last executing test programs:

8m35.503661371s ago: executing program 0 (id=658):
r0 = syz_mount_image$btrfs(&(0x7f0000000000), &(0x7f00000015c0)='./file0\x00', 0x0, &(0x7f0000001600), 0x0, 0x559e, &(0x7f000000ac40)="$eJzs3X9sVeX9B/BzWwoN+C39jhUYfxAgBoMkyJYtjqB4MQa24eKlgsKcCEQlBivYRDcYqUWSZcaghU4EF5GQaDJjscM/FMywy7CMZfzY5hZjs4JSaZZsAzVrHDG69N77XO49l9tembNOXy/SnvPcz3me+9yT88d9X/qcGwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAURUcSc9+d0f3i0ZE1X77/Hz+e+OjGn4zfvX/roVvu23T/gjMjbto5a1nf+mlN8zdsbDjS/PS+ObdGUSLdL5Htf9u136q/88bbvlsdBly+MLOtrS31lJmuJzON4QUP9vcr/FkRRVFVbIDK7PbV7E5FwQC53cbiAQf0Tuui6O7J8ya1dT01bklyYU/xS6df9VBPYKhkr6ue89dSMv27InZErp136SUKLtFM//gF96m8CADgY5mZSm9yb0ezb3Fz7eZ4PdZOxtotsXZ4h9CS37gYmXGHl5rnpHh9iOaZzESFESXnGatnz3+unYr3j7VjUeNjzLPw0GykqS41z7Wx+lDNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCzZOzxo2tWtD2y575fdtQceff9OVc+8KWOw22LT4y8eunKHWum/HTWsr7105rmb9jYcKT56X1zbo2i2nS/RKZ74kTL5b9NjZ3fvXfcG427n6vpq8yOG7bD8g6OXg87s0ZH0cq8Sk8Y9q81UZQqLKSb0Y7iwl3pnW+HAgAAAJ8nX0n/rsi1M3GwqqCdSKfJRPpfkAmL77Quiu6ePG9SW9dT45YkF/Zc/HipEuMlLzherl17/ieRF4xD/I2Pd74eDm0sGmdg8RHjef7SMWPefmty/eSvT5v7xA3PjOru+r8nZ2xJ/bGu5oUrru+tf/a6ovxfO3D+D2dO/gcAAOA/If/HxxnYYPn/jqVTt7z+i2Grft3a8MTB+h1/bv3OMzsXneq54Ud9L09N3v7o1UX5f1LBUxbl/zDjkP8roovL/wAAAPBZ9t/O/8micQY2WP5vONM3+wcHX6vr+PucxXt+9dAVi8+e/tv8U7t3DV9zR8v6uoeuLMr/M8vL/8Pypx0e/F2Y8OrRUTSz/JMKAAAAFAj/737+o4WQ1zOfHMTz+rX/vKp5380ffPMbD97zpzff/s2xA7MnrdteN/PgyzfVf1j5ve3dRfk/WV7+r/p0Xi4AAABQhuePrpw773jPucfPvtB18vDu3pMznjyzrqnvdOslLatXbTr2WlH+T5WX/0cMzcsBAAAALuDeO59bsfnVl/oe2H/X2Ck9FVc1XpK4ZduOqU0TPuq8tPfy7VuL8v/y8vL/yOw2u/Ih06kz/BVC6+goqu7fWZspHIparskVAAAAgE9IyOlbP1ixbOzOsb3jj59+rObQG4dn/2Vt55yN13RXdW/uXNZ4WdH9AkJiL3X//3Cng7D+v+D+f0Xr//MKmbv+zXZjAAAAAL6Iitfzh9vjZ765oNT375e7/n9J3cQTiba33lv11XMHzo1ZsP/7129aV9/be8+El37/wz9M/6i6KP83l5f/K/O3n+T3/wEAAMBF+F/7/r+lReMMbLD7/zdV9DWsWrd3+uota7csTCw7UH3qwdV731+w5l9Tb36+qea6A0X5v6W8/B+2o/JfXkc4P5tGR9H4/p3s3QR/Hqa7OlZor8orZE58rMeNoUe20D4ir5C2Ntbja6OjaHL/TnOs8P+h0BIrnK3JFnbFCsdCIXs95Ap7YoWOcKVtq8lON154MRSyCyzawwqKUbklEbEe75Xq0V+4YI+u3JMDAAB8oYTwnM2yVYXNKB5l2xODHTBysAMqBjugcrADhsUOiB9Y6vFoeWEhPH575yMbNjVMSb7y8NzHfvbms40T9j1+WV3v5g9f2XbvxJ3TW6YW5f9d5eX/cCqGZzal1v9HYf1/9nsNc+v/l4dCbazQHgqp+B0DUuE5MmH34fActalsj7PjcwUAAAD4XAufC1QO8TwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/s3evcdJVd0JAj/d9INumqaNE9GMk3TUgGakaWwNw+AoaoxGRZpZddxkNBBoEGmE8FgFURtQZxziZ3ztrJnoCAoiu+qHGFeDwUhcxIw6iWLiA/Cxjq7r+h6VGM2E/XTfOkXVrS67EFDa+X7/6DpVv/O89eg69946FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/xjuPfjlk4YunP0PHzace8nqqqmL/kfH6Mv+cNW3vvjUPy5b9G9h/i9GnLll3kEXHjd/wbR/6Vi++ogzQmjtKleWFC977oqvPtS613HP3jFw48wbb63fUpWpNxMP/Tr/lGfuXBxbfbF/CHeXhVCRDgypSwKVmft1sb5960LYI2wLZEu01SYl0g2HB2pCWBK2BbJVra4JoS4ncMqG+++7vDNxTU0IXwkhVKfbeKY6aaMmHRhUlQRq04HpFUngt1sT2cBPypMA7LD4Zsi+6Fe15mdo6L5ckddf5U7r2KcrPbw+MdFQPN/rR+3iTuWoSj/QukNPW0F17BIFb4+13m294N1WsJ2v8LTlfpHKfEPZui1UHcontk0aP6d9dnykPDQ19SlW0y56np9+e/6E7Un3mtdh7EDDTnkdXvrYiun9lo2+9OrNvxqz4ayaA3a0m0/lbNLc9K5WHTKvuV7zPEajfJ70grdfwbekRl+6Qghbzz17xtfnTDz7iD63PLnu1QcfrNty9pwFvzhz4nmLLj55w7/Pf6lg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MvFmfzM0BAACg1+gNe01Xnv/6X73+/bWtMxed/u23Dj73w71afz3i/gFVB7yxrqn1/I2ff6Vg/t9Y2vH/eMi/Lne0a0MY1ZVYNCCEvbseTwIrY3e+OyCEL3elWvMDR6UCa0PYpytxULaqVIm+sURjKvByfSYwKhVYHwOtqcDyGLgiFbg4BlalAhNiYG0qcHQMhCn54/hqfWYcJQdqYmBcshFXxbMQ3qmPraW21aZsVQAAADtJZnZYmX8351yHHc0Qp5eranrKEM/ALpqhOlVDegabnVYVraGipxrKe6ohO+6Ojx5+Qc1lPdVccBpGWX6GG9f85X2LXjzsC2P3mvj5xUMvmPKz8eGst++uerx5yYtv7XvEzesK5v/NHz3/r+6mI2UFx/9DGNv1N+Yuz0Tas/FxrXkZAAAAgB1w0R//xR61Lw85oGHT+2X3zl/7xKMrfrl5j1NOf3/c8a//8PCaxnsL5v+jSjv/P+4T6ZOTOTwSd0NMHRBCc34gqXZkYSA56t0vEwAAAIDeIHs8PnssfErmNjlFOz2fLszfup3544H/Ud3m//09/7P2jq3/+mLZBd89d0TNgKX/9GrHhBNOPvqW47/1zj4VB/yyvGD+31ra+f+1+bdJJ9bHXlw9IIS+OYEHYy87A10aY+D5I/MDmfGvjxtgcawqc2JCtqrFscS4GGhOBZYUK/FotsTe+YHMk5VtfFF2HFMyJXICAAAA8ImLuwPicfl4/n/LGSNO++vvzfrbha88eN7qCy75q+Ed80eedP/THzbMvXJp2PTmEQXz/3Hbd/5/1zy44PT+9n4hDK0IoU/6hwGP1CYLA8ZAXVkmcW9tUlefdFULa0MY2TmwdFUvZNb/r0ivMfh4TVJVDOy93y1vD+pMLKsJYWhu4IlvLz2sMzEnFcg2flpNCF/qHG268bv6Jo1Xphu/tm8IX8wJZKua0DeEzsaq0lX9r+rMdQzSVa2qDmHPnEC2quHVIcwNAPRW8X/pxNwHZ82dN3V8e3vbzF2YiDvxa8KkKe1tTROmt0+sLtKniak+561jtKBwTKVe+mZTZo2ixSsnV5aSzv5QsDm3rcyO/IIzBzP345ehyq5xHlKZd7clPeQD9y9sIuR8lSo25PJdPOTa3Eq2PYkF9cf8VaFf6DtnVtvMpvPGz549c1jyt9TshyR/43GmZFsNS2+r2u76VsLLo+hyWSkfd1sNyq1k6OxpM4bOmjtvyJRp4ye3TW47p+XQP2sZMXz410YM7RxUc/K3h5EO6q7m1Ei3Li1xWDtxpF+oyKnkk/jQkJCQ6G2J/f7L5odH77n+nOt/9tqPz+/3zdPu3fvImT889KqpD1Xve/ji24ccWDD/n/HR8//4qRM/+DPrMxQ7/t8QD/Mnj287zD8uBpaUevy/odjR/OyJAY2pQEcMdDjMDwAAwGdD3B0Z92bGndKbb1m/buOSlrk/aHin5dY17Utvuum+U39y58ATvjQ47LXhuhM+VzD/7yjt9/87af3/7NL1JxRb5v+gWKK52Pr/6WX+s+v/dxRb/z+9zH92/f8ln8L6/3OygdQmecf6/wAAwGfBJ7f+f4/L+6cvEFCQocfl/dMXCCjI0OMy/qVeIGC71/9f8+Bff6Wq35g7/qTlN/WXvPZ39xzWeuS6zTP/5Etb10+877qxt6wpmP9fUdr838L9AAAAsPv4z5ddU3H02Xff0bJu6sZxbw5+98m3lgzq80HF0Q+3j3xh4Bu3nlcw/19S2vz/k1//LxQ7/7+xWKC12MKA1v8DAACglyq2/t89Q1sa/zCm/x+eHvab5Q/ePPqnj/z898v3+/mJPyvfZ8Gxz8+8bFLB/H9VafP/eNpFeV7u2JsP65M17UJ6Tbs367M/GQAAAIDeoTw0NVWWmDdvYdSjPn6bT2eWAv2odK7vvXLt2ZtfmH7c46ev+7uaEwbvOWHaBasa/2b4gXd+ftQley7ddGrB/H9tafP/vN9lXPrYiun9lo2+9MOrN/9qzIazag7YdvwfAAAA2HVK3S8BAAAAAAAAAAAAAAB8+s7tWHzhI8uOfe+bt//F/kcseXXwbXcd+Lsh/V664qoHJq1648zJXy/4/X8Y21Wu2O//43X/4u8L/igvd2y15/X/MvdPOfH2uV1LFj5SH8L+uYGpC6fuETLX5h+cG7jvjIMGdiYWpkusefbolzoT30kHjh/yuS2dicNTgXFxkcR90oF4VcUt/VOBuLzi4+lA3B6r0oGqTOCy/sk4ytLb6pW6ZFuVpbfVxroQBuQEstvq7rqkjbL0AK9JBbID/F46EAd4ciZQnu7V7f2SXsVAXSx6Q7+kVwAA7Lbit8DKMGlKe1tz/Aofb79QkX8b5S1ZtqCw2rISm9+UWZps8crJlaWk+6S/i2671nhlqO4cwrCCr6u5Wcq6Rrlzaulh0/1RkSH3tNpbeZFyadu76aqKj6gmGVHThOntEyt7HHhLz1kOqegxy7CCyU5ulvKuTVpCLSX0pYQRlbhtSuhyvF8empr6pHL9eQw2hDw9vSJK/b1+7jp/xV4FuXluO/TKt758zE+f++CfP/9E/2+cVnP7rO+/e+KvX7//wEOOuG5C05otBfP/htLm/9W549qSuRhAR7yy3sgBIYwrcUQAAADw2XfbRbfecfr09a9MWlvx5GOPTS0fc3rl1vl3zp93ycZ7Fx9/2cErdjR+2Fm//f5vBu//b89e9dJPR+7zwA03/58nD3v8z3//8I8eeqduZZ+x7xXM/xtLm//HPViZQ8HJ3o618fr/iwaE0HVp/YYksDIO97sDQvhyV6o1lkguqH9CLNGcBFbGHSYHxRLjWvOr6hsDq1KBl+szgbWpwPoYyOyluCVkduVcWR/CYV2psfklZsQSDanAmBhoTAWaYqA5FegfA6NSgdf6ZwKtqcDDMRCm5G+rH/fPbCsAAIDtkZlnVebfDel53qqKnjKU9ZShtqcM5T1lqO4pQ7FRxPt3xAyVqZNXynIyVaZrrUnVUpAhXgx/u/tVkCE8mp8zXbCg6Xj+QfZ8g7L8DFf+4NlT1w+e/tDqzcd8beBt/zhkz4Obp9e9t+CGp3475pzrnv/TQQXz/+bS5v+1+bdJ6+vj/H/b9f+SwIOxe1fHU8cbY+D5I/MDmR0D6+Nkd3G2qtZMicykfXEsMSoGGlOBGTEwKhUYNzYTWDIwP5CZaWcbX5RtfEqmRE4AAAAAPnFxB0HcTRPn/zce9YOr3x8wccuyeTPvH9vyxMmjv3H1XT+6d/9ld767YvCAce99p2D+P6q0+X9sr19uYxfH3rzYP4S7y7b1JhsYUpcE4n6Muvjz+H3rQtgjZwdHtkRbbVKiKtVweKAm+YV6Vbqq1TXJGgPx/ikb7r/v8s7ENTUhfCVn70u2jWeqkzZq0oFBVUmgNh2YXpEE4p6fbOAn5UkAdlh2r2B8QWVOdclq6L5ckdffZ+WaoOnhFewD7SZfd7+52lWq0w9k9qlmbd/TVlAdu0TB22Otd1tvfLc1eLflfpHKfEPZui1UHcontk0aP6d9dnwk95esBXbR85z7K9VS0jvhddjx8Xvbs+p0B5pTHx/N3Zfr/nVYFqu79LEV0/stG33p1Zt/NWbDWTUHlNyNIuIPhX+05X9XPpWzeXe16pB5zfW6z5NWnye98d9Ao6cthHDZ9cfsu+TdX+/33A3Pnbqu7Maxr/7lrHs2Lf+bysNHrXv/yaGjLy+Y/7eWNv+vSN12+V3cmLMGhHBgzsZ9JG7+YwYkn4M5geRTcs/CQHLI/V/ri35yAgAAwM6W3d2R3V8wJXObnBCenicX5m/dzvxxf8WobvOX2u9j121cedLQN6474G8vOPGNv7/28Kceuv6ysnXL//vYD1avuXzxe08UzP/HffT8v2+qm47/O/7PLuL4f7d2913RfdMPdOzQruiC6tglHP/v1u7+bnP8v1uO/zv+3x3H/3vg+H+3dvenreBb0gxfujonwdff+fPfTbzpg7mN+x180lPPHDrxun+6quXuu0555b+de9601761uWD+P6O0+b/1/7pftC+7/t+4Yuv/zSi2/l+H9f8AAIBdqshCc+l5XsHqfQUZ0qv3FWTocYHAHpcYtP7fdq//t3Dkv1904Q+fb7n2nTvHXb5m07Fnvvr0utXPzFpx3Lnnv9V6112tBfP/jtLm//Hl0C+39d6y/l/j2CJVXREDMywMCAAAwO6o2A4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPl2HnvbO+5d8/R/aBv1ixc1/f+v/+7/P1q594JvfuGn4L6f86RllazZcM+LMLfMOuvC4+Qum/UvH8tVHnBHClK5yZUnxsueu+OpDrXsd9+wdAzfOvPHW+i3VmXorM7d/nJc7tvphfQhLch6pi4k36zvvbAuccuLtcys6E4/Uh7B/bmDqwql7dCaW14cwODdw3xkHDexMLEyXWPPs0S91Jr6TDhw/5HNbOhOHZwJl6e5e1z/pblm6u5f3D2FATiDb3bP751eVbeO4TKA83caKuqSNGKiLRa+tS9qIgfZYYkrfEIZWhNAnXdU/VydV9UlXdU91UlWfdFUXVYcwMoRQka7quaqkqor0yB+tSqqKgb33u+XtQZ2JpVUhDM0NPPHtpYd1JmamAtnG/1NVCF/qfMmkG/9xZdJ4Zbrx/1oZwhdDCFXpEu9VJCWq0iVeqAhhz5zAto1YEcLcwGdD/PSZmPvgrLnzpo5vb2+buQsTVZm2asKkKe1tTROmt0+sTvWpmLKc9NYFH3/sm96eP6HzdvHKyZWlpCsy5Sq7unxIZd7dlt2997FftbmVbHs+CuqP+atCv9B3zqy2mU3njZ89e+aw5G+p2Q9J/vbJRJNtNay3bKtBuZUMnT1txtBZc+cNmTJt/OS2yW3ntBz6Zy0jhg//2oihnYNqTv7ujJEu/eRH+oWKnEo+ife/hIREb0uU5326Ne/un+MFX/S3dbQyVHd9QBdMK3KzlHWNcmcM+qiPOeKP8zWlxxENK5g4FGQ5pOcsLQWTiW1ZapIsXV/rCiaHuTWVd23SeL88NDX1KbYdGvLv5m7e13dg8z6d2XSlpgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAA//8fSxmR")
ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r0, 0x50009418, &(0x7f00000044c0)={{r0}, 0x0, 0x4, @unused=[0x0, 0x673, 0x81, 0x5], @subvolid=0x2380})

8m34.045951641s ago: executing program 0 (id=684):
r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x2ffe, 0x2)
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000000)=0x1)

8m33.727690246s ago: executing program 0 (id=688):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="021831020b00000000000000fddbdf25030005000000000002000300e00000010000000000000000030012003c80000002004e20ac1414bb0000000000000000030006000000000002"], 0x58}}, 0x0)

8m33.451381842s ago: executing program 0 (id=693):
syz_mount_image$cramfs(&(0x7f0000000240), &(0x7f00000006c0)='./file1\x00', 0x8080, &(0x7f0000000c40)=ANY=[], 0xfe, 0x158, &(0x7f0000000040)="$eJzs0E9LKlEYBvDnMHPV+8crF25gQSa0aEhMmbBWURoJQjZQuGlTYBMJipFQrsKIdi2Cti6soJX4FSxrYymEfYk2rl0WR8ciCPwAPb/NMM953+fAWZpravAChy50LWYzu3tmLmdueVeNeHTtpVoNy9wGoPPpvDd/EwZ25FcF2keAjO+cwHYqbU4lsw450w4DGoDIbyzIPCizf8Avmf3HO7mvjQO1od6+/kU2bWUjKhBx9TLZ93oBTMg+O4BU2rRbnfmir1J+WGnUY/7J61EFJzHf2A/rrJ97zFM9Onz1x60gYd5fIiLk3nOg7n8KVMqtZiO+bMwD0PUZARSCoZbx2IiFCmdQN+z7wLoABD7uscHtURMOHAvgvNvVvhVOALVSx8j8nS1Z9zsOFC8g8sXkpiL/fwKKBtF/DhsGEIMGiIiIiIiIiIiIiIiIiIjo23gLAAD//03YXHc=")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})

8m33.181859394s ago: executing program 0 (id=700):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SCSI_IOCTL_START_UNIT(r0, 0x5)

8m32.638110417s ago: executing program 0 (id=713):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x10, 0x11, 0x0, 0x1, @counter={{0xc}, @void}}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x4}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xd4}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

8m32.276460417s ago: executing program 32 (id=713):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x10, 0x11, 0x0, 0x1, @counter={{0xc}, @void}}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x4}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xd4}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

8m16.502495459s ago: executing program 5 (id=960):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000740)={'vlan0\x00', &(0x7f0000000240)=@ethtool_cmd={0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x5, 0x0, 0xa, 0x4, 0x0, 0x5, [0xfffffff9, 0xfffffffe]}})

8m16.294192257s ago: executing program 5 (id=963):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000002340)={0x0, 0x0, &(0x7f0000002300)={&(0x7f0000002280)={0x1c, 0x1, 0x4, 0x3, 0x0, 0x0, {0x3, 0x0, 0xa}, [@NFULA_CFG_CMD={0x5, 0x1, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x6000890}, 0x48800)

8m16.198038811s ago: executing program 5 (id=966):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
getsockopt$inet_int(r0, 0x0, 0x13, 0x0, &(0x7f0000000c00))

8m16.032206425s ago: executing program 5 (id=970):
syz_mount_image$exfat(&(0x7f0000000000), &(0x7f0000000200)='./bus\x00', 0x2a10812, &(0x7f0000000580)=ANY=[@ANYBLOB='dmask=00000000000000000002621,utf8,umask=00000000000000000200000,namecase=1,discard,errors=remount-ro,umask=00000000000000000200004,umask=00000000000000000003377,namecase=1,utf8,iocharset=iso8859-4,iocharset=cp874,dmask=01777777777777777777770,errors=remount-ro,uid=', @ANYRESDEC, @ANYRES32, @ANYRESOCT=0x0, @ANYRES64=0x0, @ANYRES64, @ANYRES8, @ANYRES32, @ANYRES32, @ANYRES8, @ANYRES8, @ANYRESDEC, @ANYRESOCT], 0x21, 0x1508, &(0x7f0000002080)="$eJzs3AvYTdX2MPAx5pyLl6Sd5D7HHIudXkySJJckuSRJcuRIbglJkiRJ5X5LckvIPck9JLeQ3O+33JMkSZKE5JbM79Hf+XRO53yd8/+f/+P5zjt+z7Oed4691phrrD3286619n72/q7dgEp1KpevxczwP4L/9aczAKQAQG8AuA4AIgAonqV4lkvrM2js/D/bifj3enjK1a5AXE3S/7RN+p+2Sf/TNul/2ib9T9uk/2mb9D9tk/4LkZZtmZrzelnS7iLv/6dlcv7/D3Ko8Kiv1hW+sf2/kCL9T9uk/2mb9D9tk/6nbdL/tE36n7ZJ/9M26b8Qadl//71j+ezgP2G52q8/IYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBpw9lwhQGAv4yvdl1CCCGEEEIIIYT49wnpr3YFQgghhBBCCCGE+N+HoECDgQjSQXpIgQyQEa6BTHAtZIbrIAHXQxa4AbLCjZANskMOyAm5IDfkAQsEDhhiyAv5IAk3QX64GVKhABSEQuChMBSBW6Ao3ArF4DYoDrdDCbgDSkIpKA1l4E4oC3dBObgbysM9UAEqQiWoDPdCFbgPqsL9UA0egOrwINSAh6Am/AlqwcNQG/4MdeARqAuPQj2oDw2gITT6b+W/BC/DK9AROkFn6AJdoRt0hx7QE3pBb3gV+kDK5eemPwyAgTAI3oDB8CYMgaEwDN6C4TACRsIoGA1jYCy8DePgHRgP78IEmAiTYDJMgakwDd6D6TADZsL7MAs+gNkwB+bCPJgPH8ICWAiL4CNYDB/DElgKy2A5rICVsApWwxpYC+tgPWyAjbAJNsMW+AS2wjbYDjtgJ+yC3fAp7IHPYC98Dvvgi38x/8zf5LdHQECFCg0aTIfpMAVTMCNmxEyYCTNjZkxgArNgFsyKWTEbZrs5B+bAXJgL82AeJCQAZMyLeTGJScyP+TEVU7EgFkSPHotgESyKt2IxLIbFsTiWwBJYEkthKSyDZbAslsVyWA7LY3msgBWwElbCe/FevA+rYlWshtWwOlbHGlgDD+WuibWwFtbG2lgH62BdrIv1sB42wAbYCBthY2yMTbAJNsNm2BybYwtsgS2xJbbCVtgaW2MbbINtsS22w3bYHl/EF/ElfAlfwVewE1ZQXbArdsXu2B17Yi/sha9iH3wNX8PXsR/2xwE4EAfiGzgYT+MQHIrDcBiWVSNwJI5CVmNwLI7FcTgOx+N4nIATcSJOxik4FafhNJyOM3AGvo+z8AP8AOfgHJyH83E+LsCFAy+/wnAJLsVluBxX4EpcgatxDa7Gdbge1+FG3IibcTN+gp/gNtyGO3AH7kIDgJ/iZ/gZ9sN9uA/34348gAfwIB7EQ3gID+NhPIJH8CgexWN4DI/jCTyJJ/AUnsLTeAbP4lk8j+fxAj6f65vauwqs7QfqEqOMSqfSqRSVojKqjCqTyqQyq8wqoRIqi8qisqqsKpvKpnKoHCqXyqXyqHOKFClWscqr8qqkSqr8Kr9KVamqoCqovPKqiCqiiqqiqpgqpoqr21UJdYcqqUqppr6MKqPKqma+nLpblVflVQVVUVVSlVVlVUVVUVVVVVVNVVPVVXVVQz2kaqou2BMfVpc6U0f1x7pqANZT9VUD1VC9gY+pxmowNlFNVTP1hBqKQ7CFauxbqqdVKzUSW6tn1Sh8TrVVY7CdekG1Vy+qDipSL6smvqPqpCZgF9VVTcbuqofqqXqp6VhRXepYJfW66qf6qwFqoJqHb6jB6k01RA1Vw9RbargaoUaqUWq0GqPGqrfVOPWOGq/eVRPURDVJTVZT1FQ1Tb2npqsZaqZ6X81SH6jZao6aq+ap+epDtUAtVIvUR2qx+lgtUUvVMrVcrVAr1Sq1Wq1Ra9U6tV5tUBvVJrVZbVGfqK1qm9qudqidapfarT5Ve9Rnaq/6XO1TX6j96kt1QH2lDqqv1SH1jTqsvlVH1HfqqPpeHVM/qOPqhDqpflSn1E/qtDqjzqpz6rz6WV1Qv6iLKijQqJXW2uhIp9PpdYrOoDPqa3Qmfa3OrK/TCX29zqJv0Fn1jTqbzq5z6Jw6l86t82irSTvNOtZ5dT6d1Dfp/PpmnaoL6IK6kPa6sC6ib9FF9a26mL5NF9e36xL6Dl1Sl9KldRl9py6r79Ll9N26vL5HV9AVdSVdWd+rq+j7dFV9v66mH9DV9YO6hn5I19R/0rX0w7q2/rOuox/RdfWjup6urxvohrqRfkw31o/rJrqpbqaf0M31k7qFfkq31E/rVvoZ3Vo/q9vo53Rb/bxup1/Q7fWLuoP+RV/UQXfUnXRn3UV31d10d91D99S9dG/9qu6jX9N99eu6n+6vB+iBepB+Qw/Wb+oheqgept/Sw/UIPVKP0qP1GD1Wv63H6Xf0eP2unqAn6kl6sp6ip+qel2ea+U/kv/N38vv+uvfNeov+RG/V2/R2vUPv1Lv0br1b79F79F69V+/T+/R+vV8f0Af0QX1QH9KH9GF9WB/RR/RRfVQf08f0cX1Cn9M/6lP6J31an9Fn9Dl9Xp/XFy4/B2DQKKONMZFJZ9KbFJPBZDTXmEzmWpPZXGcS5nqTxdxgspobTTaT3eQwOU0uk9vkMdaQcYZNbPKafCZpbsLLJ01T0BQy3hQ2Rcwt/0q+yW9uNqmmwF/l/1F9jUwj09g0Nk1ME9PMNDPNTXPTwrS49VIdrUwr09q0Nm1MG9PWtDXtTDvT3rQ3HUwH87J52XQ0HU1n09l0Nd1Md9PD9DS9TG/zqulj+pi+pq/pZ/qZAWaAGWQGmcFmsBlihphhZpgZboabkWakGW1Gm7FmrBlnxpnxZryZYCaYSWaSmWKmmGlmmpluppuZZqaZZWaZ2Wa2mWvmmvlmvllgFphFZpFZbBabJWapWWqWm+VmpVlpVpvVZq1Za9ab9Waj2WiWpN9itpitZqvZbrabnWan2W12mz1mj9lr9pp9Zp/Zb/abA+aAOWgOmkPmkDlsDpsj5og5ao6aY+aYOW6Om5PmpDllTpnT5rQ5a86a8+a8uWAumIvm4qXLvkhFKjKRidJF6aKUKCXKGGWMMkWZosxR5igRJaIsUZYoa3RjlC3KHuWIcka5otxRnshGFLmIozjKG+WLktFNUf7o5ig1KhAVjApFPiocFYluiYpGt0bFotui4tHtUYnojqhkVCoqHZWJ7ozKRndF5aK7o/LRPVGFqGJUKaoc3RtVie6Lqkb3R9WiB6Lq0YNRjeihqGb0p6hW9HBUO/pzVCd6JKobPRrVi+pHDaKGUaN/6/whnM7+uO9oO9nOtovtarvZ7raH7Wl72d72VdvHvmb72tdtP9vfDrAD7SD7hh1s37RD7FA7zL5lh9sRdqQdZUfbMXasfduOs+/Y8fZdO8FOtJPsZDvFTrXT7Ht2up1hZ9r37Sz7gZ1t59i5dp6dbz+0C+xCu8h+ZBfbj+0Su9Qus8vtCrvSrrKr7Rq71q6z6+0Gu9FuspvtFvuJ3Wq32e12h91pd9nd9lO7x35m99rP7T77hd1vv7QH7Ff2oP3aHrLf2MP2W3vEfmeP2u/tMfuDPW5P2JP2R3vK/mRP2zP2rD1nz9uf7QX7i71ow6WL+0undzJkKB2loxRKoYyUkTJRJspMmSlBCcpCWSgrZaVslI1yUA7KRbkoD+WhS5iY8lJeSlKS8lN+SqVUKkgFyZOnIlSEilJRKkbFqDgVpxJUgkpSSSpNpelOupPuorvobrqb7qF7qCJVpMpUmapQFapKVakaVaPqVJ1qUA2qSTWpFtWi2lSb6lAdqkt1qR7VowbUgBpRI2pMjakJNaFm1IyaU3NqQS2oJbWkVtSKWlNrakNtqC21pXbUjtpTe+pAHehlepk6UkfqTJ2pK3Wl7tSdelJP6k29qQ/1ob7Ul/pRPxpAA2gQDaLBNJiG0FAaRm/RcBpBI2kUjaYxNJbG0jgaR+NpPE2gCTSJJtEUmkLTaBpNp+k0k2bSLJpFs2k2zaW5NJ/m0wJaQItoES2mxbSEltAyWkYraAWtolW0htbQOlpHG2gDbaJNtIW20FbaSttpO+2knbSbdtMe2kN7aS/to320n/bTATpAB+kgHaJDdJgO0xE6QkfpKB2jY3ScjtNJOkmn6BSdptN0ls7SefqZLtAvdJECpbgMLqO7xmVy17rM7jr3t3EOl9PlcrldHmddNpf9r2JyzqW6Aq6gK+S8K+yKuFtc6qUL3t/EJV0pV9qVcXe6su4uV+53cRV3n6vq7nfV3AOusrv3r+Lq7kFXwz3iarpHXS1X39V2DV0d94ir6x519Vx918A1dM3dk66Fe8q1dE+7Vu6Z38UL3EK3xq1169x6t8d95s66c+6I+86ddz+7jq6T6+1edX3ca66ve931c/1/Fw9zb7nhboQb6Ua50W7M7+JJbrKb4qa6ae49N93N+F08333oZrlFbrab4+a6eb/Gl2pa5D5yi93Hbolb6pa55W6FW+lWudX/t9blbqPb5Da73e5Tt9Vtc9vdDrfT7fo1vnQce93nbp/7wh1237oD7it30B11h9w3v8aXju+o+94dcz+44+6EO+l+dKfcT+60O/Pr8V869h/dL+6iCw4YWbFmwxGn4/Scwhk4I1/DmfhazszXcYKv5yx8A2flGzkbZ+ccnJNzcW7Ow5aJHTPHnJfzcZJv4vx8M6dyAS7IhdhzYS7Ct3BRvpWL8W1cnG/nEnwHl+RSXJrL8J1clu/icnw3l+d7uAJX5Epcme/lKnwfV+X7uRo/wNX5Qa7BD3FN/hPX4oe5Nv+Z6/AjXJcf5XpcnxtwQ27Ej3FjfpybcFNuxk9wc36SW/BT3JKf5lb8DLfmZ7kNP8dt+Xluxy9we36RO/BL/DK/wh25E3fmLtyVu3F37sE9uRf35le5D7/Gffl17sf9eQAP5EH8Bg/mN3kID+Vh/BYP5xE8kkfxaB7DY/ltHsfv8Hh+lyfwRJ7Ek3kKT+Vp/B5P5xk8k9/nWfwBz+Y5PJfn8Xz+kBfwQl7EH/Fi/piX8FJexst5Ba/kVbya1/BaXsfreQNv5E28mbfwJ7yVt/F23sE7eRfv5k95D3/Ge/lz3sdf8H7+kg/wV3yQv+ZD/A0f5m/5CH/HR/l7PsY/8HE+wSf5Rz7FP/FpPsNn+Ryf55/5Av/CFzkwxBirWMcmjuJ0cfo4Jc4QZ4yviTPF18aZ4+viRHx9nCW+Ic4a3xhni7PHOeKcca44d5wntjHFLuY4jvPG+eJkfFOcP745To0LxAXjQrGPC8dF4lviovGtcbH4trh4fHtcIr4jLhmXih95oEx8Z1w2visuF98dl4/viSvEFeNKceX43rhKfF9cNb4/rhY/EBeLH4xrxA/FcPn7KrXjP8d14kfiuvGjcb24ftwgbhg3ih+LG8ePx03ipnGz+Im4efxk3CJ+Km4ZPx23ip/5w/Wd4y5x17hb3C0O4X49NzkvOT/5YXJBcmFyUfKj5OLkx8klyaXJZcnlyRXJlclVydXJNcm1yXXJ9ckNyY3JTcnNyRAqpwePXnntjY98Op/ep/gMPqO/xmfy1/rM/jqf8Nf7LP4Gn9Xf6LP57D6Hz+lz+dw+j7eevPPsY5/X5/NJf5PP72/2qb6AL+gLee8L+yK+oW/kG/nG/nHfxDf1zfwT/gn/pH/SP+Wf8k/7Vv4Z39o/69v453xb/7x/3r/g2/sXfQf/kn/Zv+I7+k6+s+/su/quvrvv7nv6nr637+37+D6+r+/r+/l+foAf4Af5QX6wH+yH+CF+mB/mh/vhfqQf6Uf70X6sH+vH+XF+vB/vJ/gJfpKf5Kf4KX6an+an++l+pp/pZ6XO8rP9bD/Xz/Xz/Xy/wC/wi/wiv9gv9kv8Er/ML/Mr/Aq/yq/ya/wav86v8xv8Br/Jb/Jb/Ba/1W/12/12v9Pv9Lv9br/H7/F7/V6/z+/z+/1+f8Af8Af91/6Q/8Yf9t/6I/47f9R/74/5H/xxf8Kf9D/6U/4nf9qf8Wf9OX/e/+wv+F/8RR/82MTbiXGJdxLjE+8mJiQmJiYlJiemJKYmpiXeS0xPzEjMTLyfmJX4IDE7MScxNzEvMT/xYWJBYmFiUeKjxOLEx4kliaWJZYnliRWJlYkQcm+NQ96QLyTDTSF/uDmkhgKhYCgUfCgcioRbQtFwaygWbgvFw+2hRLgjlAylQunwaKgX6ocGoWFoFB4LjcPjoUloGpqFJ0Lz8GRoEZ4KLcPToVV4JrQOz4Y24bnQNjwf2oUXQvu/3HGFV0LH0Cl0Dl1C19AtdA89Qs/QK/QOr4Y+4bXQN7we+oX+YUAYGAaFN8Lg8GYYEoaGYeGtMDyMCCPDqDA6jAljw9thXHgnjA/vhglhYpgUJocpYWqYFt4L08OMMDO8H2aFD8LsMCfMDfPC/PBhWBAWhkXho7A4fByWhKVhWVgeVoSVYVVYHdaEtWFdWB82hI1hU9gctoRPwtawLWwPO8LOsCvsDp+GPeGzsDd8HvaFL8L+8GU4EL4KB8PX4VD4JhwO34Yj4btwNHwfjoUfwvFwIpwMP4ZT4adwOpwJZ8O5cD78HC6EX8JF+c6aEEIIIcQ/pdsfrO/ydx4zAKAuj7sCwLXbch767XoNABuy/de4h8rVPAEAT3dq9/BflgoVOnfufHnbJRqifHMAIPE3O7gcL4Vm8CS0hKZQ9O/W10O9eJ7/YP7k7QAZf5OTAlfiK/N/+Q/mf+yJYQtKxGez/D/mnwOQmu9KTga4Ei+FZl+8AgBNodg/mD974z+oP8NXYwGa/CYnE1yJr9RfBB6HZ6DlX235Nx645h+vE0IIIYQQQgjxH62HKt3mj+6fL92f5zJXctLDlfiP7s+FEEIIIYQQQghx9T33YoenHmvZsmmbf36Q/l/ZWAYykMH/j4Or/Z9JCCGEEEII8e925aL/ymMZrmZBQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCFEGvSbH/3KAAD/Kz8ndrWPUQghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhLja/k8AAAD//3BjMQc=")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0)

8m15.446395313s ago: executing program 5 (id=983):
syz_mount_image$squashfs(&(0x7f0000000100), &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000027c0)=ANY=[@ANYBLOB="00815fcb6c17c68f239cbc53c40972fb43da14f217bd93e6ebfde5585f63f1c1d8473fe39327852107a2489fc75846dd58657945c3ce4bed7d1452c74577e678a02e6b62c48846f9fea8ff6fd7f9a819961a1a6e18917f75cf633eaefe0f029d5d4b697ca0de784bd4fd4ee47740fafc2d46c7aa1279d7172ac4ec4b9cbe890200000075117934859797825acb3e8e4a67ae59d5e366af500cea3eee7b6bf3bfe9c4ae7b0f7fb33d5f1f72070000000e72da1075d5b83f93f03711b9e9ae0621abdf15468f20abaff300006ddaa87651396da731adf6214f92888f896d3f3d60f5fb009d365da32dd89b8589c3a08956a8ff185ef14e956b950f801b511c6d876127757678102f7b8851a569c0f6bc340fe0dbc1b5b828d9401d0ea1e86a43ececf69580430a29ade4f88535749e90b4d3391e03934cad898a63dad6cacaf559a55ab4b7810337d89efda43d160065705aec490f6ba91096230e5d45f2e74ed77d83f616047a6c6bfad569119396123ec0b842342c7494412ed535df4dcb2d18873b2df25b5fe02a5b29da44b90b2d52726e6886ac84ed4d6d164fd23d9525b8898ad3031c496ccb69d0f06bc00c5b3f19269c81f34c480b5cedce8125337c5aa57ae15d525b9dcc4edce1327f2d3d3eda95cbcf1bd1b362b7b6de289c8380a70035aac04f2641fd37e02c0bde93087f0c42d287d33387b200f3976a9fba9dddeba00ba4b561b767cfc5c9bb1b1572055f052e2f7694e39e1fca3719374528800ea8efb80fa4bb55c68e18b206e84dbfd6241dc879e44125ef713323b8126608b8244a91f900a023ab268b064b6cf0dd1952926dae2f87a37c4927711844eb9507774262a817c99a6d4fc73302b5738833d8eaf67480561ae291394c97d950b4811a326f4c6fb97f27076cb0ad757fc8"], 0x1, 0x1a4, &(0x7f0000000540)="$eJzsVb1OG0EQ/vZufWeniFJHkVLESuwi9vmcROmSCvkBqBGWfRiLMz8+S2DLhan8HjR+Ed6BAkRjCoREYWrQod2dO9YdSIdk0H7S+vtmZmf/rJvZjg4iF8DDYtzCf0jY+IhzxsABfGXKt+YqvnEUV8i+5orL5D8hviCOhqOdZhgGfSHyIJF6MhHZr7iSYuPFWQXgdV6cREH9x1iN98lc8EzWsVflOu9E3McKz5n8ZP47tnAra9nZYtwSYhOAWEf42mowfY4N4FSb85nLwWzE6RxR/ITxA0B10NuvRsPRz26v2Qk6wa7v1/94vzzvt1/d6oaBp36ZtoVF34/gMgBRUwtaPAfgkgrsByyDaUejONNzHa04l74t51qMp7kJ5ykmcqm2W+IJ1vFdxg4n1AkgvEU6tbxSAww2uDRqXDsfEMNCXgYqrb2wPQWD6CuxC3gzcFhJ2hy5xBCpqRHU/06SY0+Ji8QN4hnxnDjpWUkv4nKFK7JKE8DBUXMw6NeES6nU56c+/1O6s0W73jn65YAvLgwMDAwMDAwM3hgeAwAA//9bsl4t")
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x143442, 0x0)

8m15.088311261s ago: executing program 5 (id=990):
setreuid(0x0, 0xee01)
clock_adjtime(0x0, &(0x7f0000000140)={0x930b, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff})

8m14.77410367s ago: executing program 33 (id=990):
setreuid(0x0, 0xee01)
clock_adjtime(0x0, &(0x7f0000000140)={0x930b, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff})

7m10.979733461s ago: executing program 2 (id=2108):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000200)={'sit0\x00', &(0x7f0000000400)={'erspan0\x00', 0x0, 0x40, 0x700, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x1, 0x14, 0x67, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}})

7m10.360959815s ago: executing program 2 (id=2117):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x58, 0x2, 0x6, 0x3, 0x0, 0x0, {0x3}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x0, 0x0, 0x40}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x58}}, 0x0)

7m10.232527414s ago: executing program 2 (id=2119):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd1400fcdbdf250900020073797a30000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)

7m9.924051735s ago: executing program 2 (id=2124):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$nfs(&(0x7f00000001c0)='..\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x85000, 0x0)

7m9.730305481s ago: executing program 2 (id=2128):
r0 = socket$kcm(0x2d, 0x2, 0x0)
sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000000)={&(0x7f0000001180)={0x2d, 0x0, 0x1f, 0x400000}, 0xc, &(0x7f0000001040)={0x0}, 0x1, 0x0, 0x0, 0x408c1}, 0x200c0841)

7m9.375545359s ago: executing program 2 (id=2138):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x900, &(0x7f0000000000)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_DATA_TYPE={0x8, 0x6, 0x1, 0x0, 0xffffff00}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xc}]}, @NFT_MSG_NEWSETELEM={0x2c, 0xb, 0xa, 0x201, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xc0}}, 0x0)

7m9.061590056s ago: executing program 34 (id=2138):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x900, &(0x7f0000000000)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_DATA_TYPE={0x8, 0x6, 0x1, 0x0, 0xffffff00}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xc}]}, @NFT_MSG_NEWSETELEM={0x2c, 0xb, 0xa, 0x201, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xc0}}, 0x0)

6m14.679342883s ago: executing program 4 (id=3054):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x5, [@typedef={0x3}]}, {0x0, [0x0, 0x30, 0x5f]}}, 0x0, 0x29, 0x0, 0x1, 0x5}, 0x28)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000140)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0xcd7f, '\x00', 0x0, r0, 0x1, 0x5}, 0x50)

6m14.477994807s ago: executing program 4 (id=3056):
r0 = socket$inet6(0xa, 0x1, 0x0)
sendmsg$sock(r0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[@mark={{0x14, 0x1, 0x51, 0xfffefffd}}], 0x18}, 0x4000000)

6m14.278586913s ago: executing program 4 (id=3059):
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000140)={0x53, 0x0, 0x6, 0x0, @scatter={0x1, 0x3, &(0x7f0000000400)=[{0x0}]}, &(0x7f0000000040)="008d7acda0b2", 0x0, 0x0, 0x0, 0x0, 0x0})

6m14.111172021s ago: executing program 4 (id=3062):
syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000980)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x3200004, &(0x7f00000010c0)=ANY=[@ANYBLOB='nls=cp863,decompose,umask=00000000000000000010000,uid=', @ANYRESHEX=0x0, @ANYBLOB="2c6e6f6465636f6d706f73652c00acdb50a352b211e5ceaed3e7a8c1731ef4c9512076cc4d573109eadda119088c8af27fda66847216b40d34ab7a25771158753d5ee6febab0d623e193a2f58059d92935253b97ee99dd"], 0x1, 0x6b9, &(0x7f0000000a00)="$eJzs3U1sHGcZB/D/bJx1Nkip26ZtQEi1GqmCRiR2ViVBQmpACOUQoQguvVqJ01jZpJXtorRCZAMUJE6cUA8cilA49IQQQionRDkjIXHh5BuHSNw45AAYzezsem1vHDuOvab9/aTJvLPv1zOP52N37GgDfGpdfD2Huyly8dSl2+X2yr12Z+Ve+2a/nGQySSOZ6K1StJLi4+RCeks+W75YD1c8bJ5X739UTLz/Ybu3NVEvVfvGVv02GdmymxwZbBxKMt0r/nvbw24ar1qqca6sjfeYikHcZcJO9hMH47a6SXetsvHI7ts/b4ED607vvrnJVHI0vbtr+T4g9dXh0VeG8dvy2tTdvzgAAABgr4z8LD/sqQd5kNs5tj/hAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwCdD0fvOwKJeGv3ydIr+9/83h75TvznmcHfpvWvV6ttPjTsQAAAAAAAAANiVFx/kQW7nWH97tah+5/9StXG8+vczeTtLmc9iTud25rKc5SxmNsnU0EDN23PLy4uzwz2rPxJY+nnKnqurq3fqnmdH9jy7Pq7uxkBH/aXBpkYAAAAAAAAA8Kn1g1xc+/0/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcBEVyqLeqluP98lQaE0mOJGkW04PmzbEG+wT8cdwBAAAAwN5r1etjxX97hdWi+sz/fPW5/0jezq0sZyHL6WQ+V6tnAb1P/Y2/dtudlXvtm+WyeeCv/XNHcVQjpvfsYfTMM1WL5wY9Luab+U5OZTqXs5iFfDdzWc58pvONqjSXIlP104uplXut9GPdHO+FdVuXN8b24lC5jO9EFUkr17JQxXY6V5r90Bt1uxNDs/2+mWyY8W6ZneK12jZzdLVel3v0s3p9MExVe354kJGZOvdlNp4ezvvm3O/wONk402wag2dQx9dmKTc3zvRYOT9ar8tc/3hvc77DR2nrM9H9abnVP/qe3zrnyRf/9qfL1xu3bly/tnTq4BxGj2njMdEeysQL28pEp8xEdxeZOLKb+J+cZp2N3lV0Z1fLl6q+x7KQb+XNXM18zmUmszmfmXwlZ9PO2aG8Prd1XqtzrbGzc+3kF+pCeU/6ydC9ad9MPqyizOvTQ3kdvtJNVXXDr6xl6ZltZKloZnSW/j4ylInP1YVyjh8O3XHGb5CJxtq1uR/ds1tn4pf/WU2y1Ll1Y/H63FvbnO/lel2etu+tvzb/6ons0M7Vu1seL8+UP6z0bhvDR0dZ92y/bt2RM1vVHR/Urb/PNZupzude3aPO1HKk5++OGqlX98LIWdpV3YmhunXvcvJmOoN3IQAcYEdfOdps3W/9pfVB60et661LR74+eX7y880c/vPEHw79pvHrxleLV/JBvp9j444UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+CZbeeffGXKczv3gAC2k84QHvjqzqp6L3SvNg7PtWhcP7O+mhnTSe3OqI+m2SLbo3x5HMVpID8DOd62RiH+aazIiqS4NXWkljEE+SGwfkC+6AvXBm+eZbZ5beefdLCzfn3ph/Y/7W2fPnXjvX/vLsnTPXFjrzM71/xx0lsBfW3gaMOxIAAAAAAAAAAABgu3bz3wn+cWl7jUdMW3THsK8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/6eLr+dwN0VmZ07PlNsr99qdcumX11pOJGkkKb6XFB8nF9JbMjU0XPGweV69/9EvXn7/w/baWBP99o0N/X73r9XVHe5Ft14yneRQvX60yW2Nd2VovO4OA+spBntYJuxkP3Ewbv8LAAD///zfBvQ=")
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)

6m13.8144385s ago: executing program 4 (id=3066):
unshare(0x8000000)
shmget$private(0x0, 0xfffffffffeffffff, 0x4800, &(0x7f0000ffc000/0x3000)=nil)

6m13.49073266s ago: executing program 4 (id=3073):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f0000000140)={0x0, 0x1, 0xe}, 0x8)

6m13.155772555s ago: executing program 35 (id=3073):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f0000000140)={0x0, 0x1, 0xe}, 0x8)

4m47.928414327s ago: executing program 6 (id=4668):
r0 = syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1204408, &(0x7f00000000c0)={[{@compress_force}, {@clear_cache}, {@nodatasum}, {@compress}, {}, {@space_cache_v1}]}, 0x0, 0x51ab, &(0x7f000000a440)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd")
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000940)={0x2, 0x1, {0xc9, @struct={0xb578, 0x2}, 0x0, 0x4000000000, 0x4, 0xfffffffffffffff7, 0x1000800, 0x27, 0xda, @usage, 0x5, 0x4, [0x4, 0x8000000000000e3d, 0x1, 0x7fffff7ffffe, 0xe, 0x4]}, {0x2, @usage=0x9, 0x0, 0xd, 0x0, 0x0, 0x200010001, 0x1ff, 0x0, @struct={0x6, 0x6}, 0x8, 0x0, [0xffffffffffffff00, 0x4b04, 0xffc, 0xfffd, 0x7, 0x2e36]}, {0xffffffffffffffff, @usage=0x4, 0x0, 0x80000000000001ff, 0xa, 0xb, 0x8, 0x4, 0x4ef, @usage=0x8, 0x1, 0x20, [0x7, 0x400000000000008, 0x3, 0x4000000000000000, 0x9, 0x9]}, {0x800000bd3, 0x9, 0x20000001}})

4m46.549099203s ago: executing program 6 (id=4688):
r0 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030029000b12d25a80648c2594f90224fc60100c02c000000000053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0)

4m45.908003549s ago: executing program 6 (id=4702):
r0 = socket(0x15, 0x5, 0x0)
getsockopt(r0, 0x200000000114, 0x2716, 0x0, &(0x7f0000000040))

4m45.813280721s ago: executing program 6 (id=4705):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f0000000440)={[{@dmask={'dmask', 0x3d, 0x4ae}}, {@iocharset={'iocharset', 0x3d, 'iso8859-9'}}, {@sys_tz}, {@errors_remount}, {}, {}, {@gid}, {@utf8}, {@sys_tz}, {@sys_tz}, {@keep_last_dots}]}, 0x1, 0x152d, &(0x7f00000034c0)="$eJzs3AuYTtUaOPD3XWvtMSS+JrkMa6138yWXZZIklyS5JEklSXJLSJrkSEJiCEkakpBchiSGkFwmJo37/X5JSJImSXLLLVn/Z8Lf6dT5dy79j/OceX/Psx/rtfZa+93f+13W3jPzfddlSK3Gtas3JCL4t+CFf5IAIBYABgBAXgAIAKB8XPm4rP6cEpP+vYOwP9dDqVc6A3Ylcf2zN65/9sb1z964/tkb1z974/pnb1z/7I3rz1h2tnFqoWt4y74b3//Pzvjz/39IZpkxX60uc11XgJh/dAjXP3vj+v/PCv6Rnbj+2RvXP7uKvdIJsP8C/PrPDnL83R6uf/bG9WcsO7vS95+v9AaR/7LH4HDOC4X5T50/Y4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDH2H3DaX6YA4FL7SufFGGOMMcYYY4yxP4/PcaUzYIwxxhhjjDHG2P9/CAIkKAggBnJALOSEXCAA4GrIA3khAtdAHFwL+eA6yA8FoCAUgngoDEVAgwELBCEUhWIQheuhONwAJaAklILS4KAMJMCNUBZugnJwM5SHW6AC3AoVoRJUhipwG1SF26Ea3AHV4U6oATWhFtSGu6AO3A114R6oB/dCfbgP7ocHoAE8CA3hIWgED0NjeASawKPQFJpBc2gBLf+l8S9AD3gRekIvSILe0Adegr7QD/rDyzAAXoGB8CoMgtcgGQbDEHgdhsIbMAzehOEwAkbCWzAK3obRMAbGwjhIgfEwAd6BifAuTIL3YDJMgVSYCtPgfZgOM2AmfACz4EOYDXNgLsyDNPgI5sMCSIePYSF8AhmwCBbDElgKy2A5rICVsApWwxpYC+tgPWyAjbAJNsMW2ArbYDt8CjvgM9gJu2A3fA574It/cvypvxnfFQEBBQpUqDAGYzAWYzEX5sLcmBvzYB6MYATjMA7zYT7Mj/mxIBbEeIzHIlgEDRokJCyKRTGKUSyOxbEElsBSWAodOkzABCyLN2E5LIflsTxWwApYESthJayCVbAqVsVqWA2rY3WsgTWwFtbCu/Au7I11sS7Ww3pYH+tfuj2FDbEhNsJG2BgbYxNsgk2xKTbH5tgSW2IrbIWtsTW2xbbYDtthe2yPiZiIHbADdsSO2Ak7YWfsjF2wC3bFbtgt84UcgC/ii9gLa4je2Af7YF9MztEfX8aX8RUciK/iq/gaJuNgHIKv4+v4Bg7DkzgcR+BIHIlVxds4GscgiXGYgik4ASfgRJyIWYm+h1MwFafiNJyG03EGzsAPcBZ+iB/iHJyD8zAN03A+LsB0TMeFeAozcBEuxiW4FJfhUlyBK3EFrsY1uBrX4TrcgBtwE27CLbgFt+E2/BQVAH6Gu3AXJuMe3IN7cS/uw324H/djJmbiATyAB/EgHsJDeBgP4xE8isfwKJ7AE3gST+FpPI1n8Syew+fiv2n0aclVySCyKKFEjIgRsSJW5BK5RG6RW+QReURERESciBP5RD6RX+QXBUVBES/iRRFRRBhhBIkwBgBEVERFcVFclBAlRClRSjjhRIJIEGVFWVFOlBPlxS2igrhVVBSVRBtXRVQRVUVbV03cIaqL6qKGqClqidqitqgj6oi6oq6oJ+qJ+qK+uF88IBqI3tgfHxJZlWksBmMTMQSbimZCXnwHayWGYWvRRrQVT4gROBzbi1YuUTwtOojR2FH8RYzBZ0VnMQ67iOdFV9FNdBcviB6itespeolJ2Fv0EVOwr+gn+ouXxXSsKT7AWTlriddEshgshojXxTx8QwwTb4rhYoQYKd4So8TbYrQYI8aKcSJFjBcTxDtionhXTBLvicliikgVU8U08b6YLmaImeIDMUt8KGaLOWKumCfSxEdivlgg0sXHYqH4RGSIRWKxWCKWimViuVghVopVYrVYI9aKdWK92CA2ik1is4iFrWKb2C4+FTvEZ2Kn2CV2i8/FHvGF2Cu+FPvEV2K/+Fpkim/EAfGtOCi+E4fE9+Kw+EEcEUfFMXFcnBA/ipPilDgtzoiz4idxTvwszgsvQKIUUkolAxkjc8hYmVPmklfJ3DK4+OheI+PktTKfvE7mlwVkQVlIxsvCsojU0kgrSYayqCwmo/J6WVzeIEvIkrKULC2dLCMT5I2yrLxJlpM3y/LyFllB3iorykqysqwib5NV5e0SIheOUUPWlLVkbXmXTIK7ZV15j6wn75X15X3yfvmAbCAflA3lQ7KRfFg2lo/IJvJR2VQ2k81lC9lSPiZbycdla9lGtpVPyHbySdlePiUT5dOyg/QXnyLPys7yOdlFPi+7ym6yu/xZnpde9pS9JPQG2Ue+JPvKfrJ/LADIV+RA+aocJF+TyXKwHCJfl0PlG3KYfFMOlyPkSPmWHCXflqPlGDlWjpMpcrycIN+RE+W7cpJ8T06WU2SqnCr7ywG/zDRTyj8c/87vjB/0y9E3yI1yk9wst8itcpvcLj+VO+QOuVPulLvlbrlH7pF75V65T+6T++V+mSkz5QF5QB6UB+UheUgeloflEXlUnpHH5Qn5ozwpT8lT8ow8K8/KcxcfA1CohJJKqUDFqBwqVuVUudRVKre6WuVReVVEXaPi1LUqn7pO5VcFVEFVSMWrwqqI0sooq0iFqqgqpqLqerz4hFGlVGnlVBmVoG78Z8ar4uoGVUKV/NX4S/kl/Z38WqqWqpVqpVqr1qqtaqvaqXaqvWqvElWi6qA6qI6qo+qkOqnOqrPqorqorqqr6q66qx6qh+qpeqoklaT6qJdUX9VP9VcvqwHqFTVQDVSD1CCVrJLVEDVEDVVD1TA1TA1Xw9VINVKNUqPUaDVajVVjVYpKURPUBDVRTVST1CQ1WU1WqSpVTVPT1HQ1Xc1UM9UsNUvNVrPVXDVXpak0NV/NV+kqXS1UC1WGWqQWqSVqiVqmlqkVaoVapVapNWqNWqfWqQy1UW1Um9VmtVVtVdvVdrVD7VA7xU61W+1We9QetVftVfvUPrVf7VeZKlMdUAfUQXVQHVKH1GF1WB1RR9QxdUydUCfUSXVSnVan1Vl1Vp1T59R5dT5r2ReIQAQqUEFMEBPEBrFBriBXkDvIHeQJ8gSRIBLEBXFBvuC6IH9QICgYFArig8JBkUAHJrCBuFj0aHB9UDy4ISgRlAxKBaUDF5QJEoIbg7LBTUG54OagfHBLUCG4NagYVAoqB1WC24Kqwe1BteCOoHpwZ1AjqBnUCmoHdwV1gruDusE9Qb3g3qB+cF9wf/BA0CB4MGgYPBQ0Ch4OGgePBE2CR4OmQbOgedAiaPmnzu/9yQKPu566l07SvXUf/ZLuq/vp/vplPUC/ogfqV/Ug/ZpO1oP1EP26Hqrf0MP0m3q4HqFH6rf0KP22Hq3H6LF6nE7R4/UE/Y6eqN/Vk/R7erKeolP1VD1Nv6+n6xl6pv5Az9If6tl6jp6r5+k0/ZGerxfodP2xXqg/0Rl6kV6sl+ileplerlfolXqVXq3X6LV6nV6vN+iNepPerLforXqb3q4/1Tv0Z3qn3qV368/1Hv2F3qu/1Pv0V3q//lpn6m/0Af2tPqi/04f09/qw/kEf0Uf1MX1cn9A/6pP6lD6tz+iz+id9Tv+sz2uftbjP+ng3yigTY2JMrIk1uUwuk9vkNnlMHhMxERNn4kw+k8/kN/lNQVPQxJt4U8QUMVnIkClqipqoiZriprgpYUqYUqaUccaZBJNgypqyppwpZ8qb8qaCqWAqmoqmsqlsbjO3mdvN7eYOc4e509xpapqaprapbeqYOqauqWvqmXqmvqlv7jf3mwamgWloGppGppFpbBqbJqaJaWqamuamuWlpWppWppVpbVqbtqataWfamfamvUk0iaaD6WA6mo6mk+lkOpvOpovpYrqarqa76W56mB6mp+lpkkyS6WP6mL6mr+lv+psBZoAZaAaaQWaQSTbJZogZYoaaoWaYGWaGmxFmZNZC1bxtRpsxZqwZZ1JMiplgJpiJZqKZZCaZyWaySTWpZpqZZqab6WammWlmmVlmtplt5pq5Js2kmflmvkk36WahWWgyTIZZbBabpWapWW6Wm5VmpVltVpu1sNasN+vNRrPRbDabzVaz1Ww3280Os8PsNDvNbrPb7DF7zF6z1+wz+8x+s99kmkxzwBwwB81Bc8gcMofNYXPEHDHHzDFzwpwwJ81Jc9qcNmdNgYufl97E2pw2l73K5rZX2zw2r/3buKAtZONtYVvEapvfFvhVbKy1JWxJW8qWts6WsQn2xt/EFW0lW9lWsbfZqvZ2W+03cR17t61r77H17L22tr3rV3F9e5/NWp00QASwzWwj28I2to/YJvZR29Q2s81tC9vOPmnb26dson3adrDP/CaebxfYlXaVXW3X2J12lz1tz9iD9jt71v5ke9pedoB9xQ60r9pB9jWbbAf/Jh5p37Kj7Nt2tB1jx9pxv4kn2yk21U610+z7drqd8Zs4zX5kZ9l0O9vOsXPtvF/irJzS7cd2of3EZtgAFtsldqldZpfbFZdy9XntOrvebrA77Gd2s91it9ptdvulhbDdZXfbz+0e+4U9YL+1++xXdr89ZDPtN7/EWed3yH5vD9sf7BF71B6zx+0J+6O6NDrr3I/bn+156y0QEpAkRQHFUA6KpZyUi66i3HQ15aG8FKFrKI6upXx0HeWnAlSQClE8FaYipMmQJaKQilIxitL1dCm9UlSaHJWhBLqRytJNVI5upvJ0C1WgW6kiVaLKVIVuo6p0O1WjO6g63Uk1qCbVotp0F9Whu6ku3UP16F6qT/fR/fQANaAHqSE9RI3oYWpMj1ATepSaUjNqTi2oJT1Grehxak1tqC09Qe3oSWpPT1EiPU0d6BnqSH+hTvQsdabnqAs9T12pG3WnF6gHvUg9qRclUW/qQy9RX+pH/ellGkCv0EB6lQbRa5RMg2kIvU5D6Q0aRm/ScBpBI+ktGkVv02gaQ2NpHKXQeJpA79BEepcm0Xs0maZQKk2lafQ+TacZNJM+oFn0Ic2mOTSX5lEafUTzaQGl08e0kD6hDFpEi2kJLaVltJxW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nT6lHfQZ7aRdtJs+pz30BSF9SfvoK9pPX1MmfUMH6Fs6SN/RIfre96If6AgdpWN0nE7Qj3SSTtFpOkNn6Sc6Rz/TefIEIYYilKEKgzAmzBHGhjnDXOFVYe7w6jBPmDeMhNeEceG1Yb7wujB/WCAsGBYK48PCYZFQhya0IYVhWDQsFkbD68Pi4Q1hibBkWCosHbqwTJgQ3hiWDW8Ky4U3h+XDW8IK4a1hxbBS+Mi9VcLbwqrh7WG18I6wenhnWCOsGdYKa4d3hXXCu8O64T1hvfDesFx4X3h/+EDYIHwwbBg+FDYKHw4bh4+ETcJHw6Zhs7B52CJsGT4WtgofD1uHbcK24RNhu/DJsH34VJgYPh12CJ/5pf++BX+/PynsHfYJXwpfCr2/R86NzoumRT+Kzo8uiKZHP44ujH4SzYguii6OLokujS6LLo+uiK6Mroqujq6Jro2ui66Pboh6XzsHOHTCSadc4GJcDhfrcrpc7iqX213t8ri8LuKucXHuWpfPXefyuwKuoCvk4l1hV8RpZ5x15EJX1BVzUXe9K+5ucCVcSVfKlXbOlXEJroVr6Vq6Vu5x19q1cW3dE+4J96R70j3lnnJPuw7uGdfR/cV1cs+6zu4595x73nV13Vx394Lr4cbnufCaTHJ9XB/X1/V1/V1/N8ANcAPdQDfIDXLJLtkNcUPcUDfUDXPD3HA33I10I90oN8qNdqPdWDfWpbgUN8FNcBPdRDfJTXKT3WSX6lLdNDfNTXfTXdUZF44y2812c91cl+bS3HyXtWZMdwvdQpfhMtxit9gtdUvdcrfcrXQr3Wq32q11a916t95tdBvdZrfZbXVb3Xa33e1wO9xOn/fCpG6P2+v2un1un9vvvnaZ7ht3wH3rDrrv3CH3vTvsfnBH3FF3zB13J9yP7qQ75U67M+6s+8mdcz+78867lMj4yITIO5GJkXcjkyLvRSZHpkRSI1Mj0yLvR6ZHZkRmRj6IzIp8GJkdmROZG5kXSYt8FJkfWRBJj3wcWRj5JJIRWRRZHFkSWRpZFvG+8ObQF/XFfNRf74v7G3wJX9KX8qW982V8gr/Rl/U3+XL+Zl/e3+Ir+Ft9RV/JV/aP+qa+mW/uW/iW/jHfyj/uW/s2vq1/wrfzT/r2/imf6J/2HfwzvqP/i+/kn/Wd/XO+i3/ed/XdfHf/gu/hX/Q9fS+f5Hv7Pv4l39f38/39y36Af8UP9K/6Qf41n+wH+yH+dT/Uv+GH+Tf9cD/Cj4x5y4+6dIkM43yKH+8n+Hf8RP+un+Tf85P9FJ/qp/pp/n0/3c/wM/0Hfpb/0M/2c/xcP8+n+Y/8fL/Ap/uP/UL/ic/wiy7dVPbL/Qq/0q/yq/0av9av8+v9Br/Rb/Kb/Ra/1W/z2/2nfof/zO/0u/xu/7nf47/we/2Xfp//yu/3X/tM/40/4L/1B/13/pD/3h/2P/gj/qg/5o/7E/5Hf9Kf8qf9GX/W/+TP+Z/9ef6bNcYYY4yxf8j4y03x654Lt/N7/84Y8Vc79wGAq7cUyvzr/qwV5dr8F9r9RHy7CAA83avLQ5e2GjWSkpIu7pshISg2B+DST4KyxMDleBG0hSchEdpA2d/Nv5/odpb+YP7oLQC5/mpMLFyOL8//JQAm/c78jz0xcn6F8HTc/2P+OQAlil0ekxMux4ug7S/3V9pAub+Tf4FWf5B/zq9SAFr/1ZjccDm+nH8CPA7PQOKv9mSMMcYYY4wxxi7oJyp3unT9eek3Pn/v+jxeXR6TAy7Hf3R9zhhjjDHGGGOMsSvv2W7dn3osMbFNp3++Ue2P91H/2sy/NJrAv5oYN/6lhvcA/7dwAPBvTgiQ1ZD/ybPY9B85VvLFl87fdi094wP47yjln9G4wm9MjDHGGGOMsT/d5UX/r/9fXamEGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4yxbOjf/Y43+Ae+pe9KnyNjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDF2pf2fAAAA//+Bqfni")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0)

4m45.414538364s ago: executing program 6 (id=4714):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="2400000040000701fcffffff00000100037c0000040042800c0001800600060008"], 0x24}, 0x1, 0x0, 0x0, 0x4008011}, 0xc000)

4m45.178105631s ago: executing program 6 (id=4720):
r0 = syz_open_dev$midi(&(0x7f00000001c0), 0x2, 0x2)
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0205710, 0x0)

4m44.715414699s ago: executing program 36 (id=4720):
r0 = syz_open_dev$midi(&(0x7f00000001c0), 0x2, 0x2)
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0205710, 0x0)

4.944336302s ago: executing program 1 (id=9624):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r0, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0xc)

4.719416012s ago: executing program 1 (id=9626):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000200)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000980)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x1c, &(0x7f00000002c0)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xfffff7dd}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x1}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0x110}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000001b00)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xa, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000}, 0x94)

3.36803695s ago: executing program 1 (id=9632):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x101880a, &(0x7f0000000400)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c61636c2c6673796e635f6d6f64653d7374726963742c696e6c696e655f78617474722c6673796e635f6d6f64653d706f7369782c646973636172645f756e69743d7365676d656e742c6261636b67726f756e645f67633d6f6e2c6e6f696e6c696e655f78617474722c646973636172645f756e69743d626c6f636b2c6673796e635f6d6f64653d7374726963742c617467632c657874656e745f63616368652c6661756c745f696e6a656374696f6e3d30303030303030303030303030303031343033302c00271d57a599b8b169a579679e220c689eaaec4fa6229021e75c68a687d319b615573b0b0ceefba8e2e2419434463974ef8174b66469344931de0ccad650792761"], 0x1, 0x550b, &(0x7f00000079c0)="$eJzs3M1rI2UYAPAn/dhv1yIevO3AIrSwiU0/Fr1V3cUP7FJWPXjSNElDdpNMadK09uTBo3jwPxEFTx79Gzx49iYeFG+Ckpmpbv0AoWlj298PJs+8b94887xhWXhmSgK4sOaSX34qxc24GhHTEXEjIjsvFUdmLQ/PRcStiJh64igV839MXIqIaxFxc5Q8z1kq3vrszvD26o9v/vz1t5dnrn/+1XeT2zUwac9HRHc7P9/r5jFt5fFRMV8btrPYXRkWMX+j+7gYp3nca25mGfZqh+tqWVxu5evT7d3+KG51avVRbLW3svntXn7B/rB1mCf7wKPaTjZuNDez2O6nWWwd5HXtH+T/tx30B3meRpHvwyx9DAaHMZ9v7jfz/Ww/zmK9Nyjm87xpo7k/isMiFpeLetppZHVsHueb/n97q93b3U+GzZ1+O+0lq5Xqi5Xq3XJ1J200B82Vcq3buLuSzLc6o2XlQbPWXWulaavTrNTT7kIy36rXy9VqMn+vudmu9ZJqtbJcWSyvLhRnd5LXHrybdBrJ/Ci+0u7tDtqdfrKV7iT5JxaSpcrySwvJ7Wry9vpGsvHw/v31jXfev/feg5fX33i1WPS3spL5pcWlpXJ1sbxUXbhA+/+4KHqM+4djKU26AICzR/8PTMLJ9f87DyNOvv8P/f9YnKn+9/z1/3svREx0/3As+n8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAvr+9kvXs9O5vLx9WL+qWLqmWJcioipiPjtH0zHpSM5p4s8s/+yfvYvNXxTiizD6BqXi+NaRKwVx69Pn/S3AAAAAOfXlx/d+jTv1vOXuUkXxGnKb9pM3fhgTPlKETE798OYsk2NXp4dU7Ls3/dM7I8pW3YD68qYkuW33GbGle0/mT4SrjwRSnmYOtVyAACAU3G0EzjdLgQAAIDT9MmkC2AySnH4KPPwWXD2l/d/PhC8emQEAAAAnEGlSRcAAAAAnLis//f7fwAAAHC+5b//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7NzP7eJA1EcgJ8NXth/WrTa+7ayNyhjS9jjHiMKSBMUkANpIQ1QA7mlhAgiPA6BiEMkj20l+j7JmYxlfrxBcJgZaQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu3Vfrxe3V7+u2Obt9O3lGAwAAAFyyrdaL+p9Z6n9t7n9vbv1s+kVElBFxae4+ik9nmaMmp3p5/ub0+epVDXcRdcLhPSbN9SUi/jTX44+uPwUAAAD4uDbL1TzN1tOf2dAF0ae0aFN++5spr4iIavaQKa085P3KFFZ/v8fxP1NavYA1zRSWltzGudLepP65H1ftpidNkZry4suORWYbOwAA0KPRWdPvLAQAAIA+/Ru6AIZRxPNW5nErcJKaZnvv81kPAAAAeIeKoQsAAAAAOlfP/3s6/2/v/D8AAAAYRjr/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC5tq/Vis1zN2+bs9u3kGQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyxP+8oEAJhEAZ713cmc//DSoOmpiZVIHz8jcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMX+vKRACARBFMwZ/zvp+x9WEvQMIkRAw6OKWjQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMXO/bzGUcUBAP/OzM7WtooxSg4RUfCgF5tua2tv4kEJHvwThJBua+zWH20QW4qYizfJuRfRo4igxFv/h55b6KXeethDBc/KzM5kp23A9dfMNvl84M377jDM+75ZCPnOewkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtfFb0zgrDguTOK3O3bp/bb3obz/UF25s31kuWhEnbSb9eHih+SFZioij3SUDAADAwZDV9X1E3M13Vos+XSjr/7y+pqj5v31qElf1/Gd1yfpw/V/X/kX75ed7z+0OtDAZp7jpuY3R8PijqfT+rznOu6f/8ope+eTLdy9Z+YWk7249O87L55l8ffPm2/0yPNRGtgDAP3Gs7qug/n2o6AddJgbAgdFrFN51/Z8tdJsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQBvGW3G0jpOIWO5N48Lt+9fW9+pvbN9Zrtvp69e348vpPYtb5BFxbmM0PN7qbObb5StXL6yNRsNL7QcvRkRXo79ZTf/C+zNcHNHJ8xH8R0Fafdnzks/jEXT4QwkAgH0pr1pR19/Nd1aLc8lixB/fPVj/v9KIY8b6/94Hp281x2rW/4PWZjj/VjYvfrJy+crV1zYurp0fnh9+9PqJwRuDk2dOnTqzUr4rWfHGBAAAgH+nX7Vm/Z8uPrr+f6QRx4z1/6ffDL5ojpWp//c0XfTrOhMAAICD7ZmXfv8t2eN80u/H52ubm5cGk+Pu5xOTYwep/m2Hqtas/7PFrrMCAAAA2jDeSh5Y/z/biGPG9f8nv3/+x+Y9s4g4XK3/H1v/eHS2venMtTb+nLjrOQIAANCtw1Vrrv/n5f7/dHfLQxoRr748iat/AzhT/Z+989UPzbGa+/9PtjfFuZQuTZ5H2S9F9Ja6zggAAID97ImqFcX+r/nO6oc/HXmvb/8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQNv+DAAA///fxzxy")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r0, 0x4018f50b, 0x0)

2.690882604s ago: executing program 8 (id=9637):
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
ioctl$FICLONE(r0, 0x40049409, r1)

2.62964773s ago: executing program 8 (id=9638):
syz_mount_image$ocfs2(&(0x7f0000004740), &(0x7f0000004780)='./file0\x00', 0x100000a, &(0x7f0000000080)={[{@noacl}, {@heartbeat_none}, {@localalloc={'localalloc', 0x3d, 0x6d3}}, {@barrier={'barrier', 0x3d, 0x7}}, {@heartbeat_none}, {@acl}]}, 0x1, 0x4703, &(0x7f0000004800)="$eJzs212IXFcBB/BzJ6vZpMl2P9ImafoxSQQXLcumT9X6ENeqjabNh7bVVFlnN9vN6uzMujujBYPUIIiCoARBxQ+qQulLLYiBvtQiFPxAWoVSUbS+iBSq4INBG+jKzNybnXtntneyk7S0/f2gnb3n3nPumf3vPXfOPZNCrHZqYaW4sFIsVYrV2ftXbil+rlquL86FwqvktT4/vbkSOcn+tXPkfR/4yD23hPCHY1/70Orq6mpoGA5dHWj7+fy/T8+2vyYKmTqNdru31vLH+iMv/fwtr3REnhMhhB0d/WrYFEL42C9C2BxCGInLRuPXLSGEbSGEKITw6G/+9ePBfrrQ5uy9Lzx37MzhfWemHn/smQvzR9c9MArhu+XdN88vvrh/023Pv+MynR4AAF7RB48fufvo5IHwZBSGzg10fl7fGb8mn4/vfNun7np4YG3/Kr3Z9CqGCgAAABlr8//h6OUu63XJylqyJPjEAyfufipa229i+/p26K4jt79/8kC8/ht17L81Lvrnezc111Cz677Z9d+RTP3u679r53n4q8/+svLWjfc/6V9y3uEQFSZS24XCxEQIx6Za27uirYVydaX2zvur9crJjZ/3jSKdf3b1fm1Bv9f8RzPV89b/d3/i8z/bMtDPOxgL2b/axnax80+ZLtL5rz+W/+RLUU/5j2Xq5eV/x9Pbz/9qcz/vIHtGLkU6/9aFuK/9gGJrAGjk/82B/Px3ZNrPy//7U+cePbGB7/80xpnhqNHXwdQI8HJcvs5XmMhI598KIjV0xr/I9a7//2XyvybTfl7+d1b/8bu/9XH/X2/8H5/qp803j3T+rSCKqSPWrv+RQv71f22m/bz8f3vqz89+sq97dWf+jf6Pu//3JJ1/fCNOD57N32Sv4//OTPt5+e8au++hhQ30+8Nb4n4ORWGs7Vun5xq3sKG19ermlKaxe2kDJ3kTSOff+q2lLp2h1kvz+h/OH/93ZdrPy/+hPV9/z+m+vv/bffyfNP73JJ3/lmbZpeT/Uib/3Zn28/L/4em//+W+yzz+N7YPyr8n6fy3duxfe/5T6Gn+d12mft7zn32jTz3y1z7m/0n/kvMmz3+S5xDjUev5D92l879q3eN6vf/vydTLu/6/9Z/nn97fz/gfDXoC0Id0/ttahV0mgL3mf32m/bz8v3DPlz/+pw3M/5qf+AaT/Nvm/5tb5UeN/z1J57+9VZj6x1APNv/fvP9Hnbn/N5P/DZn28/K/cGhi4CuX+f7f6P94l0fZdErnP7TucY38f9/D/f/GTL28/L+496cv3tzX5/8QJs31Nyyd/9XrHte8/gfz878pUy8v/+9849dPPNhH/9/eR12y+bfu9anLKf5s3uv8v5hpPy//H42fP7v/Csz/bnX/70k6/9aq+aXkn53/7820n5f/9478YHngCjz/uUP+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGzIavw6HqDCR2i4UJiZCGIu3d4Wt0Uzp5PRMuTr7mZUQdsTlxTAazZerM6Xy9EKlenJuulQuV2dDuCbevyMMRivlam16sbR07cW2tkSn5krLtZm5Ui2EsDMuvz5sT9qaWagtlpaaxyZ1ropKn61Xa6WJ+srccth9sXxbUj6/XK0vXXexrasL1eWlU6XK9MmF5XdPTk5Ohj0X+zwSzT1Qm6vUWr1t7W3USeoOR21vprn7hrbzfbpaX66Uys3yG9vqlKuzpXJbnZvazldbrldmS7W56XJ1Pjlfsa1u23tr7t4b7xsPI6n3l9TNOhi/3n7o+EePHz7Qsb8YpfOu1BfnJrd3/5sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4I3rydve9e0QwkBrqxBCOJj8EMX/pZy994Xnjp05vO/M1OOPPXNh/mi3YwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4PztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYuZ+XKro4DsBnxve+FkgpbYRcBoaI6E7Cgn4RSeU1smWb1kGtEjIoCgwjWhYEQVC7qCBoFVT+BVELl62qTS1aGERQMTqTlzvCDS90zHkeGM4Mc++ZLwzcO3M+hwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB+nN2x2JW1l3ZtXtq6+0PozM/9H0IYTZb3P+/tCD0hhK9fZk6HVdpCT1P/bybnxstXTX7v7R9/eH00WXv9xXeL63aHJB1qON6ZpOnQ0Nr736juDD6bHkxCSGMXQhQLY0/O1EIIHbELIYqfH+cvZr/v/8UuhCj6P9ztyu5/LXYhRLF196e+Wv6MR/Wcr18YbPzvb/UI3sYjOuvQ25NX3qVuauW9zN//k3zzPlgNsyeOvH8euwiimZ2bOhq7BgAA4O861yL/D1uW9+9fTkJPdzn3/9aU//c29b96/r/i3vYbYzNthRDbSmOT2fHwvnb63PhODVy9/bpmvKeq5P/VJv+vNvl/tcn/q03+X23yfzKv5P+V9PjmnsUXsYsgGvk/AABUz6HjE1P14ZHs5X/Tj85yXt+Xt/U8T39wa3rgUcO4kfzw33b42MSBg8Mj+X0vDwiurP+QLp39ns/3aG4Lk03zLlqt/9D7dGH+Wmf5E/U/nL9R1Fdc1/oPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAvdueehkEwCsPod1sRtdGqaMLCT4IPNDAiACnMaEAHEwZgIAQUMJBzlnuTZ3kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA5/tXeV18f2mM9Foj0lR22bV/jqfZz9y3w/I+e9y4FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZ24EAGAAAAQJi/dR7tBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4KkAAAD//8Oayzs=")
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
lseek(r0, 0xfffd, 0x0)

1.308673354s ago: executing program 1 (id=9649):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendmmsg$inet(r0, &(0x7f00000011c0)=[{{&(0x7f00000000c0)={0x2, 0x4e21, @private=0xa010101}, 0x10, &(0x7f0000000640)=[{&(0x7f0000000240)="b4", 0x1}], 0x1}}], 0x1, 0xc0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000040), &(0x7f0000000080)=0x4)

1.179812722s ago: executing program 1 (id=9651):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000001c6a000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a74000000060a09040000000000000000020000070900010073797a30000000000900020073797a320000000048000480440001800c0001007061796c6f616400340002800800044000000000080007400000000208000240000000020800054000000000080003400000000008000640000000c2"], 0x9c}}, 0x0)

1.179012686s ago: executing program 7 (id=9652):
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000001680)=ANY=[@ANYBLOB="580100001000030400"/20, @ANYRES32=0x0, @ANYBLOB="15020000000000003001128009000100766c616e000000002001028006000100000000001c0004800c00010032d10000ffff00000c000100ae0200009e000000700004800c00010009000000010000e29b5d2a000800000001010000f0000100f8ffffff080000000c00010006000000040000000c00010007000000010000800c00010005000000060000000c00010001000000000000000c000100910a00000d0000000c0001000e00000032000000880003800c002100060000000c0000000c00010003000000400400000c00010004000000ffffffff0c00010002000000110000000c00010001000000020000000c0001000b000000270000000c000100ffff00005f0200000c000100ffffffff030000000c00010001000000030000000c00010000000000018000000c000100090000000900000008000500", @ANYRES8=r0], 0x158}, 0x1, 0xba01}, 0x44)

1.107960774s ago: executing program 8 (id=9653):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)={0x20, r1, 0x1, 0x4, 0x1, {}, [@IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x48c1}, 0x0)

1.107220026s ago: executing program 3 (id=9654):
syz_mount_image$nilfs2(&(0x7f0000000080), &(0x7f0000000300)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[], 0x4, 0xaf7, &(0x7f0000000380)="$eJzs3U1sXEfhAPDZtdexk/Qfp/+EmjS0CYW2fNRpHBM+IkiqREhETYW4VKq4RGlaIkKQKBJQVcLJiRutqiBx4kOceqkKQqIXFPXEpRKNVCH1VDhwIAqiEgcIJIu8nlnvTnbzdh3vvrX395OeZ+fNezszz2/f97wJwNiqNv4uLs5VQrj85qsn/vbwX2eWxxxtTjHb+DvZEquFECoxPpl93/sTK+HND1460ymshIXG3+X4luURT11vzrsthLAU9oUrYTbsuXz1lbcXnjx18eSl/e+8duTagKoPAABj5atXjizu/vMf79954/UHjoUtzfHpeH02xrfH4/5j8cA/Hf9XQ3u80jK0msqmm4xDdaZ9uokO0zXymew83WSX/Key/GtdptsS7pz/RMu4TvWGjSytx7OhUp1vi1er8/Mr5+ShcV4/VZm/cO78cy+UVFBg3f3zwRDCvpbh+KX2+CCHtLHpZ56jgyhLZWW/PuD61oe1XDfbcGx4ed2oryi9zkMa6jvK3f4AJPn9wtss5VcW7k7z2yZ7y//6E9XO88M6GPb633P+1XhRraz8kzHP/1cXbXFYP5t1bUr1Sr+j7TGe9t7pGab8+aXuv7/8Tkf72Px+RK3Hcna7j7BR7i90K+fEkMuxVt3Kn68Xm9UXY5iWw5ey9NbfT/4/3Sj/Y6Czf+XX/zfyMB0rVUbeEyNQ/4EM+0agDIa2oX0dr93Nd9VL3PYAoy1/bq6e7o9G+XN9efqWgvTpgvSZgvStBenbCtJhnP3muz8OL1dWz/Pzc/p+r4en62z3xPD/+ixPfj2y3/zz5377dbf5588Twyj73emnz37u2Weurjz/X2mu/7fi+p5ON2bjb+tKnCBdL8yvqzef/Z9tz6faZbp7s/Lc02H6xudd7dNVdq1+T2jZztxWjrn2+XZ0m25v+3Sz2XQzcZjOypsfn2zN5kvHH2m7mpbXZFbfWlaPqawcabuyM4Z5OWAt0vrY7fn/tH7OhVrluXPnzz6e7WP/MFHbsjz+4JDLDdy9Xtv/zIX29j/bm+Nr1bRdCC3717S9OBjeiN/XPn6hmU/7+EMxnvZz35iYaYyfP/Pt88+uf/VhrL3wgxe/efr8+bPf8WHNH748GsXo50M6bRmV8vTwIZ0BlVaMaih/IQzxQ4kbJWAoDvxw5SDgsXPfOv382efPXjh0+PChhYXDnz+0eKBxXH+g9ei+1VIJpQXW0+pOP0/ZXk6BAAAAAAAAAAAAgELfO3ni6rtvffa9lfb/q+3/Uvv/9ORvav//o6z9f95OPrWDT+0Ad3ZIb0yTvWB1KpuuFof/z8q7K8tndzbfh2LY7Mcvtv9P2eXvdU3luS8bX8ujMcPsdQK3vS9lKmsfnfcX+NEYXorhLwOUqDLTeXQMi95vndb11Dqr5b0U9YlxeYnyJpD+b2ltWHmPyWpPrh3f69Tyz945pHKyvgbTeHDqji0LgNHw99F7//fS4L77H6sVL7+ehq7D5HDz+2ljjaiO43pRr3frxaPXHmwA1kfZ/X+m654pvPD7r0wvD2my60+0by/z95dCP/70bnt81PufHHT+eb99w86/7PoPu//PZv93PW//sh7zsvc891q6f//s2nst2YY9veaf1z+9B3pXjxlHN2L+qTaPhN7yr/8iyz+/IdSj/2T5b+0x/9vqv3dt+f835p8W26MPFeSfLgxfXClxpdpejpmsHun+X37dOLmZ1T+92/MO9f/ai53qv8Z7DLdi/jDONko/s/3KjiOaB+2tzxeEvvr/jZbWt//fZmGzzVr+HMZnYjztCNJzDnl/J/2WPz1fkfYDu7PvrxTs3/T/u7F9IYZFv4fU/29aH2fjLr8l3liWKV7rsGw367YGNqr3R+/+37gP0yNQBkPvQ31iDfM1+4krufz1en2wF7QKlJo5pS//ss8Tys6/7OVfJO//Nz+Gb55/7uucnvf/m6fn/f/m6TPxP9QtPe//N1+eef+/efp92ffm/QPPFaR/uCB9T+f05mK7v2D+vQXpHylI399MP9o2RUp/oGD+BwvS7y1If6gg/WMF6R8vSH+4IP3RlvTWPqBT+icK5t/sUnuUTvXXpx9sbnn7vHHb/sE4S/d/uv3+dxWkAxvXT14/ePyZX399dqX9/1Tzeki6j3csxmvx/On7MZ7f9w4t8eW0t2L8L1n6qF/vgHGSvz8j378/UpAObFzpOS+/bxhDlenOo2NY9N6qbsf5bCyfjOGnYvjpGD4Ww/kYHohhuje0MKTyMRjH3/jtkZcrq+f7O7L0Xp8nz9sDtb0nKoRwqMfy5NcH+n2ePX+PX7/uNv81NgcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoTbXxd3FxrhLC5TdfPfH0qXMHlsccbU4x2/g72RKrNecL4fEYTsTw5/HDzQ9eOtMa3ophJSyESqg0x4enrjdz2hZCWAr7wpUwG/ZcvvrK2wtPnrp48tL+d147cm1wSwAAAAA2v/8FAAD//zjgCFM=")
syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000280)='./bus\x00', 0x42cd8eb, 0x0, 0x0, 0x0, &(0x7f00000000c0))
mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0)

984.147532ms ago: executing program 1 (id=9656):
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x8, &(0x7f00000059c0)=ANY=[@ANYBLOB="6e6f646973636172642c6e6f636865636b706f696e745f6d657267652c616c6c6f635f6d6f64653d64656661756c742c6163746976655f6c6f67733d362c666c7573685f6d657267652c6661756c745f696e6a656374696f6e3d30303030303030303030303030303030303235362c646973636172642c6e6f61636c2c6673796e635f6d6f64653d706f7369782c616c6c6f635f6d6f64653d64656661756c742c6e6f657874656e745f63616368652c6163746976655f6c6f67733d322c6661756c745f747970653d30303030303030303030303031363737373231342c0002d1c71f8348abae1fff96ec907a723dca530cf5aea9622c1169c27c91b4d703f02da55a70e4108d30dd0a1b6e467d05c6c0237e3772dfb37da0e9705c62c7f6dc21ef782f52303a65f3196af86a3d58c8bfb0ef60c974b0e0b44af5ce33f407facb3838bd4bf9b7a99d612518ac3ddddf95b10ead9f78580da79051b5011a94bc44336ebf9378b479860af435366b6d4cdb9c5ffd949b52f82ac9c92de853"], 0x5, 0x5505, &(0x7f0000000340)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0x124)
utimensat(r0, 0x0, &(0x7f0000000880)={{0x0, 0xea60}, {0x0, 0x3ffffffe}}, 0x0)

983.053903ms ago: executing program 9 (id=9657):
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
bind$rose(r0, &(0x7f0000000000)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x6, [@default, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x1c)

744.202033ms ago: executing program 9 (id=9658):
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
bind$rose(r0, &(0x7f00000002c0)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x9, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x40)

743.253144ms ago: executing program 7 (id=9659):
r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x88002, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f00000000c0)=0x11)
ioctl$SNDCTL_DSP_GETODELAY(r0, 0x80045017, 0x0)

648.117492ms ago: executing program 3 (id=9660):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200))
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000240), 0x242, 0x0)
clock_adjtime(0xffffffd3, &(0x7f00000004c0)={0xa, 0x1, 0x7fff, 0x9, 0x7, 0xb, 0x1, 0x8, 0x9657, 0x803, 0x7fffffff, 0x1, 0x4, 0x9, 0x4, 0xcc0, 0x48, 0x3, 0x94d6, 0x10000d, 0x2, 0x10000000010000c, 0x6, 0xfffffffffffffffa, 0x8, 0x2000000000000})

621.637686ms ago: executing program 9 (id=9661):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000080)=0x2)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r0])

474.855414ms ago: executing program 7 (id=9662):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x38, r1, 0x1, 0x70bd25, 0x21dfdbfb, {}, [@FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e23}, @FOU_ATTR_AF={0x5, 0x2, 0xa}, @FOU_ATTR_PEER_V6={0x14, 0x9, @ipv4={'\x00', '\xff\xff', @loopback}}]}, 0x38}, 0x1, 0x0, 0x0, 0xc0d4}, 0x4000000)

471.206949ms ago: executing program 8 (id=9663):
r0 = add_key$keyring(&(0x7f0000000500), &(0x7f0000000540)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x2000000000032, 0xffffffffffffffff, 0xc87ef000)
keyctl$describe(0x6, r0, &(0x7f0000000180)=""/161, 0xa1)

443.236928ms ago: executing program 9 (id=9664):
r0 = socket$inet6(0xa, 0x805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000080)={0x0, 0x1c, &(0x7f00000190c0)=[@in6={0xa, 0x4e20, 0x10001, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x1}]}, &(0x7f00000002c0)=0x10)
getsockopt$bt_hci(r0, 0x84, 0x81, &(0x7f0000000080)=""/4076, &(0x7f00000010c0)=0xfec)

439.805387ms ago: executing program 3 (id=9665):
r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0x77, 0x101301)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x200000b, 0x204031, 0xffffffffffffffff, 0xec776000)
ioctl$USBDEVFS_CONNECTINFO(r0, 0x80045520, &(0x7f0000002a40))

322.124035ms ago: executing program 7 (id=9666):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000e40)=@newtaction={0x4c, 0x30, 0xb, 0x13, 0x0, {}, [{0x38, 0x1, [@m_ct={0x34, 0x1, 0x0, 0x0, {{0x7}, {0xc, 0x2, 0x0, 0x1, [@TCA_CT_MARK={0x8, 0x5, 0x1}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8890}, 0x40)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000900)=ANY=[@ANYBLOB="5c0800002c0007012bbd700000000000097c00000c00018006000600843b000009000280040071008c0000000800e400", @ANYRES32, @ANYBLOB="2d0529800c00f800030000000000000004006080fa003b800400df00c1becb03dbe55b6c782cebd6a7bc78a21d1bc9f3c1bd441ada5266780599eaf18965bbfcc07c2037129672275c399e1e03f8a0664d807385cc4d566f230400db800400498096d9641e8b1887b25501b11ecd71313a47df368b078d7b825bff33b9eab3964d7b2394b1950c7aeaba6014fe2cd33c89fd070ce0f1f306494a44adf6609d8ad55a5080b36b05cb0b9a57833b14fcd62c0aba0ac67f03b20e87ba6f3610a5bd1d3369ae014c8036c1e596b800991698810ff706e98871c17ad581b0695476273ac6c33a7a51d4a44a5b95684befe95ef49b03458bce89d87355f35b766b242b9f98b661269bb9255d836fb4e30d0000c72ec5561adf6112ca278273b4af42597e7bfa1f5c228f13161b34517c92bc352c017afac22d14047e6fbdc61536f9e51738ea935cb2a577ec2b788433bc13a9e976cfee267f36d988b766a29632c84c94d4cf31d780ef683293d7eacfc93f248d137affcae7cffa699237ea9c74919850dc164f1483f3f352bf7dd787191705b26936e1d090526b6ac5765df318f160cc84b15b94c662cf92611c9eb0b92bfbd3512bffed96a4150d653e130625b6ae5a78da2c4b9c70c736a224b18d89222095fbc4c61bcad1eb73be9c6efaaae48f871223694999b2a925a37138be8220008180cc20e57a92076b2308003200", @ANYRES32, @ANYBLOB="040044800800c800e00000027a01f380a2b4c1dbd4f221c0a1fd468ca63ae97de147e5bc2d0313377dc17591b491acf18312bee324decf810970090c77ec4ca173b12577aeb13c354245be77050365697b3b4707060c00045e46d612b09c487d7c9c94f778c0a015ecfa70d229085252956142772f9ff5a61a9b7fbc6712f8e64566b7ade87d293b81bd3cd1b2ad2852dc1dbb07d54f5544759f0eb23131b5780de6354f0714b2c5b86323969d0b4f5bd8c4489e0e7471c6a84feb9dead9d156d060a9373c7f80f4f1ec2a87efdeceec8d99c9664ee184f112929fe92da18f26929f98233f18dcbe0c638c040061800400058012fc33716331943112df1a6d89852782e376609e4a38717148d34e9d36191fe607748ad822c89800b204bd5831c55511fc4e85d09c44ef3be8ce710d034d394057d88e12db87eb032cd30fdcb489cd5ac92a44f96b6e463971c730796efaab04ce1b42faea757fc0a50c4feef468c80d7cac7db3bfd67140c04f88892b1d19a91ac5d2bef2af704fed3f92e84f78f98e97b8460000602ca31cc4edb57168863fe0e930a6030e47048c91da29a2c691894cd27b28480642302c6816b308d3eaceb9c1404c696e8a2deb97c278ca9d9b1ea4aa17255b400acdda233dde73b32098f837494e43a67bbb722f105f5ae23d8e4c9586ac0ff8c1c6c330601a9c007659ce63c0387d6692d791abdb14b8b66d6b30e5556865a6e97922f3fddcfd1a7e2cbf30b30479b4f7b824b49b1a8e5cd1ec171c8fd41bc3b14ced446eadedd90178f121d6e4d3ae3031231f39fcad0501455538f57fc305f449144d0e4f1f642ff19c53dea5322d30d680f6efdce4f7310225fa8e8a3035d925f51090e4fa74346825d16d400b9cea013e88ea47db2efbbbe73c3ae0059974efa840d4ee88ae1f85d6ba36caa8df64cbf4c1716de586b6fce1424c8bc3a0218953ea42dc7e83bda5a4319b59d7926fe04553fe79056a397ea85f6255d093a345aaf5f3d91cdce17cc9d38493e7eb952b132dc8f7953706ea7b7ff81e88a2a87f18730ca7f6f16f2c23b85f549a8b0cce6f8f0ec61fa8ba01aa114fbd63373ae3189338aa5f585a6d454733937712eb5a4cbd810c91bf5f19e0a508db8a57bdd8000000960203"], 0x85c}, 0x1, 0x0, 0x0, 0x24048011}, 0xc000)

304.82897ms ago: executing program 3 (id=9667):
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil)
pipe(&(0x7f0000000340)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
vmsplice(r0, &(0x7f0000000300)=[{0x0}, {&(0x7f0000000080)="a1", 0x20000081}], 0x2, 0x0)

301.101341ms ago: executing program 8 (id=9668):
unshare(0x6020400)
r0 = syz_open_procfs(0x0, &(0x7f00000006c0)='pagemap\x00')
lseek(r0, 0xffffffdfffffffff, 0x2)

261.943199ms ago: executing program 9 (id=9669):
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x2, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x5, 0x1, 0x4, 0x0, 0x9})
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405668, &(0x7f0000000140)={0x9, 0x1, 0x1, "0000087aba10fdfffffbe30b51751bc53051a30000000000000016ebffffff00", 0x34565559})

159.538088ms ago: executing program 8 (id=9670):
syz_mount_image$vfat(&(0x7f0000001800), &(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000008, &(0x7f0000000980)=ANY=[], 0x4, 0x28a, &(0x7f00000012c0)="$eJzs201rE10YxvGrbZ6+Pm3yPNVqK+KNbnQztPEThNKCGFBqI76AMLUTDZkmJRMqEbHdufVzFJfuBPELdOMncOGuG3d2IY50EtukHfEFzKD5/zZzh5Mrcw73GTiLzO6t52vlYuAU3br6+0wpaVB7Ukb9GlBTX+vaH9WDarelS5P5d2dv3L5zNZfPLyyZLeaWL2fNbOLc60dPXpx/Ux+7+XLi1ZB2Mvd2P2Tf70ztTO9+Xn5YCqwUWKVaN9dWqtW6u+J7tloKyo7Zdd9zA89KlcCrdYwX/er6esPcyur46HrNCwJzKw0rew2rV61ea5j7wC1VzHEcGx8VvqewvbTk5pKeBX6vWi3nzkuaOTZS2E5kQgAAIFEx5/8tzv+9gvN/L9g//99tPb+dOP8DAAAAAAAAAAAAAAAAAAAAAPAn2AvDdBiG6a/Xf6ToDZ+w9XlE0qikMUn/ShqXNCEpLSkj6T9J/0ualHRC0klJU5JOSTotabrtt2Juv5XAktFmLwyVko71f6A7/UfCEn7+kTD639vaXtwdltaebRQ2Cs1rczxXVEm+PM0qrU9RL1ua9eKV/MKsRTI6s7bZym9uFAY683NK72+YuPxcM2+d+aFo3x3ks0rvb7C4fDY2P6yLF9ryjtJ6e19V+VqN9uRh/umc2fy1/JH8TPS9v51jB2L75zjfGm/mf2B/hLOx/UlpJpXs2iEFjcdl1/e9WheLkSRuSvGLhbpwr49hGCa/UoqOvqMHHDY96ZkAAAAAAAAAAAAAAAAAAH5GN/5OmPQaAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA46ksAAAD//6GAXmU=")
r0 = open(&(0x7f00000000c0)='./file1\x00', 0x24842, 0x0)
pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0xfffffdd6}], 0x1, 0x9c00, 0x0, 0x3)

110.896006ms ago: executing program 3 (id=9671):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$L2TP_CMD_SESSION_GET(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000004c0)={0x1c, r1, 0x1, 0x70bd25, 0x25dfdbfb, {}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004089}, 0x4000)

102.036685ms ago: executing program 7 (id=9672):
r0 = syz_open_dev$vbi(&(0x7f0000000040), 0x2, 0x2)
ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f0000000000)=0x2)
ioctl$VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f00000004c0)={0x4, @vbi={0x41, 0xffffff7f, 0x6, 0x49323159, [0x2, 0x5], [0xffff, 0x5], 0x1}})

66.730476ms ago: executing program 9 (id=9673):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8880}, 0x4)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r0, 0x11c, 0x3, &(0x7f0000000100)=""/222, &(0x7f0000000000)=0x88fe)

14.235443ms ago: executing program 7 (id=9674):
r0 = fanotify_init(0x8, 0x1000)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
open_tree(r0, &(0x7f0000000000)='./file0\x00', 0x1802)

0s ago: executing program 3 (id=9675):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file2\x00', 0x8, &(0x7f0000000080)={[{@nodioread_nolock}, {@lazytime}]}, 0x3, 0x523, &(0x7f00000018c0)="$eJzs3cFvG1kZAPBvnLhJs+mmC3sABGxZFgqq6iTubrTqhfYCQlUlRMWJQxsSN4pi11Hsiib0kB65V6ISJ+A/4MYBqScO3LjBjUs5IBWoQA0SB6MZT1I3sZNAnbiJfz9pMvPeTP29F/e953mR5wUwtC5ExGZEnImIOxExlecn+RbX2lt63csXDxe2XjxcSKLVuvX3JDuf5kXHv0m9k7/meER8/zsRP0r2xm2sb6zMV6uVtTw93aytTjfWNy4vF/Kc8tzs3MynVz4p962uH9R+/fzbyzd+8NvffOnZHza/+ZO0WJM/PZed66xHP7WrXozJjrzRiLhxFMEGZDT//8PJk7a2z0TEh1n7n4qR7N0EAE6zVmsqWlOdaQDgtEvv/ycjKZTyuYDJKBRKpfYc3vsxUajWG81LU/X79xYjm8M6H8XC3eVqZSafKzwfxSRNz2bHr9Ll19KPK1ci4r2IeDx2NjtfWqhXFwf5wQcAhtg7u8b/f421x/9OxUEVDgA4OuODLgAAcOyM/wAwfIz/ADB8/ofx37cDAeCUcP8PAMPH+A8Aw+fA8f/R8ZQDADgW37t5M91aW+3nX28/qfvyYqWxUqrdXygt1NdWS0v1+lK1UlpotQ56vWq9vjr78U6ysb5xu1a/f695e7k2v1S5XfEsAQAYvPc+ePqndNDfvHo226JjLQdjNZxuhUEXABiYkUEXABgY3+eB4XWIe3zTAHDKdVmity2fIEh6XfDE4q9wUl38vPl/GFZvMv9v7gBOtv9v/v9bfS8HcPyM4TC8Wq3Emv8AMGTM8QM9//6f6/mIkCf9LwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcFJPZlhRK2Vrgm+nPQqkUcS4izkcxubtcrcxExLsR8cex4lianh10oQGAN1T4a5Kv/3Vx6qPJ3WfPJP8ey/YR8eOf3/rZg/lmc202zf/HTn7zSZp/trlWPjOICgAAna7tzcrG73K+77iRf/ni4cL2dpxFfH69vbhoGncr39pnRmM0249HMSIm/pnk6bb088pIH+JvPoqIz23XfzwedESYzOZA2iuf7o6fxj7X9/idv//d8Quv1beQnUv3xex38dnYVTjgQE+vt/vJvO2lTTxvf4W4kO27t//xrId6c2n/lzbXrT39X2Gn/xvZEz/J2vyFnfT+JXn+8e++uyezNdU+9yjiC6Pd4ic78ZPu/W/xo0PW8c9f/PKHvc61fhFxsWv9t1ekrmXd7HSztjrdWN+4vFybX6osVe6Vy3OzczOfXvmkPJ3NUbd//r5bjL9dvfRur/hp/Sd6xB/fv/7xtUPW/5f/ufPDr+wT/xtf7f7+v79P/HRM/Poh489PXOu5fHcaf7FH/Q94/+PSIeM/+8vG4iEvBQCOQWN9Y2W+Wq2sHXCQftY86BoHhz9I7+3fgmJkB7EZ0a8XzCYlIqLrNekn6rejykd1kAws+q/6/YKD7pmAo/aq0Q+6JAAAAAAAAAAAAAAAQC+N9Y2Vse7f1urbwaDrCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwOn13wAAAP//KHnENg==")
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x0, 0x20)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file2\x00', 0x187842, 0x0)

kernel console output (not intermixed with test programs):

locked for use
[  549.534474][ T5929] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  549.666232][ T5929] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 131ms
[  549.680640][ T5929] gfs2: fsid=syz:syz.0: jid=0: Done
[  549.716876][T25794] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  549.741309][T25839] netlink: 'syz.9.8557': attribute type 58 has an invalid length.
[  549.749509][T25839] netlink: 20 bytes leftover after parsing attributes in process `syz.9.8557'.
[  549.922538][T25794] gfs2: fsid=syz:syz.0: found 1 quota changes
[  550.004424][T25851] loop7: detected capacity change from 0 to 512
[  550.066089][   T29] audit: type=1326 audit(1771349050.925:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25856 comm="syz.1.8564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e4af9bf79 code=0x7ffc0000
[  550.134015][   T29] audit: type=1326 audit(1771349050.925:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25856 comm="syz.1.8564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f1e4af9ae57 code=0x7ffc0000
[  550.205266][   T29] audit: type=1326 audit(1771349050.925:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25856 comm="syz.1.8564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e4af9bf79 code=0x7ffc0000
[  550.237436][   T29] audit: type=1326 audit(1771349050.925:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25856 comm="syz.1.8564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e4af9bf79 code=0x7ffc0000
[  550.355191][T13332] syz-executor: attempt to access beyond end of device
[  550.355191][T13332] loop8: rw=8400897, sector=68719479080, nr_sectors = 8 limit=32768
[  550.427830][T13332] Buffer I/O error on dev loop8, logical block 8589934885, lost async page write
[  550.501288][T13332] gfs2: fsid=syz:syz.0: fatal: I/O error - block = 8589934885, function = gfs2_ail1_start_one, file = fs/gfs2/log.c, line = 116
[  550.518795][T13332] CPU: 1 UID: 0 PID: 13332 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  550.518823][T13332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  550.518838][T13332] Call Trace:
[  550.518846][T13332]  <TASK>
[  550.518854][T13332]  dump_stack_lvl+0xe8/0x150
[  550.518887][T13332]  gfs2_withdraw+0xc3/0x1b0
[  550.518911][T13332]  gfs2_ail1_flush+0x990/0xfd0
[  550.518954][T13332]  ? __pfx_gfs2_ail1_flush+0x10/0x10
[  550.518991][T13332]  empty_ail1_list+0x1b3/0x330
[  550.519020][T13332]  ? __pfx_empty_ail1_list+0x10/0x10
[  550.519085][T13332]  ? do_raw_spin_unlock+0xf5/0x210
[  550.519110][T13332]  gfs2_log_flush+0x1e20/0x2510
[  550.519147][T13332]  ? __pfx_gfs2_log_flush+0x10/0x10
[  550.519173][T13332]  ? call_rcu+0x644/0x890
[  550.519198][T13332]  ? lockdep_hardirqs_on+0x7a/0x110
[  550.519226][T13332]  gfs2_kill_sb+0x5c/0x430
[  550.519253][T13332]  deactivate_locked_super+0xbc/0x130
[  550.519282][T13332]  cleanup_mnt+0x437/0x4d0
[  550.519301][T13332]  ? _raw_spin_unlock_irq+0x23/0x50
[  550.519327][T13332]  task_work_run+0x1d9/0x270
[  550.519350][T13332]  ? __pfx_task_work_run+0x10/0x10
[  550.519380][T13332]  exit_to_user_mode_loop+0xed/0x480
[  550.519401][T13332]  ? rcu_is_watching+0x15/0xb0
[  550.519429][T13332]  do_syscall_64+0x32d/0xf80
[  550.519451][T13332]  ? trace_irq_disable+0x3b/0x150
[  550.519516][T13332]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  550.519536][T13332]  ? clear_bhb_loop+0x40/0x90
[  550.519558][T13332]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  550.519577][T13332] RIP: 0033:0x7f943579d1d7
[  550.519595][T13332] Code: a2 c7 05 bc e3 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  550.519609][T13332] RSP: 002b:00007ffff20071c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  550.519630][T13332] RAX: 0000000000000000 RBX: 00007f9435831c3b RCX: 00007f943579d1d7
[  550.519643][T13332] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffff2007280
[  550.519654][T13332] RBP: 00007ffff2007280 R08: 00007ffff2008280 R09: 00000000ffffffff
[  550.519666][T13332] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffff2008310
[  550.519676][T13332] R13: 00007f9435831c3b R14: 0000000000086741 R15: 00007ffff2008350
[  550.519719][T13332]  </TASK>
[  550.519881][T13332] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  550.768997][T25863] loop9: detected capacity change from 0 to 4096
[  551.249037][   T29] audit: type=1326 audit(1771349050.925:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25856 comm="syz.1.8564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=6 compat=0 ip=0x7f1e4af9bf79 code=0x7ffc0000
[  551.271455][   T29] audit: type=1326 audit(1771349050.925:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25856 comm="syz.1.8564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e4af9bf79 code=0x7ffc0000
[  551.294012][   T29] audit: type=1326 audit(1771349050.925:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25856 comm="syz.1.8564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e4af9bf79 code=0x7ffc0000
[  551.367178][T25885] loop7: detected capacity change from 0 to 64
[  551.716588][T25892] usb usb8: usbfs: process 25892 (syz.3.8580) did not claim interface 0 before use
[  552.882595][ T5907] usb 10-1: new high-speed USB device number 23 using dummy_hcd
[  553.044140][ T5907] usb 10-1: config index 0 descriptor too short (expected 39, got 27)
[  553.052879][ T5907] usb 10-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  553.084395][ T5907] usb 10-1: config 0 interface 0 has no altsetting 0
[  553.109473][ T5907] usb 10-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  553.119537][ T5907] usb 10-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  553.134469][ T5907] usb 10-1: Product: syz
[  553.143982][ T5907] usb 10-1: Manufacturer: syz
[  553.154888][ T5907] usb 10-1: SerialNumber: syz
[  553.172399][ T5907] usb 10-1: config 0 descriptor??
[  553.190145][ T5907] hub 10-1:0.0: bad descriptor, ignoring hub
[  553.197356][ T5907] hub 10-1:0.0: probe with driver hub failed with error -5
[  553.222840][ T5907] usb 10-1: selecting invalid altsetting 0
[  553.248302][T25920] CUSE: unknown device info "`"
[  553.283869][T25920] CUSE: unknown device info ""
[  553.288770][T25920] CUSE: unknown device info "€"
[  553.312416][T25920] CUSE: zero length info key specified
[  553.612629][T23779] usb 10-1: USB disconnect, device number 23
[  553.670516][T25911] syz.7.8589 (25911): drop_caches: 2
[  553.690440][T25914] loop3: detected capacity change from 0 to 32768
[  553.768555][T25914] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  553.812792][T25938] netlink: 8 bytes leftover after parsing attributes in process `syz.7.8598'.
[  553.839028][T25914] XFS (loop3): Ending clean mount
[  553.859794][T25914] XFS (loop3): Quotacheck needed: Please wait.
[  553.954328][T25914] XFS (loop3): Quotacheck: Done.
[  554.021703][ T5824] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  554.056677][T25950] loop7: detected capacity change from 0 to 512
[  554.477121][T25964] loop3: detected capacity change from 0 to 256
[  554.492554][T25964] vfat: Deprecated parameter 'posix'
[  554.497898][T25964] FAT-fs: "posix" option is obsolete, not supported now
[  554.545673][T25967] loop9: detected capacity change from 0 to 512
[  554.563964][T25967] EXT4-fs: Ignoring removed nomblk_io_submit option
[  554.651021][T25967] EXT4-fs (loop9): 1 truncate cleaned up
[  554.696651][T25967] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  554.821936][T17153] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  555.179353][T26003] loop3: detected capacity change from 0 to 256
[  555.215085][T26003] exFAT-fs (loop3): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x009ea0b8, utbl_chksum : 0x7319d30d)
[  555.652397][T23779] usb 10-1: new high-speed USB device number 24 using dummy_hcd
[  555.715982][T26028] Invalid source name
[  555.822219][T23779] usb 10-1: Using ep0 maxpacket: 8
[  555.830492][T23779] usb 10-1: config index 0 descriptor too short (expected 30, got 18)
[  555.846600][T23779] usb 10-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  555.858931][T23779] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  555.876106][T23779] usb 10-1: Product: syz
[  555.883737][T26034] loop3: detected capacity change from 0 to 16
[  555.888028][T23779] usb 10-1: Manufacturer: syz
[  555.895717][T26034] erofs (device loop3): invalid ishare xattr prefix id 0
[  555.897997][T23779] usb 10-1: SerialNumber: syz
[  555.923196][T23779] usb 10-1: config 0 descriptor??
[  555.942648][T23779] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  555.960954][T23779] usb 10-1: setting power ON
[  555.971480][T23779] dvb-usb: bulk message failed: -22 (2/0)
[  556.006080][T23779] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  556.028994][T23779] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  556.041610][T23779] usb 10-1: media controller created
[  556.063965][T23779] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  556.088956][T23779] usb 10-1: selecting invalid altsetting 6
[  556.097318][T23779] usb 10-1: digital interface selection failed (-22)
[  556.107477][T23779] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  556.146978][T23779] usb 10-1: setting power OFF
[  556.158694][T23779] dvb-usb: bulk message failed: -22 (2/0)
[  556.161477][T26042] netlink: 56 bytes leftover after parsing attributes in process `syz.7.8647'.
[  556.167071][ T5929] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  556.183655][T23779] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  556.194091][T23779] (NULL device *): no alternate interface
[  556.248192][T23779] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  556.273259][T23779] usb 10-1: USB disconnect, device number 24
[  556.344006][ T5929] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  556.354760][ T5929] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  556.364606][    T9] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  556.387593][ T5929] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  556.397253][ T5929] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  556.405572][ T5929] usb 4-1: SerialNumber: syz
[  556.532117][    T9] usb 2-1: Using ep0 maxpacket: 16
[  556.545086][    T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  556.556650][  T804] gfs2: fsid=syz:syz.0: file system withdrawn
[  556.557298][    T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  556.598762][    T9] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  556.635419][ T5929] usb 4-1: 0:2 : does not exist
[  556.654846][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  556.669664][ T5929] usb 4-1: unit 5: unexpected type 0x03
[  556.680653][    T9] usb 2-1: Product: syz
[  556.694736][ T5929] usb 4-1: unit 255 not found!
[  556.704227][    T9] usb 2-1: Manufacturer: syz
[  556.708857][    T9] usb 2-1: SerialNumber: syz
[  556.767679][T26046] loop7: detected capacity change from 0 to 32768
[  556.807168][ T5929] usb 4-1: USB disconnect, device number 37
[  556.823819][T26046] XFS (loop7): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  556.967092][T26046] XFS (loop7): Ending clean mount
[  557.118484][T11097] XFS (loop7): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  557.184372][    T9] usb 2-1: cannot find UAC_HEADER
[  557.392506][T23779] usb 9-1: new high-speed USB device number 33 using dummy_hcd
[  557.412723][    T9] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -22
[  557.464311][    T9] usb 2-1: USB disconnect, device number 50
[  557.541037][ T6043] udevd[6043]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory
[  557.568012][T23779] usb 9-1: Using ep0 maxpacket: 32
[  557.586846][T23779] usb 9-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b
[  557.610960][T23779] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  557.630716][T23779] usb 9-1: Product: syz
[  557.635244][T23779] usb 9-1: Manufacturer: syz
[  557.650135][T23779] usb 9-1: SerialNumber: syz
[  557.666805][T23779] usb 9-1: config 0 descriptor??
[  557.698295][T26079] tipc: Started in network mode
[  557.717181][T26079] tipc: Node identity , cluster identity 4711
[  557.725203][T26079] tipc: Failed to set node id, please configure manually
[  557.734038][T26079] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  557.792186][ T5929] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  557.822959][T26083] syz.9.8662 (26083): /proc/26082/oom_adj is deprecated, please use /proc/26082/oom_score_adj instead.
[  557.952304][ T5929] usb 4-1: Using ep0 maxpacket: 32
[  557.965008][ T5929] usb 4-1: config 0 interface 0 has no altsetting 0
[  557.971710][ T5929] usb 4-1: New USB device found, idVendor=0755, idProduct=2626, bcdDevice= 0.00
[  558.009538][ T5929] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  558.030508][ T5929] usb 4-1: config 0 descriptor??
[  558.178008][T26099] IPVS: Error connecting to the multicast addr
[  558.306318][T23779] peak_usb 9-1:0.0 can0: unable to request usb[type=2 value=5] err=-71
[  558.364139][T23779] peak_usb 9-1:0.0: probe with driver peak_usb failed with error -71
[  558.393766][T23779] usb 9-1: USB disconnect, device number 33
[  558.462174][  T804] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[  558.466711][ T5929] aureal 0003:0755:2626.0009: hidraw0: USB HID v0.81 Device [HID 0755:2626] on usb-dummy_hcd.3-1/input0
[  558.512303][ T5907] usb 10-1: new high-speed USB device number 25 using dummy_hcd
[  558.634885][  T804] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  558.649179][T26118] loop7: detected capacity change from 0 to 2048
[  558.650134][  T804] usb 2-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00
[  558.684163][T26118] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  558.684252][  T804] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  558.701217][ T5907] usb 10-1: Using ep0 maxpacket: 32
[  558.706592][T23779] usb 4-1: USB disconnect, device number 38
[  558.711887][  T804] usb 2-1: config 0 descriptor??
[  558.719860][ T5907] usb 10-1: config index 0 descriptor too short (expected 6701, got 45)
[  558.738627][ T5907] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  558.754472][ T5907] usb 10-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  558.766651][ T5907] usb 10-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0
[  558.787201][ T5907] usb 10-1: config 0 interface 0 has no altsetting 0
[  558.795052][ T5907] usb 10-1: New USB device found, idVendor=046d, idProduct=ca03, bcdDevice= 0.9d
[  558.805130][ T5907] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  558.835181][ T5907] usb 10-1: config 0 descriptor??
[  559.143822][  T804] samsung 0003:0419:0600.000A: item fetching failed at offset 3/6
[  559.166382][  T804] samsung 0003:0419:0600.000A: parse failed
[  559.180148][  T804] samsung 0003:0419:0600.000A: probe with driver samsung failed with error -22
[  559.190066][T26120] loop7: detected capacity change from 0 to 32768
[  559.213063][T26128] loop8: detected capacity change from 0 to 1024
[  559.225863][T26120] (syz.7.8680,26120,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  559.243226][T26120] (syz.7.8680,26120,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  559.267843][ T5907] logitech 0003:046D:CA03.000B: unknown main item tag 0x0
[  559.275828][ T5907] logitech 0003:046D:CA03.000B: unknown main item tag 0x0
[  559.284956][ T5907] logitech 0003:046D:CA03.000B: unknown main item tag 0x0
[  559.294383][ T5907] logitech 0003:046D:CA03.000B: unknown main item tag 0x0
[  559.336590][ T5907] logitech 0003:046D:CA03.000B: unknown main item tag 0x0
[  559.366722][T26120] JBD2: Ignoring recovery information on journal
[  559.443930][  T804] usb 2-1: USB disconnect, device number 51
[  559.456618][T26120] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[  559.469522][ T5907] logitech 0003:046D:CA03.000B: hidraw0: USB HID v0.00 Device [HID 046d:ca03] on usb-dummy_hcd.9-1/input0
[  559.510793][ T5907] logitech 0003:046D:CA03.000B: no inputs found
[  559.523073][   T12] hfsplus: b-tree write err: -5, ino 25
[  559.536562][   T12] hfsplus: b-tree write err: -5, ino 4
[  559.542989][ T5907] usb 10-1: USB disconnect, device number 25
[  559.561362][   T12] hfsplus: b-tree write err: -5, ino 2
[  559.648198][T26134] fido_id[26134]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.9/usb10/report_descriptor': No such file or directory
[  559.743008][T11097] ocfs2: Unmounting device (7,7) on (node local)
[  559.985723][T26143] loop8: detected capacity change from 0 to 8192
[  560.251146][T26155] loop9: detected capacity change from 0 to 1024
[  560.306935][T26157] loop3: detected capacity change from 0 to 128
[  560.498965][   T35] hfsplus: b-tree write err: -5, ino 25
[  560.511072][   T35] hfsplus: b-tree write err: -5, ino 4
[  560.531604][   T35] hfsplus: b-tree write err: -5, ino 2
[  560.625625][T26169] loop7: detected capacity change from 0 to 1024
[  560.640649][T26174] loop3: detected capacity change from 0 to 128
[  560.681990][T26174] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  560.763879][T23779] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[  560.764377][T26176] ucma_write: process 2146 (syz.8.8706) changed security contexts after opening file descriptor, this is not allowed.
[  560.934363][T23779] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  560.952074][T23779] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  560.972683][T23779] usb 2-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.00
[  560.981761][T23779] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  561.056469][T23779] usb 2-1: config 0 descriptor??
[  561.162171][T26192] Zero length message leads to an empty skb
[  561.239883][T26196] loop9: detected capacity change from 0 to 1024
[  561.286992][T26196] netlink: 8 bytes leftover after parsing attributes in process `syz.9.8716'.
[  561.329711][T26200] loop7: detected capacity change from 0 to 512
[  561.365190][   T35] hfsplus: b-tree write err: -5, ino 25
[  561.370969][   T35] hfsplus: b-tree write err: -5, ino 4
[  561.383745][T26200] EXT4-fs: Ignoring removed bh option
[  561.389179][T26200] EXT4-fs: inline encryption not supported
[  561.402243][   T35] hfsplus: b-tree write err: -5, ino 2
[  561.415736][T26200] EXT4-fs (loop7): feature flags set on rev 0 fs, running e2fsck is recommended
[  561.456924][T26200] EXT4-fs warning (device loop7): ext4_update_dynamic_rev:1142: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  561.479105][T26200] EXT4-fs error (device loop7): ext4_validate_block_bitmap:441: comm syz.7.8718: bg 0: block 248: padding at end of block bitmap is not set
[  561.497967][T26200] loop7: lost filesystem error report for type 5 error -117
[  561.498613][T26200] Quota error (device loop7): write_blk: dquota write failed
[  561.505965][    C0] EXT4-fs (loop7): error count since last fsck: 1
[  561.505988][    C0] EXT4-fs (loop7): last error at time 1771349062: ext4_validate_block_bitmap:441
[  561.535963][T26200] Quota error (device loop7): qtree_write_dquot: Error -117 occurred while creating quota
[  561.546506][T26200] EXT4-fs error (device loop7): ext4_acquire_dquot:7003: comm syz.7.8718: Failed to acquire dquot type 1
[  561.560141][T26200] loop7: lost filesystem error report for type 5 error -117
[  561.565466][T26200] EXT4-fs (loop7): 1 truncate cleaned up
[  561.580939][T26200] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback.
[  561.697179][T11097] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0008-000000000000.
[  561.712303][ T1170] Quota error (device loop7): do_check_range: Getting block 0 out of range 1-5
[  561.720328][ T5907] usb 2-1: USB disconnect, device number 52
[  561.735908][ T1170] EXT4-fs error (device loop7): ext4_release_dquot:7039: comm kworker/u8:9: Failed to release dquot type 1
[  561.759413][ T1170] loop7: lost filesystem error report for type 5 error -117
[  561.922592][T23779] usb 9-1: new high-speed USB device number 34 using dummy_hcd
[  561.978212][T26198] loop3: detected capacity change from 0 to 32768
[  562.017405][T26198] XFS (loop3): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  562.091213][T26198] XFS (loop3): Ending clean mount
[  562.126543][T23779] usb 9-1: New USB device found, idVendor=172f, idProduct=0034, bcdDevice= 0.00
[  562.136272][T23779] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  562.147457][   T29] audit: type=1800 audit(1771349063.005:344): pid=26198 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.8717" name="file1" dev="loop3" ino=4422 res=0 errno=0
[  562.152706][T23779] usb 9-1: config 0 descriptor??
[  562.224434][ T5824] XFS (loop3): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  562.303652][   T29] audit: type=1326 audit(1771349063.155:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26234 comm="syz.7.8731" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f593df9bf79 code=0x0
[  562.522337][    T9] usb 10-1: new high-speed USB device number 26 using dummy_hcd
[  562.614920][T23779] waltop 0003:172F:0034.000D: hidraw0: USB HID v1.01 Device [HID 172f:0034] on usb-dummy_hcd.8-1/input0
[  562.674285][    T9] usb 10-1: Using ep0 maxpacket: 8
[  562.681454][    T9] usb 10-1: config index 0 descriptor too short (expected 30, got 18)
[  562.702349][    T9] usb 10-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  562.711534][    T9] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  562.734902][    T9] usb 10-1: Product: syz
[  562.739278][    T9] usb 10-1: Manufacturer: syz
[  562.744368][    T9] usb 10-1: SerialNumber: syz
[  562.755995][    T9] usb 10-1: config 0 descriptor??
[  562.778159][    T9] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  562.805304][    T9] usb 10-1: setting power ON
[  562.810035][    T9] dvb-usb: bulk message failed: -22 (2/0)
[  562.821760][    T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  562.852424][    T9] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  562.862696][T23779] usb 9-1: USB disconnect, device number 34
[  562.877784][    T9] usb 10-1: media controller created
[  562.910038][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  562.937642][    T9] usb 10-1: selecting invalid altsetting 6
[  562.943937][    T9] usb 10-1: digital interface selection failed (-22)
[  562.950656][    T9] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  562.961137][    T9] usb 10-1: setting power OFF
[  562.965948][    T9] dvb-usb: bulk message failed: -22 (2/0)
[  562.972231][    T9] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  562.982503][    T9] (NULL device *): no alternate interface
[  563.030873][    T9] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  563.063147][    T9] usb 10-1: USB disconnect, device number 26
[  563.368460][T26276] netlink: 20 bytes leftover after parsing attributes in process `syz.7.8748'.
[  563.378060][T26276] netlink: 'syz.7.8748': attribute type 4 has an invalid length.
[  563.619828][T26292] tipc: Started in network mode
[  563.627224][T26291] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  563.637793][T26292] tipc: Node identity 000000005f003a000000000000000001, cluster identity 4711
[  563.657652][T26292] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  563.832065][   T29] audit: type=1326 audit(1771349064.685:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26297 comm="syz.1.8759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e4af9bf79 code=0x7ffc0000
[  563.881713][   T29] audit: type=1326 audit(1771349064.685:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26297 comm="syz.1.8759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e4af9bf79 code=0x7ffc0000
[  563.907328][   T29] audit: type=1326 audit(1771349064.735:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26297 comm="syz.1.8759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1e4af9bf79 code=0x7ffc0000
[  563.947748][   T29] audit: type=1326 audit(1771349064.735:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26297 comm="syz.1.8759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e4af9bf79 code=0x7ffc0000
[  564.013882][   T29] audit: type=1326 audit(1771349064.735:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26297 comm="syz.1.8759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e4af9bf79 code=0x7ffc0000
[  564.062218][ T5948] usb 10-1: new high-speed USB device number 27 using dummy_hcd
[  564.225196][ T5948] usb 10-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0
[  564.251600][ T5948] usb 10-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  564.292275][ T5948] usb 10-1: config 0 interface 0 has no altsetting 0
[  564.299052][ T5948] usb 10-1: New USB device found, idVendor=05ac, idProduct=0267, bcdDevice= 0.00
[  564.312872][ T5948] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  564.338481][ T5948] usb 10-1: config 0 descriptor??
[  564.350313][T26321] netlink: 8 bytes leftover after parsing attributes in process `syz.7.8769'.
[  564.379040][T26321] netlink: 4 bytes leftover after parsing attributes in process `syz.7.8769'.
[  564.388476][T26321] netlink: 'syz.7.8769': attribute type 6 has an invalid length.
[  564.397952][T26321] netlink: 'syz.7.8769': attribute type 5 has an invalid length.
[  564.696610][T26310] loop3: detected capacity change from 0 to 40427
[  564.712288][T26310] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  564.720223][T26310] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  564.748330][T26310] F2FS-fs (loop3): invalid crc value
[  564.769533][ T5948] apple 0003:05AC:0267.000E: hidraw0: USB HID v0.00 Device [HID 05ac:0267] on usb-dummy_hcd.9-1/input0
[  564.936941][T26341] loop8: detected capacity change from 0 to 16
[  564.953078][T26341] MTD: Attempt to mount non-MTD device "/dev/loop8"
[  564.969902][ T5948] usb 10-1: USB disconnect, device number 27
[  565.131502][T26310] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  565.158516][T26347] loop8: detected capacity change from 0 to 128
[  565.193724][T26310] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  565.200792][T26310] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  565.222423][T26347] UDF-fs: error (device loop8): udf_read_tagged: read failed, block=256, location=256
[  565.261374][T26347] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  565.815890][T26344] loop7: detected capacity change from 0 to 32768
[  565.868211][T26344] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  565.922794][T26344] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  566.010203][T26344] gfs2: fsid=syz:syz.0: journal 0 mapped with 9 extents in 0ms
[  566.046444][T23779] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  566.061211][T23779] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  566.117519][T26375] netlink: 260 bytes leftover after parsing attributes in process `syz.9.8792'.
[  566.165208][T23779] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 103ms
[  566.194068][T23779] gfs2: fsid=syz:syz.0: jid=0: Done
[  566.222171][T26344] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  566.452569][T26344] gfs2: fsid=syz:syz.0: found 1 quota changes
[  566.566298][ T5948] hid-generic 07FF:0004:0009.000F: unknown main item tag 0x0
[  566.596742][ T5948] hid-generic 07FF:0004:0009.000F: unknown main item tag 0x0
[  566.624072][ T5948] hid-generic 07FF:0004:0009.000F: unknown main item tag 0x0
[  566.652951][ T5948] hid-generic 07FF:0004:0009.000F: hidraw0: <UNKNOWN> HID v0.04 Device [syz1] on syz1
[  566.713969][T11097] syz-executor: attempt to access beyond end of device
[  566.713969][T11097] loop7: rw=8400897, sector=68719479080, nr_sectors = 8 limit=32768
[  566.780917][T11097] Buffer I/O error on dev loop7, logical block 8589934885, lost async page write
[  566.797569][T26397] fido_id[26397]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  566.816020][T11097] gfs2: fsid=syz:syz.0: fatal: I/O error - block = 8589934885, function = gfs2_ail1_start_one, file = fs/gfs2/log.c, line = 116
[  566.829542][T11097] CPU: 0 UID: 0 PID: 11097 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  566.829568][T11097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  566.829580][T11097] Call Trace:
[  566.829587][T11097]  <TASK>
[  566.829595][T11097]  dump_stack_lvl+0xe8/0x150
[  566.829626][T11097]  gfs2_withdraw+0xc3/0x1b0
[  566.829650][T11097]  gfs2_ail1_flush+0x990/0xfd0
[  566.829694][T11097]  ? __pfx_gfs2_ail1_flush+0x10/0x10
[  566.829733][T11097]  empty_ail1_list+0x1b3/0x330
[  566.829761][T11097]  ? __pfx_empty_ail1_list+0x10/0x10
[  566.829827][T11097]  ? do_raw_spin_unlock+0xf5/0x210
[  566.829851][T11097]  gfs2_log_flush+0x1e20/0x2510
[  566.829888][T11097]  ? __pfx_gfs2_log_flush+0x10/0x10
[  566.829914][T11097]  ? call_rcu+0x644/0x890
[  566.829956][T11097]  ? lockdep_hardirqs_on+0x7a/0x110
[  566.829984][T11097]  gfs2_kill_sb+0x5c/0x430
[  566.830011][T11097]  deactivate_locked_super+0xbc/0x130
[  566.830040][T11097]  cleanup_mnt+0x437/0x4d0
[  566.830057][T11097]  ? _raw_spin_unlock_irq+0x23/0x50
[  566.830082][T11097]  task_work_run+0x1d9/0x270
[  566.830104][T11097]  ? __pfx_task_work_run+0x10/0x10
[  566.830135][T11097]  exit_to_user_mode_loop+0xed/0x480
[  566.830156][T11097]  ? rcu_is_watching+0x15/0xb0
[  566.830184][T11097]  do_syscall_64+0x32d/0xf80
[  566.830213][T11097]  ? trace_irq_disable+0x3b/0x150
[  566.830229][T11097]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  566.830247][T11097]  ? clear_bhb_loop+0x40/0x90
[  566.830270][T11097]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  566.830288][T11097] RIP: 0033:0x7f593df9d1d7
[  566.830307][T11097] Code: a2 c7 05 bc e3 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  566.830322][T11097] RSP: 002b:00007ffd04b99d08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  566.830342][T11097] RAX: 0000000000000000 RBX: 00007f593e031c3b RCX: 00007f593df9d1d7
[  566.830355][T11097] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd04b99dc0
[  566.830366][T11097] RBP: 00007ffd04b99dc0 R08: 00007ffd04b9adc0 R09: 00000000ffffffff
[  566.830380][T11097] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd04b9ae50
[  566.830392][T11097] R13: 00007f593e031c3b R14: 000000000008a745 R15: 00007ffd04b9ae90
[  566.830422][T11097]  </TASK>
[  566.830429][T11097] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  567.153638][T26409] loop9: detected capacity change from 0 to 8192
[  567.553425][    T9] usb 9-1: new high-speed USB device number 35 using dummy_hcd
[  567.596090][T26430] netlink: 822 bytes leftover after parsing attributes in process `syz.3.8818'.
[  567.605386][T26430] bridge: RTM_NEWNEIGH with unconfigured vlan 1033 on bridge0
[  567.723816][    T9] usb 9-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  567.762160][    T9] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  567.797970][    T9] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  567.820220][    T9] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  567.849391][    T9] usb 9-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  567.868891][    T9] usb 9-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  567.884659][    T9] usb 9-1: Manufacturer: syz
[  567.903443][    T9] usb 9-1: config 0 descriptor??
[  568.247438][T26449] loop9: detected capacity change from 0 to 64
[  568.330715][T26435] loop3: detected capacity change from 0 to 40427
[  568.340869][    T9] appleir 0003:05AC:8243.0010: item fetching failed at offset 0/1
[  568.353446][    T9] appleir 0003:05AC:8243.0010: parse failed
[  568.359563][    T9] appleir 0003:05AC:8243.0010: probe with driver appleir failed with error -22
[  568.412516][T26435] F2FS-fs (loop3): invalid crc value
[  568.559846][  T804] usb 9-1: USB disconnect, device number 35
[  568.634557][T26435] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  568.646740][T26435] F2FS-fs (loop3): Start checkpoint disabled!
[  568.656616][T26435] F2FS-fs (loop3): f2fs_disable_checkpoint() finish, err:0
[  568.669145][T26435] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  568.768868][T26467] team0: left allmulticast mode
[  568.778079][T26467] bridge0: left allmulticast mode
[  568.872560][ T5948] usb 10-1: new low-speed USB device number 28 using dummy_hcd
[  568.945557][T26473] tmpfs: Bad value for 'grpquota_block_hardlimit'
[  568.969146][T26475] loop3: detected capacity change from 0 to 16
[  568.986133][T26475] erofs (device loop3): mounted with root inode @ nid 36.
[  569.037605][ T5948] usb 10-1: config 0 has an invalid interface number: 55 but max is 0
[  569.052522][ T5948] usb 10-1: config 0 has no interface number 0
[  569.058880][ T5948] usb 10-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  569.100203][ T5948] usb 10-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  569.129077][ T5948] usb 10-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  569.151360][ T5948] usb 10-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  569.191075][ T5948] usb 10-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  569.225558][ T5948] usb 10-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  569.253014][ T5948] usb 10-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  569.275559][ T5948] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  569.301196][ T5948] usb 10-1: config 0 descriptor??
[  569.315910][T26460] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  569.332255][T26460] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  569.363114][ T5948] ldusb 10-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  569.609907][    T9] usb 10-1: USB disconnect, device number 28
[  569.633145][    T9] ldusb 10-1:0.55: LD USB Device #0 now disconnected
[  569.729401][T26483] loop8: detected capacity change from 0 to 32768
[  569.767286][T26483] XFS (loop8): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  569.789171][T26510] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8854'.
[  569.810076][T26510] netlink: 2 bytes leftover after parsing attributes in process `syz.3.8854'.
[  569.865019][T26483] XFS (loop8): Ending clean mount
[  569.900518][T26483] XFS (loop8): Quotacheck needed: Please wait.
[  570.001687][T26483] XFS (loop8): Quotacheck: Done.
[  570.119777][T13332] XFS (loop8): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  570.428301][T26535] loop8: detected capacity change from 0 to 1024
[  570.580650][   T12] hfsplus: b-tree write err: -5, ino 25
[  570.590574][   T12] hfsplus: b-tree write err: -5, ino 4
[  570.601231][   T12] hfsplus: b-tree write err: -5, ino 2
[  570.658335][T26545] loop3: detected capacity change from 0 to 4096
[  570.700687][T26545] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  570.838639][ T5824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  571.407412][T26554] loop8: detected capacity change from 0 to 32768
[  571.472812][T26554] jfs_lookup: iget failed on inum 4
[  571.495035][T26554] jfs_lookup: iget failed on inum 4
[  571.516374][T26574] loop3: detected capacity change from 0 to 512
[  571.554045][T26574] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a846e02c, mo2=0002]
[  571.562521][T26574] System zones: 1-12
[  571.574112][T26574] EXT4-fs error (device loop3): dx_probe:791: inode #2: comm syz.3.8882: Directory hole found for htree index block 0
[  571.593782][T26574] loop3: lost file I/O error report for ino 2 type 5 pos 0x0 len 0x0 error -117
[  571.602064][    C0] EXT4-fs (loop3): error count since last fsck: 1
[  571.617596][    C0] EXT4-fs (loop3): initial error at time 1771349072: dx_probe:791: inode 2
[  571.626254][    C0] EXT4-fs (loop3): last error at time 1771349072: dx_probe:791: inode 2
[  571.638921][T26574] EXT4-fs (loop3): Remounting filesystem read-only
[  571.691379][T26574] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -117
[  571.707363][T26574] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117
[  571.737660][T26574] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  571.826805][ T5824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  572.156894][T23779] gfs2: fsid=syz:syz.0: file system withdrawn
[  572.228095][T26597] rdma_op ffff88807ce859f0 conn xmit_rdma 0000000000000000
[  572.483410][T26603] loop7: detected capacity change from 0 to 4096
[  572.526083][T26609] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  572.526294][T26603] NILFS error (device loop7): nilfs_bmap_lookup_at_level: broken bmap (inode number=6)
[  572.605208][T26603] NILFS (loop7): mounting fs with errors
[  572.728688][T26603] NILFS error (device loop7): nilfs_bmap_lookup_contig: broken bmap (inode number=2)
[  572.752445][T26603] NILFS error (device loop7): nilfs_bmap_lookup_contig: broken bmap (inode number=2)
[  572.806246][T26603] NILFS error (device loop7): nilfs_readdir: bad page in #2
[  572.908751][T26590] loop9: detected capacity change from 0 to 40427
[  572.965459][T26590] F2FS-fs (loop9): invalid crc value
[  573.236457][T26590] F2FS-fs (loop9): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  573.266273][T26590] F2FS-fs (loop9): Start checkpoint disabled!
[  573.300189][T26590] F2FS-fs (loop9): f2fs_disable_checkpoint() finish, err:0
[  573.337413][T26590] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e6
[  573.603302][   T49] kworker/u8:3: attempt to access beyond end of device
[  573.603302][   T49] loop9: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  573.650504][   T49] CPU: 0 UID: 0 PID: 49 Comm: kworker/u8:3 Not tainted syzkaller #0 PREEMPT(full) 
[  573.650529][   T49] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  573.650540][   T49] Workqueue: writeback wb_workfn (flush-7:9)
[  573.650569][   T49] Call Trace:
[  573.650577][   T49]  <TASK>
[  573.650585][   T49]  dump_stack_lvl+0xe8/0x150
[  573.650613][   T49]  f2fs_handle_critical_error+0x37c/0x540
[  573.650642][   T49]  f2fs_write_end_io+0xcdb/0xff0
[  573.650679][   T49]  __submit_merged_bio+0x256/0x700
[  573.650711][   T49]  __submit_merged_write_cond+0x3c9/0x4e0
[  573.650741][   T49]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  573.650794][   T49]  f2fs_write_data_pages+0x2975/0x35e0
[  573.650809][   T49]  ? update_load_avg+0x1b0/0x1ec0
[  573.650862][   T49]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  573.650894][   T49]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  573.650945][   T49]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  573.650991][   T49]  ? __lock_acquire+0x6b5/0x2cf0
[  573.651030][   T49]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  573.651048][   T49]  do_writepages+0x32e/0x550
[  573.651079][   T49]  ? reacquire_held_locks+0x104/0x190
[  573.651103][   T49]  ? writeback_sb_inodes+0x477/0x1a20
[  573.651132][   T49]  __writeback_single_inode+0x133/0x11a0
[  573.651155][   T49]  ? do_raw_spin_unlock+0xf5/0x210
[  573.651178][   T49]  writeback_sb_inodes+0x992/0x1a20
[  573.651219][   T49]  ? __lock_acquire+0x6b5/0x2cf0
[  573.651248][   T49]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  573.651269][   T49]  ? do_raw_spin_lock+0x12b/0x2f0
[  573.651326][   T49]  ? rcu_is_watching+0x15/0xb0
[  573.651360][   T49]  wb_writeback+0x456/0xb70
[  573.651393][   T49]  ? queue_io+0x261/0x4a0
[  573.651422][   T49]  ? __pfx_wb_writeback+0x10/0x10
[  573.651442][   T49]  ? do_raw_spin_lock+0x12b/0x2f0
[  573.651477][   T49]  wb_workfn+0x414/0xf50
[  573.651497][   T49]  ? look_up_lock_class+0x57/0x110
[  573.651534][   T49]  ? __pfx_wb_workfn+0x10/0x10
[  573.651558][   T49]  ? do_raw_spin_lock+0x12b/0x2f0
[  573.651580][   T49]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  573.651621][   T49]  ? process_one_work+0x87c/0x1650
[  573.651643][   T49]  process_one_work+0x949/0x1650
[  573.651686][   T49]  ? __pfx_process_one_work+0x10/0x10
[  573.651706][   T49]  ? do_raw_spin_lock+0x12b/0x2f0
[  573.651742][   T49]  worker_thread+0xb46/0x1140
[  573.651793][   T49]  kthread+0x388/0x470
[  573.651812][   T49]  ? __pfx_worker_thread+0x10/0x10
[  573.651834][   T49]  ? __pfx_kthread+0x10/0x10
[  573.651854][   T49]  ret_from_fork+0x51e/0xb90
[  573.651880][   T49]  ? __pfx_ret_from_fork+0x10/0x10
[  573.651901][   T49]  ? __switch_to+0xc7d/0x1450
[  573.651926][   T49]  ? __pfx_kthread+0x10/0x10
[  573.651946][   T49]  ret_from_fork_asm+0x1a/0x30
[  573.651981][   T49]  </TASK>
[  573.651990][   T49] F2FS-fs (loop9): Stopped filesystem due to reason: 3
[  573.824108][   T29] kauditd_printk_skb: 5 callbacks suppressed
[  573.824127][   T29] audit: type=1326 audit(1771349074.605:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26642 comm="syz.3.8913" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1c9959bf79 code=0x0
[  573.833447][T26651] netlink: 'syz.1.8915': attribute type 29 has an invalid length.
[  573.964409][T26653] netlink: 'syz.1.8915': attribute type 29 has an invalid length.
[  575.723021][T26688] bond3: (slave bond_slave_1): Device is not our slave
[  575.729938][T26688] bond3: option active_slave: invalid value (bond_slave_1)
[  575.885770][T26688] bond3 (unregistering): Released all slaves
[  576.566591][T26726] loop7: detected capacity change from 0 to 256
[  576.594893][T26726] exfat: Deprecated parameter 'namecase'
[  576.618152][T26726] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0xb5fb52fc, utbl_chksum : 0xe619d30d)
[  576.772181][ T5948] usb 2-1: new low-speed USB device number 53 using dummy_hcd
[  576.898497][T26720] loop9: detected capacity change from 0 to 32768
[  576.935181][ T5948] usb 2-1: config index 0 descriptor too short (expected 6427, got 27)
[  576.947348][T26734] loop8: detected capacity change from 0 to 1024
[  576.953952][ T5948] usb 2-1: config 0 has an invalid interface number: 21 but max is 0
[  576.962512][T26720] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop9 (7:9) scanned by syz.9.8945 (26720)
[  576.982626][ T5948] usb 2-1: config 0 has no interface number 0
[  576.989023][ T5948] usb 2-1: config 0 interface 21 altsetting 0 endpoint 0x82 is Bulk; changing to Interrupt
[  577.019323][ T5948] usb 2-1: config 0 interface 21 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  577.053225][ T1170] hfsplus: b-tree write err: -5, ino 25
[  577.058988][ T1170] hfsplus: b-tree write err: -5, ino 4
[  577.062277][ T5948] usb 2-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  577.076280][ T5948] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  577.086962][T26720] BTRFS info (device loop9): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  577.092312][ T1170] hfsplus: b-tree write err: -5, ino 2
[  577.100971][T26720] BTRFS info (device loop9): using crc32c checksum algorithm
[  577.129150][ T5948] usb 2-1: config 0 descriptor??
[  577.335560][T26720] BTRFS info (device loop9): enabling ssd optimizations
[  577.342728][T26720] BTRFS info (device loop9): turning on flush-on-commit
[  577.359535][T26720] BTRFS info (device loop9): enabling free space tree
[  577.372184][T26720] BTRFS info (device loop9): enabling auto defrag
[  577.382200][T26720] BTRFS info (device loop9): use lzo compression, level 1
[  577.395672][T26720] BTRFS info (device loop9): max_inline set to 4096
[  577.583413][T17153] BTRFS info (device loop9): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  577.790561][ T5948] usb 2-1: USB disconnect, device number 53
[  577.983766][T26736] loop7: detected capacity change from 0 to 32768
[  578.022593][ T5907] usb 10-1: new high-speed USB device number 29 using dummy_hcd
[  578.047815][T26736] XFS (loop7): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  578.204144][ T5907] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  578.232647][ T5907] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  578.262285][ T5907] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  578.306442][ T5907] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  578.332179][T26736] XFS (loop7): Ending clean mount
[  578.342179][ T5907] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  578.371136][ T5907] usb 10-1: config 0 descriptor??
[  578.382200][T26736] XFS (loop7): Quotacheck needed: Please wait.
[  578.472469][T26736] XFS (loop7): Quotacheck: Done.
[  578.552660][T26772] loop8: detected capacity change from 0 to 32768
[  578.568579][T26772] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.8964 (26772)
[  578.616165][T11097] XFS (loop7): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  578.648270][T26772] BTRFS info (device loop8): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  578.686551][T26772] BTRFS info (device loop8): using sha256 checksum algorithm
[  578.740140][T26765] loop3: detected capacity change from 0 to 32768
[  578.803711][ T5907] plantronics 0003:047F:FFFF.0011: unbalanced delimiter at end of report description
[  578.833108][ T5907] plantronics 0003:047F:FFFF.0011: parse failed
[  578.838258][T26765] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  578.871291][ T5907] plantronics 0003:047F:FFFF.0011: probe with driver plantronics failed with error -22
[  578.880817][T26765] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  578.957958][T26765] gfs2: fsid=syz:syz.0: journal 0 mapped with 9 extents in 0ms
[  578.987210][T23779] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  578.995481][T23779] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  579.011944][ T5907] usb 10-1: USB disconnect, device number 29
[  579.046251][T26772] BTRFS info (device loop8): enabling ssd optimizations
[  579.062125][T26772] BTRFS info (device loop8): turning on async discard
[  579.079266][T26772] BTRFS info (device loop8): enabling free space tree
[  579.121311][T23779] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 125ms
[  579.141039][T23779] gfs2: fsid=syz:syz.0: jid=0: Done
[  579.149407][T26765] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  579.191281][T13332] BTRFS info (device loop8): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  579.360778][T26765] gfs2: fsid=syz:syz.0: found 1 quota changes
[  579.588624][ T5824] syz-executor: attempt to access beyond end of device
[  579.588624][ T5824] loop3: rw=8400897, sector=68719479080, nr_sectors = 8 limit=32768
[  579.663060][ T5824] Buffer I/O error on dev loop3, logical block 8589934885, lost async page write
[  579.711841][ T5824] gfs2: fsid=syz:syz.0: fatal: I/O error - block = 8589934885, function = gfs2_ail1_start_one, file = fs/gfs2/log.c, line = 116
[  579.725443][ T5824] CPU: 1 UID: 0 PID: 5824 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  579.725467][ T5824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  579.725478][ T5824] Call Trace:
[  579.725486][ T5824]  <TASK>
[  579.725493][ T5824]  dump_stack_lvl+0xe8/0x150
[  579.725523][ T5824]  gfs2_withdraw+0xc3/0x1b0
[  579.725546][ T5824]  gfs2_ail1_flush+0x990/0xfd0
[  579.725590][ T5824]  ? __pfx_gfs2_ail1_flush+0x10/0x10
[  579.725629][ T5824]  empty_ail1_list+0x1b3/0x330
[  579.725657][ T5824]  ? __pfx_empty_ail1_list+0x10/0x10
[  579.725722][ T5824]  ? do_raw_spin_unlock+0xf5/0x210
[  579.725746][ T5824]  gfs2_log_flush+0x1e20/0x2510
[  579.725783][ T5824]  ? __pfx_gfs2_log_flush+0x10/0x10
[  579.725810][ T5824]  ? call_rcu+0x644/0x890
[  579.725833][ T5824]  ? lockdep_hardirqs_on+0x7a/0x110
[  579.725861][ T5824]  gfs2_kill_sb+0x5c/0x430
[  579.725889][ T5824]  deactivate_locked_super+0xbc/0x130
[  579.725921][ T5824]  cleanup_mnt+0x437/0x4d0
[  579.725940][ T5824]  ? _raw_spin_unlock_irq+0x23/0x50
[  579.725965][ T5824]  task_work_run+0x1d9/0x270
[  579.725987][ T5824]  ? __pfx_task_work_run+0x10/0x10
[  579.726024][ T5824]  exit_to_user_mode_loop+0xed/0x480
[  579.726045][ T5824]  ? rcu_is_watching+0x15/0xb0
[  579.726073][ T5824]  do_syscall_64+0x32d/0xf80
[  579.726095][ T5824]  ? trace_irq_disable+0x3b/0x150
[  579.726111][ T5824]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  579.726130][ T5824]  ? clear_bhb_loop+0x40/0x90
[  579.726152][ T5824]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  579.726170][ T5824] RIP: 0033:0x7f1c9959d1d7
[  579.726189][ T5824] Code: a2 c7 05 bc e3 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  579.726205][ T5824] RSP: 002b:00007ffdc28b3748 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  579.726224][ T5824] RAX: 0000000000000000 RBX: 00007f1c99631c3b RCX: 00007f1c9959d1d7
[  579.726236][ T5824] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdc28b3800
[  579.726248][ T5824] RBP: 00007ffdc28b3800 R08: 00007ffdc28b4800 R09: 00000000ffffffff
[  579.726261][ T5824] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdc28b4890
[  579.726272][ T5824] R13: 00007f1c99631c3b R14: 000000000008d98b R15: 00007ffdc28b48d0
[  579.726302][ T5824]  </TASK>
[  579.726311][ T5824] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  579.988248][T26828] loop7: detected capacity change from 0 to 512
[  580.154308][T26828] EXT4-fs (loop7): revision level too high, forcing read-only mode
[  580.162804][T26828] EXT4-fs (loop7): orphan cleanup on readonly fs
[  580.195675][T26828] Quota error (device loop7): v2_read_file_info: Free block number 8 out of range (1, 6).
[  580.232444][T26828] EXT4-fs warning (device loop7): ext4_enable_quotas:7238: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  580.247925][T26828] EXT4-fs (loop7): Cannot turn on quotas: error -117
[  580.254926][T26828] EXT4-fs error (device loop7): ext4_orphan_get:1417: comm syz.7.8977: bad orphan inode 67108864
[  580.266310][T26828] loop7: lost filesystem error report for type 5 error -117
[  580.267004][T26828] EXT4-fs (loop7): Remounting filesystem read-only
[  580.274385][    C0] EXT4-fs (loop7): error count since last fsck: 1
[  580.274409][    C0] EXT4-fs (loop7): initial error at time 1771349081: ext4_orphan_get:1417
[  580.274433][    C0] EXT4-fs (loop7): last error at time 1771349081: ext4_orphan_get:1417
[  580.333800][T26828] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  580.407090][T11097] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  580.668060][T26850] loop7: detected capacity change from 0 to 512
[  580.737851][   T29] audit: type=1800 audit(1771349081.595:357): pid=26850 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.8988" name="file2" dev="loop7" ino=1048774 res=0 errno=0
[  580.753505][T26850] syz.7.8988: attempt to access beyond end of device
[  580.753505][T26850] loop7: rw=8388608, sector=17179852713, nr_sectors = 1 limit=512
[  580.865859][T26838] loop8: detected capacity change from 0 to 32768
[  580.915535][T26838] JBD2: Ignoring recovery information on journal
[  581.044060][T26838] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode.
[  581.232381][T13332] ocfs2: Unmounting device (7,8) on (node local)
[  581.562490][ T5948] usb 2-1: new full-speed USB device number 54 using dummy_hcd
[  581.735625][ T5948] usb 2-1: config 0 interface 0 altsetting 69 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  581.741935][T26896] hub 8-0:1.0: USB hub found
[  581.752695][T26896] hub 8-0:1.0: 1 port detected
[  581.767699][ T5948] usb 2-1: config 0 interface 0 altsetting 69 has 2 endpoint descriptors, different from the interface descriptor's value: 4
[  581.802606][ T5948] usb 2-1: config 0 interface 0 has no altsetting 0
[  581.811795][ T5948] usb 2-1: New USB device found, idVendor=0458, idProduct=5015, bcdDevice= 0.00
[  581.838276][ T5948] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  581.854202][ T5948] usb 2-1: config 0 descriptor??
[  581.860210][T26876] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  582.098094][T26910] nbd: must specify a size in bytes for the device
[  582.185872][  T804] kernel write not supported for file /uhid (pid: 804 comm: kworker/1:2)
[  582.297508][ T5948] kye 0003:0458:5015.0012: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[  582.348234][ T5948] kye 0003:0458:5015.0012: hidraw0: USB HID v0.04 Device [HID 0458:5015] on usb-dummy_hcd.1-1/input0
[  582.384001][ T5948] kye 0003:0458:5015.0012: tablet-enabling feature report not found
[  582.404317][ T5948] kye 0003:0458:5015.0012: tablet enabling failed
[  582.543967][ T5948] usb 2-1: USB disconnect, device number 54
[  582.670146][T26937] loop7: detected capacity change from 0 to 256
[  582.971415][T26935] loop9: detected capacity change from 0 to 32768
[  583.093706][T26947] can0: slcan on ttynull.
[  583.172215][T23779] usb 8-1: new high-speed USB device number 25 using dummy_hcd
[  583.235729][T26946] can0 (unregistered): slcan off ttynull.
[  583.274531][    T9] libceph: connect (1)[c::]:6789 error -22
[  583.281143][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  583.324400][T23779] usb 8-1: too many endpoints for config 0 interface 0 altsetting 3: 62, using maximum allowed: 30
[  583.336363][T23779] usb 8-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 129, changing to 11
[  583.348047][T23779] usb 8-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 62
[  583.365258][T23779] usb 8-1: config 0 interface 0 has no altsetting 0
[  583.372068][T23779] usb 8-1: New USB device found, idVendor=056e, idProduct=00fd, bcdDevice= 0.00
[  583.381116][T23779] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  583.400276][T23779] usb 8-1: config 0 descriptor??
[  583.574314][    T9] libceph: connect (1)[c::]:6789 error -22
[  583.590533][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  583.830554][T23779] elecom 0003:056E:00FD.0013: item fetching failed at offset 3/5
[  583.862349][T23779] elecom 0003:056E:00FD.0013: probe with driver elecom failed with error -22
[  584.030587][T26950] ceph: No mds server is up or the cluster is laggy
[  584.059545][  T804] usb 8-1: USB disconnect, device number 25
[  584.109402][T26962] loop9: detected capacity change from 0 to 32768
[  584.162327][T23779] libceph: connect (1)[c::]:6789 error -22
[  584.168327][T23779] libceph: mon0 (1)[c::]:6789 connect error
[  584.199014][T26962] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz'
[  584.199039][T26962] CPU: 1 UID: 0 PID: 26962 Comm: syz.9.9037 Not tainted syzkaller #0 PREEMPT(full) 
[  584.199061][T26962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  584.199071][T26962] Call Trace:
[  584.199079][T26962]  <TASK>
[  584.199088][T26962]  dump_stack_lvl+0xe8/0x150
[  584.199121][T26962]  sysfs_create_dir_ns+0x271/0x2a0
[  584.199151][T26962]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  584.199180][T26962]  ? do_raw_spin_unlock+0xf5/0x210
[  584.199206][T26962]  kobject_add_internal+0x62b/0xd00
[  584.199234][T26962]  kobject_init_and_add+0x12b/0x1a0
[  584.199268][T26962]  ? __pfx_kobject_init_and_add+0x10/0x10
[  584.199309][T26962]  ? __raw_spin_lock_init+0x45/0x100
[  584.199330][T26962]  ? __init_swait_queue_head+0xa9/0x150
[  584.199352][T26962]  gfs2_sys_fs_add+0x257/0x480
[  584.199378][T26962]  ? is_dynamic_key+0x1ac/0x1c0
[  584.199399][T26962]  ? __pfx_gfs2_sys_fs_add+0x10/0x10
[  584.199429][T26962]  ? __pfx_alloc_workqueue_noprof+0x10/0x10
[  584.199462][T26962]  gfs2_fill_super+0x13a7/0x21d0
[  584.199502][T26962]  ? __pfx_gfs2_fill_super+0x10/0x10
[  584.199530][T26962]  ? sb_set_blocksize+0x155/0x240
[  584.199556][T26962]  ? setup_bdev_super+0x4c1/0x5b0
[  584.199586][T26962]  get_tree_bdev_flags+0x431/0x4f0
[  584.199609][T26962]  ? __pfx_gfs2_fill_super+0x10/0x10
[  584.199633][T26962]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  584.199653][T26962]  ? __pfx_vfs_parse_comma_sep+0x10/0x10
[  584.199682][T26962]  gfs2_get_tree+0x51/0x1e0
[  584.199707][T26962]  vfs_get_tree+0x92/0x2a0
[  584.199727][T26962]  do_new_mount+0x341/0xd30
[  584.199750][T26962]  ? apparmor_capable+0x126/0x170
[  584.199775][T26962]  ? __pfx_do_new_mount+0x10/0x10
[  584.199803][T26962]  ? ns_capable+0x89/0xe0
[  584.199841][T26962]  ? user_path_at+0xd4/0x160
[  584.199863][T26962]  __se_sys_mount+0x31d/0x420
[  584.199892][T26962]  ? __pfx___se_sys_mount+0x10/0x10
[  584.199921][T26962]  ? __x64_sys_mount+0x20/0xc0
[  584.199949][T26962]  do_syscall_64+0x14d/0xf80
[  584.199976][T26962]  ? trace_irq_disable+0x3b/0x150
[  584.199995][T26962]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  584.200016][T26962]  ? clear_bhb_loop+0x40/0x90
[  584.200041][T26962]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  584.200061][T26962] RIP: 0033:0x7fbcfa19d20a
[  584.200080][T26962] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  584.200096][T26962] RSP: 002b:00007fbcfb03de58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  584.200118][T26962] RAX: ffffffffffffffda RBX: 00007fbcfb03dee0 RCX: 00007fbcfa19d20a
[  584.200133][T26962] RDX: 00002000000124c0 RSI: 0000200000012500 RDI: 00007fbcfb03dea0
[  584.200147][T26962] RBP: 00002000000124c0 R08: 00007fbcfb03dee0 R09: 0000000000000000
[  584.200161][T26962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000012500
[  584.200175][T26962] R13: 00007fbcfb03dea0 R14: 0000000000012588 R15: 0000200000000000
[  584.200204][T26962]  </TASK>
[  584.223300][T26962] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory.
[  584.223326][T26962] gfs2: fsid=syz:syz: error -17 adding sysfs files
[  585.046545][ T5907] gfs2: fsid=syz:syz.0: file system withdrawn
[  585.469452][T27018] loop8: detected capacity change from 0 to 256
[  585.503512][T26996] loop7: detected capacity change from 0 to 32768
[  585.530995][T27018] FAT-fs (loop8): Directory bread(block 64) failed
[  585.545173][T26996] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.9044 (26996)
[  585.574692][T27018] FAT-fs (loop8): Directory bread(block 65) failed
[  585.582722][T27018] FAT-fs (loop8): Directory bread(block 66) failed
[  585.607934][T26996] BTRFS info (device loop7): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  585.623095][T27018] FAT-fs (loop8): Directory bread(block 67) failed
[  585.630859][T26996] BTRFS info (device loop7): using crc32c checksum algorithm
[  585.640045][T27018] FAT-fs (loop8): Directory bread(block 68) failed
[  585.666334][T27018] FAT-fs (loop8): Directory bread(block 69) failed
[  585.678778][T27018] FAT-fs (loop8): Directory bread(block 70) failed
[  585.689037][T27018] FAT-fs (loop8): Directory bread(block 71) failed
[  585.698376][T27018] FAT-fs (loop8): Directory bread(block 72) failed
[  585.705136][T27018] FAT-fs (loop8): Directory bread(block 73) failed
[  585.768540][T27038] netlink: 256 bytes leftover after parsing attributes in process `syz.1.9056'.
[  585.769097][T26996] BTRFS info (device loop7): allowing degraded mounts
[  585.786969][T27038] netlink: 72 bytes leftover after parsing attributes in process `syz.1.9056'.
[  585.798681][T26996] BTRFS info (device loop7): enabling ssd optimizations
[  585.818813][T26996] BTRFS info (device loop7): turning on async discard
[  585.850763][T26996] BTRFS info (device loop7): enabling free space tree
[  585.892178][T26996] BTRFS info (device loop7): enabling auto defrag
[  585.952660][T27043] loop8: detected capacity change from 0 to 512
[  585.971908][T27043] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  586.002747][T27043] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a84ec01c, mo2=0003]
[  586.011832][T27043] System zones: 1-2, 4-12, 8-8
[  586.064186][T27043] EXT4-fs error (device loop8): ext4_orphan_get:1391: inode #15: comm syz.8.9057: iget: bad i_size value: 38620345925642
[  586.077273][T27043] loop8: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  586.079415][T27043] EXT4-fs error (device loop8): ext4_orphan_get:1396: comm syz.8.9057: couldn't read orphan inode 15 (err -117)
[  586.088665][    C0] EXT4-fs (loop8): error count since last fsck: 1
[  586.088688][    C0] EXT4-fs (loop8): initial error at time 1771349086: ext4_orphan_get:1391: inode 15
[  586.088721][    C0] EXT4-fs (loop8): last error at time 1771349086: ext4_orphan_get:1391: inode 15
[  586.129973][T27043] loop8: lost filesystem error report for type 5 error -117
[  586.138266][T27043] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  586.246207][T13332] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  586.323117][T11097] BTRFS info (device loop7): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  586.592149][    T9] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[  586.620800][T27064] loop3: detected capacity change from 0 to 512
[  586.696390][T27064] EXT4-fs error (device loop3): ext4_map_blocks:776: inode #2: block 3: comm syz.3.9067: lblock 0 mapped to illegal pblock 3 (length 1)
[  586.721326][T27064] loop3: lost file I/O error report for ino 2 type 5 pos 0x0 len 0x0 error -117
[  586.723189][    C0] EXT4-fs (loop3): error count since last fsck: 1
[  586.738894][    C0] EXT4-fs (loop3): initial error at time 1771349087: ext4_map_blocks:776: inode 2: block 3
[  586.748949][    C0] EXT4-fs (loop3): last error at time 1771349087: ext4_map_blocks:776: inode 2: block 3
[  586.761049][T27064] EXT4-fs (loop3): Remounting filesystem read-only
[  586.772275][    T9] usb 2-1: Using ep0 maxpacket: 16
[  586.817108][    T9] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0
[  586.833968][T27064] EXT4-fs warning (device loop3): dx_probe:791: inode #2: lblock 0: comm syz.3.9067: error -117 reading directory block
[  586.870657][    T9] usb 2-1: config 0 interface 0 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  586.882361][T27064] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117
[  586.885402][T27076] netlink: 16 bytes leftover after parsing attributes in process `syz.8.9071'.
[  586.919485][    T9] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  586.928486][T27064] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  586.930559][    T9] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  586.954781][    T9] usb 2-1: config 0 interface 0 has no altsetting 0
[  587.000404][    T9] usb 2-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb
[  587.020926][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  587.047617][    T9] usb 2-1: Product: syz
[  587.051825][    T9] usb 2-1: Manufacturer: syz
[  587.092382][    T9] usb 2-1: SerialNumber: syz
[  587.105940][    T9] usb 2-1: config 0 descriptor??
[  587.116022][T27054] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  587.163414][ T5824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  587.360100][T27086] mkiss: ax0: crc mode is auto.
[  587.379130][T27054] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  587.463645][    T9] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input43
[  587.501707][T27095] comedi comedi3: 8255: I/O port conflict (0x40404f26,4)
[  587.798517][T27104] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  587.820637][ T5907] usb 2-1: USB disconnect, device number 55
[  588.217041][T27094] loop9: detected capacity change from 0 to 32768
[  588.307227][T27094] XFS (loop9): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  588.356708][T27130] loop7: detected capacity change from 0 to 128
[  588.370432][T27094] XFS (loop9): Ending clean mount
[  588.382423][T27094] XFS (loop9): Quotacheck needed: Please wait.
[  588.430172][T27094] XFS (loop9): Quotacheck: Done.
[  588.558397][T27140] netlink: 8 bytes leftover after parsing attributes in process `syz.8.9097'.
[  588.579836][T17153] XFS (loop9): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  588.582577][T27140] netlink: 4 bytes leftover after parsing attributes in process `syz.8.9097'.
[  588.637497][T27140] netlink: 'syz.8.9097': attribute type 12 has an invalid length.
[  589.621403][T27158] loop7: detected capacity change from 0 to 32768
[  589.689218][T27158] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.9105 (27158)
[  589.754838][T27158] BTRFS info (device loop7): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  589.801705][T27158] BTRFS info (device loop7): using sha256 checksum algorithm
[  590.027928][T27158] BTRFS info (device loop7): rebuilding free space tree
[  590.091875][T27158] BTRFS info (device loop7): disabling free space tree
[  590.131363][T27158] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  590.147110][T27158] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  590.179190][T27158] BTRFS info (device loop7): setting nodatasum
[  590.212232][T27158] BTRFS info (device loop7): setting nodatacow
[  590.223372][T27158] BTRFS info (device loop7): force clearing of disk cache
[  590.315522][T23779] usb 9-1: new high-speed USB device number 36 using dummy_hcd
[  590.415776][T11097] BTRFS info (device loop7): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  590.514514][T23779] usb 9-1: Using ep0 maxpacket: 16
[  590.537577][T23779] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  590.579314][T23779] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  590.603167][T23779] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  590.652885][T23779] usb 9-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  590.692275][T23779] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  590.734039][T23779] usb 9-1: config 0 descriptor??
[  591.007602][T27243] netlink: 120 bytes leftover after parsing attributes in process `syz.9.9138'.
[  591.042379][T27243] netlink: 'syz.9.9138': attribute type 1 has an invalid length.
[  591.072301][T27243] netlink: 64 bytes leftover after parsing attributes in process `syz.9.9138'.
[  591.161931][T23779] microsoft 0003:045E:07DA.0014: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.8-1/input0
[  591.187026][T23779] microsoft 0003:045E:07DA.0014: no inputs found
[  591.200884][T23779] microsoft 0003:045E:07DA.0014: could not initialize ff, continuing anyway
[  591.263554][T27248] xt_l2tp: missing protocol rule (udp|l2tpip)
[  591.350535][T23779] usb 9-1: USB disconnect, device number 36
[  591.425522][T27256] netlink: 32 bytes leftover after parsing attributes in process `syz.3.9143'.
[  591.482202][ T5907] IPVS: starting estimator thread 0...
[  591.572102][T27259] IPVS: using max 40 ests per chain, 96000 per kthread
[  591.625568][T27266] loop3: detected capacity change from 0 to 512
[  591.675493][T27266] EXT4-fs (loop3): orphan cleanup on readonly fs
[  591.708367][T27266] EXT4-fs error (device loop3): ext4_map_blocks:776: inode #11: block 1: comm syz.3.9148: lblock 0 mapped to illegal pblock 1 (length 1)
[  591.771848][T27266] loop3: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  591.782111][    C1] EXT4-fs (loop3): error count since last fsck: 1
[  591.797708][    C1] EXT4-fs (loop3): initial error at time 1771349092: ext4_map_blocks:776: inode 11: block 1
[  591.807862][    C1] EXT4-fs (loop3): last error at time 1771349092: ext4_map_blocks:776: inode 11: block 1
[  591.821717][T27266] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2858: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  591.835761][T27266] EXT4-fs error (device loop3): ext4_xattr_inode_update_ref:1037: inode #11: comm syz.3.9148: EA inode 11 ref wraparound: ref_count=0 ref_change=-1
[  591.858315][T27266] loop3: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  591.870449][T27266] EXT4-fs warning (device loop3): ext4_xattr_inode_dec_ref_all:1231: inode #11: comm syz.3.9148: ea_inode dec ref err=-117
[  591.922483][T27275] tmpfs: Cannot change global quota limit on remount
[  591.964314][T27266] EXT4-fs (loop3): 1 orphan inode deleted
[  591.974116][T27266] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  592.075589][T27282] netlink: 8 bytes leftover after parsing attributes in process `syz.7.9155'.
[  592.147388][ T5824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  592.581758][T27315] loop9: detected capacity change from 0 to 2048
[  592.684739][T27315] UDF-fs: error (device loop9): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  592.730180][T27315] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  593.023410][T27335] loop3: detected capacity change from 0 to 2048
[  593.042638][T27335] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  593.200995][T27341] tipc: Can't bind to reserved service type 0
[  593.345327][T27348] netlink: 'syz.8.9186': attribute type 11 has an invalid length.
[  593.414133][T27327] loop7: detected capacity change from 0 to 32768
[  593.451285][T27327] XFS (loop7): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  593.510814][T27327] XFS (loop7): Ending clean mount
[  593.538768][T27327] XFS (loop7): Quotacheck needed: Please wait.
[  593.606015][T27367] netlink: 8 bytes leftover after parsing attributes in process `syz.9.9190'.
[  593.652955][T27327] XFS (loop7): Quotacheck: Done.
[  593.722510][ T5886] usb 9-1: new high-speed USB device number 37 using dummy_hcd
[  593.748551][T11097] XFS (loop7): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  593.885639][T27374] netlink: 48 bytes leftover after parsing attributes in process `syz.9.9192'.
[  593.905144][ T5886] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  593.952939][ T5886] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  593.972492][ T5886] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  594.000246][ T5886] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  594.070564][T27361] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  594.079978][T27351] loop3: detected capacity change from 0 to 32768
[  594.099594][ T5886] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[  594.118870][T27351] ocfs2: Slot 0 on device (7,3) was already allocated to this node!
[  594.179058][T27351] JBD2: Ignoring recovery information on journal
[  594.187100][T27380] smc: net device bond0 applied user defined pnetid SYZ0
[  594.316227][T27351] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  594.538168][ T5886] usb 9-1: USB disconnect, device number 37
[  594.753353][ T5824] ocfs2: Unmounting device (7,3) on (node local)
[  594.899780][T27406] loop9: detected capacity change from 0 to 128
[  595.209198][T27410] loop7: detected capacity change from 0 to 4096
[  595.337060][T27410] ntfs3(loop7): ino=19, mi_enum_attr
[  595.362145][T27410] ntfs3(loop7): Mark volume as dirty due to NTFS errors
[  595.849100][T27447] loop8: detected capacity change from 0 to 64
[  595.897310][T27447] Trying to free block not in datazone
[  595.911596][T27447] minix_free_inode: bit 2 already cleared
[  596.101060][T27455] loop8: detected capacity change from 0 to 256
[  596.254305][T27458] loop7: detected capacity change from 0 to 2048
[  596.266383][T27428] loop9: detected capacity change from 0 to 32768
[  596.313187][T27458] NILFS (loop7): ifile inode (checkpoint number=2) corrupted
[  596.322284][T27428] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop9 (7:9) scanned by syz.9.9215 (27428)
[  596.354656][T27458] NILFS (loop7): error -5 while loading last checkpoint (checkpoint number=2)
[  596.379659][T27428] BTRFS info (device loop9): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  596.399473][T27428] BTRFS info (device loop9): using blake2b checksum algorithm
[  596.412455][ T5886] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[  596.462636][   T29] audit: type=1400 audit(1771349097.315:358): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=3A2F2F261417FAABCD pid=27456 comm="syz.7.9229"
[  596.546369][T27428] BTRFS info (device loop9): enabling ssd optimizations
[  596.565169][T27428] BTRFS info (device loop9): turning on async discard
[  596.585477][T27428] BTRFS info (device loop9): enabling free space tree
[  596.595642][ T5886] usb 2-1: Using ep0 maxpacket: 32
[  596.604920][T27449] loop3: detected capacity change from 0 to 32768
[  596.626877][ T5886] usb 2-1: config 0 has an invalid interface number: 12 but max is 0
[  596.636161][T27428] BTRFS info (device loop9): use lzo compression, level 1
[  596.654018][ T5886] usb 2-1: config 0 has no interface number 0
[  596.660166][ T5886] usb 2-1: config 0 interface 12 has no altsetting 0
[  596.667102][T27428] BTRFS info (device loop9): max_inline set to 0
[  596.667191][T27449] ocfs2: Slot 0 on device (7,3) was already allocated to this node!
[  596.696963][ T5886] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  596.720883][T27449] JBD2: Ignoring recovery information on journal
[  596.764401][ T5886] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  596.813244][ T5886] usb 2-1: Product: syz
[  596.817451][ T5886] usb 2-1: Manufacturer: syz
[  596.845572][   T29] audit: type=1800 audit(1771349097.705:359): pid=27428 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.9215" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop9" ino=263 res=0 errno=0
[  596.887322][ T5886] usb 2-1: SerialNumber: syz
[  596.903111][ T5886] usb 2-1: config 0 descriptor??
[  596.939998][T27449] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  597.023294][ T5948] kernel read not supported for file /binder/failed_transaction_log (pid: 5948 comm: kworker/1:6)
[  597.028282][T17153] BTRFS info (device loop9): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  597.034134][ T5907] usb 8-1: new high-speed USB device number 26 using dummy_hcd
[  597.034571][  T804] kernel write not supported for file /binder/failed_transaction_log (pid: 804 comm: kworker/1:2)
[  597.222309][ T5907] usb 8-1: Using ep0 maxpacket: 32
[  597.228852][ T5824] ocfs2: Unmounting device (7,3) on (node local)
[  597.229416][ T5907] usb 8-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  597.268352][ T5907] usb 8-1: config 0 interface 0 has no altsetting 0
[  597.275710][ T5907] usb 8-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[  597.285369][ T5907] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  597.316596][ T5907] usb 8-1: config 0 descriptor??
[  597.549125][ T5886] f81534 2-1:0.12: f81534_get_register: reg: 1003 failed: -71
[  597.582221][ T5886] f81534 2-1:0.12: f81534_find_config_idx: read failed: -71
[  597.602070][ T5886] f81534 2-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  597.609797][ T5886] f81534 2-1:0.12: probe with driver f81534 failed with error -71
[  597.671423][ T5886] usb 2-1: USB disconnect, device number 56
[  597.766117][ T5907] corsair-cpro 0003:1B1C:0C10.0015: hidraw0: USB HID v4.06 Device [HID 1b1c:0c10] on usb-dummy_hcd.7-1/input0
[  597.875619][ T5907] corsair-cpro 0003:1B1C:0C10.0015: probe with driver corsair-cpro failed with error -38
[  598.014500][ T5907] usb 8-1: USB disconnect, device number 26
[  598.087240][T27514] loop3: detected capacity change from 0 to 4096
[  598.204257][T27521] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  598.336613][T27526] NILFS (loop8): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  598.740162][T27533] set_capacity_and_notify: 1 callbacks suppressed
[  598.740181][T27533] loop7: detected capacity change from 0 to 4096
[  598.850393][T27533] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  599.005296][   T29] audit: type=1800 audit(1771349099.865:360): pid=27533 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.9255" name="file0" dev="loop7" ino=13 res=0 errno=0
[  599.129669][T27525] loop9: detected capacity change from 0 to 32768
[  599.143839][T11097] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  599.252270][T27525] XFS (loop9): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  599.420352][T27546] loop8: detected capacity change from 0 to 32768
[  599.428965][T27525] XFS (loop9): Ending clean mount
[  599.438517][T27546] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.9260 (27546)
[  599.499029][T27546] BTRFS info (device loop8): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  599.558723][T27546] BTRFS info (device loop8): using blake2b checksum algorithm
[  599.668918][T27546] BTRFS info (device loop8): enabling ssd optimizations
[  599.724097][T27546] BTRFS info (device loop8): turning on async discard
[  599.730914][T27546] BTRFS info (device loop8): enabling free space tree
[  599.742427][T17153] XFS (loop9): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  600.142684][T13332] BTRFS info (device loop8): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  600.165047][T27604] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9277'.
[  600.341706][T27608] loop9: detected capacity change from 0 to 8
[  600.467832][T27608] SQUASHFS error: xz decompression failed, data probably corrupt
[  600.485950][T27608] SQUASHFS error: Failed to read block 0xa8: -5
[  600.519724][T27608] SQUASHFS error: xz decompression failed, data probably corrupt
[  600.547326][T27608] SQUASHFS error: Failed to read block 0xa8: -5
[  600.568637][   T29] audit: type=1800 audit(1771349101.425:361): pid=27608 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.9.9272" name="file0" dev="loop9" ino=3 res=0 errno=0
[  600.876676][T27601] loop3: detected capacity change from 0 to 32768
[  600.917000][T27601] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.9275 (27601)
[  600.957446][T27601] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  600.972271][T27601] BTRFS info (device loop3): using sha256 checksum algorithm
[  601.049618][T27601] BTRFS info (device loop3): enabling ssd optimizations
[  601.061423][T27601] BTRFS info (device loop3): turning on async discard
[  601.069119][T27601] BTRFS info (device loop3): enabling free space tree
[  601.103374][T27640] bond3: entered allmulticast mode
[  601.322998][ T5824] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  601.669962][T27666] loop9: detected capacity change from 0 to 1024
[  601.701196][T27666] EXT4-fs: Ignoring removed nomblk_io_submit option
[  601.732843][T27666] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  601.742349][T27666] System zones: 0-1, 3-36
[  601.784784][T27666] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  601.804168][T27675] netlink: 16 bytes leftover after parsing attributes in process `syz.7.9299'.
[  602.193684][T17153] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  602.492451][   T29] audit: type=1326 audit(1771349103.345:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27702 comm="syz.7.9313" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f593df9bf79 code=0x0
[  602.761557][T27713] netlink: 'syz.7.9317': attribute type 41 has an invalid length.
[  602.921453][T27693] loop8: detected capacity change from 0 to 32768
[  602.971306][T27693] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.9309 (27693)
[  603.033516][T27693] BTRFS info (device loop8): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  603.062846][T27693] BTRFS info (device loop8): using sha256 checksum algorithm
[  603.153471][T27693] BTRFS info (device loop8): rebuilding free space tree
[  603.191748][T27693] BTRFS info (device loop8): disabling free space tree
[  603.214337][T27693] BTRFS info (device loop8): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  603.249457][T27701] loop3: detected capacity change from 0 to 32768
[  603.258112][T27693] BTRFS info (device loop8): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  603.307230][T27693] BTRFS info (device loop8): setting nodatasum
[  603.328662][T27701] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  603.370354][T27693] BTRFS info (device loop8): setting nodatacow
[  603.374660][T27751] loop9: detected capacity change from 0 to 4096
[  603.412522][T27693] BTRFS info (device loop8): force clearing of disk cache
[  603.464330][T27701] XFS (loop3): Ending clean mount
[  603.475160][T27701] XFS (loop3): Quotacheck needed: Please wait.
[  603.536612][T27751] ntfs3(loop9): Failed to load $AttrDef (-22)
[  603.570804][  T589] XFS (loop3): Metadata CRC error detected at xfs_agfl_read_verify+0x139/0x200, xfs_agfl block 0x3 
[  603.617765][  T589] XFS (loop3): Unmount and run xfs_repair
[  603.648218][  T589] XFS (loop3): First 128 bytes of corrupted metadata buffer:
[  603.650579][T13332] BTRFS info (device loop8): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  603.689219][  T589] 00000000: 58 41 46 ff 07 00 00 00 bf dc 47 fc 10 d8 4e ed  XAF.......G...N.
[  603.749353][  T589] 00000010: a5 62 11 a8 31 b3 f7 91 00 00 00 00 00 00 00 00  .b..1...........
[  603.754383][T27757] loop9: detected capacity change from 0 to 1024
[  603.777083][  T589] 00000020: a5 3b c8 8a ff ff ff ff 00 00 00 07 00 00 00 08  .;..............
[  603.796433][  T589] 00000030: 00 00 00 09 00 00 00 0a 00 00 00 0b 00 00 00 0c  ................
[  603.817331][  T589] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  603.831790][T27757] EXT4-fs: Ignoring removed bh option
[  603.868254][  T589] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  603.878269][T27723] loop7: detected capacity change from 0 to 32768
[  603.899471][T27757] EXT4-fs (loop9): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  603.930257][  T589] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  603.955963][T27723] JBD2: Ignoring recovery information on journal
[  603.970386][  T589] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  603.987098][  T589] XFS (loop3): metadata I/O error in "xfs_alloc_read_agfl+0x233/0x430" at daddr 0x3 len 1 error 74
[  604.010157][T27757] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  604.061061][  T589] loop3: lost filesystem error report for type 5 error -117
[  604.066202][T27701] XFS (loop3): Quotacheck: Unsuccessful (Error -117): Disabling quotas.
[  604.113447][T27723] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[  604.115469][T27701] loop3: lost filesystem error report for type 5 error -117
[  604.305453][T17153] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  604.559673][ T5824] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  604.600661][ T5824] XFS (loop3): Uncorrected metadata errors detected; please run xfs_repair.
[  604.690131][T11097] ocfs2: Unmounting device (7,7) on (node local)
[  604.832783][  T804] usb 10-1: new full-speed USB device number 30 using dummy_hcd
[  604.870542][T27773] loop8: detected capacity change from 0 to 512
[  604.926502][T27773] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  605.004562][   T29] audit: type=1800 audit(1771349105.855:363): pid=27773 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.9335" name="file1" dev="loop8" ino=15 res=0 errno=0
[  605.008523][T27778] netlink: 24 bytes leftover after parsing attributes in process `syz.3.9333'.
[  605.069494][  T804] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  605.102764][T27780] loop7: detected capacity change from 0 to 2048
[  605.110343][  T804] usb 10-1: New USB device found, idVendor=046a, idProduct=0023, bcdDevice= 0.00
[  605.130558][  T804] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  605.158975][  T804] usb 10-1: config 0 descriptor??
[  605.169174][T27781] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  605.221423][T13332] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  605.390554][T27787] loop8: detected capacity change from 0 to 512
[  605.450206][T27787] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  605.536026][T27787] ext4 filesystem being mounted at /1186/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  605.629897][  T804] cherry 0003:046A:0023.0016: hidraw0: USB HID v10.00 Device [HID 046a:0023] on usb-dummy_hcd.9-1/input0
[  605.774281][T13332] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  605.847778][  T804] usb 10-1: USB disconnect, device number 30
[  606.075516][T27809] loop3: detected capacity change from 0 to 512
[  606.114938][T27809] EXT4-fs (loop3): orphan cleanup on readonly fs
[  606.132643][T27809] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -13
[  606.141751][T27809] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1315: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  606.160361][T27809] EXT4-fs error (device loop3): ext4_clear_blocks:876: inode #13: comm syz.3.9348: attempt to clear invalid blocks 6 len 1
[  606.173316][    C0] EXT4-fs (loop3): error count since last fsck: 1
[  606.173344][    C0] EXT4-fs (loop3): initial error at time 1771349107: ext4_mb_generate_buddy:1315
[  606.173373][    C0] EXT4-fs (loop3): last error at time 1771349107: ext4_mb_generate_buddy:1315
[  606.203926][T27809] loop3: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117
[  606.209391][T27809] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.9348: invalid indirect mapped block 1819239214 (level 0)
[  606.287258][T27809] loop3: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117
[  606.287654][T27809] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.9348: invalid indirect mapped block 1819239214 (level 1)
[  606.313364][T27809] loop3: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117
[  606.340970][T27809] EXT4-fs (loop3): 1 truncate cleaned up
[  606.374720][T27809] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  606.396981][T27818] netlink: 'syz.8.9352': attribute type 1 has an invalid length.
[  606.419430][T27802] loop7: detected capacity change from 0 to 32768
[  606.557635][ T5824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  606.803809][T27834] netlink: 'syz.8.9360': attribute type 1 has an invalid length.
[  606.811586][T27834] netlink: 96 bytes leftover after parsing attributes in process `syz.8.9360'.
[  606.875642][T27834] netlink: 1 bytes leftover after parsing attributes in process `syz.8.9360'.
[  606.882874][T27836] netlink: 256 bytes leftover after parsing attributes in process `syz.7.9362'.
[  606.916731][T27834] netlink: 'syz.8.9360': attribute type 2 has an invalid length.
[  607.182218][T27843] syz.1.9363 (27843) used greatest stack depth: 17408 bytes left
[  607.306891][   T29] audit: type=1800 audit(1771349108.165:364): pid=27854 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.9368" name="bus" dev="tmpfs" ino=4551 res=0 errno=0
[  607.364156][T27859] netlink: 'syz.1.9371': attribute type 2 has an invalid length.
[  607.503530][T27867] loop3: detected capacity change from 0 to 128
[  607.677508][T27873] loop8: detected capacity change from 0 to 128
[  607.725716][T27875] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9380'.
[  607.750906][T27873] UDF-fs: error (device loop8): udf_read_tagged: read failed, block=256, location=256
[  607.769075][T27875] vlan0: entered promiscuous mode
[  607.776013][T27875] bridge0: entered promiscuous mode
[  607.902226][ T5907] usb 10-1: new full-speed USB device number 31 using dummy_hcd
[  608.036540][T27865] loop7: detected capacity change from 0 to 32768
[  608.057374][ T5907] usb 10-1: too many endpoints for config 0 interface 0 altsetting 254: 253, using maximum allowed: 30
[  608.070135][T27865] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.9373 (27865)
[  608.101667][ T5907] usb 10-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  608.119458][ T5907] usb 10-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  608.134642][ T5907] usb 10-1: config 0 interface 0 has no altsetting 0
[  608.141592][ T5907] usb 10-1: New USB device found, idVendor=044e, idProduct=120c, bcdDevice= 0.00
[  608.168529][ T5907] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  608.176994][T27865] BTRFS info (device loop7): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  608.201251][T27865] BTRFS info (device loop7): using sha256 checksum algorithm
[  608.212965][ T5907] usb 10-1: config 0 descriptor??
[  608.308169][T27865] BTRFS info (device loop7): rebuilding free space tree
[  608.352778][T27865] BTRFS info (device loop7): disabling free space tree
[  608.385585][T27865] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  608.460251][T27865] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  608.521859][T27865] BTRFS info (device loop7): setting nodatasum
[  608.531573][T27914] ALSA: seq fatal error: cannot create timer (-22)
[  608.539048][T27865] BTRFS info (device loop7): setting nodatacow
[  608.549700][T27865] BTRFS info (device loop7): turning off barriers
[  608.576625][T27865] BTRFS info (device loop7): force clearing of disk cache
[  608.650835][ T5907] hid-alps 0003:044E:120C.0017: unbalanced collection at end of report description
[  608.685306][ T5907] hid-alps 0003:044E:120C.0017: parse failed
[  608.706123][ T5907] hid-alps 0003:044E:120C.0017: probe with driver hid-alps failed with error -22
[  608.790480][T11097] BTRFS info (device loop7): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  608.859645][ T5886] usb 10-1: USB disconnect, device number 31
[  609.346354][T27945] netlink: 28 bytes leftover after parsing attributes in process `syz.7.9407'.
[  609.380931][T27945] IPVS: Error connecting to the multicast addr
[  609.582322][T27953] netlink: 4 bytes leftover after parsing attributes in process `syz.9.9411'.
[  610.099211][T27959] loop8: detected capacity change from 0 to 32768
[  610.132593][ T5907] usb 10-1: new high-speed USB device number 32 using dummy_hcd
[  610.210748][T27959] JBD2: Ignoring recovery information on journal
[  610.302135][ T5907] usb 10-1: Using ep0 maxpacket: 16
[  610.303189][T27959] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode.
[  610.314521][ T5907] usb 10-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90
[  610.331714][ T5907] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  610.349800][ T5907] usb 10-1: Product: syz
[  610.362196][ T5907] usb 10-1: Manufacturer: syz
[  610.377187][ T5907] usb 10-1: SerialNumber: syz
[  610.390119][ T5907] usb 10-1: config 0 descriptor??
[  610.412180][T27980] loop3: detected capacity change from 0 to 1024
[  610.417562][ T5907] ums-onetouch 10-1:0.0: USB Mass Storage device detected
[  610.453622][T27980] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  610.543587][T27980] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  610.596100][T27958] loop7: detected capacity change from 0 to 32768
[  610.635970][T27958] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  610.648618][T13332] ocfs2: Unmounting device (7,8) on (node local)
[  610.664483][ T5824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  610.719768][ T5907] usb 10-1: USB disconnect, device number 32
[  610.733141][T27958] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  610.857815][T27992] loop3: detected capacity change from 0 to 16
[  610.883643][T27992] MTD: Attempt to mount non-MTD device "/dev/loop3"
[  610.926180][T27958] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms
[  610.963728][  T804] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  610.980747][  T804] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  611.081744][  T804] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 100ms
[  611.110963][  T804] gfs2: fsid=syz:syz.0: jid=0: Done
[  611.117823][ T5838] Bluetooth: hci3: command 0x0405 tx timeout
[  611.134116][T27958] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  611.192379][T28000] netlink: 24 bytes leftover after parsing attributes in process `syz.8.9429'.
[  611.407474][T28004] loop9: detected capacity change from 0 to 2048
[  611.495951][T28008] xt_l2tp: unknown flags: 1f
[  611.509327][T28004] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  611.552303][T28004] ext4 filesystem being mounted at /893/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  611.637041][   T29] audit: type=1804 audit(1771349112.485:365): pid=27958 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.7.9412" name="/newroot/1504/file0/file0" dev="loop7" ino=9378 res=1 errno=0
[  611.796487][T17153] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  611.972143][ T5886] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  612.158095][ T5886] usb 4-1: Using ep0 maxpacket: 32
[  612.188057][ T5886] usb 4-1: New USB device found, idVendor=0fe9, idProduct=d501, bcdDevice=23.50
[  612.198151][T28034] hugetlbfs: Bad value 'k' for mount option 'nr_inodes'
[  612.198151][T28034] 
[  612.238389][ T5886] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  612.256224][ T5886] usb 4-1: Product: syz
[  612.256919][T28039] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9446'.
[  612.264467][ T5886] usb 4-1: Manufacturer: syz
[  612.292153][ T5886] usb 4-1: SerialNumber: syz
[  612.336766][ T5886] usb 4-1: config 0 descriptor??
[  612.367204][ T5886] dvb-usb: found a 'DViCO FusionHDTV5 USB Gold' in warm state.
[  612.408887][ T5886] dvb-usb: bulk message failed: -22 (2/0)
[  612.415513][T28044] loop8: detected capacity change from 0 to 512
[  612.431336][ T5886] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  612.443417][ T5886] dvbdev: DVB: registering new adapter (DViCO FusionHDTV5 USB Gold)
[  612.451580][T28044] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  612.502182][ T5886] usb 4-1: media controller created
[  612.520927][ T5886] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  612.527801][T28044] EXT4-fs (loop8): 1 truncate cleaned up
[  612.562744][ T5886] usb 4-1: selecting invalid altsetting 7
[  612.571643][ T5886] cxusb: set interface failed
[  612.575806][T28044] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  612.581510][ T5886] dvb-usb: bulk message failed: -22 (1/0)
[  612.636337][ T5886] DVB: Unable to find symbol lgdt330x_attach()
[  612.643726][ T5886] dvb-usb: no frontend was attached by 'DViCO FusionHDTV5 USB Gold'
[  612.678589][T28060] netlink: 40 bytes leftover after parsing attributes in process `syz.7.9455'.
[  612.712102][ T5886] rc_core: IR keymap rc-dvico-portable not found
[  612.726778][ T5886] Registered IR keymap rc-empty
[  612.738579][ T5886] rc rc0: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0
[  612.754379][ T5886] input: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0/input44
[  612.775209][T13332] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  612.785687][ T5886] dvb-usb: schedule remote query interval to 100 msecs.
[  612.805929][ T5886] dvb-usb: DViCO FusionHDTV5 USB Gold successfully initialized and connected.
[  612.825310][ T5886] usb 4-1: USB disconnect, device number 39
[  612.864076][  T804] usb 10-1: new high-speed USB device number 33 using dummy_hcd
[  612.918688][T28068] loop8: detected capacity change from 0 to 512
[  612.941220][T28068] EXT4-fs: Ignoring removed nomblk_io_submit option
[  612.957831][ T5886] dvb-usb: DViCO FusionHDTV5 USB Gold successfully deinitialized and disconnected.
[  612.962275][T28068] EXT4-fs: Ignoring removed bh option
[  613.026047][T28068] EXT4-fs (loop8): mounting ext2 file system using the ext4 subsystem
[  613.048031][  T804] usb 10-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  613.074206][  T804] usb 10-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  613.078276][T28068] EXT4-fs error (device loop8): mb_free_blocks:2047: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt.
[  613.091038][  T804] usb 10-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  613.109253][  T804] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  613.112029][    C0] EXT4-fs (loop8): error count since last fsck: 1
[  613.121006][T28054] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  613.123804][    C0] EXT4-fs (loop8): initial error at time 1771349113: mb_free_blocks:2047: inode 11: block 64
[  613.131351][T28068] EXT4-fs error (device loop8): ext4_do_update_inode:5569: inode #11: comm syz.8.9458: corrupted inode contents
[  613.141045][    C0] EXT4-fs (loop8): last error at time 1771349113: mb_free_blocks:2047: inode 11: block 64
[  613.165051][T28068] loop8: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  613.172208][T28068] EXT4-fs error (device loop8): ext4_dirty_inode:6450: inode #11: comm syz.8.9458: mark_inode_dirty error
[  613.198385][  T804] usb 10-1: Quirk or no altset; falling back to MIDI 1.0
[  613.212347][T28068] loop8: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  613.212987][T28068] EXT4-fs error (device loop8): ext4_free_branches:1023: inode #11: comm syz.8.9458: invalid indirect mapped block 1 (level 1)
[  613.248074][T28076] netlink: 20 bytes leftover after parsing attributes in process `syz.7.9461'.
[  613.284137][T28068] loop8: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  613.284645][T28068] EXT4-fs error (device loop8): ext4_do_update_inode:5569: inode #11: comm syz.8.9458: corrupted inode contents
[  613.322281][T28068] loop8: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  613.327172][T28068] EXT4-fs error (device loop8) in ext4_orphan_del:303: Corrupt filesystem
[  613.348951][T28068] loop8: lost filesystem error report for type 5 error -117
[  613.350832][T28068] EXT4-fs error (device loop8): ext4_do_update_inode:5569: inode #11: comm syz.8.9458: corrupted inode contents
[  613.384392][T28068] loop8: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  613.386398][T28068] EXT4-fs error (device loop8): ext4_truncate:4587: inode #11: comm syz.8.9458: mark_inode_dirty error
[  613.407107][T28068] loop8: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  613.407524][T28068] EXT4-fs error (device loop8) in ext4_process_orphan:345: Corrupt filesystem
[  613.446491][   T29] audit: type=1326 audit(1771349114.305:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28079 comm="syz.3.9464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c9959bf79 code=0x7ffc0000
[  613.474674][T28068] loop8: lost filesystem error report for type 5 error -117
[  613.480503][T28068] EXT4-fs (loop8): 1 truncate cleaned up
[  613.524987][T28068] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  613.525157][T23779] usb 10-1: USB disconnect, device number 33
[  613.561477][   T29] audit: type=1326 audit(1771349114.335:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28079 comm="syz.3.9464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=129 compat=0 ip=0x7f1c9959bf79 code=0x7ffc0000
[  613.592326][ T5886] usb 2-1: new high-speed USB device number 57 using dummy_hcd
[  613.644384][   T29] audit: type=1326 audit(1771349114.335:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28079 comm="syz.3.9464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1c99595d97 code=0x7ffc0000
[  613.709024][   T29] audit: type=1326 audit(1771349114.335:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28079 comm="syz.3.9464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1c9953d399 code=0x7ffc0000
[  613.762804][ T5886] usb 2-1: Using ep0 maxpacket: 32
[  613.769672][ T5886] usb 2-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  613.777428][T13332] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  613.788376][   T29] audit: type=1326 audit(1771349114.335:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28079 comm="syz.3.9464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c9959bf79 code=0x7ffc0000
[  613.802101][ T5886] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  613.907060][ T5886] gspca_main: nw80x-2.14.0 probing 055f:d001
[  614.222366][T28084] loop3: detected capacity change from 0 to 40427
[  614.253539][T28084] F2FS-fs (loop3): build fault injection rate: 771
[  614.289533][T28084] F2FS-fs (loop3): invalid crc value
[  614.541427][T28084] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  614.564598][  T804] usb 2-1: USB disconnect, device number 57
[  614.570908][T28088] loop7: detected capacity change from 0 to 32768
[  614.595207][T28084] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  614.645515][T28088] XFS (loop7): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  614.750127][T28088] XFS (loop7): Ending clean mount
[  614.788978][T28088] XFS (loop7): Quotacheck needed: Please wait.
[  614.796483][T28123] netlink: 'syz.9.9479': attribute type 1 has an invalid length.
[  614.814934][T28123] netlink: 12 bytes leftover after parsing attributes in process `syz.9.9479'.
[  614.825390][T28123] netlink: 658 bytes leftover after parsing attributes in process `syz.9.9479'.
[  614.834968][T28123] netlink: 'syz.9.9479': attribute type 1 has an invalid length.
[  614.932747][T28088] XFS (loop7): Quotacheck: Done.
[  615.034410][T11097] XFS (loop7): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  615.907237][T28160] loop7: detected capacity change from 0 to 4096
[  615.951447][T28163] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  615.988458][   T29] audit: type=1800 audit(1771349116.845:371): pid=28160 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.9495" name="file2" dev="loop7" ino=16 res=0 errno=0
[  616.009410][T28160] syz.7.9495: attempt to access beyond end of device
[  616.009410][T28160] loop7: rw=8388608, sector=2097320, nr_sectors = 8 limit=4096
[  616.049786][T28160] syz.7.9495: attempt to access beyond end of device
[  616.049786][T28160] loop7: rw=8388608, sector=2097320, nr_sectors = 8 limit=4096
[  616.272203][T28169] loop3: detected capacity change from 0 to 512
[  616.346694][T28169] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #17: comm syz.3.9500: iget: immutable or append flags not allowed on symlinks
[  616.362391][T28169] loop3: lost file I/O error report for ino 17 type 5 pos 0x0 len 0x0 error -117
[  616.368063][T28169] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.9500: couldn't read orphan inode 17 (err -117)
[  616.377278][    C1] EXT4-fs (loop3): error count since last fsck: 1
[  616.377302][    C1] EXT4-fs (loop3): initial error at time 1771349117: ext4_orphan_get:1391: inode 17
[  616.377334][    C1] EXT4-fs (loop3): last error at time 1771349117: ext4_orphan_get:1391: inode 17
[  616.462906][T28169] loop3: lost filesystem error report for type 5 error -117
[  616.465035][T28169] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  616.653628][ T5824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  617.265044][T28215] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  617.286158][T28215] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  617.356963][T28215] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  617.384497][T28215] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  617.454446][T28215] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  617.464650][T28215] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  617.487788][T28215] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  617.517605][T28215] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  617.522468][T28234] netlink: 'syz.3.9528': attribute type 8 has an invalid length.
[  617.550888][T28215] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  617.583906][T28215] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  618.118723][T28261] loop9: detected capacity change from 0 to 128
[  618.162686][T28261] EXT4-fs (loop9): mounting ext2 file system using the ext4 subsystem
[  618.210426][T28261] EXT4-fs (loop9): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  618.215111][T28266] macsec1: entered promiscuous mode
[  618.240873][T28266] team0: entered promiscuous mode
[  618.246968][T28266] team_slave_0: entered promiscuous mode
[  618.253028][T28266] team_slave_1: entered promiscuous mode
[  618.258922][T28266] geneve0: entered promiscuous mode
[  618.264509][T28266] bridge0: entered promiscuous mode
[  618.273080][T28266] team0: Device macsec1 is already an upper device of the team interface
[  618.288134][T28261] ext2 filesystem being mounted at /915/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  618.336557][T28261] EXT4-fs (loop9): resizing filesystem from 64 to 2 blocks
[  618.379045][T28261] EXT4-fs warning (device loop9): ext4_resize_fs:2042: can't shrink FS - resize aborted
[  618.390864][T28266] team0: left promiscuous mode
[  618.412507][T28266] team_slave_0: left promiscuous mode
[  618.419874][T28266] team_slave_1: left promiscuous mode
[  618.425860][T28266] geneve0: left promiscuous mode
[  618.432491][T28266] bridge0: left promiscuous mode
[  618.496944][T17153] EXT4-fs (loop9): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  618.662401][  T804] usb 8-1: new high-speed USB device number 27 using dummy_hcd
[  618.687522][T28284] sch_tbf: burst 274 is lower than device lo mtu (65550) !
[  618.833757][  T804] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  618.872401][  T804] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  618.893724][  T804] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  618.911537][  T804] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  618.974350][T28276] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  618.986242][  T804] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  619.050895][T28296] loop9: detected capacity change from 0 to 4096
[  619.069024][T28301] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method
[  619.273440][ T5838] Bluetooth: hci1: command 0x0406 tx timeout
[  619.352203][ T5838] Bluetooth: hci4: command 0x0406 tx timeout
[  619.361235][ T5886] usb 8-1: USB disconnect, device number 27
[  619.440541][T28310] loop9: detected capacity change from 0 to 512
[  619.453998][T28310] EXT4-fs (loop9): mounting ext2 file system using the ext4 subsystem
[  619.472218][T28310] EXT4-fs error (device loop9): ext4_validate_block_bitmap:432: comm syz.9.9561: bg 0: block 104: invalid block bitmap
[  619.514189][ T5838] Bluetooth: hci0: command 0x0406 tx timeout
[  619.514200][T24790] Bluetooth: hci2: command 0x0406 tx timeout
[  619.572180][T28310] loop9: lost filesystem error report for type 5 error -117
[  619.583893][T28310] EXT4-fs error (device loop9) in ext4_mb_clear_bb:6687: Corrupt filesystem
[  619.592262][ T5838] Bluetooth: hci3: command 0x0405 tx timeout
[  619.600041][    C0] EXT4-fs (loop9): error count since last fsck: 1
[  619.600063][    C0] EXT4-fs (loop9): initial error at time 1771349120: ext4_validate_block_bitmap:432
[  619.622115][    C0] EXT4-fs (loop9): last error at time 1771349120: ext4_validate_block_bitmap:432
[  619.712484][T28310] loop9: lost filesystem error report for type 5 error -117
[  619.726079][T28310] EXT4-fs error (device loop9): ext4_free_branches:1023: inode #11: comm syz.9.9561: invalid indirect mapped block 1 (level 1)
[  619.762546][T28310] loop9: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  619.765468][T28310] EXT4-fs (loop9): 1 truncate cleaned up
[  619.792734][T28310] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  619.872168][T17153] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  620.504033][T28346] loop9: detected capacity change from 0 to 4096
[  620.518427][T28346] ntfs3(loop9): Different NTFS sector size (2048) and media sector size (512).
[  620.546150][T28346] ntfs3(loop9): RAW NTFS volume: Filesystem size 0.00 Gb > volume size 0.00 Gb. Mount in read-only.
[  620.623679][T28346] ntfs3(loop9): It is recommended to use chkdsk.
[  620.631026][T28346] ntfs3(loop9): ino=0, mi_enum_attr
[  620.647717][T28346] ntfs3(loop9): failed to read volume at offset 0x201800
[  620.679655][T28354] loop8: detected capacity change from 0 to 8
[  620.692971][T28346] ntfs3(loop9): failed to read volume at offset 0x201800
[  620.723293][T28346] ntfs3(loop9): failed to read volume at offset 0x201800
[  620.739336][T28354] SQUASHFS error: zlib decompression failed, data probably corrupt
[  620.763121][T28346] ntfs3(loop9): failed to read volume at offset 0x201800
[  620.772507][T28354] SQUASHFS error: Failed to read block 0x9b: -5
[  620.791254][T28346] ntfs3(loop9): failed to read volume at offset 0x202800
[  620.799807][T28354] SQUASHFS error: Unable to read metadata cache entry [99]
[  620.817444][T28346] ntfs3(loop9): failed to read volume at offset 0x203800
[  620.834092][T28354] SQUASHFS error: Unable to read inode 0x127
[  621.336875][T28372] loop8: detected capacity change from 0 to 128
[  621.354268][ T5838] Bluetooth: hci1: command 0x0406 tx timeout
[  621.409381][T28372] FAT-fs (loop8): error, invalid access to FAT (entry 0x0fff0000)
[  621.409703][T28376] netlink: 'syz.7.9591': attribute type 29 has an invalid length.
[  621.430360][T28376] netlink: 'syz.7.9591': attribute type 29 has an invalid length.
[  621.438987][ T5838] Bluetooth: hci4: command 0x0406 tx timeout
[  621.459622][T28372] FAT-fs (loop8): Filesystem has been set read-only
[  621.592309][ T5838] Bluetooth: hci2: command 0x0406 tx timeout
[  621.592315][T24790] Bluetooth: hci0: command 0x0406 tx timeout
[  621.669823][   T29] audit: type=1326 audit(1771349122.525:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28380 comm="syz.7.9592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f593df9bf79 code=0x7ffc0000
[  621.695785][T24790] Bluetooth: hci3: command 0x0405 tx timeout
[  621.825399][   T29] audit: type=1326 audit(1771349122.525:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28380 comm="syz.7.9592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f593df9bf79 code=0x7ffc0000
[  621.900711][   T29] audit: type=1326 audit(1771349122.525:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28380 comm="syz.7.9592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f593df9bf79 code=0x7ffc0000
[  621.993686][   T29] audit: type=1326 audit(1771349122.525:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28380 comm="syz.7.9592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f593df9bf79 code=0x7ffc0000
[  622.082404][   T29] audit: type=1326 audit(1771349122.575:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28380 comm="syz.7.9592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f593df9bf79 code=0x7ffc0000
[  622.109261][T28395] loop9: detected capacity change from 0 to 4096
[  622.126316][   T29] audit: type=1326 audit(1771349122.575:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28380 comm="syz.7.9592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f593df9bf79 code=0x7ffc0000
[  622.162081][T28395] ntfs3(loop9): Different NTFS sector size (4096) and media sector size (512).
[  622.235332][   T29] audit: type=1326 audit(1771349122.575:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28380 comm="syz.7.9592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f593df9bf79 code=0x7ffc0000
[  622.259760][T28403] loop8: detected capacity change from 0 to 256
[  622.270445][T28403] exfat: Deprecated parameter 'utf8'
[  622.333674][T28403] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0xe3908169, utbl_chksum : 0xe619d30d)
[  622.338429][   T29] audit: type=1326 audit(1771349122.575:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28380 comm="syz.7.9592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f593df9bf79 code=0x7ffc0000
[  622.397262][T28395] ntfs3(loop9): ino=1a, mi_enum_attr
[  622.402298][   T29] audit: type=1326 audit(1771349122.575:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28380 comm="syz.7.9592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f593df9bf79 code=0x7ffc0000
[  622.412693][T28395] ntfs3(loop9): Mark volume as dirty due to NTFS errors
[  622.481942][   T29] audit: type=1326 audit(1771349122.575:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28380 comm="syz.7.9592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=138 compat=0 ip=0x7f593df9bf79 code=0x7ffc0000
[  622.525278][T28395] ntfs3(loop9): ino=1a, mi_enum_attr
[  622.530621][T28395] ntfs3(loop9): Failed to initialize $Extend/$Reparse.
[  623.232120][ T5907] usb 10-1: new high-speed USB device number 34 using dummy_hcd
[  623.296697][T28435] x_tables: ip6_tables: dccp match: only valid for protocol 33
[  623.358657][T28438] netlink: 36 bytes leftover after parsing attributes in process `syz.1.9622'.
[  623.412501][ T5907] usb 10-1: Using ep0 maxpacket: 32
[  623.422418][ T5907] usb 10-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f
[  623.431820][ T5907] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  623.461336][ T5907] usb 10-1: Product: syz
[  623.480469][ T5907] usb 10-1: Manufacturer: syz
[  623.502212][ T5907] usb 10-1: SerialNumber: syz
[  623.518330][ T5907] usb 10-1: config 0 descriptor??
[  623.543547][ T5907] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state.
[  623.553790][T28411] loop8: detected capacity change from 0 to 40427
[  623.568087][T28411] F2FS-fs (loop8): Invalid log_blocksize (268), supports only 12
[  623.575476][ T5907] dvb-usb: bulk message failed: -22 (4/0)
[  623.590946][ T5907] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  623.602449][T28411] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock
[  623.608451][ T5907] dvb-usb: bulk message failed: -22 (5/0)
[  623.617331][ T5907] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  623.634497][T28411] F2FS-fs (loop8): invalid crc value
[  623.637654][ T5907] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  623.685202][ T5907] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0)
[  623.706964][ T5907] usb 10-1: media controller created
[  623.764647][ T5907] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  623.815009][ T5907] usb 10-1: selecting invalid altsetting 3
[  623.820866][ T5907] ttusb2: set interface to alts=3 failed
[  623.936591][T28411] F2FS-fs (loop8): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  623.963222][ T5907] DVB: Unable to find symbol tda10086_attach()
[  623.980149][T28411] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0
[  623.984536][ T5907] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0'
[  623.992136][T28411] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  624.578593][T28450] loop7: detected capacity change from 0 to 32768
[  624.586029][ T5907] dvb-usb: bulk message failed: -22 (4/0)
[  624.596358][ T5907] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  624.607533][ T5907] dvb-usb: bulk message failed: -22 (5/0)
[  624.607639][T28450] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.9627 (28450)
[  624.639296][ T5907] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  624.669316][ T5907] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected.
[  624.722240][T28450] BTRFS info (device loop7): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  624.722274][T28450] BTRFS info (device loop7): using crc32c checksum algorithm
[  624.780267][ T5907] usb 10-1: USB disconnect, device number 34
[  624.842525][ T5907] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected.
[  624.899634][T28474] loop8: detected capacity change from 0 to 128
[  624.926506][T28450] BTRFS info (device loop7): allowing degraded mounts
[  624.926537][T28450] BTRFS info (device loop7): enabling ssd optimizations
[  624.926557][T28450] BTRFS info (device loop7): enabling free space tree
[  624.972744][T28474] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  624.973353][T28474] hpfs: filesystem error: improperly stopped
[  624.973377][T28474] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  624.973396][T28474] hpfs: You really don't want any checks? You are crazy...
[  624.974116][T28474] hpfs: hpfs_map_sector(): read error
[  624.974133][T28474] hpfs: code page support is disabled
[  624.975516][T28474] hpfs: hpfs_map_4sectors(): unaligned read
[  624.975689][T28474] hpfs: hpfs_map_4sectors(): unaligned read
[  624.975706][T28474] hpfs: filesystem error: unable to find root dir
[  625.093465][T28452] loop3: detected capacity change from 0 to 40427
[  625.210406][   T12] BTRFS info (device loop7): cannot satisfy tickets, dumping space info
[  625.220723][   T12] BTRFS info (device loop7): space_info DATA+METADATA (sub-group id 0) has 10039296 free, is full
[  625.231867][   T12] BTRFS info (device loop7): space_info total=11534336, used=53248, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0
[  625.245856][   T12] BTRFS info (device loop7): failing ticket with 117440512 bytes
[  625.280921][T28452] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  625.323482][T28452] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  625.374886][T28452] F2FS-fs (loop3): invalid crc_offset: 33558524
[  625.445147][T11097] BTRFS info (device loop7): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  625.765209][T28452] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  625.815567][T28494] comedi comedi3: pcm3724: I/O port conflict (0x33,16)
[  625.838458][T28452] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  625.876402][T28452] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  626.307594][T28507] loop7: detected capacity change from 0 to 128
[  626.452197][T28507] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  626.512291][T28507] hpfs: filesystem error: improperly stopped
[  626.518850][T28507] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  626.552864][T28507] hpfs: You really don't want any checks? You are crazy...
[  626.560522][T28507] hpfs: hpfs_map_sector(): read error
[  626.604037][T28509] loop9: detected capacity change from 0 to 4096
[  626.606702][T28507] hpfs: code page support is disabled
[  626.636664][T28509] ntfs3(loop9): Different NTFS sector size (4096) and media sector size (512).
[  626.667704][T28507] hpfs: hpfs_map_4sectors(): unaligned read
[  626.694880][T28507] hpfs: hpfs_map_4sectors(): unaligned read
[  626.701214][T28497] loop8: detected capacity change from 0 to 32768
[  626.711950][T28509] ntfs3(loop9): ino=19, mi_enum_attr
[  626.719557][T28509] ntfs3(loop9): Mark volume as dirty due to NTFS errors
[  626.732197][T28507] hpfs: filesystem error: unable to find root dir
[  626.738553][T28509] ntfs3(loop9): Failed to initialize $Extend/$Reparse.
[  626.749805][T28497] (syz.8.9638,28497,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  626.792613][T28497] (syz.8.9638,28497,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  626.932455][T28497] JBD2: Ignoring recovery information on journal
[  627.073753][T28497] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode.
[  627.148959][T28519] use of bytesused == 0 is deprecated and will be removed in the future,
[  627.164716][T28519] use the actual size instead.
[  627.330640][T28527] netlink: 96 bytes leftover after parsing attributes in process `syz.7.9652'.
[  627.372796][T13332] ocfs2: Unmounting device (7,8) on (node local)
[  627.400909][T28527] vlan2: entered allmulticast mode
[  627.422229][T28527] gretap0: entered allmulticast mode
[  627.484779][T28531] loop3: detected capacity change from 0 to 2048
[  627.512587][T28531] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[  627.564152][T28536] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  627.598780][T28536] NILFS (loop3): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  627.610560][T28536] NILFS error (device loop3): nilfs_bmap_propagate: broken bmap (inode number=4)
[  627.680613][T28536] Remounting filesystem read-only
[  627.764560][ T5824] NILFS (loop3): disposed unprocessed dirty file(s) when stopping log writer
[  627.898651][ T5886] kernel read not supported for file /dsp (pid: 5886 comm: kworker/0:4)
[  628.115571][T28556] netlink: 'syz.7.9666': attribute type 1 has an invalid length.
[  628.150534][T28556] netlink: 96 bytes leftover after parsing attributes in process `syz.7.9666'.
[  628.172222][T28556] netlink: 1 bytes leftover after parsing attributes in process `syz.7.9666'.
[  628.390931][T28566] loop8: detected capacity change from 0 to 128
[  628.439385][   T29] kauditd_printk_skb: 5 callbacks suppressed
[  628.439404][   T29] audit: type=1800 audit(1771349129.295:387): pid=28566 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.9670" name="file1" dev="loop8" ino=1048806 res=0 errno=0
[  628.477735][T28566] syz.8.9670: attempt to access beyond end of device
[  628.477735][T28566] loop8: rw=2049, sector=132, nr_sectors = 16 limit=128
[  628.489935][T28572] ------------[ cut here ]------------
[  628.497235][T28572] old_ns_root->mnt_id_unique != 1
[  628.497268][T28572] WARNING: fs/namespace.c:3112 at vfs_open_tree+0xf35/0xfb0, CPU#0: syz.7.9674/28572
[  628.511952][T28572] Modules linked in:
[  628.516194][T28572] CPU: 0 UID: 0 PID: 28572 Comm: syz.7.9674 Not tainted syzkaller #0 PREEMPT(full) 
[  628.525104][T28566] syz.8.9670: attempt to access beyond end of device
[  628.525104][T28566] loop8: rw=8390657, sector=156, nr_sectors = 1 limit=128
[  628.525878][T28572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  628.551084][T28572] RIP: 0010:vfs_open_tree+0xf35/0xfb0
[  628.558288][T28572] Code: 35 78 ff 49 bf 00 00 00 00 00 fc ff df e9 1e fb ff ff e8 5e 35 78 ff 4d 63 ee 4c 8b 64 24 08 e9 64 ff ff ff e8 4c 35 78 ff 90 <0f> 0b 90 e9 d1 f5 ff ff e8 3e 35 78 ff 90 0f 0b 90 e9 18 f6 ff ff
[  628.560452][T28566] Buffer I/O error on dev loop8, logical block 156, lost async page write
[  628.579287][T28572] RSP: 0018:ffffc90006af7d80 EFLAGS: 00010287
[  628.579321][T28572] RAX: ffffffff824d7d44 RBX: 0000000080000291 RCX: 0000000000080000
[  628.579336][T28572] RDX: ffffc9001728a000 RSI: 0000000000000216 RDI: 0000000000000217
[  628.579354][T28572] RBP: ffffc90006af7eb0 R08: ffffffff8e5fa2eb R09: 1ffffffff1cbf45d
[  628.579367][T28572] R10: dffffc0000000000 R11: fffffbfff1cbf45e R12: ffff88802bc24a80
[  628.579383][T28572] R13: 0000000000001802 R14: ffff88805d9ac500 R15: dffffc0000000000
[  628.579396][T28572] FS:  00007f593ee796c0(0000) GS:ffff888125457000(0000) knlGS:0000000000000000
[  628.579413][T28572] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  628.579430][T28572] CR2: 0000200000000000 CR3: 0000000057d00000 CR4: 00000000003526f0
[  628.579449][T28572] Call Trace:
[  628.579457][T28572]  <TASK>
[  628.579474][T28572]  ? __pfx_vfs_open_tree+0x10/0x10
[  628.579503][T28572]  ? _raw_spin_unlock+0x28/0x50
[  628.579529][T28572]  ? alloc_fd+0x64b/0x6c0
[  628.579570][T28572]  __x64_sys_open_tree+0x96/0x110
[  628.579601][T28572]  do_syscall_64+0x14d/0xf80
[  628.579629][T28572]  ? trace_irq_disable+0x3b/0x150
[  628.579649][T28572]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  628.579669][T28572]  ? clear_bhb_loop+0x40/0x90
[  628.579691][T28572]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  628.579709][T28572] RIP: 0033:0x7f593df9bf79
[  628.579729][T28572] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  628.579746][T28572] RSP: 002b:00007f593ee79028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ac
[  628.579767][T28572] RAX: ffffffffffffffda RBX: 00007f593e215fa0 RCX: 00007f593df9bf79
[  628.579784][T28572] RDX: 0000000000001802 RSI: 0000200000000000 RDI: 0000000000000003
[  628.579799][T28572] RBP: 00007f593e0327e0 R08: 0000000000000000 R09: 0000000000000000
[  628.579812][T28572] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  628.690951][T28574] loop3: detected capacity change from 0 to 512
[  628.694088][T28572] R13: 00007f593e216038 R14: 00007f593e215fa0 R15: 00007ffd04b9aa98
[  628.694139][T28572]  </TASK>
[  628.694164][T28572] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  628.694180][T28572] CPU: 0 UID: 0 PID: 28572 Comm: syz.7.9674 Not tainted syzkaller #0 PREEMPT(full) 
[  628.694201][T28572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  628.694213][T28572] Call Trace:
[  628.694222][T28572]  <TASK>
[  628.694231][T28572]  vpanic+0x56c/0xa60
[  628.694263][T28572]  ? __pfx__printk+0x10/0x10
[  628.694284][T28572]  ? __pfx_vpanic+0x10/0x10
[  628.694311][T28572]  ? is_bpf_text_address+0x292/0x2b0
[  628.694335][T28572]  ? is_bpf_text_address+0x26/0x2b0
[  628.694363][T28572]  panic+0xc5/0xd0
[  628.694386][T28572]  ? __pfx_panic+0x10/0x10
[  628.694427][T28572]  __warn+0x315/0x4f0
[  628.694453][T28572]  ? vfs_open_tree+0xf35/0xfb0
[  628.694477][T28572]  ? vfs_open_tree+0xf35/0xfb0
[  628.694500][T28572]  __report_bug+0x29a/0x540
[  628.694531][T28572]  ? vfs_open_tree+0xf35/0xfb0
[  628.694553][T28572]  ? __pfx___report_bug+0x10/0x10
[  628.694577][T28572]  ? ida_alloc_range+0x843/0x8a0
[  628.694620][T28572]  ? __pfx_ida_alloc_range+0x10/0x10
[  628.694648][T28572]  ? vfs_open_tree+0xf35/0xfb0
[  628.694670][T28572]  report_bug+0x16a/0x220
[  628.694695][T28572]  ? vfs_open_tree+0xf35/0xfb0
[  628.694715][T28572]  ? vfs_open_tree+0xf37/0xfb0
[  628.694735][T28572]  handle_bug+0x98/0x200
[  628.694755][T28572]  exc_invalid_op+0x1a/0x50
[  628.694774][T28572]  asm_exc_invalid_op+0x1a/0x20
[  628.694796][T28572] RIP: 0010:vfs_open_tree+0xf35/0xfb0
[  628.694818][T28572] Code: 35 78 ff 49 bf 00 00 00 00 00 fc ff df e9 1e fb ff ff e8 5e 35 78 ff 4d 63 ee 4c 8b 64 24 08 e9 64 ff ff ff e8 4c 35 78 ff 90 <0f> 0b 90 e9 d1 f5 ff ff e8 3e 35 78 ff 90 0f 0b 90 e9 18 f6 ff ff
[  628.694837][T28572] RSP: 0018:ffffc90006af7d80 EFLAGS: 00010287
[  628.694856][T28572] RAX: ffffffff824d7d44 RBX: 0000000080000291 RCX: 0000000000080000
[  628.694872][T28572] RDX: ffffc9001728a000 RSI: 0000000000000216 RDI: 0000000000000217
[  628.694886][T28572] RBP: ffffc90006af7eb0 R08: ffffffff8e5fa2eb R09: 1ffffffff1cbf45d
[  628.694902][T28572] R10: dffffc0000000000 R11: fffffbfff1cbf45e R12: ffff88802bc24a80
[  628.694921][T28572] R13: 0000000000001802 R14: ffff88805d9ac500 R15: dffffc0000000000
[  628.694943][T28572]  ? vfs_open_tree+0xf34/0xfb0
[  628.694979][T28572]  ? __pfx_vfs_open_tree+0x10/0x10
[  628.695000][T28572]  ? _raw_spin_unlock+0x28/0x50
[  628.695024][T28572]  ? alloc_fd+0x64b/0x6c0
[  628.695061][T28572]  __x64_sys_open_tree+0x96/0x110
[  628.695090][T28572]  do_syscall_64+0x14d/0xf80
[  628.695123][T28572]  ? trace_irq_disable+0x3b/0x150
[  628.695141][T28572]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  628.695161][T28572]  ? clear_bhb_loop+0x40/0x90
[  628.695185][T28572]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  628.695204][T28572] RIP: 0033:0x7f593df9bf79
[  628.695224][T28572] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  628.695240][T28572] RSP: 002b:00007f593ee79028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ac
[  628.695259][T28572] RAX: ffffffffffffffda RBX: 00007f593e215fa0 RCX: 00007f593df9bf79
[  628.695275][T28572] RDX: 0000000000001802 RSI: 0000200000000000 RDI: 0000000000000003
[  628.695289][T28572] RBP: 00007f593e0327e0 R08: 0000000000000000 R09: 0000000000000000
[  628.695303][T28572] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  628.695315][T28572] R13: 00007f593e216038 R14: 00007f593e215fa0 R15: 00007ffd04b9aa98
[  628.695345][T28572]  </TASK>
[  628.699697][T28572] Kernel Offset: disabled