last executing test programs: 57m49.416685592s ago: executing program 32 (id=7): openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x20000045) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000005580)=""/102392, 0x18ff8) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=@newtaction={0x7c, 0x1e, 0x109, 0x0, 0xfffffffe, {}, [{0x68, 0x1, [@m_ct={0x64, 0xc, 0x0, 0x0, {{0x7}, {0x3c, 0x2, 0x0, 0x1, [@TCA_CT_NAT_IPV6_MAX={0x14, 0xc, @ipv4={'\x00', '\xff\xff', @multicast2}}, @TCA_CT_LABELS={0x14, 0x7, "26fe639ddda4c3d056f5543e772ffd2a"}, @TCA_CT_ZONE={0x6, 0x4, 0x81}, @TCA_CT_NAT_PORT_MAX={0x6, 0xe, 0x4e22}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1}}}}]}]}, 0x7c}, 0x1, 0x2b1e}, 0x40) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) listen(0xffffffffffffffff, 0x0) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000080)={{0x3, 0x1}}) ioctl$SNDRV_TIMER_IOCTL_START(r2, 0x54a0) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f00000083c0)={{0x3, 0x7}}) ioctl$SNDRV_TIMER_IOCTL_START(0xffffffffffffffff, 0x54a0) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) ioctl$SNDCTL_DSP_GETOSPACE(r3, 0x8010500c, &(0x7f0000000040)) sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x1c, 0x3, 0x6, 0x101, 0x0, 0x0, {0x2, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40841}, 0x4) 57m4.753161507s ago: executing program 33 (id=96): socket$inet6_tcp(0xa, 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x8031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, 0x0) syz_emit_ethernet(0x2a, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) io_uring_register$IORING_REGISTER_NAPI(0xffffffffffffffff, 0x1b, 0x0, 0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000010000/0x1000)=nil, 0x1000}, 0x5}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) prctl$PR_SET_KEEPCAPS(0x59616d61, 0x1ffffffffffffff) close(r0) 56m53.67218058s ago: executing program 34 (id=122): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$inet6_udp(0xa, 0x2, 0x0) r3 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8502, 0x0) write$sndseq(r3, &(0x7f0000001380)=[{0x6, 0x0, 0x0, 0x0, @tick, {0x5, 0x2}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @time={0x1, 0x1}, {}, {}, @result={0x12e1, 0x25e8}}, {0x10, 0xfd, 0x94, 0x2, @time={0x4, 0x7}, {0x3}, {0xfc, 0x9}, @control={0x0, 0x0, 0x5}}, {0x0, 0x10, 0xfe, 0x0, @time={0x1, 0x1}, {}, {0x0, 0x6}, @time}], 0x70) 56m50.089386528s ago: executing program 35 (id=131): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) sched_setscheduler(0x0, 0x1, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x5) syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000000280)='./bus\x00', 0x2000898, &(0x7f00000002c0), 0x1, 0x55ae, &(0x7f0000005600)="$eJzs3X9snHUdB/DnruvaFdeWMOuArGwDJFtEOjdNCCR2bNNpYTnphE3I+gNH0DmtY8NVCCtinIERijWMwQoLbn9MEYqucyiJBewqul8IJtNFBbPFNWOkOBExYTG9u+d299zaHhMpwuu1tM/zvc/z/d73njx/3PvW73MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEHwx+N3TL/t3roJ26+ru++8a85e+2D3kuMX3rq1avND20v2dTz31aNVq1qPLF1w0/2JpkfW93d3BkEs2S+W7t9w2fwrr69vuKI0HLDxc6ltZeVQT5nq+mKqMTbnwcF+uT9NQRAURwYoSm/npXfiOQNkdlfkDzisayf1tE4dP69x28qujc8uu3xL/ktnUOloT2C0pK+rgyeupdrk73jkiEw769KL5Vyiqf7RC+4deREAwFtSk0huMm9H029xM+22aD3Sro202yPt8B1Ce3bjVKTGHTvUPCdH66M0z9pUVCgZcp6Revr8Z9qJaP9IOxI13sI8cw9NR5rSoebZEqmP1jwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k0uuH5m/d49D7/8ldbf/u7h17/16sePrGq8ZaC7/qJ1ix/v2PG9vx2tWtV6ZOmCm+5PND2yvr+7Mwgqk/1iqe6xZ6ri8ZkDddseu6e3puFDC9cUpccNt2OyDg72hzsXVwRBc1blYDhsf3kQJHILyWawIb/wpeTOZ8ICAAAA7yVnJn/HM+1UHCzOaceSaTKW/BdKhcVrJ/W0Th0/r3Hbyq6Nzy67fMupj5cYYrzak46XaVee+IllBeMw/kbHO1EPD12RN87woiNG8/zpx/qnNdfdUHrl7gsWzphdv+XS4CfTD3csX3TfhBfHL9nXXpOX/yuHz//hmZP/AQAA+G/I/9FxhjdS/m+uqZh0cOp3ix67rur44fkP/Lyz7/kn4w8VD3Q//dLYcbf9cnVe/p+c85R5+T+ccZj/48Gp5X8AAAB4N/tf5//avHGGN1L+/8X+zZ//98pvTDk84187Xnj69xdvnVI+/7WyGTe8+cSCVxp2tf0pL//XFJb/x2RPO3xwVzjhZRVBUFP4SQUAAAByhP/vfuKjhTCvpz45iOb1y+4qe3LXG+tvjJ/V8o8zFvfPqv7i7tVf37ApNrChc92O5XNX5OX/2sLyf/E783IBAACAAvxm+y13V395ydYtew7N2XFnYvPYS+a+uuennVf1vXwsUfT8zX15+T9RWP4vGZ2XAwAAAJzEU+MmPnfo0UNfm7177YS9q9rmPD5t3+qFD/xz9t+veOnPxzddWJ6X/xsLy/9l6W165UOq087wrxA6KoKgdHCnJVXoC9o/mSkAAAAAb5Mwpzc1revduX7MrNfOPvzDNSuW/2rvpd++a2P1zQd+XXX7ucf2996Yl/9bhr//f3ing3D9f879//LW/2cVUnf9u8SNAQAAAHg/yl/PH94eP/XNBUN9/36h6/8/euaBko7m8ysnx7dVz3rig31Xra1+fVHHRZ/YfusbH46V//VTefm/rbD8X5S9fTu//w8AAABOwf/b9/8tzhtneCPd/79v3DPnrPnsPT+o/WbZU+e+eXfzd9oPTj9v87QzPlJ0fvecmX/4fl7+by8s/4fb07JfXk94fm6vCIKJgzvpuwluDae7LFLoKs4qpE58pEd92CNd6CrJKiS1RHp8rCIIpgzutEUKp4eF9khhoDxd2BQp7A0L6eshU3g0UugJr7R7y9PTjRZ+FhbSCyy6whUUp2WWRER6HBuqx2DhpD0OZJ4cAADgfSUMz+ksW5zbDKJRtis20gFlIx0QH+mAopEOGBM5IHrgUI8HjbmF8PEfz+1e+so1D9b1Xt1w9KzZe5bc0faBnkW9O7/wo55z/nL1Cws/nZf/NxWW/8NTMTa1GWr9fxCu/09/r2Fm/X9jWKiMFLrCQiJ6x4BE+BypsHtn+ByViXSPgYmZAgAAALynhZ8LFI3yPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sHfvcVJVd4LATzf9oJum6YgBY4ygRkR3aZomGEQcUXRXo4tNJKtjhtAIjXZoAwq4YsyKr3GV6GLUmBjZwY+jJg6r+CDqRIXoiElGJfE5Kz4HnciqS9BR45gs++m+dYqqW112IaC0+/3+0XWqfud569F17r11LgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/P/hsiX3Nrw58H9965ffW/f697409TdTD9m8y19uqHt3yDlPbT5ocN0tbw1asPCNtklnXtsyffk1G1YuDaGlq1xZUrzsoUHl5aP/cMxdt13xcNO0wVPOrcrUm4mHfp1/yjN3Loytvto/hLvLQqhIB0bUJYHKzP26WN8edSF8LmwJZEu01SYl0g2Hh2tCWBa2BLJV3VsTQl1OYMoTD666rDNxVU0I+4YQqtNtvFCdtFGTDgyrSgK16cCciiTw/uZENnBPeRKArVHV3YPxzZB90a9oyc/Q0H1lRV5/lR+3czuZ9PD6xERD8XxvHbaDO5Wj4Lls2aanrduXBttdwdtjtXdbL3i3FWznJZ623C9SmW8om7eEqkP5zLZZ0xd0zI+PlIfGxj7FatpBz/O6TefM2Jp0r3kdxg40bJfX4QO1k+ove3viwStP/uPp+85fO3Vbu/lczibNTe9o1SHzmus1z2M04dP7PNm8LYW3r539aSv4ljTUl64QwvF/+nzZM3Ne2n3jB6+eOPH2Fy6+etrCa6ZMfHbQL8b+47W73D3t8oL5f8NHz//jyznelufljq1+WJ/MzeMjdTGxsT6ZmwMAAECv0Rv2mn519KsvnfrQ3YteXH5cxXfH/eqk3eorzv5+x/G7rhz/xUuvbH98l4L5/9DSjv/HQ/51uaNdHcKErsQFA0LYrevxJPCz2J2TB4SwV1eqJT9wWCqwOoQvdCX2z1aVKtE3lhiaCvy+PhOYkAqsiYGWVODGGFiSClwYAytSgRkxsDoVODwGQnv+OA6oz4yj5EBNDLQmG3FFPAvhnfrYWmpbrctWBQAAsJ1kZoeV+XdzznXY1gxxermipqcM8QzsohmqUzWkZ7DZaVXRGip6qqG8pxqy41700cMvqLmsp5oLTsMoy8/w4ZDvlA+YuPeP7rpxxE3NL0787rtjj//Kn998d/X+//Tf7zln/nUHFMz/mz56/l/dTUfKCo7/hzC562/MXZ6JdGTjrS15GQAAAIBtcNVjS5+84YCj/s99L99355euvaF89dVf/7+vbLxg71HHDS/r+3ffXlEw/59Q2vn/cZ9In5zM4dG4G2L2gBCa8gNJtQcXBpKj3v0yAQAAAOgNssfjs8fC2zO3ySna6fl0Yf6WrcwfD/xP6Db/5Zv++tkvX/vkiQuH7bPhiv925gdlnx/7u12OXTvy8bf2HPYPDX0Lz/9vKe38/9r826QTa2IvrhwQQt+cwCOxl52BLkNj4OVD8wOZ8a+JG2BxrCpzYkK2qsWxRGsMNKUCy4qV+G22xG75gcyTlW38guw42jMlcgIAAADwiYu7A+Jx+Xj+/z2TD/jS/oNeGvPinvcufG3C0hNOrf3hPrfs+vqAjkljDpxwyBHPFMz/W7fu/P+ueXDB6f0d/UIYWRFCn/QPAx6tTRYGjIG6skzi/tqkrj7pqs6rDWF858DSVb2SWf+/Ir3G4BM1SVUxsNveP900rDNxQ00II3MDz3zz+jGdifmpQLbxb9SEMKRztOnGV/ZNGq9MN35N3xD2zAlkqzq5bwidjVWlq3qwOnMdg3RVt1WHMDAnkK3qwOoQFgYAeqn4r3Rm7oPzFp49e3pHR9sZOzAR9+HXhFntHW2NM+Z0zKwu0qeZqT7nLWN0XuGYSr3yzfOZJYqmDrl9eCnp7O8Em3LbyuzHLzhxMHM/fheq7Bpnc2Xe3dHpIQ/fp7CJkPNNqtiQy3fwkGtzK9nyJBbUH/NXhX6h74J5bWc0njV9/vwzRiV/S83enPyNh5mSbTUqva1qu+tbCS+PoqtlpXzcbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/PQx1v+6qTg118/Uljms7DnX3ipxKPolPDQkJid6WmL6k7PwJ0359/7f2WHPaWSft8fd7zBxx0l9d/pu5JzYeMvlX1//l2oL5/9yPnv/HT534yZ9Zn6HY8f+GeJg/eXzLYf7WGFhW6vH/hmJH87MnBgxNBRbFwCKH+QEAAPhsiLsj497MuFf6urp/uvvImTMOef+XJ0y5+m/Hjjv1rPX7Nlx89bFL/sP6d5asOuLtgvn/otJ+/7+d1v/PLl3/tWLL/O8fSzQVW/8/vcx/dv3/RcXW/08v859d/3/Zp7D+/4JsILVJ3rH+PwAA8Fnwya3/3+Py/ukLBBRk6HF5//QFAgoy9LiMf6kXCNjq9f/ndPxF7aDL54w7dMTcHz+yau8lA2/70vMTf73P0oNG3LvylvdG3Vow/19S2vzfwv0AAACw83jol32/ffG7w+5/6pH3jyy79Lcbbzr+r9oOOOQPA5tPmXx0zfdv+reC+f+y0ub/n/z6f6HY+f9DiwVaii0MaP0/AAAAeqli6//dPPDloavnj7jxsZ+/ectLrb+YOf61f7fkB1+ZPqzp5jXrftMwY33B/H9FafP/eNpFeV7u2JsP65M17UJ6TbuN9dmfDAAAAEDvUB4aGytLzJu3MuphH7/NdZmlQD8qnevp+watWlD+0FVl1Rt/cMm0QxrPPfbMOUdetP77tU/+pHZqY/UZBfP/1aXN//N+l/FA7aT6y96eePCHK0/+4+n7zl87dcvxfwAAAGDHKXW/BAAAAAAAAAAAAAAA8Ol7qnXpQR+MOvqNmXuN+tM3jn3hB4u/+M1H/ubaP5/588Pv26t987ApBb//D5O7yhX7/X+87l/8fcGuebljqz2v/5e5P+WYWxd2LVn4aH0I++QGZp8/+3Mhc23+/XIDq6buP7gzcX66xH0vHv5aZ2JaOnDUiF3e60yMTwVa4yKJX0gH4lUV3+ufCsTlFZ9MB+L2WJEOVGUCl/RPxlGW3lYb6pJtVZbeVs/VhTAgJ5DdVnfXJW2UpQd4VSqQHeDp6UAc4KRMoDzdq1v7Jb2KgbpY9G/6Jb0CAGCnFb8FVoZZ7R1tTfErfLzdvSL/Nspbsuy8wmrLSmz++czSZFOH3D68lHSf9HfRLdcarwzVnUMYVfB1NTdLWdcot08tPWy6XYsMuafV3sqLlEvb2k1XVXxENcmIGmfM6ZhZ2ePAR/ecpbmixyyjCiY7uVnKuzZpCbWU0JcSRlTitimhy/F+eWhs7JPKNS4GG0Kenl4Rpf5eP3edv2Kvgtw8f1tz7aV9Bvd5/9/GX/TQgwMqO06d3HbR7o/988BRM3/8wwdbr/l9wfy/obT5f3XuuN7LXAxgUbyy3sEDQmgtcUQAAADw2fc/z11+x4lz1myYtbri2d/9bnb5cSdWbj7nrnPOvui5+xcfdcm/v3lb4yvKntp04hubzvrrN37ylesePuulw2ecddekdYesb6u+8bt/sfzUIQXz/6Glzf/jHqzMoeBkb8fqeP3/CwaE0HVp/YYk8LM43JMHhLBXV6ollkguqP+1WKIpCfws7jDZP5Zobcmvqm8MrEgFfl+fCaxOBdbEQGYvxU9DZlfOFfUhjOlKTc4vMTeWaEgFjouBoalAYww0pQL9Y2BCKvBm/0ygJRX4xxgI7fnb6s7+mW0FAACwNTLzrMr8uyE9z1tR0VOGsp4y1PaUobynDNU9ZSg2inj/jpihMnXySllOpsp0rTWpWgoyxIvhb3W/CjKE3+bnTBcsaDqef5A936AsP8O4H97RetDX5v1408U/evzIAy88csmVb196dL/BVz77v9vP7dd/U23B/L+ptPl/bf5t0vqaOP/fcv2/JPBI7N6V8dTxoTHw8qH5gcyOgTVxsrs4W1VLpkRm0r44lpgQA0NTgbkxMCEVaJ2cCSwbnB/IzLSzjV+Qbbw9UyInAAAAAJ+4uIMg7qaJ8/+V48I7exz5fvPuVw6cO+7xR847YnrNrtU1/zx+7dLxl1Y/tF/fgvn/hNLm/7G9frmNXRh782r/EO4u29KbbGBEXRKI+zHq4s/j96gL4XM5OziyJdpqkxJVqYbDwzXJL9Sr0lXdW5OsMRDvT3niwVWXdSauqglh35y9L9k2XqhO2qhJB4ZVJYHadGBORRKIe36ygXvKkwBss+xewfiCypzqktXQfbkir7/PyjVB08Mr2AfaTb7ufnO1o1SnH8jsU83auqetoDp2iIK3x2rvtt74bmvwbsv9IpX5hrJ5S6g6lM9smzV9Qcf8+EjuL1kL7KDnOfdXqqWkt8PrcNHH723PqtMdaEp9fDR1X67712FZrO6B2kn1l7098eCVJ//x9H3nr51acjeKiD8UPvjWuQc8l7N5d7TqkHnN9brPkxafJ73x38BQT1sIYfkFs5584l/ef75iffN/OXDs8tvefGz5Tw56YNaIL2y45Msb33r3qIL5f0tp8/+K1G2XD+LGnDcghOE5G/fRuPknDkg+B3MCyafkwMJAcsh9fX3RT04AAADY3rK7O7L7C9ozt8kJ4el5cmH+lq3MH/dXTOg2f6n9HjjmH7536FWvf+Pr63e//NGlT637T2++csS0Qx/Y9PSKla83H/v5pwvm/60fPf/vm+qm4/+O/7ODOP7frZ19V3Tf9AOLtmlXdEF17BCO/3drZ3+3Of7fLcf/Hf/vjuP/PXD8v1s7+9NW8C1pri9dIYTWATfc/ova6cP7XXHOt2as/fnT7zSNe6Hu3KPv/B+HLw7XnLfqzwXz/7mlzf+t/9f9on3Z9f9ai63/N7fY+n+LrP8HAADsUEUWmkvP8wpW7yvIkF69ryBDjwsE9rjEoPX/tnr9v9qTzj7plfq39rpm4u3/+c7pFz5/0onP7tvn+RNuP+GmkVcPf+nLGwrm/4tKm//Hl0O/3NZ7y/p/QycXqWpJDMy1MCAAAAA7o2I7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPh0rXhw8Rc3L97noJue/fxNh//rsjWz9v7VAZtHjzm5cfjigWVX/t2/vDVowcI32iadeW3L9OXXbFi5NIT2rnJlSfGyhwaVl4/+wzF33XbFw03TBk85tzpTb2Xm9ot5uWOrH9aHsCznkbqY2FjfeWdLYMoxty6s6Ew8Wh/CPrmB2efP/lxn4sb6EPbLDayauv/gzsT56RL3vXj4a52JaenAUSN2ea8zMT4TKEt397r+SXfL0t29rH8IA3IC2e5+u39+Vdk2/mMmUJ5u4+a6pI0YqItFf1SXtBEDHbFEe98QRlaE0Cdd1a+rk6r6pKv6++qkqj7pqv5rdQjjQwgV6aperEqqqkiPfG1VUlUM7Lb3TzcN60wsqwphZG7gmW9eP6YzcXoqkG3861UhDOl8yaQbv6Myabwy3fhVlSHsGUKoSpf414qkRFW6xCsVIQzMCWQbP7UihIWBz4T44TMz98F5C8+ePb2jo+2MHZioyrRVE2a1d7Q1zpjTMbM61adiynLSm8/7+GN/ftM5Mzpvpw65fXgp6YpMucquLjdX5t0dvbP3PvarNreSLc9HQf0xf1XoF/oumNd2RuNZ0+fPP2NU8rfU7M3J3z6ZaLKtRvWWbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/22Oo13/yQ929IqeST+IDQEJCorclyvM+3Zp29g/ygi/6WzpaGaq7PqALphW5Wcq6Rrk9Bn3Yxxzxx/me0uOIRhVMHAqyNPecZXTBZGJLlpokS9f3uoLJYW5N5V2bNN4vD42NfYpth4b8u7mb961t2LzrMpuu1DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD/2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBYAAAAAECYv3UYPRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlwIAAP//WKHPZA==") sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000661000/0x3000)=nil, 0x3000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x8) syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S") r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040), 0x208e24b) mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x800080, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002240)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x7a) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x67dad000) fdatasync(r3) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="120000040000000200"/26, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) 56m43.969860775s ago: executing program 36 (id=139): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000004140)={&(0x7f0000000280)=ANY=[@ANYBLOB="9feb010818"], &(0x7f0000004080)=""/148, 0xa2, 0x94, 0x1, 0x5}, 0x28) 51m18.15671755s ago: executing program 37 (id=947): openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x400000000a882, 0x0) r2 = dup(r1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(0xffffffffffffffff, 0xc0045520, &(0x7f00000000c0)=""/92) 51m9.011071575s ago: executing program 38 (id=975): syz_open_dev$MSR(&(0x7f0000000040), 0x6471, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0]) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = fsopen(0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r4}, 0x10) open(&(0x7f0000000200)='./file0\x00', 0xc0, 0x0) setresuid(0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x10000, 0x0) r5 = syz_clone(0x200011, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r5, r5) setpgid(0x0, r5) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4100, 0x9a) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_exit\x00'}, 0x10) 46m24.70226829s ago: executing program 39 (id=1746): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20020008008f}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) socketpair$unix(0x1, 0x5, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000000)='./file1\x00') syz_open_dev$vim2m(&(0x7f00000006c0), 0x8, 0x2) unshare(0x8000600) setxattr$system_posix_acl(0x0, 0x0, 0x0, 0x24, 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) rmdir(&(0x7f0000000040)='./bus\x00') ioctl$TIOCSSOFTCAR(0xffffffffffffffff, 0x5453, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) 46m15.121544033s ago: executing program 40 (id=1762): syz_usb_connect(0x2, 0x0, 0x0, &(0x7f0000001180)={0x0, 0x0, 0x0, 0x0}) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x2, &(0x7f0000000140), 0x4) syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000040)='./file0\x00', 0x100c404, &(0x7f0000000200)={[{@dots}, {@fat=@nocase}, {@fat=@uid}, {@fat=@uid={'uid', 0x3d, 0xee00}}, {@dots}, {@nodots}, {@fat=@gid={'gid', 0x3d, 0xee00}}, {@nodots}, {@nodots}, {@dots}, {@nodots}, {@fat=@nfs_nostale_ro}, {@nodots}, {@dots}, {@nodots}, {@fat=@nfs}, {@nodots}, {@fat=@tz_utc}, {@fat=@flush}, {@fat=@fmask={'fmask', 0x3d, 0x6}}, {@nodots}, {@dots}]}, 0x1, 0x1f5, &(0x7f0000000600)="$eJzs3cFqE1EUANCbmCYTcdGdIAgjLnRV1C+oSAUxIFSy0J2gK7NqN6mb9jP8Bf/LD5CuspEncSadmKYxBDKj7Tmb3pn7Xt+7M2SSTW5SFL7f/RpZ1or2fuzHpBW70Y6ZswAArpNJSvEjFZreCwBQjzXe/3/WvCUAYMvevnv/+vlgcHCY51nE+dl4OB4Wf4v8y1eDgyf5b7vVrPPxeHjrIv80X/zsMM3vxO0y/6yYn1+kuxEx7Mbjh0V+mnvxZpD/Ob8XH7dcOwAAAAAAAAAAAAAAAAAAAAAANOV+5DNL+/vs7S3m+2W+OJrrD7TQv6cT9zrlYdUeKJ3WURQAAAAAAAAAAAAAAAAAAAD8Z45Pvnz+MBp9OqqCXkTMn+ksGXN10Cr/8VqDmw/asdn0flnmBou2yku03QL7y2/uOkF0/pW7s2mQ17BWf+XlTWkaLH8VzNpiXDm9GxGrV390uOnmJyml0bcHR8cnkVYOrp4RvVqfSAAAAAAAAAAAAAAAAAAAcHPNfev7kqyJDQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAA6rf/58Gl8+sDE4j4k78dfBsrZ3IGq0VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA6+tXAAAA//85ziI4") syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000040)='./bus\x00', 0x2029c1b, 0x0, 0x1, 0x0, &(0x7f00000000c0)) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x10, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000100000000000000"], &(0x7f0000000100)='GPL\x00', 0xb, 0x0, 0x0, 0x0, 0x63, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3fffffc}, 0x94) r0 = epoll_create(0x3ff) r1 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000240)={0xa0000000}) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f0000000280)={0x2000000}) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f0000000000)={0x20000001}) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x0, &(0x7f0000000000), 0x0) mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0) open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x113602) 44m7.3908328s ago: executing program 41 (id=2081): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="9feb0100180000000000000034000000340000000c0000000400000001000084020300000000000003000000000000000000000000000001050000002000"/71], 0x0, 0x58}, 0x28) 44m4.321209188s ago: executing program 42 (id=2090): syz_mount_image$cramfs(&(0x7f0000000440), &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f0000000080)=ANY=[], 0xfc, 0x15e, &(0x7f0000000480)="$eJzs0U1rE0Ecx/Hv7E4ewIQoRggeTG5Gg5AH9CYhKwYDxgVFEE+BuKKQEDGgPTb02kOg1xz6cC19C0nbQ2lJLn0VveRW6HHL7CYs7Wv4f27zm+H3n519/3ZRVETeDfp//nrDofej8NltN79cTacNk8eB5J398PysAb/QzDQsR2Di0zT8/N3zrO6gZ9bLBiQA58Eqp59Zz3OympGGCr69zk4SwTlrNTLMnsA3el6NWLB+qsHJhH1lYL4Hz/FxHoVZBbgGbFDKXN5PhEWtUv6xgo1J6ejw4tP8vPXqZd3brjbHL1I5uwTs46jkmRU9yWLe/ui23UWtWn2TLFcsXl+aQjbH6A+pf/BdgTZ9FkFfnNwz/RW2FOwEs5bHKm0+YvfG7Yf3qJuC/3YBVH7S7eRiB53sQwu7qM2uzz3mFwU70YsIIYQQQgghhBBCCCGEEEIIIYQQkdsAAAD//7ILTbU=") socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1404200bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, 0x0, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x8994, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000080)='./bus\x00', 0x3000001, 0x0, 0x0, 0x0, 0x0) 43m56.970828849s ago: executing program 43 (id=2100): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) prctl$PR_GET_TID_ADDRESS(0x28, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x400c0c1) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r3, &(0x7f0000005400)=[{{&(0x7f0000000040)={0xa, 0x4e27, 0xfff, @remote, 0x2}, 0x1c, 0x0}}], 0x40000000000016d, 0x1000) 43m37.168125198s ago: executing program 44 (id=2123): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x403, 0x6030, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x2}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x22, 0x2, {[@main=@item_012={0x1, 0x0, 0x7, "a4"}]}}, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000940)={0x84, &(0x7f00000004c0)={0x0, 0x14, 0xd, "5e6424818327b2369deca65eb2"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000880)={0x84, &(0x7f00000003c0)=ANY=[@ANYBLOB='\x00\x00M'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 43m24.203441497s ago: executing program 8 (id=2157): r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0xd) io_setup(0x41, &(0x7f0000004200)=0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') io_submit(r1, 0x0, 0x0) 43m23.199680586s ago: executing program 8 (id=2159): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00') r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001c0000000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r1}, 0x10) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) renameat(r0, &(0x7f0000000080)='./mnt\x00', r0, &(0x7f0000000100)='./mnt\x00') 43m22.99545021s ago: executing program 8 (id=2160): openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r2}, 0x0, &(0x7f0000000880)=r3}, 0x20) r4 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r3, r5, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x4e, &(0x7f0000000800)=ANY=[], 0x0) 43m22.703965935s ago: executing program 8 (id=2161): syz_mount_image$minix(&(0x7f0000000100), &(0x7f0000000180)='./file2\x00', 0x4000, &(0x7f0000001f00)=ANY=[], 0x1, 0x210, &(0x7f0000000700)="$eJzs28tOE1Ecx/Hf9EZFI17iJa5MTIwbqQIJ6Up5ADcuTVyQWkjjoEbcQEiUl3Dv1pWPQKLv4QvAwp0rjjkzp2nHDp0LM0yg309C50/n/M6cAc6h04sAzKznwa0nT+2gMsZ8vi/p1QtJjYoHB6BUxm2PDYDZU8899V8P1xAA59LRWl1SWwee9PvPXu/QfbVTPn44WquFhScdjuUvpc3ve8H2XiOan5d0eaL15AWJ+RbmH2qYtyPf613JePx5RY+va2nz4fk/eqCmxvJXJS1IQTfXJd2QdFOas21vSapFjt9y343yd8M79lOeBgAAAAAAU9mrz8XT5hM7qEt6ErvHXgdvDPx+/N5kTZd/mjPfcvmlaY1Mcn55/M7aSa29UdkMN3Muv9h777/JMG6gCLVs83/iaUH7F32Q0MGJ08GtDNH530w/GveM4Mbga6YMgND2zu7bdd/vfyyyeDatjZS1Q7siFDzC+OK7LfQ3fGWk5GPlKeximzc+fEGm6IF9UXIbk6LNRSoaxf6cf8r7f542IpPoh/vdZuj5ZdyuliLzNKJ+xgsTgNJ1Pm196Gzv7D4ebK1v9jf771ZWu93VleWlbid4WG5vzULVowRQhtF//5idad/EAwAAAAAAAAAAAAAAKnVb0p2g+nWcIcY7AwAAAIBz6Cw+FFX1OQIAAAAAAAAAAAAAcNH9CwAA///UBDZV") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x1d4) getdents64(r0, 0xfffffffffffffffe, 0xffffffffffffff15) 43m22.213051015s ago: executing program 8 (id=2164): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000380)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58) r3 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0xb423, 0x400, 0x5, 0x199}, &(0x7f0000000340)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x3, r2, 0x0, 0x0, 0x0, 0x80800}) readv(0xffffffffffffffff, &(0x7f0000004900), 0x0) r6 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002540)='./file0\x00', 0x0, 0x0, 0x0) write$FUSE_INIT(r6, &(0x7f00000004c0)={0x50, 0x0, 0x0, {0x7, 0x9}}, 0x50) io_uring_enter(r3, 0x3516, 0x3e44, 0x8, 0x0, 0x0) 43m21.234898634s ago: executing program 8 (id=2170): openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r2}, &(0x7f0000000840), 0x0}, 0x20) r4 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r3, r5, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x4e, &(0x7f0000000800)=ANY=[], 0x0) 43m20.750463023s ago: executing program 45 (id=2170): openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r2}, &(0x7f0000000840), 0x0}, 0x20) r4 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r3, r5, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x4e, &(0x7f0000000800)=ANY=[], 0x0) 42m39.724407819s ago: executing program 1 (id=2325): openat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x440040, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1500000000"], 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = syz_io_uring_setup(0x5c2, &(0x7f0000000280)={0x0, 0x0, 0x3080, 0x8003, 0x25f}, &(0x7f0000000240)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x68, 0x3, r1, 0x0, 0x0, 0x0, 0x1, 0x1, {0x2}}) close(0xffffffffffffffff) syz_open_procfs(0xffffffffffffffff, 0x0) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x80100) ioctl$DRM_IOCTL_MODE_SETGAMMA(r5, 0xc02064a5, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r4, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r6, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r4, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r6, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r4, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r7, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x334e8b}) ioctl$IOMMU_IOAS_UNMAP$ALL(r4, 0x3b86, &(0x7f0000000240)={0x18, r6}) syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000440)='./file0\x00', 0x1000a05, &(0x7f0000001740)=ANY=[@ANYBLOB="66696c657365743d3030303030303030303030313032352c726f6f746469723d30303030303030303030303030303030303030332c706172746974696f6e3d30303030303030303030303030303030303030302c6769643d69676e6f7265006e6f6164696e6963622cde6661736b3d30303030303030303030303030303030303030343732302c62733d30303230303030303030303230303030303030362c6769643d69676e6f72652c12e7090021b0d36853f83b3237931f7bf54d593a4b0e2a94b2208a0318c4095a29b12750ca47c7a60cd523accdee2710fd9dc6171d154f9426ce2b8e251b", @ANYRESHEX, @ANYRES32], 0x2, 0xc44, &(0x7f0000000740)="$eJzs3V9sneddB/Df89rOsVNGvHVkLaxwCtJIvaakSVZnDSon1DVMSlNrjnc3ySe2E47q2JbtsLQa4HHDBReTEOJiV5agQhpiqiiauDRQpO2mF2hXXFmgVhPiwqBJk5AqT+97npMcO07jxbHjtJ/P5nzfP8/znuf94/d1LT/vEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxO++cuHU8+lhtwIAOEiXxr966rTnPwB8olz23/8AAAAAAAAAAAAAAHDYpSji8UixcGkjTVbzbf0XW3M3bk6MjO5cbSBVNXuq8uVX//Onz5z90gvD5zr50fUftCfjtfHLF+ovz19fWJxZWpqZrk/Mtabmp4tdb2Hn+jP33aKh8gDUIuLG9NWrS/XTz53Zsvrm4Ae1x44Pnh9+5uRT7bI36xMjo6PjXWV6++770+9wtx4eR6KIk5Hi2e/9ODUjojpgezwW97h29ttAtRND1U5MjIxWOzLbas4tlyvHOgeiiKh3VWp0jtEBnIs9aUSslM0vGzxU7t74QnOxeWV2pj7WXFxuLbfm58ZSu7Xl/tSjiHMpYjUi1mt3bq4viuiNFN85tpGuRERP5zh8seoYfPd27P47a1+U7az3RawWj8A5O8RqUcSrkeIn756IqfKY5a/4QsSrZX4/4q0yX4pI5YVxNuL9Ha4jHk29UcSfl+f//Eaaru4HnfvKxa/VvzJ3db6rbOe+srfnw2a+eg78+TCwLQ/GIb839UcRzeqOv5Hu/4cdAAAAAAAAAAAAAAAAAB60gSjiyUjxyr//YdWvOKp+6cfOD//e4Kdu9RlPEU/cYzsp/j+ei4iVYnd9co/kLsRjaSylh9yX+JOsP4r4o9z/71sPuzEAAAAAAAAAAAAAAAAAAACfaEX8KFK8+N6JtBrdY4q35q7VLzevzLZHhe2M/dsZM31zc3OzntrZyDmZcyXnas61nOs5o8j1czZyTuZcyblaRNQiYi3Pr+eMnlw/ZyPnZM6VnKs513Ku54zeXD9nI+dkzpWcqznXcq7njEMydi8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMdJEUV8GCm+/Y2NFCkiGhGT0c612sNuHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQqqUi3okU9d9v3FrWGxGp+n/bifKfs9E4UuZnojFc5kvRuJCzWWVv41sPof3sTV8q4oeRotb/9q0T/qn2+e9rz926DOKtb96e++XedvZ0Vg5+UHvs+LHzw6O/+sTdptNODRi62Jq7cbM+MTI6Ot61uDd/+me6lg3mzy0ezK4TEUtvvPl6c3Z2ZvH+J8pLYA/VH9bEwIPY94OdOPIoHufDMLGZr/aft3r0HoLGP6SJh3xj4kCUz//3I8VvvfcfnQd+5+e/X2jP3XrCx0//+Pbz/8XtG9qn5//jXctezD+N9PVG9C9fX+g7HtG/9MabJ1vXm9dmrs3MnT116svDw18+c6rvSET/1davRUR7anbm1J4PFQAAAAAAAAAAAAAAAMDBSkX8TqRo/nAj1SPiZtVfa/D88DMnn+qJnqq/1ZZ+W6+NX75Qf3n++sLizNLSzHR9Yq41NT89s9uP66+6e02MjO7LztzTwD63f6D/5fmFNxZb1/5gecf1R/svXFlaXmxO7bw6BqKIaHQvGaoaPDEyWjV6ttWcq6qO7diZ7ufXl4r4z0gxdbaens7Lcv+/7T38t/T/X9m+oX3q//fprmXlZ6ZUxE8jxW/+xRPxdNXOo3HHMcvl/iZSDJ37fC4XR8pynTa03yvQ7hlYlv3fSPEPH24t2+kP+fjtss/v+sA+IsrzfyxSvPNn341fz8t6t7z/Yefzf3T7hnZ5/jf/ZFu9e5z/z3YtO7rlfQUPZv8/6crzfzJSvPT42/EbeVnvR7z/o/PujRO58K33c+zT9/9mV6XB6nO9/QMAAAAAAAAAACDy33/9baR4arQ3vZCX7ebv/6a3b2if/v7rc13Lph/MeEX3nAhDTAEAAADwMdGXivhRpLi2/PatPtRb+3939f/87du/GBtJ29ZWv+f7xeq9AQ/y93/dBvPnTu59twEAAAAAAAAAAAAAAAAAAOBQSamIF/J46pM7jKc+ELFU5HJrkeKV/342l0vHy3KdceAHq3/7L83PnbwwOzs/1VxuXpmdqY8vNKdmyrqfjRQbf/35XLeoxld/eltbOmOxL0aK0b/rlG2Pxd4Zm7w9Hnh7LPay7KcjxX/9/daynXGsf+l22dNl2b+KFF//p53LHr9d9kxZ9ruR4gdfr3fKHi3Ldt6P+rnbZZ+bmveqUAAAAAAAAAAAAAAAAAAAAPauLxXxp5Hif66v3urLn8f/7+uarbz1za7x/re5WY3zP1iN/3+36fsZ/3/wzhofbrZFbB67z70GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDDLUURb0aKhUsbaa1Wzrf1X2zN3bg5MTK6c7WBVNXsqcqXX/3Pnz5z9ksvDJ/r5EfXf9CejNfGL1+ovzx/fWFxZmlpZro+Mdeamp+e2fUW9lp/u6HqANSvv35j+urVpfrp585sWX1z8IPaY8cHzw8/c/KpTtmJkdHR8a4yvX33/el3SHdZfiSK+MtI8ez3fpz+uRZRxN6PxT2unf02UO3EULUTEyOj1Y7Mtppzy+XKsc6BKCLqXZUanWN0AOdiTxoRK2XzywYPlbs3vtBcbF6ZnamPNReXW8ut+bmx1G5tuT/1KOJciliNiPXanZvriyJejxTfObaR/qUW0dM5Dl+8NP7VU6fv3o5iH/dxF8p21vsiVotH4JwdYrUo4h8jxU/ePRH/WovojfZXfCHi1TK/H/FWtM93Ki+MsxHv73Ad8WjqjSL+rzz/5zfSu7XyftC5r1z8Wv0ry+90l+3cVx7558NBOuT3pv4o4gfVHX8j/ZvvawAAAAAAAAAAAAAAAIBDpIhfiRQvvnciVf2DO52iF1tz1+qXm1dm2936On3/Oqs3Nzc366mdjdReMpnnV3Ku5lzLuZ4zilw/Z6PM/s3NyTy/knM151rO9ZzRk+vnbOSczLmSczXnWs71nNGb6+ds5JzMuZJzNedazvWccUj67gEAAAAAAAAAAAAAAAAAAB8vRfW/FN/+xkbarLXHl56Mdq4ZD/Rj72cBAAD//z1c9n4=") 42m37.977716532s ago: executing program 1 (id=2329): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000480)="5c00000012006bab9a3fe3d86e17aa0b046b876c1d0048380019001931a0e69ee517d34460bc06000000a701251e6182949a3651f60a84c9f4d4938037e70e4509c51c268811000000000000000000002571cd53b9851b30599980bc", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000140)=""/175, 0xaf}, {&(0x7f0000003940)=""/4058, 0xfda}, {&(0x7f0000002940)=""/4093, 0xffd}, {&(0x7f00000007c0)=""/148, 0x94}, {&(0x7f0000000200)=""/199, 0xc7}], 0x5}, 0x10100) 42m36.692017087s ago: executing program 1 (id=2330): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = gettid() r3 = socket$xdp(0x2c, 0x3, 0x0) mmap$xdp(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0, 0x11, r3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[], &(0x7f0000001f80)=""/226, 0x26, 0xe2, 0x2}, 0x28) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, 0x0, 0x0) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @none}, 0xe) listen(r4, 0x1) accept4$bt_l2cap(r4, 0x0, 0x0, 0x800) 42m34.785039753s ago: executing program 6 (id=2338): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x40980, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r1, 0x400455c8, 0x4) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000040)=0x32) 42m32.028051876s ago: executing program 1 (id=2345): syz_mount_image$minix(&(0x7f0000000100), &(0x7f0000000180)='./file2\x00', 0x4000, &(0x7f0000001f00)=ANY=[], 0x1, 0x210, &(0x7f0000000700)="$eJzs28tOE1Ecx/Hf9EZFI17iJa5MTIwbqQIJ6Up5ADcuTVyQWkjjoEbcQEiUl3Dv1pWPQKLv4QvAwp0rjjkzp2nHDp0LM0yg309C50/n/M6cAc6h04sAzKznwa0nT+2gMsZ8vi/p1QtJjYoHB6BUxm2PDYDZU8899V8P1xAA59LRWl1SWwee9PvPXu/QfbVTPn44WquFhScdjuUvpc3ve8H2XiOan5d0eaL15AWJ+RbmH2qYtyPf613JePx5RY+va2nz4fk/eqCmxvJXJS1IQTfXJd2QdFOas21vSapFjt9y343yd8M79lOeBgAAAAAAU9mrz8XT5hM7qEt6ErvHXgdvDPx+/N5kTZd/mjPfcvmlaY1Mcn55/M7aSa29UdkMN3Muv9h777/JMG6gCLVs83/iaUH7F32Q0MGJ08GtDNH530w/GveM4Mbga6YMgND2zu7bdd/vfyyyeDatjZS1Q7siFDzC+OK7LfQ3fGWk5GPlKeximzc+fEGm6IF9UXIbk6LNRSoaxf6cf8r7f542IpPoh/vdZuj5ZdyuliLzNKJ+xgsTgNJ1Pm196Gzv7D4ebK1v9jf771ZWu93VleWlbid4WG5vzULVowRQhtF//5idad/EAwAAAAAAAAAAAAAAKnVb0p2g+nWcIcY7AwAAAIBz6Cw+FFX1OQIAAAAAAAAAAAAAcNH9CwAA///UBDZV") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x1d4) getdents64(r0, 0xfffffffffffffffe, 0xffffffffffffff15) 42m31.674794293s ago: executing program 1 (id=2347): syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000180)='./file0\x00', 0x22184ca, &(0x7f0000000240)=ANY=[@ANYRES8=0x0, @ANYBLOB="1e71d75b729031132d8bbcd018061223f92f48f3de97f4a8e6ba367ded242d8e3e5604989a6b71fdebf0e858626956b0116c59d7b8c782ca1b44576d7bbe6945580099c28e562a8f27eaec69b123f1fa4550546c673ab3b90791788392aab31fd84aa909c76c35cfee"], 0x1, 0x4b1, &(0x7f0000001d00)="$eJzs201sVNUbx/HfM3c6TIf+/5YXCxgCTTSxgkBfsEBqYnix0YQXLVQj8SWVTrHSdkinKCUgLNWdC5Yu3bpwZdwaEpfGhcEYFibIxs2sxB3m3LlvM5TOjG1nKP1+CJx7zzx3OOc8c+ecM5kRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQjrx6uLfPWt0KAADQTCdPj/QOMP8DALCmnGH/DwAAsJaYPP0u054LJTvhn5dlj0/OXLo8emx44cvaTaaUPD/e/c329Q/sf2nwwMGwXPz65bZNp06fOdx9tDB9cTZfLObHu0dnJs8VxvN1P8NSr6+2yx+A7ukLl8YnJord/XsHKh6+3Hlv3fquzqHB945mwtjRY8PDpxMx6bb//L8/5FEr/Iw8vSDTx99/ayclpbT0sajx2llp7X4ndvmdGD027HdkanJsZs49aKkgKlU5JplwjJqQiyVJSa5dllmePVubPP0g05F9JTslyQvHYbf/wXBd7WmFtNu6SurRKsjZY2ydPH0g0619nXojGFc//xnpaqsbhxWXDu7/gpXsTf/9wN1P7m3z+Fvdr89MFBKxlgruqNU+PzTTY/7elJWnU/4dX7IR7Wx1c9Bk7fI0LVPmq0/8dYX8delTQwd27DyUXGFsqfE8LnZvcHPVMye3BUsHS7k/y98v1Cdrnv6U6f5vWf+8J5wDpBsPFrvwj6Y0DyvNPE3J9M+1klnVvtRL7O8jq33uX9n2t2ePFi7Oz06e/2huwcdz2cMfFudmx84t/HB57+ola2rtY6ulGtuS5ay84/v801J0XbAH+F/5LG7NN1fj10JPVRlKvn7qOa57F9vAOsq1yczTXZkm3t9anmeUa3hs1gKX/2GZiqWfLcx0kP90+SyR/5fj8ctaZRnxc/v/8uda4Vpi29nNj6pfify7Nrn8vyPTkb+3Bp9plPPvVcW6uC6Z3r25PYhLZVxcOuxO+RknJqfyvS72gUwbfwpj5cfmgthNcWyfiy3K9MWtytj1QezmOLbfxd6W6c6vC8c+HccOuNh5l6873WFszsXuCGK74ti95wpT47WG1eW/X6a3r79mYZ8fmf/E/X+jqow8lPPFj5cr/52JuhtBXs8G+U/XyP+XMs3/tT3stz/24ctqg/9vnH+3Vv7uZmVsuKHcGMf21dutVnP53yDTvVduR30O+hacxhlK5v+ZdGUZjWuL8r8hUdcZtCvT4FisRcX5KxfGpqbysxxwwAEH0UGr35nQDG7+H3Gz+qBn4TommP87ymfxiun+Z/H8P1RVRlo0/29M1A0Fq5a2tJSdm77YtkXKFuev7JmcHjufP5+fGdg/2Nt/aH/vwMG2TLi4i4/qHrsngcv/bpmu/fhLtI+pXP8tvP7PVZWRFuV/U7JPFeuauodiTXL575Bp8O7taL+52Po/3P/3PFtZRvdfi/K/OVHXGbSro8GxAAAAAAAAAAAAAAAAAIDVJGeenpPp8siLFv6GqJ7v/41XlZHl//5X+YfJNb7/1ZWoG2/S7xoaGmgAAAAAAAAAAIAmScnT1zI9r5JddxUd0olkiSfavwEAAP//G6xIAA==") truncate(&(0x7f0000000200)='./file1\x00', 0x20fffffffc) 42m31.605864784s ago: executing program 6 (id=2349): socket$nl_generic(0x10, 0x3, 0x10) bind$packet(0xffffffffffffffff, &(0x7f00000001c0)={0x11, 0x5, 0x0, 0x1, 0x0, 0x6, @random="c98fb68a85d8"}, 0x14) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000640)='./file1\x00', 0x1008000, &(0x7f0000000040)=ANY=[], 0x1, 0x5e7, &(0x7f0000000680)="$eJzs3cFvHFcdB/DvbBxnHaTUcZM2oEpYRaoQFsl6LZGUC1AKslCFKnHgbBEnsbJJK3uL3B4gIA4Vp/4JRcj/AOJYpBxoDxzg1LNRj0jcfdtqZmfX62TrJrab3TSfjzT73ps38/b3fjM7mVkr2gDPrNWlzNxPkdWlN7bL9u7OSmd3Z+XOoJ7kTJJG0kxSlKv/nuSz5F76S7456BgpH/LpR82bn3zw8fv9VjlWs5jpb18ctt+jGcYy34+1Kk9qvPaxxzs4w4Uki8eLD05Gb+C/Y7uP+bkEAKZZkZwat34+OVvfsJfPAf274v499lPt3qQDAAAAgCfgub3sZTvnJh0HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPE3q3/8v6qUxqC+mGPz+/2y9LnX9qXZ/0gEAAAAAAAAAwAn49l72sp1zg3avqP7m/3LVuFC9fiPvZCvr2czlbGct3XSzmeUk8yMDzW6vdbuby4+wZ3vsnu0nM18AAAAAAAAA+Jr6Y1b3//4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADToEhO9YtquTCoz6cxk6SZZLbc7l7yn0H9aXZ/0gEAAADAE/DcXvaynXODdq+onvlfqJ77m3knd9PNRrrpZD3Xq+8C+k/9jd2dlc7uzsqdcnl43J/8/7HCqEZM/7uH8e98qdpiLjeyUa25nN/krXRyPY1qz9KlQTzj4/pDGVPxo9ojRna9LsuZ/6Iup8N8lZHTw4y06tjKbJw/PBOPeXQefKflNIbf/Fz4CnJ+ti7L+bw+1Tlvj5x9LxyeiWTh13++eqtz9/atG1tL0zOlI3owEysjmXjxmcpEq8rExWF7NT/Pr7KUxbyZzWzkt1lLN+tZzOtVba0+n8vX+cMz9eMDrTe/LJLZ+rj0r6KPF9PL1b7nspFf5q1cr45oK1dzNe38IK+mdeAIXxwb9+97dfder9dL4/E+9d/5bl05neRndTkdyryeH8nr6DV3vuobXbOfpYWTvzbOfKuulGfPa1N3bTz/wL8Sg0w8f3gm/lKdOFudu7c3b629/Yjv90pdlhn46TATM/Xa3qkTmdSRlOfLwjCWg2dH2ff82L7lqu/CsK/xUN/FYd+XfVJn63u4h0dqV30vju3r73dppG/c/RYAU+/s987Ozv1v7t9zH879ae7W3BvN185cO/PSbE7/8/QPZ1qnXmm8VPwtH+Z3+8//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA0W29+97ttU5nffPIlcEvER13HBUVlempTPrKBHzVrnTvvH1l6933vr9xZ+3m+s31u6+2rl1bXl6+2rpyY6OzXr9OOkoA4CTt3/RPOhIAAAAAAAAAAAAAAOCLPIn/TjzpOQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF9vq0uZuZ8iy63LrbK9u7PSKZdBfX/LZpKirPwjyWfJvfSXzI8MV3zR+3z6UfPmJx98/P7+WM1q+3+1T2IWB2JpPBDTccdrj4z31yMNVwwzs5hkoS5h4j4PAAD//6LKBsA=") creat(0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f0000000200)='./file0\x00', 0x12, &(0x7f00000000c0)=ANY=[@ANYRES64=0x0], 0x5, 0xa5a, &(0x7f0000000a80)="$eJzs3U1sHFcBAOA3a6/z22ZTHGrS0CYU2vJTu3FM+ImAVM2FqKm4Vaq4RElaIpyASCVI1UOSEzdaVeHK76mX8qNK5IKinrhUopG49FQ4cCAKUiUO0JC48vq99e7zbmbt2J6s9/uk2bdv3tt9b3ZnZmdn5r0XgKFVaz7OzEwUIVy+8saRfz32zy0hXBlfzNFoPo62xeohhCLGR7P3+2BkIbz14asnuoVFmG4+pnh47kbrtdtCCBfC3nA1NMLuy9def3f62WMXj17a996bh66vzdIDAMBw+c7VQzO7/v7Xh3Z+9NbDh8Om1vx0fN6I8e3xuP9wPPBPx/+10Bkv2qZ2Y1m+0TjVsnwjXfK1l1PP8o32KH8se996j3ybSsofaZvXbblhkKX1uBGK2mRHvFabnFz4Tx6a/+vHismzp2dfPFdRRYFV959HQgh7Taahny42N4jq67Gu09yOqvdAAAvy64VLXMjPLNyd1ruN9lf+jadr3V8Pq2C913/lD1b5v71oj8Pq2ahrU1qutB1tj/G26whnQpf7l/Ltby5/42z7T++XX4+o91nPXtcRBuX6Qq96jqxzPVaqV/3z9WKj+kYM0+fwzSy9ffvJv9NB+Y6B7v7r/L/JNLTTkuPbO8jvlQE2tvy+ubkopef39eXpm0rSN5ekbylJ39qRa2n6tpLXwzD748s/C68Vi//z8//0yz0fns6z3RfD+5dZn/x85HLLH7tDbD3Kd4zEIPnT8edPffXkC9cW7v8vWuv/7bi+743xRtyarsYM6Xxhfl69de9/o7OcWo98D2T1ua9L/ubz8c58xfji+4S2/cySekx0vm5Hr3x7OvM1snxb4rQ5q29+fLI1e106/kj71fR5jWbLW8+WYyyrR9qv7IxhXg9YibQ+9rr/P62fE6FevHh69tRTMZ7W07+M1DfNz99fXtTvVrvuwN3pt/3PROhs/7O9Nb9ea98v7FicX7TvFxrZ/Oke8w/EePqd+97Ilub8yRM/mD252gsPQ+7c+Ve+f3x29tSPPPHEE09aT6reMwFrberlMz+cOnf+lSdPnzn+0qmXTp09cPDggenpg187MDPVPK6faj+6BzaSxR/9qmsCAAAAAAAAAAAA9OvHR49c+9s7X3l/of3/Yvu/1P4/3fmb2v//tFho615rmx+6jAOY2gHu7JLezJN1sDqW5avH6RNZfcezcnZlr/tkDFvj+MX2/6m4vF/XVJ8Hs/l5/70pX9adwJL+UsayXkfy8QI/E8NLMfx1gAoVW7rPjmFZ/9ZpXU/9UyyjX4ruBVOJ9L2lLyX1Y5Laf/fq1ynt/3euQx1ZfevRnLDqZQS6+/cQ9//dPHZZw/f/zf3VL+Pm3mmbqq6bqfppbs4oHsC9oerxP9N5zxSe/fO3N89PKduNpzv3l3n/pXA37vXxJ5W/scb/bI1/19f+7+bS0RMaKyv3f7+4/n5bsWF3v/vffPlTP9DjeQl3PhP90Xz5NxcX5fHQX/lzv8rKzy8I9elmXP70+W/ts/wly7+nrKTzb3eb+/9YfvrYnni03/IXalzUOuuRnzdO1//y88bJrWz5T650+Vc4UOPtWD4Ms0EZZ3a5+hj/t6ls/N8lVnn8317y+zC+HONpR5juc8hHOFlm/VuR9DuwK3v/ouT3zfi/g+3rMSzbHtL4v2l9bHSJ19ri9S6f7Ubd18Cg+uDevf63+ENVfV1M/X5f1dfDtIxpbm5ubU9olai0cCr//Kv+n1B1+VV//mXy8X/zY/h8/N88PR//N0/Px//N0/Px9fL0rVl6/nnm4//m6Q9m75uPDzyR/cHO0z9V8vrdJekPlaTvKUn/dEn6vpL0h0vSHylJf6Ak/dGS9M+WpH+uJP2xkvQnStI/X5K+0aX2KMO6/DDM8vZ5tn8YHql9ba/tf7wkHRhcP39r/zMv/OG7jYX2/2Ot8yHpOt7hGK/H/84/ifH8undoi8+nvRPj/8jS7/XzHTBM8v4z8t/3x0vSgcGV7vOyfcMQKrq3k+i336pex/kMli/E8Isx/FIMn4zhZAynYrg/htPrVD/WxjO/f/vQa8Xi//0dWXq/95Pn7YHyfqIO9Fmf/PzAcu/Hz/vxW667LX+FzcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqU2s+zsxMFCFcvvLGkeePnZ6an/OtVo5G83G0LVZvvS6Ep2I4EsNfxie3Pnz1RHt4O4ZFmA5FKFrzw3M3WiVtCyFcCHvD1dAIuy9fe/3d6WePXTx6ad97bx66vnafAAAAAGx8HwcAAP//V88c0Q==") ftruncate(0xffffffffffffffff, 0x2007ffa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0xffffffffffffff5b, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) stat(&(0x7f0000000100)='./file1\x00', 0x0) 42m29.862766507s ago: executing program 6 (id=2350): syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000100)='./file1\x00', 0x800000, &(0x7f0000000500)=ANY=[@ANYBLOB="73686f72746e616d653d6d697865642c696f636861727365743d63703737352c6e6f6e756d7461696c3d302c73686f72746e616d653d77696e39352c636f6465706167653d3836352c756e695f786c6174653d312c616c6c6f775f7574696d653d30303030303030303030303030303030303137373737372c756e695f786c6174653d302c756e695f786c6174653d312c757466383d302c756e695f786c6174653d302c757466383d302c00ac7ec7f87a334bf8c59519a5181378170070d9cec9b016cc536e1a1819bcaeb51811ba62d3c625634b980d526d9cc9494956fef4ee18fae68fabac9b572b2383b6bff31f14e377aab4efd2e58c86b3cb9499a62606bc33cda1781657d2fbe0f0618eb7ac0e78cfcfe592438531d1f864819e111a726e2bacf3ccc64c81d82686086bc3a7b2ef4b70da15dbd219249a4d57b7e6065ab38b063e04180fbc6a0516094bc39cd27819576e31"], 0x25, 0x34c, &(0x7f0000001740)="$eJzs3T9oJGUUAPC3mU12EziTQji0Wu0EOS4RC21MOE44TKEni/8aFy7nn+wqZHEhFtlLo1gqNoJWdldoebVYiNhZ2HqCnIqN1x3c4cjuTHY3mcn9EbOn3u9XhJf3fW++byZDdhKSt6+uxua52Th/9eqVqNcrUV09tRrXKrEUM5FE5kIAAP8n19I0/kgzw8RTN5v90ULMZtHcVHYHAByF4ev/a8fGidrd3A0AMA2Fn//LPVuaffvItgUAHKHC6//D+4YP/Jq/OvqbAADgv+v5l15+Zm094myjUY/ovN9r9prx5Hh87Xy8Ee3YiJOxGDcisgeF7Glh8PHpM+unTzYGflmK5qCi14zo9HvN7ElhLRnW12I5FmMpr09H9cmgfnlY34iIC/3h+tGp9JqzsZCv/+NCbMRKLMb9hfqIM+unVxr5AZqdvfp+xG7U905isP8TsRjfzww/OReD2uxYg8zOcqNxKl3fV9+7WBvOAwAAAAAAAAAAAAAAAAAAAACAo3BiPvLuOY2lUf+btNPvvXc2n9Aojg/7+2TDeX+g3aw/UFrb687zQXKwP9D+/jy9ZjVm7uqZAwAAAAAAAAAAAAAAAAAAwL9Hd3suWu32xlZ3+93NcTDX7k9k3vr2i6/n4+CcN5NxJqrZ4fbNyXMxUZXEqDwdlafJvjl5kETkkyvRunhptOPJObXRWRTKB0GtMFTJ99Rqt4899POnZVV/jjNJjIbqpUtU8vUnhjr3Zamy/dw8qHS3V24x53KapoeV73xSrIp6RLXwhfsngm+uvP7AY93jj3cr1c3WV3nTh0ceXXzh8sef/7bZakd+adrtua3ujfRvr5VM3D+V/DpXSu6E8mB3nNnd6m63kh9+f/HBD787MDkpv3/Sycw7h6/15cHMXBYMtnk7ZzpbcvOXB69cH929d34xj3+22rq089OvexfzVlUT3yQ06gAAAAAAAAAAAAAAAAAAgKmY+F/xO/DEc0e3IwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYvvH7/08Eu4XM7QTX+1Ecqm1sdQ9dfH6qpwoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwD3srwAAAP//JT9zjQ==") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) 42m29.71518001s ago: executing program 1 (id=2352): socket$inet6_mptcp(0xa, 0x1, 0x106) signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8) inotify_init1(0x800) socket(0x10, 0x3, 0x2) socket$xdp(0x2c, 0x3, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18) socket(0x1e, 0x4, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) socket$kcm(0x10, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x10) socket$unix(0x1, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r3, &(0x7f0000000540)={0x0, 0xfc, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800080000fcffff0800090000000000080011000000000008000e00800000000800", @ANYRES64=r3], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 42m28.997108264s ago: executing program 46 (id=2352): socket$inet6_mptcp(0xa, 0x1, 0x106) signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8) inotify_init1(0x800) socket(0x10, 0x3, 0x2) socket$xdp(0x2c, 0x3, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18) socket(0x1e, 0x4, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) socket$kcm(0x10, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x10) socket$unix(0x1, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r3, &(0x7f0000000540)={0x0, 0xfc, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800080000fcffff0800090000000000080011000000000008000e00800000000800", @ANYRES64=r3], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 42m28.984119654s ago: executing program 6 (id=2356): syz_mount_image$minix(&(0x7f0000000100), &(0x7f0000000180)='./file2\x00', 0x4000, &(0x7f0000001f00)=ANY=[], 0x1, 0x210, &(0x7f0000000700)="$eJzs28tOE1Ecx/Hf9EZFI17iJa5MTIwbqQIJ6Up5ADcuTVyQWkjjoEbcQEiUl3Dv1pWPQKLv4QvAwp0rjjkzp2nHDp0LM0yg309C50/n/M6cAc6h04sAzKznwa0nT+2gMsZ8vi/p1QtJjYoHB6BUxm2PDYDZU8899V8P1xAA59LRWl1SWwee9PvPXu/QfbVTPn44WquFhScdjuUvpc3ve8H2XiOan5d0eaL15AWJ+RbmH2qYtyPf613JePx5RY+va2nz4fk/eqCmxvJXJS1IQTfXJd2QdFOas21vSapFjt9y343yd8M79lOeBgAAAAAAU9mrz8XT5hM7qEt6ErvHXgdvDPx+/N5kTZd/mjPfcvmlaY1Mcn55/M7aSa29UdkMN3Muv9h777/JMG6gCLVs83/iaUH7F32Q0MGJ08GtDNH530w/GveM4Mbga6YMgND2zu7bdd/vfyyyeDatjZS1Q7siFDzC+OK7LfQ3fGWk5GPlKeximzc+fEGm6IF9UXIbk6LNRSoaxf6cf8r7f542IpPoh/vdZuj5ZdyuliLzNKJ+xgsTgNJ1Pm196Gzv7D4ebK1v9jf771ZWu93VleWlbid4WG5vzULVowRQhtF//5idad/EAwAAAAAAAAAAAAAAKnVb0p2g+nWcIcY7AwAAAIBz6Cw+FFX1OQIAAAAAAAAAAAAAcNH9CwAA///UBDZV") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x1d4) getdents64(r0, 0xfffffffffffffffe, 0xffffffffffffff15) 42m28.644058361s ago: executing program 6 (id=2358): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x40980, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r1, 0x400455c8, 0x4) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000040)=0x32) 42m27.735980908s ago: executing program 6 (id=2359): socket$nl_generic(0x10, 0x3, 0x10) bind$packet(0xffffffffffffffff, &(0x7f00000001c0)={0x11, 0x5, 0x0, 0x1, 0x0, 0x6, @random="c98fb68a85d8"}, 0x14) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000640)='./file1\x00', 0x1008000, &(0x7f0000000040)=ANY=[], 0x1, 0x5e7, &(0x7f0000000680)="$eJzs3cFvHFcdB/DvbBxnHaTUcZM2oEpYRaoQFsl6LZGUC1AKslCFKnHgbBEnsbJJK3uL3B4gIA4Vp/4JRcj/AOJYpBxoDxzg1LNRj0jcfdtqZmfX62TrJrab3TSfjzT73ps38/b3fjM7mVkr2gDPrNWlzNxPkdWlN7bL9u7OSmd3Z+XOoJ7kTJJG0kxSlKv/nuSz5F76S7456BgpH/LpR82bn3zw8fv9VjlWs5jpb18ctt+jGcYy34+1Kk9qvPaxxzs4w4Uki8eLD05Gb+C/Y7uP+bkEAKZZkZwat34+OVvfsJfPAf274v499lPt3qQDAAAAgCfgub3sZTvnJh0HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPE3q3/8v6qUxqC+mGPz+/2y9LnX9qXZ/0gEAAAAAAAAAwAn49l72sp1zg3avqP7m/3LVuFC9fiPvZCvr2czlbGct3XSzmeUk8yMDzW6vdbuby4+wZ3vsnu0nM18AAAAAAAAA+Jr6Y1b3//4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADToEhO9YtquTCoz6cxk6SZZLbc7l7yn0H9aXZ/0gEAAADAE/DcXvaynXODdq+onvlfqJ77m3knd9PNRrrpZD3Xq+8C+k/9jd2dlc7uzsqdcnl43J/8/7HCqEZM/7uH8e98qdpiLjeyUa25nN/krXRyPY1qz9KlQTzj4/pDGVPxo9ojRna9LsuZ/6Iup8N8lZHTw4y06tjKbJw/PBOPeXQefKflNIbf/Fz4CnJ+ti7L+bw+1Tlvj5x9LxyeiWTh13++eqtz9/atG1tL0zOlI3owEysjmXjxmcpEq8rExWF7NT/Pr7KUxbyZzWzkt1lLN+tZzOtVba0+n8vX+cMz9eMDrTe/LJLZ+rj0r6KPF9PL1b7nspFf5q1cr45oK1dzNe38IK+mdeAIXxwb9+97dfder9dL4/E+9d/5bl05neRndTkdyryeH8nr6DV3vuobXbOfpYWTvzbOfKuulGfPa1N3bTz/wL8Sg0w8f3gm/lKdOFudu7c3b629/Yjv90pdlhn46TATM/Xa3qkTmdSRlOfLwjCWg2dH2ff82L7lqu/CsK/xUN/FYd+XfVJn63u4h0dqV30vju3r73dppG/c/RYAU+/s987Ozv1v7t9zH879ae7W3BvN185cO/PSbE7/8/QPZ1qnXmm8VPwtH+Z3+8//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA0W29+97ttU5nffPIlcEvER13HBUVlempTPrKBHzVrnTvvH1l6933vr9xZ+3m+s31u6+2rl1bXl6+2rpyY6OzXr9OOkoA4CTt3/RPOhIAAAAAAAAAAAAAAOCLPIn/TjzpOQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF9vq0uZuZ8iy63LrbK9u7PSKZdBfX/LZpKirPwjyWfJvfSXzI8MV3zR+3z6UfPmJx98/P7+WM1q+3+1T2IWB2JpPBDTccdrj4z31yMNVwwzs5hkoS5h4j4PAAD//6LKBsA=") creat(0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f0000000200)='./file0\x00', 0x12, &(0x7f00000000c0)=ANY=[@ANYRES64=0x0], 0x5, 0xa5a, &(0x7f0000000a80)="$eJzs3U1sHFcBAOA3a6/z22ZTHGrS0CYU2vJTu3FM+ImAVM2FqKm4Vaq4RElaIpyASCVI1UOSEzdaVeHK76mX8qNK5IKinrhUopG49FQ4cCAKUiUO0JC48vq99e7zbmbt2J6s9/uk2bdv3tt9b3ZnZmdn5r0XgKFVaz7OzEwUIVy+8saRfz32zy0hXBlfzNFoPo62xeohhCLGR7P3+2BkIbz14asnuoVFmG4+pnh47kbrtdtCCBfC3nA1NMLuy9def3f62WMXj17a996bh66vzdIDAMBw+c7VQzO7/v7Xh3Z+9NbDh8Om1vx0fN6I8e3xuP9wPPBPx/+10Bkv2qZ2Y1m+0TjVsnwjXfK1l1PP8o32KH8se996j3ybSsofaZvXbblhkKX1uBGK2mRHvFabnFz4Tx6a/+vHismzp2dfPFdRRYFV959HQgh7Taahny42N4jq67Gu09yOqvdAAAvy64VLXMjPLNyd1ruN9lf+jadr3V8Pq2C913/lD1b5v71oj8Pq2ahrU1qutB1tj/G26whnQpf7l/Ltby5/42z7T++XX4+o91nPXtcRBuX6Qq96jqxzPVaqV/3z9WKj+kYM0+fwzSy9ffvJv9NB+Y6B7v7r/L/JNLTTkuPbO8jvlQE2tvy+ubkopef39eXpm0rSN5ekbylJ39qRa2n6tpLXwzD748s/C68Vi//z8//0yz0fns6z3RfD+5dZn/x85HLLH7tDbD3Kd4zEIPnT8edPffXkC9cW7v8vWuv/7bi+743xRtyarsYM6Xxhfl69de9/o7OcWo98D2T1ua9L/ubz8c58xfji+4S2/cySekx0vm5Hr3x7OvM1snxb4rQ5q29+fLI1e106/kj71fR5jWbLW8+WYyyrR9qv7IxhXg9YibQ+9rr/P62fE6FevHh69tRTMZ7W07+M1DfNz99fXtTvVrvuwN3pt/3PROhs/7O9Nb9ea98v7FicX7TvFxrZ/Oke8w/EePqd+97Ilub8yRM/mD252gsPQ+7c+Ve+f3x29tSPPPHEE09aT6reMwFrberlMz+cOnf+lSdPnzn+0qmXTp09cPDggenpg187MDPVPK6faj+6BzaSxR/9qmsCAAAAAAAAAAAA9OvHR49c+9s7X3l/of3/Yvu/1P4/3fmb2v//tFho615rmx+6jAOY2gHu7JLezJN1sDqW5avH6RNZfcezcnZlr/tkDFvj+MX2/6m4vF/XVJ8Hs/l5/70pX9adwJL+UsayXkfy8QI/E8NLMfx1gAoVW7rPjmFZ/9ZpXU/9UyyjX4ruBVOJ9L2lLyX1Y5Laf/fq1ynt/3euQx1ZfevRnLDqZQS6+/cQ9//dPHZZw/f/zf3VL+Pm3mmbqq6bqfppbs4oHsC9oerxP9N5zxSe/fO3N89PKduNpzv3l3n/pXA37vXxJ5W/scb/bI1/19f+7+bS0RMaKyv3f7+4/n5bsWF3v/vffPlTP9DjeQl3PhP90Xz5NxcX5fHQX/lzv8rKzy8I9elmXP70+W/ts/wly7+nrKTzb3eb+/9YfvrYnni03/IXalzUOuuRnzdO1//y88bJrWz5T650+Vc4UOPtWD4Ms0EZZ3a5+hj/t6ls/N8lVnn8317y+zC+HONpR5juc8hHOFlm/VuR9DuwK3v/ouT3zfi/g+3rMSzbHtL4v2l9bHSJ19ri9S6f7Ubd18Cg+uDevf63+ENVfV1M/X5f1dfDtIxpbm5ubU9olai0cCr//Kv+n1B1+VV//mXy8X/zY/h8/N88PR//N0/Px//N0/Px9fL0rVl6/nnm4//m6Q9m75uPDzyR/cHO0z9V8vrdJekPlaTvKUn/dEn6vpL0h0vSHylJf6Ak/dGS9M+WpH+uJP2xkvQnStI/X5K+0aX2KMO6/DDM8vZ5tn8YHql9ba/tf7wkHRhcP39r/zMv/OG7jYX2/2Ot8yHpOt7hGK/H/84/ifH8undoi8+nvRPj/8jS7/XzHTBM8v4z8t/3x0vSgcGV7vOyfcMQKrq3k+i336pex/kMli/E8Isx/FIMn4zhZAynYrg/htPrVD/WxjO/f/vQa8Xi//0dWXq/95Pn7YHyfqIO9Fmf/PzAcu/Hz/vxW667LX+FzcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqU2s+zsxMFCFcvvLGkeePnZ6an/OtVo5G83G0LVZvvS6Ep2I4EsNfxie3Pnz1RHt4O4ZFmA5FKFrzw3M3WiVtCyFcCHvD1dAIuy9fe/3d6WePXTx6ad97bx66vnafAAAAAGx8HwcAAP//V88c0Q==") ftruncate(0xffffffffffffffff, 0x2007ffa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0xffffffffffffff5b, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) stat(&(0x7f0000000100)='./file1\x00', 0x0) 42m26.461476303s ago: executing program 47 (id=2359): socket$nl_generic(0x10, 0x3, 0x10) bind$packet(0xffffffffffffffff, &(0x7f00000001c0)={0x11, 0x5, 0x0, 0x1, 0x0, 0x6, @random="c98fb68a85d8"}, 0x14) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000640)='./file1\x00', 0x1008000, &(0x7f0000000040)=ANY=[], 0x1, 0x5e7, &(0x7f0000000680)="$eJzs3cFvHFcdB/DvbBxnHaTUcZM2oEpYRaoQFsl6LZGUC1AKslCFKnHgbBEnsbJJK3uL3B4gIA4Vp/4JRcj/AOJYpBxoDxzg1LNRj0jcfdtqZmfX62TrJrab3TSfjzT73ps38/b3fjM7mVkr2gDPrNWlzNxPkdWlN7bL9u7OSmd3Z+XOoJ7kTJJG0kxSlKv/nuSz5F76S7456BgpH/LpR82bn3zw8fv9VjlWs5jpb18ctt+jGcYy34+1Kk9qvPaxxzs4w4Uki8eLD05Gb+C/Y7uP+bkEAKZZkZwat34+OVvfsJfPAf274v499lPt3qQDAAAAgCfgub3sZTvnJh0HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPE3q3/8v6qUxqC+mGPz+/2y9LnX9qXZ/0gEAAAAAAAAAwAn49l72sp1zg3avqP7m/3LVuFC9fiPvZCvr2czlbGct3XSzmeUk8yMDzW6vdbuby4+wZ3vsnu0nM18AAAAAAAAA+Jr6Y1b3//4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADToEhO9YtquTCoz6cxk6SZZLbc7l7yn0H9aXZ/0gEAAADAE/DcXvaynXODdq+onvlfqJ77m3knd9PNRrrpZD3Xq+8C+k/9jd2dlc7uzsqdcnl43J/8/7HCqEZM/7uH8e98qdpiLjeyUa25nN/krXRyPY1qz9KlQTzj4/pDGVPxo9ojRna9LsuZ/6Iup8N8lZHTw4y06tjKbJw/PBOPeXQefKflNIbf/Fz4CnJ+ti7L+bw+1Tlvj5x9LxyeiWTh13++eqtz9/atG1tL0zOlI3owEysjmXjxmcpEq8rExWF7NT/Pr7KUxbyZzWzkt1lLN+tZzOtVba0+n8vX+cMz9eMDrTe/LJLZ+rj0r6KPF9PL1b7nspFf5q1cr45oK1dzNe38IK+mdeAIXxwb9+97dfder9dL4/E+9d/5bl05neRndTkdyryeH8nr6DV3vuobXbOfpYWTvzbOfKuulGfPa1N3bTz/wL8Sg0w8f3gm/lKdOFudu7c3b629/Yjv90pdlhn46TATM/Xa3qkTmdSRlOfLwjCWg2dH2ff82L7lqu/CsK/xUN/FYd+XfVJn63u4h0dqV30vju3r73dppG/c/RYAU+/s987Ozv1v7t9zH879ae7W3BvN185cO/PSbE7/8/QPZ1qnXmm8VPwtH+Z3+8//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA0W29+97ttU5nffPIlcEvER13HBUVlempTPrKBHzVrnTvvH1l6933vr9xZ+3m+s31u6+2rl1bXl6+2rpyY6OzXr9OOkoA4CTt3/RPOhIAAAAAAAAAAAAAAOCLPIn/TjzpOQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF9vq0uZuZ8iy63LrbK9u7PSKZdBfX/LZpKirPwjyWfJvfSXzI8MV3zR+3z6UfPmJx98/P7+WM1q+3+1T2IWB2JpPBDTccdrj4z31yMNVwwzs5hkoS5h4j4PAAD//6LKBsA=") creat(0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f0000000200)='./file0\x00', 0x12, &(0x7f00000000c0)=ANY=[@ANYRES64=0x0], 0x5, 0xa5a, &(0x7f0000000a80)="$eJzs3U1sHFcBAOA3a6/z22ZTHGrS0CYU2vJTu3FM+ImAVM2FqKm4Vaq4RElaIpyASCVI1UOSEzdaVeHK76mX8qNK5IKinrhUopG49FQ4cCAKUiUO0JC48vq99e7zbmbt2J6s9/uk2bdv3tt9b3ZnZmdn5r0XgKFVaz7OzEwUIVy+8saRfz32zy0hXBlfzNFoPo62xeohhCLGR7P3+2BkIbz14asnuoVFmG4+pnh47kbrtdtCCBfC3nA1NMLuy9def3f62WMXj17a996bh66vzdIDAMBw+c7VQzO7/v7Xh3Z+9NbDh8Om1vx0fN6I8e3xuP9wPPBPx/+10Bkv2qZ2Y1m+0TjVsnwjXfK1l1PP8o32KH8se996j3ybSsofaZvXbblhkKX1uBGK2mRHvFabnFz4Tx6a/+vHismzp2dfPFdRRYFV959HQgh7Taahny42N4jq67Gu09yOqvdAAAvy64VLXMjPLNyd1ruN9lf+jadr3V8Pq2C913/lD1b5v71oj8Pq2ahrU1qutB1tj/G26whnQpf7l/Ltby5/42z7T++XX4+o91nPXtcRBuX6Qq96jqxzPVaqV/3z9WKj+kYM0+fwzSy9ffvJv9NB+Y6B7v7r/L/JNLTTkuPbO8jvlQE2tvy+ubkopef39eXpm0rSN5ekbylJ39qRa2n6tpLXwzD748s/C68Vi//z8//0yz0fns6z3RfD+5dZn/x85HLLH7tDbD3Kd4zEIPnT8edPffXkC9cW7v8vWuv/7bi+743xRtyarsYM6Xxhfl69de9/o7OcWo98D2T1ua9L/ubz8c58xfji+4S2/cySekx0vm5Hr3x7OvM1snxb4rQ5q29+fLI1e106/kj71fR5jWbLW8+WYyyrR9qv7IxhXg9YibQ+9rr/P62fE6FevHh69tRTMZ7W07+M1DfNz99fXtTvVrvuwN3pt/3PROhs/7O9Nb9ea98v7FicX7TvFxrZ/Oke8w/EePqd+97Ilub8yRM/mD252gsPQ+7c+Ve+f3x29tSPPPHEE09aT6reMwFrberlMz+cOnf+lSdPnzn+0qmXTp09cPDggenpg187MDPVPK6faj+6BzaSxR/9qmsCAAAAAAAAAAAA9OvHR49c+9s7X3l/of3/Yvu/1P4/3fmb2v//tFho615rmx+6jAOY2gHu7JLezJN1sDqW5avH6RNZfcezcnZlr/tkDFvj+MX2/6m4vF/XVJ8Hs/l5/70pX9adwJL+UsayXkfy8QI/E8NLMfx1gAoVW7rPjmFZ/9ZpXU/9UyyjX4ruBVOJ9L2lLyX1Y5Laf/fq1ynt/3euQx1ZfevRnLDqZQS6+/cQ9//dPHZZw/f/zf3VL+Pm3mmbqq6bqfppbs4oHsC9oerxP9N5zxSe/fO3N89PKduNpzv3l3n/pXA37vXxJ5W/scb/bI1/19f+7+bS0RMaKyv3f7+4/n5bsWF3v/vffPlTP9DjeQl3PhP90Xz5NxcX5fHQX/lzv8rKzy8I9elmXP70+W/ts/wly7+nrKTzb3eb+/9YfvrYnni03/IXalzUOuuRnzdO1//y88bJrWz5T650+Vc4UOPtWD4Ms0EZZ3a5+hj/t6ls/N8lVnn8317y+zC+HONpR5juc8hHOFlm/VuR9DuwK3v/ouT3zfi/g+3rMSzbHtL4v2l9bHSJ19ri9S6f7Ubd18Cg+uDevf63+ENVfV1M/X5f1dfDtIxpbm5ubU9olai0cCr//Kv+n1B1+VV//mXy8X/zY/h8/N88PR//N0/Px//N0/Px9fL0rVl6/nnm4//m6Q9m75uPDzyR/cHO0z9V8vrdJekPlaTvKUn/dEn6vpL0h0vSHylJf6Ak/dGS9M+WpH+uJP2xkvQnStI/X5K+0aX2KMO6/DDM8vZ5tn8YHql9ba/tf7wkHRhcP39r/zMv/OG7jYX2/2Ot8yHpOt7hGK/H/84/ifH8undoi8+nvRPj/8jS7/XzHTBM8v4z8t/3x0vSgcGV7vOyfcMQKrq3k+i336pex/kMli/E8Isx/FIMn4zhZAynYrg/htPrVD/WxjO/f/vQa8Xi//0dWXq/95Pn7YHyfqIO9Fmf/PzAcu/Hz/vxW667LX+FzcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqU2s+zsxMFCFcvvLGkeePnZ6an/OtVo5G83G0LVZvvS6Ep2I4EsNfxie3Pnz1RHt4O4ZFmA5FKFrzw3M3WiVtCyFcCHvD1dAIuy9fe/3d6WePXTx6ad97bx66vnafAAAAAGx8HwcAAP//V88c0Q==") ftruncate(0xffffffffffffffff, 0x2007ffa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$kcm(0x29, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0xffffffffffffff5b, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) stat(&(0x7f0000000100)='./file1\x00', 0x0) 42m26.452398133s ago: executing program 4 (id=2361): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x94) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="50020000", @ANYRES16=r1, @ANYBLOB="0100000000000000000001000000080001000000000004000480080002000100000010000c7d0c000b8008000a00b4ed000004000880c8000c8024000900f36aad4208000a156878badf10076800d5441e0f080009002bd49f3b0c00008008000a00697100002c000b8008000a"], 0x250}}, 0x2000c000) 42m25.885717064s ago: executing program 4 (id=2363): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1000040, &(0x7f0000000040)={[{@barrier}, {@nodioread_nolock}, {@noquota}, {@barrier}, {@noload}, {@dioread_nolock}]}, 0x1, 0x599, &(0x7f0000001280)="$eJzs3T9sG2UbAPDnznHTP/m+9JO+T/pAHSpAKlJVJ+kfKEztiqhUqQMSC0SOG1Vx4ipOoIkike4VogMC1KVsMDCCGBgQCyMrC4gZqaIRSE0HMHJ8TtPULk6I4xL/ftLZ73t39vO+d35e+053cgB962j9IY14KiIuJhHDG5YNRLbwaGO91ZWl4v2VpWIStdqlX5JIIuLeylKxuX6SPR+KiOWI+H9EfJOPOJ6uv+W+ZqG6sDg1Xi6XZrP6yNz01ZHqwuKJK9Pjk6XJ0sypF186c/b0mbGTYxube7+2sZbfWl9v/Hjz3RvfvXL75qefHVkuvj+exLkYypZt7MdOamyTfJzbNP90N4L1UNLrBrAtuSzP66n0vxiOXJb1rdQ2Dg6Du9I8oItqgxE1oE8l8h/6VPN3QP34tznt5u+PO+cbByD1uKsrS8V3ohl/oHFuIvavHZsc/DV56Mikfrx5eDcbyp60fD0iRgcGHv38J9nnb/tGd6KBdNXX5xs76tH9n66PP9Fi/Blqnjv9m5rj32o2/q22iJ9rM/5d7DDG76//9FHb+NcH4+mW8ZP1+EmL+GlEvNlh/FuvfXm23bLaxxHHonX8puTx54dHLl8pl0Ybjy1jfHXsyMvt+x9xsE38xjnb/WtfMxv7vy9rU9ph/7/49vNnlh8T//lnH7//W23/AxHxXofx/3Pvk1fbLbtzPblb/xWw1f2fRD5udxj/hXNHf8iKzhoCAAAAAAAAAMAOSteuZUvSwno5TQuFxj28/42DablSnTt+uTI/M9G45u1w5NPmlVbDjXpSr49l1+M26yc31U/lsoC5A2v1QrFSnuhx3wEAAAAAAAAAAAAAAAAAAOBJcWjT/f+/5dbu/9/8d9XAXtX+L7+BvU7+Q/96OP+TnrUD2H2+/6Fv1eQ/9C/5D/1L/kP/kv/Qv+Q/9C/5D/1L/gMAAAAAAAAAAAAAAAAAAAAAAAAAQFdcvHChPtXurywV6/WJgYX5qcpbJyZK1anC9HyxUKzMXi1MViqT5VKhWJn+q/dLKpWrozEzf21krlSdG6kuLL4xXZmfaf6naCnf9R4BAAAAAAAAAAAAAAAAAADAP8/Q2pSkhYh8o56mhULEvyLicBLJ5Svl0mhE/Dsivs/lB+v1sV43GgAAAAAAAAAAAAAAAAAAAPaY6sLi1Hi5XJrtXmEgC9XFEJ0XBrayckQs72wz6u+45Vflsw3Y4023Nwq5J+Nz+OQXejgoAQAAAAAAAAAAAAAAAABAn3pw02+nr/ijuw0CAAAAAAAAAAAAAAAAAACAvpT+nEREfTo2/NzQ5qX7ktXc2nNEvH3r0gfXxufmZsfq8++uz5/7MJt/shftBzrVzNM0Iup5DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADxQXVicGi+XS7PbLAx2sE6v+wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwHX8GAAD//xLkz18=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x441, 0x104) fallocate(r0, 0x8, 0x4000, 0x10000) 42m25.669749548s ago: executing program 4 (id=2364): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r0) pipe(0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$IOMMU_IOAS_IOVA_RANGES(r5, 0x3b84, &(0x7f00000004c0)={0x20, 0x0, 0x0, 0x0, 0x0}) sendmsg$NLBL_MGMT_C_PROTOCOLS(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="011b26b67000fddbdf2507"], 0x58}, 0x1, 0x0, 0x0, 0x5}, 0x404c044) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000480), r0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000002c0)={0xb0, 0xfffeffff, 0xab, "5db35c5923250049fc264aa46283122712561694401b2354e10691403e98dc8c54b03133f224a4a25d0398c9c19903eed2e1be2940d67d33740e0790ee4ed36a1fdebd93ea82efc8cea22b38b28e01889a8380ee49e4cc331d867546c1c759e17573c81bb34d867bb43fc3b5af1bc301d55bae87cb059bf3a92ea9629571dd6c125320f051d8ffa0efdaba4bd80f721c2951f1265f2cab0aca0e302e9f7275f87d6b7801fcf28c25e466e3b9460676a3"}) 42m24.418328662s ago: executing program 4 (id=2367): syz_mount_image$minix(&(0x7f0000000100), &(0x7f0000000180)='./file2\x00', 0x4000, &(0x7f0000001f00)=ANY=[], 0x1, 0x210, &(0x7f0000000700)="$eJzs28tOE1Ecx/Hf9EZFI17iJa5MTIwbqQIJ6Up5ADcuTVyQWkjjoEbcQEiUl3Dv1pWPQKLv4QvAwp0rjjkzp2nHDp0LM0yg309C50/n/M6cAc6h04sAzKznwa0nT+2gMsZ8vi/p1QtJjYoHB6BUxm2PDYDZU8899V8P1xAA59LRWl1SWwee9PvPXu/QfbVTPn44WquFhScdjuUvpc3ve8H2XiOan5d0eaL15AWJ+RbmH2qYtyPf613JePx5RY+va2nz4fk/eqCmxvJXJS1IQTfXJd2QdFOas21vSapFjt9y343yd8M79lOeBgAAAAAAU9mrz8XT5hM7qEt6ErvHXgdvDPx+/N5kTZd/mjPfcvmlaY1Mcn55/M7aSa29UdkMN3Muv9h777/JMG6gCLVs83/iaUH7F32Q0MGJ08GtDNH530w/GveM4Mbga6YMgND2zu7bdd/vfyyyeDatjZS1Q7siFDzC+OK7LfQ3fGWk5GPlKeximzc+fEGm6IF9UXIbk6LNRSoaxf6cf8r7f542IpPoh/vdZuj5ZdyuliLzNKJ+xgsTgNJ1Pm196Gzv7D4ebK1v9jf771ZWu93VleWlbid4WG5vzULVowRQhtF//5idad/EAwAAAAAAAAAAAAAAKnVb0p2g+nWcIcY7AwAAAIBz6Cw+FFX1OQIAAAAAAAAAAAAAcNH9CwAA///UBDZV") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x1d4) getdents64(r0, 0xfffffffffffffffe, 0xffffffffffffff15) 42m24.207708136s ago: executing program 4 (id=2368): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000080)={{0x0, 0x1, 0x0, 0x1, 0x3}}) ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0) ioctl$SNDRV_TIMER_IOCTL_STOP(r0, 0x54a1) 42m23.692121036s ago: executing program 4 (id=2369): r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0x103cfa, 0x0, 0x3, 0x69}, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) sendmsg$inet_sctp(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@sndinfo={0x20, 0x84, 0x2, {0xa, 0x4, 0x28, 0x200000b, r2}}], 0x20, 0x2400e044}, 0x0) 42m23.403736771s ago: executing program 48 (id=2369): r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0x103cfa, 0x0, 0x3, 0x69}, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) sendmsg$inet_sctp(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@sndinfo={0x20, 0x84, 0x2, {0xa, 0x4, 0x28, 0x200000b, r2}}], 0x20, 0x2400e044}, 0x0) 42m20.685084733s ago: executing program 7 (id=2375): gettid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) mount$fuse(0x0, 0x0, 0x0, 0x200000, 0x0) syz_genetlink_get_family_id$netlbl_unlabel(0x0, 0xffffffffffffffff) r1 = socket(0x28, 0x5, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x40c4}, 0x4040) syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, 0x0, 0x0) 42m19.860246819s ago: executing program 7 (id=2376): r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000002000), 0x2, 0x0) ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000000)={0x5, @sliced={0x3, [0x5, 0x0, 0x4, 0x46ac, 0x1ff, 0x2, 0x8, 0x2, 0x6d, 0x8, 0x9, 0x81, 0x2, 0x2, 0x4, 0x9, 0x200, 0x7, 0x6, 0x2, 0x1, 0x8, 0x7, 0xf6, 0x6, 0x4, 0xfeff, 0x8001, 0x9, 0x101, 0x5, 0xdab2, 0x4, 0x2, 0x3, 0x8, 0x2, 0x5, 0x5, 0x0, 0x8, 0x7, 0x8, 0xd, 0xff, 0x0, 0x3c42, 0x9a68], 0x8}}) 42m19.83177655s ago: executing program 7 (id=2377): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x40980, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r1, 0x400455c8, 0x4) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000040)=0x32) 42m17.653781772s ago: executing program 7 (id=2378): syz_mount_image$cramfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x10080, &(0x7f0000000040)=ANY=[@ANYRESDEC, @ANYRESOCT], 0x1, 0x154, &(0x7f0000000200)="$eJzszz9rGnEYwPHvef4praJQS22HVujQQ7GeJ3YrRUulB7UHLS4dSkGvtKBVFMKNyZAtQ17ADSFCJnFI8gKMyZJEIZjXcZAhkDXcnRISMmX+fZa7+z4PD9znDzOFBMj4PnXa3Z7Z75vN9HejVv2xu+/3CPDIe2t3ezLPzcX+uAx/3WcQnDVoAocx+POvZb5rdFrut1MGBag8cXsIFX/3sduS/m5h0ZQ3MHnmN+2eVly0l0GoxL3G0lsJAtzcuwSs9J4/1HOZnV8y63r29VMJLDs7Gp58mx7rucwrc0OrvhhEUzJ182jb+03LPs/LubP8aDifTWtfjZoxK2ra+6JaUNXS3Did6qXVTYJfoivw8869cBioQ1cCW4KhN3fGUgyYbF0Z7XgkCVz8T4Bk2c7BcgK3J43fqdDgYzIRQFaQEARBEARBEARBEIQHug4AAP//X0hgmg==") pipe2$watch_queue(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) mount$fuse(0x0, 0x0, 0x0, 0x1048001, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x2, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000002040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000e80)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}, {{&(0x7f0000000640)=@file={0x1, './file0/../file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4004000}}], 0x2, 0x0) 42m16.66990308s ago: executing program 7 (id=2379): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000030000000"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r1}, 0x18) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r2, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10) 42m16.344430516s ago: executing program 7 (id=2380): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00') r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r1}, 0x10) rt_sigprocmask(0x0, 0x0, 0x0, 0x0) renameat(r0, 0x0, r0, &(0x7f0000000100)='./mnt\x00') 42m15.991733283s ago: executing program 49 (id=2380): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00') r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r1}, 0x10) rt_sigprocmask(0x0, 0x0, 0x0, 0x0) renameat(r0, 0x0, r0, &(0x7f0000000100)='./mnt\x00') 12m28.676079638s ago: executing program 2 (id=9802): syz_usb_connect(0x4, 0x1cb, &(0x7f0000000000)=ANY=[@ANYRES16], 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_dev$vivid(&(0x7f0000000000), 0x3, 0x2) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) mq_open(&(0x7f00000007c0)='(\x00', 0x41, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2) r6 = memfd_create(&(0x7f0000000580)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f<\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecj\x02\xc8\xc4\f\x04\x99\xf6\xfc', 0x3) ftruncate(r6, 0xffff) fcntl$addseals(r6, 0x409, 0x7) r7 = ioctl$UDMABUF_CREATE(r5, 0x40187542, &(0x7f00000002c0)={r6, 0x0, 0x0, 0x8000}) r8 = fcntl$dupfd(r7, 0x406, r0) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r8}) close_range(0xffffffffffffffff, r5, 0x0) 12m25.530341938s ago: executing program 2 (id=9819): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080), 0x2b00, 0x0) ppoll(&(0x7f0000000140)=[{r0, 0x4000}], 0x1, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) flistxattr(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg(r2, 0x0, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'pimreg0\x00', 0x1}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, 0x0, 0x20008040) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = syz_io_uring_setup(0x1104, &(0x7f0000000300)={0x0, 0x0, 0x80, 0x0, 0x8000021e}, &(0x7f00000001c0)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r7, r8, &(0x7f0000000380)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x7, 0x0, 0x0, 0x200, 0x0, 0x1}) io_uring_enter(r6, 0x47fd, 0xca65, 0x0, 0x0, 0x0) syz_io_uring_submit(r7, r8, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x2, r4, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x1}) syz_usb_connect$uac1(0x0, 0xb1, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) sendmsg$inet(r5, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x90) r9 = syz_open_dev$tty20(0xc, 0x4, 0x1) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) fallocate(0xffffffffffffffff, 0x0, 0x3, 0x80000003) ioctl$VT_DISALLOCATE(r9, 0x5608) 12m19.932501523s ago: executing program 2 (id=9834): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x141000, 0x57) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{0x0}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0x1e, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_CAP_X86_USER_SPACE_MSR(r1, 0x4068aea3, &(0x7f0000000240)={0xbc, 0x0, 0x7}) 12m19.500055761s ago: executing program 2 (id=9837): socket$nl_route(0x10, 0x3, 0x0) pipe(0x0) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x3d, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x6, 0x0) prlimit64(0x0, 0xc, &(0x7f0000000140)={0x40000000000000, 0x88}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r0, 0x0) setpgid(0x0, r0) bpf$OBJ_GET_MAP(0x7, &(0x7f00000003c0)=@generic={&(0x7f0000000440)='./file0/file0\x00'}, 0x18) r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_READY(r1, 0x9360, 0x800000000000001) 12m19.272871235s ago: executing program 2 (id=9838): bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r0 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) sendmmsg$alg(r0, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000680)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926bae1efd7e0054a863f3d5cfe6cb55b5bb9ed884e7cb51726b360fbb37b4fe035bba15e43007160ffc0f0685e839e9047e39be95994a1ea25c50e54c8e3f55fa579fad3904e9fc29cd900000000000000000000000095493a09e9d4857d5ef95dd41767d160478bd3e77bdbf293afcea4c14cb260d49b24ad6e6ddc0afc9dd7bfec1ee45f", 0xa4}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50", 0x4b}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) 12m18.942070512s ago: executing program 2 (id=9839): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000007"], 0x50) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e00000000000000010000000700000000000000", @ANYRES32=0x1, @ANYBLOB='\x00\x00\x00\x00\x00d\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES8, @ANYRES32=r1], 0x0, 0x400000}, 0x94) r2 = shmget$private(0x0, 0x4000, 0x10, &(0x7f0000ffa000/0x4000)=nil) shmctl$IPC_SET(r2, 0x1, &(0x7f0000000ac0)={{0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xc1, 0x4}, 0xe9, 0xd718, 0x9720, 0x8000000000000, 0x0, 0x0, 0x400}) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000180)=r3, 0x4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) mount_setattr(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x8000, &(0x7f0000000080)={0x82, 0x2, 0xa0000, {r3}}, 0x20) 12m18.583754878s ago: executing program 50 (id=9839): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000007"], 0x50) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e00000000000000010000000700000000000000", @ANYRES32=0x1, @ANYBLOB='\x00\x00\x00\x00\x00d\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES8, @ANYRES32=r1], 0x0, 0x400000}, 0x94) r2 = shmget$private(0x0, 0x4000, 0x10, &(0x7f0000ffa000/0x4000)=nil) shmctl$IPC_SET(r2, 0x1, &(0x7f0000000ac0)={{0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xc1, 0x4}, 0xe9, 0xd718, 0x9720, 0x8000000000000, 0x0, 0x0, 0x400}) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000180)=r3, 0x4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) mount_setattr(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x8000, &(0x7f0000000080)={0x82, 0x2, 0xa0000, {r3}}, 0x20) 5.499570236s ago: executing program 3 (id=12926): io_uring_register$IORING_REGISTER_FILES_UPDATE2(0xffffffffffffffff, 0xe, 0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x15) dup(0xffffffffffffffff) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) r0 = syz_io_uring_setup(0x1104, &(0x7f0000000300)={0x0, 0x0, 0x800, 0x0, 0x8000020e}, &(0x7f00000001c0)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000380)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x7, 0x0, 0x0, 0x200, 0x0, 0x1}) io_uring_enter(r0, 0x47fa, 0x0, 0x0, 0x0, 0x0) 4.960988566s ago: executing program 3 (id=12928): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000001c0)={[{@delalloc}, {@nombcache}, {@barrier}, {@dioread_lock}, {@stripe={'stripe', 0x3d, 0x8}}, {@resgid}, {@data_err_ignore}, {@jqfmt_vfsv0}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001600)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c}) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) 4.394806037s ago: executing program 3 (id=12930): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000000380)='./bus\x00', 0x8, &(0x7f00000002c0)={[{@barrier}, {@autodefrag}, {@noacl}, {@compress_algo={'compress', 0x3d, 'no'}}, {@max_inline={'max_inline', 0x3d, [0x30, 0x30, 0x32, 0x74, 0x39, 0x0]}}, {@noacl}, {@max_inline={'max_inline', 0x3d, [0x30, 0x37, 0x34, 0x74]}}, {@barrier}, {@nospace_cache}]}, 0x1, 0x55ae, &(0x7f000000ac40)="$eJzs3X9snHUdB/DnruvaFdeWMOuArGwDJFtEOjdNCCR2bNNpYTnphE3I+gNH0DmtY8NVCCtinIERijWMwQoLbn9MEYqucyiJBewqul8IJtNFBbPFNWOkOBExYTG9u+d299zaHhMpwuu1tM/zvc/z/d73njx/3PvW73MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEHwx+N3TL/t3roJ26+ru++8a85e+2D3kuMX3rq1avND20v2dTz31aNVq1qPLF1w0/2JpkfW93d3BkEs2S+W7t9w2fwrr69vuKI0HLDxc6ltZeVQT5nq+mKqMTbnwcF+uT9NQRAURwYoSm/npXfiOQNkdlfkDzisayf1tE4dP69x28qujc8uu3xL/ktnUOloT2C0pK+rgyeupdrk73jkiEw769KL5Vyiqf7RC+4deREAwFtSk0huMm9H029xM+22aD3Sro202yPt8B1Ce3bjVKTGHTvUPCdH66M0z9pUVCgZcp6Revr8Z9qJaP9IOxI13sI8cw9NR5rSoebZEqmP1jwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k0uuH5m/d49D7/8ldbf/u7h17/16sePrGq8ZaC7/qJ1ix/v2PG9vx2tWtV6ZOmCm+5PND2yvr+7Mwgqk/1iqe6xZ6ri8ZkDddseu6e3puFDC9cUpccNt2OyDg72hzsXVwRBc1blYDhsf3kQJHILyWawIb/wpeTOZ8ICAAAA7yVnJn/HM+1UHCzOaceSaTKW/BdKhcVrJ/W0Th0/r3Hbyq6Nzy67fMupj5cYYrzak46XaVee+IllBeMw/kbHO1EPD12RN87woiNG8/zpx/qnNdfdUHrl7gsWzphdv+XS4CfTD3csX3TfhBfHL9nXXpOX/yuHz//hmZP/AQAA+G/I/9FxhjdS/m+uqZh0cOp3ix67rur44fkP/Lyz7/kn4w8VD3Q//dLYcbf9cnVe/p+c85R5+T+ccZj/48Gp5X8AAAB4N/tf5//avHGGN1L+/8X+zZ//98pvTDk84187Xnj69xdvnVI+/7WyGTe8+cSCVxp2tf0pL//XFJb/x2RPO3xwVzjhZRVBUFP4SQUAAAByhP/vfuKjhTCvpz45iOb1y+4qe3LXG+tvjJ/V8o8zFvfPqv7i7tVf37ApNrChc92O5XNX5OX/2sLyf/E783IBAACAAvxm+y13V395ydYtew7N2XFnYvPYS+a+uuennVf1vXwsUfT8zX15+T9RWP4vGZ2XAwAAAJzEU+MmPnfo0UNfm7177YS9q9rmPD5t3+qFD/xz9t+veOnPxzddWJ6X/xsLy/9l6W165UOq087wrxA6KoKgdHCnJVXoC9o/mSkAAAAAb5Mwpzc1revduX7MrNfOPvzDNSuW/2rvpd++a2P1zQd+XXX7ucf2996Yl/9bhr//f3ing3D9f879//LW/2cVUnf9u8SNAQAAAHg/yl/PH94eP/XNBUN9/36h6/8/euaBko7m8ysnx7dVz3rig31Xra1+fVHHRZ/YfusbH46V//VTefm/rbD8X5S9fTu//w8AAABOwf/b9/8tzhtneCPd/79v3DPnrPnsPT+o/WbZU+e+eXfzd9oPTj9v87QzPlJ0fvecmX/4fl7+by8s/4fb07JfXk94fm6vCIKJgzvpuwluDae7LFLoKs4qpE58pEd92CNd6CrJKiS1RHp8rCIIpgzutEUKp4eF9khhoDxd2BQp7A0L6eshU3g0UugJr7R7y9PTjRZ+FhbSCyy6whUUp2WWRER6HBuqx2DhpD0OZJ4cAADgfSUMz+ksW5zbDKJRtis20gFlIx0QH+mAopEOGBM5IHrgUI8HjbmF8PEfz+1e+so1D9b1Xt1w9KzZe5bc0faBnkW9O7/wo55z/nL1Cws/nZf/NxWW/8NTMTa1GWr9fxCu/09/r2Fm/X9jWKiMFLrCQiJ6x4BE+BypsHtn+ByViXSPgYmZAgAAALynhZ8LFI3yPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sHfvcVJVd4LATzf9oJum6YgBY4ygRkR3aZomGEQcUXRXo4tNJKtjhtAIjXZoAwq4YsyKr3GV6GLUmBjZwY+jJg6r+CDqRIXoiElGJfE5Kz4HnciqS9BR45gs++m+dYqqW112IaC0+/3+0XWqfud569F17r11LgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/P/hsiX3Nrw58H9965ffW/f697409TdTD9m8y19uqHt3yDlPbT5ocN0tbw1asPCNtklnXtsyffk1G1YuDaGlq1xZUrzsoUHl5aP/cMxdt13xcNO0wVPOrcrUm4mHfp1/yjN3Loytvto/hLvLQqhIB0bUJYHKzP26WN8edSF8LmwJZEu01SYl0g2Hh2tCWBa2BLJV3VsTQl1OYMoTD666rDNxVU0I+4YQqtNtvFCdtFGTDgyrSgK16cCciiTw/uZENnBPeRKArVHV3YPxzZB90a9oyc/Q0H1lRV5/lR+3czuZ9PD6xERD8XxvHbaDO5Wj4Lls2aanrduXBttdwdtjtXdbL3i3FWznJZ623C9SmW8om7eEqkP5zLZZ0xd0zI+PlIfGxj7FatpBz/O6TefM2Jp0r3kdxg40bJfX4QO1k+ove3viwStP/uPp+85fO3Vbu/lczibNTe9o1SHzmus1z2M04dP7PNm8LYW3r539aSv4ljTUl64QwvF/+nzZM3Ne2n3jB6+eOPH2Fy6+etrCa6ZMfHbQL8b+47W73D3t8oL5f8NHz//jyznelufljq1+WJ/MzeMjdTGxsT6ZmwMAAECv0Rv2mn519KsvnfrQ3YteXH5cxXfH/eqk3eorzv5+x/G7rhz/xUuvbH98l4L5/9DSjv/HQ/51uaNdHcKErsQFA0LYrevxJPCz2J2TB4SwV1eqJT9wWCqwOoQvdCX2z1aVKtE3lhiaCvy+PhOYkAqsiYGWVODGGFiSClwYAytSgRkxsDoVODwGQnv+OA6oz4yj5EBNDLQmG3FFPAvhnfrYWmpbrctWBQAAsJ1kZoeV+XdzznXY1gxxermipqcM8QzsohmqUzWkZ7DZaVXRGip6qqG8pxqy41700cMvqLmsp5oLTsMoy8/w4ZDvlA+YuPeP7rpxxE3NL0787rtjj//Kn998d/X+//Tf7zln/nUHFMz/mz56/l/dTUfKCo7/hzC562/MXZ6JdGTjrS15GQAAAIBtcNVjS5+84YCj/s99L99355euvaF89dVf/7+vbLxg71HHDS/r+3ffXlEw/59Q2vn/cZ9In5zM4dG4G2L2gBCa8gNJtQcXBpKj3v0yAQAAAOgNssfjs8fC2zO3ySna6fl0Yf6WrcwfD/xP6Db/5Zv++tkvX/vkiQuH7bPhiv925gdlnx/7u12OXTvy8bf2HPYPDX0Lz/9vKe38/9r826QTa2IvrhwQQt+cwCOxl52BLkNj4OVD8wOZ8a+JG2BxrCpzYkK2qsWxRGsMNKUCy4qV+G22xG75gcyTlW38guw42jMlcgIAAADwiYu7A+Jx+Xj+/z2TD/jS/oNeGvPinvcufG3C0hNOrf3hPrfs+vqAjkljDpxwyBHPFMz/W7fu/P+ueXDB6f0d/UIYWRFCn/QPAx6tTRYGjIG6skzi/tqkrj7pqs6rDWF858DSVb2SWf+/Ir3G4BM1SVUxsNveP900rDNxQ00II3MDz3zz+jGdifmpQLbxb9SEMKRztOnGV/ZNGq9MN35N3xD2zAlkqzq5bwidjVWlq3qwOnMdg3RVt1WHMDAnkK3qwOoQFgYAeqn4r3Rm7oPzFp49e3pHR9sZOzAR9+HXhFntHW2NM+Z0zKwu0qeZqT7nLWN0XuGYSr3yzfOZJYqmDrl9eCnp7O8Em3LbyuzHLzhxMHM/fheq7Bpnc2Xe3dHpIQ/fp7CJkPNNqtiQy3fwkGtzK9nyJBbUH/NXhX6h74J5bWc0njV9/vwzRiV/S83enPyNh5mSbTUqva1qu+tbCS+PoqtlpXzcbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/PQx1v+6qTg118/Uljms7DnX3ipxKPolPDQkJid6WmL6k7PwJ0359/7f2WHPaWSft8fd7zBxx0l9d/pu5JzYeMvlX1//l2oL5/9yPnv/HT534yZ9Zn6HY8f+GeJg/eXzLYf7WGFhW6vH/hmJH87MnBgxNBRbFwCKH+QEAAPhsiLsj497MuFf6urp/uvvImTMOef+XJ0y5+m/Hjjv1rPX7Nlx89bFL/sP6d5asOuLtgvn/otJ+/7+d1v/PLl3/tWLL/O8fSzQVW/8/vcx/dv3/RcXW/08v859d/3/Zp7D+/4JsILVJ3rH+PwAA8Fnwya3/3+Py/ukLBBRk6HF5//QFAgoy9LiMf6kXCNjq9f/ndPxF7aDL54w7dMTcHz+yau8lA2/70vMTf73P0oNG3LvylvdG3Vow/19S2vzfwv0AAACw83jol32/ffG7w+5/6pH3jyy79Lcbbzr+r9oOOOQPA5tPmXx0zfdv+reC+f+y0ub/n/z6f6HY+f9DiwVaii0MaP0/AAAAeqli6//dPPDloavnj7jxsZ+/ectLrb+YOf61f7fkB1+ZPqzp5jXrftMwY33B/H9FafP/eNpFeV7u2JsP65M17UJ6TbuN9dmfDAAAAEDvUB4aGytLzJu3MuphH7/NdZmlQD8qnevp+watWlD+0FVl1Rt/cMm0QxrPPfbMOUdetP77tU/+pHZqY/UZBfP/1aXN//N+l/FA7aT6y96eePCHK0/+4+n7zl87dcvxfwAAAGDHKXW/BAAAAAAAAAAAAAAA8Ol7qnXpQR+MOvqNmXuN+tM3jn3hB4u/+M1H/ubaP5/588Pv26t987ApBb//D5O7yhX7/X+87l/8fcGuebljqz2v/5e5P+WYWxd2LVn4aH0I++QGZp8/+3Mhc23+/XIDq6buP7gzcX66xH0vHv5aZ2JaOnDUiF3e60yMTwVa4yKJX0gH4lUV3+ufCsTlFZ9MB+L2WJEOVGUCl/RPxlGW3lYb6pJtVZbeVs/VhTAgJ5DdVnfXJW2UpQd4VSqQHeDp6UAc4KRMoDzdq1v7Jb2KgbpY9G/6Jb0CAGCnFb8FVoZZ7R1tTfErfLzdvSL/Nspbsuy8wmrLSmz++czSZFOH3D68lHSf9HfRLdcarwzVnUMYVfB1NTdLWdcot08tPWy6XYsMuafV3sqLlEvb2k1XVXxENcmIGmfM6ZhZ2ePAR/ecpbmixyyjCiY7uVnKuzZpCbWU0JcSRlTitimhy/F+eWhs7JPKNS4GG0Kenl4Rpf5eP3edv2Kvgtw8f1tz7aV9Bvd5/9/GX/TQgwMqO06d3HbR7o/988BRM3/8wwdbr/l9wfy/obT5f3XuuN7LXAxgUbyy3sEDQmgtcUQAAADw2fc/z11+x4lz1myYtbri2d/9bnb5cSdWbj7nrnPOvui5+xcfdcm/v3lb4yvKntp04hubzvrrN37ylesePuulw2ecddekdYesb6u+8bt/sfzUIQXz/6Glzf/jHqzMoeBkb8fqeP3/CwaE0HVp/YYk8LM43JMHhLBXV6ollkguqP+1WKIpCfws7jDZP5Zobcmvqm8MrEgFfl+fCaxOBdbEQGYvxU9DZlfOFfUhjOlKTc4vMTeWaEgFjouBoalAYww0pQL9Y2BCKvBm/0ygJRX4xxgI7fnb6s7+mW0FAACwNTLzrMr8uyE9z1tR0VOGsp4y1PaUobynDNU9ZSg2inj/jpihMnXySllOpsp0rTWpWgoyxIvhb3W/CjKE3+bnTBcsaDqef5A936AsP8O4H97RetDX5v1408U/evzIAy88csmVb196dL/BVz77v9vP7dd/U23B/L+ptPl/bf5t0vqaOP/fcv2/JPBI7N6V8dTxoTHw8qH5gcyOgTVxsrs4W1VLpkRm0r44lpgQA0NTgbkxMCEVaJ2cCSwbnB/IzLSzjV+Qbbw9UyInAAAAAJ+4uIMg7qaJ8/+V48I7exz5fvPuVw6cO+7xR847YnrNrtU1/zx+7dLxl1Y/tF/fgvn/hNLm/7G9frmNXRh782r/EO4u29KbbGBEXRKI+zHq4s/j96gL4XM5OziyJdpqkxJVqYbDwzXJL9Sr0lXdW5OsMRDvT3niwVWXdSauqglh35y9L9k2XqhO2qhJB4ZVJYHadGBORRKIe36ygXvKkwBss+xewfiCypzqktXQfbkir7/PyjVB08Mr2AfaTb7ufnO1o1SnH8jsU83auqetoDp2iIK3x2rvtt74bmvwbsv9IpX5hrJ5S6g6lM9smzV9Qcf8+EjuL1kL7KDnOfdXqqWkt8PrcNHH723PqtMdaEp9fDR1X67712FZrO6B2kn1l7098eCVJ//x9H3nr51acjeKiD8UPvjWuQc8l7N5d7TqkHnN9brPkxafJ73x38BQT1sIYfkFs5584l/ef75iffN/OXDs8tvefGz5Tw56YNaIL2y45Msb33r3qIL5f0tp8/+K1G2XD+LGnDcghOE5G/fRuPknDkg+B3MCyafkwMJAcsh9fX3RT04AAADY3rK7O7L7C9ozt8kJ4el5cmH+lq3MH/dXTOg2f6n9HjjmH7536FWvf+Pr63e//NGlT637T2++csS0Qx/Y9PSKla83H/v5pwvm/60fPf/vm+qm4/+O/7ODOP7frZ19V3Tf9AOLtmlXdEF17BCO/3drZ3+3Of7fLcf/Hf/vjuP/PXD8v1s7+9NW8C1pri9dIYTWATfc/ova6cP7XXHOt2as/fnT7zSNe6Hu3KPv/B+HLw7XnLfqzwXz/7mlzf+t/9f9on3Z9f9ai63/N7fY+n+LrP8HAADsUEUWmkvP8wpW7yvIkF69ryBDjwsE9rjEoPX/tnr9v9qTzj7plfq39rpm4u3/+c7pFz5/0onP7tvn+RNuP+GmkVcPf+nLGwrm/4tKm//Hl0O/3NZ7y/p/QycXqWpJDMy1MCAAAAA7o2I7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPh0rXhw8Rc3L97noJue/fxNh//rsjWz9v7VAZtHjzm5cfjigWVX/t2/vDVowcI32iadeW3L9OXXbFi5NIT2rnJlSfGyhwaVl4/+wzF33XbFw03TBk85tzpTb2Xm9ot5uWOrH9aHsCznkbqY2FjfeWdLYMoxty6s6Ew8Wh/CPrmB2efP/lxn4sb6EPbLDayauv/gzsT56RL3vXj4a52JaenAUSN2ea8zMT4TKEt397r+SXfL0t29rH8IA3IC2e5+u39+Vdk2/mMmUJ5u4+a6pI0YqItFf1SXtBEDHbFEe98QRlaE0Cdd1a+rk6r6pKv6++qkqj7pqv5rdQjjQwgV6aperEqqqkiPfG1VUlUM7Lb3TzcN60wsqwphZG7gmW9eP6YzcXoqkG3861UhDOl8yaQbv6Myabwy3fhVlSHsGUKoSpf414qkRFW6xCsVIQzMCWQbP7UihIWBz4T44TMz98F5C8+ePb2jo+2MHZioyrRVE2a1d7Q1zpjTMbM61adiynLSm8/7+GN/ftM5Mzpvpw65fXgp6YpMucquLjdX5t0dvbP3PvarNreSLc9HQf0xf1XoF/oumNd2RuNZ0+fPP2NU8rfU7M3J3z6ZaLKtRvWWbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/22Oo13/yQ929IqeST+IDQEJCorclyvM+3Zp29g/ygi/6WzpaGaq7PqALphW5Wcq6Rrk9Bn3Yxxzxx/me0uOIRhVMHAqyNPecZXTBZGJLlpokS9f3uoLJYW5N5V2bNN4vD42NfYpth4b8u7mb961t2LzrMpuu1DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD/2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBYAAAAAECYv3UYPRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlwIAAP//WKHPZA==") r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) link(&(0x7f0000000080)='./file1\x00', &(0x7f0000000300)='./bus\x00') 3.500101384s ago: executing program 3 (id=12938): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0) ioctl$HIDIOCSREPORT(r1, 0x810448e0, 0x0) 2.195695409s ago: executing program 9 (id=12948): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000001c40), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001d80)={0x0, 0x0, &(0x7f0000001d40)={&(0x7f0000001c80)={0x30, r1, 0x1c1b, 0x70bd29, 0x25dfdbfe, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xf2a}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0xd8}, @NBD_ATTR_SOCKETS={0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x4010}, 0x0) 2.11180394s ago: executing program 9 (id=12949): socket(0x25, 0x1, 0x3) r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0xd7, 0xcc, 0x73, 0x20, 0x856, 0xac30, 0x7e79, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xe1, 0x0, 0x0, 0xde, 0xf5, 0x9c}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000b80)={0x84, &(0x7f0000000700)={0x20, 0xf, 0x2, "cf91"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 1.387095534s ago: executing program 5 (id=12952): syz_mount_image$hfsplus(&(0x7f0000001140), &(0x7f00000004c0)='./file1\x00', 0x804c10, &(0x7f0000000180)=ANY=[], 0xfe, 0x66b, &(0x7f0000001180)="$eJzs3c1vHGcdB/DvbDZ2Ni3BTZM2oEq1GgkQFolf5IK5YBBCPlSoKgfOVuI0VjZpsV3kVog6vF576B9QDr4gTkjcIxUOXODWG/KxEhKXXjCnRTuetdfrl66TxrtpP59o93lmnplnfs/vmZl9saIN8IW1MJH6gxRZmHhlvb28tTnT3NqcudupJxlNspHUk9SSFP9ttVofJvNJsdtN0VMe8P7y3GsffbL18c5SvXqU29eO269Htd1Gz+qNzrrxJGeq8hHs6+/GI/dX7EY+n+RqVcLAnU3S2udnf396t6VL47C9z51KjMDjVey8bh4wlpyvLvT2+4DOK2/tdKPr32if2/W+gwAAAIAnTT+fgb+8ne2sFxdOIRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4XNjY+/3/onrUOvXxFJ3f/x+p1qWqD5cXT7b5g8cVBwAAAAAAAACcohe3s531XOgst4ryb/4vlQuXyuen8lZWs5SVXMt6FrOWtaxkKslYV0cj64traytTfew5feie058S6GhVNj6bcQMAAAAAAADA58yvsrD3938AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgGRXJmp0hxv2v1WGr1JOeSjLRXbCT/7NSfZA8GHQAAAACcgtFkO+u50FluFbmU5LnyO4BzeSv3spblrKWZpdwsvxfY+dRf29qcaW5tztxtPw72+/3/nCiMssfsfPdw+JGvlFs0civL5ZpruZE30szN1Mo9265U8XR67Ynrfjum4nuVPiO7WZXtkb9XlQe8e6LBHuWEX6aMlRk5u5uRySq2djae6czM4TN0wtnpPdJUarvBXuo50sj+wTxUzs9XZXs8vzsq5wPRm4nprrPvueNznnz9L3/66WRVH54h9edMVbbK58bBTMx0ZeL5fjJxu3nvzu1bqxNPWiYOmCwzcXl3eSE/yk8ykfG8mpUs5+dZzFqWMp4flrXFavKLrkv+iEzN71t69dMiGanO0J3JOllML5X7Xshyfpw3cjNLebn8N52pfDuzmc1c1wxfPn6Gy6u+tu+q35vm1pcODf7qN6pKI8nvq3I4tPP6TFdeu++5Y2Vb95q9LF3sI0snvDfWv1pV2sf4dVUOh95MTHVl4tnjM/GH8ray2rx3Z+X24pv9He7ie1WlfWb9NhkfnhtJ+3y52J6scmn/2dFue/bQtqmy7dJuW+1A2+Xdtp0rdePIK3Wkeg93sKfpsu35Q9tmyrYrXW2Hvd8CYOid/+b5kca/G/9ofND4TeN245VzPxj9zugLIzn717PfrU+e+VrtheLP+SC/3Pv8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLzVt9+5s9hsLq30VFqt1rtHNPVZqVdHeMjdH6GS8X891T7yIU2dnzM7xXi+8nRyemMf1sr/Wq1WtaY4Yps//m1oEtWqDEXqBlQZ3D0JOB3X1+6+eX317Xe+tXx38fWl15fuzc3Ozk3Ozb48c/3WcnNpcud50FECj8Pei/6gIwEAAAAAAAAAAAD6dRr/nWDQYwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACebAsTqT9IkanJa5Pt5a3NmWb70anvbVlPUktS/CIpPkzmi6phrKu74qjjvL8899pHn2x9vNdXvbN97bj9+rNRPTKe5MxOef+z6u9GVR6rOG4Ixe4I55NcrUoYuP8HAAD//xokBkA=") creat(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x182) rename(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000002c0)='./file1\x00') unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0) 1.229618506s ago: executing program 5 (id=12953): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x2}}, 0x2e) 1.116010509s ago: executing program 5 (id=12954): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000a00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r1}, 0x18) syz_mount_image$ext4(&(0x7f00000005c0)='ext4\x00', &(0x7f0000000600)='./file0\x00', 0x0, &(0x7f0000000640), 0x1, 0x5a8, &(0x7f0000000680)="$eJzs3U1sHFcdAPD/rO18OAl2AxWlSGBRBJGi+iNGZINAJD0hFaM2BS5FDUuysd2svZZ3LdUuh0SotDdUxKXqCVk58CWlUhEtFKkSoohD4cAJgcK9qqlUviQQWjSzs6kbb+yETTyV/ftJTzPzZnfff/Y/M5k3b+INYNcaiYiTEdEXEUcjYiivL+UlLrZL+rrVySszaUmi1XrkrSSSiHh28spM57OSfHog/4B9EXF6NaL01MZ2G8srFyq1WnUxXx5rzi2MNZZX7p+dq0xXp6vz5XJ5vFw+fmLi9m3ro4f3H37u11/4z89f++6Hv/K93zyZxnswX7d+O26XkRjJv5OB2Luuvj+JOH+7GytIut/0RzvXN+Pu6nd+eYdD4iZ9/geXSkXHAABsv/QC4HBEfCy7/h+KvuxqLuLkoa+9PRT/fLzo+AAAAIDetYaG4nPpFAAAANixStkzsElpNH8W4GCUSqOj7Wd4PxCDpVq90Tx6vr40f679rOxwDJTOz9aq4/mzwsMxkKTLE9n8O8vHrluejIi7IuKZof3Z8ujZeu1c0Tc/AAAAYIc7GHH10W+9/MEDN+j/p/48VHSUAAAAQC/S/v+hq4PZn+r6u34+AAAA7Ehp///tb//1t6H/DwAAADtWp///0NRUPDQ11VrNf/9qvj49e2Fm4cSx8dG5pbOjZ+uLC6PT9fp09j/257b+3Fq9vjBxLJaeGGtWG82xxvLKmbn60nzzTPa7XmeqA9uwbcDWHj55tlp0DAAAwPa566Ov/jGJiIuf2Z+V1J58nb467Gx+ABx2r76iAwAK0190AEBh9PGBZIv1+2604uLtjwUAALgzPvkh4/+wWxn/h93L+D/sXsb/YffSxweM/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwNZarSRaAAAAwI7WWF65UKnVqotmzJgxc22m6DuTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALyXPTt5ZaZTtqvNV36xXS1xI2unImK4nf/VvLTX9Me+bLovBiJi8G9J9K97XxIRfT22/e97IkbisSdfbF1+KS2R74c9fiy34OKliLin2/GfpLtFDOd7wfX5L2V7Rm9+8sM0/6u/W18n/9url/wP9tj2yx9J8//g3evr5H/3uPfhoiOgSL9/pugIKNIf1oqOgCKdfqToCCjSlz5ddAQU6fm3io6AV09FxHi3/l8p7RZe6+Vf3//ry+4Q9ebISNr/e/ro+rqN/b/SGz02wybWTkV8NiJWN9z/K3VeMtyXLx3K7gcMJOdna9XxiHhfmsMY2JsuT2zSxuUzS491q3/wdJr/Kz9d+NMLP+uUtP10+s6rSm/07333+85VmpVet5u2tUsR9/Z3y39y7f5vcoP7v++/yTZmXv/G493qJ3+V5v+V5zfPP3dS6/sRn+h6/CfXXpPOjTXnFsYayyv3z85VpqvT1flyuTxeLh8/MTGWnQ7GOieFLobWDny1W/3XH0jz/98p+S9OevwPbp7/7PzfWF65UKnVqouNW2/jX2++vtqt/vBTaf4f+Ob/c/7fk3w5C3BPXvdEpdlcnIjYk3xxY/2xW495p+p8H53vK83/kfu6//vfuf5rn/9LG+7/D+fTdP3IJm0OHH/h6W71H78vG/+7+mLr8kuO/2Kk+T+3xfGfvOv4v/WZ5/7yjx91a/vHe9P8v/ZmZ/w3LWn7nbHgtvT4/1QWzJG8xvXf1m42QUXHCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6/0vAAD//wqlOeU=") 1.115692989s ago: executing program 0 (id=12955): syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000000280)='./bus\x00', 0x898, &(0x7f00000002c0), 0x1, 0x55ae, &(0x7f0000005600)="$eJzs3X9snHUdB/DnruvaFdeWMOuArGwDJFtEOjdNCCR2bNNpYTnphE3I+gNH0DmtY8NVCCtinIERijWMwQoLbn9MEYqucyiJBewqul8IJtNFBbPFNWOkOBExYTG9u+d299zaHhMpwuu1tM/zvc/z/d73njx/3PvW73MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEHwx+N3TL/t3roJ26+ru++8a85e+2D3kuMX3rq1avND20v2dTz31aNVq1qPLF1w0/2JpkfW93d3BkEs2S+W7t9w2fwrr69vuKI0HLDxc6ltZeVQT5nq+mKqMTbnwcF+uT9NQRAURwYoSm/npXfiOQNkdlfkDzisayf1tE4dP69x28qujc8uu3xL/ktnUOloT2C0pK+rgyeupdrk73jkiEw769KL5Vyiqf7RC+4deREAwFtSk0huMm9H029xM+22aD3Sro202yPt8B1Ce3bjVKTGHTvUPCdH66M0z9pUVCgZcp6Revr8Z9qJaP9IOxI13sI8cw9NR5rSoebZEqmP1jwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k0uuH5m/d49D7/8ldbf/u7h17/16sePrGq8ZaC7/qJ1ix/v2PG9vx2tWtV6ZOmCm+5PND2yvr+7Mwgqk/1iqe6xZ6ri8ZkDddseu6e3puFDC9cUpccNt2OyDg72hzsXVwRBc1blYDhsf3kQJHILyWawIb/wpeTOZ8ICAAAA7yVnJn/HM+1UHCzOaceSaTKW/BdKhcVrJ/W0Th0/r3Hbyq6Nzy67fMupj5cYYrzak46XaVee+IllBeMw/kbHO1EPD12RN87woiNG8/zpx/qnNdfdUHrl7gsWzphdv+XS4CfTD3csX3TfhBfHL9nXXpOX/yuHz//hmZP/AQAA+G/I/9FxhjdS/m+uqZh0cOp3ix67rur44fkP/Lyz7/kn4w8VD3Q//dLYcbf9cnVe/p+c85R5+T+ccZj/48Gp5X8AAAB4N/tf5//avHGGN1L+/8X+zZ//98pvTDk84187Xnj69xdvnVI+/7WyGTe8+cSCVxp2tf0pL//XFJb/x2RPO3xwVzjhZRVBUFP4SQUAAAByhP/vfuKjhTCvpz45iOb1y+4qe3LXG+tvjJ/V8o8zFvfPqv7i7tVf37ApNrChc92O5XNX5OX/2sLyf/E783IBAACAAvxm+y13V395ydYtew7N2XFnYvPYS+a+uuennVf1vXwsUfT8zX15+T9RWP4vGZ2XAwAAAJzEU+MmPnfo0UNfm7177YS9q9rmPD5t3+qFD/xz9t+veOnPxzddWJ6X/xsLy/9l6W165UOq087wrxA6KoKgdHCnJVXoC9o/mSkAAAAAb5Mwpzc1revduX7MrNfOPvzDNSuW/2rvpd++a2P1zQd+XXX7ucf2996Yl/9bhr//f3ing3D9f879//LW/2cVUnf9u8SNAQAAAHg/yl/PH94eP/XNBUN9/36h6/8/euaBko7m8ysnx7dVz3rig31Xra1+fVHHRZ/YfusbH46V//VTefm/rbD8X5S9fTu//w8AAABOwf/b9/8tzhtneCPd/79v3DPnrPnsPT+o/WbZU+e+eXfzd9oPTj9v87QzPlJ0fvecmX/4fl7+by8s/4fb07JfXk94fm6vCIKJgzvpuwluDae7LFLoKs4qpE58pEd92CNd6CrJKiS1RHp8rCIIpgzutEUKp4eF9khhoDxd2BQp7A0L6eshU3g0UugJr7R7y9PTjRZ+FhbSCyy6whUUp2WWRER6HBuqx2DhpD0OZJ4cAADgfSUMz+ksW5zbDKJRtis20gFlIx0QH+mAopEOGBM5IHrgUI8HjbmF8PEfz+1e+so1D9b1Xt1w9KzZe5bc0faBnkW9O7/wo55z/nL1Cws/nZf/NxWW/8NTMTa1GWr9fxCu/09/r2Fm/X9jWKiMFLrCQiJ6x4BE+BypsHtn+ByViXSPgYmZAgAAALynhZ8LFI3yPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sHfvcVJVd4LATzf9oJum6YgBY4ygRkR3aZomGEQcUXRXo4tNJKtjhtAIjXZoAwq4YsyKr3GV6GLUmBjZwY+jJg6r+CDqRIXoiElGJfE5Kz4HnciqS9BR45gs++m+dYqqW112IaC0+/3+0XWqfud569F17r11LgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/P/hsiX3Nrw58H9965ffW/f697409TdTD9m8y19uqHt3yDlPbT5ocN0tbw1asPCNtklnXtsyffk1G1YuDaGlq1xZUrzsoUHl5aP/cMxdt13xcNO0wVPOrcrUm4mHfp1/yjN3Loytvto/hLvLQqhIB0bUJYHKzP26WN8edSF8LmwJZEu01SYl0g2Hh2tCWBa2BLJV3VsTQl1OYMoTD666rDNxVU0I+4YQqtNtvFCdtFGTDgyrSgK16cCciiTw/uZENnBPeRKArVHV3YPxzZB90a9oyc/Q0H1lRV5/lR+3czuZ9PD6xERD8XxvHbaDO5Wj4Lls2aanrduXBttdwdtjtXdbL3i3FWznJZ623C9SmW8om7eEqkP5zLZZ0xd0zI+PlIfGxj7FatpBz/O6TefM2Jp0r3kdxg40bJfX4QO1k+ove3viwStP/uPp+85fO3Vbu/lczibNTe9o1SHzmus1z2M04dP7PNm8LYW3r539aSv4ljTUl64QwvF/+nzZM3Ne2n3jB6+eOPH2Fy6+etrCa6ZMfHbQL8b+47W73D3t8oL5f8NHz//jyznelufljq1+WJ/MzeMjdTGxsT6ZmwMAAECv0Rv2mn519KsvnfrQ3YteXH5cxXfH/eqk3eorzv5+x/G7rhz/xUuvbH98l4L5/9DSjv/HQ/51uaNdHcKErsQFA0LYrevxJPCz2J2TB4SwV1eqJT9wWCqwOoQvdCX2z1aVKtE3lhiaCvy+PhOYkAqsiYGWVODGGFiSClwYAytSgRkxsDoVODwGQnv+OA6oz4yj5EBNDLQmG3FFPAvhnfrYWmpbrctWBQAAsJ1kZoeV+XdzznXY1gxxermipqcM8QzsohmqUzWkZ7DZaVXRGip6qqG8pxqy41700cMvqLmsp5oLTsMoy8/w4ZDvlA+YuPeP7rpxxE3NL0787rtjj//Kn998d/X+//Tf7zln/nUHFMz/mz56/l/dTUfKCo7/hzC562/MXZ6JdGTjrS15GQAAAIBtcNVjS5+84YCj/s99L99355euvaF89dVf/7+vbLxg71HHDS/r+3ffXlEw/59Q2vn/cZ9In5zM4dG4G2L2gBCa8gNJtQcXBpKj3v0yAQAAAOgNssfjs8fC2zO3ySna6fl0Yf6WrcwfD/xP6Db/5Zv++tkvX/vkiQuH7bPhiv925gdlnx/7u12OXTvy8bf2HPYPDX0Lz/9vKe38/9r826QTa2IvrhwQQt+cwCOxl52BLkNj4OVD8wOZ8a+JG2BxrCpzYkK2qsWxRGsMNKUCy4qV+G22xG75gcyTlW38guw42jMlcgIAAADwiYu7A+Jx+Xj+/z2TD/jS/oNeGvPinvcufG3C0hNOrf3hPrfs+vqAjkljDpxwyBHPFMz/W7fu/P+ueXDB6f0d/UIYWRFCn/QPAx6tTRYGjIG6skzi/tqkrj7pqs6rDWF858DSVb2SWf+/Ir3G4BM1SVUxsNveP900rDNxQ00II3MDz3zz+jGdifmpQLbxb9SEMKRztOnGV/ZNGq9MN35N3xD2zAlkqzq5bwidjVWlq3qwOnMdg3RVt1WHMDAnkK3qwOoQFgYAeqn4r3Rm7oPzFp49e3pHR9sZOzAR9+HXhFntHW2NM+Z0zKwu0qeZqT7nLWN0XuGYSr3yzfOZJYqmDrl9eCnp7O8Em3LbyuzHLzhxMHM/fheq7Bpnc2Xe3dHpIQ/fp7CJkPNNqtiQy3fwkGtzK9nyJBbUH/NXhX6h74J5bWc0njV9/vwzRiV/S83enPyNh5mSbTUqva1qu+tbCS+PoqtlpXzcbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/PQx1v+6qTg118/Uljms7DnX3ipxKPolPDQkJid6WmL6k7PwJ0359/7f2WHPaWSft8fd7zBxx0l9d/pu5JzYeMvlX1//l2oL5/9yPnv/HT534yZ9Zn6HY8f+GeJg/eXzLYf7WGFhW6vH/hmJH87MnBgxNBRbFwCKH+QEAAPhsiLsj497MuFf6urp/uvvImTMOef+XJ0y5+m/Hjjv1rPX7Nlx89bFL/sP6d5asOuLtgvn/otJ+/7+d1v/PLl3/tWLL/O8fSzQVW/8/vcx/dv3/RcXW/08v859d/3/Zp7D+/4JsILVJ3rH+PwAA8Fnwya3/3+Py/ukLBBRk6HF5//QFAgoy9LiMf6kXCNjq9f/ndPxF7aDL54w7dMTcHz+yau8lA2/70vMTf73P0oNG3LvylvdG3Vow/19S2vzfwv0AAACw83jol32/ffG7w+5/6pH3jyy79Lcbbzr+r9oOOOQPA5tPmXx0zfdv+reC+f+y0ub/n/z6f6HY+f9DiwVaii0MaP0/AAAAeqli6//dPPDloavnj7jxsZ+/ectLrb+YOf61f7fkB1+ZPqzp5jXrftMwY33B/H9FafP/eNpFeV7u2JsP65M17UJ6TbuN9dmfDAAAAEDvUB4aGytLzJu3MuphH7/NdZmlQD8qnevp+watWlD+0FVl1Rt/cMm0QxrPPfbMOUdetP77tU/+pHZqY/UZBfP/1aXN//N+l/FA7aT6y96eePCHK0/+4+n7zl87dcvxfwAAAGDHKXW/BAAAAAAAAAAAAAAA8Ol7qnXpQR+MOvqNmXuN+tM3jn3hB4u/+M1H/ubaP5/588Pv26t987ApBb//D5O7yhX7/X+87l/8fcGuebljqz2v/5e5P+WYWxd2LVn4aH0I++QGZp8/+3Mhc23+/XIDq6buP7gzcX66xH0vHv5aZ2JaOnDUiF3e60yMTwVa4yKJX0gH4lUV3+ufCsTlFZ9MB+L2WJEOVGUCl/RPxlGW3lYb6pJtVZbeVs/VhTAgJ5DdVnfXJW2UpQd4VSqQHeDp6UAc4KRMoDzdq1v7Jb2KgbpY9G/6Jb0CAGCnFb8FVoZZ7R1tTfErfLzdvSL/Nspbsuy8wmrLSmz++czSZFOH3D68lHSf9HfRLdcarwzVnUMYVfB1NTdLWdcot08tPWy6XYsMuafV3sqLlEvb2k1XVXxENcmIGmfM6ZhZ2ePAR/ecpbmixyyjCiY7uVnKuzZpCbWU0JcSRlTitimhy/F+eWhs7JPKNS4GG0Kenl4Rpf5eP3edv2Kvgtw8f1tz7aV9Bvd5/9/GX/TQgwMqO06d3HbR7o/988BRM3/8wwdbr/l9wfy/obT5f3XuuN7LXAxgUbyy3sEDQmgtcUQAAADw2fc/z11+x4lz1myYtbri2d/9bnb5cSdWbj7nrnPOvui5+xcfdcm/v3lb4yvKntp04hubzvrrN37ylesePuulw2ecddekdYesb6u+8bt/sfzUIQXz/6Glzf/jHqzMoeBkb8fqeP3/CwaE0HVp/YYk8LM43JMHhLBXV6ollkguqP+1WKIpCfws7jDZP5Zobcmvqm8MrEgFfl+fCaxOBdbEQGYvxU9DZlfOFfUhjOlKTc4vMTeWaEgFjouBoalAYww0pQL9Y2BCKvBm/0ygJRX4xxgI7fnb6s7+mW0FAACwNTLzrMr8uyE9z1tR0VOGsp4y1PaUobynDNU9ZSg2inj/jpihMnXySllOpsp0rTWpWgoyxIvhb3W/CjKE3+bnTBcsaDqef5A936AsP8O4H97RetDX5v1408U/evzIAy88csmVb196dL/BVz77v9vP7dd/U23B/L+ptPl/bf5t0vqaOP/fcv2/JPBI7N6V8dTxoTHw8qH5gcyOgTVxsrs4W1VLpkRm0r44lpgQA0NTgbkxMCEVaJ2cCSwbnB/IzLSzjV+Qbbw9UyInAAAAAJ+4uIMg7qaJ8/+V48I7exz5fvPuVw6cO+7xR847YnrNrtU1/zx+7dLxl1Y/tF/fgvn/hNLm/7G9frmNXRh782r/EO4u29KbbGBEXRKI+zHq4s/j96gL4XM5OziyJdpqkxJVqYbDwzXJL9Sr0lXdW5OsMRDvT3niwVWXdSauqglh35y9L9k2XqhO2qhJB4ZVJYHadGBORRKIe36ygXvKkwBss+xewfiCypzqktXQfbkir7/PyjVB08Mr2AfaTb7ufnO1o1SnH8jsU83auqetoDp2iIK3x2rvtt74bmvwbsv9IpX5hrJ5S6g6lM9smzV9Qcf8+EjuL1kL7KDnOfdXqqWkt8PrcNHH723PqtMdaEp9fDR1X67712FZrO6B2kn1l7098eCVJ//x9H3nr51acjeKiD8UPvjWuQc8l7N5d7TqkHnN9brPkxafJ73x38BQT1sIYfkFs5584l/ef75iffN/OXDs8tvefGz5Tw56YNaIL2y45Msb33r3qIL5f0tp8/+K1G2XD+LGnDcghOE5G/fRuPknDkg+B3MCyafkwMJAcsh9fX3RT04AAADY3rK7O7L7C9ozt8kJ4el5cmH+lq3MH/dXTOg2f6n9HjjmH7536FWvf+Pr63e//NGlT637T2++csS0Qx/Y9PSKla83H/v5pwvm/60fPf/vm+qm4/+O/7ODOP7frZ19V3Tf9AOLtmlXdEF17BCO/3drZ3+3Of7fLcf/Hf/vjuP/PXD8v1s7+9NW8C1pri9dIYTWATfc/ova6cP7XXHOt2as/fnT7zSNe6Hu3KPv/B+HLw7XnLfqzwXz/7mlzf+t/9f9on3Z9f9ai63/N7fY+n+LrP8HAADsUEUWmkvP8wpW7yvIkF69ryBDjwsE9rjEoPX/tnr9v9qTzj7plfq39rpm4u3/+c7pFz5/0onP7tvn+RNuP+GmkVcPf+nLGwrm/4tKm//Hl0O/3NZ7y/p/QycXqWpJDMy1MCAAAAA7o2I7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPh0rXhw8Rc3L97noJue/fxNh//rsjWz9v7VAZtHjzm5cfjigWVX/t2/vDVowcI32iadeW3L9OXXbFi5NIT2rnJlSfGyhwaVl4/+wzF33XbFw03TBk85tzpTb2Xm9ot5uWOrH9aHsCznkbqY2FjfeWdLYMoxty6s6Ew8Wh/CPrmB2efP/lxn4sb6EPbLDayauv/gzsT56RL3vXj4a52JaenAUSN2ea8zMT4TKEt397r+SXfL0t29rH8IA3IC2e5+u39+Vdk2/mMmUJ5u4+a6pI0YqItFf1SXtBEDHbFEe98QRlaE0Cdd1a+rk6r6pKv6++qkqj7pqv5rdQjjQwgV6aperEqqqkiPfG1VUlUM7Lb3TzcN60wsqwphZG7gmW9eP6YzcXoqkG3861UhDOl8yaQbv6Myabwy3fhVlSHsGUKoSpf414qkRFW6xCsVIQzMCWQbP7UihIWBz4T44TMz98F5C8+ePb2jo+2MHZioyrRVE2a1d7Q1zpjTMbM61adiynLSm8/7+GN/ftM5Mzpvpw65fXgp6YpMucquLjdX5t0dvbP3PvarNreSLc9HQf0xf1XoF/oumNd2RuNZ0+fPP2NU8rfU7M3J3z6ZaLKtRvWWbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/22Oo13/yQ929IqeST+IDQEJCorclyvM+3Zp29g/ygi/6WzpaGaq7PqALphW5Wcq6Rrk9Bn3Yxxzxx/me0uOIRhVMHAqyNPecZXTBZGJLlpokS9f3uoLJYW5N5V2bNN4vD42NfYpth4b8u7mb961t2LzrMpuu1DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD/2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBYAAAAAECYv3UYPRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlwIAAP//WKHPZA==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x6) ioctl$FS_IOC_RESVSP(r0, 0x40305839, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x350e}) r1 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x1ff) write$FUSE_WRITE(r1, &(0x7f0000000080)={0x18, 0x2a4ef5f2e75b634, 0x0, {0x704}}, 0xff6e) 1.02856611s ago: executing program 5 (id=12956): syz_mount_image$minix(&(0x7f0000000180), &(0x7f00000001c0)='./bus\x00', 0x0, &(0x7f0000009b40)=ANY=[@ANYBLOB="00b20054942265ed59235699a175654111dda0f9c4a0f0fa24a24a895c6b4aaa964bd1aa9974d6311882be9fc6c6b6141df8d09ae1848c235295", @ANYRESDEC, @ANYRESHEX, @ANYRESDEC, @ANYBLOB="96248649eba8e5b0d2fb547341e35698afc371014907c7fed416f1e323c400d7ecf78f0b684e3524ae99e5d53238a253bde18772b582d044502dcf6a90f34cb8f9a39cd27b1564304fdb414f8e860f9e37069f3f703ce2f07dc7b25e4731ed11bd2135e55f6f8890042346990edb4b53827762d9efb5ad8fcdb5b6679164ad501fc6499043", @ANYRESHEX], 0x1, 0x15d, &(0x7f0000000800)="$eJzs281KAmEUxvFn/M6+LGsTLYQWtclJpQ93dRvtRCeRxpJsowTRtrvo/grqBjIcnAlHITCayfH/W53Hw4tnFq8eFwrAwiqoIEOGksOwm8k95o2wRwIQkIGkzwGAxRR/d6vncAcBELC3C6kj6fXjoa54cmI/GPbP3X4sNdl/knYSo76RVsa/X7xI++55Y2nq+azXz07tH+y577+sFa1qTevKaUObo37DO7/9y20IWCyGiv489kJMVy3bOvJy0sklL6ecXPblipfTTi7Wb+3GXz0CgBnFfrj/cd/9T/juP4D51e31r2u2bd1FrUjpX4xBQTGfxegD4nLyNz+AaDDv2x2z2+sfttq1ptW0bspn5epJ5bh0WjWdzd8c3/8BRMf3l37YkwAAAAAAAAAAAAAAgFnltRX2CAAAAAACEsTficJ+RgAAAAAAAAAAAAAAAAAAACAqvgIAAP//rm0kLg==") truncate(&(0x7f0000000040)='./file1\x00', 0x1001bfc) 935.855362ms ago: executing program 3 (id=12957): bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={0xffffffffffffffff, 0x0, 0x0}, 0x10) r0 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x3, &(0x7f0000000040)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r1], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0)}) 804.128215ms ago: executing program 3 (id=12958): r0 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000080), 0x1, 0x561, &(0x7f0000000f80)="$eJzs3U1rG0cfAPD/ylbenycOhNCWUgw9NCWNHNt9SaGH9NyGBtp7KuyNCZajYMkhdgNNDs25hF5KA6X30nOPoV+gh36GQBsIJZj20IvLyivFL5ItJ7KtVL8frJnZXWl2NPsfz2gkFMDAGs3+FCJejoivk4jjEZHkx4YjPzi6et7yk1tT2ZbEysqnfyaN87J887majzuaZ16KiF++ijhT2FxubXFptlyppPN5fqw+d32strh09upceSadSa9NTE6ef2dy4v333u1ZXd+89Pe3nzwYynMn7iVxIY7lubX1eA6312ZGYzR/TYpxYcOJ4z0orJ8kbff+tOfXwc4M5XFejKwPOB5DedQD/31fRsQKMKCSHcf/b8XduRJgbzXHAc25fY/mwS+Mxx+uToA213949b2RONSYGx1ZTtbNjLL57kgPys/K+PmP+/eyLXr3PgTAtm7fiYhzw8Ob+78k7/+e3bkuztlYhv4P9s6DbPzzVrvxT6E1/ok245+jbWL3WWwf/4VHPSimo2z890Hb8W9r0WpkKM/9rzHmKyZXrlbSrG/7f0ScjuLBLL/Ves755YcrnY6tHf9lW1Z+cyyYX8ej4YPrHzNdrpefp85rPb4T8Urb8W/Sav+kTftnr8elLss4ld5/rdOx7eu/u1Z+iHijbfs/XdFKtl6fHGvcD2PNu2Kzv+6e+rVT+ftd/6z9j2xd/5Fk7XptbedlfH/onzRa68nrrat/dH//H0g+a6QP5Ptuluv1+fGIA8nHrf2F5v6Jp49t5pvnZ/U//frW/V+7+/9wRHzeZf3vnvzx1U7H+qH9p9u2f2t2u6H9d554+NEX33Uqv7v+7+1G6nS+p5v+r9sLfJ7XDgAAAAAAAPpNISKORVIotdKFQqm0+vmOk3GkUKnW6meuVBeuTUfju7IjUSw0V7qPr/k8xHi+YtjMT2zIT0bEiYj4ZuhwI1+aqlam97vyAAAAAAAAAAAAAAAAAAAA0CeOdvj+f+b3of2+OmDX+clvGFzbxn8vfukJ6Ev+/8PgEv8wuMQ/DC7xD4NL/MPgEv8wuMQ/DC7xDwAAAAAAAAAAAAAAAAAAAAAAAAAAAD116eLFbFtZfnJrKstP31hcmK3eODud1mZLcwtTpanq/PXSTLU6U0lLU9W57Z6vUq1eH5+IhZtj9bRWH6stLl2eqy5cq1++OleeSS+nxT2pFQAAAAAAAAAAAAAAAAAAALxYaotLs+VKJZ2XkHimxHB/XIZEjxP73TMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFP/BgAA//9q6zMB") syz_usb_connect(0x0, 0x24, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000810087406d040e0a7594000000010902120001000000000904"], 0x0) lsetxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000180), &(0x7f00000001c0)=ANY=[], 0x361, 0x0) setxattr$security_ima(&(0x7f0000000100)='./file1\x00', &(0x7f0000000140), &(0x7f00000013c0)=ANY=[], 0x700, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000100)=ANY=[@ANYRESHEX=r0, @ANYRESHEX], 0xfe37, 0x0) 753.517906ms ago: executing program 5 (id=12959): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) openat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x101042, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) link(&(0x7f0000000080)='./file1\x00', &(0x7f0000000300)='./bus\x00') 638.838358ms ago: executing program 5 (id=12960): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1532, 0x10d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x4, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x8}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, &(0x7f0000000100)={0x14, &(0x7f0000000080)={0x0, 0xa, 0x7, {0x7, 0x21, "97aa815508"}}, 0x0}, 0x0) 516.12099ms ago: executing program 0 (id=12961): syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x4800, 0x0, 0x3, 0x0, &(0x7f0000000080)) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c}) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) 503.76687ms ago: executing program 0 (id=12962): open(&(0x7f0000000140)='./file1\x00', 0x1e3042, 0x9c) creat(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x182) rename(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000002c0)='./file1\x00') unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0) 448.848321ms ago: executing program 9 (id=12963): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x2}}, 0x2e) 440.260771ms ago: executing program 0 (id=12964): io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x23, 0x0, 0x0) 336.085573ms ago: executing program 0 (id=12965): mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = io_uring_setup(0x3668, &(0x7f0000000600)={0x0, 0x33cf, 0x80, 0x6, 0x4000034d, 0x0, r0}) close_range(r1, r1, 0x0) read(r0, &(0x7f0000000040)=""/148, 0xffffff96) 335.831973ms ago: executing program 9 (id=12966): syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000001000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000004c0), 0xfe, 0x269, &(0x7f0000000200)="$eJzs3b1rJGUcB/Df7EvWmBCiNja+gIhoIMRCEGy0UQhIEBFBhYiIlSRCTNqslY2FvUoqmyB2RkuxCTb3B+TuUuSaa8IVF+7grthjZnaPzWZDXvZljsznA7szz87ztrDfZyeQmQ2gtGYj4t2IqEbEXETUIyLprvBy/phtF7cmd5cjWq2P7yRZvbyc67SbiohmRLwdUesc29j5/ODe3gev/bRef/X3nc8mx/X+uh0e7H949NvSj38tvrlRab823d52v49hSvq8Vksinh3FYE+IpFb0DDifP6+nuX8uIl7J8l+PSjuyP69N/FePN37t327iaLzzBEah1aqn34HNFlA6lewcOKnMR0S+X6nMz+fn8DeqSXy7uvb93Der6ytfF71SAUOQNPO/e/ff/6fx91RP/m9X8/yfy1sjnikwEmn+P/lo+2a6f1QtejbAWLyQb9L8z325+XrIP5SO/EN5yT+Ul/zDFXDJ7Mo/lJf8Q3nJP1xh9c5Os+/hwfN/v/0fhJefIjBuM9mz738or578F3I9LlCM7vwDAOXSahR8ATJQmKLXHwAAAAAAAAAAAAAAAAAA4KStyd3lzmNcY/7/S8ThexFROz5+IztazX6POOKp7Pnpu0la7bEkbzaQL14asIMB/THkq6+XGherP3NruONf1LUXR9PvD8eLp97bbnMloplWXqjVTn7+k/bn70yn9v/MGQ3rX51vgGFJesrvfDre8Xs93C52/MW9iH/T9Weh3/pXieezbf/1Z7r7FsuX9N2DATsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgbB4FAAD//1eqcO0=") munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r0 = open(&(0x7f00000000c0)='.\x00', 0x10000, 0x0) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) getdents(r0, 0x0, 0x0) 199.300366ms ago: executing program 9 (id=12967): r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000003980), 0x40000, 0x0) ioctl$SNDCTL_SEQ_GETINCOUNT(r0, 0x80045105, &(0x7f00000039c0)) 126.737717ms ago: executing program 0 (id=12968): mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000080)={&(0x7f00006c6000/0x400000)=nil, &(0x7f000018b000/0x3000)=nil, 0x400000, 0x0, 0x6040000}) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) syz_mount_image$xfs(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x4000000, &(0x7f0000000140), 0x1, 0x983d, &(0x7f0000002240)="$eJzs3QW8pWWheP8zwwBDhyJYgJSYpISBdCiipCghSEsKiIDSoYQKioACCiiISHd3S3d3d3f8PwMDwrjgcn//e4XLWuvjnH12nH2e/Xzf5/Xs8x72XnLeReccGBh34LVeP/1XZ+1667KLjbXgukfvPOSavXZY6IHhF4/y2sl4sw8/nWP46ZwDAwODht/PoNcuGzLbUUcPHhgyMOx//2rM0UYfPObAwOjDzw6/n4GZXzsZY//Xb/fKCPFAJx327bZ/7d+rjTXsToZ9svRyL601MDAw9E1fP2xc0/7bA5W25BzzzfsvqzfcBg+/etC/rnv1dMhr/8bYd2BgjL0H3n77GHbbkd/0tf/Jhn3PcScfWPzW9+B7/59ryTnmW2AE/2FrcaThl808bI2PuAaNjbid77Do6vcNn8JBwyduyJvWy3ux3f8/teQc8y448PbreGCheTa595VX95tD5h4YGDLPwMCQeQcGhsz3XnvU/0zv6cZXVVVV70lzzDnDsOfsg0f4eWDo6z/X0s+F57043Z0DA0MWeu154pDlXn8uWFVVVVVVVVXvz+aYc4a54Pn/uO/0/H/SE7cer+f/VVVVVVVVVf93WmCOOWcY9lx/hOf/E73T8/9H7z94v9f+9n/2mV/7qpff2wdRVVVVVVVVVe/YvAvg8/9J3+n5/wVHTXpxz/+rqqqqqqqq/u+0yCuvvLLZm15nb/jFU79+PT3/P/mem5d5zwZcVVVVVVVVVf/tXn7ohFP+9ZrvEw+M8Hrvrzb89wKDDjvt0kvfs4G+Pxr0778P2fy9HtP/34Y5Dz1w0oGBtRZ/r4dS70H/Z16rvv5Xyt9d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v8xb3N8f83Xv//5CNWeP294D895QzXnvCvr3z1vf+HLLTAQ1u8R0N/L/qgHv8fWG3QwMBw33FXGxgYWGiORRabemBg4IRrZ5hyioE3rptl2HVfGX+kV98g/vX/TGSe8fiON5/stdNhG8rAh9+4j8Nevf8FXtlnpEEjDOJNjXfMfvutuuQzM454OtXbP47Bb3w21tH3v/7fsgwe4UZD3+aLX7//1x/LiM7Dxz71sLFPs/6a60yz3kYbf2G1NZdfZaVVVlpr1ulnmm7GWWedaaZpVl5tjZWmfe3j283ZpK9+nOvdzNmYI87ZQ3O8ec5GfGxvN2eTvvOcvXqPu5w/9Ouvz9mQ/+aczfXOczbpasO/0Xizjzyw3KtzM2hgYLy5Rx7YcNiZ6UYdGBhvnuG3nWjYbb86/uCBgZ3+9UCHfTbqG9vgoM2H3WbJeRed87Xd1MDAv07/1du8n/0ow0c++/DTOYafzvnatxl34F+b4pDZjjp68LC5eMt0jDna6IPHHBgYffjZ4fczMOtrJ6Of+Prt3uZ91kcY6Ksvs7L9a/9ebayBgYExhn0y8fInbzNs6v8D79P+//T////mNcugN7bHQcP/Db/Na15zzLfAv77Xq9MwbO5GGn7ZzMNM/off2v4t/dt4Jx06MOk7jPcdXhfn1Wj7WuOECbb8n3pdHBrvRO8w3nd4Hd+3He8Sd+5+32t39T823hH2dQu++nH2d7OvG3jnfd1IdAcrXfTJEfd133z7Ib5ld/n6HI06wo3ebl830Z6TbD7s/md/533dgsPGPvJb9nWDBwbGm+v1fd2wHd+8Iw/sNOzM9MPOzDfywAHDzszw6pnRBk4bduaLK6y9xorDLpj/37eDqQe95Q80YZ3NO8I6G/Smxz5ohL/vHPLa6Rj7vv4eTm+z3xw0/GH9l/sK2m7HfYfxvsP7T+E8D7tsxcOHTvA/9f5TNN6h7zzet3u/7Lcd745Pn3zr//B431hnI79puuZ/N+ts0reus2EPcaQ3rYx3+3PYinD71z6f6I1722DT+9/4mWLkEe73v/qZYv53XmfjrjbC122398Cgd5qb+d7N3Hzi3/ZBW7x5bt7tz1tTT/7a9SO9w9yMOuuyU70+N6P8N+dmvv/u3Mw+MNJb52bIwDwDAwNTDN8/zPtu5maid56bd7vdjA63f+3zld64aO4dDjzn9bkZcS7+q7mZ9787N5O+sd1M8ep1kw0eGGWUgQ2XX3/9dad77ePrZ6d/7eM7r8G5381cjvs/M5cfG/J2c/mvTXXMOy/e979Yg/+2T3/9/uf+787lwBtzObDaiIul3q/1+z93+bvL313+7vJ3l7+7/MW9zfH/N17/f7dxv7Lz8F9ujHzxJBNu+16P9z3uA338f7jvW47/bzvhJBcPHnjjunc8Pvvabd6Xx2dnfu1kjP1fv92Ixwd5oG9/fHbvWWfe+j90fPb/qdfX6rv4PVz7f3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+4tzn+P+3rfwdwz3QLPz78QOjID2y11MLv9Xjf4z7Qx/+H+77l+P/CS231wOCBN657x+P/r93Gcfz/9hfm3fH9fPz/9bXa8f/6L8rfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/MW9zfH/2V//O4CDD95949f/HuDK8bY/4b0e73vcB/X4f+//7639v7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y1/c8OP/AyO8veV32i4wOP7/f7u38V84f8ziv0j+mMV/0fwxi/9i+WMW/8Xzxyz+S+SPWfy/mz9m8V8yf8zi/738MYv/9/PHLP5L5Y9Z/JfOH7P4L5M/ZvFfNn/M4v+D/DGL/3L5Yxb/5fPHLP4/zB+z+K+QP2bxXzF/zOK/Uv6YxX/l/DGL/yr5Yxb/VfPHLP6r5Y9Z/H+UP2bxXz1/zOK/Rv6YxX/N/DGL/1r5Yxb/tfPHLP7r5I9Z/H+cP2bxXzd/zOK/Xv6YxX/9/DGL/0/yxyz+G+SPWfx/mj9m8d8wf8ziv1H+mMV/4/wxi//P8scs/j/PH7P4b5I/ZvHfNH/M4r9Z/pjFf/P8MYv/FvljFv8t88cs/lvlj1n8t84fs/hvkz9m8d82f8zi/4v8MYv/L/PHLP7b5Y9Z/LfPH7P475A/ZvHfMX/M4v+r/DGL/6/zxyz+v8kfs/jvlD9m8d85f8zi/9v8MYv/7/LHLP675I9Z/H+fP2bx3zV/zOK/W/6YxX/3/DGL/x/yxyz+f8wfs/jvkT9m8d8zf8ziv1f+mMX/T/ljFv8/549Z/PfOH7P475M/ZvHfN3/M4v+X/DGL/1/zxyz+++WPWfz3zx+z+P8tf8zif0D+mMX/7/ljFv8D88cs/v/IH7P4H5Q/ZvE/OH/M4n9I/pjF/9D8MYv/YfljFv/D88cs/kfkj1n8j8wfs/gflT9m8T86f8zif0z+mMX/2Pwxi/9x+WMW/+Pzxyz+J+SPWfxPzB+z+J+UP2bxPzl/zOJ/Sv6Yxf/U/DGL/2n5Yxb/0/PHLP5n5I9Z/M/MH7P4n5U/ZvE/O3/M4n9O/pjF/9z8MYv/efljFv/z88cs/hfkj1n8/5k/ZvG/MH/M4n9R/pjF/+L8MYv/JfljFv9L88cs/pflj1n8L88fs/hfkT9m8b8yf8zif1X+mMX/6vwxi/81+WMW/2vzxyz+1+WPWfyvzx+z+N+QP2bxvzF/zOJ/U/6Yxf/m/DGL/y35Yxb/W/PHLP635Y9Z/G/PH7P435E/ZvG/M3/M4n9X/pjF/+78MYv/PfljFv9788cs/vflj1n8788fs/g/kD9m8X8wf8zi/1D+mMX/4fwxi/8j+WMW/0fzxyz+j+WPWfwfzx+z+D+RP2bxfzJ/zOL/VP6Yxf/p/DGL/zP5Yxb/Z/PHLP7P5Y9Z/J/PH7P4v5A/ZvF/MX/M4v9S/pjF/+X8MYv/K/ljEv9BA/ljFv9B+WMW/8H5Yxb/kfLHLP5D8scs/iPnj1n8R8kfs/iPmj9m8R+aP2bxHy1/zOI/ev6YxX+M/DGL/5j5Yxb/sfLHLP5j549Z/MfJH7P4j5s/ZvEfL3/M4j9+/pjF/0P5Yxb/D+ePWfwnyB+z+H8kf8ziP2H+mMV/ovwxi/9H88cs/h/LH7P4fzx/zOL/ifwxi/8n88cs/hPnj1n8J8kfs/hPmj9m8f9U/pjFf7LX/Ye+R+N6n2bxn7z1j1n8p8gfs/hPmT9m8Z8qf8zi/+n8MYv/1PljFv/P5I9Z/D+bP2bx/1z+mMX/8/ljFv8v5I9Z/L+YP2bxnyZ/zOI/bf6YxX+6/DGL//T5Yxb/GfLHLP4z5o9Z/L+UP2bxnyl/zOI/c/6YxX+W/DGL/6z5Yxb/L+ePWfy/kj9m8f9q/pjF/2v5Yxb/2fLHLP5fzx+z+M+eP2bxnyN/zOI/Z/6YxX+u/DGL/9z5Yxb/efLHLP7z5o9Z/OfLH7P4z58/ZvFfIH/M4v+N/DGL/zfzxyz+C+aPWfy/lT9m8V8of8zi/+38MYv/d/LHLP4L549Z/BfJH7P4L5o/ZvFfLH/M4r94/pjFf4n8MYv/d/PHLP5L5o9Z/L+XP2bx/37+mMV/qfwxi//S+WMW/2Xyxyz+y+aPWfx/kD9m8V8uf8ziv3z+mMX/h/ljFv8V8scs/ivmj1n8V8ofs/ivnD9m8V8lf8ziv2r+mMV/tfwxi/+P8scs/qvnj1n818gf+4D6Xzcwgv+a+WMfUP9Xe7P/WvljFv+188cs/uvkj1n8f5w/ZvFfN3/M4r9e/pjFf/38MYv/T/LHLP4b5I9Z/H+aP2bx3zB/zOK/Uf6YxX/j/DGL/8/yxyz+P88fs/hvkj9m8d80f8ziv1n+mMV/8/wxi/8W+WMW/y3zxyz+W+WPWfy3zh+z+G+TP2bx3zZ/zOL/i/wxi/8v88cs/tvlj1n8t88fs/jvkD9m8d8xf8zi/6v8MYv/r/PHLP6/yR+z+O+UP2bx3zl/zOL/2/wxi//v8scs/rvkj1n8f58/ZvHfNX/M4r9b/pjFf/f8MYv/H/LHLP5/zB+z+O+RP2bx3zN/zOK/V/6Yxf9P+WMW/z/nj1n8984fs/jvkz9m8d83f8zi/5f8MYv/X/PHLP775Y9Z/PfPH7P4/+2t/nf/x8f1Ps3if0DrH7P4/z1/zOJ/YP6Yxf8f+WMW/4Pyxyz+B+ePWfwPyR+z+B+aP2bxPyx/zOJ/eP6Yxf+I/DGL/5H5Yxb/o/LHLP5H549Z/I/JH7P4H5s/ZvE/Ln/M4n98/pjF/4T8MYv/ifljFv+T8scs/ifnj1n8T8kfs/ifmj9m8T8tf8zif3r+mMX/jPwxi/+Z+WMW/7Pyxyz+Z+ePWfzPyR+z+J+bP2bxPy9/zOJ/fv6Yxf+C/DGJ/6vl/+9J/AddmD9m8b8of8zif3H+mMX/kvwxi/+l+WMW/8vyxyz+l+ePWfyvyB+z+F+ZP2bxvyp/zOJ/df6Yxf+a/DGL/7X5Yxb/6/LHLP7X549Z/G/IH7P435g/ZvG/KX/M4n9z/pjF/5b8MYv/rfljFv/b8scs/rfnj1n878gfs/jfmT9m8b8rf8zif3f+mMX/nvwxi/+9+WMW//vyxyz+9+ePWfwfyB+z+D+YP2bxfyh/zOL/cP6Yxf+R/DGL/6P5Yxb/x/LHLP6P549Z/J/IH7P4P5k/ZvF/Kn/M4v90/pjF/5n8MYv/s/ljFv/n8h+FLrT4P58/ZvF/IX/M4v9i/pjF/6X8MYv/y/ljFv9X8sck/q9+mv+/Z/EflD9m8R+cP2bxHyl/zOI/JH/M4j9y/pjFf5T8MYv/qPljFv+h+WMW/9Hyxyz+o+ePWfzHyB+z+I+ZP2bxHyt/zOI/dv6YxX+c/DGL/7j5Yxb/8fLHLP7j549Z/D+UP2bx/3D+mMV/gvwxi/9H8scs/hPmj1n8J8ofs/h/NH/M4v+x/DGL/8fzxyz+n8gfs/h/Mn/M4j9x/pjFf5L8MYv/pPljFv9P5Y9Z/CfLH7P4T54/ZvGfIn/M4j9l/pjFf6r8MYv/p/PHLP5T549Z/D+TP2bx/2z+mMX/c/ljFv/P549Z/L+QP2bx/2L+mMV/mvwxi/+0+WODztp15IGBgQ+8/3T5Y5b1P33+mMV/hvwxi/+M+WMW/y/lj1n8Z8ofs/jPnD9m8Z8lf8ziP2v+mMX/y/ljFv+v5I9Z/L+aP2bx/1r+mMV/tvwxi//X88cs/rPnj1n858gfs/jPmT9m8Z8rf8ziP3f+mMV/nvwxi/+8+WMW//nyxyz+8+ePWfwXyB+z+H8jf8zi/838MYv/gvljFv9v5Y9Z/BfKH7P4fzt/zOL/nfwxi//C+WMW/0Xyxyz+i+aPWfwXyx+z+C+eP2bxXyJ/zOL/3fwxi/+S+WMW/+/lj1n8v58/ZvFfKn/M4r90/pjFf5n8MYv/svljFv8f5I9Z/JfLH7P4L58/ZvH/Yf6YxX+F/DGL/4r5Yxb/lfLHLP4r549Z/FfJH7P4r5o/ZvFfLX/M4v+j/DGL/+r5Yxb/NfLHLP5r5o9Z/NfKH7P4r50/ZvFfJ3/M4v/j/DGL/7r5Yxb/9fLHLP7r549Z/H+SP2bx3yB/zOL/0/wxi/+G+WMW/43yxyz+G+ePWfx/lj9m8f95/pjFf5P8MYv/pvljFv/N8scs/pvnj1n8t8gfs/hvmT9m8d8qf8ziv3X+mMV/m/wxi/+2+WMW/1/kj1n8f5k/ZvHfLn/M4r99/pjFf4f8MYv/jvljFv9f5Y9Z/H+dP2bx/03+mMV/p/wxi//O+WMW/9/mj1n8f5c/ZvHfJX/M4v/7/DGL/675Yxb/3fLHLP67549Z/P+QP2bx/2P+mMV/j/wxi/+e+WMW/73yxyz+f8ofs/j/OX/M4r93/pjFf5/8MYv/vvljFv+/5I9Z/P+aP2bx3y9/zOK/f/6Yxf9v+WMW/wPyxyz+f88fs/gfmD9m8f9H/pjF/6D8MYv/wfljFv9D8scs/ofmj1n8D8sfs/gfnj9m8T8if8zif2T+mMX/qPwxi//R+WMW/2Pyxyz+x+aPWfyPyx+z+B+fP2bxPyF/zOJ/Yv6Yxf+k/DGL/8n5Yxb/U/LHLP6n5o9Z/E/LH7P4n54/ZvE/I3/M4n9m/pjF/6z8MYv/2fljFv9z8scs/ufmj1n8z8sfs/ifnz9m8b8gf8zi/8/8MYv/hfljFv+L8scs/hfnj1n8L8kfs/hfmj9m8b8sf8zif3n+mMX/ivwxi/+V+WMW/6vyxyz+V+ePWfyvyR+z+F+bP2bxvy5/zOJ/ff6Yxf+G/DGL/435Yxb/m/LHLP43549Z/G/JH7P435o/ZvG/LX/M4n97/pjF/478MYv/nfljFv+78scs/nfnj1n878kfs/jfmz9m8b8vf8zif3/+mMX/gfwxi/+D+WMW/4fyxyz+D+ePWfwfyR+z+D+aP2bxfyx/zOL/eP6Yxf+J/DGL/5P5Yxb/p/LHLP5P549Z/J/JH7P4P5s/ZvF/Ln/M4v98/pjF/4X8MYv/i/ljFv+X8scs/i/nj1n8X8kfk/iPNJA/ZvEflD9m8R+cP2bxHyl/zOI/JH/M4j9y/pjFf5T8MYv/qPljFv+h+WMW/9Hyxyz+o+ePWfzHyB+z+I+ZP2bxHyt/zOI/dv6YxX+c/DGL/7j5Yxb/8fLHLP7j549Z/D+UP2bx/3D+mMV/gvwxi/9H8scs/hPmj1n8J8ofs/h/NH/M4v+x/DGL/8fzxyz+n8gfs/h/Mn/M4j9x/pjFf5L8MYv/pPljFv9P5Y9Z/CfLH7P4T54/ZvGfIn/M4j9l/pjFf6r8MYv/p/PHLP5T549Z/D+TP2bx/2z+mMX/c/ljFv/P549Z/L+QP2bx/2L+mMV/mvwxi/+0+WMW/+nyxyz+0+ePWfxnyB+z+M+YP2bx/1L+mMV/pvwxi//M+WMW/1nyxyz+s+aPWfy/nD9m8f9K/pjF/6v5Yxb/r+WPWfxnyx+z+H89f8ziP3v+mMV/jvwxi/+c+WMW/7nyxyz+c+ePWfznyR+z+M+bP2bxny9/zOI/f/6YxX+B/DGL/zfyxyz+38wfs/gvmD9m8f9W/pjFf6H8MYv/t/PHLP7fyR+z+C+cP2bxXyR/zOK/aP6YxX+x/DGL/+L5Yxb/JfLHLP7fzR+z+C+ZP2bx/17+mMX/+/ljFv+l8scs/kvnj1n8l8kfs/gvmz9m8f9B/pjFf7n8MYv/8vljFv8f5o9Z/FfIH7P4r5g/ZvFfKX/M4r9y/pjFf5X8MYv/qvljFv/V8scs/j/KH7P4r54/ZvFfI3/M4r9m/pjFf638MYv/2vljFv918scs/j/OH7P4r5s/ZvFfL3/M4r9+/pjF/yf5Yxb/DfLHLP4/zR+z+G+YP2bx3yh/zOK/cf6Yxf9n+WMW/5/nj1n8N8kfs/hvmj9m8d8sf8ziv3n+mMV/i/wxi/+W+WMW/63yxyz+W+ePWfy3yR+z+G+bP2bx/0X+mMX/l/ljFv/t8scs/tvnj1n8d8gfs/jvmD9m8f9V/pjF/9f5Yxb/3+SPWfx3yh+z+O+cP2bx/23+mMX/d/ljFv9d8scs/r/PH7P475o/ZvHfLX/M4r97/pjF/w/5Yxb/P+aPWfz3yB+z+O+ZP2bx3yt/zOL/p/wxi/+f88cs/nvnj1n898kfs/jvmz9m8f9L/pjF/6/5Yxb//fLHLP77549Z/P+WP2bxPyB/zOL/9/wxi/+B+WMW/3/kj1n8D8ofs/gfnD9m8T8kf8zif2j+mMX/sPwxi//h+WMW/yPyxyz+R+aPWfyPyh+z+B+dP2bxPyZ/zOJ/bP6Yxf+4/DGL//H5Yxb/E/LHLP4n5o9Z/E/KH7P4n5w/ZvE/JX/M4n9q/pjF/7T8MYv/6fljFv8z8scs/mfmj1n8z8ofs/ifnT9m8T8nf8zif27+mMX/vPwxi//5+WMW/wvyxyz+/8wfs/hfmD9m8b8of8zif3H+mMX/kvwxi/+l+WMW/8vyxyz+l+ePWfyvyB+z+F+ZP2bxvyp/zOJ/df6Yxf+a/DGL/7X5Yxb/6/LHLP7X549Z/G/IH7P435g/ZvG/KX/M4n9z/pjF/5b8MYv/rfljFv/b8scs/rfnj1n878gfs/jfmT9m8b8rf8zif3f+mMX/nvwxi/+9+WMW//vyxyz+9+ePWfwfyB+z+D+YP2bxfyh/zOL/cP6Yxf+R/DGL/6P5Yxb/x/LHLP6P549Z/J/IH7P4P5k/ZvF/Kn/M4v90/pjF/5n8MYv/s/ljFv/n8scs/s/nj1n8X8gfs/i/mD9m8X8pf8zi/3L+mMX/lfwxif+Qgfwxi/+gd+c/yv/auN6nWfwHt/4xi/9I+WMW/yH5Yxb/kfPHLP6j5I9Z/EfNH7P4D80fs/iPlj9m8R89f8ziP0b+mMV/zPwxi/9Y+WMW/7Hzxyz+4+SPWfzHzR+z+I+XP2bxHz9/zOL/ofwxi/+H88cs/hPkj1n8P5I/ZvGfMH/M4j9R/pjF/6P5Yxb/j+WPWfw/nj9m8f9E/pjF/5P5Yxb/ifPHLP6T5I9Z/CfNH7P4fyp/zOI/Wf6YxX/y/DGL/xT5Yxb/KfPHLP5T5Y9Z/D+dP2bxnzp/zOL/mfwxi/9n88cs/p/LH7P4fz5/zOL/hfwxi/8X88cs/tPkj1n8p80fs/hPlz9m8Z8+f8ziP0P+mMV/xvwxi/+X8scs/jPlj1n8Z84fs/jPkj9m8Z81f8zi/+X8MYv/V/LHLP5fzR+z+H8tf8ziP1v+mMX/6/ljFv/Z88cs/nPkj1n858wfs/jPlT9m8Z87f8ziP0/+mMV/3vwxi/98+WMW//nzxyz+C+SPWfy/kT9m8f9m/pjFf8H8MYv/t/LHLP4L5Y9Z/L+dP2bx/07+mMV/4fwxi/8i+WMW/0Xzxyz+i+WPWfwXzx+z+C+RP2bx/27+mMV/yfwxi//38scs/t/PH7P4L5U/ZvFfOn/M4r9M/pjFf9n8MYv/D/LHLP7L5Y9Z/JfPH7P4/zB/zOK/Qv6YxX/F/DGL/0r5Yxb/lfPHLP6r5I9Z/FfNH7P4r5Y/ZvH/Uf6YxX/1/DGL/xr5Yxb/NfPHLP5r5Y9Z/NfOH7P4r5M/ZvH/cf6YxX/d/DGL/3r5Yxb/9fPHLP4/yR+z+G+QP2bx/2n+mMV/w/wxi/9G+WMW/43zxyz+P8sfs/j/PH/M4r9J/pjFf9P8MYv/ZvljFv/N88cs/lvkj1n8t8wfs/hvlT9m8d86f8ziv03+mMV/2/wxi/8v8scs/r/MH7P4b5c/ZvHfPn/M4r9D/pjFf8f8MYv/r/LHLP6/zh+z+P8mf8ziv1P+mMV/5/wxi/9v88cs/r/LH7P475I/ZvH/ff6YxX/X/DGL/275Yxb/3fPHLP5/yB+z+P8xf8ziv0f+mMV/z/wxi/9e+WMW/z/lj1n8/5w/ZvHfO3/M4r9P/pjFf9/8MYv/X/LHLP5/zR+z+O+XP2bx3z9/zOL/t/wxi/8B+WMW/7/nj1n8D8wfs/j/I3/M4n9Q/pjF/+D8MYv/IfljFv9D88cs/oflj1n8D88fs/gfkT9m8T8yf8zif1T+mMX/6Pwxi/8x+WMW/2Pzxyz+x+WPWfyPzx+z+J+QP2bxPzF/zOJ/Uv6Yxf/k/DGL/yn5Yxb/U/PHLP6n5Y9Z/E/PH7P4n5E/ZvE/M3/M4n9W/pjF/+z8MYv/OfljFv9z88cs/uflj1n8z88fs/hfkD9m8f9n/pjF/8L8MYv/RfljFv+L88cs/pfkj1n8L80fs/hflj9m8b88f8zif0X+mMX/yvwxi/9V+WMW/6vzxyz+1+SPWfyvzR+z+F+XP2bxvz5/zOJ/Q/6Yxf/G/DGL/035Yxb/m/PHLP635I9Z/G/NH7P435Y/ZvG/PX/M4n9H/pjF/878MYv/XfljFv+788cs/vfkj1n8780fs/jflz9m8b8/f8zi/0D+mMX/wfwxi/9D+WMW/4fzxyz+j+SPWfwfzR+z+D+WP2bxfzx/zOL/RP6Yxf/J/DGL/1P5Yxb/p/PHLP7P5I9Z/J/NH7P4P5c/ZvF/Pn/M4v9C/pjF/8X8MYv/S/ljFv+X88cs/q/kj0n8Rx7IH7P4D8ofs/gPzh+z+I+UP2bxH5I/ZvEfOX/M4j9K/pjFf9T8MYv/0Pwxi/9o+WMW/9Hzxyz+Y+SPWfzHzB+z+I+VP2bxHzt/zOI/Tv6YxX/c/DGL/3j5Yxb/8fPHLP4fyh+z+H84f8ziP0H+mMX/I/ljFv8J88cs/hPlj1n8P5o/ZvH/WP6Yxf/j+WMW/0/kj1n8P5k/ZvGfOH/M4j9J/pjFf9L8MYv/p/LHLP6T5Y9Z/CfPH7P4T5E/ZvGfMn/M4j9V/pjF/9P5Yxb/qfPHLP6fyR+z+H82f8zi/7n8MYv/5/PHLP5fyB+z+H8xf8ziP03+mMV/2vwxi/90+WMW/+nzxyz+M+SPWfxnzB+z+H8pf8ziP1P+mMV/5vwxi/8s+WMW/1nzxyz+X84fs/h/JX/M4v/V/DGL/9fyxyz+s+WPWfy/nj9m8Z89f8ziP0f+mMV/zvwxi/9c+WMW/7nzxyz+8+SPWfznzR+z+M+XP2bxnz9/zOK/QP6Yxf8b+WMW/2/mj1n8F8wfs/h/K3/M4r9Q/pjF/9v5Yxb/77j8h7zbG1r8F3b5v+ss/ovkj1n8F80fs/gvlj9m8V88f8ziv0T+mMX/u/ljFv8l88cs/t/LH7P4fz9/zOK/VP6YxX/p/DGL/zL5Yxb/ZfPHLP4/yB+z+C+XP2bxXz5/zOL/w/wxi/8K+WMW/xXzxyz+K+WPWfxXzh+z+K+SP2bxXzV/zOK/Wv6Yxf9H+WMW/9Xzxyz+a+SPWfzXzB+z+K+VP2bxXzt/zOK/Tv6Yxf/H+WMW/3Xzxyz+6+WPWfzXzx+z+P8kf8ziv0H+mMX/p/ljFv8N88cs/hvlj1n8N84fs/j/LH/M4v/z/DGL/yb5Yxb/TfPHLP6b5Y9Z/DfPH7P4b5E/ZvHfMn/M4r9V/pjFf+v8MYv/NvljFv9t88cs/r/IH7P4/zJ/zOK/Xf6YxX/7/DGL/w75Yxb/HfPHLP6/yh+z+P86f8zi/5v8MYv/TvljFv+d88cs/r/NH7P4/y5/zOK/S/6Yxf/3+WMW/13zxyz+u+WPWfx3zx+z+P8hf8zi/8f8MYv/HvljFv8988cs/nvlj1n8/5Q/ZvH/c/6YxX/v/DGL/z75Yxb/ffPHLP5/yR+z+P81f8ziv1/+mMV///wxi//f8scs/gfkj1n8/54/ZvE/MH/M4v+P/DGL/0H5Yxb/g/PHLP6H5I9Z/A/NH7P4H5Y/ZvE/PH/M4n9E/pjF/8j8MYv/UfljFv+j88cs/sfkj1n8j80fs/gflz9m8T8+f8zif0L+mMX/xPwxi/9J+WMW/5Pzxyz+p+SPWfxPzR+z+J+WP2bxPz1/zOJ/Rv6Yxf/M/DGL/1n5Yxb/s/PHLP7n5I9Z/M/NH7P4n5c/ZvE/P3/M4n9B/pjF/5/5Yxb/C/PHLP4X5Y9Z/C/OH7P4X5I/ZvG/NH/M4n9Z/pjF//L8MYv/FfljFv8r88cs/lflj1n8r84fs/hfkz9m8b82f8zif13+mMX/+vwxi/8N+WMW/xvzxyz+N+WPWfxvzh+z+N+SP2bxvzV/zOJ/W/6Yxf/2/DGL/x35Yxb/O/PHLP535Y9Z/O/OH7P435M/ZvG/N3/M4n9f/pjF//78MYv/A/ljFv8H88cs/g/lj1n8H84fs/g/kj9m8X80f8zi/1j+mMX/8fwxi/8T+WMW/yfzxyz+T+WPWfyfzh+z+D+TP2bxfzZ/zOL/XP6Yxf/5/DGL/wv5Yxb/F/PHLP4v5Y9Z/F/OH7P4v5I/JvEfZSB/zOI/KH/M4j84f8ziP1L+mMV/SP6YxX/k/DGL/yj5Yxb/UfPHLP5D88cs/qPlj1n8R88fs/iPkT9m8R8zf8ziP1b+mMV/7Pwxi/84+WMW/3Hzxyz+4+WPWfzHzx+z+H8of8zi/+H8MYv/BPljFv+P5I9Z/CfMH7P4T5Q/ZvH/aP6Yxf9j+WMW/4/nj1n8P5E/ZvH/ZP6YxX/i/DGL/yT5Yxb/SfPHLP6fyh+z+E+WP2bxnzx/zOI/Rf6YxX/K/DGL/1T5Yxb/T+ePWfynzh+z+H8mf8zi/9n8MYv/5/LHLP6fzx+z+H8hf8zi/8X8MYv/NPljFv9p88cs/tPlj1n8p88fs/jPkD9m8Z8xf8zi/6X8MYv/TPljFv+Z88cs/rPkj1n8Z80fs/h/OX/M4v+V/DGL/1fzxyz+X8sfs/jPlj9m8f96/pjFf/b/2n/U/9VxvU+z+M/R+scs/nPmj1n858ofs/jPnT9m8Z8nf8ziP2/+mMV/vvwxi//8+WMW/wXyxyz+38gfs/h/M3/M4r9g/pjF/1v5Yxb/hfLHLP7fzh+z+H8nf8ziv3D+mMV/kfwxi/+i+WMW/8Xyxyz+i+ePWfyXyB+z+H83f8ziv2T+mMX/e/ljFv/v549Z/JfKH/uA+g8awXqUpfPHPqD+r/bm9b9M/pjFf9n8MYv/D/LHLP7L5Y9Z/JfPH7P4/zB/zOK/Qv7YoLMGDZ+ZD7b/ivljlvW/Uv6YxX/l/DGL/yr5Yxb/VfPHLP6r5Y9Z/H+UP2bxXz1/zOK/Rv6YxX/N/DGL/1r5Yxb/tfPHLP7r5I9Z/H+cP2bxXzd/zOK/Xv6YxX/9/DGL/0/yxyz+G+SPWfx/mj9m8d8wf8ziv1H+mMV/4/wxi//P8scs/j/PH7P4b5I/ZvHfNH/M4r9Z/pjFf/P8MYv/FvljFv8t88cs/lvlj1n8t84fs/hvkz9m8d82f8zi/4v8MYv/L/PHLP7b5Y9Z/LfPH7P475A/ZvHfMX/M4v+r/DGL/6/zxyz+v8kfs/jvlD9m8d85f8zi/9v8MYv/7/LHLP675I9Z/H+fP2bx3zV/zOK/W/6YxX/3/DGL/x/yxyz+f8wfs/jvkT9m8d8zf8ziv1f+mMX/T/ljFv8/549Z/PfOH7P475M/ZvHfN3/M4v+X/DGL/1/zxyz+++WPWfz3zx+z+P8tf8zif0D+mMX/7/ljFv8D88cs/v/IH7P4H5Q/ZvE/OH/M4n9I/pjF/1Cd/6B39XAt/ofp/N9dFv/D88cs/kfkj1n8j8wfs/gflT9m8T86f8zif0z+mMX/2Pwxi/9x+WMW/+Pzxyz+J+SPWfxPzB+z+J+UP2bxPzl/zOJ/Sv6Yxf/U/DGL/2n5Yxb/0/PHLP5n5I9Z/M/MH7P4n5U/ZvE/O3/M4n9O/pjF/9z8MYv/efljFv/z88cs/hfkj1n8/5k/ZvG/MH/M4n9R/pjF/+L8MYv/JfljFv9L88cs/pflj1n8L88fs/hf8S79h/xvjet9msX/ytY/ZvG/Kn/M4n91/pjF/5r8MYv/tfljFv/r8scs/tfnj1n8b8gfs/jfmD9m8b8pf8zif3P+mMX/lvwxi/+t+WMW/9vyxyz+t+ePWfzvyB+z+N+ZP2bxvyt/zOJ/d/6Yxf+e/DGL/735Yxb/+/LHLP73549Z/B/IH7P4P5g/ZvF/KH/M4v9w/pjF/5H8MYv/o/ljFv/H8scs/o/nj1n8n8gfs/g/mf/AaHCZxf+p/DGL/9P5Yxb/Z/LHLP7P5o9Z/J/LH7P4P58/ZvF/IX/M4v9i/pjF/6X8MYv/y/ljFv9X8sck/qMO5I9Z/Aflj1n8B+ePWfxHyh+z+A/JH7P4j5w/ZvEfJX/M4j9q/pjFf2j+mMV/tPwxi//o+WMW/zHyxyz+Y+aPWfzHyh+z+I+dP2bxHyd/zOI/bv6YxX+8/Ic39C3nLP7j549Z/D+UP2bx/3D+mMV/gvwxi/9H8scs/hPmj1n8J8ofs/h/NH/M4v+x/DGL/8fzxyz+n8gfs/h/Mn/M4j9x/pjFf5L8MYv/pPljFv9P5Y9Z/CfLH7P4T54/ZvGfIn/M4j9l/pjFf6r8MYv/p/PHLP5T549Z/D+TP2bx/2z+mMX/c/ljFv/P549Z/L+QP2bx/2L+mMV/mvwxi/+0+WMW/+nyxyz+0+ePWfxnyB+z+M+YP2bx/1L+mMV/pvwxi//M+WMW/1nyxyz+s+aPWfy/nD9m8f9K/pjF/6v5Yxb/r+WPWfxnyx+z+H89f8ziP3v+mMV/jvwxi/+c+WMW/7nyxyz+c+ePWfznyR+z+M+bP2bxny9/zOI/f/6YxX+B/DGL/zfyxyz+38wfs/gvmD9m8f9W/pjFf6H8MYv/t/PHLP7fyR+z+C+cP2bxXyR/zOK/aP6YxX+x/DGL/+L5Yxb/JfLHLP7fzR+z+C+ZP2bx/17+mMX/+/ljFv+l8scs/kvnj1n8l8kfs/gvmz9m8f9B/pjFf7n8MYv/8vljFv8f5o9Z/FfIH7P4r5g/ZvFfKX/M4r9y/pjFf5X8MYv/qvljFv/V8scs/j/KH7P4r54/ZvFfI3/M4r9m/pjFf638MYv/2vljFv918scs/j/OH7P4r5s/ZvFfL3/M4r9+/pjF/yf5Yxb/DfLHLP4/zR+z+G+YP2bx3yh/zOK/cf6Yxf9n+WMW/5/nj1n8N8kfs/hvmj9m8d8sf8ziv3n+mMV/i/wxi/+W+WMW/63yxyz+W+ePWfy3Qf+2CIv/tmljFv9f5I9Z/H+ZP2bx3y5/zOK/ff6YxX+H1/xfeuW9Gtf7NIv/jq1/zOL/q/wxi/+v88cs/r/JH7P475Q/ZvHfOX/M4v/b/DGL/+/yxyz+u+SPWfx/nz9m8d81f8ziv1v+mMV/9/wxi/8f8scs/n/MH7P475E/ZvHfM3/M4r9X/pjF/0/vyn/k/71xvU+z+P+59Y9Z/PfOH7P475M/ZvHfN3/M4v+X/DGL/1/zxyz+++WPWfz3zx+z+P8tf8zif0D+mMX/7/ljFv8D88cs/v/IH7P4H5Q/ZvE/OH/M4n9I/pjF/9D8MYv/YfljFv/D88cs/kfkj1n8j8wfs/gflT9m8T86f8zif0z+mMX/2Pwxi/9x+WMW/+Pzxyz+J+SPWfxPzB+z+J+UP2bxPzl/zOJ/Sv6Yxf/U/DGL/2n5Yxb/0/PHLP5n5I9Z/M/MH7P4n5U/ZvE/O3/M4n9O/pjF/9z8MYv/efljFv/z88cs/hfkj1n8/5k/ZvG/MH/M4n9R/pjF/+L8MYv/JfljFv9L88cs/pflj1n8L88fs/hfkT9m8b8yf8zif1X+mMX/6vwxi/81+WMW/2vzxyz+1+WPWfyvzx+z+N+QP2bxvzF/zOJ/U/6Yxf/m/DGL/y35Yxb/W/PHLP635Y9Z/G/PH7P435E/ZvG/M3/M4n9X/pjF/+78MYv/PfljFv9788cs/vflj1n8788fs/g/kD9m8X8wf8zi/1D+mMX/4fwxi/8j+WMW/0fzxyz+j+WPWfwfzx+z+D+RP2bxfzJ/zOL/VP6Yxf/p/DGL/zP5Yxb/Z/PHLP7P5Y9Z/J/PH7P4v5A/ZvF/MX/M4v9S/pjF/+X8MYv/K/ljEv+hA/ljFv9B+WMW/8H5Yxb/kfLHLP5D8scs/iPnj1n8R8kfs/iPmj9m8R+aP2bxHy1/zOI/ev6YxX+M/DGL/5j5Yxb/sfLHLP5j549Z/MfJH7P4j5s/ZvEfL3/M4j9+/pjF/0P5Yxb/D+ePWfwnyB+z+H8kf8ziP2H+mMV/ovwxi/9H88cs/h/LH7P4fzx/zOL/ifwxi/8n88cs/hPnj1n8J8kfs/hPmj9m8f9U/pjFf7L8MYv/5PljH2D/wW/2nyJ/7APs/5b1P2X+mMV/qvwxi/+n88cs/lPnj1n8P5M/ZvH/bP6Yxf9z+WMW/8/nj1n8v5A/ZvH/Yv6YxX+a/DGL/7T5Yxb/6fLHLP7T549Z/GfIH7P4z5g/ZvH/Uv6YxX+m/DGL/8z5Yxb/WfLHLP6z5o9Z/L+cP2bx/8o7+u/+vz+u92kW/6+2/jGL/9fyxyz+s+WPWfy/nj9m8Z89f8ziP0f+mMV/zvwxi/9c+WMW/7nzxyz+8+SPWfznzR+z+M+XP2bxnz9/zOK/QP6Yxf8b+WMW/2/mj1n8F8wfs/h/K3/M4r9Q/pjF/9v5Yxb/7+SPWfwXzh+z+C+SP2bxXzR/zOK/WP6YxX/x/DGL/xL5Yxb/7+aPWfyXzB+z+H8vf8zi//38MYv/UvljFv+l88cs/svkj1n8l80fs/j/IH/M4r9c/pjFf/n8MYv/D/PHLP4r5I9Z/FfMH7P4r5Q/ZvFfOX/M4r9K/pjFf9X8MYv/avljFv8f5Y9Z/FfPH7P4r5E/ZvFfM3/M4r9W/pjFf+38MYv/OvljFv8f549Z/NfNH7P4r5c/ZvFfP3/M4v+T/LEPpv89nxnh0qEb5I99MP1f683r/6f5Yxb/DfPHLP4b5Y9Z/DfOH7P4/yx/zOL/8/wxi/8m+WMW/03zxyz+m+WPWfw3zx+z+G+RP2bx3zJ/zOK/Vf6YxX/r/DGL/zb5Yxb/bfPHLP6/yB+z+P8yf8ziv13+mMV/+/wxi/8O+WMW/x3zxyz+v8ofs/j/On/M4v+b/DGL/075Yxb/nfPHLP6/zR+z+P8uf8ziv0v+mMX/9/ljFv9d88cs/rvlj1n8d88fs/j/IX/M4v/H/DGL/x75Yxb/PfPHLP575Y9Z/P+UP2bx/3P+mMV/7/wxi/8++WMW/33zxyz+f8kfs/j/NX/M4r9f/pjFf//8MYv/3/LHLP4H5I9Z/P+eP2bxPzB/zOL/j/wxi/9B+WMW/4Pzxyz+h+SPWfwPzR+z+B+WP2bxPzx/zOJ/RP6Yxf/I/DGL/1H5Yxb/o/PHLP7H5I9Z/I/NH7P4H5c/ZvE/Pn/M4n9C/pjF/8T8MYv/SfljFv+T88cs/qfkj1n8T80fs/iflj9m8T89f8zif0b+mMX/zPwxi/9Z+WMW/7Pzxyz+5+SPWfzPzR+z+J+XP2bxPz9/zOJ/Qf6Yxf+f+WMW/wvzxyz+F+WPWfwvzh+z+F+SP2bxvzR/zOJ/Wf6Yxf/y/DGL/xX5Yxb/K/PHLP5X5Y9Z/K/OH7P4X5M/ZvG/Nn/M4n9d/pjF//r8MYv/DfljFv8b88cs/jflj1n8b84fs/jfkj9m8b81f8zif1v+mMX/9vwxi/8d+WMW/zvzxyz+d+WPWfzvzh+z+N+TP2bxvzd/zOJ/3zv5j/0fGNf7NIv//a1/zOL/QP6Yxf/B/DGL/0P5Ywb/QUMGhj6cP2bwH7b+H8kfs/g/mj9m8X8sf8zi/3j+mMX/ifwxi/+T+WMW/6fyxyz+T+ePWfyfyR+z+D+bP2bxfy5/zOL/fP6Yxf+F/DGL/4v5Yxb/l/LHLP4v549Z/F/JH5P4jzaQP2bxH5Q/ZvEfnD9m8R8pf8ziPyR/zOI/cv6YxX+U/DGL/6j5Yxb/ofljFv/R8scs/qPnj1n8x8gfs/iPmT9m8R8rf8ziP3b+mMV/nPwxi/+4+WMW//Hyxyz+4+ePWfw/lD9m8f9w/pjFf4L8MYv/R/LHLP4T5o9Z/CfKH7P4fzR/zOL/sfwxi//H88cs/p/IH7P4fzJ/zOI/cf6YxX+S/DGL/6T5Yxb/T+WPWfwnyx+z+E+eP2bxnyJ/zOI/Zf6YxX+q/DGL/6fzxyz+U+ePWfw/kz9m8f9s/pjF/3P5Yxb/z8v8p3uXt7P4f0Hm/26z+H8xf8ziP03+mMV/2oGBzd6rIb2fs/hP1/rHLP7T549Z/GfIH7P4z5g/ZvH/Uv6YxX+m/DGL/8z5Yxb/WfLHLP6z5o9Z/L+cP2bx/0r+mMX/q+/kL94wLP5fczO/bRb/2fLHLP5fzx+z+M+eP2bxnyN/zOI/Z/6YxX+u/DGL/9z5Yxb/efLHLP7z5o9Z/OfLH7P4z58/ZvFfIH/M4v+N/DGL/zfzxyz+C+aPWfy/lT9m8V8of8zi/+38MYv/d/LHLP4L549Z/BfJH7P4L5o/ZvFfLH/M4r94/pjFf4n8MYv/d/PHLP5L5o9Z/L+XP2bx/37+mMV/qfwxi//S+WMW/2Xyxyz+y+aPWfx/kD9m8V8uf8ziv3z+mMX/h/ljFv8V8scs/ivmj1n8V8ofs/ivnD9m8V8lf8ziv2r+mMV/tfwxi/+P8scs/qvnj1n818gfs/ivmT9m8V8rf8ziv3b+mMV/nfwxi/+P88cs/uvmj1n818sfs/ivnz9m8f9J/pjFf4P8MYv/T/PHLP4b5o9Z/DfKH7P4b5w/ZvH/Wf6Yxf/n+WMW/03yxyz+m+aPWfw3yx+z+G+eP2bx3yJ/zOK/Zf6YxX+r/DGL/9b5Yxb/bfLHLP7b5o9Z/H+RP2bx/2X+mMV/u/wxi//2+WMW/x3yxyz+O+aPWfx/lT9m8f91/pjF/zf5Yxb/nfLHLP47549Z/H+bP2bx/13+mMV/l/wxi//v88cs/rvmj1n8d8sfs/jvnj9m8f9D/pjF/4/5Yxb/PfLHLP575o9Z/PfKH7P4/yl/zOL/5/wxi//e+WMW/33yxyz+++aPWfz/kj9m8f9r/pjFf7/8MYv//vljFv+/5Y9Z/A/IH7P4/z1/zOJ/YP6Yxf8f+WMW/4Pyxyz+B+ePWfwPyR+z+B+aP2bxPyx/zOJ/eP6Yxf+I/DGL/5Ej+g/9D4/rfZrF/6jWP2bxPzp/zOJ/TP6Yxf/Y/DGL/3H5Yxb/4/PHLP4n5I9Z/E/MH/vg+u9x/psuHe2k/LEPrv9b1//J+WMW/1Pyxyz+p+aPWfxPyx+z+J+eP2bxPyN/zOJ/Zv6Yxf+s/DGL/9n5Yxb/c/LHLP7n5o9Z/M/LH7P4n58/ZvG/IH/M4v/P/DGL/4X5Yxb/i/LHLP4X549Z/C/JH7P4X5o/ZvG/LH/M4n95/pjF/4r8MYv/lfljFv+r8scs/lfnj1n8r8kfs/hfmz9m8b8uf8zif33+mMX/hvwxi/+N+WMW/5vyxyz+N+ePWfxvyR+z+N+aP2bxvy1/zOJ/e/6Yxf+O/DGL/535Yxb/u/LHLP53549Z/O/JH7P435s/ZvG/L3/M4n9//pjF/4H8MYv/g/ljFv+H8scs/g/nj1n8H8kfs/g/mj9m8X8sf8zi/3j+mMX/ifwxi/+T+WMW/6fyxyz+T+ePWfyfyR+z+D+bP2bxfy5/zOL/fP6Yxf+F/DGL/4v5Yxb/l/LHLP4v549Z/F/JH5P4jz6QP2bxH5Q/ZvEfnD9m8R8pf8ziPyR/zOI/cv6YxX+U/DGL/6gq/9He9S0t/kNV/u8+i/9o+WMW/9Hzxyz+Y+SPWfzHzB+z+I+VP2bxHzt/zOI/Tv6YxX/c/DGL/3j5Yxb/8fPHLP4fyh+z+H84f8ziP0H+mMX/I/ljFv8J88cs/hPlj1n8P5o/ZvH/WP6Yxf/j+WMW/0/kj1n8P5k/ZvGfOH/M4j9J/pjFf9L8MYv/p/LHLP6T5Y9Z/CfPH7P4T5E/ZvGfMn/M4j9V/pjF/9P5Yxb/qfPHLP6fyR+z+H82f8zi/7n8MYv/5/PHLP5fyB+z+H8xf8ziP03+mMV/2vwxi/90+WMW/+nzxyz+M+SPWfxnzB+z+H8pf8ziP1P+mMV/5vwxi/8s+WMW/1nzxyz+X84fs/h/JX/M4v/V/DGL/9fyxyz+s+WPWfy/nj9m8Z89f8ziP0f+mMV/zvwxi/9c+WMW/7nzxyz+8+SPWfznzR+z+M+XP2bxnz9/zOK/QP6Yxf8b+WMW/2/mj1n8F8wfs/h/K3/M4r9Q/pjF/9v5Yxb/7+SPWfwXzh+z+C+SP2bxXzR/zOK/WP6YxX/x/DGL/xL5Yxb/7+aPWfyXzB+z+H8vf8zi//38MYv/UvljFv+l88cs/svkj1n8l80fs/j/IH/M4r9c/pjFf/n8MYv/D/PHLP4r5I9Z/FfMH7P4r5Q/ZvFfOX/M4r9K/pjFf9X8MYv/avljFv8f5Y9Z/FfPH7P4r5E/ZvFfM3/M4r9W/pjFf+38MYv/OvljFv8f549Z/NfNH7P4r5c/ZvFfP3/M4v+T/DGL/wb5Yxb/n+aPWfw3zB+z+G+UP2bx3zh/zOL/s/wxi//P88cs/pvkj1n8N80fs/hvlj9m8d88f8ziv0X+mMV/y/wxi/9W+WMW/63zxyz+2+SPWfy3zR+z+P8if8zi/8v8MYv/dvljFv/t88cs/jvkj1n8d8wfs/j/Kn/M4v/r/DGL/2/yxyz+O+WPWfx3fjv/Uf9D43qfZvH/besfs/j/Ln/M4r9L/pjF//f5Yxb/XfPHLP675Y9Z/HfPH7P4/yF/zOL/x/wxi/8e+WMW/z3zxyz+e+WPWfz/lD9m8f9z/pjFf+/8MYv/PvljFv9988cs/n/JH7P4/zV/zOK/X/6YxX///DGL/9/yxyz+B+SPWfz/nj9m8T8wf8zi/4/8MYv/QfljFv+D88cs/ofkj1n8D80fs/gflj9m8T88f8zif0T+mMX/yPwxi/9R+WMW/6Pzxyz+x+SPWfyPzR+z+B+XP2bxPz5/zOJ/Qv6Yxf/EN/kPfi/G9T7N4n9S6x+z+J+cP2bxPyV/zOJ/av6Yxf+0/DGL/+n5Yxb/M/LHLP5n5o9Z/M/KH7P4n50/ZvE/J3/M4n9u/pjF/7z8sbf6D3xg/c/PH7Os/wvyxyz+/8wfs/hfmD9m8b8of8zif3H+mMX/kvwxi/+l+WMW/8vyxyz+l+ePWfyvyB+z+F+ZP2bxvyp/zOJ/df6Yxf+a/DGL/7X5Yxb/6/LHLP7X549Z/G/IH7P435g/ZvG/KX/M4n9z/pjF/5b8MYv/rfljFv/b8scs/rfnj1n878gfs/jfmT9m8b8rf8zif3f+mMX/nvwxi/+9+WMW//vyxyz+9+ePWfwfyB+z+D+YP2bxfyh/zOL/cP6Yxf+R/DGL/6P5Yxb/x/LHLP6P549Z/J/IH7P4P5k/ZvF/Kn/M4v90/pjF/5n8MYv/s/ljFv/n8scs/s8L/Ud7F7ex+L8g9H83WfxfzB+z+L+UP2bxfzl/zOL/Sv6YxH+Mgfwxi/+g/DGL/+D8MYv/SPljFv8h+WMW/5Hzxyz+o+SPWfxHzR+z+A/NH7P4j5Y/ZvEfPX/M4j9G/pjFf8z8MYv/WPljFv+x88cs/uPkj1n8x80fs/iPlz9m8R8/f8zi/6H8MYv/h/PHLP4T5I9Z/D+SP2bxnzB/zOI/Uf6Yxf+j+WMW/4/lj1n8P54/ZvH/RP6Yxf+T+WMW/4nzxyz+k+SPWfwnzR+z+H8qf8ziP1n+mMV/8vwxi/8U+WMW/ynzxyz+U+WPWfw/nT9m8Z86f8zi/5n8MYv/Z/PHLP6fyx+z+H8+f8zi/4X8MYv/F/PHLP7T5I9Z/KfNH7P4T5c/ZvGfPn/M4j9D/pjFf8b8MYv/l/LHLP4z5Y9Z/GfOH7P4z5I/ZvGfNX/M4v/l/DGL/9xD86cs/l9t/WMW/6/lj1n8Z8sfs/h/PX/M4j97/pjFf478MYv/nPljFv+58scs/nPnj1n858kfs/jPmz9m8Z8vf8ziP3/+mMV/gfwxi/838scs/t/MH7P4L5g/ZvH/Vv6YxX+h/DGL/7fzxyz+38kfs/gvnD9m8V8kf8ziv2j+mMV/sfwxi//i+WMW/yXyxyz+380fs/gvmT9m8f9e/pjF//v5Yxb/pfLHLP5L549Z/JfJH7P4L5s/ZvH/Qf6YxX+5/DGL//L5Yxb/H+aPWfxXyB+z+K+YP2bxXyl/zOK/cv6YxX+V/DGL/6r5Yxb/1fLHLP4/yh+z+K+eP2bxXyN/zOK/Zv6YxX+t/DGL/9r5Yxb/dfLHLP4/zh+z+K+bP2bxXy9/zOK/fv6Yxf8n+WMW/w3yxyz+P80fs/hvmD9m8d8of8ziv3H+mMX/Z/ljFv+f549Z/DfJH7P4b5o/ZvHfLH/M4r95/pjFf4v8MYv/lvljFv+t8scs/lvnj1n8t8kfs/hvmz9m8f9F/pjF/5f5Yxb/7fLHLP7b549Z/HfIH7P475g/ZvH/Vf6Yxf/X+WMW/9/kj33g/N+E/Gb/nfLHPnD+b7P+d84fs/j/Nn/M4v+7/DGL/y75Yxb/3+ePWfx3zR+z+O+WP2bx3z1/zOL/h/wxi/8f88cs/nvkj1n898wfs/jvlT9m8f9T/pjF/8/5Yxb/vfPHLP775I9Z/PfNH7P4/yV/zOL/1/wxi/9++WMW//3zxyz+f8sfs/gfkD9m8f97/pjF/8D8MYv/P/LHLP4H5Y9Z/A/OH7P4H5I/ZvE/NH/M4n9Y/pjF//D8MYv/EfljFv8j88cs/kflj1n8j84fs/gfkz9m8T82f8zif1z+mMX/+Pwxi/8J+WMW/xPzx173Hxg6MPBB9j8pf8yy/k/OH7P4n5I/ZvE/NX/M4n9a/pjF//T8MYv/GfljFv8z88cs/mflj1n8z84fs/ifkz9m8T83f8zif17+mMX//Pwxi/8F+WMW/3/mj1n8L8wfs/hflD9m8b84f8zif0n+mMX/0vwxi/9l+WMW/8vzxyz+V+SPWfyvzB+z+F+VP2bxvzp/zOJ/Tf6Yxf/a/DGL/3X5Yxb/6/PHLP435I9Z/G/MH7P435Q/ZvG/OX/M4n9L/pjF/9b8MYv/bfljFv/b88cs/nfkj1n878wfs/jflT9m8b87f8zif0/+mMX/3vwxi/99+WMO/+TfLof/wBgPtBVgFv8H88cs/g/lj1n8H84fs/g/kj9m8X80f8zi/1j+mMX/8fwxi/8T+WMW/yfzxyz+T+WPWfyfzh+z+D+TP2bxfzZ/zOL/XP6Yxf/5/DGL/wv5Yxb/F/PHLP4v5Y9Z/F/OH7P4v5I/JvEfcyB/zOI/KH/M4j84f8ziP1L+mMV/SP6YxX/k/DGL/yj5Yxb/UfPHLP5D88cs/qPlj1n8R88fs/iPkT9m8R8zf8ziP1b+mMV/7Pwxi/84+WMW/3Hzxyz+4+WPWfzHzx+z+H8of8zi/+H8MYv/BPljFv+P5I9Z/CfMH7P4T5Q/ZvH/aP6Yxf9j+WMW/4/nj1n8P5E/ZvH/ZP6YxX/i/DGL/yT5Yxb/SfPHLP6fyh+z+E+WP2bxnzx/zOI/Rf6YxX/K/DGL/1T5Yxb/T+ePWfynzh+z+H8mf8zi/9n8MYv/5/LHLP6fzx+z+H8hf8zi/8X8MYv/NPljFv9p88cs/tPlj1n8p88fs/jPkD9m8Z8xf8zi/6X8MYv/TPljFv+Z88cs/rPkj1n8Z80fs/h/OX/M4v+V/DGL/1fzxyz+X8sfs/jPlj9m8f96/pjFf/b8MYv/HPljFv8588cs/nPlj1n8584fs/jPkz9m8Z83f8ziP1/+mMV//vwxi/8C+WMW/2/kj1n8v5k/ZvFfMH/M4v+t/DGL/0L5Yxb/b+ePWfy/kz9m8V84f8ziv0j+mMV/0fwxi/9i+WMW/8Xzxyz+S+SPWfy/mz9m8V8yf8zi/738MYv/9/PHLP5L5Y9Z/JfOH7P4L5M/ZvFfNn/M4v+D/DGL/3L5Yxb/5fPHLP4/zB+z+K+QP2bxX9Ho/y4esMV/JaP/u8jiv3L+mMV/lfwxi/+q+WMW/9Xyxyz+P8ofs/ivnj9m8V8jf8ziv2b+mMV/rfwxi//a+WMW/3Xyxyz+P84fs/ivmz9m8V8vf8ziv37+mMX/J/ljFv8N8scs/j/NH7P4b5g/ZvHfKH/M4r9x/pjF/2f5Yxb/n+ePWfw3yR+z+G+aP2bx3yx/zOK/ef6YxX+L/DGL/5b5Yxb/rfLHLP5b549Z/LfJH7P4b5s/ZvH/Rf6Yxf+X+WMW/+3yxyz+2+ePWfx3yB+z+O+YP2bx/1X+mMX/1/ljFv/f5I9Z/HfKH7P475w/ZvH/bf6Yxf93+WMW/13yxyz+v88fs/jvmj9m8d8tf8ziv3v+mMX/D/ljFv8/5o9Z/PfIH7P475k/ZvHfK3/M4v+n/DGL/5/zxyz+e+ePWfz3yR+z+O+bP2bx/0v+mMX/r/ljFv/98scs/vvnj1n8/5Y/ZvE/IH/M4v/3/DGL/4H5Yxb/f+SPWfwPyh+z+B+cP2bxPyR/zOJ/aP6Yxf+w/DGL/+H5Yxb/I/LHLP5H5o9Z/I/KH7P4H50/ZvE/Jn/M4n9s/pjF/7j8MYv/8fljFv8T8scs/ifmj1n8T8ofs/ifnD9m8T8lf8zif2r+mMX/tPwxi//p+WMW/zPyxyz+Z+aPWfzPyh+z+J+dP2bxPyd/zOJ/bv6Yxf+8/DGL//n5Yxb/C/LHLP7/zB+z+F+YP2bxvyh/zOJ/cf6Yxf+S/DGL/6X5Yxb/y/LHLP6X549Z/K/IH7P4X5k/ZvG/Kn/M4n91/pjF/5r8MYv/tfljFv/r8scs/tfnj1n8b8gfs/jfmD9m8b8pf+yD7X/r65eOeXP+2Afb/43GvCV/zOJ/a/6Yxf+2/DGL/+35Yxb/O/LHLP535o9Z/O/KH7P4350/9gH1n3KES8e8J3/sA+r/am9e//fmj1n878sfs/jfnz9m8X8gf8zi/2D+mMX/ofwxi//D+WMW/0fyxyz+j+aPWfwfyx+z+D+eP2bxfyJ/zOL/ZP6Yxf+p/DGL/9P5Yxb/Z/LHLP7P5o9Z/J/LH7P4P58/ZvF/IX/M4v9i/pjF/6X8MYv/y/ljFv9X8sck/mMN5I9Z/Aflj1n8B+ePWfxHyh+z+A/JH7P4j5w/ZvEfJX/M4j9q/pjFf2j+mMV/tPwxi//o+WMW/zHyxyz+Y+aPWfzHyh+z+I+dP2bxHyd/zOI/bv6YxX+8/DGL//j5Yxb/D+WPWfw/nD9m8Z8gf8zi/5H8MYv/hPljFv+J8scs/h/NH7P4fyx/zOL/8fwxi/8n8scs/p/MH7P4T5w/ZvGfJH/M4j9p/pjF/1P5Yxb/yfLHLP6T549Z/KfIH7P4T5k/ZvGf6h39d/nfH9f7NIv/p1v/mMV/6vwxi/9n8scs/p/NH7P4fy5/zOL/+fwxi/8X8scs/l/MH7P4T5M/ZvGfNn/M4j9d/pjFf/r8MYv/DPljFv8Z88cs/l/KH7P4z5Q/ZvGfOX/M4j9L/thb/IdfNu57PKb/X72N/6z5Y5b1/+X8MYv/V/LHLP5fzR+z+H8tf8ziP1v+mMX/6/ljFv/Z88cs/nPkj1n858wfs/jPlT9m8Z87f8ziP0/+mMV/3vwxi/98+WMW//nzxyz+C+SPWfy/kT9m8f9m/pjFf8H8MYv/t/LHLP4L5Y9Z/L+dP2bx/07+mMV/4fwxi/8i+WMW/0Xzxyz+i+WPWfwXzx+z+C+RP2bx/27+mMV/yfwxi//38scs/t/PH7P4L5U/ZvFfOn/M4r9M/pjFf9n8MYv/D/LHLP7L5Y9Z/JfPH7P4/zB/zOK/Qv6YxX/F/DGL/0r5Yxb/lfPHLP6r5I9Z/FfNH7P4r5Y/ZvH/Uf6YxX/1/DGL/xr5Yxb/NfPHLP5r5Y9Z/NfOH7P4r5M/ZvH/cf6YxX/d/DGL/3r5Yxb/9fPHLP4/yR+z+G+QP2bx/2n+mMV/w/wxi/9G+WMW/43zxyz+P8sfs/j/PH/M4r9J/pjFf9P8MYv/ZvljFv/N88cs/lvkj1n8t8wfs/hvlT9m8d86f8ziv03+mMV/2/wxi/8v8scs/r/MH7P4b5c/ZvHfPn/M4r9D/pjFf8f8MYv/r/LHLP6/zh+z+P8mf8ziv1P+mMV/5/yxD6r/0BH8f5s/9kH1HxjB/3f5Yxb/XfLHLP6/zx+z+O+aP2bx3y1/zOK/e/6Yxf8P+WMW/z/mj1n898gfs/jvmT9m8d8rf8zi/6f8MYv/n/PHLP57549Z/PfJH7P475s/ZvH/S/6Yxf+v+WMW//3yxyz+++ePWfz/lj9m8T8gf8zi//f8MYv/gfljFv9/5I9Z/A/KH7P4H5w/ZvE/JH/M4n9o/pjF/7D8MYv/4fljFv8j8scs/kfmj1n8j8ofs/gfnT9m8T8mf8zif2z+mMX/uPwxi//x+WMW/xPyxyz+J+aPWfxPyh+z+J+cP2bxPyV/zOJ/av6Yxf+0/DGL/+n5Yxb/M/LHLP5n5o9Z/M/KH7P4n50/ZvE/J3/M4n9u/pjF/7z8MYv/+fljFv8L8scs/v/MH7P4X5g/ZvG/KH/M4n9x/pjF/5L8MYv/pfljFv/L8scs/pfnj1n8r8gfs/hfmT9m8b8qf8zif3X+mMX/mvwxi/+1+WMW/+vyxyz+1+ePWfxvyB+z+N+YP2bxvyl/zOJ/c/6Yxf+W/DGL/635Yxb/2/LHLP63549Z/O/IH7P435k/ZvG/K3/M4n93/pjF/54R/Tf/D4/rfZrF/97WP2bxvy9/zOJ/f/6Yxf+B/DGL/4P5Yxb/h/LHLP4P549Z/B/JH7P4P5o/ZvF/LH/M4v94/pjF/4n8MYv/k/ljFv+n8scs/k/nj1n8n8kfs/g/mz9m8X8uf8zi/3z+mMX/hfwxi/+L+WMW/5fyxyz+L+ePWfxfyR+T+I89kD9m8R+UP2bxH5w/ZvEfKX/M4j8kf8ziP3L+mMV/lPwxi/+o+WMW/6H5Yxb/0fLHLP6j549Z/MfIH7P4j5k/ZvEfK3/M4j92/pjFf5z8MYv/uPljFv/x8scs/uPnj1n8P5Q/ZvH/cP6YxX+C/DGL/0fyxyz+E+aPWfwnyh+z+H80f8zi/7H8MYv/x/PHLP6fyB+z+H8yf8ziP3H+mMV/kvwxi/+k+WMW/0/lj1n8J8sfs/hPnj9m8Z8if8ziP2X+mMV/qvwxi/+n88cs/lPnj1n8P5M/ZvH/bP6Yxf9z+WMW/8/nj1n8v5A/ZvH/Yv6YxX+a/DGL/7T5Yxb/6fLHLP7T549Z/GfIH7P4z5g/ZvH/Uv6YxX+m/DGL/8z5Yxb/WfLHLP6z5o9Z/L+cP2bx/0r+mMX/q/ljFv+v5Y9Z/GfLH7P4f13tv9wYb3eNxX92tf/bZ/GfI3/M4j9n/pjFf678MYv/3PljFv958scs/vPmj1n858sfs/jPnz9m8V8gf8zi/438MYv/N/PHLP4L5o9Z/L+VP2bxXyh/zOL/7fwxi/938scs/gvnj1n8F8kfs/gvmj9m8V8sf8ziv3j+mMV/ifwxi/9388cs/kvmj1n8v5c/ZvH/fv6YxX+p/DGL/9L5Yxb/ZfLHLP7L5o9Z/H+QP2bxXy5/zOK/fP6Yxf+H+WMW/xXyxyz+K+aPWfxXyh+z+K+cP2bxXyV/zOK/av6YxX+1/DGL/4/yxyz+q+ePWfzXyB+z+K+ZP2bxXyt/zOK/dv6YxX+d/DGL/4/zxyz+6+aPWfzXyx+z+K+fP2bx/0n+mMV/g/wxi/9P88cs/hvmj1n8N8ofs/hvnD9m8f9Z/gMDA6P92yUW/5/nj1n8N8kfs/hvmj9m8d8sf8ziv3n+mMV/i/wxi/+W+WMW/63yxyz+W+ePWfy3yR+z+G+bP2bx/0X+mMX/l/ljFv/t8scs/tvnj1n8d8gfs/jvmD9m8f9V/pjF/9f5Yxb/3+SPWfx3yh+z+O+cP2bx/23+mMX/d/ljFv9d8scs/r/PH7P475o/ZvHfLX/M4r97/pjF/w/5Yxb/P+aPWfz3yB+z+O+ZP2bx3yt/zOL/p/wxi/+f88cs/nvnj1n898kfs/jvmz9m8f9L/pjF/6/5Yxb//fLHLP77549Z/P+WP2bxPyB/zOL/9/wxi/+B+WMW/3/kj1n8D8ofs/gfnD9m8T8kf8zif2j+mMX/sPwxi//h+WMW/yPyxyz+R+aPWfyPyh+z+B+dP2bxPyZ/zOJ/bP6Yxf+4/DGL//H5Yxb/E/LHLP4n5o9Z/E/KH7P4n5w/ZvE/JX/M4n9q/pjF/7T8MYv/6fljFv8z8scs/mfmj1n8z8ofs/ifnT9m8T8nf8zif27+mMX/vPwxi//5+WMW/wvyxyz+/8wfs/hfmD9m8b8of8zif3H+mMX/kvwxi/+l+WMW/8vyxyz+l+ePWfyvyB+z+F+ZP2bxvyp/zOJ/df6Yxf+a/DGL/7X5Yxb/6/LHLP7X549Z/G/IH7P435g/ZvG/KX/M4n9z/pjF/5b8MYv/rfljFv/b8scs/rfnj1n878gfs/jfmT9m8b8rf8zif3f+mMX/nvwxi/+9+WMW//vyxyz+9+ePWfwfyB+z+D+YP2bxfyh/zOL/cP6Yxf+R/DGL/6P5Yxb/x/LHLP6P549Z/J/IH7P4P5k/ZvF/Kn/M4v90/pjF/5n8MYv/s/ljFv/n8scs/s/nj1n8X8gfs/i/mD9m8X8pf8zi/3L+mMX/lfwxif84A/ljFv9B+WMW/8H5Yxb/kfLHLP5D8scs/iPnj1n8R8kfs/iPmj9m8R+aP2bxHy1/zOI/ev6YxX+M/DGL/5j5Yxb/sfLHLP5j549Z/MfJH7P4j5s/ZvH//9i5/3Ct6/qO4ze/yXL2sU1d2nBozLUZiYxGLURF8fjjlIlm/kY9AgkiPyTBFNhopY5Nl7pZsImFY85WLXG4uX6taFjWbI3YWuUU18IYc7DInLHrwDkIZ2/PtfNl36/L9+PxB+fc9/F9pzyvl/ftxXVV9A9l6X+g/qEs/V+lfyhL/5/WP5Sl/8/oH8rS/yD9Q1n6H6x/KEv/Q/QPZen/s/qHsvR/tf6hLP0P1T+Upf9h+oey9H+N/qEs/X9O/1CW/sP0D2Xpf7j+oSz9f17/UJb+w/UPZel/hP6hLP2P1D+Upf9r9Q9l6T9C/1CW/r+gfyhL/6P0D2Xp/4v6h7L0f53+oSz9f0n/UJb+v6x/KEv/o/UPZen/ev1DWfqP1D+Upf8b9A9l6X+M/qEs/UfpH8rS/1j9Q1n6j9Y/lKX/r+gfytJ/jP6hLP3fqH8oS/9f1T+Upf9Y/UNZ+r9J/1CW/m/WP5Sl/6/pH8rS/y36h7L0H6d/KEv/4/QPZek/Xv9Qlv7H6x/K0v8E/UNZ+p+ofyhL/wn6h7L0P0n/UJb+J+sfytJ/ov6hLP1P0T+UpX+b/qEs/U/VP5Sl/2n6h7L0P13/UJb+Z+gfytK/Xf9Qlv5v1T+Upf/b9A9l6X+m/qEs/d+ufyhL/7P0D2XpP0n/UJb+Z+sfytL/HP1DWfq/Q/9Qlv7n6h/K0v+d+oey9D9P/1CW/ufrH8rS/wL9Q1n6X6h/KEv/i/QPZel/sf6hLP0v0T+Upf9k/UNZ+l+qfyhL/8v0D2Xpf7n+oSz9O/QPZel/hf6hLP2n6B/K0n+q/qEs/afpH8rS/136h7L0v1L/UJb+0/UPZek/Q/9Qlv5X6R/K0n+m/qEs/a/WP5Sl/yz9Q1n6z9Y/lKX/HP1DWfrP1T+Upf81+oey9J+nfyhL/3frH8rS/1r9Q1n6z9c/lKX/Av1DWfpfp38oS//36B/K0v96/UNZ+t+gfyhL/4X6h7L0X6R/KEv/xfqHsvT/df1DWfr/hv6hLP2X6B/K0v+9+oey9P9N/UNZ+r9P/1CW/u/XP5Sl/436h7L0v0n/UJb+N+sfytL/t/QPZem/VP9Qlv6/rX8oS//f0T+Upf8t+oey9L9V/1CW/r+rfyhL/w/oH8rS/zb9Q1n6365/KEv/O/QPZen/e/qHsvT/ff1DWfrfqX8oS/8P6h/K0v9D+oey9F+mfyhL/+X6h7L0/wP9Q1n6/6H+oSz979I/lKX/Cv1DWfrfrX8oS/8P6x/K0v8j+oey9F+pfyhL/3v0D2Xp/0f6h7L0X6V/KEv/P9Y/lKX/vfqHsvT/E/1DWfrfp38oS/+P6h/K0v9P9Q9l6f8x/UNZ+n9c/1CW/p/QP5Sl/5/pH8rS/5P6h7L0v1//UJb+q/UPZen/gP6hLP3/XP9Qlv5r9A9l6f+g/qEs/f9C/1CW/n+pfyhL/4f0D2Xp/1f6h7L0/5T+oSz9P61/KEv/z+gfytL/s/qHsvT/nP6hLP3/Wv9Qlv6f1z+Upf8X9A9l6b9W/1CW/l/UP5Sl/9/oH8rSf53+oSz9H9Y/lKX/l/QPZen/Zf1DWfo/on8oS/+v6B/K0v+r+oey9P9b/UNZ+j+qfyhL/6/pH8rS/+/0D2Xp/3X9Q1n6/73+oSz91+sfytL/G/qHsvTfoH8oS/9/0D+Upf8/6h/K0v+b+oey9P8n/UNZ+n9L/1CW/t/WP5Sl/3f0D2Xp/5j+oSz9/1n/UJb+j+sf6uo/YGCr9ZLu/4T+oSz736h/KEv/J/UPZen/L/qHsvT/rv6hLP3/Vf9Qlv7f0z+Upf8m/UNZ+j+lfyhL/+/rH8rSf7P+oSz9/03/UJb+W/QPZen/7/qHsvR/Wv9Qlv7/oX8oS/+t+oey9N+mfyhL///UP5Sl/w/0D2Xpv13/UJb+P9Q/lKX/M/qHsvT/kf6hLP2f1T+Upf9/6R/K0v85/UNZ+v9Y/1CW/jv0DyXp/8qW/qEs/fvpH8rSv7/+oSz9B+gfytJ/oP6hLP0H6R/K0n+w/qEs/YfoH8rSf6j+oSz9X6Z/KEv//fQPZen/cv1DWfq/Qv9Qlv776x/K0v+n9A9l6X+A/qGXXH8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/b+bMX3Dl5OnTO2b7xje+8c3ub17sfzMBAAD/157/0P9i/50AAAAAAAAAAAAAAAAAAABAXk3834m92P+MAAAAAAAAAAAAAADwk66t/fjNA/rt9dSAPR+85pGOnV9Hbz936sqVD5Tur10/Pi14yf57PtixY8eO5U+Pm9D1cEir1er8X3tl1+OhPY87X3/RsGWH7HpUxn/+jscumrT/6bNX3zrwG8tvbn9q0M5nB7UuuWLa9I439G+1yomDWtd2PjimX6tVTh7UuqXzwajOBxMHtVZ1Pjh254OXtT7T+eD1l82cfnnnE6dU/j2Dl4q29kWtAXsttrXXvw323P+iYY9P7f7ay0t2v9rAVtf+h6/+0sE9ftbtBfbf/frl+J777/M/IPCC+rb/ZzZ0f+3lJf/H+/+H121fEP3shfff/frlBPuH+gSf//faaM/P/T0+/x8evOTu++OGrrutc/9tZ997WNdTA/83n/+ff/1yYs/999/r83/n5/gJ3Z//h7Ra5aR9/O2AVNraF2/u7f2/9/0PfHWPm3577v/ur2x8Ref+73m2taTrqUF93P+E3t7/b+zx9wr0TVv7ih093v/7sP/WiOAld+9/0+r9d37+33jfZQft8bO+7P+knvsfOXfG1SPnzF9w9LQZk6d0TOm4auyoMceMHjt2zJiROz8R7Pp1H39TIIl9e/9v7dfjpl+r1bH7fu29N0/o3P+WB5d8pOupoX3c/8m9vv8f7v0fQsP7twYPbl07ee7c2cfs+rX74ahdv+76y4L99+G//484qusv6/4zw36t1iG770dcNHZI5/6vm1XWdD01uI/7n9jr/sfv/WeVQN/s4/v/5T1u9tr/cZtumNe5/yN/cODGrqf6+t//p/S6/7u8/8O+aGtv1fom2rn/Y4csPrXadWnz539Qnyb2P2zrLduqXZdT7R/q08T+Jy1986XVrstp9g/1aWL/D8y4eGm163K6/UN9mtj/c6/admi163KG/UN9mtj/o999cmW169Ju/1CfJvb/wTvbj612Xd5q/1CfJvZ/9DU/HFfturzN/qE+Tez/ipeftaradTnT/qE+Tez/1B0nHFTturzd/qE+Tey/3+LvLap2Xc6yf6hPE/t/YvLSmdWuyyT7h/o0sf9Vw0Y8U+26nG3/UJ8m9r/kqTdOrHZdzrF/qE8T+//q7cserXZd3mH/UJ8m9v+JCw5cVu26nGv/UJ8m9v+j4Q/uV+26vNP+oT5N7H/9+lX3V7su59k/1KeJ/S9fNWB4tetyvv1DfZrY/8JTpjxS7bpcYP9Qnyb2P3rMl8+vdl0utH+oTxP7P+Rz33qy2nW5yP6hPk3s/6yH5s2pdl0utn+oTxP7n3fox39c7bpcYv9Qnyb2/5aOQ6dWuy6T7R/q08T+y637ra92XS61f6hPE/s/b8uK8dWuy2X2D/VpYv9rDvjCx6pdl8vtH+rTxP63zrpqbLXr0mH/UJ8m9v+d9y58X7XrcoX9Q32a2P9tz369VLsuU+wf6tPE/jeNOu+Catdlqv1DfZrY/4rTn3642nWZZv9Qnyb2v3TNY3OrXZd32T/Up4n9r1172uPVrsuV9g/1aWL/R44YuX+16zLd/qE+Tex/5rlLPlTtusywf6hPE/s/8b7bX1vtulxl/1CfJvY/9GvjPlntusy0f6hPE/v/9Lj3f6radbna/qE+Tex/2/gjjqp2XWbZP9Snif1vuH/UHdWuy2z7h/o0sf8PPHxnxesyx/6hPk3sf9brnttS7brMtX+oTxP7f9Okc+ZXuy7X2D/Up4n9H3TXxC9Wuy7z7B/q08T+L/z298+sdl3ebf9Qnyb2f8TBlx5W7bpca/9Qnyb2P3XaupuqXZf59g/1aWL/E5ZvGF3tuiywf6hPE/s/4Ik5d1e7LtfZP9Snif1vHnDwGdWuy3vsH+rTxP7vuf6hb1a7LtfbP9Snif3fdONHO6pdlxvsH+rTxP4/u33w1mrXZaH9AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/80OHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrADxwIAAAAAwvytg+jdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgKAAA//+93Olf") r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f00000005c0)={'#! ', './file1'}, 0xb) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) 0s ago: executing program 9 (id=12969): syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000000280)='./bus\x00', 0x898, &(0x7f00000002c0), 0x1, 0x55ae, &(0x7f0000005600)="$eJzs3X9snHUdB/DnruvaFdeWMOuArGwDJFtEOjdNCCR2bNNpYTnphE3I+gNH0DmtY8NVCCtinIERijWMwQoLbn9MEYqucyiJBewqul8IJtNFBbPFNWOkOBExYTG9u+d299zaHhMpwuu1tM/zvc/z/d73njx/3PvW73MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEHwx+N3TL/t3roJ26+ru++8a85e+2D3kuMX3rq1avND20v2dTz31aNVq1qPLF1w0/2JpkfW93d3BkEs2S+W7t9w2fwrr69vuKI0HLDxc6ltZeVQT5nq+mKqMTbnwcF+uT9NQRAURwYoSm/npXfiOQNkdlfkDzisayf1tE4dP69x28qujc8uu3xL/ktnUOloT2C0pK+rgyeupdrk73jkiEw769KL5Vyiqf7RC+4deREAwFtSk0huMm9H029xM+22aD3Sro202yPt8B1Ce3bjVKTGHTvUPCdH66M0z9pUVCgZcp6Revr8Z9qJaP9IOxI13sI8cw9NR5rSoebZEqmP1jwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k0uuH5m/d49D7/8ldbf/u7h17/16sePrGq8ZaC7/qJ1ix/v2PG9vx2tWtV6ZOmCm+5PND2yvr+7Mwgqk/1iqe6xZ6ri8ZkDddseu6e3puFDC9cUpccNt2OyDg72hzsXVwRBc1blYDhsf3kQJHILyWawIb/wpeTOZ8ICAAAA7yVnJn/HM+1UHCzOaceSaTKW/BdKhcVrJ/W0Th0/r3Hbyq6Nzy67fMupj5cYYrzak46XaVee+IllBeMw/kbHO1EPD12RN87woiNG8/zpx/qnNdfdUHrl7gsWzphdv+XS4CfTD3csX3TfhBfHL9nXXpOX/yuHz//hmZP/AQAA+G/I/9FxhjdS/m+uqZh0cOp3ix67rur44fkP/Lyz7/kn4w8VD3Q//dLYcbf9cnVe/p+c85R5+T+ccZj/48Gp5X8AAAB4N/tf5//avHGGN1L+/8X+zZ//98pvTDk84187Xnj69xdvnVI+/7WyGTe8+cSCVxp2tf0pL//XFJb/x2RPO3xwVzjhZRVBUFP4SQUAAAByhP/vfuKjhTCvpz45iOb1y+4qe3LXG+tvjJ/V8o8zFvfPqv7i7tVf37ApNrChc92O5XNX5OX/2sLyf/E783IBAACAAvxm+y13V395ydYtew7N2XFnYvPYS+a+uuennVf1vXwsUfT8zX15+T9RWP4vGZ2XAwAAAJzEU+MmPnfo0UNfm7177YS9q9rmPD5t3+qFD/xz9t+veOnPxzddWJ6X/xsLy/9l6W165UOq087wrxA6KoKgdHCnJVXoC9o/mSkAAAAAb5Mwpzc1revduX7MrNfOPvzDNSuW/2rvpd++a2P1zQd+XXX7ucf2996Yl/9bhr//f3ing3D9f879//LW/2cVUnf9u8SNAQAAAHg/yl/PH94eP/XNBUN9/36h6/8/euaBko7m8ysnx7dVz3rig31Xra1+fVHHRZ/YfusbH46V//VTefm/rbD8X5S9fTu//w8AAABOwf/b9/8tzhtneCPd/79v3DPnrPnsPT+o/WbZU+e+eXfzd9oPTj9v87QzPlJ0fvecmX/4fl7+by8s/4fb07JfXk94fm6vCIKJgzvpuwluDae7LFLoKs4qpE58pEd92CNd6CrJKiS1RHp8rCIIpgzutEUKp4eF9khhoDxd2BQp7A0L6eshU3g0UugJr7R7y9PTjRZ+FhbSCyy6whUUp2WWRER6HBuqx2DhpD0OZJ4cAADgfSUMz+ksW5zbDKJRtis20gFlIx0QH+mAopEOGBM5IHrgUI8HjbmF8PEfz+1e+so1D9b1Xt1w9KzZe5bc0faBnkW9O7/wo55z/nL1Cws/nZf/NxWW/8NTMTa1GWr9fxCu/09/r2Fm/X9jWKiMFLrCQiJ6x4BE+BypsHtn+ByViXSPgYmZAgAAALynhZ8LFI3yPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sHfvcVJVd4LATzf9oJum6YgBY4ygRkR3aZomGEQcUXRXo4tNJKtjhtAIjXZoAwq4YsyKr3GV6GLUmBjZwY+jJg6r+CDqRIXoiElGJfE5Kz4HnciqS9BR45gs++m+dYqqW112IaC0+/3+0XWqfud569F17r11LgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/P/hsiX3Nrw58H9965ffW/f697409TdTD9m8y19uqHt3yDlPbT5ocN0tbw1asPCNtklnXtsyffk1G1YuDaGlq1xZUrzsoUHl5aP/cMxdt13xcNO0wVPOrcrUm4mHfp1/yjN3Loytvto/hLvLQqhIB0bUJYHKzP26WN8edSF8LmwJZEu01SYl0g2Hh2tCWBa2BLJV3VsTQl1OYMoTD666rDNxVU0I+4YQqtNtvFCdtFGTDgyrSgK16cCciiTw/uZENnBPeRKArVHV3YPxzZB90a9oyc/Q0H1lRV5/lR+3czuZ9PD6xERD8XxvHbaDO5Wj4Lls2aanrduXBttdwdtjtXdbL3i3FWznJZ623C9SmW8om7eEqkP5zLZZ0xd0zI+PlIfGxj7FatpBz/O6TefM2Jp0r3kdxg40bJfX4QO1k+ove3viwStP/uPp+85fO3Vbu/lczibNTe9o1SHzmus1z2M04dP7PNm8LYW3r539aSv4ljTUl64QwvF/+nzZM3Ne2n3jB6+eOPH2Fy6+etrCa6ZMfHbQL8b+47W73D3t8oL5f8NHz//jyznelufljq1+WJ/MzeMjdTGxsT6ZmwMAAECv0Rv2mn519KsvnfrQ3YteXH5cxXfH/eqk3eorzv5+x/G7rhz/xUuvbH98l4L5/9DSjv/HQ/51uaNdHcKErsQFA0LYrevxJPCz2J2TB4SwV1eqJT9wWCqwOoQvdCX2z1aVKtE3lhiaCvy+PhOYkAqsiYGWVODGGFiSClwYAytSgRkxsDoVODwGQnv+OA6oz4yj5EBNDLQmG3FFPAvhnfrYWmpbrctWBQAAsJ1kZoeV+XdzznXY1gxxermipqcM8QzsohmqUzWkZ7DZaVXRGip6qqG8pxqy41700cMvqLmsp5oLTsMoy8/w4ZDvlA+YuPeP7rpxxE3NL0787rtjj//Kn998d/X+//Tf7zln/nUHFMz/mz56/l/dTUfKCo7/hzC562/MXZ6JdGTjrS15GQAAAIBtcNVjS5+84YCj/s99L99355euvaF89dVf/7+vbLxg71HHDS/r+3ffXlEw/59Q2vn/cZ9In5zM4dG4G2L2gBCa8gNJtQcXBpKj3v0yAQAAAOgNssfjs8fC2zO3ySna6fl0Yf6WrcwfD/xP6Db/5Zv++tkvX/vkiQuH7bPhiv925gdlnx/7u12OXTvy8bf2HPYPDX0Lz/9vKe38/9r826QTa2IvrhwQQt+cwCOxl52BLkNj4OVD8wOZ8a+JG2BxrCpzYkK2qsWxRGsMNKUCy4qV+G22xG75gcyTlW38guw42jMlcgIAAADwiYu7A+Jx+Xj+/z2TD/jS/oNeGvPinvcufG3C0hNOrf3hPrfs+vqAjkljDpxwyBHPFMz/W7fu/P+ueXDB6f0d/UIYWRFCn/QPAx6tTRYGjIG6skzi/tqkrj7pqs6rDWF858DSVb2SWf+/Ir3G4BM1SVUxsNveP900rDNxQ00II3MDz3zz+jGdifmpQLbxb9SEMKRztOnGV/ZNGq9MN35N3xD2zAlkqzq5bwidjVWlq3qwOnMdg3RVt1WHMDAnkK3qwOoQFgYAeqn4r3Rm7oPzFp49e3pHR9sZOzAR9+HXhFntHW2NM+Z0zKwu0qeZqT7nLWN0XuGYSr3yzfOZJYqmDrl9eCnp7O8Em3LbyuzHLzhxMHM/fheq7Bpnc2Xe3dHpIQ/fp7CJkPNNqtiQy3fwkGtzK9nyJBbUH/NXhX6h74J5bWc0njV9/vwzRiV/S83enPyNh5mSbTUqva1qu+tbCS+PoqtlpXzcbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/PQx1v+6qTg118/Uljms7DnX3ipxKPolPDQkJid6WmL6k7PwJ0359/7f2WHPaWSft8fd7zBxx0l9d/pu5JzYeMvlX1//l2oL5/9yPnv/HT534yZ9Zn6HY8f+GeJg/eXzLYf7WGFhW6vH/hmJH87MnBgxNBRbFwCKH+QEAAPhsiLsj497MuFf6urp/uvvImTMOef+XJ0y5+m/Hjjv1rPX7Nlx89bFL/sP6d5asOuLtgvn/otJ+/7+d1v/PLl3/tWLL/O8fSzQVW/8/vcx/dv3/RcXW/08v859d/3/Zp7D+/4JsILVJ3rH+PwAA8Fnwya3/3+Py/ukLBBRk6HF5//QFAgoy9LiMf6kXCNjq9f/ndPxF7aDL54w7dMTcHz+yau8lA2/70vMTf73P0oNG3LvylvdG3Vow/19S2vzfwv0AAACw83jol32/ffG7w+5/6pH3jyy79Lcbbzr+r9oOOOQPA5tPmXx0zfdv+reC+f+y0ub/n/z6f6HY+f9DiwVaii0MaP0/AAAAeqli6//dPPDloavnj7jxsZ+/ectLrb+YOf61f7fkB1+ZPqzp5jXrftMwY33B/H9FafP/eNpFeV7u2JsP65M17UJ6TbuN9dmfDAAAAEDvUB4aGytLzJu3MuphH7/NdZmlQD8qnevp+watWlD+0FVl1Rt/cMm0QxrPPfbMOUdetP77tU/+pHZqY/UZBfP/1aXN//N+l/FA7aT6y96eePCHK0/+4+n7zl87dcvxfwAAAGDHKXW/BAAAAAAAAAAAAAAA8Ol7qnXpQR+MOvqNmXuN+tM3jn3hB4u/+M1H/ubaP5/588Pv26t987ApBb//D5O7yhX7/X+87l/8fcGuebljqz2v/5e5P+WYWxd2LVn4aH0I++QGZp8/+3Mhc23+/XIDq6buP7gzcX66xH0vHv5aZ2JaOnDUiF3e60yMTwVa4yKJX0gH4lUV3+ufCsTlFZ9MB+L2WJEOVGUCl/RPxlGW3lYb6pJtVZbeVs/VhTAgJ5DdVnfXJW2UpQd4VSqQHeDp6UAc4KRMoDzdq1v7Jb2KgbpY9G/6Jb0CAGCnFb8FVoZZ7R1tTfErfLzdvSL/Nspbsuy8wmrLSmz++czSZFOH3D68lHSf9HfRLdcarwzVnUMYVfB1NTdLWdcot08tPWy6XYsMuafV3sqLlEvb2k1XVXxENcmIGmfM6ZhZ2ePAR/ecpbmixyyjCiY7uVnKuzZpCbWU0JcSRlTitimhy/F+eWhs7JPKNS4GG0Kenl4Rpf5eP3edv2Kvgtw8f1tz7aV9Bvd5/9/GX/TQgwMqO06d3HbR7o/988BRM3/8wwdbr/l9wfy/obT5f3XuuN7LXAxgUbyy3sEDQmgtcUQAAADw2fc/z11+x4lz1myYtbri2d/9bnb5cSdWbj7nrnPOvui5+xcfdcm/v3lb4yvKntp04hubzvrrN37ylesePuulw2ecddekdYesb6u+8bt/sfzUIQXz/6Glzf/jHqzMoeBkb8fqeP3/CwaE0HVp/YYk8LM43JMHhLBXV6ollkguqP+1WKIpCfws7jDZP5Zobcmvqm8MrEgFfl+fCaxOBdbEQGYvxU9DZlfOFfUhjOlKTc4vMTeWaEgFjouBoalAYww0pQL9Y2BCKvBm/0ygJRX4xxgI7fnb6s7+mW0FAACwNTLzrMr8uyE9z1tR0VOGsp4y1PaUobynDNU9ZSg2inj/jpihMnXySllOpsp0rTWpWgoyxIvhb3W/CjKE3+bnTBcsaDqef5A936AsP8O4H97RetDX5v1408U/evzIAy88csmVb196dL/BVz77v9vP7dd/U23B/L+ptPl/bf5t0vqaOP/fcv2/JPBI7N6V8dTxoTHw8qH5gcyOgTVxsrs4W1VLpkRm0r44lpgQA0NTgbkxMCEVaJ2cCSwbnB/IzLSzjV+Qbbw9UyInAAAAAJ+4uIMg7qaJ8/+V48I7exz5fvPuVw6cO+7xR847YnrNrtU1/zx+7dLxl1Y/tF/fgvn/hNLm/7G9frmNXRh782r/EO4u29KbbGBEXRKI+zHq4s/j96gL4XM5OziyJdpqkxJVqYbDwzXJL9Sr0lXdW5OsMRDvT3niwVWXdSauqglh35y9L9k2XqhO2qhJB4ZVJYHadGBORRKIe36ygXvKkwBss+xewfiCypzqktXQfbkir7/PyjVB08Mr2AfaTb7ufnO1o1SnH8jsU83auqetoDp2iIK3x2rvtt74bmvwbsv9IpX5hrJ5S6g6lM9smzV9Qcf8+EjuL1kL7KDnOfdXqqWkt8PrcNHH723PqtMdaEp9fDR1X67712FZrO6B2kn1l7098eCVJ//x9H3nr51acjeKiD8UPvjWuQc8l7N5d7TqkHnN9brPkxafJ73x38BQT1sIYfkFs5584l/ef75iffN/OXDs8tvefGz5Tw56YNaIL2y45Msb33r3qIL5f0tp8/+K1G2XD+LGnDcghOE5G/fRuPknDkg+B3MCyafkwMJAcsh9fX3RT04AAADY3rK7O7L7C9ozt8kJ4el5cmH+lq3MH/dXTOg2f6n9HjjmH7536FWvf+Pr63e//NGlT637T2++csS0Qx/Y9PSKla83H/v5pwvm/60fPf/vm+qm4/+O/7ODOP7frZ19V3Tf9AOLtmlXdEF17BCO/3drZ3+3Of7fLcf/Hf/vjuP/PXD8v1s7+9NW8C1pri9dIYTWATfc/ova6cP7XXHOt2as/fnT7zSNe6Hu3KPv/B+HLw7XnLfqzwXz/7mlzf+t/9f9on3Z9f9ai63/N7fY+n+LrP8HAADsUEUWmkvP8wpW7yvIkF69ryBDjwsE9rjEoPX/tnr9v9qTzj7plfq39rpm4u3/+c7pFz5/0onP7tvn+RNuP+GmkVcPf+nLGwrm/4tKm//Hl0O/3NZ7y/p/QycXqWpJDMy1MCAAAAA7o2I7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPh0rXhw8Rc3L97noJue/fxNh//rsjWz9v7VAZtHjzm5cfjigWVX/t2/vDVowcI32iadeW3L9OXXbFi5NIT2rnJlSfGyhwaVl4/+wzF33XbFw03TBk85tzpTb2Xm9ot5uWOrH9aHsCznkbqY2FjfeWdLYMoxty6s6Ew8Wh/CPrmB2efP/lxn4sb6EPbLDayauv/gzsT56RL3vXj4a52JaenAUSN2ea8zMT4TKEt397r+SXfL0t29rH8IA3IC2e5+u39+Vdk2/mMmUJ5u4+a6pI0YqItFf1SXtBEDHbFEe98QRlaE0Cdd1a+rk6r6pKv6++qkqj7pqv5rdQjjQwgV6aperEqqqkiPfG1VUlUM7Lb3TzcN60wsqwphZG7gmW9eP6YzcXoqkG3861UhDOl8yaQbv6Myabwy3fhVlSHsGUKoSpf414qkRFW6xCsVIQzMCWQbP7UihIWBz4T44TMz98F5C8+ePb2jo+2MHZioyrRVE2a1d7Q1zpjTMbM61adiynLSm8/7+GN/ftM5Mzpvpw65fXgp6YpMucquLjdX5t0dvbP3PvarNreSLc9HQf0xf1XoF/oumNd2RuNZ0+fPP2NU8rfU7M3J3z6ZaLKtRvWWbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/22Oo13/yQ929IqeST+IDQEJCorclyvM+3Zp29g/ygi/6WzpaGaq7PqALphW5Wcq6Rrk9Bn3Yxxzxx/me0uOIRhVMHAqyNPecZXTBZGJLlpokS9f3uoLJYW5N5V2bNN4vD42NfYpth4b8u7mb961t2LzrMpuu1DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD/2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBYAAAAAECYv3UYPRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlwIAAP//WKHPZA==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x6) ioctl$FS_IOC_RESVSP(r0, 0x40305839, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x350e}) r1 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x1ff) write$FUSE_WRITE(r1, &(0x7f0000000080)={0x18, 0x2a4ef5f2e75b634, 0x0, {0x704}}, 0xff6e) kernel console output (not intermixed with test programs): ange from 0 to 32768 [ 3385.821754][T12445] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop9 scanned by syz.9.12183 (12445) [ 3385.839585][T12445] BTRFS info (device loop9): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 3385.849885][T12445] BTRFS info (device loop9): using sha256 (sha256-avx2) checksum algorithm [ 3385.859067][T12445] BTRFS info (device loop9): using free space tree [ 3385.974402][T12445] BTRFS info (device loop9): enabling ssd optimizations [ 3385.981888][T12445] BTRFS info (device loop9): auto enabling async discard [ 3386.127776][ T5732] BTRFS info (device loop9): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 3386.352701][T12441] loop3: detected capacity change from 0 to 32768 [ 3386.395510][T12441] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.12181 (12441) [ 3386.453855][T12441] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 3386.500833][T12441] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 3386.509566][T12441] BTRFS error (device loop3): unrecognized mount option 'async' [ 3386.560638][T12441] BTRFS error (device loop3): open_ctree failed: -22 [ 3386.920885][T12465] loop5: detected capacity change from 0 to 32768 [ 3386.980209][T12465] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 scanned by syz.5.12185 (12465) [ 3386.997966][T12465] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 3387.008527][T12465] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 3387.017429][T12465] BTRFS info (device loop5): enabling ssd optimizations [ 3387.024633][T12465] BTRFS info (device loop5): using spread ssd allocation scheme [ 3387.032548][T12465] BTRFS info (device loop5): setting nodatacow, compression disabled [ 3387.040778][T12465] BTRFS info (device loop5): not using ssd optimizations [ 3387.047866][T12465] BTRFS info (device loop5): not using spread ssd allocation scheme [ 3387.056201][T12465] BTRFS info (device loop5): max_inline at 0 [ 3387.062326][T12465] BTRFS info (device loop5): using free space tree [ 3387.235049][T12465] BTRFS info (device loop5): auto enabling async discard [ 3387.291824][T12470] hfsplus: unable to find HFS+ superblock [ 3387.448832][T11188] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 3388.588788][T12497] loop5: detected capacity change from 0 to 32768 [ 3389.230776][T12508] loop9: detected capacity change from 0 to 32768 [ 3389.257394][T12508] JBD2: Ignoring recovery information on journal [ 3389.306833][T12508] ocfs2: Mounting device (7,9) on (node local, slot 0) with ordered data mode. [ 3389.508674][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 3389.515492][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 3389.555728][ T5732] ocfs2: Unmounting device (7,9) on (node local) [ 3389.807305][T12515] loop5: detected capacity change from 0 to 32768 [ 3389.831156][T12515] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 scanned by syz.5.12196 (12515) [ 3389.858233][T12515] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 3389.869202][T12515] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 3389.878027][T12515] BTRFS info (device loop5): enabling ssd optimizations [ 3389.885043][T12515] BTRFS info (device loop5): using spread ssd allocation scheme [ 3389.892773][T12515] BTRFS info (device loop5): setting nodatacow, compression disabled [ 3389.901172][T12515] BTRFS info (device loop5): not using ssd optimizations [ 3389.908221][T12515] BTRFS info (device loop5): not using spread ssd allocation scheme [ 3389.916331][T12515] BTRFS info (device loop5): max_inline at 0 [ 3389.922555][T12515] BTRFS info (device loop5): using free space tree [ 3390.004458][T12516] hfsplus: unable to find HFS+ superblock [ 3390.102963][T12515] BTRFS info (device loop5): auto enabling async discard [ 3390.374938][T11188] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 3390.616810][T12531] loop9: detected capacity change from 0 to 32768 [ 3390.702487][T12531] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop9 scanned by syz.9.12200 (12531) [ 3390.733541][T12531] BTRFS info (device loop9): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 3390.760857][T12531] BTRFS info (device loop9): using sha256 (sha256-avx2) checksum algorithm [ 3390.769553][T12531] BTRFS error (device loop9): unrecognized mount option 'async' [ 3390.814130][T12531] BTRFS error (device loop9): open_ctree failed: -22 [ 3391.803895][T12539] loop5: detected capacity change from 0 to 40427 [ 3391.829128][T12539] F2FS-fs (loop5): LFS is not compatible with checkpoint=disable [ 3392.509140][T12544] loop3: detected capacity change from 0 to 32768 [ 3393.246189][T12551] loop9: detected capacity change from 0 to 32768 [ 3393.335038][T12551] ocfs2: Mounting device (7,9) on (node local, slot 0) with writeback data mode. [ 3393.396921][ T27] audit: type=1800 audit(1759521696.502:717): pid=12551 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.12209" name="bus" dev="loop9" ino=9553 res=0 errno=0 [ 3394.180465][ T5732] ocfs2: Unmounting device (7,9) on (node local) [ 3394.409178][T12571] loop5: detected capacity change from 0 to 32768 [ 3394.480732][T12571] XFS (loop5): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3394.552689][T12571] XFS (loop5): Ending clean mount [ 3394.571196][T12571] XFS (loop5): Quotacheck needed: Please wait. [ 3394.756437][T12571] XFS (loop5): Quotacheck: Done. [ 3395.252926][T11188] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3395.802247][T12596] hfsplus: unable to find HFS+ superblock [ 3396.370284][T12602] loop3: detected capacity change from 0 to 32768 [ 3396.398993][T12602] ocfs2: Mounting device (7,3) on (node local, slot 0) with writeback data mode. [ 3396.447781][ T27] audit: type=1800 audit(1759521699.542:718): pid=12602 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.12223" name="bus" dev="loop3" ino=9553 res=0 errno=0 [ 3396.785459][ T5952] ocfs2: Unmounting device (7,3) on (node local) [ 3397.219698][T12600] loop9: detected capacity change from 0 to 32768 [ 3397.541591][T12614] loop3: detected capacity change from 0 to 32768 [ 3398.350785][T12600] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop9 scanned by syz.9.12224 (12600) [ 3398.392746][T12600] BTRFS info (device loop9): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 3398.417176][T12600] BTRFS info (device loop9): using sha256 (sha256-avx2) checksum algorithm [ 3398.435794][T12600] BTRFS info (device loop9): using free space tree [ 3398.855816][T12600] BTRFS info (device loop9): enabling ssd optimizations [ 3398.888079][T12600] BTRFS info (device loop9): auto enabling async discard [ 3399.222324][T12637] loop3: detected capacity change from 0 to 32768 [ 3399.257483][T12637] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3399.311049][T12637] XFS (loop3): Ending clean mount [ 3399.322711][ T5732] BTRFS info (device loop9): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 3399.327037][T12637] XFS (loop3): Quotacheck needed: Please wait. [ 3399.519672][T12637] XFS (loop3): Quotacheck: Done. [ 3399.555786][T12650] loop5: detected capacity change from 0 to 1024 [ 3399.618139][T12650] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 3399.692489][ T5952] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3400.173843][T12656] loop9: detected capacity change from 0 to 512 [ 3400.199985][T12656] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 3400.217449][T12656] ext4 filesystem being mounted at /537/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 3400.379179][T12654] loop5: detected capacity change from 0 to 32768 [ 3400.415503][T12654] ocfs2: Mounting device (7,5) on (node local, slot 0) with writeback data mode. [ 3400.494879][ T27] audit: type=1800 audit(1759521703.602:719): pid=12654 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.12236" name="bus" dev="loop5" ino=9553 res=0 errno=0 [ 3400.581189][ T5732] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 3400.743743][T11188] ocfs2: Unmounting device (7,5) on (node local) [ 3400.819553][T12666] netlink: 40 bytes leftover after parsing attributes in process `syz.9.12238'. [ 3400.981317][T12667] netlink: 'syz.9.12238': attribute type 4 has an invalid length. [ 3401.421656][T12669] loop5: detected capacity change from 0 to 32768 [ 3401.441597][T12669] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 scanned by syz.5.12239 (12669) [ 3401.457248][T12669] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 3401.467548][T12669] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 3401.476298][T12669] BTRFS info (device loop5): enabling ssd optimizations [ 3401.483273][T12669] BTRFS info (device loop5): using spread ssd allocation scheme [ 3401.490966][T12669] BTRFS info (device loop5): setting nodatacow, compression disabled [ 3401.499043][T12669] BTRFS info (device loop5): not using ssd optimizations [ 3401.506394][T12669] BTRFS info (device loop5): not using spread ssd allocation scheme [ 3401.514484][T12669] BTRFS info (device loop5): max_inline at 0 [ 3401.520527][T12669] BTRFS info (device loop5): using free space tree [ 3401.630178][T12669] BTRFS info (device loop5): auto enabling async discard [ 3402.182433][T11188] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 3402.492999][T12695] hfsplus: unable to find HFS+ superblock [ 3404.218009][T12707] loop5: detected capacity change from 0 to 32768 [ 3404.253859][T12707] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 3404.369912][T12707] XFS (loop5): Ending clean mount [ 3404.378399][T12707] XFS (loop5): Quotacheck needed: Please wait. [ 3404.417674][T12694] loop3: detected capacity change from 0 to 32768 [ 3404.452141][T12694] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3404.504914][T12707] XFS (loop5): Quotacheck: Done. [ 3404.609214][T12694] XFS (loop3): Ending clean mount [ 3404.637169][T12694] XFS (loop3): Quotacheck needed: Please wait. [ 3404.928441][T11188] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 3405.066107][T12694] XFS (loop3): Quotacheck: Done. [ 3405.316951][ T5952] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3407.660370][T11341] usb 10-1: new high-speed USB device number 27 using dummy_hcd [ 3407.925850][T12749] loop5: detected capacity change from 0 to 32768 [ 3407.946155][T12749] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 scanned by syz.5.12260 (12749) [ 3407.961854][T12749] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 3407.972232][T12749] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 3407.981432][T12749] BTRFS info (device loop5): enabling ssd optimizations [ 3407.988385][T12749] BTRFS info (device loop5): using spread ssd allocation scheme [ 3407.996082][T12749] BTRFS info (device loop5): setting nodatacow, compression disabled [ 3408.004227][T12749] BTRFS info (device loop5): not using ssd optimizations [ 3408.011432][T12749] BTRFS info (device loop5): not using spread ssd allocation scheme [ 3408.019471][T12749] BTRFS info (device loop5): max_inline at 0 [ 3408.025518][T12749] BTRFS info (device loop5): using free space tree [ 3408.060261][T11341] usb 10-1: Using ep0 maxpacket: 32 [ 3408.103471][T11341] usb 10-1: config 0 has an invalid interface number: 184 but max is 0 [ 3408.133942][T11341] usb 10-1: config 0 has no interface number 0 [ 3408.141143][T11341] usb 10-1: config 0 interface 184 has no altsetting 0 [ 3408.167802][T12749] BTRFS info (device loop5): auto enabling async discard [ 3408.179291][T11341] usb 10-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 3408.197194][ T5108] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 3408.207790][T11341] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3408.216076][ T5108] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 3408.221132][ T5108] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 3408.227562][T11341] usb 10-1: Product: syz [ 3408.234578][T11341] usb 10-1: Manufacturer: syz [ 3408.247835][T11341] usb 10-1: SerialNumber: syz [ 3408.260808][ T5108] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 3408.268813][ T5108] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 3408.276678][ T5108] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 3408.291837][T11341] usb 10-1: config 0 descriptor?? [ 3408.310675][T11341] smsc75xx v1.0.0 [ 3408.479388][T11188] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 3408.887313][T12763] chnl_net:caif_netlink_parms(): no params data found [ 3408.992307][T11341] smsc75xx 10-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 3409.020444][T11341] smsc75xx 10-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 3409.456659][T12776] loop5: detected capacity change from 0 to 40427 [ 3409.490809][T12776] F2FS-fs (loop5): invalid crc value [ 3409.507099][T12763] bridge0: port 1(bridge_slave_0) entered blocking state [ 3409.518612][T12763] bridge0: port 1(bridge_slave_0) entered disabled state [ 3409.519126][T12776] F2FS-fs (loop5): Found nat_bits in checkpoint [ 3409.574853][T12776] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 3409.583562][T12763] bridge_slave_0: entered allmulticast mode [ 3409.593347][T12763] bridge_slave_0: entered promiscuous mode [ 3409.606910][T12777] f2fs_ckpt-7:5: attempt to access beyond end of device [ 3409.606910][T12777] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 3409.628619][T12777] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 3409.638370][T12763] bridge0: port 2(bridge_slave_1) entered blocking state [ 3409.650372][T12763] bridge0: port 2(bridge_slave_1) entered disabled state [ 3409.653910][ T27] audit: type=1800 audit(1759521712.772:720): pid=12776 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.12262" name="file1" dev="loop5" ino=10 res=0 errno=0 [ 3409.670388][T12763] bridge_slave_1: entered allmulticast mode [ 3409.715996][T12763] bridge_slave_1: entered promiscuous mode [ 3409.783440][T11341] smsc75xx 10-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -71 [ 3409.814044][T12763] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3409.823951][T11341] smsc75xx 10-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -71 [ 3409.833876][T11341] smsc75xx 10-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 3409.848351][T12763] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3409.857782][T11341] smsc75xx: probe of 10-1:0.184 failed with error -71 [ 3409.880605][T11341] usb 10-1: USB disconnect, device number 27 [ 3409.946014][T12763] team0: Port device team_slave_0 added [ 3409.956726][T12763] team0: Port device team_slave_1 added [ 3410.054005][T12763] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 3410.073740][T12763] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3410.130208][T12763] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 3410.170380][T12763] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 3410.190249][T12763] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3410.397468][ T5108] Bluetooth: hci3: command tx timeout [ 3410.476921][T12763] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 3411.416572][T12763] hsr_slave_0: entered promiscuous mode [ 3411.459112][T12763] hsr_slave_1: entered promiscuous mode [ 3411.488336][T12763] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 3411.497885][T12763] Cannot create hsr debugfs directory [ 3412.035485][T12806] nbd5: detected capacity change from 0 to 63 [ 3412.047274][T12807] block nbd5: NBD_DISCONNECT [ 3412.066637][T12807] block nbd5: Disconnected due to user request. [ 3412.089557][T12763] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3412.097579][T12807] block nbd5: shutting down sockets [ 3412.283183][T12763] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3412.400394][T12763] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3412.460438][ T5108] Bluetooth: hci3: command tx timeout [ 3413.482614][T12763] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3413.929451][T12763] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 3413.964412][T12763] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 3414.004258][T12763] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 3414.037291][T12763] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 3414.405065][T12763] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3414.473241][T12763] 8021q: adding VLAN 0 to HW filter on device team0 [ 3414.598405][ T5108] Bluetooth: hci3: command tx timeout [ 3415.412774][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 3415.419961][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3415.477152][ T5402] bridge0: port 2(bridge_slave_1) entered blocking state [ 3415.484421][ T5402] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3415.607336][T12763] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3416.023606][T12763] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3416.590767][T12763] veth0_vlan: entered promiscuous mode [ 3416.670316][ T5108] Bluetooth: hci3: command tx timeout [ 3416.893257][T12763] veth1_vlan: entered promiscuous mode [ 3416.920974][T12860] loop9: detected capacity change from 0 to 8192 [ 3416.941834][T12763] veth0_macvtap: entered promiscuous mode [ 3416.994021][T11349] usb 6-1: new high-speed USB device number 117 using dummy_hcd [ 3417.014483][T12763] veth1_macvtap: entered promiscuous mode [ 3417.057572][T12763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 3417.072989][T12763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 3417.085084][T12763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 3417.096783][T12763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 3417.107504][T12763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 3417.119406][T12763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 3417.132709][T12763] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 3417.171980][T12763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 3417.200166][T12763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 3417.226464][T12763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 3417.255885][T12763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 3417.284565][T12763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 3417.301876][T12763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 3417.315632][T12763] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 3417.338908][T12763] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3417.356272][T12763] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3417.376015][T12763] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3417.385590][T12763] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3417.475903][T11349] usb 6-1: Using ep0 maxpacket: 8 [ 3417.497699][T11349] usb 6-1: config 0 has an invalid interface number: 234 but max is 0 [ 3417.514484][T11349] usb 6-1: config 0 has no interface number 0 [ 3417.533952][T11349] usb 6-1: config 0 interface 234 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 3417.565952][T11349] usb 6-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice= d.5e [ 3417.590376][T11349] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3417.604692][T11349] usb 6-1: Product: syz [ 3417.615899][T11349] usb 6-1: Manufacturer: syz [ 3417.617930][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3417.628832][T11349] usb 6-1: SerialNumber: syz [ 3417.633615][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3417.647597][T11349] usb 6-1: config 0 descriptor?? [ 3417.674379][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3417.683631][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3417.867906][T11349] usb 6-1: USB disconnect, device number 117 [ 3417.879683][T12879] loop3: detected capacity change from 0 to 2048 [ 3417.895365][T12879] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 3419.050163][T11353] usb 4-1: new high-speed USB device number 85 using dummy_hcd [ 3419.253743][T11353] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 3419.300246][T11353] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 3419.355435][T11353] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 3419.488590][T11353] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3419.526684][T11353] usb 4-1: config 0 descriptor?? [ 3419.546629][T12881] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 3419.565133][T12894] nbd9: detected capacity change from 0 to 63 [ 3419.588089][T11353] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 3419.600656][T12895] block nbd9: NBD_DISCONNECT [ 3419.616360][T12895] block nbd9: Disconnected due to user request. [ 3419.629662][T12895] block nbd9: shutting down sockets [ 3420.707316][T12903] loop9: detected capacity change from 0 to 32768 [ 3420.730950][T12903] (syz.9.12307,12903,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x8153c289. Applying ECC. [ 3420.744852][T12903] (syz.9.12307,12903,1):ocfs2_block_check_validate:416 ERROR: Fixed CRC32 failed: stored: 0xb3775c19, computed 0x8aa5d6e2 [ 3420.757697][T12903] (syz.9.12307,12903,1):ocfs2_validate_inode_block:1382 ERROR: Checksum failed for dinode 18 [ 3420.768065][T12903] (syz.9.12307,12903,1):ocfs2_read_locked_inode:521 ERROR: status = -5 [ 3420.776981][T12903] (syz.9.12307,12903,1):ocfs2_init_global_system_inodes:448 ERROR: status = -5 [ 3420.786083][T12903] (syz.9.12307,12903,1):ocfs2_init_global_system_inodes:472 ERROR: status = -5 [ 3420.795579][T12903] (syz.9.12307,12903,1):ocfs2_initialize_super:2256 ERROR: status = -5 [ 3420.804121][T12903] (syz.9.12307,12903,1):ocfs2_fill_super:1178 ERROR: status = -5 [ 3421.022983][T12908] loop5: detected capacity change from 0 to 40427 [ 3421.032200][T12908] F2FS-fs (loop5): build fault injection attr: rate: 25, type: 0x7ffff [ 3421.042724][T12908] F2FS-fs (loop5): invalid crc value [ 3421.050943][T12908] F2FS-fs (loop5): inject kvmalloc in f2fs_kvmalloc of f2fs_fill_super+0x4552/0x6c20 [ 3421.060593][T12908] F2FS-fs (loop5): Failed to initialize F2FS segment manager (-12) [ 3422.611767][T11321] usb 4-1: USB disconnect, device number 85 [ 3423.021488][T12932] loop9: detected capacity change from 0 to 32768 [ 3423.085443][T12932] XFS (loop9): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3423.116558][T12932] XFS (loop9): Ending clean mount [ 3423.125760][T12932] XFS (loop9): Quotacheck needed: Please wait. [ 3423.824522][T12932] XFS (loop9): Quotacheck: Done. [ 3423.971506][ T5732] XFS (loop9): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3424.019261][T12955] loop3: detected capacity change from 0 to 256 [ 3424.058923][T12955] exfat: Deprecated parameter 'namecase' [ 3424.067031][T12955] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 3424.109650][T12955] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x7f1fc68d, utbl_chksum : 0xe619d30d) [ 3424.179269][ T27] audit: type=1800 audit(1759521727.292:721): pid=12955 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.12323" name="file1" dev="loop3" ino=1048723 res=0 errno=0 [ 3427.044874][T12983] loop5: detected capacity change from 0 to 32768 [ 3427.174895][T12983] find_entry called with index = 0 [ 3427.226397][T12983] find_entry called with index = 0 [ 3430.131098][T13014] loop9: detected capacity change from 0 to 32768 [ 3430.299962][T13014] XFS (loop9): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3430.399259][T13014] XFS (loop9): Ending clean mount [ 3430.410521][T13014] XFS (loop9): Quotacheck needed: Please wait. [ 3431.766187][T13014] XFS (loop9): Quotacheck: Done. [ 3431.777008][T13034] hfsplus: unable to find HFS+ superblock [ 3431.895847][ T5732] XFS (loop9): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3434.853580][T13058] loop5: detected capacity change from 0 to 32768 [ 3435.202516][T13058] XFS (loop5): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3435.265640][T13058] XFS (loop5): Ending clean mount [ 3435.275833][T13058] XFS (loop5): Quotacheck needed: Please wait. [ 3435.414972][T13058] XFS (loop5): Quotacheck: Done. [ 3435.437802][ T1898] Bluetooth: hci4: Frame reassembly failed (-84) [ 3435.447997][T13071] Bluetooth: hci4: Frame reassembly failed (-84) [ 3435.526328][T13073] loop9: detected capacity change from 0 to 2048 [ 3435.549584][T11188] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3435.565681][T13073] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 3435.891008][T13075] loop3: detected capacity change from 0 to 32768 [ 3435.899745][T13075] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.12360 (13075) [ 3435.916021][T13075] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 3435.926344][T13075] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 3435.936269][T13075] BTRFS info (device loop3): metadata ratio 2 [ 3435.942490][T13075] BTRFS info (device loop3): allowing degraded mounts [ 3435.949309][T13075] BTRFS info (device loop3): force zlib compression, level 3 [ 3435.956830][T13075] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 3435.967556][T13075] BTRFS info (device loop3): use zstd compression, level 3 [ 3435.974951][T13075] BTRFS info (device loop3): force clearing of disk cache [ 3435.982380][T13075] BTRFS info (device loop3): use zlib compression, level 3 [ 3435.989649][T13075] BTRFS warning (device loop3): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 3436.000546][T13075] BTRFS info (device loop3): trying to use backup root at mount time [ 3436.008672][T13075] BTRFS info (device loop3): using free space tree [ 3436.201091][ T5402] BTRFS warning (device loop3): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0x32f839c6 level 0 [ 3436.279442][T13075] BTRFS warning (device loop3): couldn't read tree root [ 3436.287574][T13075] BTRFS warning (device loop3): try to load backup roots slot 1 [ 3436.296156][ T2605] BTRFS warning (device loop3): checksum verify failed on logical 5316608 mirror 1 wanted 0x5387c9d6 found 0xc5289bf1 level 0 [ 3436.311735][T13075] BTRFS error (device loop3): failed to load root extent [ 3436.318829][T13075] BTRFS warning (device loop3): try to load backup roots slot 2 [ 3436.326995][ T5402] BTRFS error (device loop3): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 3436.339635][T13075] BTRFS warning (device loop3): couldn't read tree root [ 3436.347948][T13075] BTRFS warning (device loop3): try to load backup roots slot 3 [ 3436.364047][T13075] BTRFS info (device loop3): enabling ssd optimizations [ 3436.373205][T13075] BTRFS info (device loop3): rebuilding free space tree [ 3436.436465][T13075] BTRFS info (device loop3): checking UUID tree [ 3436.583369][T12763] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 3437.506627][T27938] Bluetooth: hci4: command 0x1003 tx timeout [ 3437.517346][ T5108] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 3438.454650][T13117] loop3: detected capacity change from 0 to 32768 [ 3438.483916][T13120] hfsplus: unable to find HFS+ superblock [ 3438.556317][T13117] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3438.939518][T13133] loop5: detected capacity change from 0 to 32768 [ 3438.969448][T13117] XFS (loop3): Ending clean mount [ 3438.977455][T13133] XFS (loop5): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3438.977650][T13117] XFS (loop3): Quotacheck needed: Please wait. [ 3439.088728][T13133] XFS (loop5): Ending clean mount [ 3439.231636][T13117] XFS (loop3): Quotacheck: Done. [ 3439.413824][T11188] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3439.444354][T12763] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3440.048342][T13148] loop3: detected capacity change from 0 to 256 [ 3441.961299][T13171] loop3: detected capacity change from 0 to 32768 [ 3442.015351][T13171] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3442.214820][T13164] loop5: detected capacity change from 0 to 32768 [ 3442.249257][T13171] XFS (loop3): Ending clean mount [ 3442.257931][T13171] XFS (loop3): Quotacheck needed: Please wait. [ 3442.269050][T13164] BTRFS: device fsid c6b85f58-0c7e-41ca-a553-c8d9f94f6663 devid 1 transid 8 /dev/loop5 scanned by syz.5.12381 (13164) [ 3442.298103][T13164] BTRFS info (device loop5): first mount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 3442.318118][T13164] BTRFS info (device loop5): using blake2b (blake2b-256-generic) checksum algorithm [ 3442.331912][T13164] BTRFS info (device loop5): setting incompat feature flag for COMPRESS_LZO (0x8) [ 3442.347206][T13164] BTRFS info (device loop5): use lzo compression, level 0 [ 3442.372809][T13164] BTRFS info (device loop5): using free space tree [ 3442.398866][T13171] XFS (loop3): Quotacheck: Done. [ 3442.447118][T12763] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3442.692627][T13164] BTRFS info (device loop5): enabling ssd optimizations [ 3442.700314][T13164] BTRFS info (device loop5): auto enabling async discard [ 3442.851322][T11188] BTRFS info (device loop5): last unmount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 3443.992898][T13207] loop3: detected capacity change from 0 to 32768 [ 3444.075948][T13207] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.12388 (13207) [ 3444.093390][T13207] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 3444.103737][T13207] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 3444.112658][T13207] BTRFS info (device loop3): enabling ssd optimizations [ 3444.119633][T13207] BTRFS info (device loop3): using spread ssd allocation scheme [ 3444.127682][T13207] BTRFS info (device loop3): setting nodatacow, compression disabled [ 3444.135813][T13207] BTRFS info (device loop3): not using ssd optimizations [ 3444.142911][T13207] BTRFS info (device loop3): not using spread ssd allocation scheme [ 3444.151011][T13207] BTRFS info (device loop3): max_inline at 0 [ 3444.157004][T13207] BTRFS info (device loop3): using free space tree [ 3444.315980][T13207] BTRFS info (device loop3): auto enabling async discard [ 3444.776200][T13230] loop5: detected capacity change from 0 to 128 [ 3444.878349][T12763] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 3445.474905][T11353] usb 1-1: new high-speed USB device number 102 using dummy_hcd [ 3445.710544][T11353] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 3445.727404][T11353] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 3445.777627][T11353] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 3445.806091][T11353] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3445.845086][T11353] usb 1-1: config 0 descriptor?? [ 3445.891056][T13234] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 3445.896794][T13238] loop5: detected capacity change from 0 to 32768 [ 3445.907225][T13238] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 scanned by syz.5.12395 (13238) [ 3445.928822][T11353] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 3445.931670][T13238] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 3445.946474][T13238] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 3445.955424][T13238] BTRFS info (device loop5): setting nodatacow, compression disabled [ 3445.963693][T13238] BTRFS info (device loop5): max_inline at 0 [ 3445.970229][T13238] BTRFS info (device loop5): using free space tree [ 3445.978443][T13242] hfsplus: unable to find HFS+ superblock [ 3446.014830][T13238] BTRFS info (device loop5): auto enabling async discard [ 3446.279651][T11188] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 3446.627061][T13269] loop9: detected capacity change from 0 to 256 [ 3448.110689][T11321] usb 1-1: USB disconnect, device number 102 [ 3448.131278][T13292] loop5: detected capacity change from 0 to 128 [ 3448.141265][T13292] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 3448.159894][T13292] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 3448.411137][T13295] hfsplus: unable to find HFS+ superblock [ 3450.405504][T13318] netlink: 'syz.5.12416': attribute type 322 has an invalid length. [ 3450.570199][T11321] usb 10-1: new full-speed USB device number 28 using dummy_hcd [ 3450.929893][T11321] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 3450.951013][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 3450.958143][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 3450.971152][T11321] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 3450.992844][T11321] usb 10-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00 [ 3451.002803][T11321] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3451.016092][T11321] usb 10-1: config 0 descriptor?? [ 3451.896439][T11321] zydacron 0003:13EC:0006.0030: unknown main item tag 0x0 [ 3451.908249][T11321] zydacron 0003:13EC:0006.0030: unknown main item tag 0x0 [ 3451.917187][T11321] zydacron 0003:13EC:0006.0030: unknown main item tag 0x0 [ 3451.925984][T11321] zydacron 0003:13EC:0006.0030: unknown main item tag 0x0 [ 3451.940902][T11321] zydacron 0003:13EC:0006.0030: hidraw0: USB HID v0.00 Device [HID 13ec:0006] on usb-dummy_hcd.9-1/input0 [ 3452.126381][T11321] usb 10-1: USB disconnect, device number 28 [ 3452.308486][T13333] loop5: detected capacity change from 0 to 32768 [ 3452.334909][T13333] XFS (loop5): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3452.509870][T13333] XFS (loop5): Ending clean mount [ 3452.525519][T13333] XFS (loop5): Quotacheck needed: Please wait. [ 3453.010083][T13333] XFS (loop5): Quotacheck: Done. [ 3453.173246][T11188] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3453.905024][T13374] loop5: detected capacity change from 0 to 32768 [ 3453.936400][T13374] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 scanned by syz.5.12434 (13374) [ 3453.955243][T13374] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 3453.965566][T13374] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 3453.974385][T13374] BTRFS info (device loop5): enabling ssd optimizations [ 3453.981469][T13374] BTRFS info (device loop5): using spread ssd allocation scheme [ 3453.989206][T13374] BTRFS info (device loop5): setting nodatacow, compression disabled [ 3453.997491][T13374] BTRFS info (device loop5): not using ssd optimizations [ 3454.004709][T13374] BTRFS info (device loop5): not using spread ssd allocation scheme [ 3454.012865][T13374] BTRFS info (device loop5): max_inline at 0 [ 3454.018918][T13374] BTRFS info (device loop5): using free space tree [ 3454.179768][T13374] BTRFS info (device loop5): auto enabling async discard [ 3454.371660][T11188] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 3454.946890][T13405] hfsplus: unable to find HFS+ superblock [ 3455.159445][T13407] loop3: detected capacity change from 0 to 65 [ 3455.207116][T13407] BFS-fs: bfs_fill_super(): NOTE: filesystem loop3 was created with 512 inodes, the real maximum is 511, mounting anyway [ 3455.414283][T13411] loop5: detected capacity change from 0 to 2048 [ 3455.443036][T13411] UDF-fs: error (device loop5): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 3455.460867][T13411] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 3455.468635][T13411] UDF-fs: Scanning with blocksize 512 failed [ 3455.486147][T13411] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 3457.200892][T13438] loop3: detected capacity change from 0 to 4096 [ 3457.302887][T13445] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 3457.536018][T13448] loop5: detected capacity change from 0 to 128 [ 3457.610288][ T27] audit: type=1800 audit(1759521760.722:722): pid=13448 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.12459" name="file1" dev="loop5" ino=1048728 res=0 errno=0 [ 3457.661724][T13448] FAT-fs (loop5): error, invalid FAT chain (i_pos 548, last_block 8) [ 3457.710806][T13448] FAT-fs (loop5): Filesystem has been set read-only [ 3457.717740][T13448] FAT-fs (loop5): error, corrupted file size (i_pos 548, 522) [ 3457.774553][T13449] FAT-fs (loop5): error, corrupted file size (i_pos 548, 522) [ 3458.080613][T13453] loop9: detected capacity change from 0 to 512 [ 3458.182626][T13453] EXT4-fs error (device loop9): ext4_orphan_get:1399: inode #15: comm syz.9.12463: casefold flag without casefold feature [ 3458.213880][T13453] EXT4-fs error (device loop9): ext4_orphan_get:1404: comm syz.9.12463: couldn't read orphan inode 15 (err -117) [ 3458.239963][T13451] loop3: detected capacity change from 0 to 32768 [ 3458.249266][T13451] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.12460 (13451) [ 3458.249648][T13453] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 3458.286333][T13451] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 3458.296647][T13451] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 3458.305430][T13451] BTRFS info (device loop3): using free space tree [ 3458.379043][T13451] BTRFS info (device loop3): enabling ssd optimizations [ 3458.386554][T13451] BTRFS info (device loop3): auto enabling async discard [ 3458.406094][ T5732] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 3458.493522][T12763] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 3459.923965][T13501] loop3: detected capacity change from 0 to 256 [ 3459.952257][T13501] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 3459.971177][T13501] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 3460.010957][T13501] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 3460.375379][T13495] loop9: detected capacity change from 0 to 32768 [ 3460.394555][T13495] XFS (loop9): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3460.460114][T13495] XFS (loop9): Ending clean mount [ 3460.468593][T13495] XFS (loop9): Quotacheck needed: Please wait. [ 3460.612009][T13495] XFS (loop9): Quotacheck: Done. [ 3460.754895][ T5732] XFS (loop9): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3460.863838][T13523] loop3: detected capacity change from 0 to 128 [ 3463.386389][T13545] loop3: detected capacity change from 0 to 32768 [ 3463.404940][T13545] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3463.462755][T13545] XFS (loop3): Ending clean mount [ 3463.480234][T13545] XFS (loop3): Quotacheck needed: Please wait. [ 3463.488326][T13556] loop5: detected capacity change from 0 to 32768 [ 3463.523139][T13556] XFS (loop5): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3463.597102][T13545] XFS (loop3): Quotacheck: Done. [ 3463.605996][T13556] XFS (loop5): Ending clean mount [ 3463.670875][T12763] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3463.682258][T11188] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3464.778893][T13596] loop5: detected capacity change from 0 to 32768 [ 3464.793909][T13596] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 scanned by syz.5.12506 (13596) [ 3464.820536][T13596] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 3464.830831][T13596] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm [ 3464.839482][T13596] BTRFS info (device loop5): using free space tree [ 3464.915150][T13596] BTRFS info (device loop5): enabling ssd optimizations [ 3464.922462][T13596] BTRFS info (device loop5): auto enabling async discard [ 3465.111798][T11188] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 3465.905700][T13609] loop3: detected capacity change from 0 to 32768 [ 3466.043262][T13609] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3466.158110][T13609] XFS (loop3): Ending clean mount [ 3466.166238][T13609] XFS (loop3): Quotacheck needed: Please wait. [ 3466.258813][T13609] XFS (loop3): Quotacheck: Done. [ 3466.359405][T12763] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3466.484237][T13615] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 3466.514648][T13615] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 3466.544110][T13615] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 3466.597248][T13615] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 3466.649527][T13615] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 3466.680404][T13615] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 3466.687570][T13615] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 3466.715487][T13615] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 3467.323051][T13630] loop3: detected capacity change from 0 to 32768 [ 3467.341408][T13630] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.12510 (13630) [ 3467.524610][T13630] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 3467.535538][T13630] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 3467.544383][T13630] BTRFS info (device loop3): enabling ssd optimizations [ 3467.551521][T13630] BTRFS info (device loop3): using spread ssd allocation scheme [ 3467.559204][T13630] BTRFS info (device loop3): not using ssd optimizations [ 3467.566328][T13630] BTRFS info (device loop3): not using spread ssd allocation scheme [ 3467.575516][T13630] BTRFS info (device loop3): setting nodatasum [ 3467.582532][T13630] BTRFS info (device loop3): using free space tree [ 3467.740459][ T5108] Bluetooth: hci2: command 0x0406 tx timeout [ 3467.748473][T13637] loop9: detected capacity change from 0 to 32768 [ 3467.865438][T12763] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 3468.643617][ T5108] Bluetooth: hci0: command 0x0c1a tx timeout [ 3468.706182][ T5108] Bluetooth: hci3: command 0x0c1a tx timeout [ 3469.147668][T13670] loop3: detected capacity change from 0 to 32768 [ 3469.164263][T13670] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.12524 (13670) [ 3469.186303][T13670] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 3469.196710][T13670] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 3469.205686][T13670] BTRFS info (device loop3): using free space tree [ 3469.284465][T13672] loop9: detected capacity change from 0 to 40427 [ 3469.306911][T13657] loop5: detected capacity change from 0 to 32768 [ 3469.314533][T13672] F2FS-fs (loop9): build fault injection attr: rate: 14, type: 0x7ffff [ 3469.325003][T13670] BTRFS info (device loop3): enabling ssd optimizations [ 3469.332322][T13670] BTRFS info (device loop3): auto enabling async discard [ 3469.359005][T13657] BTRFS warning: duplicate device /dev/loop5 devid 1 generation 8 scanned by syz.5.12519 (13657) [ 3469.632400][T12763] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 3469.796171][T13692] loop9: detected capacity change from 0 to 164 [ 3469.827716][ T5108] Bluetooth: hci2: command 0x0406 tx timeout [ 3469.901560][T13692] Unable to read rock-ridge attributes [ 3470.042252][T13692] Unable to read rock-ridge attributes [ 3470.489835][T13710] loop3: detected capacity change from 0 to 2048 [ 3470.506975][T13710] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 3470.538669][T13712] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 3470.550885][T13710] syz.3.12535: attempt to access beyond end of device [ 3470.550885][T13710] loop3: rw=524288, sector=65534, nr_sectors = 2 limit=2048 [ 3470.618562][ T27] audit: type=1800 audit(1759521773.732:723): pid=13710 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.12535" name="file2" dev="loop3" ino=16 res=0 errno=0 [ 3470.700560][T27938] Bluetooth: hci0: command 0x0c1a tx timeout [ 3470.780584][T27938] Bluetooth: hci3: command 0x0c1a tx timeout [ 3470.847353][T13709] loop5: detected capacity change from 0 to 32768 [ 3470.856460][T13709] BTRFS: device fsid c6b85f58-0c7e-41ca-a553-c8d9f94f6663 devid 1 transid 8 /dev/loop5 scanned by syz.5.12534 (13709) [ 3470.872418][T13709] BTRFS info (device loop5): first mount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 3470.882939][T13709] BTRFS info (device loop5): using blake2b (blake2b-256-generic) checksum algorithm [ 3470.893319][T13709] BTRFS info (device loop5): setting incompat feature flag for COMPRESS_LZO (0x8) [ 3470.904336][T13709] BTRFS info (device loop5): use lzo compression, level 0 [ 3470.912009][T13709] BTRFS info (device loop5): using free space tree [ 3470.942010][T13709] BTRFS info (device loop5): enabling ssd optimizations [ 3470.949243][T13709] BTRFS info (device loop5): auto enabling async discard [ 3471.008619][T11188] BTRFS info (device loop5): last unmount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 3471.051174][T11349] usb 4-1: new high-speed USB device number 86 using dummy_hcd [ 3471.260754][T11349] usb 4-1: Using ep0 maxpacket: 8 [ 3471.277672][T11349] usb 4-1: config 0 has an invalid interface number: 37 but max is 0 [ 3471.286808][T11349] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 3471.307393][T11349] usb 4-1: config 0 has no interface number 0 [ 3471.354750][T11349] usb 4-1: New USB device found, idVendor=0421, idProduct=0508, bcdDevice=50.d3 [ 3471.364792][T11349] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3471.380150][T11349] usb 4-1: Product: syz [ 3471.411315][T11349] usb 4-1: Manufacturer: syz [ 3471.415995][T11349] usb 4-1: SerialNumber: syz [ 3471.452898][T11349] usb 4-1: config 0 descriptor?? [ 3471.532031][T11349] usb 4-1: bad CDC descriptors [ 3471.548050][T11349] usb 4-1: bad CDC descriptors [ 3472.133437][T13732] loop9: detected capacity change from 0 to 32768 [ 3472.160892][T13732] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop9 scanned by syz.9.12538 (13732) [ 3472.204010][T13732] BTRFS info (device loop9): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 3472.217209][T11345] usb 4-1: USB disconnect, device number 86 [ 3472.280080][T13732] BTRFS info (device loop9): using sha256 (sha256-avx2) checksum algorithm [ 3472.340330][T13732] BTRFS info (device loop9): using free space tree [ 3472.588588][T13732] BTRFS info (device loop9): enabling ssd optimizations [ 3472.598087][T13732] BTRFS info (device loop9): auto enabling async discard [ 3472.747856][ T5732] BTRFS info (device loop9): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 3472.780660][T27938] Bluetooth: hci0: command 0x0c1a tx timeout [ 3472.889252][T27938] Bluetooth: hci3: command 0x0c1a tx timeout [ 3473.935002][T13790] loop5: detected capacity change from 0 to 512 [ 3474.040605][T13790] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 3474.091957][T13790] ext4 filesystem being mounted at /181/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 3474.404850][T11188] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 3474.739834][T13802] ptrace attach of "./syz-executor exec"[11188] was attempted by "./syz-executor exec"[13802] [ 3474.902915][T27938] Bluetooth: hci0: unexpected event for opcode 0x2035 [ 3474.940166][T27938] Bluetooth: hci3: command 0x0c1a tx timeout [ 3475.393309][ T5108] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 3475.415433][ T5108] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 3475.425852][ T5108] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 3475.463519][ T5108] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 3475.472021][ T5108] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 3475.479431][ T5108] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 3476.051969][ T4873] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3476.338650][ T4873] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3476.575400][T13806] loop5: detected capacity change from 0 to 32768 [ 3476.649227][T13806] XFS (loop5): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3476.651767][ T4873] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3476.782176][ T4873] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3476.788470][T13806] XFS (loop5): Ending clean mount [ 3476.814291][T13806] XFS (loop5): Quotacheck needed: Please wait. [ 3476.820301][T13832] loop3: detected capacity change from 0 to 512 [ 3476.877817][T13832] EXT4-fs (loop3): orphan cleanup on readonly fs [ 3476.931571][T13832] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -13 [ 3476.939844][T13806] XFS (loop5): Quotacheck: Done. [ 3476.955092][T13832] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 3476.978360][T13832] EXT4-fs error (device loop3): ext4_clear_blocks:883: inode #13: comm syz.3.12566: attempt to clear invalid blocks 2 len 1 [ 3477.003997][T13832] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.12566: invalid indirect mapped block 1819239214 (level 0) [ 3477.046920][T13832] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.12566: invalid indirect mapped block 1819239214 (level 1) [ 3477.077892][T11188] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3477.123301][T13832] EXT4-fs (loop3): 1 truncate cleaned up [ 3477.132476][T13832] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 3477.324783][T13809] chnl_net:caif_netlink_parms(): no params data found [ 3477.404558][T12763] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 3478.141246][T27938] Bluetooth: hci1: command tx timeout [ 3478.957298][T27938] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 3478.969292][T27938] Bluetooth: hci0: Injecting HCI hardware error event [ 3478.981497][T27938] Bluetooth: hci0: hardware error 0x00 [ 3479.238659][T13809] bridge0: port 1(bridge_slave_0) entered blocking state [ 3479.258093][T13809] bridge0: port 1(bridge_slave_0) entered disabled state [ 3479.280392][T13809] bridge_slave_0: entered allmulticast mode [ 3479.295140][T13809] bridge_slave_0: entered promiscuous mode [ 3479.312022][T13849] loop3: detected capacity change from 0 to 32768 [ 3479.380224][T13849] BTRFS: device fsid c6b85f58-0c7e-41ca-a553-c8d9f94f6663 devid 1 transid 8 /dev/loop3 scanned by syz.3.12573 (13849) [ 3479.407762][T13809] bridge0: port 2(bridge_slave_1) entered blocking state [ 3479.422902][T13849] BTRFS info (device loop3): first mount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 3479.435554][T13809] bridge0: port 2(bridge_slave_1) entered disabled state [ 3479.450252][T13849] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 3479.464656][T13809] bridge_slave_1: entered allmulticast mode [ 3479.475056][T13849] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_LZO (0x8) [ 3479.482297][T13809] bridge_slave_1: entered promiscuous mode [ 3479.494769][T13849] BTRFS info (device loop3): use lzo compression, level 0 [ 3479.511896][T13849] BTRFS info (device loop3): using free space tree [ 3479.710813][T13809] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3479.723973][T13809] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3479.741225][T13849] BTRFS info (device loop3): enabling ssd optimizations [ 3479.748282][T13849] BTRFS info (device loop3): auto enabling async discard [ 3479.903570][T12763] BTRFS info (device loop3): last unmount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 3480.033937][T13809] team0: Port device team_slave_0 added [ 3480.178358][T13809] team0: Port device team_slave_1 added [ 3480.229707][ T5108] Bluetooth: hci1: command tx timeout [ 3480.554476][T13809] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 3480.566636][T13809] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3480.633339][T13809] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 3481.133418][T27938] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 3481.210865][T11321] usb 4-1: new full-speed USB device number 87 using dummy_hcd [ 3481.224612][T13809] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 3481.240463][T13809] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3481.319930][T13809] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 3481.413025][T11321] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 3481.424812][T11321] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 3481.513068][T11321] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 3481.523851][T11321] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3481.538024][T11321] usb 4-1: Product: syz [ 3481.542541][T11321] usb 4-1: Manufacturer: syz [ 3481.548654][T11321] usb 4-1: SerialNumber: syz [ 3481.596621][T13885] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 3481.611670][ T4873] hsr_slave_0: left promiscuous mode [ 3481.631166][ T4873] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 3481.647088][T13888] loop5: detected capacity change from 0 to 32768 [ 3481.649021][ T4873] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 3481.663426][T13888] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 scanned by syz.5.12583 (13888) [ 3481.681828][ T4873] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 3481.691755][ T4873] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 3481.700469][ T4873] bridge_slave_1: left allmulticast mode [ 3481.706979][ T4873] bridge_slave_1: left promiscuous mode [ 3481.713353][T13888] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 3481.723956][ T4873] bridge0: port 2(bridge_slave_1) entered disabled state [ 3481.731596][T13888] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm [ 3481.740991][T13888] BTRFS info (device loop5): using free space tree [ 3481.742958][ T4873] bridge_slave_0: left allmulticast mode [ 3481.755950][ T4873] bridge_slave_0: left promiscuous mode [ 3481.765017][ T4873] bridge0: port 1(bridge_slave_0) entered disabled state [ 3481.840487][ T4873] veth1_macvtap: left promiscuous mode [ 3481.845514][T13888] BTRFS info (device loop5): enabling ssd optimizations [ 3481.846275][ T4873] veth0_macvtap: left promiscuous mode [ 3481.860368][T13888] BTRFS info (device loop5): auto enabling async discard [ 3481.869264][ T4873] veth1_vlan: left promiscuous mode [ 3481.874910][ T4873] veth0_vlan: left promiscuous mode [ 3481.929946][T11188] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 3482.310792][T27938] Bluetooth: hci1: command tx timeout [ 3482.634365][T11321] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 3482.640992][T11321] cdc_ncm 4-1:1.0: dwNtbInMaxSize=1 is too small. Using 2048 [ 3482.648413][T11321] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 3482.816749][T13915] loop5: detected capacity change from 0 to 2048 [ 3482.825340][T13915] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=27485, location=27485 [ 3482.867132][T11321] cdc_ncm 4-1:1.0: setting tx_max = 16384 [ 3482.896447][T13915] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 3483.645278][T13919] loop5: detected capacity change from 0 to 32768 [ 3483.712627][T13919] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 scanned by syz.5.12589 (13919) [ 3483.928866][T13921] loop3: detected capacity change from 0 to 32768 [ 3483.953801][T13919] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 3483.965011][T13919] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm [ 3483.973925][T13919] BTRFS info (device loop5): using free space tree [ 3483.991673][T13921] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 3484.054669][T13921] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 3484.227718][T13921] (syz.3.12590,13921,1):ocfs2_read_blocks:239 ERROR: status = -12 [ 3484.236685][T13921] (syz.3.12590,13921,1):ocfs2_search_chain:1761 ERROR: status = -12 [ 3484.245782][T13921] (syz.3.12590,13921,1):ocfs2_search_chain:1871 ERROR: status = -12 [ 3484.254129][T13921] (syz.3.12590,13921,1):ocfs2_claim_suballoc_bits:1940 ERROR: status = -12 [ 3484.263433][T13921] (syz.3.12590,13921,0):ocfs2_claim_suballoc_bits:1983 ERROR: status = -12 [ 3484.352727][T13921] (syz.3.12590,13921,0):__ocfs2_claim_clusters:2355 ERROR: status = -12 [ 3484.361886][T13921] (syz.3.12590,13921,0):__ocfs2_claim_clusters:2363 ERROR: status = -12 [ 3484.561785][T13921] (syz.3.12590,13921,1):ocfs2_local_alloc_new_window:1203 ERROR: status = -12 [ 3484.573046][T13921] (syz.3.12590,13921,1):ocfs2_local_alloc_new_window:1228 ERROR: status = -12 [ 3484.583643][T13921] (syz.3.12590,13921,1):ocfs2_local_alloc_slide_window:1302 ERROR: status = -12 [ 3484.609444][T13921] (syz.3.12590,13921,1):ocfs2_local_alloc_slide_window:1321 ERROR: status = -12 [ 3484.620132][T13921] (syz.3.12590,13921,1):ocfs2_reserve_local_alloc_bits:671 ERROR: status = -12 [ 3484.631336][T13921] (syz.3.12590,13921,1):ocfs2_reserve_local_alloc_bits:709 ERROR: status = -12 [ 3484.645917][T13921] (syz.3.12590,13921,1):ocfs2_reserve_clusters_with_limit:1166 ERROR: status = -12 [ 3484.657877][T13921] (syz.3.12590,13921,1):ocfs2_reserve_clusters_with_limit:1215 ERROR: status = -12 [ 3484.674742][T13921] (syz.3.12590,13921,1):ocfs2_mknod:357 ERROR: status = -12 [ 3484.705593][T13921] (syz.3.12590,13921,1):ocfs2_mknod:502 ERROR: status = -12 [ 3484.715478][T13921] (syz.3.12590,13921,1):ocfs2_mkdir:659 ERROR: status = -12 [ 3484.739390][T27938] Bluetooth: hci1: command tx timeout [ 3484.801633][T13919] BTRFS info (device loop5): enabling ssd optimizations [ 3484.808737][T13919] BTRFS info (device loop5): auto enabling async discard [ 3485.037995][ T4873] team0 (unregistering): Port device team_slave_1 removed [ 3485.195123][ T4873] team0 (unregistering): Port device team_slave_0 removed [ 3485.205511][T12763] ocfs2: Unmounting device (7,3) on (node local) [ 3485.360701][T11188] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 3485.421476][ T4873] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3485.809829][ T4873] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3486.480302][T14344] usb 6-1: new high-speed USB device number 118 using dummy_hcd [ 3486.870384][T14344] usb 6-1: Using ep0 maxpacket: 32 [ 3486.878646][T14344] usb 6-1: config 0 has an invalid interface number: 67 but max is 0 [ 3486.887489][T14344] usb 6-1: config 0 has no interface number 0 [ 3486.903263][T14344] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 3486.920132][T14344] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3486.936276][T14344] usb 6-1: Product: syz [ 3486.955619][T14344] usb 6-1: Manufacturer: syz [ 3486.975877][T14344] usb 6-1: SerialNumber: syz [ 3487.083997][T14344] usb 6-1: config 0 descriptor?? [ 3487.151239][T14344] smsc95xx v2.0.0 [ 3487.550355][T13957] loop3: detected capacity change from 0 to 32768 [ 3487.610544][T13957] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3487.760184][T13957] XFS (loop3): Ending clean mount [ 3487.791149][T14344] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 3487.803030][T14344] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 3487.824128][T13957] XFS (loop3): Quotacheck needed: Please wait. [ 3488.649756][T13957] XFS (loop3): Quotacheck: Done. [ 3488.751180][T12763] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3489.499440][ T4873] bond0 (unregistering): Released all slaves [ 3489.706692][T13809] hsr_slave_0: entered promiscuous mode [ 3489.716156][T13809] hsr_slave_1: entered promiscuous mode [ 3489.749424][T11321] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 3489.797327][T11321] usb 4-1: USB disconnect, device number 87 [ 3489.805587][T11321] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM (NO ZLP) [ 3490.852020][T13992] loop3: detected capacity change from 0 to 32768 [ 3490.900396][T13992] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.12608 (13992) [ 3490.965499][T14344] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000006c: -71 [ 3491.170719][T14344] smsc95xx: probe of 6-1:0.67 failed with error -71 [ 3491.245027][T14344] usb 6-1: USB disconnect, device number 118 [ 3491.463501][T13992] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 3491.473968][T13992] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 3491.482857][T13992] BTRFS info (device loop3): enabling ssd optimizations [ 3491.489856][T13992] BTRFS info (device loop3): using spread ssd allocation scheme [ 3491.497673][T13992] BTRFS info (device loop3): setting nodatacow, compression disabled [ 3491.505928][T13992] BTRFS info (device loop3): not using ssd optimizations [ 3491.513113][T13992] BTRFS info (device loop3): not using spread ssd allocation scheme [ 3491.521299][T13992] BTRFS info (device loop3): max_inline at 0 [ 3491.527395][T13992] BTRFS info (device loop3): using free space tree [ 3492.265993][T13992] BTRFS info (device loop3): auto enabling async discard [ 3492.482165][T12763] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 3492.554224][T13809] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 3492.627014][T13809] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 3492.733827][T13809] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 3492.761270][T13809] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 3493.230828][T13809] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3493.395424][T13809] 8021q: adding VLAN 0 to HW filter on device team0 [ 3493.866931][T14039] loop5: detected capacity change from 0 to 32768 [ 3493.975007][T14039] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 scanned by syz.5.12618 (14039) [ 3494.082740][ T2962] bridge0: port 1(bridge_slave_0) entered blocking state [ 3494.090080][ T2962] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3494.126456][ T2962] bridge0: port 2(bridge_slave_1) entered blocking state [ 3494.133753][ T2962] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3494.148324][T14042] loop3: detected capacity change from 0 to 1024 [ 3494.164457][T14042] hfsplus: gid requires an argument [ 3494.203192][T14042] hfsplus: unable to parse mount options [ 3494.385248][T14039] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 3494.396009][T14039] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 3494.405593][T14039] BTRFS info (device loop5): enabling ssd optimizations [ 3494.412842][T14039] BTRFS info (device loop5): using spread ssd allocation scheme [ 3494.420824][T14039] BTRFS info (device loop5): setting nodatacow, compression disabled [ 3494.428966][T14039] BTRFS info (device loop5): not using ssd optimizations [ 3494.436124][T14039] BTRFS info (device loop5): not using spread ssd allocation scheme [ 3494.444847][T14039] BTRFS info (device loop5): max_inline at 0 [ 3494.451902][T14039] BTRFS info (device loop5): using free space tree [ 3495.195766][T14039] BTRFS info (device loop5): auto enabling async discard [ 3495.394308][T11188] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 3495.445375][T13809] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3496.294443][T13809] veth0_vlan: entered promiscuous mode [ 3496.366692][T13809] veth1_vlan: entered promiscuous mode [ 3496.465662][T13809] veth0_macvtap: entered promiscuous mode [ 3496.497748][T13809] veth1_macvtap: entered promiscuous mode [ 3496.554256][T13809] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 3496.575308][T13809] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 3496.588948][T13809] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 3496.610071][T13809] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 3496.619972][T13809] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 3496.660269][T13809] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 3496.682170][T13809] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 3496.728513][T13809] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 3496.740980][T13809] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 3496.751816][T13809] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 3496.764600][T13809] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 3496.776351][T13809] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 3497.611076][T13809] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 3497.645831][T13809] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 3497.717984][T13809] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3497.734990][T13809] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3497.747331][T13809] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3497.775842][T13809] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3498.161517][ T2962] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3498.169414][ T2962] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3498.277270][T14105] loop3: detected capacity change from 0 to 2048 [ 3498.316707][ T1023] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3498.349650][ T1023] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3498.402774][T14109] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 3498.836019][T14113] loop9: detected capacity change from 0 to 32768 [ 3498.850891][T14113] ocfs2: Slot 0 on device (7,9) was already allocated to this node! [ 3498.893892][T14113] ocfs2: Mounting device (7,9) on (node local, slot 0) with ordered data mode. [ 3498.938790][T14113] (syz.9.12557,14113,1):ocfs2_read_blocks:239 ERROR: status = -12 [ 3498.947508][T14113] (syz.9.12557,14113,1):ocfs2_search_chain:1761 ERROR: status = -12 [ 3498.957605][T14113] (syz.9.12557,14113,1):ocfs2_search_chain:1871 ERROR: status = -12 [ 3498.966028][T14113] (syz.9.12557,14113,1):ocfs2_claim_suballoc_bits:1940 ERROR: status = -12 [ 3498.974732][T14113] (syz.9.12557,14113,1):ocfs2_claim_suballoc_bits:1983 ERROR: status = -12 [ 3498.983490][T14113] (syz.9.12557,14113,1):__ocfs2_claim_clusters:2355 ERROR: status = -12 [ 3498.991950][T14113] (syz.9.12557,14113,1):__ocfs2_claim_clusters:2363 ERROR: status = -12 [ 3499.000782][T14113] (syz.9.12557,14113,1):ocfs2_local_alloc_new_window:1203 ERROR: status = -12 [ 3499.010581][T14113] (syz.9.12557,14113,1):ocfs2_local_alloc_new_window:1228 ERROR: status = -12 [ 3499.019504][T14113] (syz.9.12557,14113,1):ocfs2_local_alloc_slide_window:1302 ERROR: status = -12 [ 3499.029074][T14113] (syz.9.12557,14113,1):ocfs2_local_alloc_slide_window:1321 ERROR: status = -12 [ 3499.038258][T14113] (syz.9.12557,14113,1):ocfs2_reserve_local_alloc_bits:671 ERROR: status = -12 [ 3499.047377][T14113] (syz.9.12557,14113,1):ocfs2_reserve_local_alloc_bits:709 ERROR: status = -12 [ 3499.056712][T14113] (syz.9.12557,14113,1):ocfs2_reserve_clusters_with_limit:1166 ERROR: status = -12 [ 3499.066197][T14113] (syz.9.12557,14113,1):ocfs2_reserve_clusters_with_limit:1215 ERROR: status = -12 [ 3499.075629][T14113] (syz.9.12557,14113,1):ocfs2_mknod:357 ERROR: status = -12 [ 3499.083179][T14113] (syz.9.12557,14113,1):ocfs2_mknod:502 ERROR: status = -12 [ 3499.090602][T14113] (syz.9.12557,14113,1):ocfs2_mkdir:659 ERROR: status = -12 [ 3499.194329][T13809] ocfs2: Unmounting device (7,9) on (node local) [ 3499.741666][T14133] loop3: detected capacity change from 0 to 32768 [ 3499.761154][T14133] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.12643 (14133) [ 3499.784122][T14133] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 3499.794486][T14133] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 3499.804053][T14133] BTRFS info (device loop3): using free space tree [ 3499.961699][T14133] BTRFS info (device loop3): enabling ssd optimizations [ 3499.968795][T14133] BTRFS info (device loop3): auto enabling async discard [ 3500.243423][T14157] loop5: detected capacity change from 0 to 32768 [ 3500.252903][T14157] BTRFS warning: duplicate device /dev/loop5 devid 1 generation 8 scanned by syz.5.12648 (14157) [ 3500.271574][T12763] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 3500.943350][T14177] loop9: detected capacity change from 0 to 512 [ 3500.973355][T14177] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 3501.008177][T14177] ext4 filesystem being mounted at /4/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 3501.191402][T13809] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 3501.341611][T14186] loop5: detected capacity change from 0 to 32768 [ 3501.352356][T14186] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 scanned by syz.5.12659 (14186) [ 3501.384266][T14186] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 3501.394608][T14186] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm [ 3501.403372][T14186] BTRFS info (device loop5): using free space tree [ 3501.446413][T14186] BTRFS info (device loop5): enabling ssd optimizations [ 3501.453721][T14186] BTRFS info (device loop5): auto enabling async discard [ 3501.486449][T14205] loop3: detected capacity change from 0 to 1024 [ 3501.567451][T11188] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 3501.717297][T14205] hfsplus: xattr searching failed [ 3501.827352][T14205] hfsplus: xattr searching failed [ 3501.970952][T14205] hfsplus: xattr searching failed [ 3503.318854][T14230] loop5: detected capacity change from 0 to 32768 [ 3503.332864][T14230] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 scanned by syz.5.12671 (14230) [ 3503.350633][T14230] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 3503.361161][T14230] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm [ 3503.369949][T14230] BTRFS info (device loop5): using free space tree [ 3503.489390][T14230] BTRFS info (device loop5): enabling ssd optimizations [ 3503.496695][T14230] BTRFS info (device loop5): auto enabling async discard [ 3503.672344][T14256] loop9: detected capacity change from 0 to 64 [ 3503.721032][T11188] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 3504.250327][T11345] usb 10-1: new high-speed USB device number 29 using dummy_hcd [ 3504.463024][T11345] usb 10-1: Using ep0 maxpacket: 16 [ 3504.489127][T14268] loop3: detected capacity change from 0 to 32768 [ 3504.491898][T11345] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 3504.507562][T14268] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.12682 (14268) [ 3504.513615][T11345] usb 10-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 3504.540639][T11345] usb 10-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 3504.564896][T11345] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3504.577507][T11345] usb 10-1: config 0 descriptor?? [ 3504.583402][T14268] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 3504.593809][T14268] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 3504.594691][T11345] usbhid 10-1:0.0: couldn't find an input interrupt endpoint [ 3504.602884][T14268] BTRFS info (device loop3): enabling ssd optimizations [ 3504.617322][T14268] BTRFS info (device loop3): using spread ssd allocation scheme [ 3504.625557][T14268] BTRFS info (device loop3): setting nodatacow, compression disabled [ 3504.633779][T14268] BTRFS info (device loop3): not using ssd optimizations [ 3504.640952][T14268] BTRFS info (device loop3): not using spread ssd allocation scheme [ 3504.649644][T14268] BTRFS info (device loop3): max_inline at 0 [ 3504.655781][T14268] BTRFS info (device loop3): using free space tree [ 3504.725137][T14268] BTRFS info (device loop3): auto enabling async discard [ 3504.836530][T30028] usb 10-1: USB disconnect, device number 29 [ 3504.864022][T12763] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 3505.023022][T14267] loop5: detected capacity change from 0 to 32768 [ 3505.234474][T14267] XFS (loop5): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3505.422253][T14267] XFS (loop5): Ending clean mount [ 3505.447481][T14267] XFS (loop5): Quotacheck needed: Please wait. [ 3505.670666][T14267] XFS (loop5): Quotacheck: Done. [ 3505.756388][T14300] loop3: detected capacity change from 0 to 32768 [ 3505.767114][T14300] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.12687 (14300) [ 3505.791994][T14300] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 3505.802413][T14300] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 3505.811180][T14300] BTRFS info (device loop3): using free space tree [ 3505.832037][T11188] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3505.894019][T14300] BTRFS info (device loop3): enabling ssd optimizations [ 3505.913778][T14300] BTRFS info (device loop3): auto enabling async discard [ 3506.194555][T12763] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 3507.443526][T14330] loop5: detected capacity change from 0 to 32768 [ 3507.483300][T14348] IPVS: length: 43 != 24 [ 3507.505741][T14330] BTRFS: device fsid c6b85f58-0c7e-41ca-a553-c8d9f94f6663 devid 1 transid 8 /dev/loop5 scanned by syz.5.12689 (14330) [ 3507.536957][T14330] BTRFS info (device loop5): first mount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 3507.556785][T14330] BTRFS info (device loop5): using blake2b (blake2b-256-generic) checksum algorithm [ 3507.571340][T14330] BTRFS info (device loop5): setting incompat feature flag for COMPRESS_LZO (0x8) [ 3507.595769][T14330] BTRFS info (device loop5): use lzo compression, level 0 [ 3507.609396][T14330] BTRFS info (device loop5): using free space tree [ 3507.667281][T14338] loop3: detected capacity change from 0 to 32768 [ 3507.694034][T14338] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3507.704844][T14330] BTRFS info (device loop5): enabling ssd optimizations [ 3507.712311][T14330] BTRFS info (device loop5): auto enabling async discard [ 3507.747817][T14338] XFS (loop3): Ending clean mount [ 3507.774310][T14338] XFS (loop3): Quotacheck needed: Please wait. [ 3507.801150][T11188] BTRFS info (device loop5): last unmount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 3507.894125][T14338] XFS (loop3): Quotacheck: Done. [ 3508.019054][T12763] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3508.698572][T14381] loop5: detected capacity change from 0 to 32768 [ 3508.711711][T14381] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 scanned by syz.5.12703 (14381) [ 3508.736745][T14381] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 3508.748145][T14381] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 3508.757002][T14381] BTRFS info (device loop5): enabling ssd optimizations [ 3508.764103][T14381] BTRFS info (device loop5): using spread ssd allocation scheme [ 3508.771895][T14381] BTRFS info (device loop5): setting nodatacow, compression disabled [ 3508.780346][T14381] BTRFS info (device loop5): not using ssd optimizations [ 3508.787434][T14381] BTRFS info (device loop5): not using spread ssd allocation scheme [ 3508.795633][T14381] BTRFS info (device loop5): max_inline at 0 [ 3508.801736][T14381] BTRFS info (device loop5): using free space tree [ 3508.847619][T14381] BTRFS info (device loop5): auto enabling async discard [ 3508.981870][T11188] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 3509.775217][T14412] program syz.0.12711 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 3510.094474][T14421] loop9: detected capacity change from 0 to 1024 [ 3510.146418][T14421] EXT4-fs: Ignoring removed orlov option [ 3510.174228][T14421] EXT4-fs: Ignoring removed nomblk_io_submit option [ 3510.273196][T14421] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 3510.374805][ T27] audit: type=1800 audit(1759521813.482:724): pid=14427 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.12716" name="file1" dev="loop9" ino=15 res=0 errno=0 [ 3510.467805][T13809] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 3510.533662][T14416] loop5: detected capacity change from 0 to 32768 [ 3510.597867][T14416] XFS (loop5): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3510.680351][T14416] XFS (loop5): Ending clean mount [ 3510.689184][T14416] XFS (loop5): Quotacheck needed: Please wait. [ 3510.696571][T14411] loop3: detected capacity change from 0 to 32768 [ 3510.704790][T14411] BTRFS: device fsid c6b85f58-0c7e-41ca-a553-c8d9f94f6663 devid 1 transid 8 /dev/loop3 scanned by syz.3.12712 (14411) [ 3510.724414][T14411] BTRFS info (device loop3): first mount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 3510.737316][T14411] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 3510.747348][T14411] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_LZO (0x8) [ 3510.779250][T14411] BTRFS info (device loop3): use lzo compression, level 0 [ 3510.788525][T14411] BTRFS info (device loop3): using free space tree [ 3510.797919][T14416] XFS (loop5): Quotacheck: Done. [ 3510.844450][T14411] BTRFS info (device loop3): enabling ssd optimizations [ 3510.858222][T11188] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3510.863333][T14411] BTRFS info (device loop3): auto enabling async discard [ 3510.909301][T12763] BTRFS info (device loop3): last unmount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 3511.347921][T14459] loop3: detected capacity change from 0 to 1024 [ 3511.356767][T14459] EXT4-fs: Ignoring removed nobh option [ 3511.362946][T14459] EXT4-fs: Ignoring removed bh option [ 3511.369178][T14459] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 3511.381393][T14459] EXT4-fs (loop3): stripe (8) is not aligned with cluster size (16), stripe is disabled [ 3511.405718][T14459] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 3511.715627][T12763] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 3512.389369][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 3512.400151][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 3512.461383][ C1] vkms_vblank_simulate: vblank timer overrun [ 3513.475617][T14473] loop9: detected capacity change from 0 to 32768 [ 3513.577012][T14473] XFS (loop9): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3513.637942][T14484] loop3: detected capacity change from 0 to 32768 [ 3513.646303][T14484] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.12730 (14484) [ 3513.666753][T14484] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 3513.677109][T14484] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 3513.685924][T14484] BTRFS info (device loop3): using free space tree [ 3513.689353][T14473] XFS (loop9): Ending clean mount [ 3513.716749][T14473] XFS (loop9): Quotacheck needed: Please wait. [ 3513.791992][ C1] vkms_vblank_simulate: vblank timer overrun [ 3513.808995][T14473] XFS (loop9): Quotacheck: Done. [ 3513.824580][T14484] BTRFS info (device loop3): enabling ssd optimizations [ 3513.832651][T14484] BTRFS info (device loop3): auto enabling async discard [ 3513.927246][T13809] XFS (loop9): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3514.042185][T12763] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 3514.060297][ C1] vkms_vblank_simulate: vblank timer overrun [ 3514.313177][ C1] vkms_vblank_simulate: vblank timer overrun [ 3514.413120][ C1] vkms_vblank_simulate: vblank timer overrun [ 3514.443052][ C1] vkms_vblank_simulate: vblank timer overrun [ 3514.478000][ C1] vkms_vblank_simulate: vblank timer overrun [ 3514.509338][ C1] vkms_vblank_simulate: vblank timer overrun [ 3514.561831][ C1] vkms_vblank_simulate: vblank timer overrun [ 3514.576209][T14516] loop9: detected capacity change from 0 to 1024 [ 3514.591734][T14519] UHID_CREATE from different security context by process 782 (syz.0.12735), this is not allowed. [ 3514.610344][T14516] EXT4-fs: Ignoring removed nobh option [ 3514.625936][T14516] EXT4-fs: Ignoring removed bh option [ 3514.684615][T14516] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 3514.723854][T14516] EXT4-fs (loop9): stripe (8) is not aligned with cluster size (16), stripe is disabled [ 3514.807243][T14516] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 3514.889617][T14525] loop5: detected capacity change from 0 to 256 [ 3514.931092][T14525] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xf4000b1f, utbl_chksum : 0xe619d30d) [ 3515.008107][ T27] audit: type=1800 audit(1759521818.122:725): pid=14525 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.12736" name="file1" dev="loop5" ino=1048735 res=0 errno=0 [ 3515.011757][T14520] loop3: detected capacity change from 0 to 40427 [ 3515.062101][ C1] vkms_vblank_simulate: vblank timer overrun [ 3515.068394][T14520] F2FS-fs (loop3): build fault injection attr: rate: 14, type: 0x7ffff [ 3515.076887][T14520] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x77fd1 [ 3515.104330][T14520] F2FS-fs (loop3): invalid crc value [ 3515.111632][T14520] F2FS-fs (loop3): inject kmalloc in f2fs_kmalloc of f2fs_fill_super+0x4552/0x6c20 [ 3515.121169][T14520] F2FS-fs (loop3): Failed to initialize F2FS segment manager (-12) [ 3515.280963][T13809] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 3515.395000][ C1] vkms_vblank_simulate: vblank timer overrun [ 3516.043316][ C1] vkms_vblank_simulate: vblank timer overrun [ 3516.790134][T11349] usb 4-1: new high-speed USB device number 88 using dummy_hcd [ 3516.868494][T14561] loop5: detected capacity change from 0 to 1024 [ 3516.879092][T14561] EXT4-fs: Ignoring removed nobh option [ 3516.889037][T14561] EXT4-fs: Ignoring removed bh option [ 3516.898449][T14561] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 3516.916663][T14561] EXT4-fs (loop5): stripe (8) is not aligned with cluster size (16), stripe is disabled [ 3516.944742][T14561] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 3517.173400][T11188] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 3517.360101][T11349] usb 4-1: Using ep0 maxpacket: 16 [ 3517.391226][T11349] usb 4-1: config 0 has no interfaces? [ 3517.398218][T11349] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 3517.407443][T11349] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 3517.417760][T11349] usb 4-1: Manufacturer: syz [ 3517.426301][T11349] usb 4-1: config 0 descriptor?? [ 3517.659903][T14553] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 3517.667416][T14577] loop5: detected capacity change from 0 to 256 [ 3517.685755][T14553] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 3517.722116][T14577] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x10e00a98, utbl_chksum : 0xe619d30d) [ 3517.740548][T11349] usb 4-1: USB disconnect, device number 88 [ 3518.502102][T14597] loop9: detected capacity change from 0 to 512 [ 3518.637162][T14597] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 3518.659539][T14597] ext4 filesystem being mounted at /38/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 3518.809946][T14600] loop3: detected capacity change from 0 to 32768 [ 3518.820613][T14600] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.12767 (14600) [ 3518.843386][T14600] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 3518.853932][T14600] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 3518.862693][T14600] BTRFS info (device loop3): enabling auto defrag [ 3518.869170][T14600] BTRFS info (device loop3): use no compression [ 3518.876193][T14600] BTRFS info (device loop3): max_inline at 4096 [ 3518.882776][T14600] BTRFS info (device loop3): using free space tree [ 3518.891437][T13809] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 3519.000670][T14600] BTRFS info (device loop3): enabling ssd optimizations [ 3519.007719][T14600] BTRFS info (device loop3): auto enabling async discard [ 3519.125770][ T27] audit: type=1804 audit(1759521822.242:726): pid=14600 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.12767" name="/newroot/108/bus/file1" dev="loop3" ino=260 res=1 errno=0 [ 3519.314729][T12763] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 3519.567020][ C1] vkms_vblank_simulate: vblank timer overrun [ 3519.711876][ C1] vkms_vblank_simulate: vblank timer overrun [ 3520.045987][T14629] loop9: detected capacity change from 0 to 32768 [ 3520.077389][T14641] loop5: detected capacity change from 0 to 164 [ 3520.157639][T14629] XFS (loop9): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3520.179155][ C1] vkms_vblank_simulate: vblank timer overrun [ 3520.224963][ C1] vkms_vblank_simulate: vblank timer overrun [ 3520.287812][T14629] XFS (loop9): Ending clean mount [ 3520.307755][T14629] XFS (loop9): Quotacheck needed: Please wait. [ 3520.518010][T14629] XFS (loop9): Quotacheck: Done. [ 3520.663421][T13809] XFS (loop9): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3520.708211][T14656] loop3: detected capacity change from 0 to 32768 [ 3520.716711][T14656] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop3 scanned by syz.3.12784 (14656) [ 3520.733732][T14656] BTRFS info (device loop3): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 3520.744731][T14656] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 3520.754454][T14656] BTRFS info (device loop3): using free space tree [ 3520.792699][T14656] BTRFS info (device loop3): enabling ssd optimizations [ 3520.799748][T14656] BTRFS info (device loop3): auto enabling async discard [ 3520.837913][ T27] audit: type=1800 audit(1759521823.952:727): pid=14656 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.12784" name="file1" dev="loop3" ino=260 res=0 errno=0 [ 3520.858672][ C1] vkms_vblank_simulate: vblank timer overrun [ 3521.304135][T12763] BTRFS info (device loop3): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 3521.323394][T11345] usb 1-1: new high-speed USB device number 103 using dummy_hcd [ 3521.349332][T14679] loop5: detected capacity change from 0 to 40427 [ 3521.569328][T11345] usb 1-1: Using ep0 maxpacket: 32 [ 3521.595283][T11345] usb 1-1: config 0 has an invalid interface number: 85 but max is 0 [ 3521.610708][T11345] usb 1-1: config 0 has no interface number 0 [ 3521.627135][T11345] usb 1-1: config 0 interface 85 has no altsetting 0 [ 3521.671620][T11345] usb 1-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 3521.681075][T11345] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3521.689114][T11345] usb 1-1: Product: syz [ 3521.738100][T11345] usb 1-1: Manufacturer: syz [ 3521.744490][T11345] usb 1-1: SerialNumber: syz [ 3521.752456][T11345] usb 1-1: config 0 descriptor?? [ 3521.782896][T11345] appletouch 1-1:0.85: Could not find int-in endpoint [ 3521.790606][T11345] appletouch: probe of 1-1:0.85 failed with error -5 [ 3521.798236][T11345] usbhid 1-1:0.85: couldn't find an input interrupt endpoint [ 3521.988072][T11345] usb 1-1: USB disconnect, device number 103 [ 3522.603119][T14691] loop5: detected capacity change from 0 to 32768 [ 3522.712436][T14697] loop9: detected capacity change from 0 to 32768 [ 3522.723210][T14697] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop9 scanned by syz.9.12786 (14697) [ 3522.755835][T14697] BTRFS info (device loop9): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 3522.762338][T14691] XFS (loop5): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3522.766974][T14697] BTRFS info (device loop9): using sha256 (sha256-avx2) checksum algorithm [ 3522.783634][T14697] BTRFS info (device loop9): enabling auto defrag [ 3522.790247][T14697] BTRFS info (device loop9): use no compression [ 3522.796617][T14697] BTRFS info (device loop9): max_inline at 4096 [ 3522.803070][T14697] BTRFS info (device loop9): using free space tree [ 3522.885927][T14691] XFS (loop5): Ending clean mount [ 3522.950390][T14691] XFS (loop5): Quotacheck needed: Please wait. [ 3523.069413][T14725] loop3: detected capacity change from 0 to 256 [ 3523.114715][T14691] XFS (loop5): Quotacheck: Done. [ 3523.133979][T14697] BTRFS info (device loop9): enabling ssd optimizations [ 3523.141859][T14697] BTRFS info (device loop9): auto enabling async discard [ 3523.170828][T14725] syz.3.12798: attempt to access beyond end of device [ 3523.170828][T14725] loop3: rw=2049, sector=256, nr_sectors = 68 limit=256 [ 3523.223170][ T27] audit: type=1804 audit(1759521826.342:728): pid=14697 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.9.12786" name="/newroot/42/bus/file1" dev="loop9" ino=260 res=1 errno=0 [ 3523.290351][T14728] syz.3.12798: attempt to access beyond end of device [ 3523.290351][T14728] loop3: rw=34817, sector=261, nr_sectors = 32 limit=256 [ 3523.293995][T11188] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3523.332323][T13809] BTRFS info (device loop9): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 3523.717610][T14731] loop5: detected capacity change from 0 to 1024 [ 3524.052776][T14735] loop9: detected capacity change from 0 to 256 [ 3524.134879][T14735] loop9: detected capacity change from 0 to 512 [ 3524.194950][T14735] EXT4-fs error (device loop9): ext4_quota_enable:7127: comm syz.9.12800: Bad quota inum: 1, type: 2 [ 3524.215450][T14735] EXT4-fs warning (device loop9): ext4_enable_quotas:7175: Failed to enable quota tracking (type=2, err=-117, ino=1). Please run e2fsck to fix. [ 3524.242307][T14735] EXT4-fs (loop9): mount failed [ 3525.963312][T14758] loop3: detected capacity change from 0 to 32768 [ 3526.013058][T14758] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3526.063232][T14758] XFS (loop3): Ending clean mount [ 3526.076830][T14758] XFS (loop3): Quotacheck needed: Please wait. [ 3526.184467][T14758] XFS (loop3): Quotacheck: Done. [ 3526.476099][T12763] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3526.557248][T14788] loop5: detected capacity change from 0 to 32768 [ 3526.652313][T14788] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 3526.738051][T14788] XFS (loop5): Ending clean mount [ 3526.747214][T14788] XFS (loop5): Quotacheck needed: Please wait. [ 3526.885874][T14786] loop9: detected capacity change from 0 to 32768 [ 3526.963688][T14788] XFS (loop5): Quotacheck: Done. [ 3527.688554][T11188] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 3528.343644][T14822] loop5: detected capacity change from 0 to 128 [ 3528.366896][T14822] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 3528.416434][T14822] ext4 filesystem being mounted at /252/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 3528.569181][T11188] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 3528.766976][T14816] loop3: detected capacity change from 0 to 32768 [ 3528.817516][T14816] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3528.852440][T14816] XFS (loop3): Ending clean mount [ 3528.868133][T14816] XFS (loop3): Quotacheck needed: Please wait. [ 3529.024732][T14816] XFS (loop3): Quotacheck: Done. [ 3529.027305][T14832] loop9: detected capacity change from 0 to 32768 [ 3529.063933][T14832] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop9 scanned by syz.9.12831 (14832) [ 3529.082297][T14832] BTRFS info (device loop9): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 3529.092896][T14832] BTRFS info (device loop9): using sha256 (sha256-avx2) checksum algorithm [ 3529.101769][T14832] BTRFS info (device loop9): enabling auto defrag [ 3529.108258][T14832] BTRFS info (device loop9): use no compression [ 3529.114713][T14832] BTRFS info (device loop9): max_inline at 4096 [ 3529.121733][T14832] BTRFS info (device loop9): using free space tree [ 3529.161497][T12763] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3529.213317][T14832] BTRFS info (device loop9): enabling ssd optimizations [ 3529.221496][T14832] BTRFS info (device loop9): auto enabling async discard [ 3529.257763][ T27] audit: type=1804 audit(1759521832.372:729): pid=14832 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.9.12831" name="/newroot/49/bus/file1" dev="loop9" ino=260 res=1 errno=0 [ 3529.308472][T13809] BTRFS info (device loop9): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 3530.361427][T14871] loop9: detected capacity change from 0 to 1024 [ 3530.611362][T30028] usb 6-1: new high-speed USB device number 119 using dummy_hcd [ 3530.814311][T30028] usb 6-1: Using ep0 maxpacket: 8 [ 3530.827737][T30028] usb 6-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 3530.850109][T30028] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3530.872077][T30028] usb 6-1: config 0 descriptor?? [ 3530.946988][T14884] loop3: detected capacity change from 0 to 256 [ 3530.967087][T14884] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xb5f78e84, utbl_chksum : 0xe619d30d) [ 3531.089520][T30028] asix 6-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random [ 3531.304986][T30028] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 3531.327781][T30028] asix 6-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 3531.363805][T30028] asix: probe of 6-1:0.0 failed with error -71 [ 3531.396677][T30028] usb 6-1: USB disconnect, device number 119 [ 3531.495546][T14886] loop3: detected capacity change from 0 to 40427 [ 3531.504246][T14886] F2FS-fs (loop3): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 3531.512079][T14886] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 3531.522643][T14886] F2FS-fs (loop3): invalid crc value [ 3531.532858][T14886] F2FS-fs (loop3): Found nat_bits in checkpoint [ 3531.604252][T14886] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 3531.611658][T14886] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 3531.758660][T14894] loop9: detected capacity change from 0 to 256 [ 3531.788733][T14894] exFAT-fs (loop9): failed to load upcase table (idx : 0x00010000, chksum : 0x10e00a98, utbl_chksum : 0xe619d30d) [ 3531.978877][T14899] loop5: detected capacity change from 0 to 1024 [ 3532.011769][T14900] netlink: 32 bytes leftover after parsing attributes in process `syz.0.12849'. [ 3532.187782][T14905] loop9: detected capacity change from 0 to 1024 [ 3532.211875][T14905] EXT4-fs: Ignoring removed nobh option [ 3532.217534][T14905] EXT4-fs: Ignoring removed bh option [ 3532.229187][T14905] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 3532.249062][T14905] EXT4-fs (loop9): stripe (8) is not aligned with cluster size (16), stripe is disabled [ 3532.432717][T14905] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 3532.557582][T14909] loop5: detected capacity change from 0 to 32768 [ 3532.583971][T14909] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 3532.655895][T14909] XFS (loop5): Ending clean mount [ 3532.669578][T14909] XFS (loop5): Quotacheck needed: Please wait. [ 3532.689131][T13809] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 3532.788636][T14909] XFS (loop5): Quotacheck: Done. [ 3532.888782][T11188] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 3532.919521][T14917] loop3: detected capacity change from 0 to 32768 [ 3533.013492][T14917] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3533.222453][ C0] vkms_vblank_simulate: vblank timer overrun [ 3533.274703][T14917] XFS (loop3): Ending clean mount [ 3533.310632][T14917] XFS (loop3): Quotacheck needed: Please wait. [ 3533.565031][T14917] XFS (loop3): Quotacheck: Done. [ 3533.705799][ C0] vkms_vblank_simulate: vblank timer overrun [ 3533.778442][T12763] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3533.860439][T14952] loop5: detected capacity change from 0 to 1024 [ 3533.872200][T14952] EXT4-fs: Ignoring removed nobh option [ 3533.877843][T14952] EXT4-fs: Ignoring removed bh option [ 3533.894225][ C0] vkms_vblank_simulate: vblank timer overrun [ 3533.907688][T14952] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 3533.926030][T14952] EXT4-fs (loop5): stripe (8) is not aligned with cluster size (16), stripe is disabled [ 3533.995433][ C0] vkms_vblank_simulate: vblank timer overrun [ 3534.131595][T14952] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 3534.210511][T14954] loop9: detected capacity change from 0 to 32768 [ 3534.303798][T14954] XFS (loop9): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3534.388155][T14954] XFS (loop9): Ending clean mount [ 3534.448758][T11188] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 3534.467796][T13809] XFS (loop9): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3534.768038][T14970] loop3: detected capacity change from 0 to 32768 [ 3534.777805][T14970] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.12865 (14970) [ 3534.817078][T14970] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 3534.827439][T14970] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 3534.836338][T14970] BTRFS info (device loop3): enabling auto defrag [ 3534.843054][T14970] BTRFS info (device loop3): use no compression [ 3534.850113][T14970] BTRFS info (device loop3): max_inline at 4096 [ 3534.856512][T14970] BTRFS info (device loop3): using free space tree [ 3534.909787][T14970] BTRFS info (device loop3): enabling ssd optimizations [ 3534.916922][T14970] BTRFS info (device loop3): auto enabling async discard [ 3535.030876][T12763] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 3535.245604][ C0] vkms_vblank_simulate: vblank timer overrun [ 3535.376181][ C0] vkms_vblank_simulate: vblank timer overrun [ 3535.462242][T14992] loop9: detected capacity change from 0 to 32768 [ 3535.494319][ C0] vkms_vblank_simulate: vblank timer overrun [ 3535.510190][T14992] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop9 scanned by syz.9.12870 (14992) [ 3535.537349][T14992] BTRFS info (device loop9): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 3535.547755][T14992] BTRFS info (device loop9): using sha256 (sha256-avx2) checksum algorithm [ 3535.556597][T14992] BTRFS info (device loop9): using free space tree [ 3535.787124][T14992] BTRFS info (device loop9): enabling ssd optimizations [ 3535.794525][T14992] BTRFS info (device loop9): auto enabling async discard [ 3535.938565][T13809] BTRFS info (device loop9): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 3536.522381][T15023] loop9: detected capacity change from 0 to 1024 [ 3536.567102][T15023] EXT4-fs: Ignoring removed nobh option [ 3536.589430][T15023] EXT4-fs: Ignoring removed bh option [ 3536.619439][T15023] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 3536.633035][T15017] loop5: detected capacity change from 0 to 32768 [ 3536.653855][T15017] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 scanned by syz.5.12877 (15017) [ 3536.657477][T15023] EXT4-fs (loop9): stripe (8) is not aligned with cluster size (16), stripe is disabled [ 3536.685087][T15017] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 3536.697232][T15017] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm [ 3536.729624][T15017] BTRFS info (device loop5): using free space tree [ 3536.796685][T15023] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 3536.969542][T13809] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 3537.024798][T15017] BTRFS info (device loop5): enabling ssd optimizations [ 3537.037865][T15017] BTRFS info (device loop5): auto enabling async discard [ 3537.193269][T11188] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 3537.217533][T15045] loop3: detected capacity change from 0 to 32768 [ 3537.226304][T15045] BTRFS warning: duplicate device /dev/loop3 devid 1 generation 8 scanned by syz.3.12882 (15045) [ 3537.273861][ C0] vkms_vblank_simulate: vblank timer overrun [ 3537.511861][ C0] vkms_vblank_simulate: vblank timer overrun [ 3537.650101][T11356] usb 10-1: new high-speed USB device number 30 using dummy_hcd [ 3537.811584][T15056] netlink: 52 bytes leftover after parsing attributes in process `syz.0.12887'. [ 3537.886652][T11356] usb 10-1: Using ep0 maxpacket: 16 [ 3537.908411][T11356] usb 10-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 3537.928192][T11356] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 3537.954380][T11356] usb 10-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 3537.997191][T11356] usb 10-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 8 [ 3538.035594][T11356] usb 10-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255 [ 3538.126070][ C0] vkms_vblank_simulate: vblank timer overrun [ 3538.226139][T15058] loop5: detected capacity change from 0 to 40427 [ 3538.280409][T15058] F2FS-fs (loop5): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 3538.288140][T15058] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 3538.299356][T15058] F2FS-fs (loop5): invalid crc value [ 3538.318019][T15058] F2FS-fs (loop5): Found nat_bits in checkpoint [ 3538.381479][T15058] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 3538.388708][T15058] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4 [ 3538.601376][T11356] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 3538.620255][T11356] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 3538.629025][T11356] usb 10-1: SerialNumber: syz [ 3538.642568][T15050] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22 [ 3538.652171][T11356] cdc_acm 10-1:1.0: Control and data interfaces are not separated! [ 3538.681569][T11356] cdc_acm: probe of 10-1:1.0 failed with error -12 [ 3538.874805][T11353] usb 10-1: USB disconnect, device number 30 [ 3539.201523][T15067] loop3: detected capacity change from 0 to 32768 [ 3539.279672][T15067] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3539.331661][T15067] XFS (loop3): Ending clean mount [ 3539.372498][T15067] XFS (loop3): Quotacheck needed: Please wait. [ 3539.514505][T15067] XFS (loop3): Quotacheck: Done. [ 3539.670901][T12763] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3539.951454][T15084] loop9: detected capacity change from 0 to 32768 [ 3539.963121][T15084] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop9 scanned by syz.9.12894 (15084) [ 3539.984443][T15084] BTRFS info (device loop9): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 3539.994932][T15084] BTRFS info (device loop9): using sha256 (sha256-avx2) checksum algorithm [ 3540.003741][T15084] BTRFS info (device loop9): enabling auto defrag [ 3540.010279][T15084] BTRFS info (device loop9): use no compression [ 3540.016641][T15084] BTRFS info (device loop9): max_inline at 4096 [ 3540.023317][T15084] BTRFS info (device loop9): using free space tree [ 3540.135349][T15084] BTRFS info (device loop9): enabling ssd optimizations [ 3540.142653][T15084] BTRFS info (device loop9): auto enabling async discard [ 3540.233900][ T4873] IPVS: stopping master sync thread 7854 ... [ 3540.266801][T13809] BTRFS info (device loop9): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 3540.854988][ T4873] bond0: (slave wlan1): Releasing backup interface [ 3541.190080][T14344] usb 1-1: new high-speed USB device number 104 using dummy_hcd [ 3541.240879][T15114] loop5: detected capacity change from 0 to 1024 [ 3541.271298][T15114] EXT4-fs: Ignoring removed nobh option [ 3541.276939][T15114] EXT4-fs: Ignoring removed bh option [ 3541.296678][T15114] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 3541.329481][T15114] EXT4-fs (loop5): stripe (8) is not aligned with cluster size (16), stripe is disabled [ 3541.349196][ T4873] hsr_slave_0: left promiscuous mode [ 3541.355721][ T4873] hsr_slave_1: left promiscuous mode [ 3541.388107][ T4873] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 3541.407600][ T4873] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 3541.448093][ T4873] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 3541.459810][T15114] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 3541.472692][T14344] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 3541.483846][ T4873] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 3541.491991][T14344] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 3541.503462][T14344] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 3541.519475][T14344] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 3541.536844][ T4873] bridge_slave_1: left allmulticast mode [ 3541.545987][ T4873] bridge_slave_1: left promiscuous mode [ 3541.553561][ T4873] bridge0: port 2(bridge_slave_1) entered disabled state [ 3541.561895][T14344] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 3541.571468][T14344] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 3541.586255][T14344] usb 1-1: Manufacturer: syz [ 3541.593973][ T4873] bridge_slave_0: left allmulticast mode [ 3541.599693][ T4873] bridge_slave_0: left promiscuous mode [ 3541.620262][ T4873] bridge0: port 1(bridge_slave_0) entered disabled state [ 3541.637005][T14344] usb 1-1: config 0 descriptor?? [ 3541.675716][T11188] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 3541.867492][ T4873] veth1_macvtap: left promiscuous mode [ 3541.873338][ T4873] veth0_macvtap: left promiscuous mode [ 3541.879256][ T4873] veth1_vlan: left promiscuous mode [ 3541.884900][ T4873] veth0_vlan: left promiscuous mode [ 3541.924814][T11349] usb 10-1: new high-speed USB device number 31 using dummy_hcd [ 3542.064151][T14344] appleir 0003:05AC:8243.0031: unknown main item tag 0x0 [ 3542.101088][T14344] appleir 0003:05AC:8243.0031: No inputs registered, leaving [ 3542.115488][T14344] appleir 0003:05AC:8243.0031: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 3542.140374][T11349] usb 10-1: Using ep0 maxpacket: 32 [ 3542.148142][T11349] usb 10-1: config 0 has an invalid interface number: 3 but max is 0 [ 3542.159689][T11349] usb 10-1: config 0 has no interface number 0 [ 3542.170218][T11349] usb 10-1: New USB device found, idVendor=0cf2, idProduct=6250, bcdDevice=10.ae [ 3542.179425][T11349] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3542.200066][T11349] usb 10-1: Product: syz [ 3542.204406][T11349] usb 10-1: Manufacturer: syz [ 3542.209141][T11349] usb 10-1: SerialNumber: syz [ 3542.238179][T11349] usb 10-1: config 0 descriptor?? [ 3542.254682][T11349] ums_eneub6250 10-1:0.3: USB Mass Storage device detected [ 3542.443161][T14344] usb 1-1: USB disconnect, device number 104 [ 3542.622593][T15126] loop5: detected capacity change from 0 to 32768 [ 3542.737916][T15126] XFS (loop5): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3542.911436][T15126] XFS (loop5): Ending clean mount [ 3542.961606][T15126] XFS (loop5): Quotacheck needed: Please wait. [ 3543.178245][T15148] loop3: detected capacity change from 0 to 256 [ 3543.214379][T15126] XFS (loop5): Quotacheck: Done. [ 3543.225210][T15148] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x10e00a98, utbl_chksum : 0xe619d30d) [ 3543.383338][T11188] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 3544.365951][T15152] loop3: detected capacity change from 0 to 32768 [ 3544.376478][T15152] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.12911 (15152) [ 3544.432731][ T4873] team0 (unregistering): Port device team_slave_1 removed [ 3544.494628][T15152] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 3544.505731][T15152] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 3544.514494][T15152] BTRFS error (device loop3): unrecognized mount option 'async' [ 3544.523404][T15152] BTRFS error (device loop3): open_ctree failed: -22 [ 3544.811742][ T4873] team0 (unregistering): Port device team_slave_0 removed [ 3545.207323][ T4873] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3545.399020][ T4873] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3546.340618][T11346] usb 6-1: new high-speed USB device number 120 using dummy_hcd [ 3546.611886][T11346] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 3546.649927][T11346] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 3546.666373][T11346] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 3546.676711][T11346] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 3546.692827][T11346] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 3546.710074][T11346] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 3546.721003][T11346] usb 6-1: Manufacturer: syz [ 3546.753131][T11346] usb 6-1: config 0 descriptor?? [ 3547.274700][T11346] appleir 0003:05AC:8243.0032: unknown main item tag 0x0 [ 3547.282874][T11346] appleir 0003:05AC:8243.0032: No inputs registered, leaving [ 3547.297378][T11346] appleir 0003:05AC:8243.0032: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.5-1/input0 [ 3547.362972][ T4873] bond0 (unregistering): Released all slaves [ 3547.523813][T15185] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 3547.570197][T11356] usb 6-1: USB disconnect, device number 120 [ 3548.245020][T15191] loop3: detected capacity change from 0 to 1024 [ 3548.276812][T15191] EXT4-fs: Ignoring removed nobh option [ 3548.290158][T15191] EXT4-fs: Ignoring removed bh option [ 3548.305185][T15191] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 3548.328652][T15193] loop5: detected capacity change from 0 to 1024 [ 3548.373782][T15191] EXT4-fs (loop3): stripe (8) is not aligned with cluster size (16), stripe is disabled [ 3548.423533][T15191] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 3548.537182][T15191] overlayfs: failed to resolve './bus': -2 [ 3548.685798][T12763] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 3548.707017][T14344] usb 10-1: USB disconnect, device number 31 [ 3549.219773][T15203] loop3: detected capacity change from 0 to 32768 [ 3549.230555][T15203] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.12930 (15203) [ 3549.271975][T15203] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 3549.282520][T15203] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 3549.292250][T15203] BTRFS info (device loop3): enabling auto defrag [ 3549.298735][T15203] BTRFS info (device loop3): use no compression [ 3549.305172][T15203] BTRFS info (device loop3): max_inline at 4096 [ 3549.311506][T15203] BTRFS info (device loop3): using free space tree [ 3549.383628][T15203] BTRFS info (device loop3): enabling ssd optimizations [ 3549.391720][T15203] BTRFS info (device loop3): auto enabling async discard [ 3549.619499][T12763] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 3549.688006][T15232] loop9: detected capacity change from 0 to 1024 [ 3549.696327][T15232] EXT4-fs: Ignoring removed nobh option [ 3549.703723][T15232] EXT4-fs: Ignoring removed bh option [ 3549.723156][T15232] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 3549.752200][T15232] EXT4-fs (loop9): stripe (8) is not aligned with cluster size (16), stripe is disabled [ 3549.778267][T15234] loop5: detected capacity change from 0 to 1024 [ 3549.815889][T15232] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 3549.879133][T15232] overlayfs: failed to resolve './bus': -2 [ 3550.053910][T13809] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 3550.170156][T11346] usb 1-1: new high-speed USB device number 105 using dummy_hcd [ 3550.320103][T30028] usb 4-1: new high-speed USB device number 89 using dummy_hcd [ 3550.373074][T11346] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 3550.427288][T11346] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 3550.441684][T11346] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3550.482905][T11346] usb 1-1: config 0 descriptor?? [ 3550.492184][T11346] pwc: Askey VC010 type 2 USB webcam detected. [ 3550.512346][T30028] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 3550.531683][T30028] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 3550.550143][T30028] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 3550.570270][T30028] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 3550.592658][T15243] loop5: detected capacity change from 0 to 32768 [ 3550.601726][T30028] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 3550.602230][T15243] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 scanned by syz.5.12942 (15243) [ 3550.611038][T30028] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 3550.636972][T15243] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 3550.645300][T30028] usb 4-1: Manufacturer: syz [ 3550.656559][T15243] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm [ 3550.661533][T30028] usb 4-1: config 0 descriptor?? [ 3550.671417][T15243] BTRFS info (device loop5): using free space tree [ 3550.725802][T15243] BTRFS info (device loop5): enabling ssd optimizations [ 3550.734255][T15243] BTRFS info (device loop5): auto enabling async discard [ 3550.848992][T11188] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 3550.921293][T11346] pwc: recv_control_msg error -32 req 02 val 2b00 [ 3550.935421][T11346] pwc: recv_control_msg error -32 req 02 val 2700 [ 3550.974572][T11346] pwc: recv_control_msg error -32 req 02 val 2c00 [ 3551.018130][T11346] pwc: recv_control_msg error -32 req 04 val 1000 [ 3551.030692][T11346] pwc: recv_control_msg error -32 req 04 val 1300 [ 3551.038310][T11346] pwc: recv_control_msg error -32 req 04 val 1400 [ 3551.071922][T11346] pwc: recv_control_msg error -32 req 02 val 2000 [ 3551.079415][T11346] pwc: recv_control_msg error -32 req 02 val 2100 [ 3551.112106][T11346] pwc: recv_control_msg error -32 req 04 val 1500 [ 3551.113961][T30028] appleir 0003:05AC:8243.0033: unknown main item tag 0x0 [ 3551.152475][T30028] appleir 0003:05AC:8243.0033: No inputs registered, leaving [ 3551.163491][T30028] appleir 0003:05AC:8243.0033: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 3551.280428][T11353] usb 10-1: new high-speed USB device number 32 using dummy_hcd [ 3551.347447][T11346] pwc: recv_control_msg error -71 req 02 val 2400 [ 3551.358624][T11346] pwc: recv_control_msg error -71 req 02 val 2600 [ 3551.368374][T11346] pwc: recv_control_msg error -71 req 02 val 2900 [ 3551.404231][T15276] loop5: detected capacity change from 0 to 1024 [ 3551.409396][T11346] pwc: recv_control_msg error -71 req 02 val 2800 [ 3551.414592][T15276] EXT4-fs: Ignoring removed nobh option [ 3551.417801][T11346] pwc: recv_control_msg error -71 req 04 val 1100 [ 3551.427071][T15276] EXT4-fs: Ignoring removed bh option [ 3551.440267][T11346] pwc: recv_control_msg error -71 req 04 val 1200 [ 3551.464176][T11353] usb 10-1: Using ep0 maxpacket: 32 [ 3551.468992][T11346] pwc: Registered as video103. [ 3551.476051][T15276] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 3551.476198][T11346] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input59 [ 3551.498695][T11353] usb 10-1: config 0 has an invalid interface number: 225 but max is 0 [ 3551.504380][T11346] usb 1-1: USB disconnect, device number 105 [ 3551.510189][T11353] usb 10-1: config 0 has no interface number 0 [ 3551.516437][T14344] usb 4-1: USB disconnect, device number 89 [ 3551.560179][T15276] EXT4-fs (loop5): stripe (8) is not aligned with cluster size (16), stripe is disabled [ 3551.572679][T11353] usb 10-1: New USB device found, idVendor=0856, idProduct=ac30, bcdDevice=7e.79 [ 3551.582137][T11353] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3551.590441][T11353] usb 10-1: Product: syz [ 3551.594726][T11353] usb 10-1: Manufacturer: syz [ 3551.602460][T11353] usb 10-1: SerialNumber: syz [ 3551.607411][T15276] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 3551.610483][T11353] usb 10-1: config 0 descriptor?? [ 3551.630906][T15276] overlayfs: failed to resolve './bus': -2 [ 3551.673356][T11188] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 3551.768518][T15281] loop5: detected capacity change from 0 to 1024 [ 3551.836143][T11353] mos7840 10-1:0.225: required endpoints missing [ 3551.948800][T15285] loop5: detected capacity change from 0 to 512 [ 3551.981221][T15285] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 3552.041633][T11188] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 3552.056663][T11346] usb 10-1: USB disconnect, device number 32 [ 3552.194007][T15294] loop5: detected capacity change from 0 to 64 [ 3552.294878][T15296] loop3: detected capacity change from 0 to 1024 [ 3552.344823][T15296] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 3552.654087][T11346] usb 4-1: new high-speed USB device number 90 using dummy_hcd [ 3552.725762][T15312] loop9: detected capacity change from 0 to 128 [ 3552.732428][T14344] usb 6-1: new high-speed USB device number 121 using dummy_hcd [ 3552.746997][T15312] EXT4-fs (loop9): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 3552.760422][T15312] ext4 filesystem being mounted at /76/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 3552.807771][T15312] EXT4-fs error (device loop9): htree_dirblock_to_tree:1112: inode #2: block 4: comm syz.9.12966: bad entry in directory: inode out of bounds - offset=1012, inode=128, rec_len=12, size=1024 fake=1 [ 3552.865762][T13809] EXT4-fs (loop9): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 3552.875959][T11346] usb 4-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75 [ 3552.892115][T11346] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3552.925759][T11346] usb 4-1: config 0 descriptor?? [ 3552.958490][T14344] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 3552.989258][T14344] usb 6-1: New USB device found, idVendor=1532, idProduct=010d, bcdDevice= 0.00 [ 3552.998812][T14344] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3553.009706][T14344] usb 6-1: config 0 descriptor?? [ 3553.232209][T15296] ================================================================== [ 3553.240354][T15296] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x94b/0x1e90 [ 3553.248132][T15296] Read of size 18446744073709551588 at addr ffff88802e216040 by task syz.3.12958/15296 [ 3553.257802][T15296] [ 3553.260171][T15296] CPU: 0 PID: 15296 Comm: syz.3.12958 Not tainted syzkaller #0 [ 3553.267752][T15296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 3553.277854][T15296] Call Trace: [ 3553.281164][T15296] [ 3553.284130][T15296] dump_stack_lvl+0x16c/0x230 [ 3553.288862][T15296] ? read_lock_is_recursive+0x20/0x20 [ 3553.294281][T15296] ? show_regs_print_info+0x20/0x20 [ 3553.299538][T15296] ? load_image+0x3b0/0x3b0 [ 3553.304079][T15296] ? _raw_spin_lock_irqsave+0xb4/0xf0 [ 3553.309485][T15296] ? __virt_addr_valid+0x18c/0x540 [ 3553.314638][T15296] ? __virt_addr_valid+0x469/0x540 [ 3553.319793][T15296] print_report+0xac/0x220 [ 3553.324268][T15296] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 3553.329768][T15296] kasan_report+0x117/0x150 [ 3553.334311][T15296] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 3553.339868][T15296] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 3553.345388][T15296] kasan_check_range+0x288/0x290 [ 3553.350376][T15296] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 3553.355883][T15296] __asan_memmove+0x29/0x70 [ 3553.360438][T15296] ext4_xattr_set_entry+0x94b/0x1e90 [ 3553.365780][T15296] ext4_xattr_block_set+0xae3/0x32a0 [ 3553.371113][T15296] ? ext4_destroy_inode+0xe8/0x1b0 [ 3553.376356][T15296] ? ext4_destroy_inode+0x1b0/0x1b0 [ 3553.381602][T15296] ? proc_nr_inodes+0x230/0x230 [ 3553.386495][T15296] ? do_raw_spin_unlock+0x121/0x230 [ 3553.391740][T15296] ? _raw_spin_unlock+0x28/0x40 [ 3553.396629][T15296] ? ext4_xattr_block_find+0x350/0x350 [ 3553.402140][T15296] ? ext4_xattr_ibody_set+0x50d/0x6a0 [ 3553.407564][T15296] ext4_xattr_set_handle+0xbff/0x1290 [ 3553.412989][T15296] ? ext4_xattr_inode_free_quota+0x1b0/0x1b0 [ 3553.419021][T15296] ? __ext4_journal_start_sb+0x259/0x570 [ 3553.424705][T15296] ext4_xattr_set+0x22d/0x320 [ 3553.429433][T15296] ? ext4_xattr_set_credits+0x2f0/0x2f0 [ 3553.435050][T15296] ? evm_protected_xattr_common+0x170/0x190 [ 3553.440998][T15296] ? evm_protect_xattr+0x534/0x7a0 [ 3553.446153][T15296] ? ext4_xattr_security_get+0x40/0x40 [ 3553.451664][T15296] __vfs_setxattr+0x431/0x470 [ 3553.456396][T15296] __vfs_setxattr_noperm+0x12d/0x5e0 [ 3553.461730][T15296] vfs_setxattr+0x16c/0x2f0 [ 3553.466279][T15296] ? xattr_permission+0x470/0x470 [ 3553.471353][T15296] ? __mnt_want_write+0x223/0x2a0 [ 3553.476444][T15296] ? path_setxattr+0x314/0x550 [ 3553.481266][T15296] path_setxattr+0x362/0x550 [ 3553.485914][T15296] ? simple_xattrs_free+0x150/0x150 [ 3553.491192][T15296] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 3553.497228][T15296] ? lock_chain_count+0x20/0x20 [ 3553.502213][T15296] __x64_sys_setxattr+0xbb/0xd0 [ 3553.507112][T15296] do_syscall_64+0x55/0xb0 [ 3553.511572][T15296] ? clear_bhb_loop+0x40/0x90 [ 3553.516300][T15296] ? clear_bhb_loop+0x40/0x90 [ 3553.521028][T15296] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 3553.526963][T15296] RIP: 0033:0x7fbe8a38eec9 [ 3553.531432][T15296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3553.551082][T15296] RSP: 002b:00007fbe8b1ca038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 3553.559544][T15296] RAX: ffffffffffffffda RBX: 00007fbe8a5e5fa0 RCX: 00007fbe8a38eec9 [ 3553.567554][T15296] RDX: 00002000000013c0 RSI: 0000200000000140 RDI: 0000200000000100 [ 3553.575665][T15296] RBP: 00007fbe8a411f91 R08: 0000000000000000 R09: 0000000000000000 [ 3553.583678][T15296] R10: 0000000000000700 R11: 0000000000000246 R12: 0000000000000000 [ 3553.591709][T15296] R13: 00007fbe8a5e6038 R14: 00007fbe8a5e5fa0 R15: 00007ffd648761f8 [ 3553.599749][T15296] [ 3553.602796][T15296] [ 3553.605156][T15296] Allocated by task 15296: [ 3553.609595][T15296] kasan_set_track+0x4e/0x70 [ 3553.614227][T15296] __kasan_kmalloc+0x8f/0xa0 [ 3553.618877][T15296] __kmalloc_node_track_caller+0xb2/0x230 [ 3553.624652][T15296] kmemdup+0x2b/0x70 [ 3553.628585][T15296] ext4_xattr_block_set+0x9e5/0x32a0 [ 3553.633937][T15296] ext4_xattr_set_handle+0xbff/0x1290 [ 3553.639368][T15296] ext4_xattr_set+0x22d/0x320 [ 3553.644096][T15296] __vfs_setxattr+0x431/0x470 [ 3553.648816][T15296] __vfs_setxattr_noperm+0x12d/0x5e0 [ 3553.654148][T15296] vfs_setxattr+0x16c/0x2f0 [ 3553.658688][T15296] path_setxattr+0x362/0x550 [ 3553.663322][T15296] __x64_sys_setxattr+0xbb/0xd0 [ 3553.668213][T15296] do_syscall_64+0x55/0xb0 [ 3553.672678][T15296] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 3553.678613][T15296] [ 3553.680967][T15296] Last potentially related work creation: [ 3553.686708][T15296] kasan_save_stack+0x3e/0x60 [ 3553.691422][T15296] __kasan_record_aux_stack+0xaf/0xc0 [ 3553.696839][T15296] call_rcu+0x158/0x930 [ 3553.701052][T15296] dev_shutdown+0x34f/0x440 [ 3553.705588][T15296] unregister_netdevice_many_notify+0x8d2/0x1810 [ 3553.712000][T15296] unregister_netdevice_queue+0x324/0x360 [ 3553.717763][T15296] nsim_destroy+0x4d/0x180 [ 3553.722226][T15296] __nsim_dev_port_del+0x14d/0x1b0 [ 3553.727460][T15296] nsim_dev_reload_destroy+0x283/0x480 [ 3553.732981][T15296] nsim_drv_remove+0x58/0x160 [ 3553.737699][T15296] device_release_driver_internal+0x468/0x7a0 [ 3553.743800][T15296] bus_remove_device+0x342/0x400 [ 3553.748780][T15296] device_del+0x50b/0x900 [ 3553.753149][T15296] device_unregister+0x20/0xc0 [ 3553.757961][T15296] del_device_store+0x2ab/0x360 [ 3553.762850][T15296] kernfs_fop_write_iter+0x3b6/0x520 [ 3553.768186][T15296] vfs_write+0x43b/0x940 [ 3553.772469][T15296] ksys_write+0x147/0x250 [ 3553.776840][T15296] do_syscall_64+0x55/0xb0 [ 3553.781310][T15296] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 3553.787242][T15296] [ 3553.789588][T15296] Second to last potentially related work creation: [ 3553.796204][T15296] kasan_save_stack+0x3e/0x60 [ 3553.800931][T15296] __kasan_record_aux_stack+0xaf/0xc0 [ 3553.806346][T15296] kvfree_call_rcu+0xee/0x780 [ 3553.811062][T15296] neigh_periodic_work+0x3f7/0xd70 [ 3553.816209][T15296] process_scheduled_works+0xa45/0x15b0 [ 3553.821794][T15296] worker_thread+0xa55/0xfc0 [ 3553.826430][T15296] kthread+0x2fa/0x390 [ 3553.830534][T15296] ret_from_fork+0x48/0x80 [ 3553.834988][T15296] ret_from_fork_asm+0x11/0x20 [ 3553.839794][T15296] [ 3553.842166][T15296] The buggy address belongs to the object at ffff88802e216000 [ 3553.842166][T15296] which belongs to the cache kmalloc-1k of size 1024 [ 3553.856263][T15296] The buggy address is located 64 bytes inside of [ 3553.856263][T15296] 1024-byte region [ffff88802e216000, ffff88802e216400) [ 3553.869588][T15296] [ 3553.871940][T15296] The buggy address belongs to the physical page: [ 3553.878395][T15296] page:ffffea0000b88400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2e210 [ 3553.888583][T15296] head:ffffea0000b88400 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 3553.897555][T15296] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 3553.905582][T15296] page_type: 0xffffffff() [ 3553.909951][T15296] raw: 00fff00000000840 ffff888017841dc0 ffffea0001fb9800 dead000000000002 [ 3553.918571][T15296] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 3553.927186][T15296] page dumped because: kasan: bad access detected [ 3553.933642][T15296] page_owner tracks the page as allocated [ 3553.939386][T15296] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 2952, tgid 2952 (kworker/u4:10), ts 91449794257, free_ts 91397058432 [ 3553.960195][T15296] post_alloc_hook+0x1cd/0x210 [ 3553.965017][T15296] get_page_from_freelist+0x195c/0x19f0 [ 3553.970620][T15296] __alloc_pages+0x1e3/0x460 [ 3553.975259][T15296] alloc_slab_page+0x5d/0x170 [ 3553.979992][T15296] new_slab+0x87/0x2e0 [ 3553.984110][T15296] ___slab_alloc+0xc6d/0x1300 [ 3553.988839][T15296] __kmem_cache_alloc_node+0x1a2/0x260 [ 3553.994353][T15296] __kmalloc+0xa4/0x240 [ 3553.998555][T15296] ieee802_11_parse_elems_full+0xb9/0x2080 [ 3554.004477][T15296] ieee80211_inform_bss+0x107/0x1060 [ 3554.009857][T15296] rdev_inform_bss+0x106/0x410 [ 3554.014747][T15296] cfg80211_inform_bss_frame_data+0xb33/0x12b0 [ 3554.020949][T15296] ieee80211_bss_info_update+0x70b/0x930 [ 3554.026620][T15296] ieee80211_ibss_rx_queued_mgmt+0x17c9/0x2ac0 [ 3554.032971][T15296] ieee80211_iface_work+0x717/0xc70 [ 3554.038236][T15296] cfg80211_wiphy_work+0x225/0x260 [ 3554.043451][T15296] page last free stack trace: [ 3554.048154][T15296] free_unref_page_prepare+0x7ce/0x8e0 [ 3554.053658][T15296] free_unref_page+0x32/0x2e0 [ 3554.058380][T15296] __slab_free+0x35e/0x410 [ 3554.062849][T15296] qlist_free_all+0x75/0xe0 [ 3554.067403][T15296] kasan_quarantine_reduce+0x143/0x160 [ 3554.072943][T15296] __kasan_slab_alloc+0x22/0x80 [ 3554.077839][T15296] slab_post_alloc_hook+0x6e/0x4d0 [ 3554.083001][T15296] __kmem_cache_alloc_node+0x13e/0x260 [ 3554.088505][T15296] kmalloc_trace+0x2a/0xe0 [ 3554.092969][T15296] yama_ptracer_add+0x57/0x4c0 [ 3554.097783][T15296] yama_task_prctl+0x36b/0x510 [ 3554.102677][T15296] security_task_prctl+0x79/0x100 [ 3554.107752][T15296] __se_sys_prctl+0xa4/0x1490 [ 3554.112475][T15296] do_syscall_64+0x55/0xb0 [ 3554.116932][T15296] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 3554.122881][T15296] [ 3554.125237][T15296] Memory state around the buggy address: [ 3554.130906][T15296] ffff88802e215f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3554.138996][T15296] ffff88802e215f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3554.147097][T15296] >ffff88802e216000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3554.155194][T15296] ^ [ 3554.161380][T15296] ffff88802e216080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3554.169484][T15296] ffff88802e216100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3554.177574][T15296] ================================================================== [ 3554.185778][ C0] vkms_vblank_simulate: vblank timer overrun [ 3554.245651][T15296] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 3554.252926][T15296] CPU: 0 PID: 15296 Comm: syz.3.12958 Not tainted syzkaller #0 [ 3554.254844][T14344] razer 0003:1532:010D.0034: hidraw0: USB HID v0.00 Device [HID 1532:010d] on usb-dummy_hcd.5-1/input0 [ 3554.271542][T15296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 3554.272070][T15321] loop9: detected capacity change from 0 to 32768 [ 3554.275453][T15321] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop9 scanned by syz.9.12969 (15321) [ 3554.300371][T15296] Call Trace: [ 3554.303675][T15296] [ 3554.306625][T15296] dump_stack_lvl+0x16c/0x230 [ 3554.311340][T15296] ? show_regs_print_info+0x20/0x20 [ 3554.316561][T15296] ? load_image+0x3b0/0x3b0 [ 3554.321088][T15296] panic+0x2c0/0x710 [ 3554.325028][T15296] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 3554.331201][T15296] ? bpf_jit_dump+0xd0/0xd0 [ 3554.335721][T15296] ? _raw_spin_unlock_irqrestore+0xfa/0x110 [ 3554.341643][T15296] ? _raw_spin_unlock+0x40/0x40 [ 3554.346514][T15296] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 3554.352003][T15296] check_panic_on_warn+0x84/0xa0 [ 3554.356960][T15296] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 3554.362442][T15296] end_report+0x6f/0x140 [ 3554.366697][T15296] kasan_report+0x128/0x150 [ 3554.371215][T15296] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 3554.376697][T15296] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 3554.382181][T15296] kasan_check_range+0x288/0x290 [ 3554.387162][T15296] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 3554.392661][T15296] __asan_memmove+0x29/0x70 [ 3554.397192][T15296] ext4_xattr_set_entry+0x94b/0x1e90 [ 3554.402534][T15296] ext4_xattr_block_set+0xae3/0x32a0 [ 3554.407860][T15296] ? ext4_destroy_inode+0xe8/0x1b0 [ 3554.413011][T15296] ? ext4_destroy_inode+0x1b0/0x1b0 [ 3554.418228][T15296] ? proc_nr_inodes+0x230/0x230 [ 3554.423092][T15296] ? do_raw_spin_unlock+0x121/0x230 [ 3554.428311][T15296] ? _raw_spin_unlock+0x28/0x40 [ 3554.433178][T15296] ? ext4_xattr_block_find+0x350/0x350 [ 3554.438657][T15296] ? ext4_xattr_ibody_set+0x50d/0x6a0 [ 3554.444049][T15296] ext4_xattr_set_handle+0xbff/0x1290 [ 3554.449448][T15296] ? ext4_xattr_inode_free_quota+0x1b0/0x1b0 [ 3554.455451][T15296] ? __ext4_journal_start_sb+0x259/0x570 [ 3554.461103][T15296] ext4_xattr_set+0x22d/0x320 [ 3554.465806][T15296] ? ext4_xattr_set_credits+0x2f0/0x2f0 [ 3554.471368][T15296] ? evm_protected_xattr_common+0x170/0x190 [ 3554.477284][T15296] ? evm_protect_xattr+0x534/0x7a0 [ 3554.482416][T15296] ? ext4_xattr_security_get+0x40/0x40 [ 3554.487896][T15296] __vfs_setxattr+0x431/0x470 [ 3554.492595][T15296] __vfs_setxattr_noperm+0x12d/0x5e0 [ 3554.497899][T15296] vfs_setxattr+0x16c/0x2f0 [ 3554.502423][T15296] ? xattr_permission+0x470/0x470 [ 3554.507460][T15296] ? __mnt_want_write+0x223/0x2a0 [ 3554.512504][T15296] ? path_setxattr+0x314/0x550 [ 3554.517295][T15296] path_setxattr+0x362/0x550 [ 3554.521915][T15296] ? simple_xattrs_free+0x150/0x150 [ 3554.527170][T15296] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 3554.533190][T15296] ? lock_chain_count+0x20/0x20 [ 3554.538055][T15296] __x64_sys_setxattr+0xbb/0xd0 [ 3554.542930][T15296] do_syscall_64+0x55/0xb0 [ 3554.547399][T15296] ? clear_bhb_loop+0x40/0x90 [ 3554.552092][T15296] ? clear_bhb_loop+0x40/0x90 [ 3554.556790][T15296] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 3554.562694][T15296] RIP: 0033:0x7fbe8a38eec9 [ 3554.567119][T15296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3554.587003][T15296] RSP: 002b:00007fbe8b1ca038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 3554.595429][T15296] RAX: ffffffffffffffda RBX: 00007fbe8a5e5fa0 RCX: 00007fbe8a38eec9 [ 3554.603411][T15296] RDX: 00002000000013c0 RSI: 0000200000000140 RDI: 0000200000000100 [ 3554.611430][T15296] RBP: 00007fbe8a411f91 R08: 0000000000000000 R09: 0000000000000000 [ 3554.619421][T15296] R10: 0000000000000700 R11: 0000000000000246 R12: 0000000000000000 [ 3554.627505][T15296] R13: 00007fbe8a5e6038 R14: 00007fbe8a5e5fa0 R15: 00007ffd648761f8 [ 3554.635499][T15296] [ 3554.638782][T15296] Kernel Offset: disabled [ 3554.643139][T15296] Rebooting in 86400 seconds..