][T10576]  ? unwind_next_frame+0xa5/0x23c0
[  701.383702][T10576]  ? unwind_next_frame+0xa5/0x23c0
[  701.383735][T10576]  ? ret_from_fork_asm+0x1a/0x30
[  701.383755][T10576]  ? ret_from_fork_asm+0x1a/0x30
[  701.383797][T10576]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  701.383820][T10576]  do_writepages+0x32e/0x550
[  701.383860][T10576]  ? reacquire_held_locks+0x104/0x190
[  701.383891][T10576]  ? writeback_sb_inodes+0x477/0x1a20
[  701.383927][T10576]  __writeback_single_inode+0x133/0x11a0
[  701.383958][T10576]  ? do_raw_spin_unlock+0xf5/0x210
[  701.383987][T10576]  writeback_sb_inodes+0x992/0x1a20
[  701.384038][T10576]  ? unwind_next_frame+0xa5/0x23c0
[  701.384078][T10576]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  701.384104][T10576]  ? do_raw_spin_lock+0x12b/0x2f0
[  701.384170][T10576]  ? rcu_is_watching+0x15/0xb0
[  701.384212][T10576]  wb_writeback+0x456/0xb70
[  701.384244][T10576]  ? queue_io+0x1e1/0x4a0
[  701.384281][T10576]  ? __pfx_wb_writeback+0x10/0x10
[  701.384306][T10576]  ? do_raw_spin_lock+0x12b/0x2f0
[  701.384348][T10576]  wb_workfn+0x414/0xf50
[  701.384374][T10576]  ? look_up_lock_class+0x57/0x110
[  701.384417][T10576]  ? __pfx_wb_workfn+0x10/0x10
[  701.384445][T10576]  ? do_raw_spin_lock+0x12b/0x2f0
[  701.384471][T10576]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  701.384518][T10576]  ? process_one_work+0x87c/0x1650
[  701.384545][T10576]  process_one_work+0x949/0x1650
[  701.384622][T10576]  ? __pfx_process_one_work+0x10/0x10
[  701.384648][T10576]  ? do_raw_spin_lock+0x12b/0x2f0
[  701.384690][T10576]  worker_thread+0xb46/0x1140
[  701.384731][T10576]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  701.384775][T10576]  kthread+0x388/0x470
[  701.384799][T10576]  ? __pfx_worker_thread+0x10/0x10
[  701.384827][T10576]  ? __pfx_kthread+0x10/0x10
[  701.384851][T10576]  ret_from_fork+0x51e/0xb90
[  701.384885][T10576]  ? __pfx_ret_from_fork+0x10/0x10
[  701.384913][T10576]  ? __switch_to+0xc7d/0x1450
[  701.384943][T10576]  ? __pfx_kthread+0x10/0x10
[  701.384966][T10576]  ret_from_fork_asm+0x1a/0x30
[  701.385006][T10576]  </TASK>
[  701.385015][T10576] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  701.836696][T11788] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  701.853718][T11788] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[  701.861158][T11788] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  703.786583][ T5994] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  704.038932][ T5994] usb 1-1: device descriptor read/64, error -71
[  704.296625][ T5994] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  705.236638][ T5994] usb 1-1: device descriptor read/64, error -71
[  705.386996][ T5994] usb usb1-port1: attempt power cycle
[  705.528174][ T5894] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  705.707766][ T5894] usb 7-1: Using ep0 maxpacket: 32
[  705.739579][ T5994] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  705.791835][ T5894] usb 7-1: config 0 has an invalid interface number: 67 but max is 0
[  705.849499][ T5994] usb 1-1: device descriptor read/8, error -71
[  705.874068][ T5894] usb 7-1: config 0 has no interface number 0
[  705.982583][ T5894] usb 7-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  706.097861][ T5894] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  706.176957][ T5994] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  706.195605][ T5894] usb 7-1: Product: syz
[  706.206142][ T5894] usb 7-1: Manufacturer: syz
[  706.215929][ T5894] usb 7-1: SerialNumber: syz
[  706.259430][ T5894] usb 7-1: config 0 descriptor??
[  706.360372][ T5994] usb 1-1: device descriptor read/8, error -71
[  706.499751][ T5994] usb usb1-port1: unable to enumerate USB device
[  706.614231][T11829] loop2: detected capacity change from 0 to 40427
[  706.623508][T11829] F2FS-fs (loop2): Image doesn't support compression
[  706.631604][T11829] F2FS-fs (loop2): build fault injection rate: 684
[  706.639172][T11829] F2FS-fs (loop2): build fault injection type: 0x35f7
[  706.648480][T11829] F2FS-fs (loop2): invalid crc value
[  707.481600][T11829] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  707.513285][T11829] F2FS-fs (loop2): Start checkpoint disabled!
[  707.755193][T11842] loop7: detected capacity change from 0 to 40427
[  707.777009][T11842] F2FS-fs (loop7): Invalid log_blocksize (268), supports only 12
[  707.784908][T11842] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  707.796438][T11842] F2FS-fs (loop7): invalid crc value
[  707.852118][T11842] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  707.863860][T11842] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[  707.871428][T11842] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  708.066102][T11829] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  708.082784][ T5894] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000030: -71
[  708.300564][ T5894] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Error writing E2P_CMD
[  708.310805][ T5894] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  708.328886][ T5894] smsc95xx 7-1:0.67: probe with driver smsc95xx failed with error -71
[  708.419399][ T5894] usb 7-1: USB disconnect, device number 9
[  708.425443][T11829] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  708.536075][T11852] binder: 11850:11852 ioctl c0306201 0 returned -14
[  709.171534][T11856] loop2: detected capacity change from 0 to 1024
[  709.233794][T11856] hfsplus: b-tree write err: -5, ino 2
[  709.313053][  T112] hfsplus: b-tree write err: -5, ino 25
[  709.320798][  T112] hfsplus: b-tree write err: -5, ino 4
[  709.336654][  T112] hfsplus: b-tree write err: -5, ino 2
[  709.407594][  T112] hfsplus: b-tree write err: -5, ino 26
[  709.589436][T11866] loop5: detected capacity change from 0 to 64
[  709.819013][T11866] hfs: unable to locate alternate MDB
[  709.848679][T11866] hfs: continuing without an alternate MDB
[  710.126835][ T5894] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  710.727045][ T5894] usb 7-1: device descriptor read/64, error -71
[  710.976729][ T5894] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  711.226888][ T5894] usb 7-1: device descriptor read/64, error -71
[  711.449939][ T5894] usb usb7-port1: attempt power cycle
[  711.805812][T11885] loop5: detected capacity change from 0 to 40427
[  711.813929][T11885] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  711.821974][T11885] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  711.832068][T11885] F2FS-fs (loop5): invalid crc value
[  711.914756][T11885] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  711.939794][T11885] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  711.947217][T11885] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  712.206709][ T5894] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  712.307912][T11900] loop0: detected capacity change from 0 to 1024
[  712.359206][T11900] hfsplus: b-tree write err: -5, ino 2
[  712.528075][ T1005] hfsplus: b-tree write err: -5, ino 25
[  712.539220][ T1005] hfsplus: b-tree write err: -5, ino 4
[  712.552237][ T1005] hfsplus: b-tree write err: -5, ino 2
[  712.574031][ T1005] hfsplus: b-tree write err: -5, ino 26
[  712.780222][T11906] binder: 11902:11906 ioctl c0306201 0 returned -14
[  712.833606][T11888] loop7: detected capacity change from 0 to 40427
[  712.838123][ T5894] usb 7-1: device not accepting address 12, error -71
[  712.881549][T11888] F2FS-fs (loop7): Insane cp_payload (553648128 >= 504)
[  712.909560][T11888] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  713.097413][T11888] F2FS-fs (loop7): invalid crc value
[  713.360439][T11888] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  713.387909][T11888] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[  713.423373][T11888] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  715.754512][T11936] binder: BINDER_SET_CONTEXT_MGR already set
[  715.772506][T11936] binder: 11935:11936 ioctl 4018620d 200000000040 returned -16
[  717.966609][ T9596] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  718.256584][ T9596] usb 8-1: Using ep0 maxpacket: 16
[  718.268536][ T9596] usb 8-1: config 0 has an invalid interface number: 132 but max is 0
[  718.284375][ T9596] usb 8-1: config 0 has no interface number 0
[  718.297514][ T9596] usb 8-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  718.323637][ T9596] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  718.340604][ T9596] usb 8-1: Product: syz
[  718.346431][ T9596] usb 8-1: Manufacturer: syz
[  718.351759][ T9596] usb 8-1: SerialNumber: syz
[  718.371661][ T9596] usb 8-1: config 0 descriptor??
[  718.387789][ T9596] hub 8-1:0.132: bad descriptor, ignoring hub
[  718.394579][ T9596] hub 8-1:0.132: probe with driver hub failed with error -5
[  718.560192][ T9596] input: bcm5974 as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.132/input/input24
[  718.759554][T11964] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  718.791791][T11964] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  719.157745][ T9596] usb 8-1: USB disconnect, device number 9
[  721.915544][T11991] loop5: detected capacity change from 0 to 64
[  722.003386][T11991] hfs: unable to locate alternate MDB
[  722.031297][T11991] hfs: continuing without an alternate MDB
[  724.562186][T12020] No such timeout policy "syz1"
[  725.945340][T12030] loop0: detected capacity change from 0 to 4096
[  726.933218][T12029] NILFS error (device loop0): nilfs_check_folio: bad entry in directory #2: rec_len is too small for name_len - offset=0, inode=2, rec_len=16, name_len=11
[  726.949080][T12033] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  729.496257][T12059] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  729.888985][T12062] loop7: detected capacity change from 0 to 32768
[  730.296784][T12067] loop2: detected capacity change from 0 to 64
[  730.618351][T12070] No such timeout policy "syz1"
[  730.647649][T12067] hfs: unable to locate alternate MDB
[  730.667189][T12067] hfs: continuing without an alternate MDB
[  731.606620][ T5908] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  731.878528][ T5908] usb 7-1: Using ep0 maxpacket: 32
[  732.036080][ T5908] usb 7-1: config 2 has an invalid interface number: 88 but max is 0
[  732.172240][ T5908] usb 7-1: config 2 has no interface number 0
[  732.240209][ T5908] usb 7-1: config 2 interface 88 altsetting 7 bulk endpoint 0x6 has invalid maxpacket 256
[  732.450084][ T5908] usb 7-1: config 2 interface 88 has no altsetting 0
[  732.463010][ T5908] usb 7-1: New USB device found, idVendor=0557, idProduct=2009, bcdDevice=c7.1e
[  732.513116][ T5908] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  732.548708][ T5908] usb 7-1: Product: syz
[  732.568443][ T5908] usb 7-1: Manufacturer: syz
[  732.594323][ T5908] usb 7-1: SerialNumber: syz
[  732.633334][T12074] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  733.862524][T12074] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  733.967448][T12095] loop2: detected capacity change from 0 to 1024
[  733.980111][T12095] EXT4-fs: Ignoring removed i_version option
[  733.986202][T12095] EXT4-fs: inline encryption not supported
[  734.005944][T12095] EXT4-fs (loop2): Test dummy encryption mode enabled
[  734.106811][T12095] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  734.586920][ T5908] asix 7-1:2.88 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  734.714317][ T5908] asix 7-1:2.88: probe with driver asix failed with error -71
[  734.756243][ T5908] usb 7-1: USB disconnect, device number 14
[  734.794655][ T5836] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  735.464158][T12109] loop7: detected capacity change from 0 to 1024
[  735.948274][T12114] loop6: detected capacity change from 0 to 32768
[  737.567671][T12121] No such timeout policy "syz1"
[  739.889978][T12139] loop5: detected capacity change from 0 to 32768
[  739.903983][T12142] No such timeout policy "syz1"
[  742.520975][T12164] bridge0: port 3(syz_tun) entered blocking state
[  742.530309][T12164] bridge0: port 3(syz_tun) entered disabled state
[  742.541357][T12164] syz_tun: entered allmulticast mode
[  742.564840][T12164] syz_tun: entered promiscuous mode
[  742.573573][T12164] bridge0: port 3(syz_tun) entered blocking state
[  742.580478][T12164] bridge0: port 3(syz_tun) entered forwarding state
[  743.204788][T12160] loop2: detected capacity change from 0 to 32768
[  744.906768][ T5922] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  745.546901][ T5922] usb 7-1: device descriptor read/64, error -71
[  745.656240][T12192] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  746.075666][T12195] loop7: detected capacity change from 0 to 40427
[  746.116527][T12195] F2FS-fs (loop7): Insane cp_payload (553648128 >= 504)
[  746.123616][T12195] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  746.142175][T12195] F2FS-fs (loop7): invalid crc value
[  746.306628][ T5922] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  746.618490][T12195] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  746.655449][T12204] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1458'.
[  746.700113][T12195] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[  746.707319][T12195] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  746.986548][ T5922] usb 7-1: device descriptor read/64, error -71
[  747.118854][ T5922] usb usb7-port1: attempt power cycle
[  747.442233][T12209] loop0: detected capacity change from 0 to 32768
[  747.451292][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[  747.457893][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[  748.716959][ T5922] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  748.861890][ T5922] usb 7-1: device descriptor read/8, error -71
[  749.455187][T12225] No such timeout policy "syz1"
[  750.985294][T12238] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1468'.
[  751.152639][T12238] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1468'.
[  751.185374][T12238] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1468'.
[  751.203410][T12238] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1468'.
[  752.515791][T12249] netlink: 56 bytes leftover after parsing attributes in process `syz.6.1470'.
[  752.589645][T12251] overlayfs: failed to resolve './bus': -2
[  752.838390][T12248] loop5: detected capacity change from 0 to 40427
[  752.846690][T12248] F2FS-fs (loop5): Insane cp_payload (553648128 >= 504)
[  752.853693][T12248] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  752.863593][T12248] F2FS-fs (loop5): invalid crc value
[  752.917250][T12248] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  752.950799][T12248] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  752.958570][T12248] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  753.321441][T12258] loop7: detected capacity change from 0 to 32768
[  756.629415][T12287] binder_alloc: 12286: binder_alloc_buf, no vma
[  757.021222][T12295] loop2: detected capacity change from 0 to 32768
[  765.390927][  T803] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  765.596599][  T803] usb 7-1: Using ep0 maxpacket: 32
[  765.653467][  T803] usb 7-1: config 2 has an invalid interface number: 88 but max is 0
[  765.686823][  T803] usb 7-1: config 2 has no interface number 0
[  765.697240][  T803] usb 7-1: config 2 interface 88 altsetting 7 bulk endpoint 0x6 has invalid maxpacket 256
[  765.752738][  T803] usb 7-1: config 2 interface 88 has no altsetting 0
[  765.788296][  T803] usb 7-1: New USB device found, idVendor=0557, idProduct=2009, bcdDevice=c7.1e
[  765.946549][  T803] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  765.969090][  T803] usb 7-1: Product: syz
[  765.982490][  T803] usb 7-1: Manufacturer: syz
[  766.711579][  T803] usb 7-1: SerialNumber: syz
[  766.774912][T12359] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  767.091169][T12359] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  767.267322][T12383] atomic_op ffff888026563198 conn xmit_atomic 0000000000000000
[  768.361692][  T803] asix 7-1:2.88 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  768.389061][  T803] asix 7-1:2.88: probe with driver asix failed with error -71
[  768.431958][  T803] usb 7-1: USB disconnect, device number 19
[  770.084395][T12396] binder: 12391:12396 ioctl c0306201 0 returned -14
[  770.800888][T12409] faux_driver vkms: [drm] Unknown color mode 11; guessing buffer size.
[  772.140722][T12423] vxcan1: entered promiscuous mode
[  772.262268][T12422] loop0: detected capacity change from 0 to 32768
[  775.480484][T12446] binder: 12437:12446 ioctl c0306201 0 returned -14
[  776.605532][T12459] loop0: detected capacity change from 0 to 64
[  776.830847][T12461] loop6: detected capacity change from 0 to 4096
[  776.939785][T12461] NILFS error (device loop6): nilfs_check_folio: bad entry in directory #2: rec_len is too small for name_len - offset=0, inode=2, rec_len=16, name_len=11
[  776.961396][T12462] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  777.358852][T12459] hfs: unable to locate alternate MDB
[  777.364291][T12459] hfs: continuing without an alternate MDB
[  778.173677][T12469] loop7: detected capacity change from 0 to 32768
[  782.026546][ T1232] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  782.167626][ T9596] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  782.218949][ T1232] usb 1-1: config 0 has no interfaces?
[  782.224454][ T1232] usb 1-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00
[  782.254899][ T1232] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  782.428320][ T1232] usb 1-1: config 0 descriptor??
[  782.497341][ T9596] usb 3-1: Using ep0 maxpacket: 8
[  782.504878][ T9596] usb 3-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  782.519831][ T9596] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  782.531619][ T9596] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  782.542343][ T9596] usb 3-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  782.567664][ T9596] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  782.577316][ T9596] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  782.651208][T12511] binder: 12508:12511 ioctl c0306201 0 returned -14
[  783.405380][ T9596] usbtmc 3-1:16.0: bulk endpoints not found
[  783.543707][ T9596] usb 1-1: USB disconnect, device number 19
[  784.111457][T12522] loop6: detected capacity change from 0 to 32768
[  784.134282][T12520] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6)
[  784.140888][T12520] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  784.320238][T12520] vhci_hcd vhci_hcd.0: Device attached
[  784.970896][T12524] vhci_hcd: connection closed
[  784.996736][   T49] vhci_hcd vhci_hcd.5: stop threads
[  785.041311][   T49] vhci_hcd vhci_hcd.5: release socket
[  785.066012][  T803] usb 3-1: USB disconnect, device number 10
[  785.087010][   T49] vhci_hcd vhci_hcd.5: disconnect device
[  787.990073][T12534] loop2: detected capacity change from 0 to 32768
[  788.006861][T12534] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1553 (12534)
[  788.109454][T12534] BTRFS info (device loop2): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  788.132138][T12534] BTRFS info (device loop2): using crc32c checksum algorithm
[  788.145459][T12534] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  788.174714][T12534] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR
[  788.184335][T12534] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR
[  788.308066][T12534] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR
[  788.326205][T12534] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR
[  788.342099][T12534] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[  788.383025][T12534] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[  788.432310][T12534] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[  788.640150][T12574] loop6: detected capacity change from 0 to 32768
[  788.668189][T12564] vcan0: tx drop: invalid da for name 0xfffffffffffffffe
[  788.678454][T12534] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[  788.678765][T12534] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[  788.706980][T12534] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[  788.948965][T12534] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  788.977881][T12534] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  789.571982][T12534] BTRFS error (device loop2): open_ctree failed: -12
[  789.975809][T12577] netlink: 16 bytes leftover after parsing attributes in process `syz.7.1560'.
[  791.364980][T12603] loop9: detected capacity change from 0 to 7
[  791.372116][T12603] buffer_io_error: 9 callbacks suppressed
[  791.372136][T12603] Buffer I/O error on dev loop9, logical block 0, async page read
[  791.386131][T12603] Buffer I/O error on dev loop9, logical block 0, async page read
[  791.394160][T12603] Buffer I/O error on dev loop9, logical block 0, async page read
[  791.402320][T12603] Buffer I/O error on dev loop9, logical block 0, async page read
[  791.437183][T12603] Buffer I/O error on dev loop9, logical block 0, async page read
[  791.445908][T12603] Buffer I/O error on dev loop9, logical block 0, async page read
[  791.454440][T12603] Buffer I/O error on dev loop9, logical block 0, async page read
[  791.462663][T12603] ldm_validate_partition_table(): Disk read failed.
[  791.470970][T12603] Buffer I/O error on dev loop9, logical block 0, async page read
[  791.479523][T12603] Buffer I/O error on dev loop9, logical block 0, async page read
[  791.575500][T12603] Buffer I/O error on dev loop9, logical block 0, async page read
[  791.587890][T12603] Dev loop9: unable to read RDB block 0
[  791.596521][T12603]  loop9: unable to read partition table
[  791.604439][T12603] loop9: partition table beyond EOD, truncated
[  791.604529][T12603] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dG¤´à–ƒÝ¡¯ �â·û
[  791.604529][T12603] 
) failed (rc=-5)
[  792.097839][T12605] ldm_validate_partition_table(): Disk read failed.
[  792.173919][T12605] Dev loop9: unable to read RDB block 0
[  792.184364][T12605]  loop9: unable to read partition table
[  792.202901][T12605] loop9: partition table beyond EOD, truncated
[  794.308980][T12625] loop0: detected capacity change from 0 to 32768
[  795.762168][T12632] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(6)
[  795.769192][T12632] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  795.924663][T12632] vhci_hcd vhci_hcd.0: Device attached
[  796.060812][T12639] vhci_hcd: connection closed
[  796.062917][   T12] vhci_hcd vhci_hcd.6: stop threads
[  796.091578][   T12] vhci_hcd vhci_hcd.6: release socket
[  796.126121][   T12] vhci_hcd vhci_hcd.6: disconnect device
[  796.156601][ T5994] usb 46-1: enqueue for inactive port 0
[  796.300539][T12648] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1728497071 (13827976568 ns) > initial count (134217856 ns). Using initial count to start timer.
[  796.422563][T12631] loop2: detected capacity change from 0 to 32768
[  796.453998][T12631] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1575 (12631)
[  796.476117][T12631] BTRFS info (device loop2): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  796.491440][T12631] BTRFS info (device loop2): using crc32c checksum algorithm
[  796.508929][T12631] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  796.705988][ T5994] usb usb46-port1: attempt power cycle
[  797.126072][T12631] BTRFS info (device loop2): rebuilding free space tree
[  797.188108][T12631] BTRFS info (device loop2): disabling free space tree
[  797.213960][T12631] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  797.264733][T12631] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  797.356547][ T5994] usb usb46-port1: unable to enumerate USB device
[  797.417576][T12631] BTRFS info (device loop2): enabling ssd optimizations
[  797.456590][T12631] BTRFS info (device loop2): turning on async discard
[  797.463463][T12631] BTRFS info (device loop2): enabling disk space caching
[  797.526513][T12631] BTRFS info (device loop2): force clearing of disk cache
[  797.544345][T12631] BTRFS info (device loop2): use zstd compression, level 3
[  797.922544][T12679] No such timeout policy "syz1"
[  799.198364][ T5836] BTRFS info (device loop2): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  802.499673][T12716] No such timeout policy "syz1"
[  804.531048][T12724] loop7: detected capacity change from 0 to 32768
[  804.546915][T12724] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.1596 (12724)
[  804.693530][T12730] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(6)
[  804.700747][T12730] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  804.726633][T12724] BTRFS info (device loop7): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  804.745159][T12730] vhci_hcd vhci_hcd.0: Device attached
[  804.768567][T12724] BTRFS info (device loop7): using crc32c checksum algorithm
[  804.801508][T12724] BTRFS warning (device loop7): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  805.130273][T12734] vhci_hcd: connection closed
[  805.134765][T12724] BTRFS info (device loop7): rebuilding free space tree
[  805.135595][   T12] vhci_hcd vhci_hcd.6: stop threads
[  805.176562][ T5994] usb 46-1: SetAddress Request (10) to port 0
[  805.190111][   T12] vhci_hcd vhci_hcd.6: release socket
[  805.195907][ T5994] usb 46-1: new SuperSpeed USB device number 10 using vhci_hcd
[  805.208646][T12724] BTRFS info (device loop7): disabling free space tree
[  805.211773][   T12] vhci_hcd vhci_hcd.6: disconnect device
[  805.225860][T12724] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  805.243536][T12724] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  805.262532][T12724] BTRFS info (device loop7): enabling ssd optimizations
[  805.271137][T12724] BTRFS info (device loop7): turning on async discard
[  805.278615][T12724] BTRFS info (device loop7): enabling disk space caching
[  805.285968][T12724] BTRFS info (device loop7): force clearing of disk cache
[  805.294837][T12724] BTRFS info (device loop7): use zstd compression, level 3
[  806.777379][ T9591] BTRFS info (device loop7): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  807.020320][T12775] loop5: detected capacity change from 0 to 4096
[  807.321189][T12775] NILFS error (device loop5): nilfs_check_folio: bad entry in directory #2: rec_len is too small for name_len - offset=0, inode=2, rec_len=16, name_len=11
[  807.339788][T12777] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  809.020813][T12792] No such timeout policy "syz1"
[  809.079874][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[  809.088352][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[  810.316681][ T5994] usb 46-1: device descriptor read/8, error -110
[  810.928566][ T5994] usb usb46-port1: attempt power cycle
[  811.498205][T12809] loop6: detected capacity change from 0 to 32768
[  811.518222][ T5994] usb usb46-port1: unable to enumerate USB device
[  811.550589][T12809] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.1616 (12809)
[  811.602452][T12809] BTRFS info (device loop6): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  811.640043][T12809] BTRFS info (device loop6): using crc32c checksum algorithm
[  811.675293][T12809] BTRFS warning (device loop6): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  811.901857][T12841] loop2: detected capacity change from 0 to 4096
[  812.435343][T12843] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  812.458931][T12840] NILFS error (device loop2): nilfs_check_folio: bad entry in directory #2: rec_len is too small for name_len - offset=0, inode=2, rec_len=16, name_len=11
[  812.538940][T12809] BTRFS info (device loop6): rebuilding free space tree
[  812.741465][T12849] No such timeout policy "syz1"
[  813.311787][T12809] BTRFS info (device loop6): disabling free space tree
[  813.357017][T12809] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  813.403712][T12809] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  813.425409][T12809] BTRFS info (device loop6): enabling ssd optimizations
[  813.447819][T12809] BTRFS info (device loop6): turning on async discard
[  813.454669][T12809] BTRFS info (device loop6): enabling disk space caching
[  813.463692][ T5994] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  813.472511][T12809] BTRFS info (device loop6): force clearing of disk cache
[  813.491506][T12809] BTRFS info (device loop6): use zstd compression, level 3
[  813.628450][ T5994] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  813.693237][ T5994] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  813.773523][ T5994] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121
[  813.799266][ T5994] usb 8-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  813.816024][ T5994] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  813.839655][ T5994] usb 8-1: Product: syz
[  813.850651][ T5994] usb 8-1: Manufacturer: syz
[  813.861956][ T5994] usb 8-1: SerialNumber: syz
[  813.881069][ T5994] usb 8-1: config 0 descriptor??
[  813.902744][T12850] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  813.916851][T12850] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  813.938628][ T5994] usb 8-1: ucan: probing device on interface #0
[  814.054487][ T9322] BTRFS info (device loop6): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  814.186945][ T5994] usb 8-1: ucan: could not read protocol version, ret=-32
[  814.207901][ T5994] usb 8-1: ucan: probe failed; try to update the device firmware
[  815.052175][T12881] No such timeout policy "syz1"
[  815.491400][T12883] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1633'.
[  815.745803][ T9596] usb 8-1: USB disconnect, device number 10
[  816.357025][T12898] No such timeout policy "syz1"
[  819.803683][T12906] loop7: detected capacity change from 0 to 32768
[  819.821308][T12922] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1644'.
[  819.867481][T12906] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.1639 (12906)
[  819.948816][T12906] BTRFS info (device loop7): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  820.000983][T12906] BTRFS info (device loop7): using crc32c checksum algorithm
[  820.026557][T12906] BTRFS warning (device loop7): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  820.219456][T12906] BTRFS info (device loop7): rebuilding free space tree
[  820.260537][T12906] BTRFS info (device loop7): disabling free space tree
[  820.268048][T12906] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  820.279276][T12906] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  820.373116][T12906] BTRFS info (device loop7): enabling ssd optimizations
[  820.416851][T12906] BTRFS info (device loop7): turning on async discard
[  820.441722][T12906] BTRFS info (device loop7): enabling disk space caching
[  820.472920][T12906] BTRFS info (device loop7): force clearing of disk cache
[  820.529637][T12906] BTRFS info (device loop7): use zstd compression, level 3
[  820.587106][   T10] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[  820.806656][ T5922] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  820.865272][ T9591] BTRFS info (device loop7): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  821.063480][ T5922] usb 3-1: Using ep0 maxpacket: 32
[  821.076301][T12951] No such timeout policy "syz1"
[  821.839441][ T5922] usb 3-1: config 0 interface 0 has no altsetting 0
[  821.880762][ T5922] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  821.986596][ T5922] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  821.991271][   T10] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  822.034140][   T10] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  822.046664][   T10] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121
[  822.060067][   T10] usb 7-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  822.070023][   T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  822.078262][   T10] usb 7-1: Product: syz
[  822.082565][   T10] usb 7-1: Manufacturer: syz
[  822.087359][   T10] usb 7-1: SerialNumber: syz
[  822.094907][   T10] usb 7-1: config 0 descriptor??
[  822.100959][T12944] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  822.104234][ T5922] usb 3-1: Product: syz
[  822.127852][ T5922] usb 3-1: Manufacturer: syz
[  822.132637][ T5922] usb 3-1: SerialNumber: syz
[  822.151916][T12944] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  822.182466][ T5922] usb 3-1: config 0 descriptor??
[  822.198935][   T10] usb 7-1: ucan: probing device on interface #0
[  822.570117][   T10] usb 7-1: ucan: could not read protocol version, ret=-32
[  822.577731][   T10] usb 7-1: ucan: probe failed; try to update the device firmware
[  823.279490][ T5922] gs_usb 3-1:0.0: Couldn't send data format (err=-110)
[  823.318558][ T5922] gs_usb 3-1:0.0: probe with driver gs_usb failed with error -110
[  823.619697][T12966] lo speed is unknown, defaulting to 1000
[  824.475824][   T10] usb 7-1: USB disconnect, device number 20
[  825.610131][ T1232] usb 3-1: USB disconnect, device number 11
[  826.657483][   T10] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[  826.840555][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  826.867202][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  826.906491][   T10] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  826.976013][   T10] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  826.997809][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  827.060713][   T10] usb 7-1: config 0 descriptor??
[  827.541854][   T10] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  827.571526][   T10] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  827.596516][   T10] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  827.634480][   T10] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  827.666627][   T10] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  827.680253][   T10] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  827.706496][   T10] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  827.734560][   T10] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  827.768179][   T10] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  827.775661][   T10] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  828.918225][   T10] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[  828.976640][   T10] usb 7-1: USB disconnect, device number 21
[  829.975837][T13020] fido_id[13020]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory
[  830.903000][T13051] No such timeout policy "syz1"
[  833.018643][T13070] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  833.050702][T13069] vcan0: tx drop: invalid da for name 0xfffffffffffffffe
[  833.806825][ T5922] usb 7-1: new high-speed USB device number 22 using dummy_hcd
[  834.028194][ T5922] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  834.053636][ T5922] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  834.109304][ T5922] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121
[  834.173463][ T5922] usb 7-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  834.203154][ T5922] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  834.233502][ T5922] usb 7-1: Product: syz
[  834.266694][ T5922] usb 7-1: Manufacturer: syz
[  834.319128][ T5922] usb 7-1: SerialNumber: syz
[  834.341660][ T5922] usb 7-1: config 0 descriptor??
[  834.377579][T13077] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  834.385223][T13077] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  834.392550][T13083] loop2: detected capacity change from 0 to 64
[  834.417866][ T5922] usb 7-1: ucan: probing device on interface #0
[  834.440591][T13083] hfs: unable to locate alternate MDB
[  834.446088][T13083] hfs: continuing without an alternate MDB
[  834.755107][ T5922] usb 7-1: ucan: could not read protocol version, ret=0
[  834.775647][ T5922] usb 7-1: ucan: probe failed; try to update the device firmware
[  835.540232][T13087] input: syz1 as /devices/virtual/input/input25
[  836.026525][ T9596] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[  836.116292][T13098] loop2: detected capacity change from 0 to 32768
[  836.124973][T13098] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1687 (13098)
[  836.167417][T13098] BTRFS info (device loop2): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  836.177917][T13098] BTRFS info (device loop2): using crc32c checksum algorithm
[  836.185537][T13098] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  836.213028][ T9596] usb 8-1: config 0 has no interfaces?
[  836.234424][ T9596] usb 8-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00
[  836.254854][ T9596] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  836.276710][ T9596] usb 8-1: config 0 descriptor??
[  836.314844][T13098] BTRFS info (device loop2): rebuilding free space tree
[  836.336288][T13098] BTRFS info (device loop2): disabling free space tree
[  836.343990][T13098] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  836.354196][T13098] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  836.369001][T13098] BTRFS info (device loop2): enabling ssd optimizations
[  836.376040][T13098] BTRFS info (device loop2): turning on async discard
[  836.383107][T13098] BTRFS info (device loop2): enabling disk space caching
[  836.390211][T13098] BTRFS info (device loop2): force clearing of disk cache
[  836.397476][T13098] BTRFS info (device loop2): use zstd compression, level 3
[  836.526152][ T9596] usb 8-1: USB disconnect, device number 11
[  836.613417][ T1232] usb 7-1: USB disconnect, device number 22
[  837.567196][T13136] input: syz1 as /devices/virtual/input/input26
[  837.607757][ T5908] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[  837.810208][ T5908] usb 8-1: Using ep0 maxpacket: 32
[  837.836621][ T5908] usb 8-1: config 0 has an invalid interface number: 67 but max is 0
[  837.875332][ T5908] usb 8-1: config 0 has no interface number 0
[  837.898750][ T5908] usb 8-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  837.934240][ T5908] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  837.958965][ T5908] usb 8-1: Product: syz
[  837.976570][ T5908] usb 8-1: Manufacturer: syz
[  837.994710][ T5908] usb 8-1: SerialNumber: syz
[  838.026986][ T5908] usb 8-1: config 0 descriptor??
[  838.434503][T13140] No such timeout policy "syz1"
[  838.618951][ T5836] BTRFS info (device loop2): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  839.345188][ T5908] smsc95xx 8-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000030: -71
[  839.385191][ T5908] smsc95xx 8-1:0.67 (unnamed net_device) (uninitialized): Error writing E2P_CMD
[  839.417581][ T5908] smsc95xx 8-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  839.480519][ T5908] smsc95xx 8-1:0.67: probe with driver smsc95xx failed with error -71
[  839.526735][ T5908] usb 8-1: USB disconnect, device number 12
[  841.336541][ T1232] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  841.658521][ T1232] usb 1-1: config 0 has no interfaces?
[  841.677891][ T1232] usb 1-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00
[  841.710799][ T1232] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  841.777926][ T1232] usb 1-1: config 0 descriptor??
[  842.162900][T13174] loop7: detected capacity change from 0 to 32768
[  842.188476][T13174] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.1706 (13174)
[  842.220016][T13174] BTRFS info (device loop7): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  842.230227][T13174] BTRFS info (device loop7): using crc32c checksum algorithm
[  842.237989][T13174] BTRFS warning (device loop7): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  842.259275][T13176] input: syz1 as /devices/virtual/input/input27
[  842.282451][ T5922] usb 1-1: USB disconnect, device number 20
[  842.443407][T13174] BTRFS info (device loop7): rebuilding free space tree
[  842.468555][T13174] BTRFS info (device loop7): disabling free space tree
[  842.475614][T13174] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  842.485337][T13174] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  842.500821][T13174] BTRFS info (device loop7): enabling ssd optimizations
[  842.507866][T13174] BTRFS info (device loop7): turning on async discard
[  842.514640][T13174] BTRFS info (device loop7): enabling disk space caching
[  842.521709][T13174] BTRFS info (device loop7): force clearing of disk cache
[  842.528907][T13174] BTRFS info (device loop7): use zstd compression, level 3
[  844.181907][T13208] binder: 13207:13208 ioctl 4018620d 0 returned -22
[  844.620810][   T10] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  844.822742][   T10] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  844.853635][   T10] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  844.890058][   T10] usb 6-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  844.926731][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  844.961399][   T10] usb 6-1: Product: syz
[  844.975391][   T10] usb 6-1: Manufacturer: syz
[  844.991031][   T10] usb 6-1: SerialNumber: syz
[  845.015241][   T10] usb 6-1: config 0 descriptor??
[  845.106286][ T9591] BTRFS info (device loop7): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  845.300509][T13212] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1712'.
[  845.451468][   T58] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN PTI
[  845.463426][   T58] KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
[  845.471924][   T58] CPU: 1 UID: 0 PID: 58 Comm: kworker/u8:4 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  845.482919][   T58] Tainted: [L]=SOFTLOCKUP
[  845.487291][   T58] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  845.497475][   T58] Workqueue: krdsd rds_tcp_accept_worker
[  845.503172][   T58] RIP: 0010:rds_tcp_accept_one+0xa5b/0xd70
[  845.509045][   T58] Code: 00 00 48 83 c3 18 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 a3 92 38 f7 48 8b 1b 48 83 c3 12 49 89 de 49 c1 ee 03 <43> 0f b6 04 2e 84 c0 0f 85 53 02 00 00 44 0f b6 2b bf 08 00 00 00
[  845.532774][   T58] RSP: 0018:ffffc900015f79a0 EFLAGS: 00010202
[  845.538870][   T58] RAX: 1ffff1100b4d7cf3 RBX: 0000000000000012 RCX: 0000000000000000
[  845.546867][   T58] RDX: 0000000000000006 RSI: ffffffff8defa290 RDI: 00000000ffffffff
[  845.554885][   T58] RBP: ffffc900015f7b18 R08: ffffffff9011c2b7 R09: 1ffffffff2023856
[  845.562911][   T58] R10: dffffc0000000000 R11: fffffbfff2023857 R12: ffff888076d18000
[  845.571147][   T58] R13: dffffc0000000000 R14: 0000000000000002 R15: 1ffff920002bef3c
[  845.579241][   T58] FS:  0000000000000000(0000) GS:ffff888125557000(0000) knlGS:0000000000000000
[  845.588273][   T58] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  845.594911][   T58] CR2: 000020000001c000 CR3: 00000000749ae000 CR4: 00000000003526f0
[  845.603008][   T58] Call Trace:
[  845.606306][   T58]  <TASK>
[  845.609319][   T58]  ? __pfx_rds_tcp_accept_one+0x10/0x10
[  845.614897][   T58]  ? do_raw_spin_lock+0x12b/0x2f0
[  845.620231][   T58]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  845.625646][   T58]  ? process_one_work+0x87c/0x1650
[  845.630807][   T58]  rds_tcp_accept_worker+0x1d/0x70
[  845.635977][   T58]  process_one_work+0x949/0x1650
[  845.641316][   T58]  ? __pfx_process_one_work+0x10/0x10
[  845.647087][   T58]  ? do_raw_spin_lock+0x12b/0x2f0
[  845.652143][   T58]  worker_thread+0xb46/0x1140
[  845.656895][   T58]  kthread+0x388/0x470
[  845.660997][   T58]  ? __pfx_worker_thread+0x10/0x10
[  845.666241][   T58]  ? __pfx_kthread+0x10/0x10
[  845.670867][   T58]  ret_from_fork+0x51e/0xb90
[  845.675482][   T58]  ? __pfx_ret_from_fork+0x10/0x10
[  845.680612][   T58]  ? __switch_to+0xc7d/0x1450
[  845.685310][   T58]  ? __pfx_kthread+0x10/0x10
[  845.689917][   T58]  ret_from_fork_asm+0x1a/0x30
[  845.694707][   T58]  </TASK>
[  845.697770][   T58] Modules linked in:
[  845.702275][   T58] ---[ end trace 0000000000000000 ]---
[  845.837328][   T58] RIP: 0010:rds_tcp_accept_one+0xa5b/0xd70
[  845.851678][   T58] Code: 00 00 48 83 c3 18 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 a3 92 38 f7 48 8b 1b 48 83 c3 12 49 89 de 49 c1 ee 03 <43> 0f b6 04 2e 84 c0 0f 85 53 02 00 00 44 0f b6 2b bf 08 00 00 00
[  845.872193][   T58] RSP: 0018:ffffc900015f79a0 EFLAGS: 00010202
[  845.878369][   T58] RAX: 1ffff1100b4d7cf3 RBX: 0000000000000012 RCX: 0000000000000000
[  845.886746][   T58] RDX: 0000000000000006 RSI: ffffffff8defa290 RDI: 00000000ffffffff
[  845.895251][   T58] RBP: ffffc900015f7b18 R08: ffffffff9011c2b7 R09: 1ffffffff2023856
[  845.912809][   T58] R10: dffffc0000000000 R11: fffffbfff2023857 R12: ffff888076d18000
[  845.921104][   T58] R13: dffffc0000000000 R14: 0000000000000002 R15: 1ffff920002bef3c
[  845.929848][   T58] FS:  0000000000000000(0000) GS:ffff888125557000(0000) knlGS:0000000000000000
[  845.939034][   T58] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  845.945702][   T58] CR2: 000055bf3ee46420 CR3: 00000000357b8000 CR4: 00000000003526f0
[  845.975160][   T58] Kernel panic - not syncing: Fatal exception
[  845.981980][   T58] Kernel Offset: disabled
[  845.986319][   T58] Rebooting in 86400 seconds..