last executing test programs:

4m3.061981492s ago: executing program 32 (id=74):
socket$packet(0x11, 0xa, 0x300)
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'syz_tun\x00', <r1=>0x0})
bind$packet(r0, &(0x7f0000000300)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @remote}, 0x14)
syz_emit_ethernet(0x22, &(0x7f00000000c0)=ANY=[], 0x0)

3m56.539240327s ago: executing program 33 (id=116):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000080)=0x20)
r1 = dup(r0)
ftruncate(r1, 0x0)

3m27.978812101s ago: executing program 3 (id=303):
openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x20241, 0x0)
r0 = syz_io_uring_setup(0x50b, &(0x7f0000000140)={0x0, 0x85885, 0x0, 0x0, 0x1}, &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0)

3m27.718985033s ago: executing program 3 (id=305):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x1b, &(0x7f0000000040)=0x2, 0x4)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0xfff)
syz_emit_ethernet(0x4a, &(0x7f00000004c0)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0180f2", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)

3m27.438656253s ago: executing program 3 (id=310):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x7, 0xfa00, {0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r1, 0x0, 0x0, 0x30, 0x0, @in={0x2, 0x4e24, @loopback}, @ib={0x1b, 0x0, 0x8, {"7d0300"}, 0x80000000, 0x0, 0x6}}}, 0x118)
write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000000180)={0x7, 0x8, 0xfa00, {r1, 0xfffffff4}}, 0x10)
close(r0)

3m27.197054683s ago: executing program 3 (id=312):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1be)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000080)='./file0/file0\x00', &(0x7f00000001c0)='./file0/file0\x00', 0x0, 0x31001, 0x0)
mount$bind(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2285080, 0x0)

3m26.834926282s ago: executing program 3 (id=316):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_DEL_KEY(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x28, r0, 0x1, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY={0xc, 0x50, 0x0, 0x1, [@NL80211_KEY_TYPE={0x8, 0x7, 0x2}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x22004804}, 0x4014)

3m26.396373429s ago: executing program 3 (id=322):
userfaultfd(0x801)
r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdfff7c}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r0, 0x75fa, 0xe475, 0x0, 0x0, 0x0)

3m25.816492856s ago: executing program 34 (id=322):
userfaultfd(0x801)
r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdfff7c}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r0, 0x75fa, 0xe475, 0x0, 0x0, 0x0)

3m6.598997988s ago: executing program 7 (id=459):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, 0x0, 0x0)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10)
setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f00000000c0)={r1, 0x5}, 0x8)

3m6.460759123s ago: executing program 7 (id=461):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x2)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x4e23, 0x10000, @remote, 0x7ff}}, 0x0, 0x0, 0x49, 0x0, "ec35492d39efb71c424b2a8a0f3029a26660f9f279fe406e93916f7c10035ae92b388c323f79635fd736790eef5656638864b80f6b1fcd68699949ed7d77c3a646ad3e6f16a71985261c293550903812"}, 0xd8)
syz_emit_ethernet(0x9e, &(0x7f00000007c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x68, 0x6, 0xff, @remote, @mcast2, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x1a, 0x2, 0x0, 0x0, 0x4, {[@exp_fastopen={0xfe, 0x14, 0xf989, "ea22d50f4b0c20627762ee0f6091b5d7"}, @fastopen={0x22, 0x8, "b51d1cfca549"}, @sack={0x5, 0x22, [0x5, 0x6, 0x6398, 0xe7, 0x7a, 0xffffffff, 0x3, 0x8150]}, @mss={0x2, 0x4, 0xd86}, @exp_smc={0xfe, 0x6}, @window={0x3, 0x3, 0x10}, @exp_fastopen={0xfe, 0x6, 0xf989, 'u$'}]}}}}}}}}, 0x0)

3m6.012397225s ago: executing program 7 (id=465):
r0 = add_key$keyring(&(0x7f0000001080), &(0x7f00000010c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$user(&(0x7f0000000000), &(0x7f0000000240)={'syz', 0x0}, &(0x7f0000000300)="1f", 0x1, r0)
pipe2$watch_queue(&(0x7f0000001100)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r0, r2, 0xc2)
keyctl$unlink(0x9, r1, r0)

3m5.748159675s ago: executing program 7 (id=468):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f00000000c0)={[{@noinit_itable}, {@dax_inode}, {@nolazytime}, {@abort}, {@dax_inode}, {@lazytime}, {@noload}, {}, {@noauto_da_alloc}]}, 0xfe, 0x558, &(0x7f0000000c00)="$eJzs3U1rG0cfAPD/ynbenOeJAyG0PRRDDk1JI8d2X1LoIT2WNjTQ3lNhb0ywHAVLDrEbaHJoLr2UUCilgdIP0HuPoV+gnyLQBkIJpj30orLyylFsyZZtpVaq3w82mdldaXY0+x/PaCQUwMAaz/4pRLwcEV8nEcdajg1HfnB87bzVJ7dmsi2Jev2TP5JI8n3N85P8/9E881JE/PJlxJnC5nKryyvzpXI5XczzE7WF6xPV5ZWzVxdKc+lcem1qevr8W9NT777zds/q+vqlv777+MEH5786tfrtT4+O30viQhzNj7XWYw9ut2bGYzx/TUbiwoYTJ3tQWD9J9vsC2JWhPM5HIusDjsVQHvXAf98XEVEHBlQi/mFANccBzbl9j+bBL4zH769NgDbXf3jtvZE41JgbHVlNnpkZZfPdsR6Un5Xx8+/372Vb9O59CIBt3b4TEeeGhzf3f0ne/+3euS7O2VjGDvu/+g4vCWjxIBv/vNFu/FNYH/9Em/HPaJvY3Y3t47/wqAfFdJSN/95rO/5dX7QaG8pz/2uM+UaSK1fLada3/T8iTsfIwSy/1XrO+dWHHfup1vFftmXlN8eC+XU8Gj747GNmS7XSXurc6vGdiFfajn+T9fZP2rR/9npc6rKMk+n9Vzsd277+z1f9x4jX2rb/0xWtZOv1yYnG/TDRvCs2+/PuyV87lb/f9c/a/8jW9R9LWtdrqzsv44dDf6edju32/j+QfNpIH8j33SzVaouTEQeSjzbvn3r62Ga+eX5W/9Ontu7/2t3/hyPisy7rf/fE3Y6n9kP7z+6o/XeeePjh5993Kr+79n+zkTqd7+mm/+v2Avfy2gEAAAAAAEC/KUTE0UgKxfV0oVAsrn2+40QcKZQr1dqZK5Wla7PR+K7sWIwUmivdoy2fh5jMPw/bzE9tyE9HxPGI+GbocCNfnKmUZ/e78gAAAAAAAAAAAAAAAAAAANAnRjt8/z/z29B+Xx3w3PnJbxhc28Z/L37pCehL/v7D4BL/MLjEPwwu8Q+DS/zD4BL/MLjEPwwu8Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9denixWyrrz65NZPlZ28sL81XbpydTavzxYWlmeJMZfF6ca5SmSunxZnKwnbPV65Urk9OxdLNiVparU1Ul1cuL1SWrtUuX10ozaWX05F/pVYAAAAAAAAAAAAAAAAAAADwYqkur8yXyuV0UUJiV4nh/rgMibVEM7D3/IT72y8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQKt/AgAA//+jgjYy")
mount$overlay(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}], [], 0x2c})
chdir(&(0x7f0000000080)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000200)={0xf8})

3m4.953074375s ago: executing program 7 (id=476):
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'veth0_virt_wifi\x00'}}, 0x1e)
r1 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r1, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'dummy0\x00'}}, 0x1e)
connect$pppoe(r0, &(0x7f00000001c0)={0x18, 0x0, {0x0, @multicast, 'dvmrp1\x00'}}, 0x1e)

3m4.192415634s ago: executing program 7 (id=481):
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x3c00, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r1=>0x0, &(0x7f00000000c0)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0)

3m4.183185796s ago: executing program 4 (id=482):
r0 = add_key$keyring(&(0x7f0000001080), &(0x7f00000010c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$user(&(0x7f0000000000), &(0x7f0000000240)={'syz', 0x0}, &(0x7f0000000300)="1f", 0x1, r0)
pipe2$watch_queue(&(0x7f0000001100)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r0, r2, 0xc2)
keyctl$unlink(0x9, r1, r0)

3m3.629089854s ago: executing program 35 (id=481):
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x3c00, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r1=>0x0, &(0x7f00000000c0)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0)

3m3.588134669s ago: executing program 4 (id=498):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x0)
accept4(r1, 0x0, 0x0, 0x800)

3m3.296976928s ago: executing program 4 (id=488):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='lp\x00', 0x3)
shutdown(r0, 0x2)

3m2.878677965s ago: executing program 4 (id=489):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f00000000c0)={[{@noinit_itable}, {@dax_inode}, {@nolazytime}, {@abort}, {@dax_inode}, {@lazytime}, {@noload}, {}, {@noauto_da_alloc}]}, 0xfe, 0x558, &(0x7f0000000c00)="$eJzs3U1rG0cfAPD/ynbenOeJAyG0PRRDDk1JI8d2X1LoIT2WNjTQ3lNhb0ywHAVLDrEbaHJoLr2UUCilgdIP0HuPoV+gnyLQBkIJpj30orLyylFsyZZtpVaq3w82mdldaXY0+x/PaCQUwMAaz/4pRLwcEV8nEcdajg1HfnB87bzVJ7dmsi2Jev2TP5JI8n3N85P8/9E881JE/PJlxJnC5nKryyvzpXI5XczzE7WF6xPV5ZWzVxdKc+lcem1qevr8W9NT777zds/q+vqlv777+MEH5786tfrtT4+O30viQhzNj7XWYw9ut2bGYzx/TUbiwoYTJ3tQWD9J9vsC2JWhPM5HIusDjsVQHvXAf98XEVEHBlQi/mFANccBzbl9j+bBL4zH769NgDbXf3jtvZE41JgbHVlNnpkZZfPdsR6Un5Xx8+/372Vb9O59CIBt3b4TEeeGhzf3f0ne/+3euS7O2VjGDvu/+g4vCWjxIBv/vNFu/FNYH/9Em/HPaJvY3Y3t47/wqAfFdJSN/95rO/5dX7QaG8pz/2uM+UaSK1fLada3/T8iTsfIwSy/1XrO+dWHHfup1vFftmXlN8eC+XU8Gj747GNmS7XSXurc6vGdiFfajn+T9fZP2rR/9npc6rKMk+n9Vzsd277+z1f9x4jX2rb/0xWtZOv1yYnG/TDRvCs2+/PuyV87lb/f9c/a/8jW9R9LWtdrqzsv44dDf6edju32/j+QfNpIH8j33SzVaouTEQeSjzbvn3r62Ga+eX5W/9Ontu7/2t3/hyPisy7rf/fE3Y6n9kP7z+6o/XeeePjh5993Kr+79n+zkTqd7+mm/+v2Avfy2gEAAAAAAEC/KUTE0UgKxfV0oVAsrn2+40QcKZQr1dqZK5Wla7PR+K7sWIwUmivdoy2fh5jMPw/bzE9tyE9HxPGI+GbocCNfnKmUZ/e78gAAAAAAAAAAAAAAAAAAANAnRjt8/z/z29B+Xx3w3PnJbxhc28Z/L37pCehL/v7D4BL/MLjEPwwu8Q+DS/zD4BL/MLjEPwwu8Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9denixWyrrz65NZPlZ28sL81XbpydTavzxYWlmeJMZfF6ca5SmSunxZnKwnbPV65Urk9OxdLNiVparU1Ul1cuL1SWrtUuX10ozaWX05F/pVYAAAAAAAAAAAAAAAAAAADwYqkur8yXyuV0UUJiV4nh/rgMibVEM7D3/IT72y8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQKt/AgAA//+jgjYy")
mount$overlay(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}], [], 0x2c})
chdir(&(0x7f0000000080)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000200)={0xf8})

3m2.266871476s ago: executing program 4 (id=493):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x3, 0x403, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x10000000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xedc0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa0000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0xfffffffc, 0x0, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x351e, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x25d], [0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x804, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x4, 0x0, 0x0, 0x0, 0x100000]}, 0x45c)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5)
ioctl$UI_DEV_CREATE(r0, 0x5501)
write$uinput_user_dev(r0, &(0x7f0000000500)={'syz1\x00', {0x96, 0x5, 0x2, 0x80}, 0x4f, [0x7ff, 0xe6, 0x8, 0x3, 0x2, 0x10001, 0x4, 0xcb27, 0x5, 0x7, 0x3, 0x6, 0x1, 0x4, 0x5, 0x9a, 0x9, 0x8000, 0xfffffff7, 0xf0, 0x7, 0x1ec8558d, 0x7fff, 0x1000, 0xff, 0x6, 0x5, 0xf, 0x8001, 0x0, 0x9, 0x8, 0x400, 0x8, 0x5, 0xed, 0x1, 0xab3, 0x7, 0x8, 0xfffffffc, 0x9, 0x0, 0x10000, 0x52, 0x8, 0x94, 0x5, 0x7, 0x0, 0x1, 0x43a, 0x10001, 0x6, 0x148c, 0x10001, 0x1, 0x4, 0x2, 0x80000005, 0x8, 0xfffffffd, 0xb0b1, 0x1], [0x4, 0x101, 0x7, 0x3, 0xc, 0x1, 0xfa, 0x6, 0x2, 0x8, 0x5, 0x5, 0x8, 0x81, 0x7, 0x5, 0x6, 0x1, 0x7, 0x2, 0x6, 0x1ff, 0x7fffffff, 0x224e74fb, 0x7, 0x51, 0x2, 0x4, 0x6, 0x3, 0x4, 0x800, 0xfe3, 0x8, 0x31, 0x40, 0x0, 0x2, 0x3, 0x4, 0x9, 0x0, 0x7e679d15, 0x7c5b, 0x9, 0xffffff01, 0xa, 0x8, 0x4, 0x4, 0x5, 0x80, 0xff, 0x1, 0x8, 0xd, 0x7, 0x4, 0x0, 0x8, 0xdd8, 0x7, 0x1000, 0xf3], [0x4, 0x5, 0x21749cb9, 0x8, 0x2, 0x6, 0x9, 0x8, 0x2173, 0x4, 0x7, 0x0, 0x80000000, 0x5, 0x5, 0x610, 0x10, 0x80000001, 0x3, 0x7fffffff, 0x1, 0x8000, 0x6, 0xa5d, 0x8001, 0x8, 0x2, 0x7ff, 0x9, 0xf, 0x7f, 0x9, 0x3, 0xa, 0x90000000, 0x7, 0xfffffffd, 0x2, 0x8, 0x7fff, 0x4, 0xb, 0x0, 0x1a7, 0x60000000, 0x441d, 0x6, 0x6, 0x0, 0x1, 0x0, 0xffffffff, 0x0, 0x8, 0x8, 0x0, 0x13, 0x1, 0x6, 0x3fe, 0xf9, 0xbc6b, 0xe, 0x5], [0x3, 0x10001, 0xc45, 0x1a, 0xbe2, 0x8001, 0x4, 0xffffffff, 0x7, 0x9, 0x7, 0xd874, 0x7, 0x1, 0x8, 0x1, 0x35c7, 0x6e, 0x80, 0x5, 0x3, 0x7fffffff, 0x9, 0x4, 0x5, 0x6, 0x2, 0x10001, 0x9, 0x29, 0x6, 0x1d7, 0x0, 0x1, 0x401, 0x3, 0x6, 0xffffc00d, 0x80, 0x0, 0x1ff, 0x5460, 0x7ff, 0x10, 0x13c3, 0x0, 0x7, 0x72f, 0x1, 0x56, 0x7, 0x1094, 0x4, 0x2, 0x2, 0x6, 0xda, 0x10000, 0x1, 0x100, 0x7ff800, 0x6, 0x6, 0x5]}, 0x45c)

3m0.894898565s ago: executing program 4 (id=504):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITE={0x17, 0xc, 0x4007, @fd=r0, 0x6, 0x0, 0x0, 0xa})
io_uring_enter(r1, 0x627, 0xc1040000, 0x43, 0x0, 0x0)

3m0.463793918s ago: executing program 36 (id=504):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITE={0x17, 0xc, 0x4007, @fd=r0, 0x6, 0x0, 0x0, 0xa})
io_uring_enter(r1, 0x627, 0xc1040000, 0x43, 0x0, 0x0)

2m45.42857813s ago: executing program 0 (id=567):
syz_mount_image$ext4(&(0x7f0000000880)='ext2\x00', &(0x7f0000000000)='./file1\x00', 0x21000e, &(0x7f0000000380), 0xde, 0x529, &(0x7f00000008c0)="$eJzs3c1vHGcZAPBnxrvBaVzsAodSqR+iQUkF2Y1r2loc2iIQt0qgcg+WvbGsrLORd93GVoUc8QcgIQSVOHHigsSNCxLqn4CQKtE7AgRCkMKBAzBoZmdTZ5n1h7ofwf79pHf3nXd253nejXf2nY/MBHBuPRcRr0fEXES8EBGLZXtaljjol/x1H95/Zz0vefObf00iKdsiiuoDl8q3zfefKnX39m+ttdutnXK62du+0+zu7V/b2l7bbG22bq+sLL+8+srqS6vXx9LPvF+vfu2PP/zeT7/+6q+++Pbvbvz56nfypL9azh/0a3yKTy8+KB7r+WfxQC0idsYbbGbmyv7UZ50IAAAnko9SPxURnyvG/4sxV4zmCsNDuvnpZwcAAACMQ/baQvwricgAAACAM+u1iFiIJG2U5wIsRJo2Gv1zeD8Tj6XtTrf3hZud3dsb+byIpainN7farevlObVLUU/y6eWi/tH0i0PTKxHxRET8YPFiMd1Y77Q3Zr3zAwAAAM6JS0Pb//9Y7G//AwAAAGfM0qwTAAAAACZu1PZ/MuU8AAAAgMlx/B8AAADOtG+88UZessH9rzfe2tu91Xnr2kare6uxvbveWO/s3GlsdjqbxTX7to9aVj0i2p3OnS9F7N5t9lrdXrO7t39ju7N7u3djy/0DAQAAYFaeePa9D5KIOPjyxaLkLuQPcyPe4FwBODPS07z4D5PLA5i+UT/zJ3BhnHkA01ebdQLA7BzMOgFg1h661EfFoODwyTsP7TP49eRyAgAAxuvKZ6uP/9fK8/mBs+tUx/+BM+VjHP8H/s85/g/nV/1UI4B7E8wEmJXjbvUx8uIdVcf/K88MzrJjlwUAAEzUQlGeTRvlscCFSNNGI+Lx4r/615ObW+3W9Yj4ZET8drH+iXx6uXhn4vaAAAAAAAAAAAAAAAAAAAAAAAAAAHBCWZZEBgAAAJxpEemfkvL+X1cWLy8M7x+4kPxzMcpber394zd/dHet19tZztv/9qC9927Z/uIs9mAAAADAeVQ7cu5gO32wHQ8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4/Th/XfWB2Wacf/ylYhYqopfi/nieT7qEfHY35OoHXpfEhFzY4h/cC8inqyKn+RpxVKZxXD8NCIuTif+01mWVca/NIb4cJ69l69/Xq/6/qXxXPFc/f2vleXjemj9d+EXh+akD9Z/cyPWf4+fMMZT7/+8OTL+vYinatXrn0H8ZET856sWWPGhfPtb+/v/09hfeGQ/ibhS+fuTPBSr2du+0+zu7V/b2l7bbG22bq+sLL+8+srqS6vXmze32q3ysbKP33/6l/8Zavp31lf0P0bEXzqm/5fzSv1QYzYcpgz2/t37n+5X60OLKOJffb767+/JI+LnfxOfL38H8vlXBvWDfv2wZ372m2cqEyvjb4zo/3H//ldHLXTIC9/87u9P+FIAYAq6e/u31trt1s7EK+9mWTatWCevRHrSFxfDxal+YtOtDEZ3Ewsx/6j0dMqVy49GGqepjGPPFgAA8Kj5aNA/60wAAAAAAAAAAAAAAAAAAADg/OruRTrpy4kNxzyYTVcBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI703wAAAP//4wvZIQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff)
read$FUSE(r0, &(0x7f0000000e00)={0x2020}, 0x2020)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x2000, 0x0)
sendfile(r0, r1, 0x0, 0xfffe82)

2m44.790582883s ago: executing program 0 (id=569):
r0 = userfaultfd(0x801)
r1 = epoll_create(0x400)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000200))
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r2, &(0x7f0000000000)={0x2})

2m44.390793544s ago: executing program 0 (id=574):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x0)
syz_emit_ethernet(0x4a, &(0x7f00000007c0)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\f\n5', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x4e21, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_emit_ethernet(0x56, &(0x7f0000000080)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\f\n5', 0x20, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x8, 0x2, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x4, 0x2}]}}}}}}}}, 0x0)

2m44.004890184s ago: executing program 0 (id=577):
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./bus\x00', 0x1010000, &(0x7f0000000740)={[{@shortname_winnt}, {@shortname_winnt}, {@uni_xlateno}, {@uni_xlateno}, {@utf8no}, {@rodir}, {@utf8no}, {@shortname_win95}, {@numtail}, {@shortname_mixed}, {@uni_xlateno}, {@shortname_winnt}, {@utf8no}, {@fat=@codepage={'codepage', 0x3d, '775'}}, {@iocharset={'iocharset', 0x3d, 'maccyrillic'}}, {@shortname_lower}, {@fat=@dmask={'dmask', 0x3d, 0x9}}]}, 0x1, 0x376, &(0x7f00000003c0)="$eJzs3U1oY1UbAOA3vWnSDnxfuxMFIboTtMzMTje2SAcGu1EJ/izE4HRUkiq0WGwX09aF4lJwqSt3CrpwIS5FUMSdC7cqyKi40NkNOHjk5uYmt03aqYNVis+zSE7fc95zzv0hub0kJ88sRvfSdFy+du1qzMzUor740GJcr8V8ZFHajXGNCTEA4HS4nlL8lgrHTKmd8JQAgBPWf/9/LiJaMV9EXv38qPbJuz8AnHqD//9nj2ozc1jFSycyJQDghI3d/797X3WjHtGIevlnvfKpAADgtHrsyaceXlqJeLTVmolYe32zvdmOB0b1S5fjhejFapyNubgRUVwo5A+1/uOFiyvLZ1ut1k78OB/tiJgaJLaLK4WlrJ/fjHMxF/OD/PxSI/XL2YWPVpbPtfoiYnenP36s1Tbb03FmMP63Z2J1dOFRdtJ/iri4sny+NeigvVbm70Tsje5b5PNfiLn4+tlhNymVn2BcWb5yrpz0KH+z3YxLw71w6B0QAAAAAAAAAAAAAAAAAAAAAAC4JQutofnh+jkpfy5WyllYmFDfXx+nyB+sD7RXrA+UmilS+vWV+9pvZLFvfaCD6/NsWkgQAAAAAAAAAAAAAAAAAAAAhja2GtHp9VbXN7a2u9XCzvrG1lRE5JEXv/zgs9kYbzOx0IgyUi+GaEYMh2gNht3udlJWZqUsYryfLB+8jLz38XDG1TZ517P9rZg4n+bhVb3e/+764e1R5M6s7PmPUZssJm9pVpnGgwd6Xvt/Mc2b76gJhfPVSHN89O9SSpXIa9X0K0+Pdxi1iPpxD1y1MBWHt0l54Yurz9/eHByRzqepcM+9c4/PvPXuz91OLx85+kewsb5xI3U7tbLxX9st+a4uI7UoCrXqmVA/Kn1vf6STffPLE3e8+dXxRk/VyMv5+XygTVZszofVrHJZi63tbj7NAz3PjtKnBw17q9MTTv6bFW7hmN72zifvp/T9T6NILB45xMjU2MtG7e959QEAAAAAAAAAAAAAAAAAAKoq3xUfGHzZd/qorPsfOfmZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMA/Z/T7/5XC3m6UkYXYX7U71nhY+H0nxquaq+sbEY1/ezMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiP+zMAAP//2L5Sug==")
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000040)='./bus\x00', 0x60142, 0x0)
fallocate(r0, 0x11, 0x0, 0x2000)

2m42.957825373s ago: executing program 0 (id=585):
r0 = socket$inet(0x2, 0x3, 0x4)
setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='ip6_vti0\x00', 0x10)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @private=0xa010100}, 0x10)
sendmmsg$inet(r0, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10, 0x0}}], 0x68000, 0xe000)

2m42.524481269s ago: executing program 0 (id=588):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.swap.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x12, r0, 0x0)
ftruncate(r0, 0x3)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x13, &(0x7f0000000200)=0x1, 0x4)

2m41.986412832s ago: executing program 37 (id=588):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.swap.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x12, r0, 0x0)
ftruncate(r0, 0x3)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x13, &(0x7f0000000200)=0x1, 0x4)

8.374976125s ago: executing program 6 (id=1763):
r0 = syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1204c08, &(0x7f0000000200)={[{@acl}, {@clear_cache}, {@nodiscard}, {@skip_balance}, {@noautodefrag}, {@ssd_spread}]}, 0x0, 0x51ab, &(0x7f000000a440)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000c40)={0xa, 0x0, {0x1d8, @struct={0x4, 0x101}, 0x0, 0x0, 0x4, 0x3, 0x0, 0x1, 0x0, @usage=0xc, 0x4000, 0x1000000, [0x0, 0x0, 0x5]}, {0x80000000, @struct={0x7, 0xc}, 0x0, 0x9, 0x0, 0x0, 0x0, 0x8, 0x0, @struct={0x2, 0xe1ba}, 0xd96, 0x20000004, [0x10000, 0x0, 0x5, 0x0, 0x100000000000000, 0x7]}, {0x39cf, @struct={0xbffffd, 0x8001}, 0x0, 0x81d3, 0x8, 0xfffffffffffefffe, 0x1, 0x0, 0x4f1, @usage=0x6, 0x6, 0x4, [0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000, 0x3]}, {0x0, 0xfffffffffffffffb}})

7.100303412s ago: executing program 2 (id=1772):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001840)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01080000000000000000010000000900010073797a300000000040000000030a01080000000000001e00010000000900030073797a320000000014000480080002400000000008000140000000030900010073797a300000000060000000060a010400000000000000000100000008000b40000000000900010073797a300000000038000480340001800c0001007061796c6f61640024000280080001400000000e08000440000000050800024000000002080003400000000b14000000110001"], 0xe8}, 0x1, 0x0, 0x0, 0x4000000}, 0x8090)
r1 = socket$inet6(0xa, 0x3, 0x3c)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1, 0x7}, 0x1c)
sendmmsg$inet(r1, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)

6.929594643s ago: executing program 2 (id=1773):
syz_emit_ethernet(0x82, &(0x7f0000000140)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa3e080045"], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000001c0)=0x8)
r0 = syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1204408, &(0x7f00000003c0)={[{@compress_force}, {@clear_cache}, {@nodatasum}, {@nossd}, {}, {@space_cache_v1}]}, 0x0, 0x51ab, &(0x7f000000a440)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd")
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000b40)={0x6, 0x0, {0xffffffffffffffff, @struct={0x6, 0x5}, 0x0, 0x3, 0x8, 0x8, 0xfffffffffffffffd, 0x1, 0x80, @struct={0x200, 0x8001}, 0x6000000, 0x9, [0x6, 0xc848, 0x9, 0x7, 0x9, 0x7]}, {0x9, @struct={0x7f, 0x8}, 0x0, 0x40, 0x1, 0x6, 0xff, 0xc089, 0x0, @struct={0x5, 0x1}, 0x1000, 0x5, [0xfffffffffffff3f5, 0x7, 0x7ff, 0x198d, 0x4, 0x3]}, {0x8, @struct={0x3, 0x5}, 0x0, 0x4, 0xd, 0x3, 0x2, 0x9, 0x1, @usage=0xe64f, 0x7fffffff, 0x8, [0x7, 0x0, 0x3296d77, 0x3a4f, 0xfffffffffffffff9, 0xb]}, {0x81, 0xffffffffffffffff, 0x7fffffff}})

6.170942352s ago: executing program 2 (id=1777):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x2}}, 0x2, 0x0, 0x0, 0x2}}, 0x2e)

6.052332913s ago: executing program 6 (id=1778):
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x4f3, 0x755, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0xb1, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x101, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xc}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000340)={0x2c, &(0x7f0000000080)={0x0, 0x6, 0x17, {0x17, 0x11, "46ff4490d70a1e0ab42eff40f3c390ebf8df59b578"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_open_dev$hidraw(&(0x7f0000000280), 0x82, 0x2)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x1}, 0x0, &(0x7f0000000240)={0x1f}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)

5.751133542s ago: executing program 2 (id=1779):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000ac0)=ANY=[@ANYBLOB="12010000e4c5ad101d0620c0159c010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000040)={0x44, &(0x7f00000000c0)=ANY=[@ANYRES16=r0, @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)

3.608353301s ago: executing program 8 (id=1786):
r0 = syz_io_uring_setup(0xc17, &(0x7f0000000140)={0x0, 0x3ae7, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xffffbffc, 0x0, 0x4)
r3 = socket(0x2a, 0x2, 0x80053c)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x40010002})
io_uring_enter(r0, 0x47f6, 0x0, 0x2, 0x0, 0x0)

3.345715994s ago: executing program 8 (id=1788):
syz_mount_image$bfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x4, &(0x7f0000000200)=ANY=[@ANYRES16, @ANYRESHEX, @ANYRESHEX=0x0, @ANYRES32=0x0], 0x8, 0xad, &(0x7f0000000040)="$eJzs0btpA0EUBdC7H/xJ7ALcg3tw6twVbOjQkY3BjlSGOlArKmE7ULCpkhHLrkChEAhJcA7MzA3mwYW33q5e8pSUv6SUUu6SPGbKX98/nx/v490kyTJt7jPZv9y4ej4P486fp7x5y+L/4E8//HZ9la4fyuyChQEAgJPVeZ1TdfxQm6Q5VyMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA67ILAAD//1vZIlc=")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
truncate(&(0x7f0000000900)='./file1\x00', 0xbf39)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143041, 0x0)
pwritev2(r0, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0xfdef}], 0x1, 0xe7b, 0x0, 0x0)

3.150867745s ago: executing program 1 (id=1789):
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, &(0x7f0000000280)={0x0, @bt={0xb40, 0xfffffffe, 0x1, 0x2, 0x9, 0x19f2, 0x0, 0x19ef, 0x3, 0x3, 0x2800, 0x2800, 0x40000002, 0xd1, 0x2800, 0x30, {0xb, 0xffffffff}, 0xd0, 0x9}})
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x822b01)
r1 = syz_open_dev$mouse(&(0x7f0000000680), 0x0, 0x0)
read(r1, 0x0, 0x2)
write$char_usb(r0, &(0x7f0000000040)="e2", 0x918)

3.08415122s ago: executing program 2 (id=1790):
syz_mount_image$xfs(&(0x7f0000000100), &(0x7f0000000000)='./file1\x00', 0x1000004, &(0x7f0000000180)={[{@uqnoenforce}]}, 0x1, 0x9895, &(0x7f0000009840)="$eJzs3QXYZHXhsP9nl6UbCwNZGotuDEJBBAEJKSWkJQWUMAARBEQBSUERUKREkBKR7u7u7u7mfy27q+t6g/p/f+8PX+/7vq5n55kzZ85+5/uZc/YZzsPMiossu9DAwCQDwxt5+bcOfenjR2/50kI7HXvdES8uevjiR49YPNbwiyFDR1xONeJy6oGBgUEjtjNo+LLBQ048afDAOAMDg0fd7gTjjj9ogoGBtUZcXWDE5dzDLya8euR6b44WD3TYMAbtOvxr+F86MDAw7rBvnh6YeYVRtzNiXLP8wwOVtuKCiy7yN6u/ug2bvyEjvh/1a6zhXxNeOjAw4SUD/PwY9O4+orf+/kn2Pn+lld/lcfw/0YoLLrrYaP7D9sUxRiybe9g+Pvo+aGz05/nQuW8feQwahAfO/0daccFFlhh4++P8wKpvHLT5m28dNwePNzAwePyBgcETDAwMnnBgYPBEAwODJ363Xer/rHf1yVdVVVXvSgsuNPtCw17vjfbzwDgjf66lnwtXeX2p2wcGBsYcvs7guUa+Fqyqqqqqqqqq/8wWXGj2heH1/yTv9Pr/hFNfmbHX/1VVVVVVVVX/77TYggvNPux1/Giv/yd/p9f/293/woYjfvd/7uH3euPdfRBVVVVVVVVV9Y4t8+W3Xv+PP9rr/6Hv9Pr/ofl3eWDEeiP/u8Hro2xy0Ci/T/DqKMvHGGX9V0ZZPmSU5aOuP9bAwOAhI5a/9rfFg8cbdts/rj94kmHjHrH85VGWz/K3/795yLSjLJ91lOXTj7J8thFjHbZ8hlGWzznK+jP+K3NbVVVVVVVVVVVVVVVVVVX1v9Ubj596xt/e8/2jA6O8f/tf38d9xO8FDDrurKuuetcG+p/RoH/8fYjt3u0x/Z82zHmco4YODGy8/Ls9lHoXerc/r6He3fJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3Fvc/7/r+//P8Xha438f+bnPnT3KSca9b7rj/L9OP+ro37X+m89/z+w/qCBgRG+kwxzXXLBZZabcWBgYKIpdz90joG/3jbPsNvmn2yMEW+QMPxtEKYbwhvebsSnom83YtUR2zjure0v9uYhYwwabRCjNOnJhx223oovzjH65fRv/zgGj/zmfRdvtfDI97IYPNpKb/c8Hbn9kY9ldOcRY59x2Nhn3mKjTWfefOttPrX+Rmusu/a6a28879xzzzPn3HPNO9vM66y/4dqzDP/z7eZs6Ft/TvOvzNnko8/Z4wuOOmejP7a3m7Oh7zxnb21x7L1W22DknI0+tH82Z9O885wNXX/EXzRk6JgDq781N4MGBoZMO+bAVsOuzDr2wMCQ6UasO/mwdT892eCBgT3+9kCHfTf2X5+Dg7Ybts6Kiyy70N8+dv8fP37/bT7PfqzhF0NGTMmQqUZcTj38r5lk4G9PxcFDTjxp8LDH/nfTPMG44w+aYGBgrRFXFxhxOe+IW68Yud7bfM76aAN9621Wdh3+9VePcYd9c8zSE9846nbehuB/ov9f//7/g9c8g/46UYNGfI1YZ7jXgosu9re/661pWGDke8IM+7dlmMn/wcfY/9P+YbxDx3nrTW7fbrzv8L64wx8/PL+mf/Tcof9T74vLx44l3vpz6L9y7Bh452PHGH/79m9L1758itGPHYu//RD/br8YOUdjj7bS2x07Ztx/wW3fOja987FjifVHfNDQ344dgwcGhkwz8tgx7EAy/ZgDewy7MtuwKzOMOXDEsCuzv3Vl3IGzhl2Zac1NNlxr0Ftv2zNiu7MM2+4Ckw1668FfNfOCR4+x95tvTjtiLLOMdmAd8fwYOuq/jwtONnzaRt6XtnvXFsNvm37Edmf9N7Y78r603Xk2G37bDCO2O9to2x3jHbY78r4j94dhq761P8w46O9+8RP230VG238HjTysj3KXkV9jDf+a8NKRnw0F+8u/ddyh/XeSdxjvO3yuFT7fhi3bYcnLT/2f+lwrGu847zzet/sc7rcd7wbjbrXU/8B4B40y3r97nm063/Dnyowjnmdz/hvP35H3Hf04NuZbtw5nmPFfOY4t8A/Hse3HGDza4Efp7X4GWgvWH/795H/d2rxHjjHxyLkfc7Tt/rOfgWZ85+PYJOuPdr9FDh4YRHP+0GOHrTf2P5nzMQf+/mf1kXM+8r7vNOcz/OOcD/qHOZ/nnef8X/25c8Zpht8+xjvM+eCdN19y5JyP9W/O+Qz/7pwvMDAGzfkeBwyft3c6nr7dnI+879/P+ZCBLwwMDEw7Ys6n/1ee57P8zzzPx4P1h39//18XXTzF6buNcowZ9O/M+fT/7pwP/evzfNq3bpt68MBYYw1stcYWW2w26/A/R16dbfiffCx66r7h8/xO/5a+ndHI+77TfjHtv2I09H/G6END/nH9kS86Rl5f/qxjJv3/eyya9t8zGrTIAB+LTrlw+Ly9089FbzfnI+9L/w4OHeX+o7+ue4f3o8THNGzZfvvvc9vITY64W+9H+a/3d0/bkf+Nb/3RD/L131r//d9d/u7yd5e/u/zFvc35/7++//9Dkyz76IgXyWPuOd+6a77b432X+68+/z/C9+/O/6+57nx7DnspOOK2dzw/O3yd/8jzs3MPv5jw6pHrjX5+kAf69udnZ9hrpmUG/nfOz/7/auS++i+8ju/47y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8hf3Nuf/R/6O8tADX79vuxEnQsfcd581X3+3x/su9199/n+E79+d/399zX32HTzw19ve8fz/8HUc5/+XOnDvkwb+g8//j9xXO/9f/6T83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y1/c25z/X2Dk7wHMtdo6u478fYCNZ/3cju/2eN/l/lvP//f5/946/rvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zFjTj/PzDaxzou3fMCg/P//2/3Nv5fyR+z+C+TP2bxXzZ/zOK/XP6YxX/5/DGL/1fzxyz+K+SPWfxXzB+z+K+UP2bxXzl/zOK/Sv6Yxf9r+WMW/6/nj1n8V80fs/ivlj9m8V89f8ziv0b+mMX/G/ljFv8188cs/mvlj1n8184fs/ivkz9m8V83f8ziv17+mMV//fwxi/8388cs/hvkj1n8N8wfs/hvlD9m8d84f8ziv0n+mMV/0/wxi/+38scs/pvlj1n8N88fs/hvkT9m8f92/pjF/zv5Yxb/LfPHLP5b5Y9Z/LfOH7P4b5M/ZvH/bv6Yxf97+WMW/++P7r/i5v+74/oPzeL/g/Z/zOK/bf6YxX+7/DGL//b5Yxb/H+aPWfx3yB+z+P8of8ziv2P+mMV/p/wxi/+P88cs/jvnj1n8d8kfs/jvmj9m8f9J/pjFf7f8MYv/T/PHLP4/yx+z+O+eP2bx3yN/zOK/Z/6Yxf/n+WMW/73yxyz+e+ePWfz3yR+z+O+bP2bx3y9/zOK/f/6Yxf8X+WMW/wPyxyz+B+aPWfx/mT9m8f9V/pjF/6D8MYv/r/PHLP4H549Z/A/JH7P4H5o/ZvH/Tf6Yxf+3+WMW/8Pyxyz+v8sfs/gfnj9m8T8if8zif2T+mMX/qPwxi//R+WMW/9/nj1n8j8kfs/j/IX/M4n9s/pjF/7j8MYv/H/PHLP7H549Z/E/IH7P4n5g/ZvE/KX/M4n9y/pjF/0/5Yxb/U/LHLP5/zh+z+J+aP2bx/0v+mMX/tPwxi//p+WMW/zPyxyz+Z+aPWfzPyh+z+J+dP2bxPyd/zOJ/bv6Yxf+8/DGL//n5Yxb/C/LHLP4X5o9Z/C/KH7P4X5w/ZvG/JH/M4n9p/pjF/7L8MYv/5fljFv8r8scs/lfmj1n8r8ofs/hfnT9m8b8mf8zif23+mMX/uvwxi//1+WMW/xvyxyz+N+aPWfxvyh+z+N+cP2bxvyV/zOJ/a/6Yxf+2/DGL/+35Yxb/O/LHLP535o9Z/O/KH7P4350/ZvG/J3/M4n9v/pjF/778MYv//fljFv8H8scs/g/mj1n8H8ofs/g/nD9m8X8kf8zi/2j+mMX/sfwxi//j+WMW/yfyxyz+T+aPWfyfyh+z+D+dP2bxfyZ/zOL/bP6Yxf+5/DGL//P5Yxb/F/LHLP4v5o9Z/F/KH7P4v5w/ZvF/JX/M4v9q/pjF/7X8MYv/6/ljFv838scs/m/mj0n8Bw3kj1n8B+WPWfwH549Z/MfIH7P4D8kfs/iPmT9m8R8rf8ziP3b+mMV/nPwxi/+4+WMW//Hyxyz+4+ePWfwnyB+z+E+YP2bxnyh/zOI/cf6YxX+S/DGL/6T5Yxb/yfLHLP7vyR+z+L83f8zi/778MYv/+/PHLP4fyB+z+E+eP2bx/2D+mMX/Q/ljFv8P549Z/D+SP2bxnyJ/zOL/0fwxi/+U+WMW/6H5Yxb/qfLHLP5T549Z/KfJH7P4T5s/ZvGfLn/M4j99/pjFf4b8MYv/jPljFv+P5Y9Z/D+eP2bx/0T+mMX/k/ljFv9P5Y9Z/GfKH7P4z5w/ZvGfJX/M4j9r/pjFf7b8MYv/7PljFv858scs/nPmj1n858ofs/jPnT9m8Z8nf8ziP2/+mMV/vvwxi//8+WMW/0/nj1n8P5M/ZvH/bP6Yxf9z+WMW/wXyxyz+C+aPWfwXyh+z+C+cP2bx/3z+mMX/C/ljFv9F8scs/ovmj1n8v5g/ZvFfLH/M4v+l/DGL/+L5Yxb/JfLHLP5fzh+z+C+ZP2bxXyp/zOK/dP6Yxf8r+WMW/2Xyxyz+y+aPWfyXyx+z+C+fP2bx/2r+mMV/hfwxi/+K+WMW/5Xyxyz+K+ePWfxXyR+z+H8tf8zi//X8MYv/qvljFv/V8scs/qvnj1n818gfs/h/I3/M4r9m/pjFf638MYv/2vljFv918scs/uvmj1n818sfs/ivnz9m8f9m/pjFf4P8MYv/hvljFv+N8scs/hvnj1n8N8kfs/hvmj9m8f9W/pjFf7P8MYv/5vljFv8t8scs/t/OH7P4fyd/zOK/Zf6YxX+r/DGL/9b5Yxb/bfLHLP7fzR+z+H8vf8zi//38MYv/D/LHLP7b5o9Z/LfLH7P4b58/ZvH/Yf6YxX+H/DGL/4/yxyz+O+aPWfx3yh+z+P84f8ziv3P+mMV/l/wxi/+u+WMW/5/kj1n8d8sfs/j/NH/M4v+z/DGL/+75Yxb/PfLHLP575o9Z/H+eP2bx3yt/zOK/d/6YxX+f/DGL/775Yxb//fLHLP77549Z/H+RP2bxPyB/zOJ/YP6Yxf+X+WMW/1/lj1n8D8ofs/j/On/M4n9w/pjF/5D8MYv/ofljFv/f5I9Z/H+bP2bxPyx/zOL/u/wxi//h+WMW/yPyxyz+R+aPWfyPyh+z+B+dP2bx/33+mMX/mPwxi/8f8scs/sfmj1n8j8sfs/j/MX/M4n98/pjF/4T8MYv/ifljFv+T8scs/ifnj1n8/5Q/ZvE/JX/M4v/n/DGL/6n5Yxb/v+SPWfxPyx+z+J+eP2bxPyN/zOJ/Zv6Yxf+s/DGL/9n5Yxb/c/LHLP7n5o9Z/M/LH7P4n58/ZvG/IH/M4n9h/pjF/6L8MYv/xfljFv9L8scs/pfmj1n8L8sfs/hfnj9m8b8if8zif2X+mMX/qvwxi//V+WMW/2vyxyz+1+aPWfyvyx+z+F+fP2bxvyF/zOJ/Y/6Yxf+m/DGL/835Yxb/W/LHLP635o9Z/G/LH7P4354/ZvG/4y3/sd+tUf3HZvG/s/0fs/jflT9m8b87f8zif0/+mMX/3vwxi/99+WMW//vzxyz+D+SPWfwfzB+z+D+UP2bxfzh/zOL/SP6Yxf/R/DGL/2P5Yxb/x/PHLP5P5I9Z/J/MH7P4P5U/ZvF/On/M4v9M/pjF/9n8MYv/c/ljFv/n88cs/i/kj1n8X8wfs/i/lD9m8X85f8zi/0r+mMX/1fwxi/9r+WMW/9fzxyz+b+SPWfzfzB+T+L/1bf7/mMV/UP6YxX9w/pjFf4z8MYv/kPwxi/+Y+WMW/7Hyxyz+Y+ePWfzHyR+z+I+bP2bxHy9/zOI/fv6YxX+C/DGL/4T5Yxb/ifLHLP4T549Z/CfJH7P4T5o/ZvGfLH/M4v+e/DGL/3vzxyz+78sfs/i/P3/M4v+B/DGL/+T5Yxb/D+aPWfw/lD9m8f9w/pjF/yP5Yxb/KfLHLP4fzR+z+E+ZP2bxH5o/ZvGfKn/M4j91/pjFf5r8MYv/tPljFv/p8scs/tPnj1n8Z8gfs/jPmD9m8f9Y/pjF/+P5Yxb/T+SPWfw/mT9m8f9U/pjFf6b8MYv/zPljFv9Z8scs/rPmj1n8Z8sfs/jPnj9m8Z8jf8ziP2f+mMV/rvwxi//c+WMW/3nyxyz+8+aPWfznyx+z+M+fP2bx/3T+mMX/M/ljFv/P5o9Z/D+XP2bxXyB/zOK/YP6YxX+h/DGL/8L5Yxb/z+ePWfy/kD9m8V8kf8ziv2j+mMX/i/ljFv/F8scs/l/KH7P4L54/ZvFfIn/M4v/l/DGL/5L5Yxb/pfLHLP5L549Z/L+SP2bxXyZ/zOK/bP6YxX+5/DGL//L5Yxb/r+aPWfxXyB+z+K+YP2bxXyl/zOK/cv6YxX+V/DGL/9fyxyz+X88fs/ivmj9m8V8tf8ziv3r+mMV/jfwxi/838scs/mvmj1n818ofs/ivnT9m8V8nf8ziv27+mMV/vfwxi//6+WMW/2/mj/2d/8Tv9mj+B3ob/w3yxyz7/4b5Yxb/jfLHLP4b549Z/DfJH7P4b5o/ZvH/Vv6YxX+z/DGL/+b5Yxb/LfLHLP7fzh+z+H8nf8ziv2X+mMV/q/wxi//W+WMW/23yxyz+380fs/h/L3/M4v/9/DGL/w/yxyz+2+aPWfy3yx+z+G+fP2bx/2H+mMV/h/wxi/+P8scs/jvmj1n8d8ofs/j/OH/M4r9z/pjFf5f8MYv/rvljFv+f5I9Z/HfLH7P4/zR/zOL/s/wxi//u+WMW/z3yxyz+e+aPWfx/nj9m8d8rf8ziv3f+mMV/n/wxi/+++WMW//3yxyz+++ePWfx/kT9m8T8gf8zif2D+mMX/l/ljFv9f5Y9Z/A/KH7P4/zp/zOJ/cP6Yxf+Q/DGL/6H5Yxb/3+SPWfx/mz9m8T8sf8zi/7v8MYv/4fljFv8j8scs/kfmj1n8j8ofs/gfnT9m8f99/pjF/5j8MYv/H/LHLP7H5o9Z/I/LH7P4/zF/zOJ/fP6Yxf+E/DGL/4n5Yxb/k/LHLP4n549Z/P+UP2bxPyV/zOL/5/wxi/+p+WMW/7/kj1n8T8sfs/ifnj9m8T8jf8zif2b+mMX/rPwxi//Z+WMW/3Pyxyz+5+aPWfzPyx+z+J+fP2bxvyB/zOJ/Yf6Yxf+i/DGL/8X5Yxb/S/LHLP6X5o9Z/C/LH7P4X54/ZvG/In/M4n9l/pjF/6r8MYv/1fljFv9r8scs/tfmj1n8r8sfs/hfnz9m8b8hf8zif2P+mMX/pvwxi//N+WMW/1vyxyz+t+aPWfxvyx+z+N+eP2bxvyN/zOJ/Z/6Yxf+u/DGL/935Yxb/e/LHLP735o9Z/O/LH7P4358/ZvF/IH/M4v9g/pjF/6H8MYv/w/ljFv9H8scs/o/mj1n8H8sfs/g/nj9m8X8if8zi/2T+mMX/qfwxi//T+WMW/2fyxyz+z+aPWfyfyx+z+D+fP2bxfyF/zOL/Yv6Yxf+l/DGL/8v5Yxb/V/LHLP6v5o9Z/F/LH7P4v54/ZvF/I3/M4v9m/pjEf4yB/DGL/6D8MYv/4Pwxi/8Y+WMW/yH5Yxb/MfPHLP5j5Y9Z/MfOH7P4j5M/ZvEfN3/M4j9e/pjFf/z8MYv/BPljFv8J88cs/hPlj1n8J84fs/hPkj9m8Z80f8ziP1n+mMX/PfljFv/35o9Z/N+XP2bxf3/+mMX/A/ljFv/J88cs/h/MH7P4fyh/zOL/4fwxi/9H8scs/lPkj1n8P5o/ZvGfMn/M4j80f8ziP1X+mMV/6vwxi/80+WMW/2nzxyz+0+WPWfynzx+z+M+QP2bxnzF/zOL/sfwxi//H88cs/p/IH7P4fzJ/zOL/qfwxi/9M+WMW/5nzxyz+s+SPWfxnzR+z+M+WP2bxnz1/zOI/R/6YxX/O/DGL/1z5Yxb/ufPHLP7z5I9Z/OfNH7P4z5c/ZvGfP3/M4v/p/DGL/2fyxyz+n80fs/h/Ln/M4r9A/pjFf8H8MYv/QvljFv+F88cs/p/PH7P4fyF/zOK/SP6YxX/R/DGL/xfzxyz+i+WPWfy/lD9m8V88f8ziv0T+mMX/y/ljFv8l88cs/kvlj1n8l84fs/h/5W/+r7w5vHdleP9pWfyXaf/HLP7L5o9Z/JfLH7P4L58/ZvH/av6YxX+F/DGL/4r5Yxb/lfLHLP4r549Z/FfJH7P4fy1/zOL/9fwxi/+q+WMW/9Xyxyz+q+ePWfzXyB+z+H8jf8ziv2b+mMV/rfwxi//a+WMW/3Xyxyz+6+aPWfzXyx+z+K+fP2bx/2b+mMV/g/wxi/+G+WMW/43yxyz+G+ePWfw3yR+z+G+aP2bx/1b+mMV/s/wxi//m+WMW/y3yxyz+384fs/h/J3/M4r9l/pjFf6v8MYv/1vljFv9t8scs/t/NH7P4fy9/zOL//fwxi/8P8scs/tvmj1n8t8sfs/hvnz9m8f9h/pjFf4f8MYv/j/LHLP475o9Z/HfKH7P4/zh/zOK/c/6YxX+X/DGL/675Yxb/n+SPWfx3yx+z+P80f8zi/7P8MYv/7vljFv898scs/nvmj1n8f54/ZvHfK3/M4r93/pjFf5/8MYv/vvljFv/98scs/vvnj1n8f5E/ZvE/IH/M4n9g/pjF/5f5Yxb/X+WPWfwPyh+z+P86f8zif3D+mMX/kPwxi/+h+WMW/9/kj1n8f5s/ZvE/LH/M4v+7/DGL/+H5Yxb/I/LHLP5H5o9Z/I/KH7P4H50/ZvH/ff6Yxf+Y/DGL/x/yxyz+x+aPWfyPyx+z+P8xf8zif3z+mMX/hPwxi/+J+WMW/5Pyxyz+J+ePWfz/lD9m8T8lf8zi/+f8MYv/qfljFv+/5I9Z/E/LH7P4n54/ZvE/I3/M4n9m/pjF/6z8MYv/2fljFv9z8scs/ufmj1n8z8sfs/ifnz9m8b8gf8zif2H+mMX/ovwxi//F+WMW/0vyxyz+l+aPWfwvyx+z+F+eP2bxvyJ/zOJ/Zf6Yxf+q/DGL/9X5Yxb/a/LHLP7X5o9Z/K/LH7P4X58/ZvG/IX/M4n9j/pjF/6b8MYv/zfljFv9b8scs/rfmj1n8b8sfs/jfnj9m8b8jf8zif2f+mMX/rvwxi//d+WMW/3vyxyz+9+aPWfzvyx+z+N+fP2bxfyB/zOL/YP6Yxf+h/DGL/8P5Yxb/R/LHLP6P5o9Z/B/LH7P4P271H/edb7b4P2H1/ydZ/J/MH7P4P5U/ZvF/On/M4v9M/pjF/9n8MYv/c/ljFv/n88cs/i/kj1n8X8wfs/i/lD9m8X85f8zi/0r+mMX/1fwxi/9r+WMW/9fzxyz+b+SPWfzfzB+T+A8ZyB+z+A/KH7P4D84fs/iPkT9m8R+SP2bxHzN/zOI/Vv6YxX/s/DGL/zj5Yxb/cfPHLP7j5Y9Z/MfPH7P4T5A/ZvGfMH/M4j9R/pjFf+L8MYv/JPljFv9J88cs/pPlj1n835M/ZvF/b/6Yxf99+WMW//fnj1n8P5A/ZvGfPH/M4v/B/DGL/4fyxyz+H84fs/h/JH/M4j9F/pjF/6P5Yxb/KfPHLP5D88cs/lPlj1n8p84fs/hPkz9m8Z82f8ziP13+mMV/+vwxi/8M+WMW/xnzxyz+H8sfs/h/PH/M4v+J/DGL/yfzxyz+n8ofs/jPlD9m8Z85f8ziP0v+mMV/1vwxi/9s+WMW/9nzxyz+c+SPWfznzB+z+M+VP2bxnzt/zOI/T/6YxX/e/DGL/3z5Yxb/+fPHLP6fzh+z+H8mf8zi/9n8MYv/5/LHLP4L5I9Z/BfMH7P4L5Q/ZvFfOH/M4v/5/DGL/xfyxyz+i+SPWfwXzR+z+H8xf8ziv1j+mMX/S/ljFv/F88cs/kvkj1n8v5w/ZvFfMn/M4r9U/pjFf+n8MYv/V/LHLP7L5I9Z/JfNH7P4L5c/ZvFfPn/M4v/V/DGL/wr5Yxb/FfPHLP4r5Y9Z/FfOH7P4r5I/ZvH/Wv6Yxf/r+WMW/1Xzxyz+q+WPWfxXzx+z+K+RP2bx/0b+mMV/zfwxi/9a+WMW/7Xzxyz+6+SPWfzXzR+z+K+XP2bxXz9/zOL/zfwxi/8G+WMW/w3zxyz+G+WPWfw3zh+z+G+SP2bx3zR/zOL/rfwxi/9m+WMW/83zxyz+W+SPWfy/nT9m8f9O/pjFf8v8MYv/VvljFv+t88cs/tvkj1n8v5s/ZvH/Xv6Yxf/7+WMW/x/kj1n8t80fs/hvlz9m8d8+f8zi/8P8MYv/DvljFv8f5Y9Z/HfMH7P475Q/ZvH/cf6YxX/n/DGL/y75Yxb/XfPHLP4/yR+z+O+WP2bx/2n+mMX/Z/ljFv/d88cs/nvkj1n898wfs/j/PH/M4r9X/pjFf+/8MYv/PvljFv9988cs/vvlj1n8988fs/j/In/M4n9A/pjF/8D8MYv/L/PHLP6/yh+z+B+UP2bx/3X+mMX/4Pwxi/8h+WMW/0Pzxyz+v8kfs/j/Nn/M4n9Y/pjF/3f5Yxb/w/PHLP5H5I9Z/I/MH7P4H5U/ZvE/On/M4v/7/DGL/zH5Yxb/P+SPWfyPzR+z+B+XP2bx/2P+mMX/+Pwxi/8J+WMW/xPzxyz+J+WPWfxPzh+z+P8pf8zif0r+mMX/z/ljFv9T88cs/n/JH7P4n5Y/ZvE/PX/M4n9G/pjF/8z8MYv/WfljFv+z88cs/ufkj1n8z80fs/iflz9m8T8/f8zif0H+mMX/wvwxi/9F+WMW/4vzxyz+l+SPWfwvzR+z+F+WP2bxvzx/zOJ/Rf6Yxf/K/DGL/1X5Yxb/q/PHLP7X5I9Z/K/NH7P4X5c/ZvG/Pn/M4n9D/pjF/8b8MYv/TfljFv+b88cs/rfkj1n8b80fs/jflj9m8b89f8zif0f+mMX/zvwxi/9d+WMW/7vzxyz+9+SPWfzvzR+z+N+XP2bxvz9/zOL/QP6Yxf/B/DGL/0P5Yxb/h/PHLP6P5I9Z/B/NH7P4P5Y/ZvF/PH/M4v9E/pjF/8n8MYv/U/ljFv+n88cs/s/kj1n8n80fs/g/lz9m8X8+f8zi/0L+mMX/xfwxi/9L+WMW/5fzxyz+r+SPWfxfzR+z+L+WP2bxfz1/zOL/Rv6Yxf/N/DGJ/5gD+WMW/0H5Yxb/wfljFv8x8scs/kPyxyz+Y+aPWfzHyh+z+I+dP2bxHyd/zOI/bv6YxX+8/DGL//j5Yxb/CfLHLP4T5o9Z/CfKH7P4T5w/ZvGfJH/M4j9p/pjFf7L8MYv/e/LHLP7vzR+z+L8vf8zi//78MYv/B/LHLP6T549Z/D+YP2bx/1D+mMX/w/ljFv+P5I9Z/KfIH7P4fzR/zOI/Zf6YxX9o/pjFf6r8MYv/1PljFv9p8scs/tPmj1n8p8sfs/hPnz9m8Z8hf8ziP2P+mMX/Y/ljFv+P549Z/D+RP2bx/2T+mMX/U/ljFv+Z8scs/jPnj1n8Z8kfs/jPmj9m8Z8tf8ziP3v+mMV/jvwxi/+c+WMW/7nyxyz+c+ePWfznyR+z+M+bP2bxny9/zOI/f/6Yxf/T+WMW/8/kj1n8P5s/ZvH/XP6YxX+B/DGL/4L5Yxb/hfLHLP4L549Z/D+fP2bx/0L+mMV/kfwxi/+i+WMW/y/mj1n8F8sfs/h/KX/M4r94/pjFf4n8MYv/l/PHLP5L5o9Z/JfKH7P4L50/ZvH/Sv6YxX+Z/DGL/7L5Yxb/5fLHLP7L549Z/L+aP2bxXyF/zOK/Yv6YxX+l/DGL/8r5Yxb/VfLHLP5fyx+z+H89f8ziv2r+mMV/tfwxi//q+WMW/zXyxyz+38gfs/ivmT9m8V8rf8ziv3b+mMV/nfwxi/+6+WMW//Xyxyz+6+ePWfy/mT9m8d8gf8ziv2H+mMV/o/wxi//G+WMW/03yxyz+m+aPWfy/lT9m8d8sf8ziv3n+mMV/i/wxi/+388cs/t/JH7P4b5k/ZvHfKn/M4r91/pjFf5v8MYv/d/PHLP7fyx+z+H8/f8zi/4P8MYv/tvljFv/t8scs/tvnj1n8f5g/ZvHfIX/M4v+j/DGL/475Yxb/nfLHLP4/zh+z+O+cP2bx3yV/zOK/a/6Yxf8n+WMW/93yxyz+P80fs/j/LH/M4r97/pjFf4/8MYv/nvljFv+f549Z/PfKH7P4750/ZvHfJ3/M4r9v/pjFf7/8MYv//vljFv9f5I9Z/A/IH7P4H5g/ZvH/Zf6Yxf9X+WMW/4Pyxyz+v84fs/gfnD9m8T8kf8zif2j+mMX/N/ljFv/f5o9Z/A/LH7P4/y5/zOJ/eP6Yxf+I/DGL/5H5Yxb/o/LHLP5H549Z/H+fP2bxPyZ/zOL/h/wxi/+x+WMW/+Pyxyz+f8wfs/gfnz9m8T8hf8zif2L+mMX/pPwxi//J+WMW/z/lj1n8T8kfs/j/OX/M4n9q/pjF/y/5Yxb/0/LHLP6n549Z/M/IH7P4n5k/ZvE/K3/M4n92/pjF/5z8MYv/ufljFv/z8scs/ufnj1n8L8gfs/hfmD9m8b8of8zif3H+mMX/kvwxi/+l+WMW/8vyxyz+l+ePWfyvyB+z+F+ZP2bxvyp/zOJ/df6Yxf+a/DGL/7X5Yxb/6/LHLP7X549Z/G/IH7P435g/ZvG/KX/M4n9z/pjF/5b8MYv/rfljFv/b8scs/rfnj1n878gfs/jfmT9m8b8rf8zif3f+mMX/nvwxi/+9+WMW//vyxyz+9+ePWfwfyB+z+D+YP2bxfyh/zOL/cP6Yxf+R/DGL/6P5Yxb/x/LHLP6P549Z/J/IH7P4P5k/ZvF/Kn/M4v90/pjF/5n8MYv/s/ljFv/n8scs/s/nj1n8X8gfs/i/mD9m8X8pf8zi/3L+mMX/lfwxi/+r+WMW/9fyxyz+r+ePWfzfyB+z+L+ZPybxH2sgf8ziPyh/zOI/OH/M4j9G/pjFf0j+mMV/zPwxi/9Y+WMW/7Hzxyz+4+SPWfzHzR+z+I+XP2bxHz9/zOI/Qf6YxX/C/DGL/0T5Yxb/ifPHLP6T5I9Z/CfNH7P4T5Y/ZvF/T/6Yxf+9+WMW//flj1n8358/ZvH/QP6YxX/y/DGL/wfzxyz+H8ofs/h/OH/M4v+R/DGL/xT5Yxb/j+aPWfynzB+z+A/NH7P4T5U/ZvGfOn/M4j9N/pjFf9r8MYv/dPljFv/p88cs/jPkj1n8Z8wfs/h/LH/M4v/x/DGL/yfyxyz+n8wfs/h/Kn/M4j9T/pjFf+b8MYv/LPljFv9Z88cs/rPlj1n8Z88fs/jPkT9m8Z8zf8ziP1f+mMV/7vwxi/88+WMW/3nzxyz+8+WPWfznzx+z+H86f8zi/5n8MYv/Z/PHLP6fyx+z+C+QP2bxXzB/zOK/UP6YxX/h/DGL/+fzxyz+X8gfs/gvkj9m8V80f8zi/8X8MYv/YvljFv8v5Y9Z/BfPH7P4L5E/ZvH/cv6YxX/J/DGL/1L5Yxb/pfPHLP5fyR+z+C+TP2bxXzZ/zOK/XP6YxX/5/DGL/1fzxyz+K+SPWfxXzB+z+K+UP2bxXzl/zOK/Sv6Yxf9r+WMW/6/nj1n8V80fs/ivlj9m8V89f8ziv0b+mMX/G/ljFv8188cs/mvlj1n8184fs/ivkz9m8V83f8ziv17+mMV//fwxi/8388cs/hvkj1n8N8wfs/hvlD9m8d84f8ziv0n+mMV/0/wxi/+38scs/pvlj1n8N88fs/hvkT9m8f92/pjF/zv5Yxb/LfPHLP5b5Y9Z/LfOH7P4b5M/ZvH/bv6Yxf97+WMW/+/nj1n8f5A/ZvHfNn/M4r9d/pjFf/v8MYv/D/PHLP475I9Z/H+UP2bx3zF/zOK/U/6Yxf/H+WMW/53zxyz+u+SPWfx3zR+z+P8kf8ziv1v+mMX/p/ljFv+f5Y9Z/HfPH7P475E/ZvHfM3/M4v/z/DGL/175Yxb/vfPHLP775I9Z/PfNH7P475c/ZvHfP3/M4v+L/DGL/wH5Yxb/A/PHLP6/zB+z+P8qf8zif1D+mMX/1/ljFv+D88cs/ofkj1n8D80fs/j/Jn/M4v/b/DGL/2H5Yxb/3+WPWfwPzx+z+B+RP2bxPzJ/zOJ/VP6Yxf/o/DGL/+/zxyz+x+SPWfz/kD9m8T82f8zif1z+mMX/j/ljFv/j88cs/ifkj1n8T8wfs/iflD9m8T85f8zi/6f8MYv/KfljFv8/549Z/E/NH7P4/yV/zOJ/Wv6Yxf/0/DGL/xn5Yxb/M/PHLP5n5Y9Z/M/OH7P4n5M/ZvE/N3/M4n9e/pjF//z8MYv/BfljFv8L88cs/hflj1n8L84fs/hfkj9m8b80f8zif1n+mMX/8vwxi/8V+WMW/yvzxyz+V+WPWfyvzh+z+F+TP2bxvzZ/zOJ/Xf6Yxf/6/DGL/w35Yxb/G/PHLP435Y9Z/G/OH7P435I/ZvG/NX/M4n9b/pjF//b8MYv/HfljFv8788cs/nflj1n8784fs/jfkz9m8b83f8zif1/+mMX//vwxi/8D+WMW/wfzxyz+D+n8n931X1nL4v+wzv9fy+L/SP6Yxf/R/DGL/2P5Yxb/x/PHLP5P5I9Z/J/MH7P4P5U/ZvF/On/M4v9M/pjF/9n8MYv/c/ljFv/n88cs/i/kj1n8X8wfs/i/lD9m8X85f8zi/0r+mMX/1fwxi/9r+WMW/9fzxyz+b+SPWfzfzB+T+I89kD9m8R+UP2bxH5w/ZvEfI3/M4j8kf8ziP2b+mMV/rPwxi//Y+WMW/3Hyxyz+4+aPWfzHyx+z+I+fP2bxnyB/zOI/Yf6YxX+i/DGL/8T5Yxb/SfLHLP6T5o9Z/CfLH7P4vyd/zOL/3vwxi//78scs/u/PH7P4fyB/zOI/ef6Yxf+D+WMW/w/lj1n8P5w/ZvH/SP6YxX+K/DGL/0fzxyz+U+aPWfyH5o9Z/KfKH7P4T50/ZvGfJn/M4j9t/pjFf7r8MYv/9PljFv8Z8scs/jPmj1n8P5Y/ZvH/eP6Yxf8T+WMW/0/mj1n8P5U/ZvGfKX/M4j9z/pjFf5b8MYv/rPljFv/Z8scs/rPnj1n858gfs/jPmT9m8Z8rf8ziP3f+mMV/nvwxi/+8+WMW//nyxyz+8+ePWfw/nT9m8f9M/pjF/7P5Yxb/z+WPWfwXyB+z+C+YP2bxXyh/zOK/cP6Yxf/z+WMW/y/kj1n8F8kfs/gvmj9m8f9i/pjFf7H8MYv/l/LHLP6L549Z/JfIH7P4fzl/zOK/ZP6YxX+p/DGL/9L5Yxb/r+SPWfyXyR+z+C+bP2bxXy5/zOK/fP6Yxf+r+WMW/xXyxyz+K+aPWfxXyh+z+K+cP2bxXyV/zOL/tfwxi//X88cs/qvmj1n8V8sfs/ivnj9m8V8jf8zi/438MYv/mvljFv+18scs/mvnj1n818kfs/ivmz9m8V8vf8ziv37+mMX/m/ljFv8N8scs/hvmj1n8N8ofs/hvnD9m8d8kf8ziv2n+mMX/W/ljFv/N8scs/pvnj1n8t8gfs/h/O3/M4v+d/DGL/5b5Yxb/rfLHLP5b549Z/LfJH7P4fzd/zOL/vfwxi//388cs/j/IH7P4b5s/ZvHfLn/M4r99/pjF/4f5Yxb/HfLHLP4/yh+z+O+YP2bx3yl/zOL/4/wxi//O+WMW/13yxyz+u+aPWfx/kj9m8d8tf8zi/9P8MYv/z/LHLP67549Z/PfIH7P475k/ZvH/ef6YxX+v/DGL/975Yxb/ffLHLP775o9Z/PfLH7P4758/ZvH/Rf6Yxf+A/DGL/4H5Yxb/X+aPWfx/lT9m8T8of8zi/+v8MYv/wfljFv9D8scs/ofmj1n8f5M/ZvH/bf6Yxf+w/DGL/+/yxyz+h+ePWfyPyB+z+B+ZP2bxPyp/zOJ/dP6Yxf/3+WMW/2Pyxyz+f8gfs/gfmz9m8T8uf8zi/8f8MYv/8fljFv8T8scs/ifmj1n8T8ofs/ifnD9m8f9T/pjF/5T8MYv/n/PHLP6n5o9Z/P+SP2bxPy1/zOJ/ev6Yxf+M/DGL/5n5Yxb/s/LHLP5n549Z/M/JH7P4n5s/ZvE/L3/M4n9+/pjF/4L8MYv/hfljFv+L8scs/hfnj1n8L8kfs/hfmj9m8b8sf8zif3n+mMX/ivwxi/+V+WMW/6vyxyz+V+ePWfyvyR+z+F+bP2bxvy5/zOJ/ff6Yxf+G/DGL/435Yxb/m/LHLP43549Z/G/JH7P435o/ZvG/LX/M4n97/pjF/478MYv/nfljFv+78scs/nfnj1n878kfs/jfmz9m8b8vf8zif3/+mMX/gfwxi/+D+WMW/4fyxyz+D+ePWfwfyR+z+D+aP2bxfyx/zOL/eP6Yxf+J/DGL/5P5Yxb/p/LHLP5P549Z/J/JH7P4P5s/ZvF/Ln/M4v98/pjF/4X8MYv/i/ljFv+X8scs/i/nj1n8X8kfs/i/mj9m8X8tf8zi/3r+mMX/jfwxi/+b+WMS/3EG8scs/oPyxyz+g/PHLP5j5I9Z/Ifkj1n8x8wfs/iPlT9m8R87f8ziP07+mMV/3Pwxi/94+WMW//Hzxyz+E+SPWfwnzB+z+E+UP2bxnzh/zOI/Sf6YxX/S/DGL/2T5Yxb/9+SPWfzfmz9m8X9f/pjF//35Yxb/D+SPWfwnzx+z+H8wf8zi/6H8MYv/h/PHLP4fyR+z+E+RP2bx/2j+mMV/yvwxi//Q/DGL/1T5Yxb/qfPHLP7T5I9Z/KfNH7P4T5c/ZvGfPn/M4j9D/pjFf8b8MYv/x/LHLP4fzx+z+H8if8zi/8n8MYv/p/LHLP4z5Y9Z/GfOH7P4z5I/ZvGfNX/M4j9b/pjFf/b8MYv/HPljFv8588cs/nPlj1n8584fs/jPkz9m8Z83f8ziP1/+mMV//vwxi/+n88cs/p/JH7P4fzZ/zOL/ufwxi/8C+WMW/wXzxyz+C+WPWfwXzh+z+H8+f8zi/4X8MYv/IvljFv9F88cs/l/MH7P4L5Y/ZvH/Uv6YxX/x/DGL/xL5Yxb/L+ePWfyXzB+z+C+VP2bxXzp/zOL/lfwxi/8y+WMW/2Xzxyz+y+WPWfyXzx+z+H81f8ziv0L+mMV/xfwxi/9K+WMW/5Xzxyz+q+SPWfy/lj9m8f96/pjFf9X8MYv/avljFv/V88cs/mvkj1n8v5E/ZvFfM3/M4r9W/pjFf+38MYv/OvljFv9188cs/uvlj1n8188fs/h/M3/M4r9B/pjFf8P8MYv/RvljFv+N88cs/pvkj1n8N80fs/h/K3/M4r9Z/pjFf/P8MYv/FvljFv9v549Z/L+TP2bx3zJ/zOK/Vf6YxX/r/DGL/zb5Yxb/7+aPWfy/lz9m8f9+/pjF/wf5Yxb/bfPHLP7b5Y9Z/LfPH7P4/zB/zOK/Q/6Yxf9H+WMW/x3zxyz+O+WPWfx//M/9t/u/Oq7/0Cz+O7f/Yxb/XfLHLP675o9Z/H+SP2bx3y1/zOL/0/wxi//P8scs/rvnj1n898gfs/jvmT9m8f95/pjFf6/8MYv/3vljFv998scs/vvmj1n898sfs/jvnz9m8f9F/pjF/4D8MYv/gfljFv9f5o9Z/H+VP2bxPyh/zOL/6/wxi//B+WMW/0Pyxyz+h+aPWfx/kz9m8f9t/pjF/7D8MYv/7/LHLP6H549Z/I/IH7P4H5k/ZvE/Kn/M4n90/pjF//f5Yxb/Y/LHLP5/yB+z+B+bP2bxPy5/zOL/x/wxi//x+WMW/xPyxyz+J+aPWfxPyh+z+J+cP2bx/1P+mMX/lPwxi/+f88cs/qfmj1n8/5I/ZvE/LX/M4n96/pjF/4z8MYv/mfljFv+z8scs/mfnj1n8z8kfs/ifmz9m8T8vf8zif37+mMX/gvwxi/+F+WMW/4vyxyz+F+ePWfwvyR+z+F+aP2bxvyx/zOJ/ef6Yxf+K/DGL/5X5Yxb/q/LHLP5X549Z/K/JH7P4X5s/ZvG/Ln/M4n99/pjF/4b8MYv/jfljFv+b8scs/jfnj1n8b8kfs/jfmj9m8b8tf8zif3v+mMX/jvwxi/+d+WMW/7vyxyz+d+ePWfzvyR+z+N+bP2bxvy9/zOJ/f/6Yxf+B/DGL/4P5Yxb/h/LHLP4P549Z/B/JH7P4P5o/ZvF/LH/M4v94/pjF/4n8MYv/k/ljFv+n8scs/k/nj1n8n8kfs/g/mz9m8X8uf8zi/3z+mMX/hfwxi/+L+WMW/5fyxyz+L+ePWfxfyR+z+L+aP2bxfy1/zOL/ev6Yxf+N/DGL/5v5YxL/cQfyxyz+g/LHLP6D88cs/mPkj1n8h+SPWfzHzB+z+I+VP2bxHzt/zOI/Tv6YxX/c/DGL/3j5Yxb/8fPHLP4T5I9Z/CfMH7P4T5Q/ZvGfOH/M4j9J/pjFf9L8MYv/ZPljFv/35I9Z/N+bP2bxf1/+mMX//fljFv8P5I9Z/CfPH7P4fzB/zOL/ofwxi/+H88cs/h/JH7P4T5E/ZvH/aP6YxX/K/DGL/9D8MYv/VPljFv+p88cs/tPkj1n8p80fs/hPlz9m8Z8+f8ziP0P+mMV/xvwxi//H8scs/h/PH7P4fyJ/zOL/yfwxi/+n8scs/jPlj1n8Z84fs/jPkj9m8Z81f8ziP1v+mMV/9vwxi/8c+WMW/znzxyz+c+WPWfznzh+z+M+TP2bxnzd/zOI/X/6YxX/+/DGL/6fzxyz+n8kfs/h/Nn/M4v+5/DGL/wL5Yxb/BfPHLP4L5Y9Z/BfOH7P4fz5/zOL/hfwxi/8i+WMW/0Xzxyz+X8wfs/gvlj9m8f/Sv+I/+P/iuP5Ds/gv3v6PWfyXyB+z+H85f8ziv2T+mMV/qfwxi//S+WMW/6/kj1n8l8kfs/gvmz9m8V8uf8ziv3z+mMX/q/ljFv8V8scs/ivmj1n8V8ofs/ivnD9m8V8lf8zi/7X8MYv/1/PHLP6r5o9Z/FfLH7P4r54/ZvFfI3/M4v+N/DGL/5r5Yxb/tfLHLP5r549Z/NfJH7P4r5s/ZvFfL3/M4r9+/pjF/5v5Yxb/DfLHLP4b5o9Z/DfKH7P4b5w/ZvHfJH/M4r9p/pjF/1v5Yxb/zfLHLP6b549Z/LfIH7P4fzt/zOL/nfwxi/+W+WMW/63yx/5L/d+iHtV/6/yx/1L/txrVf5v8MYv/d/PHLP7fyx+z+H8/f8zi/4P8MYv/tvljFv/t8scs/tvnj1n8f5g/ZvHfIX/M4v+j/DGL/475Yxb/nfLHLP4/zh+z+O+cP2bx3yV/zOK/a/6Yxf8n+WMW/93yxyz+P80fs/j/LH/M4r97/pjFf4/8MYv/nvljFv+f549Z/PfKH7P4750/ZvHfJ3/M4r9v/pjFf7/8MYv//vljFv9fvKO/95lh8T9Arfz2WfwPzB+z+P8yf8zi/6v8MYv/QfljFv9f549Z/A/OH7P4H5I/ZvE/NH/M4v+b/DGL/2/zxyz+h+WPWfx/lz9m8T88f8zif0T+mMX/yPwxi/9R+WMW/6Pzxyz+v88fs/gfkz9m8f9D/pjF/9j8MYv/cfljFv8/5o9Z/I/PH7P4n5A/ZvE/MX/M4n9S/pjF/+T8MYv/n/LHLP6n5I9Z/P+cP2bxPzV/zOL/l/wxi/9p+WMW/9Pzxyz+Z+SPWfzPzB+z+J+VP2bxPzt/zOJ/Tv6Yxf/c/DGL/3n5Yxb/8/PHLP4X5I9Z/C/MH7P4X5Q/ZvG/OH/M4n9J/pjF/9L8MYv/ZfljFv/L88cs/lfkj1n8r8wfs/hflT9m8b86f8zif03+mMX/2vwxi/91+WMW/+vzxyz+N+SPWfxvzB+z+N+UP2bxvzl/zOJ/S/6Yxf/W/DGL/235Yxb/2/PHLP535I9Z/O/MH7P435U/ZvG/O3/M4n9P/pjF/978MYv/ffljFv/788cs/g/kj1n8H8wfs/g/lD9m8X84f8zi/0j+mMX/0fwxi/9j+WMW/8fzxyz+T+SPWfyfzB+z+D+VP2bxfzp/zOL/TP6Yxf/Z/DGL/3P5Yxb/5/PHLP4v5I9Z/F/MH7P4v5Q/ZvF/OX/M4v9K/pjF/9X8MYv/a/ljFv/X88cs/m/kj1n838wfk/iPN5A/ZvEflD9m8R+cP2bxHyN/zOI/JH/M4j9m/pjFf6z8MYv/2PljFv9x8scs/uPmj1n8x8sfs/iPnz9m8Z8gf8ziP2H+mMV/ovwxi//E+WMW/0nyxyz+k+aPWfwnyx+z+L8nf8zi/978MYv/+/LHLP7vzx+z+H8gf8ziP3n+mMX/g/ljFv8P5Y9Z/D+cP2bx/0j+mMV/ivwxi/9H88cs/lPmj1n8h+aPWfynyh+z+E+dP2bxnyZ/zOI/bf6YxX+6/DGL//T5Yxb/GfLHLP4z5o9Z/D+WP2bx/3j+mMX/E/ljFv9P5o9Z/D+VP2bxnyl/zOI/c/6YxX+W/DGL/6z5Yxb/2fLHLP6z549Z/OfIH7P4z5k/ZvGfK3/M4j93/pjFf578MYv/vPljFv/58scs/vPnj1n8P50/ZvH/TP6Yxf+z+WMW/8/lj1n8F8gfs/gvmD9m8V8of8ziv3D+mMX/8/ljFv8v5I9Z/BfJH7P4L5o/ZvH/Yv6YxX+x/DGL/5fyxyz+i+ePWfyXyB+z+H85f8ziv2T+mMV/qfwxi//S+WMW/6/kj1n8l8kfs/gvmz9m8V8uf8ziv3z+mMX/q/ljFv8V8scs/ivmj1n8V8ofs/ivnD9m8V8lf8zi/7X8MYv/1/PHLP6r5o9Z/FfLH7P4r54/ZvFfI3/M4v+N/DGL/5r5Yxb/tfLHLP5r549Z/NfJH7P4r5s/ZvFfL3/M4r9+/pjF/5v5Yxb/DfLHLP4b5o9Z/DfKH7P4b5w/ZvHfJH/M4r9p/pjF/1v5Yxb/zfLHLP6b549Z/LfIH7P4fzt/zOL/nfwxi/+W+WMW/63yxyz+W+ePWfy3yR+z+H83f8zi/738MYv/9/PHLP4/yB+z+G+bP2bx3y5/zOK/ff6Yxf+H+WMW/x3yxyz+P8ofs/jvmD9m8d8pf8zi/+P8MYv/zvljFv9d8scs/rvmj1n8f5I/ZvHfLX/M4v/T/DGL/8/yxyz+u+ePWfz3yB+z+O+ZP2bx/3n+mMV/r/wxi//e+WMW/33yxyz+++aPWfz3yx+z+O+fP2bx/0X+mMX/gPwxi/+B+WMW/1/mj1n8f5U/ZvE/KH/M4v/r/DGL/8H5Yxb/Q/LHLP6H5o9Z/H+TP2bx/23+mMX/sPwxi//v8scs/ofnj1n8j8gfs/gfmT9m8T8qf8zif3T+mMX/9/ljFv9j8scs/n8Q+o/xL6xj8T9W6P+vZPE/Ln/M4v/H/DGL//H5Yxb/E/LHLP4n5o9Z/E/KH7P4n5w/ZvH/U/6Yxf+U/DGL/5/zxyz+p+aPWfz/kj9m8T8tf8zif3r+mMX/jPwxi/+Z+WMW/7Pyxyz+Z+ePWfzPyR+z+J+bP2bxPy9/zOJ/fv6Yxf+C/DGL/4X5Yxb/i/LHLP4X549Z/C/JH7P4X5o/ZvG/LH/M4n95/pjF/4r8MYv/lfljFv+r8scs/lfnj1n8r8kfs/hfmz9m8b8uf8zif33+mMX/hvwxi/+N+WMW/5vyxyz+N+ePWfxvyR+z+N+aP2bxvy1/zOJ/e/6Yxf+O/DGL/535Yxb/u/LHLP53549Z/O/JH7P435s/ZvG/L3/M4n9//pjF/4H8MYv/g/ljFv+H8scs/g/nj1n8H8kfs/g/mj9m8X8sf8zi/3j+mMX/ifwxi/+T+WMW/6fyxyz+T+ePWfyfyR+z+D+bP2bxfy5/zOL/fP6Yxf+F/DGL/4v5Yxb/l/LHLP4v549Z/F/JH7P4v5o/ZvF/LX/M4v96/pjF/438MYv/m/ljEv/xB/LHLP6D8scs/oPzxyz+Y+SPWfyH5I9Z/MfMH7P4j5U/ZvEfO3/M4j9O/pjFf9z8MYv/ePljFv/x88cs/hPkj1n8J8wfs/hPlD9m8Z84f8ziP0n+mMV/0vwxi/9k+WMW//fkj1n835s/ZvF/X/6Yxf/9+WMW/w/kj1n8J88fs/h/MH/M4v+h/DGL/4fzxyz+H8kfs/hPkT9m8f9o/pjFf8r8MYv/0Pwxi/9U+WMW/6nzxyz+0+SPWfynzR+z+E+XP2bxnz5/zOI/Q/6YxX/G/DGL/8fyxyz+H88fs/h/In/M4v/J/DGL/6fyxyz+M+WPWfxnzh+z+M+SP2bxnzV/zOI/W/6YxX/2/DGL/xz5Yxb/OfPHLP5z5Y9Z/OfOH7P4z5M/ZvGfN3/M4j9f/pjFf/78MYv/p/PHLP6fyR+z+H82f8zi/7n8MYv/AvljFv8F88cs/gvlj1n8F84fs/h/Pn/M4v+F/DGL/yL5Yxb/RfPHLP5fzB+z+C+WP2bx/1L+mMV/8fwxi/8S+WMW/y/nj1n8l8wfs/gvlT9m8V86f8zi/5X8MYv/MvljFv9l88cs/svlj1n8l88fs/h/NX/M4r9C/pjFf8X8MYv/SvljFv+V88cs/qvkj1n8v5Y/ZvH/ev6YxX/V/DGL/2r5Yxb/1fPHLP5r5I9Z/L+RP2bxXzN/zOK/Vv6YxX/t/DGL/zr5Yxb/dfPHLP7r5Y9Z/NfPH7P4fzN/zOK/Qf6YxX/D/DGL/0b5Yxb/jfPHLP6b5I9Z/DfNH7P4fyt/zOK/Wf6YxX/z/DGL/xb5Yxb/b+ePWfy/kz9m8d8yf8ziv1X+mMV/6/wxi/82+WMW/+/mj1n8v5c/ZvH/fv6Yxf8H+WMW/23zxyz+2+WPWfy3zx+z+P8wf8ziv0P+mMX/R/ljFv8d88cs/jvlj1n8f5w/ZvHfOX/M4r9L/pjFf9f8MYv/T/LHLP675Y9Z/H+aP2bx/1n+mMV/9/wxi/8e+WMW/z3zxyz+P88fs/jvlT9m8d87f8ziv0/+mMV/3/wxi/9++WMW//3zxyz+v8gfs/gfkD9m8T8wf8zi/8v8MYv/r/LHLP4H5Y9Z/H+dP2bxPzh/zOJ/SP6Yxf/Q/DGL/2/yxyz+v80fs/gflj9m8f9d/pjF//D8MYv/EfljFv8j88cs/kflj1n8j84fs/j/Pn/M4n9M/pjF/w/5Yxb/Y/PHLP7H5Y9Z/P+YP2bxPz5/zOJ/Qv6Yxf/E/DGL/0n5Yxb/k/PHLP5/yh+z+J+SP2bx/3P+mMX/1Pwxi/9f8scs/qflj1n8T88fs/ifkT9m8T8zf8zif1b+mMX/7Pwxi/85+WMW/3Pzxyz+5+WPWfzPzx+z+F+QP2bxvzB/zOJ/Uf6Yxf/i/DGL/yX5Yxb/S/PHLP6X5Y9Z/C/PH7P4X5E/ZvG/Mn/M4n9V/pjF/+r8MYv/NfljFv9r88cs/tflj1n8r88fs/jfkD9m8b8xf8zif1P+mMX/5vwxi/8t+WMW/1vzxyz+t+WPWfxvzx+z+N+RP2bxvzN/zOJ/V/6Yxf/u/DGL/z35Yxb/e/PHLP735Y9Z/O/PH7P4P5A/ZvF/MH/M4v9Q/pjF/+H8MYv/I/ljFv9H88cs/o/lj1n8H88fs/g/kT9m8X8yf8zi/1T+mMX/6fwxi/8z+WMW/2fzxyz+z+WPWfyfzx+z+L+QP2bxfzF/zOL/Uv6Yxf/l/DGL/yv5Yxb/V/PHLP6v5Y9Z/F/PH7P4v5E/ZvF/M39M4j/BQP6YxX9Q/pjFf3D+mMV/jPwxi/+Q/DGL/5j5Yxb/sfLHLP5j549Z/MfJH7P4j6v3H4xLLf7j6f05i//4+WMW/wnyxyz+E+aPWfwnyh+z+E+cP2bxnyR/zOI/af6YxX+y/DGL/3vyxyz+780fs/i/L3/M4v/+/DGL/wfyxyz+k+ePWfw/mD9m8f9Q/pjF/8P5Yxb/j+SPWfynyB+z+H80f8ziP2X+mMV/aP6YxX+q/DGL/9T5Yxb/afLHLP7T5o9Z/KfLH7P4T58/ZvGfIX/M4j9j/pjF/2P5Yxb/j+ePWfw/kT9m8f9k/pjF/1P5Yxb/mfLHLP4z549Z/GfJH7P4z5o/ZvGfLX/M4j97/pjFf478MYv/nPljFv+58scs/nPnj1n858kfs/jPmz9m8Z8vf8ziP3/+mMX/0/ljFv/P5I9Z/D+bP2bx/1z+mMV/gfwxi/+C+WMW/4Xyxyz+C+ePWfw/nz9m8f9C/pjFf5H8MYv/ovljFv8v5o9Z/BfLH7P4fyl/zOK/eP6YxX+J/DGL/5fzxyz+S+aPWfyXyh+z+C+dP2bx/0r+mMV/mfwxi/+y+WMW/+Xyxyz+y+ePWfy/mj9m8V8hf8ziv2L+mMV/pfwxi//K+WMW/1Xyxyz+X8sfs/h/PX/M4r9q/pjFf7X8MYv/6vljFv818scs/t/IH7P4r5k/ZvFfK3/M4r92/pjFf538MYv/uvljFv/18scs/uvnj1n8v5k/ZvHfIH/M4r9h/pjFf6P8MYv/xvljFv9N8scs/pvmj1n8v5U/ZvHfLH/M4r95/pjFf4v8MYv/t/PHLP7fyR+z+G+ZP2bx3yp/zOK/df6YxX+b/DGL/3fzxyz+38sfs/h/P3/M4v+D/DGL/7b5Yxb/7fLHLP7b549Z/H+YP2bx3yF/zOL/o/wxi/+O+WMW/53yxyz+P84fs/jvnD9m8d8lf8ziv2v+mMX/J/ljFv/d8scs/j/NH7P4/yx/zOK/e/6YxX+P/DGL/575Yxb/n+ePWfz3yh+z+O+dP2bx3yd/zOK/b/6YxX+//DGL//75Yxb/X+SPWfwPyB+z+B+YP2bx/2X+mMX/V/ljFv+D8scs/r/OH7P4H5w/ZvE/JH/M4n9o/pjF/zf5Yxb/3+aPWfwPyx+z+P8uf8zif3j+mMX/iPwxi/+R+WMW/6Pyxyz+R+ePWfx/nz9m8T8mf8zi/4f8MYv/sfljFv/j8scs/n/MH7P4H58/9jf/cQf+m/1PyB+z7P8n5o9Z/E/KH7P4n5w/ZvH/U/6Yxf+U/DGL/5/zxyz+p+aPWfz/kj9m8T8tf8zif3r+mMX/jPwxi/+Z+WMW/7Pyxyz+Z+ePWfzP+af+b/zfHdd/aBb/c9v/MYv/efljFv/z88cs/hfkj1n8L8wfs/hflD9m8b84f8zif0n+mMX/0vwxi/9l+WMW/8vzxyz+V+SPWfyvzB+z+F+VP2bxvzp/zOJ/Tf6Yxf/a/DGL/3X5Yxb/6/PHLP435I9Z/G/MH7P435Q/ZvG/OX/M4n9L/pjF/9b8MYv/bfljFv/b88cs/nfkj1n878wfs/jflT9m8b87f8zif0/+mMX/3vwxi/99+WMW//vzxyz+D+SPWfwfzB+z+D+UP2bxfzh/zOL/SP6Yxf/R/DGL/2P5Yxb/x/PHLP5P5I9Z/J/MH7P4P5U/ZvF/On/M4v9M/pjF/9n8MYv/c/ljFv/n88cs/i/kj1n8X8wfs/i/lD9m8X85f8zi/0r+mMX/1fwxi/9r+WMW/9fzxyz+b+SPWfzfzB+T+E84kD9m8R+UP2bxH5w/ZvEfI3/M4j8kf8ziP2b+mMV/rPwxi//Y+WMW/3Hyxyz+4+aPWfzHyx+z+I+fP2bxnyB/zOI/Yf6YxX+i/DGL/8T5Yxb/SfLHLP6T5o9Z/CfLH7P4vyd/zOL/3vwxi//78scs/u/PH7P4fyB/zOI/ef6Yxf+D+WMW/w/lj1n8P5w/ZvH/SP6YxX+K/DGL/0fzxyz+U+aPWfyH5o9Z/KfKH7P4T50/ZvGfJn/M4j9t/pjFf7r8MYv/9PljFv8Z8scs/jPmj1n8P5Y/ZvH/eP6Yxf8T+WMW/0/mj1n8P5U/ZvGfKX/M4j9z/pjFf5b8MYv/rPljFv/Z8scs/rPnj1n858gfs/jPmT9m8Z8rf8ziP3f+mMV/nvwxi/+8+WMW//nyxyz+8+ePWfw/nT9m8f9M/pjF/7P5Yxb/z/0z/yH/l8f1H5rFf4H2f8ziv2D+mMV/ofwxi//C+WMW/8/nj1n8v5A/ZvFfJH/M4r9o/pjF/4v5Yxb/xfLHLP5fyh+z+C+eP2bxXyJ/zOL/5fwxi/+S+WMW/6Xyxyz+S+ePWfy/kj9m8V8mf8ziv2z+mMV/ufwxi//y+WMW/6/mj1n8V8gfs/ivmD9m8V8pf8ziv3L+mMV/lfwxi//X8scs/l/PH7P4r5o/ZvFfLX/M4r96/pjFf438MYv/N/LHLP5r5o9Z/NfKH7P4r50/ZvFfJ3/M4r9u/pjFf738MYv/+vljFv9v5o9Z/DfIH7P4b5g/ZvHfKH/M4r9x/pjFf5P8MYv/pvljFv9v5Y9Z/DfLH7P4b54/ZvHfIn/M4v/t/DGL/3fyxyz+W+aPWfy3yh+z+G+dP2bx3yZ/zOL/3fwxi//38scs/t/PH7P4/yB/zOK/bf6YxX+7/DGL//b5Yxb/H+aPWfx3yB+z+P8of8ziv2P+mMV/p/wxi/+P88cs/jvnj1n8d8kfs/jvmj9m8f9J/pjFf7f8MYv/T/PHLP4/yx+z+O+eP2bx3yN/zOK/Z/6Yxf/n+WMW/73yxyz+e+ePWfz3yR+z+O+bP2bx3y9/zOK/f/6Yxf8X+WMW/wPyxyz+B+aPWfx/mT9m8f9V/pjF/6D8MYv/r/PHLP4H54/9N/oPGhjYbmA0/0Pyx/4b/Wn/PzR/zOL/m/wxi/9v88cs/oflj1n8f5c/ZvE/PH/M4n9E/pjF/8j8MYv/UfljFv+j88cs/r/PH7P4H5M/ZvH/Q/6Yxf/Y/DGL/3H5Yxb/P+aPWfyPzx+z+J+QP2bxPzF/zOJ/Uv6Yxf/k/DGL/5/yxyz+p+SPWfz/nD9m8T81f8zi/5f8MYv/afljFv/T88cs/mfkj1n8z8wfs/iflT9m8T87f8zif07+mMX/3Pwxi/95+WMW//Pzxyz+F+SPWfwvzB+z+F+UP2bxvzh/zOJ/Sf6Yxf/S/DGL/2X5Yxb/y/PHLP5X5I9Z/K/MH7P4X5U/ZvG/On/M4n9N/pjF/9r8MYv/dfljFv/r88cs/jfkj1n8b8wfs/jflD9m8b85f8zif0v+mMX/1vwxi/9t+WMW/9vzxyz+d+SPWfzvzB+z+N+VP2bxvzt/zOJ/zz/4L/C/O67/0Cz+97b/Yxb/+/LHLP73549Z/B/IH7P4P5g/ZvF/KH/M4v9w/pjF/5H8MYv/o/ljFv/H8scs/o/nj1n8n8gfs/g/mT9m8X8qf8zi/3T+mMX/mfwxi/+z+WMW/+fyxyz+z+ePWfxfyB+z+L+YP2bxfyl/zOL/cv6Yxf+V/DGL/6v5Yxb/1/LHLP6v549Z/N/IH7P4v5k/JvGfaCB/zOI/KH/M4j84f8ziP0b+mMV/SP6YxX/M/DGL/1j5Yxb/sfPHLP7j5I9Z/MfNH7P4j5c/ZvEfP3/M4j9B/pjFf8L8MYv/RPljFv+J88cs/pPkj1n8J80fs/hPlj9m8X9P/pjF/735Yxb/9+WPWfzfnz9m8f9A/pjFf/L8MYv/B/PHLP4fyh+z+H84f8zi/5H8MYv/FPljFv+P5o9Z/KfMH7P4D80fs/hPlT9m8Z86f8ziP03+mMV/2vwxi/90+WMW/+nzxyz+M+SPWfxnzB+z+H8sf8zi//H8MYv/J/LHLP6fzB+z+H8qf8ziP1P+mMV/5vwxi/8s+WMW/1nzxyz+s+WPWfxnzx+z+M+RP2bxnzN/zOI/V/6YxX/u/DGL/zz5Yxb/efPHLP7z5Y9Z/OfPH7P4fzp/zOL/mfwxi/9n88cs/p/LH7P4L5A/ZvFfMH/M4r9Q/pjFf+H8MYv/5/PHLP5fyB+z+C+SP2bxXzR/zOL/xfwxi/9i+WMW/y/lj1n8F88fs/gvkT9m8f9y/pjFf8n8MYv/UvljFv+l88cs/l/JH7P4L5M/ZvFfNn/M4r9c/pjFf/n8MYv/V/PHLP4r5I9Z/FfMH7P4r5Q/ZvFfOX/M4r9K/pjF/2v5Yxb/r+ePWfxXzR+z+K+WP2bxXz1/zOK/Rv6Yxf8b+WMW/zXzxyz+a+WPWfzXzh+z+K+TP2bxXzd/zOK/Xv6YxX/9/DGL/zfzxyz+G+SPWfw3zB+z+G+UP2bx3zh/zOK/Sf6YxX/T/DGL/7fyxyz+m+WPWfw3zx+z+G+RP2bx/3b+mMX/O/ljFv8t88cs/lvlj1n8t84fs/hvkz9m8f9u/pjF/3v5Yxb/7+ePWfx/kD9m8d82f8ziv13+mMV/+/wxi/8P88cs/jvkj1n8f5Q/ZvHfMX/M4r9T/pjF/8f5Yxb/nfPHLP675I9Z/HfNH7P4/yR/zOK/W/6Yxf+n+WMW/5/lj1n8d88fs/jvkT9m8d8zf8zi//P8MYv/XvljFv+988cs/vvkj1n8980fs/jvlz9m8d8/f8zi/4v8MYv/AfljFv8D88cs/r/MH7P4/yp/zOJ/UP6Yxf/X+WMW/4Pzxyz+h+SPWfwPzR+z+P8mf8zi/9v8MYv/YfljFv/f5Y9Z/A/PH7P4H5E/Npr/8f+t/kfmj1n2/6Pyxyz+R+ePWfx/nz9m8T8mf8zi/4f8MYv/sfljFv/j8scs/n/MH7P4H58/ZvE/IX/M4n9i/pjF/6T8MYv/yfljFv8/5Y9Z/E/JH7P4/zl/zOJ/av6Yxf8v+WMW/9Pyxyz+p+ePWfzPyB+z+J+ZP2bxPyt/zOJ/dv6Yxf+c/DGL/7n5Yxb/8/LHLP7n549Z/C/IH7P4X5g/ZvG/KH/M4n9x/pjF/5L8MYv/pfljFv/L8scs/pfnj1n8r8gfs/hfmT9m8b8qf8zif3X+mMX/mvwxi/+1+WMW/+vyxyz+1+ePWfxvyB+z+N+YP2bxvyl/zOJ/c/6Yxf+W/DGL/635Yxb/2/LHLP63549Z/O/IH7P435k/ZvG/K3/M4n93/pjF/578MYv/vfljFv/78scs/vfnj1n8H8gfs/g/mD9m8X8of8zi/3D+mMX/kfwxi/+j+WMW/8fyxyz+j+ePWfyfyB+z+D+ZP2bxfyp/zOL/dP6Yxf+Z/DGL/7P5Yxb/5/LHLP7P549Z/F/IH7P4v5g/ZvF/KX/M4v9y/pjF/5X8MYv/q/ljFv/X8scs/q/nj1n838gfs/i/mT8m8Z94IH/M4j8of8ziPzh/zOI/Rv6YxX9I/pjFf8z8MYv/WPljFv+x/z927j7c67q+4/gX+ICICjpXCw0jEEVTQVCRzBu01CNwtBtLSVBSvJmgTCnQlZLdWFs5y1WurTRvUmdq6ay5pqOcc7psVlTbbIzNHGuFy3LiVsmuA+cQ5/T2XJ4v33294v14/ME5v9/p/Ut5XlcvfofrpH8oS//h+oey9N9W/1CW/iP0D2Xpv53+oSz9t9c/lKX/DvqHsvQfqX8oS/9R+oey9N9R/1CW/jvpH8rS/zf0D2Xpv7P+oSz9f1P/UJb+L9E/lKX/S/UPZen/W/qHsvR/mf6hLP1H6x/K0n8X/UNZ+u+qfyhL/5frH8rSf4z+oSz9d9M/lKX/K/QPZek/Vv9Qlv6v1D+Upf84/UNZ+o/XP5Sl/+76h7L0n6B/KEv/PfQPZem/p/6hLP0n6h/K0n8v/UNZ+u+tfyhL/1fpH8rSfx/9Q1n676t/KEv//fQPZek/Sf9Qlv6T9Q9l6b+//qEs/afoH9ra+w/b+OmoqfqHtvb+3UYdoH8oS/8D9Q9l6X+Q/qEs/afpH8rS/2D9Q1n6T9c/lKX/q/UPZel/iP6hLP1fo38oS/9D9Q9l6X+Y/qEs/Q/XP5Sl/xH6h7L0n6F/KEv/I/UPZel/lP6hLP1fq38oS//X6R/K0v9o/UNZ+h+jfyhL/2P1D2Xp36F/KEv/4/QPZek/U/9Qlv6z9A9l6T9b/1CW/p36h7L0P17/UJb+J+gfytL/9fqHsvR/g/6hLP3fqH8oS/836R/K0v9E/UNZ+r9Z/1CW/m/RP5Sl/0n6h7L0P1n/UJb+c/QPZen/Vv1DWfqfon8oS/+5+oey9J+nfyhL/1P1D2Xpf5r+oSz95+sfytL/bfqHsvQ/Xf9Qlv5n6B/K0n+B/qEs/c/UP5Sl/1n6h7L0P1v/UJb+5+gfytL/t/UPZel/rv6hLP0X6h/K0n+R/qEs/c/TP5Sl//n6h7L0X6x/KEv/39E/lKX/BfqHsvS/UP9Qlv5L9A9l6f92/UNZ+r9D/1CW/kv1D2Xpv0z/UJb+F+kfytL/Yv1DWfr/rv6hLP3fqX8oS/936R/K0v8S/UNZ+l+qfyhL/+X6h7L0f7f+oSz9L9M/lKX/e/QPZen/Xv1DWfq/T/9Qlv7v1z+Upf/l+oey9P+A/qEs/T+ofyhL/9/TP5Sl/+/rH8rS/0P6h7L0/7D+oSz9r9A/lKX/H+gfytL/Sv1DWfp/RP9Qlv4f1T+Upf9V+oey9P9D/UNZ+n9M/1CW/h/XP5Sl/yf0D2Xpf7X+oSz9/0j/UJb+n9Q/lKX/H+sfytL/T/QPZen/Kf1DWfp/Wv9Qlv7X6B/K0v9a/UNZ+n9G/1CW/tfpH8rS/3r9Q1n636B/KEv/G/UPZen/Wf1DWfrfpH8oS/+b9Q9l6X+L/qEs/f9U/1CW/rfqH8rS/3P6h7L0v03/UJb+t+sfytL/Dv1DWfp/Xv9Qlv5f0D+Upf+d+oey9L9L/1CW/n+mfyhL/7v1D2Xp/0X9Q1n6f0n/UJb+f65/KEv/e/QPZen/F/qHsvT/sv6hLP3/Uv9Qlv736h/K0v8+/UNZ+v+V/qEs/VfoH8rS/yv6h7L0/6r+oSz979c/lKX/X+sfytL/Af1DWfr/jf6hLP0f1D+Upf/f6h/K0v8h/UNZ+j+sfyhL/7/TP5Sl/9f0D2Xp/4j+oSz9v65/KEv/v9c/lKX/o/qHsvT/hv6hLP2/qX8oS/9v6R/K0n+l/qEs/b+tfyhL/+/oH8rS/7v6h7L0/wf9Q1n6/6P+oSz9/0n/UJb+j+kfytL/e/qHsvT/Z/1DWfqv0j+Upf+/6B/K0n+1/qEs/f9V/1CW/v+mfyhL/8f1D2Xp/339Q1n6P6F/KEv/f9c/lKX/Gv1DWfr/h/6hLP1/oH8oS///1D+Upf8P9Q9l6f8j/UNZ+q/VP5Sl/5P6h7L0/y/9Q1n6/1j/UJb+T+kfytL/J/qHsvT/qf6hLP2f1j+Upf9/6x/K0v8Z/UNZ+q/TP5Sl/7P6h7L0/x/9Q1n6/6/+oSz9f6Z/KEv/n+sfytL/F/qHsvR/Tv9Qlv7r9Q8l6b9jpX8oS/9B+oey9B+sfyhL/yH6h7L0L/qHsvQfqn8oS/9h+oey9N9G/1CW/sP1D2Xpv63+oSz9R+gfytJ/O/1DWfpvr38oS/8d9A9l6T9S/1CW/qP0D211/QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAquronLF2yKBeTw3Z/MGYRxZs+HjAupPOvvHGL+7U87H7yzODlxy8+YP169evH/x09bXuh9tUVdX137Zj9+PhfY+7Xv/SGVdP3PiojL3u2b1vXfrske+/Y+XN6465aeatQzc8O7Q67cxzFi6YPLiqyvih1bKuB/sPqqqyx9Dqyq4HU7oe7Dm0urnrwdQND7atVnQ92O/08xee0fXExNq/ZwDw666jc3k1pNdiV73+NLD5/l86467lPR/7ecmeVytV9/7fc+fO7+jztR7Ps/89r19e2Xf/B/wvCAD8ioHt//1jez7285K/8v5/9nkfXxl97fn3v+f1yzj7DwDNC77/32uj+37fv8/3/6M/B2y6P/fUq7bp2v+b1p24pPup8kK+///L1y/j++7/4F7f/x9UVWX3nu//b1NVZcIW/nYAQAodne9e29/7//73v+zS52bQ5vu/020rTuza/1Uj7nhp91NDB7j/u/f3/v/oPv+sAMAL09H5mfV93v8PYP+rPYKX3LT/Ry176CVd+/+NVd8fu9nXBrL/E/ru/6QlixZPuvCii/c9Z9H8sxacteC86dOmHXzgtIOmT5m04TsCG3/dwt8UANjKbdn7/2pEn5tBVfXEpvsP3Tvmoa79n/LJY8/ufmr4APd/j37f/4/1/h8Aehk3uBo2rFo2f8mSC/bf+GvPwykbf934Hwv2fwB//z++54foen5mcFBVvWzTfeeFHxjctf/Xj9/l3u6nhg1w//fsd/+P6P2zigDAC7OF7//P6HPTa/9HDblletf+Hzdhr8u7nxro3/9P7Hf/r/X+HwDq6Ois/l/fRHft/2Xb/+KaetdlLz//BwDNa2P/nxzznnH1rsve9h8AmtfG/i84fIe7612XV9l/AGheG/v/YMdVc+tdl33sPwA0r439n3XumIfrXZd97T8ANK+N/R978elL612X/ew/ADSvjf2/9aS1q+tdl0n2HwCa18b+nzJ81VP1rstk+w8AzWtj/7+79wln1rsu+9t/AGheG/v/5UP2e6zedZli/wGgeW3s/+TR186qd12m2n8AaF4b+//R8w+7od51OcD+A0Dz2tj/0bM/P7XedTnQ/gNA89rY/7ef8vUr6l2Xg+w/ADSvjf1/7pIjRte7LtPsPwA0r439X/HgbnPqXZeD7T8ANK+N/Z/5xJWP1Lsu0+0/ADSvjf3f8+knF9e7Lq+2/wDQvDb2/3PfOW1NvetyiP0HgOa1sf8jr31uVL3r8hr7DwDNa2P/33fZ4qvrXZdD7T8ANK+N/f/BVSMn1Lsuh9l/AGheG/v/ti8sv7PedTnc/gNA89rY/28+PnVmvetyhP0HgOa1sf8nf+Xe79W7LjPsPwA0r439P/DR++fXuy5H2n8AaF4b+3/fT2Y/U++6HGX/AaB5bez/y9/7rd3qXZfX2n8AaF4b+/+Jz879YL3r8jr7DwDNa2P/f/al8QfUuy5H238AaF4b+7/4Y7ddX++6HGP/AaB5bex/5z4/XV3vuhxr/wGgeW3s/wMj37W03nXpsP8A0Lw29v+WVwx5uN51Oc7+A0Dz2tj/cYd+eG696zLT/gNA89rY/+Uzd7673nWZZf8BoHlt7P9253xqXL3rMtv+A0Dz2tj/s5Y9fk2969Jp/wGgeW3s/4/mLBpe77ocb/8BoHlt7P+uI+aNrnddTrD/ANC8Nvb/yomPXlHvurze/gNA89rY/59Pv31qvevyBvsPAM1rY/+X7jr2hnrX5Y32HwCa18b+f3vRfbPqXZc32X8AaF4b+z/v+MmP1bsuJ9p/AGheG/s/ZV7nmfWuy5vtPwA0r439v+edK56qd13eYv8BoHlt7P/lD3z6znrX5ST7DwDNa2P/t1+z44R61+Vk+w8AzWtj/0975ryr612XOfYfAJrXxv7/cOXqUfWuy1vtPwA0r43977jukjX1rssp9h8AmtfG/n91+Y8X17suc+0/ADSvjf2//SNXPFLvusyz/wDQvDb2f8Jd1Zx61+VU+w8AzbvwoovPnb9w4YILfOITn/hk0ycv9v8yAQAATfvlH/pf7H8SAAAAAAAAAAAAAAAAAAAAyKuN/zuxF/vfEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP9jBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgQMBAAAAAEH+1isMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXwEAAP//JTHa4g==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
ftruncate(r0, 0xc17a)
write$vhost_msg_v2(r0, &(0x7f0000000240)={0x2, 0x0, {0x0, 0x0, 0x0, 0x3, 0x4}}, 0x48)

2.908783144s ago: executing program 6 (id=1792):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000400)={0xa, 0x2, 0x13, @loopback, 0x9}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0x20, &(0x7f0000000080)=0xfffffffe, 0x4)
sendto$inet6(r0, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)
shutdown(r0, 0x1)

2.900138308s ago: executing program 8 (id=1803):
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$sndpcmc(&(0x7f0000000480), 0x1, 0x0)
r0 = syz_io_uring_setup(0x66e, &(0x7f0000000240)={0x0, 0x0, 0x10100}, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000200)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r0, 0x567, 0x0, 0x0, 0x0, 0x0)

2.679091332s ago: executing program 1 (id=1793):
r0 = socket$kcm(0x2, 0x3, 0x2)
recvmsg$kcm(r0, &(0x7f0000000800)={0x0, 0x0, 0x0}, 0x18000)
close(0x3)
r1 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000150097f87059ae08060c040002ff0f020000000000000187ac1414aaa69d35a2cca84708f7abca1bac1414aabd7c493872f750375ed08a560400000003c48f93b82a03000000461e", 0x4c}], 0x1}, 0x0)

2.623295889s ago: executing program 8 (id=1794):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000b80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000004500)={'wlan0\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f0000004780)={0x0, 0x0, &(0x7f0000004740)={&(0x7f0000004540)={0x24, r1, 0x1, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x444}]}, 0x24}}, 0x0)

2.58335435s ago: executing program 6 (id=1795):
r0 = epoll_create1(0x0)
epoll_wait(r0, &(0x7f0000000480)=[{}], 0x1, 0x10000200)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
epoll_pwait(r0, &(0x7f0000000040)=[{}], 0x1, 0xea5, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000080)={0x9d32f4b220c65367})

2.409141366s ago: executing program 1 (id=1796):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x8)
r1 = socket$packet(0x11, 0x2, 0x300)
bind$packet(r1, &(0x7f0000000340)={0x11, 0x15, 0x0, 0x1, 0x6, 0x6, @random="af4fd91aa696"}, 0x14)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x8)

2.144745716s ago: executing program 6 (id=1797):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400010000000009040000010300000009210000000122080009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="002208000000a20100c3"], 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f00000001c0), 0x0, 0x40c00)
ioctl$HIDIOCAPPLICATION(r1, 0x4802, 0x0)

2.143728061s ago: executing program 8 (id=1810):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000000c0)={0x97, &(0x7f0000000040)=ANY=[@ANYBLOB="00000100000005"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000980)={0x84, &(0x7f0000000480)={0x0, 0x15, 0x2, "efe6"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000005c0)={0x44, &(0x7f0000000180)=ANY=[@ANYBLOB="600a10"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

2.056519974s ago: executing program 1 (id=1798):
syz_mount_image$ext4(&(0x7f0000000000)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x10, &(0x7f0000000140)={[{@norecovery}]}, 0xee, 0x474, &(0x7f00000004c0)="$eJzs3EtsG0UfAPD/rvNo+viSr5RHSwuBgqh4JE36oAcuIJA4gIQEhyJOIUmrUrdBTZBoVUHhUI6oEnfEEYk7Eie4IOCAkLjCHVWqql5aOBmtvZs6jp06tRu3+PeT1p7ZXWfm79mxxzN2Auhb49lNErE1Iv6IiNFaduUJ47W7G9fOz/597fxsEpXKm1eT6nnXr52fLU4tHrellqlUIoaz5HCTci++EzFTLs+fyfOTS6fen1w8e+65E6dmjs8fnz89feTIwQN7hg5PH+oovjS/z+K6vuujhd07X3370uuzRy+9+/M3WX235sfr47gtWbQNxmvPbqNHs5snOyrsrvJrdrOtbkcy0PrkiQ2oEO0rRUTWXIPV/j8apRhZPjYar3za08oBd1SlUqk0e3/OXagA/2FJ9LoGQG8Ub/TZ599i26Chx13hyou1D0BZ3DfyrXZkYHnuYLDh8203jUfE0Qv/fJlt0Y15CACAW/g+G/8822z8l8YDdef9L19DGYuI/0fE9oi4LyJ2RMT9EdVzH4yIh9ZZfuMKyerxT3r5tgJrUzb+eyFf21o5/itGfzFWynPbqvEPJsdOlOf358/JvhgczvJTa5Txw8u/f16kNzUcqx//ZVtWfjEWzOtxeaBhgm5uZmmm07gLVz6J2DXQLP4kimWcJCJ2RsSu2yzjxNNf72517Nbxr2GNdaZ2Vb6KeKrW/hdiRfw3myppuT459fzh6UOTm6I8v3+yuCpW++W3i2+0Kr+j+Lsga//NTa//5VXgsWRTxOLZcyer67WL6y/j4p+f1fXpFavLWfzptxHrvv6Hkreq6aF834czS0tnpiKGktdW75+++dgiX5yfxb9vb/P+v72uxg9HRHYR74mIR/JF3KztHouIxyNi7xrx//TSE++1Oraq/UeK+NeYle+iLP65W7V/1Lf/+hOlkz9+13b8Tdv/YDW1L9/TzutfuxXs5LkDAACAe0Va/Q58kk4sp9N0YqL2Hf4dsTktLywuPXNs4YPTc7Xvyo/FYFrMdI3WzYdO5XPDRX66IX8gnzf+ojRSzU/MLpTneh089LktLfp/5q9Sr2sH3HFdWEcD7lH6P/Qv/R/6l/4P/Uv/h/7VrP9/3IN6ABvP+z/0L/0f+pf+D/1L/4e+1PK38WlHP/nvcaL43wkd/J2rvY+i48TInSwi0t4H2BeJgU4u43YSw00P9fiFCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoEv+DQAA//9L2OJW")
openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f0000000080)={0xba, 0x8000000000000001, 0x6, 0x7, 0xb, 0xd})

1.987031491s ago: executing program 5 (id=1799):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0x40045010, &(0x7f0000000040)=0x6)
ioctl$SNDCTL_DSP_RESET(r0, 0x5000, 0x0)

1.826625989s ago: executing program 1 (id=1800):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r0 = io_uring_setup(0x191a, &(0x7f0000000180)={0x0, 0x15bc, 0x0, 0xffffffff, 0x35e})
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil)

1.448647609s ago: executing program 1 (id=1802):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x101880a, &(0x7f0000005a80)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c61636c2c6673796e635f6d6f64653d7374726963742c696e6c696e655f78617474722c6673796e635f6d6f64653d706f7369782c646973636172645f756e69743d7365676d656e742c6261636b67726f756e645f67633d6f6e2c6e6f696e6c696e655f78617474722c646973636172645f756e69743d626c6f636b2c6673796e635f6d6f64653d7374726963742c617467632c657874656e745f63616368652c6661756c745f696e6a656374696f6e3d30303030303030303030303030303031343033302c00271d57a599b8b169a579679e220c689eaaec4fa6229021e75c68a687d319b615573b0b0ceefba8e2e2419434463974ef8174b66469344931de0ccad650792761"], 0x1, 0x550b, &(0x7f0000000540)="$eJzs3M1rI2UYAPAn/dhv1yIevO3AIrSwiU0/Fr1V3cUP7FJWPXjSNElDdpNMadK09uTBo3jwPxEFTx79Gzx49iYeFG+Ckpmpbv0AoWlj298PJs+8b94887xhWXhmSgK4sOaSX34qxc24GhHTEXEjIjsvFUdmLQ/PRcStiJh64igV839MXIqIaxFxc5Q8z1kq3vrszvD26o9v/vz1t5dnrn/+1XeT2zUwac9HRHc7P9/r5jFt5fFRMV8btrPYXRkWMX+j+7gYp3nca25mGfZqh+tqWVxu5evT7d3+KG51avVRbLW3svntXn7B/rB1mCf7wKPaTjZuNDez2O6nWWwd5HXtH+T/tx30B3meRpHvwyx9DAaHMZ9v7jfz/Ww/zmK9Nyjm87xpo7k/isMiFpeLetppZHVsHueb/n97q93b3U+GzZ1+O+0lq5Xqi5Xq3XJ1J200B82Vcq3buLuSzLc6o2XlQbPWXWulaavTrNTT7kIy36rXy9VqMn+vudmu9ZJqtbJcWSyvLhRnd5LXHrybdBrJ/Ci+0u7tDtqdfrKV7iT5JxaSpcrySwvJ7Wry9vpGsvHw/v31jXfev/feg5fX33i1WPS3spL5pcWlpXJ1sbxUXbhA+/+4KHqM+4djKU26AICzR/8PTMLJ9f87DyNOvv8P/f9YnKn+9/z1/3svREx0/3As+n8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAvr+9kvXs9O5vLx9WL+qWLqmWJcioipiPjtH0zHpSM5p4s8s/+yfvYvNXxTiizD6BqXi+NaRKwVx69Pn/S3AAAAAOfXlx/d+jTv1vOXuUkXxGnKb9pM3fhgTPlKETE798OYsk2NXp4dU7Ls3/dM7I8pW3YD68qYkuW33GbGle0/mT4SrjwRSnmYOtVyAACAU3G0EzjdLgQAAIDT9MmkC2AySnH4KPPwWXD2l/d/PhC8emQEAAAAnEGlSRcAAAAAnLis//f7fwAAAHC+5b//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7NzP7eJA1EcgJ8NXth/WrTa+7ayNyhjS9jjHiMKSBMUkANpIQ1QA7mlhAgiPA6BiEMkj20l+j7JmYxlfrxBcJgZaQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu3Vfrxe3V7+u2Obt9O3lGAwAAAFyyrdaL+p9Z6n9t7n9vbv1s+kVElBFxae4+ik9nmaMmp3p5/ub0+epVDXcRdcLhPSbN9SUi/jTX44+uPwUAAAD4uDbL1TzN1tOf2dAF0ae0aFN++5spr4iIavaQKa085P3KFFZ/v8fxP1NavYA1zRSWltzGudLepP65H1ftpidNkZry4suORWYbOwAA0KPRWdPvLAQAAIA+/Ru6AIZRxPNW5nErcJKaZnvv81kPAAAAeIeKoQsAAAAAOlfP/3s6/2/v/D8AAAAYRjr/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC5tq/Vis1zN2+bs9u3kGQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyxP+8oEAJhEAZ713cmc//DSoOmpiZVIHz8jcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMX+vKRACARBFMwZ/zvp+x9WEvQMIkRAw6OKWjQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMXO/bzGUcUBAP/OzM7WtooxSg4RUfCgF5tua2tv4kEJHvwThJBua+zWH20QW4qYizfJuRfRo4igxFv/h55b6KXeethDBc/KzM5kp23A9dfMNvl84M377jDM+75ZCPnOewkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtfFb0zgrDguTOK3O3bp/bb3obz/UF25s31kuWhEnbSb9eHih+SFZioij3SUDAADAwZDV9X1E3M13Vos+XSjr/7y+pqj5v31qElf1/Gd1yfpw/V/X/kX75ed7z+0OtDAZp7jpuY3R8PijqfT+rznOu6f/8ope+eTLdy9Z+YWk7249O87L55l8ffPm2/0yPNRGtgDAP3Gs7qug/n2o6AddJgbAgdFrFN51/Z8tdJsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQBvGW3G0jpOIWO5N48Lt+9fW9+pvbN9Zrtvp69e348vpPYtb5BFxbmM0PN7qbObb5StXL6yNRsNL7QcvRkRXo79ZTf/C+zNcHNHJ8xH8R0Fafdnzks/jEXT4QwkAgH0pr1pR19/Nd1aLc8lixB/fPVj/v9KIY8b6/94Hp281x2rW/4PWZjj/VjYvfrJy+crV1zYurp0fnh9+9PqJwRuDk2dOnTqzUr4rWfHGBAAAgH+nX7Vm/Z8uPrr+f6QRx4z1/6ffDL5ojpWp//c0XfTrOhMAAICD7ZmXfv8t2eN80u/H52ubm5cGk+Pu5xOTYwep/m2Hqtas/7PFrrMCAAAA2jDeSh5Y/z/biGPG9f8nv3/+x+Y9s4g4XK3/H1v/eHS2venMtTb+nLjrOQIAANCtw1Vrrv/n5f7/dHfLQxoRr748iat/AzhT/Z+989UPzbGa+/9PtjfFuZQuTZ5H2S9F9Ja6zggAAID97ImqFcX+r/nO6oc/HXmvb/8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQNv+DAAA///fxzxy")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0x8004587d, 0x0)
getdents64(r0, 0x0, 0x0)

1.348765385s ago: executing program 9 (id=1804):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_PEER_MEASUREMENT_START(r1, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000440)={0x1c, r2, 0x1, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x4000000)

1.151904424s ago: executing program 2 (id=1805):
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
writev(r0, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1)
syz_io_uring_setup(0x3, &(0x7f0000000580)={0x0, 0xe7b7, 0x13500, 0x0, 0xfffffffd}, &(0x7f0000000240), &(0x7f0000001880))

1.064318266s ago: executing program 9 (id=1806):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000009900000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
r2 = memfd_secret(0x80000)
close(r2)

868.456932ms ago: executing program 9 (id=1807):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c983885c93ea4ab4ca1e02d831ae162ee104"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffffffffffff27, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x41)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$wireguard(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000680)=ANY=[@ANYBLOB="c8010000", @ANYRES16=r2, @ANYBLOB="0100000000000000000001000000060006000300000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb5426c010880f4000080060005000180000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff240002001bc715ee4868b12a49f4df11bc05475489f6a27c4d6483ad2fa5e45903b0ce851400040002000000ac1414aa00000000000000008c00098028000080060001000a00000014000200ff020000000000000000000000000001050003000000000028000080060001000a000000140002000000000000000000000000000000000105000300030000001c000080060001000200da0008000200e000000105000300000000001c000080060001000200000008000200ac141400050003000000000074000080200004000a004e2200000000fc0000000000000000000000000000000400000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff080003000100000024000200cde20bc0d9b90ac13642d7b66459dd9db5e20b4b16d3d23f2cb03a8aa417dce6080007000000000014000200776730"], 0x1c8}}, 0x0)

830.133267ms ago: executing program 5 (id=1808):
setreuid(0xffffffffffffffff, 0xee01)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000020000006b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

568.464319ms ago: executing program 5 (id=1809):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000000000), 0x4)
setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, &(0x7f0000000080)={@empty, @empty, 0x1, "90fc37852a192ea1b376efee14a7aa1c3009929129c42d06f5e30377f2428d08", 0x2c0b, 0x6, 0x4, 0x400}, 0x3c)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r1, 0xffffffffffffffff, 0x0)

565.034611ms ago: executing program 9 (id=1811):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpu.stat\x00', 0x26e1, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000000)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x0, 0x0, @private0}], 0x2c)
ioctl$SIOCSIFHWADDR(r0, 0x8b19, &(0x7f0000000000)={'wlan0\x00', @random="7cd6e9709eb0"})

405.865708ms ago: executing program 5 (id=1812):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f00000005c0)={'#! ', './bus'}, 0x9)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_SERVICES(r1, 0x0, 0x482, &(0x7f0000001640)=""/139, &(0x7f0000000100)=0x8)

299.685368ms ago: executing program 9 (id=1813):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0xb)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2fffffffd}, 0xc)
close(r0)

218.960169ms ago: executing program 5 (id=1814):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
write$sndseq(r1, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38)
write$sndseq(r1, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"448cc880fe353ca0f2c2e953"}}], 0xa8)

109.502974ms ago: executing program 6 (id=1815):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = getpgid(0x0)
setreuid(0xffffffffffffffff, 0xee01)
fcntl$setownex(r1, 0xf, &(0x7f0000000140)={0x2, r2})
sendmmsg$unix(r0, &(0x7f0000006c40)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="11", 0x1}], 0x1}}], 0x1, 0x40015)

48.239356ms ago: executing program 9 (id=1816):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x73cea2d47785b264, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000040)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0600000004000000ff0f00000a"], 0x50)

27.258423ms ago: executing program 5 (id=1817):
syz_mount_image$udf(&(0x7f00000002c0), &(0x7f0000000080)='./file0\x00', 0xa04091, &(0x7f0000002440)=ANY=[], 0xff, 0xc0c, &(0x7f0000000300)="$eJzs3V9sHVdaAPDvjO3YSdHupduk3aVa3RapG7JssJ1t08or0VBjsWy2NXW8C5SH3sROuMS5vrKdblrBbnjqA0iYReKFRUJCiyoeVkZoH+BpkZB4tdC+IaSwLKUIId2HrfqCajRzz42vHacJdRznz+8nJd/cme/MnDlnMjN3zh0lAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICIX/rlU6Njab9rAQDcTS/PvDo67voPAA+VM77/AwAAAAAAAAAAAADAvS5FEe9Fim882UmvV5+7Rk43W5evzE5O7VzsYKpKDlT55Z+RsfETX3z2uZPP9+JHl7/TPh2vzJw5VX9p8VJ7aX55eX6uPttqnlucm7/tNey2/HbHqgaoX7p4ee78+eX6+PETWxZfqb07/MiR2sTJsdcO93JnJ6emZvpyBoc+9tZvcLM3PA5EEecjxcV33kuNiChi921xi2Nnrx2sduJYtROzk1PVjiw0G62VcuF0ryGKiFpfoRd7bXQX+mJX6hFXy+qXFT5W7t5Mu7HUOLswX59uLK00V5qLrenUrW2q0ot4PkW0I6IzfOPqhqKIb0aKt7/TSWcjYqDXDp+vXgy+dX2KPdjH2zAYEbWhiPXiPuize9hwFPG9SPHtb43GudyuVbM9E/HVMh6JuFzGaxGrZfxsRCoPkMci3t/heOL+MhhF/EGk+MlEJ831+r46r5z+Wv3LrfOLfbm988p9f324m+7xc9NIFNGozvid9PFvdgAAAAAAuPcU8ceR4qkfHk3t6B9TbLYu1M80zi50nwr3nv3Xc6mNjY2NWurG0Rync2znuJrjWo7rZYzNFdSKXD7H6RzbOa7muJbjeo6dHGsDuXyO0zm2c1zNcS3H9Rw7OdYGc/kcpwerml1t58+rOa7luJ5jZ3A/+gkAAAAAAAAAbu5gFPH1SPHML7xRvVcc1Xvpn5w4+erxX+1/Z/yJW6ynzD0eEWvF7b2TeyC/OjydplPap3eI6b7/93v5/b/f3+/KAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+6qIIp6OFG98v5MiRUQ94vXoxmvD+107AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgThhJRbwfKf70KyPV5/Ui4jcj4sONDzci4tqHG3fafu8xAAAAAAAAADyAUhFvRoqnX+2kWkRcqb07/MiR2sTJsdcOD8RApDKlP/+VmTOn6i8tXmovzS8vz8/VZ1vNc4tz87e7uZHTzdblK7OTU3uyM7d0cI/rf3DkpcX2m0vNC7+9suPyQyOnzi6vLDXO7bw4DkYRUe+fc6yq8OzkVFXphWajVRWdTrdbYwAAAAAAAAAeBkOpiA8jxdt/9c71cefB7pj/4Pbc734posjTk3n8+fowdPW7gU9UvxvoTn9y4uSvjX+mf3rHIetj1YB6fXZyamqmb/bg0I2pI3m7o7vbZfqU/b8SKf7wz+vpqTxva/8PXM/97u9u9vfV7Su6SZ//P/p/S4/3+v+n++aV20ypiL+JFD/z60/EU1U9D8UNv5nIeV+JFL+x9mTOiwNl3tN5+aPV3yPnmwvzo2XulUjxD5e35j6Tcz+1mTt2u+16vyj7/+lI8d+/tXa9bXL/5x7Y7LX+/v/M9qNj9/2/47//R/vm1fJ2f/bO7DoRsfzmWxcbCwvzSw/jxMC9UQ0TJnaeiKv7t/X9PjNxN5TX/69Hir//k3+5fr+Tr/8/FdVt1eb93wff3Lz+T2xf0R5d/z/VN28i340MDUaMrFxqDz0eMbL85ltfaF5qXJi/MN86cfKF58ZHXxgbPTF0oHdztzm1fcs3fL95GJX9/zuR4ns/+uv4XJ639f5v5/v/Q9tXtEf9/1jfvENb7ld2vevk/v/fSPFPkz+Io3neR93/977/H8034dfvz/eo/w/3zau+430i4uf65h09HPHAfSkDAACAOyylIn6Qx1NHbzGe+o+R4q3/+vmcl46UeS/m5bXq75GXF1tfOLWwsHiusdI4uzBfn2k3zs2XZX8cKTp/+WQuW1Tjq73x5u4Y7+ZY7D9Hihd+pZfbHYvtPZt6bDN3rMw9Hin+6OWtub3nGIc3c8fL3H+NFGOv7Zx7ZDP3RJn7n5Higz+r93IPlblfyrmPb+YeP7e4MLcH3QIAAAAAALsylIp4LlL83YnB1Hu+fTu//7zhofce/f7v8b55c3fpfZVdNyoA3OPK6//R8qr+i39xfSx/6/V/8z2Z/uv/dv3/b8DNpj/O9b92Z3YTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4KGToojFSPGNJzvp2nD5uWvkdLN1+crs5NTOxQ6mquRAlV/+GRkbP/HFZ587+XwvfnT5O+3T8crMmVP1lxYvtZfml5fn5+qzrea5xbn5217Dbstvd6xqgPqli5fnzp+PGD9+YsviK7V3hx85Ups4Ofba4V7u7OTU1ExfzuDQx976DXr9WmybfyCK+J9IcfGd99K/Deflu2yLWxw7e+1gFPG3EVHuxOzkVLUjC81Ga6VcON3XELW+Qi/22ugu9MWu1COultUvK3ys3L2ZdmOpcXZhvj7dWFpprjQXW9OpW9tUpRfxfIpoR0Rn+MbVDUURQ5Hi7e900o+GIwZ67fD5l2deHR2/SSVGNie3H1B3yWBE1IYi1ov7oM/uYcNRxLOR4tvfGo1/H+62a9Vsz0R8tYxHIi6X8VrEahk/G5HKA+SxiPd3OJ64vwxGEY9Gip9MdNKPh3PfV+eV01+rf7l1frEvt3deue+vD3fTPX5uGoki3qvO+J30H/49AwAAAAA8QIp4IlI89cOjqRofvD6m2GxdqJ9pnF3oPtbvPfuv51IbGxsbtdSNozlO59jOcTXHtRzXc+zkWCty+Rync2znuJrjWo7rOXZyrA3k8jlO59jOcTXHtRzXc+zkWBvM5XOczrGd42qOazmu59gZ3M/+AgAAAAAAANhZEUV8LlK88f1O2hjuDvC+Ht14zftAD7z/CwAA//9v9lF3")
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
r1 = fspick(r0, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0)

0s ago: executing program 8 (id=1818):
r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL802154_CMD_GET_WPAN_PHY(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x14, r0, 0x7d243a6ea807936d, 0x12, 0x25dfdbf8}, 0x14}, 0x1, 0x0, 0x0, 0x48891}, 0x880)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000200), r1)

kernel console output (not intermixed with test programs):

4] usb 10-1: SerialNumber: syz
[  269.760453][ T5894] usb 10-1: config 0 descriptor??
[  269.769665][ T8799] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  269.886253][ T5893] input: syz as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.21/input/input26
[  269.942320][ T8799] EXT4-fs error (device loop6): ext4_validate_block_bitmap:440: comm syz.6.1016: bg 0: block 234: padding at end of block bitmap is not set
[  269.992447][ T8799] EXT4-fs (loop6): Remounting filesystem read-only
[  270.189329][    T9] usb 6-1: USB disconnect, device number 7
[  270.189629][    C1] keyspan_remote 6-1:0.21: keyspan_irq_recv - usb_submit_urb failed with result: -19
[  270.285122][ T6180] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  270.432597][ T5894] appletouch 10-1:0.85: Geyser mode initialized.
[  270.460906][ T5894] input: appletouch as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.85/input/input27
[  270.546616][ T5893] IPVS: starting estimator thread 0...
[  270.562372][ T8815] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[  270.662268][ T8819] IPVS: using max 20 ests per chain, 48000 per kthread
[  270.689285][ T5894] usb 10-1: USB disconnect, device number 4
[  270.721557][ T5894] appletouch 10-1:0.85: input: appletouch disconnected
[  270.928551][ T8823] loop6: detected capacity change from 0 to 512
[  270.940414][ T8823] EXT4-fs (loop6): external journal device major/minor numbers have changed
[  271.140049][ T8823] block device autoloading is deprecated and will be removed.
[  271.176055][ T8823] syz.6.1023: attempt to access beyond end of device
[  271.176055][ T8823] md185: rw=0, sector=2, nr_sectors = 2 limit=0
[  271.199314][ T8823] EXT4-fs (loop6): couldn't read superblock of external journal
[  271.862196][ T5894] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  272.032481][ T5894] usb 2-1: Using ep0 maxpacket: 32
[  272.053586][ T8852] loop8: detected capacity change from 0 to 2048
[  272.054209][ T5894] usb 2-1: config 0 interface 0 has no altsetting 0
[  272.100810][ T5894] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  272.123158][ T5894] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  272.149788][ T5894] usb 2-1: Product: syz
[  272.155519][ T8852] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  272.162205][ T5894] usb 2-1: Manufacturer: syz
[  272.182095][ T5894] usb 2-1: SerialNumber: syz
[  272.190164][ T5894] usb 2-1: config 0 descriptor??
[  272.428590][ T8852] EXT4-fs error (device loop8): ext4_validate_block_bitmap:440: comm syz.8.1035: bg 0: block 234: padding at end of block bitmap is not set
[  272.482279][ T8852] EXT4-fs (loop8): Remounting filesystem read-only
[  272.651804][ T5894] gs_usb 2-1:0.0: Configuring for 1 interfaces
[  272.727487][ T8849] loop9: detected capacity change from 0 to 32768
[  272.739979][ T8849] XFS: ikeep mount option is deprecated.
[  272.740319][ T6910] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  272.747093][ T8849] XFS: noikeep mount option is deprecated.
[  272.823645][ T8849] XFS (loop9): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  272.976533][ T8849] XFS (loop9): Ending clean mount
[  273.009610][ T8849] XFS (loop9): Quotacheck needed: Please wait.
[  273.146501][ T8849] XFS (loop9): Quotacheck: Done.
[  273.261028][ T5894] gs_usb 2-1:0.0: Couldn't get extended bit timing const for channel 0 (-EPROTO)
[  273.290657][ T5894] gs_usb 2-1:0.0: probe with driver gs_usb failed with error -71
[  273.331945][ T5894] usb 2-1: USB disconnect, device number 5
[  273.350711][ T7364] XFS (loop9): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  273.552415][   T24] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  273.725001][   T24] usb 6-1: Using ep0 maxpacket: 32
[  273.747356][   T24] usb 6-1: config 0 has an invalid interface number: 85 but max is 0
[  273.765387][   T24] usb 6-1: config 0 has no interface number 0
[  273.775531][   T24] usb 6-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  273.796982][   T24] usb 6-1: config 0 interface 85 has no altsetting 0
[  273.820093][   T24] usb 6-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  273.839453][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  273.872221][   T24] usb 6-1: Product: syz
[  273.876410][   T24] usb 6-1: Manufacturer: syz
[  273.881022][   T24] usb 6-1: SerialNumber: syz
[  273.925676][   T24] usb 6-1: config 0 descriptor??
[  274.083649][ T8896] loop9: detected capacity change from 0 to 512
[  274.100466][ T8896] EXT4-fs (loop9): external journal device major/minor numbers have changed
[  274.131158][ T5894] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  274.140297][ T8896] syz.9.1061: attempt to access beyond end of device
[  274.140297][ T8896] md185: rw=0, sector=2, nr_sectors = 2 limit=0
[  274.183940][ T8896] EXT4-fs (loop9): couldn't read superblock of external journal
[  274.325329][ T5894] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  274.366074][ T5894] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  274.415710][ T5894] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  274.462622][ T5894] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  274.471738][ T5894] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  274.533486][ T5894] usb 7-1: config 0 descriptor??
[  274.583128][   T24] appletouch 6-1:0.85: Geyser mode initialized.
[  274.591920][   T24] input: appletouch as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.85/input/input28
[  274.849287][    T9] usb 6-1: USB disconnect, device number 8
[  274.855230][    C0] appletouch 6-1:0.85: atp_complete: usb_submit_urb failed with result -19
[  274.921250][    T9] appletouch 6-1:0.85: input: appletouch disconnected
[  274.991179][ T5894] plantronics 0003:047F:FFFF.0017: No inputs registered, leaving
[  275.030542][ T5894] plantronics 0003:047F:FFFF.0017: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[  275.107184][ T8916] loop8: detected capacity change from 0 to 2048
[  275.138353][ T8916] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  275.195685][ T8920] EXT4-fs error (device loop8): ext4_mb_generate_buddy:1217: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  275.225812][ T6910] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  275.256168][ T5914] usb 7-1: USB disconnect, device number 9
[  276.111351][ T8929] loop9: detected capacity change from 0 to 2048
[  276.169381][ T8926] loop8: detected capacity change from 0 to 32768
[  276.245089][ T8929] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  276.296405][ T8926] JBD2: Ignoring recovery information on journal
[  276.379506][ T8929] EXT4-fs error (device loop9): ext4_validate_block_bitmap:440: comm syz.9.1062: bg 0: block 234: padding at end of block bitmap is not set
[  276.402181][ T8929] EXT4-fs (loop9): Remounting filesystem read-only
[  276.464492][ T8926] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode.
[  276.550638][ T8941] loop6: detected capacity change from 0 to 4096
[  276.642802][ T8949] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  276.747400][ T7364] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  276.777969][ T6910] ocfs2: Unmounting device (7,8) on (node local)
[  277.247057][ T8961] loop9: detected capacity change from 0 to 128
[  277.313091][ T8961] EXT4-fs: Ignoring removed nobh option
[  277.376250][ T8961] EXT4-fs (loop9): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  277.402762][ T8961] ext4 filesystem being mounted at /101/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  277.440294][ T8969] loop8: detected capacity change from 0 to 1024
[  277.448024][ T8969] EXT4-fs: Ignoring removed nobh option
[  277.453837][ T8969] EXT4-fs: Ignoring removed orlov option
[  277.526202][ T8969] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  277.619698][ T8969] EXT4-fs error (device loop8): ext4_validate_block_bitmap:440: comm syz.8.1070: bg 0: block 385: padding at end of block bitmap is not set
[  277.644615][ T8975] overlayfs: invalid origin (00000079000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000)
[  277.674811][ T8969] EXT4-fs (loop8): Remounting filesystem read-only
[  277.685302][ T7364] EXT4-fs (loop9): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  277.845575][ T6910] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  277.978430][ T8985] loop6: detected capacity change from 0 to 1024
[  277.994466][ T8985] EXT4-fs (loop6): Test dummy encryption mode enabled
[  278.028634][ T8985] EXT4-fs (loop6): stripe (9) is not aligned with cluster size (16), stripe is disabled
[  278.066189][ T8987] loop8: detected capacity change from 0 to 512
[  278.080353][ T8985] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  278.081441][ T8987] EXT4-fs (loop8): external journal device major/minor numbers have changed
[  278.119654][ T5848] Bluetooth: hci6: Malformed Event: 0x13
[  278.153782][ T8987] syz.8.1086: attempt to access beyond end of device
[  278.153782][ T8987] md185: rw=0, sector=2, nr_sectors = 2 limit=0
[  278.175123][ T8987] EXT4-fs (loop8): couldn't read superblock of external journal
[  278.183034][ T5894] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[  278.264715][ T6180] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  278.372916][ T5894] usb 10-1: Using ep0 maxpacket: 16
[  278.394196][ T5894] usb 10-1: config 0 has an invalid interface number: 8 but max is 0
[  278.428446][ T5894] usb 10-1: config 0 has no interface number 0
[  278.442339][ T5894] usb 10-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  278.470513][ T5894] usb 10-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  278.497999][ T5894] usb 10-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  278.517325][ T5894] usb 10-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  278.526867][ T5894] usb 10-1: Product: syz
[  278.531144][ T5894] usb 10-1: SerialNumber: syz
[  278.546934][ T5894] usb 10-1: config 0 descriptor??
[  278.561561][ T5894] cm109 10-1:0.8: invalid payload size 0, expected 4
[  278.578292][ T5894] input: CM109 USB driver as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.8/input/input29
[  278.876568][    C0] cm109 10-1:0.8: cm109_urb_ctl_callback: urb status -71
[  278.877767][   T24] usb 10-1: USB disconnect, device number 5
[  278.883656][    C0] cm109 10-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  278.947977][   T24] cm109 10-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  279.011201][ T9011] netlink: 'syz.8.1097': attribute type 1 has an invalid length.
[  279.240011][ T9015] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci6/hci6:200/input30
[  279.473601][ T8997] loop5: detected capacity change from 0 to 32768
[  279.484901][ T8997] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1091 (8997)
[  279.511690][ T8997] BTRFS info (device loop5): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  279.521916][    T9] usb 3-1: new full-speed USB device number 10 using dummy_hcd
[  279.548902][ T8997] BTRFS info (device loop5): using blake2b (blake2b-256-generic) checksum algorithm
[  279.576371][ T8997] BTRFS info (device loop5): using free-space-tree
[  279.714641][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  279.729096][    T9] usb 3-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00
[  279.792261][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  279.824310][    T9] usb 3-1: config 0 descriptor??
[  280.025265][ T7414] BTRFS info (device loop5): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  280.273839][    T9] holtek 0003:1241:5015.0018: invalid report_size 23041
[  280.295219][    T9] holtek 0003:1241:5015.0018: item 0 2 1 7 parsing failed
[  280.313585][    T9] holtek 0003:1241:5015.0018: parse failed
[  280.340725][    T9] holtek 0003:1241:5015.0018: probe with driver holtek failed with error -22
[  280.405576][ T5894] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  280.526635][    T9] usb 3-1: USB disconnect, device number 10
[  280.583133][ T5894] usb 2-1: Using ep0 maxpacket: 16
[  280.617636][ T5894] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  280.643099][ T5894] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  280.663993][ T5894] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  280.705514][ T5894] usb 2-1: config 0 descriptor??
[  281.139168][ T5894] mcp2221 0003:04D8:00DD.0019: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0
[  281.572947][ T5914] usb 2-1: USB disconnect, device number 6
[  282.567130][ T5894] kernel read not supported for file /sequencer (pid: 5894 comm: kworker/0:4)
[  282.950566][   T30] kauditd_printk_skb: 2 callbacks suppressed
[  282.950592][   T30] audit: type=1326 audit(1748486513.179:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9103 comm="syz.5.1134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f824c38e969 code=0x7fc00000
[  282.979199][    C0] vkms_vblank_simulate: vblank timer overrun
[  283.064893][   T30] audit: type=1326 audit(1748486513.179:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9103 comm="syz.5.1134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f824c38e969 code=0x7fc00000
[  283.129178][   T30] audit: type=1326 audit(1748486513.179:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9103 comm="syz.5.1134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f824c38e969 code=0x7fc00000
[  283.175842][   T30] audit: type=1326 audit(1748486513.179:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9103 comm="syz.5.1134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f824c38e969 code=0x7fc00000
[  283.198111][    C0] vkms_vblank_simulate: vblank timer overrun
[  283.292280][   T30] audit: type=1326 audit(1748486513.179:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9103 comm="syz.5.1134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f824c38e969 code=0x7fc00000
[  283.314556][    C0] vkms_vblank_simulate: vblank timer overrun
[  283.372298][   T30] audit: type=1326 audit(1748486513.179:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9103 comm="syz.5.1134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f824c38e969 code=0x7fc00000
[  283.441395][   T30] audit: type=1326 audit(1748486513.219:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9103 comm="syz.5.1134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f824c38e969 code=0x7fc00000
[  283.463677][    C0] vkms_vblank_simulate: vblank timer overrun
[  283.478121][    T9] IPVS: starting estimator thread 0...
[  283.482781][ T9113] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  283.561608][   T30] audit: type=1326 audit(1748486513.219:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9103 comm="syz.5.1134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f824c38e969 code=0x7fc00000
[  283.583912][    C0] vkms_vblank_simulate: vblank timer overrun
[  283.597774][ T9119] IPVS: using max 21 ests per chain, 50400 per kthread
[  283.650996][   T30] audit: type=1326 audit(1748486513.219:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9103 comm="syz.5.1134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f824c38e969 code=0x7fc00000
[  283.741506][   T30] audit: type=1326 audit(1748486513.219:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9103 comm="syz.5.1134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f824c38e969 code=0x7fc00000
[  283.763812][    C0] vkms_vblank_simulate: vblank timer overrun
[  283.772483][   T24] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[  283.945651][   T24] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  283.972741][   T24] usb 9-1: New USB device found, idVendor=258a, idProduct=6a88, bcdDevice= 0.00
[  283.997615][   T24] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  284.030802][   T24] usb 9-1: config 0 descriptor??
[  284.078253][ T9131] loop5: detected capacity change from 0 to 2048
[  284.138128][ T9131] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  284.212147][ T5894] usb 10-1: new full-speed USB device number 6 using dummy_hcd
[  284.294086][ T9131] EXT4-fs error (device loop5): ext4_validate_block_bitmap:440: comm syz.5.1145: bg 0: block 234: padding at end of block bitmap is not set
[  284.332597][ T9131] EXT4-fs (loop5): Remounting filesystem read-only
[  284.364773][ T5894] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  284.396396][ T5894] usb 10-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00
[  284.445972][ T5894] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  284.482697][ T5894] usb 10-1: config 0 descriptor??
[  284.506629][   T24] itetech 0003:258A:6A88.001A: ignoring exceeding usage max
[  284.529361][   T24] itetech 0003:258A:6A88.001A: ignoring exceeding usage max
[  284.565342][   T24] itetech 0003:258A:6A88.001A: hidraw0: USB HID v0.00 Device [HID 258a:6a88] on usb-dummy_hcd.8-1/input0
[  284.674811][ T7414] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  284.719908][ T5895] usb 9-1: USB disconnect, device number 9
[  284.822643][ T9143] netlink: 11 bytes leftover after parsing attributes in process `syz.1.1148'.
[  284.918949][ T5894] holtek 0003:1241:5015.001B: invalid report_size 23041
[  284.941033][ T5894] holtek 0003:1241:5015.001B: item 0 2 1 7 parsing failed
[  284.961087][ T5894] holtek 0003:1241:5015.001B: parse failed
[  284.986617][ T5894] holtek 0003:1241:5015.001B: probe with driver holtek failed with error -22
[  285.158259][ T5894] usb 10-1: USB disconnect, device number 6
[  286.181200][ T9146] loop5: detected capacity change from 0 to 32768
[  286.249399][ T9167] loop8: detected capacity change from 0 to 4096
[  286.281180][ T9167] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  286.299159][ T9146] ERROR: (device loop5): dtSearch: DT_GETPAGE: dtree page corrupt
[  286.299159][ T9146] 
[  286.313082][ T9146] ERROR: (device loop5): remounting filesystem as read-only
[  286.339893][ T9146] jfs_lookup: dtSearch returned -5
[  286.366609][ T9146] ERROR: (device loop5): jfs_readdir: DT_GETPAGE: dtree page corrupt
[  286.366609][ T9146] 
[  286.487555][ T6910] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  286.895527][ T9180] loop9: detected capacity change from 0 to 32768
[  286.917033][ T9182] loop8: detected capacity change from 0 to 4096
[  287.026979][ T9180] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): Using encoding defined by superblock: utf8-12.1.0
[  287.064025][ T9180] bcachefs (loop9): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=gzip,erasure_code,norecovery,nojournal_transaction_names,nocow
[  287.064025][ T9180]   allowing incompatible features above 0.0: (unknown version)
[  287.089522][ T9180] bcachefs (loop9): recovering from clean shutdown, journal seq 10
[  287.097860][ T9180] bcachefs (loop9): Version upgrade required:
[  287.097860][ T9180] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  287.097860][ T9180] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.25: extent_flags
[  287.097860][ T9180]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance
[  287.180551][ T9180] bcachefs (loop9): bcachefs (loop9): error validating btree node at btree alloc level 0/0
[  287.180581][ T9180]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0
[  287.180613][ T9180]   node offset 8/24 bset u64s 375 bset byte offset 184: keys out of order: u64s 11 type alloc_v4 0:32:0 len 0 ver 0 > u64s 11 type alloc_v4 0:2:0 len 0 ver 0, fixing
[  287.221258][ T1152] ntfs3(loop8): ino=5, mi_enum_attr
[  287.228062][ T9180] bcachefs (loop9): btree_node_read_work: rewriting btree node at due to error
[  287.228062][ T9180]   btree=alloc level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0
[  287.262217][ T9180] bcachefs (loop9): running explicit recovery pass check_topology (2), currently at recovery_pass_empty (0)
[  287.273951][ T9180] bcachefs (loop9): bcachefs (loop9): error validating btree node on loop9 at btree freespace level 0/0
[  287.273986][ T9180]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key 0:3703155162349568:0 durability: 1 ptr: 0:29:0 gen 0
[  287.274019][ T9180]   node offset 0/32: incorrect min_key: got POS_MIN should be 0:3703155162349568:0, btree topology error: 
[  287.313213][ T9180] bcachefs (loop9): flagging btree freespace lost data
[  287.322742][ T9180] bcachefs (loop9): error reading btree root btree=freespace level=0: btree_node_read_error, fixing
[  287.337303][ T9180] bcachefs (loop9): check_topology... done
[  287.343745][ T9180] bcachefs (loop9): accounting_read... done
[  287.350776][ T9180] bcachefs (loop9): alloc_read... done
[  287.356444][ T9180] bcachefs (loop9): snapshots_read... done
[  287.362550][ T9180] bcachefs (loop9): Fixed errors, running fsck a second time to verify fs is clean
[  287.373364][ T9180] bcachefs (loop9): done starting filesystem
[  287.521570][ T7364] bcachefs (loop9): shutting down
[  287.676744][ T7364] bcachefs (loop9): shutdown complete
[  287.705044][ T9201] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1172'.
[  287.832310][ T5894] usb 7-1: new full-speed USB device number 10 using dummy_hcd
[  288.006859][ T5894] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  288.021146][ T5894] usb 7-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00
[  288.030586][ T5894] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  288.059414][ T5894] usb 7-1: config 0 descriptor??
[  288.232093][    T9] usb 3-1: new full-speed USB device number 11 using dummy_hcd
[  288.381461][ T9212] loop5: detected capacity change from 0 to 2048
[  288.414622][    T9] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  288.421780][ T9197] loop8: detected capacity change from 0 to 32768
[  288.432083][    T9] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  288.457667][ T9197] XFS: attr2 mount option is deprecated.
[  288.462212][    T9] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  288.472699][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  288.476797][ T9212] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  288.512383][ T5894] holtek 0003:1241:5015.001C: invalid report_size 23041
[  288.529452][ T9197] XFS (loop8): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  288.529647][ T5894] holtek 0003:1241:5015.001C: item 0 2 1 7 parsing failed
[  288.552567][ T5894] holtek 0003:1241:5015.001C: parse failed
[  288.558667][ T5894] holtek 0003:1241:5015.001C: probe with driver holtek failed with error -22
[  288.626437][ T7414] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  288.679905][ T9197] XFS (loop8): Ending clean mount
[  288.718002][    T9] usb 3-1: usb_control_msg returned -32
[  288.728503][ T9197] XFS (loop8): Quotacheck needed: Please wait.
[  288.748983][    T9] usbtmc 3-1:16.0: can't read capabilities
[  288.805140][ T5893] usb 7-1: USB disconnect, device number 10
[  288.834647][ T9197] XFS (loop8): Quotacheck: Done.
[  289.277180][ T6910] XFS (loop8): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  289.512537][    T9] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  289.672288][    T9] usb 6-1: Using ep0 maxpacket: 32
[  289.694337][    T9] usb 6-1: config 0 has an invalid interface number: 184 but max is 0
[  289.722149][    T9] usb 6-1: config 0 has no interface number 0
[  289.728274][    T9] usb 6-1: config 0 interface 184 has no altsetting 0
[  289.765228][    T9] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  289.792059][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  289.810483][    T9] usb 6-1: Product: syz
[  289.820440][    T9] usb 6-1: Manufacturer: syz
[  289.830549][    T9] usb 6-1: SerialNumber: syz
[  289.844035][    T9] usb 6-1: config 0 descriptor??
[  289.866318][    T9] smsc75xx v1.0.0
[  289.869992][    T9] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  289.925464][    T9] smsc75xx 6-1:0.184: probe with driver smsc75xx failed with error -22
[  290.001717][ T9243] loop8: detected capacity change from 0 to 256
[  290.036623][ T9243] exFAT-fs (loop8): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  290.072118][ T9243] exFAT-fs (loop8): Medium has reported failures. Some data may be lost.
[  290.082308][ T5894] usb 6-1: USB disconnect, device number 9
[  290.111745][ T9243] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d)
[  290.417438][ T9247] loop9: detected capacity change from 0 to 2048
[  290.498983][ T9247] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  290.674290][ T9247] EXT4-fs error (device loop9): ext4_validate_block_bitmap:440: comm syz.9.1167: bg 0: block 234: padding at end of block bitmap is not set
[  290.692484][ T9256] loop6: detected capacity change from 0 to 1024
[  290.723285][ T9247] EXT4-fs (loop9): Remounting filesystem read-only
[  290.756322][ T9256] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  290.795270][ T9256] ext4 filesystem being mounted at /154/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  290.914445][ T7364] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  290.989477][ T5848] Bluetooth: hci4: Malformed Event: 0x13
[  291.138217][ T6180] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  291.161196][ T5914] usb 3-1: USB disconnect, device number 11
[  291.317714][ T9273] overlayfs: invalid origin (00000079000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000)
[  291.474811][ T9275] loop6: detected capacity change from 0 to 1024
[  291.522839][ T9275] EXT4-fs: Ignoring removed nobh option
[  291.528526][ T9275] EXT4-fs: Ignoring removed orlov option
[  291.611668][ T9275] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  291.671620][ T9284] netlink: 'syz.2.1200': attribute type 1 has an invalid length.
[  291.716993][ T9275] EXT4-fs error (device loop6): ext4_validate_block_bitmap:440: comm syz.6.1198: bg 0: block 385: padding at end of block bitmap is not set
[  291.739198][ T9275] EXT4-fs (loop6): Remounting filesystem read-only
[  291.849385][ T6180] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  292.167124][ T9298] hub 9-0:1.0: USB hub found
[  292.185597][ T9298] hub 9-0:1.0: 1 port detected
[  292.205450][ T9300] loop5: detected capacity change from 0 to 1024
[  292.265191][ T9300] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  292.316734][ T9300] ext4 filesystem being mounted at /106/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  292.593097][ T7414] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  292.833761][ T9314] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci6/hci6:200/input31
[  293.024112][ T9296] loop6: detected capacity change from 0 to 32768
[  293.096599][ T9296] JBD2: Ignoring recovery information on journal
[  293.199743][ T9296] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  293.724577][ T6180] ocfs2: Unmounting device (7,6) on (node local)
[  293.761053][ T9334] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  293.797937][ T9334] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[  293.852070][ T9334] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  293.922540][ T9334] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[  294.799742][ T9350] loop5: detected capacity change from 0 to 128
[  294.859638][ T9350] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256
[  294.923255][ T9350] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  295.333498][ T9359] netlink: 4 bytes leftover after parsing attributes in process `syz.9.1232'.
[  296.286254][ T9378] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  296.314932][ T9378] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[  296.341653][ T9378] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  296.392235][ T9378] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[  296.696106][ T9389] loop6: detected capacity change from 0 to 64
[  296.774210][ T9391] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci6/hci6:200/input32
[  297.004499][ T9397] loop6: detected capacity change from 0 to 128
[  297.005842][ T9373] loop9: detected capacity change from 0 to 32768
[  297.069499][ T9397] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  297.106292][ T9373] JBD2: Ignoring recovery information on journal
[  297.158457][ T9397] ext4 filesystem being mounted at /162/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  297.271600][ T9373] ocfs2: Mounting device (7,9) on (node local, slot 0) with ordered data mode.
[  297.472089][ T6180] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  297.635130][ T7364] ocfs2: Unmounting device (7,9) on (node local)
[  297.741395][ T9388] loop5: detected capacity change from 0 to 32768
[  297.796214][ T9388] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1244 (9388)
[  297.846726][ T9388] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  297.885810][ T9388] BTRFS info (device loop5): using sha256 (sha256-ni) checksum algorithm
[  297.914676][ T9388] BTRFS info (device loop5): disk space caching is enabled
[  297.942311][ T9388] BTRFS warning (device loop5): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  298.012363][    T9] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[  298.148981][ T9388] BTRFS info (device loop5): rebuilding free space tree
[  298.192089][    T9] usb 9-1: Using ep0 maxpacket: 16
[  298.199545][    T9] usb 9-1: config 0 has an invalid interface number: 1 but max is 0
[  298.207932][    T9] usb 9-1: config 0 has no interface number 0
[  298.220505][ T9388] BTRFS info (device loop5): disabling free space tree
[  298.220864][    T9] usb 9-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  298.246883][    T9] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  298.258022][ T9388] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  298.262370][    T9] usb 9-1: Product: syz
[  298.277076][    T9] usb 9-1: Manufacturer: syz
[  298.292076][    T9] usb 9-1: SerialNumber: syz
[  298.292220][ T9388] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  298.313224][    T9] usb 9-1: config 0 descriptor??
[  298.330773][    T9] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  298.432465][   T30] kauditd_printk_skb: 57 callbacks suppressed
[  298.432561][   T30] audit: type=1800 audit(1748486528.659:311): pid=9388 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1244" name="bus" dev="loop5" ino=263 res=0 errno=0
[  299.280957][ T7414] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  299.337781][    T9] gspca_spca1528: reg_w err -71
[  299.348993][    T9] spca1528 9-1:0.1: probe with driver spca1528 failed with error -71
[  299.370251][    T9] usb 9-1: USB disconnect, device number 10
[  299.701766][ T9444] syzkaller1: entered promiscuous mode
[  299.716228][ T9444] syzkaller1: entered allmulticast mode
[  300.134854][ T9453] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci6/hci6:200/input33
[  300.731019][ T9469] netlink: 27 bytes leftover after parsing attributes in process `syz.2.1271'.
[  301.361661][ T9459] loop5: detected capacity change from 0 to 32768
[  301.441625][ T9459] JBD2: Ignoring recovery information on journal
[  301.646778][ T9459] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  302.254927][ T7414] ocfs2: Unmounting device (7,5) on (node local)
[  302.439446][ T9488] loop9: detected capacity change from 0 to 65536
[  302.522953][ T9488] XFS (loop9): Mounting V5 Filesystem 6653b971-41ab-480a-bd7b-5ff79b9409b5
[  302.665238][ T9488] XFS (loop9): Ending clean mount
[  302.693753][ T9488] XFS (loop9): EXPERIMENTAL online shrink feature enabled.  Use at your own risk!
[  302.802378][ T7364] XFS (loop9): Unmounting Filesystem 6653b971-41ab-480a-bd7b-5ff79b9409b5
[  303.173152][ T9505] loop8: detected capacity change from 0 to 64
[  303.898836][ T9516] netlink: 27 bytes leftover after parsing attributes in process `syz.1.1302'.
[  304.567039][ T9507] loop5: detected capacity change from 0 to 32768
[  304.616565][ T9507] ocfs2: Slot 0 on device (7,5) was already allocated to this node!
[  304.658315][ T9535] binder: 9533:9535 ioctl c0306201 200000000540 returned -14
[  304.693565][ T9507] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  305.014081][ T9531] loop6: detected capacity change from 0 to 32768
[  305.063584][ T9531] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present!
[  305.099972][ T9542] syzkaller1: entered promiscuous mode
[  305.108382][ T9542] syzkaller1: entered allmulticast mode
[  305.113373][ T9531] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  305.133264][ T7414] ocfs2: Unmounting device (7,5) on (node local)
[  305.228573][ T9531] (syz.6.1295,9531,0):ocfs2_rename:1283 ERROR: status = -2
[  305.248386][ T9531] (syz.6.1295,9531,0):ocfs2_rename:1699 ERROR: status = -2
[  305.596374][ T9550] loop9: detected capacity change from 0 to 32768
[  305.603916][ T9550] btrfs: Deprecated parameter 'usebackuproot'
[  305.610039][ T9550] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  305.623211][ T9550] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop9 (7:9) scanned by syz.9.1304 (9550)
[  305.650703][ T9550] BTRFS info (device loop9): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  305.660957][ T9550] BTRFS info (device loop9): using sha256 (sha256-ni) checksum algorithm
[  305.669486][ T9550] BTRFS info (device loop9): using free-space-tree
[  305.692275][ T6180] ocfs2: Unmounting device (7,6) on (node local)
[  305.913385][ T9550] BTRFS info (device loop9): rebuilding free space tree
[  306.226524][ T9576] input: syz0 as /devices/virtual/input/input34
[  306.239581][ T9550] BTRFS warning (device loop9): failed to trim 1 device(s), last error -512
[  306.330445][ T7364] BTRFS info (device loop9): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  306.487735][ T9579] process 'syz.6.1305' launched './file1' with NULL argv: empty string added
[  306.802751][ T9589] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1314'.
[  307.693641][ T9611] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  307.856652][ T9605] loop5: detected capacity change from 0 to 8192
[  307.917714][ T9605] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  308.126767][ T9624] loop8: detected capacity change from 0 to 128
[  308.343799][ T9622] loop6: detected capacity change from 0 to 32768
[  308.365184][ T9624] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  308.412479][ T9624] ext4 filesystem being mounted at /164/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  308.413504][ T9622] XFS (loop6): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  308.514546][    T9] usb 10-1: new full-speed USB device number 7 using dummy_hcd
[  308.521134][ T9622] XFS (loop6): Ending clean mount
[  308.531398][ T9622] XFS (loop6): Metadata CRC error detected at xfs_inobt_read_verify+0x26/0xe0, xfs_finobt block 0x20 
[  308.547943][ T9622] XFS (loop6): Unmount and run xfs_repair
[  308.553767][ T9622] XFS (loop6): First 128 bytes of corrupted metadata buffer:
[  308.561170][ T9622] 00000000: 46 49 42 33 00 00 00 01 ff ff ff ff ff ff ff ff  FIB3............
[  308.570142][ T9622] 00000010: 00 00 00 00 00 00 00 20 00 00 00 01 00 00 00 40  ....... .......@
[  308.579310][ T9622] 00000020: 9f 1c ad 42 11 bd 4e 12 8f 0b f0 78 76 b8 1d 9a  ...B..N....xv...
[  308.588222][ T9622] 00000030: 00 00 00 00 8a d2 18 46 00 00 16 80 00 00 40 37  .......F......@7
[  308.597135][ T9622] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00  ................
[  308.606062][ T9622] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 09 00 00  ................
[  308.621934][ T9622] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  308.630857][ T9622] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  308.642704][ T9622] XFS (loop6): metadata I/O error in "xfs_btree_read_buf_block+0x23f/0x4f0" at daddr 0x20 len 8 error 74
[  308.655002][ T9622] XFS (loop6): Failed to initialize disk quotas, err -117.
[  308.676152][ T6910] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  309.631223][ T6180] XFS (loop6): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  309.662146][    T9] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  309.662630][ T6180] XFS (loop6): Uncorrected metadata errors detected; please run xfs_repair.
[  309.673225][    T9] usb 10-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  309.673270][    T9] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  309.733214][    T9] usb 10-1: config 0 descriptor??
[  309.743058][ T9626] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  310.182465][    T9] elan 0003:04F3:0755.001D: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.9-1/input0
[  310.347217][ T9670] loop8: detected capacity change from 0 to 256
[  310.363309][ T9670] exfat: Unknown parameter 'ÿÿÿÿÿÿÿÿ0x0000000000000000'
[  310.376218][ T5894] usb 10-1: USB disconnect, device number 7
[  310.512085][    T9] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  310.682529][    T9] usb 7-1: Using ep0 maxpacket: 32
[  310.699592][    T9] usb 7-1: config 0 has an invalid interface number: 153 but max is 0
[  310.722042][    T9] usb 7-1: config 0 has no interface number 0
[  310.742050][    T9] usb 7-1: New USB device found, idVendor=1199, idProduct=6852, bcdDevice=6c.d5
[  310.761519][    T9] usb 7-1: New USB device strings: Mfr=208, Product=45, SerialNumber=3
[  310.786494][    T9] usb 7-1: Product: syz
[  310.811129][    T9] usb 7-1: Manufacturer: syz
[  310.816659][    T9] usb 7-1: SerialNumber: syz
[  310.853529][    T9] usb 7-1: config 0 descriptor??
[  310.862126][ T5894] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  310.982951][ T9680] can0: slcan on ptm0.
[  311.025593][ T5894] usb 6-1: Using ep0 maxpacket: 16
[  311.043666][ T5894] usb 6-1: config index 0 descriptor too short (expected 16456, got 72)
[  311.080399][ T5894] usb 6-1: config 0 has an invalid interface number: 125 but max is 1
[  311.100647][    T9] sierra 7-1:0.153: Sierra USB modem converter detected
[  311.108074][ T5894] usb 6-1: config 0 has an invalid interface number: 125 but max is 1
[  311.118688][ T5894] usb 6-1: config 0 has an invalid interface number: 125 but max is 1
[  311.128171][ T9679] can0 (unregistered): slcan off ptm0.
[  311.136297][    T9] usb 7-1: USB disconnect, device number 11
[  311.143620][ T5894] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2
[  311.153686][    T9] sierra 7-1:0.153: device disconnected
[  311.161465][ T5894] usb 6-1: config 0 has no interface number 0
[  311.170209][ T5894] usb 6-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[  311.183432][ T5894] usb 6-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[  311.216074][ T5894] usb 6-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  311.240083][ T5894] usb 6-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  311.262238][ T5894] usb 6-1: config 0 interface 125 has no altsetting 0
[  311.269224][ T5894] usb 6-1: config 0 interface 125 has no altsetting 2
[  311.282341][ T5894] usb 6-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  311.291700][ T5894] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  311.307909][ T5894] usb 6-1: Product: syz
[  311.312241][ T5894] usb 6-1: Manufacturer: syz
[  311.316979][ T5894] usb 6-1: SerialNumber: syz
[  311.329422][ T5894] usb 6-1: config 0 descriptor??
[  311.339022][ T5894] usb 6-1: selecting invalid altsetting 2
[  312.002373][ T9689] netlink: 28 bytes leftover after parsing attributes in process `syz.9.1367'.
[  312.025877][ T9691] pim6reg1: entered promiscuous mode
[  312.031272][ T9691] pim6reg1: entered allmulticast mode
[  312.348753][    C0] usb 6-1: async_complete: urb error -71
[  312.367144][ T5894] get_1284_register: usb error -71
[  312.388554][ T5894] uss720 6-1:0.125: probe with driver uss720 failed with error -71
[  312.465651][ T5894] usb 6-1: USB disconnect, device number 10
[  313.917388][ T9723] No control pipe specified
[  313.936463][ T9723] No control pipe specified
[  314.496727][ T9733] pim6reg1: entered promiscuous mode
[  314.506769][ T9718] loop9: detected capacity change from 0 to 32768
[  314.516209][ T9733] pim6reg1: entered allmulticast mode
[  314.531250][ T9718] XFS: attr2 mount option is deprecated.
[  314.595265][ T9718] XFS (loop9): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  314.798951][ T9718] XFS (loop9): Ending clean mount
[  314.864276][ T9718] XFS (loop9): Quotacheck needed: Please wait.
[  314.981904][ T9718] XFS (loop9): Quotacheck: Done.
[  315.171403][ T9756] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  315.357301][ T9760] input: syz0 as /devices/virtual/input/input35
[  315.687609][ T9764] loop5: detected capacity change from 0 to 4096
[  315.727718][ T7364] XFS (loop9): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  315.956034][ T9772] input: syz0 as /devices/virtual/input/input36
[  316.265927][ T9779] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  316.758873][ T9784] loop9: detected capacity change from 0 to 32768
[  316.804188][ T9784] XFS (loop9): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  316.917521][ T9784] XFS (loop9): Ending clean mount
[  316.925643][ T9784] XFS (loop9): Metadata CRC error detected at xfs_inobt_read_verify+0x26/0xe0, xfs_finobt block 0x20 
[  316.941516][ T9784] XFS (loop9): Unmount and run xfs_repair
[  316.947298][ T9784] XFS (loop9): First 128 bytes of corrupted metadata buffer:
[  316.954725][ T9784] 00000000: 46 49 42 33 00 00 00 01 ff ff ff ff ff ff ff ff  FIB3............
[  316.963653][ T9784] 00000010: 00 00 00 00 00 00 00 20 00 00 00 01 00 00 00 40  ....... .......@
[  316.972605][ T9784] 00000020: 9f 1c ad 42 11 bd 4e 12 8f 0b f0 78 76 b8 1d 9a  ...B..N....xv...
[  316.981484][ T9784] 00000030: 00 00 00 00 8a d2 18 46 00 00 16 80 00 00 40 37  .......F......@7
[  316.990915][ T9784] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00  ................
[  316.999872][ T9784] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 09 00 00  ................
[  317.009206][ T9784] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  317.020101][ T9784] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  317.029111][ T9784] XFS (loop9): metadata I/O error in "xfs_btree_read_buf_block+0x23f/0x4f0" at daddr 0x20 len 8 error 74
[  317.040664][ T9784] XFS (loop9): Failed to initialize disk quotas, err -117.
[  317.169949][ T9789] erspan0: entered promiscuous mode
[  317.210352][ T9789] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1397'.
[  317.227110][ T9806] input: syz0 as /devices/virtual/input/input37
[  317.250218][ T9771] loop8: detected capacity change from 0 to 32768
[  317.349727][ T7364] XFS (loop9): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  317.376088][ T9771] ocfs2: Slot 0 on device (7,8) was already allocated to this node!
[  317.403519][ T7364] XFS (loop9): Uncorrected metadata errors detected; please run xfs_repair.
[  317.440419][ T9771] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode.
[  317.866768][ T6910] ocfs2: Unmounting device (7,8) on (node local)
[  318.283815][ T9824] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1409'.
[  318.310537][ T9824] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1409'.
[  318.311891][ T9804] loop5: detected capacity change from 0 to 32768
[  318.378527][ T9804] XFS: attr2 mount option is deprecated.
[  318.428916][ T9804] XFS (loop5): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  318.575049][ T9804] XFS (loop5): Ending clean mount
[  318.606297][ T5840] Bluetooth: hci4: command 0x0406 tx timeout
[  318.612986][ T5134] Bluetooth: hci2: command 0x0406 tx timeout
[  318.634730][ T9804] XFS (loop5): Quotacheck needed: Please wait.
[  318.710440][ T9804] XFS (loop5): Quotacheck: Done.
[  318.812173][ T5893] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  319.224390][ T9850] loop8: detected capacity change from 0 to 32768
[  319.231933][ T9850] btrfs: Deprecated parameter 'usebackuproot'
[  319.238112][ T9850] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  319.248611][ T9850] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.1417 (9850)
[  319.276945][ T9850] BTRFS info (device loop8): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  319.287200][ T9850] BTRFS info (device loop8): using sha256 (sha256-ni) checksum algorithm
[  319.287200][    T9] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  319.303350][ T9850] BTRFS info (device loop8): using free-space-tree
[  319.342531][ T5893] usb 2-1: Using ep0 maxpacket: 16
[  319.351028][ T5893] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD7, changing to 0x87
[  319.365100][ T5893] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  319.382531][ T5893] usb 2-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[  319.391699][ T5893] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  319.442527][ T5893] usb 2-1: Product: syz
[  319.442742][    T9] usb 7-1: Using ep0 maxpacket: 16
[  319.446742][ T5893] usb 2-1: Manufacturer: syz
[  319.446773][ T5893] usb 2-1: SerialNumber: syz
[  319.482976][    T9] usb 7-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=10.00
[  319.499530][    T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  319.508209][    T9] usb 7-1: Product: syz
[  319.509069][ T5893] usb 2-1: config 0 descriptor??
[  319.517311][    T9] usb 7-1: Manufacturer: syz
[  319.522579][    T9] usb 7-1: SerialNumber: syz
[  319.529963][ T9850] BTRFS info (device loop8): rebuilding free space tree
[  319.530608][    T9] usb 7-1: config 0 descriptor??
[  319.546404][    T9] ftdi_sio 7-1:0.0: FTDI USB Serial Device converter detected
[  319.556113][    T9] usb 7-1: Detected FT-X
[  319.578036][ T7414] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  319.767209][    T9] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  319.873565][ T5893] appledisplay 2-1:0.0: Error while getting initial brightness: -110
[  319.895033][ T5893] appledisplay 2-1:0.0: probe with driver appledisplay failed with error -110
[  319.938885][ T6910] BTRFS info (device loop8): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  320.156657][ T5894] usb 2-1: USB disconnect, device number 7
[  320.209207][    T9] usb 7-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  320.424231][ T5894] usb 7-1: USB disconnect, device number 12
[  320.465391][ T5894] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  320.522700][ T5894] ftdi_sio 7-1:0.0: device disconnected
[  320.947709][ T9872] loop9: detected capacity change from 0 to 32768
[  320.989984][ T9872] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop9 (7:9) scanned by syz.9.1420 (9872)
[  321.057926][ T9872] BTRFS info (device loop9): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  321.094150][ T9872] BTRFS info (device loop9): using sha256 (sha256-ni) checksum algorithm
[  321.120580][ T9872] BTRFS info (device loop9): disk space caching is enabled
[  321.142715][ T9872] BTRFS warning (device loop9): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  321.264903][ T9887] netlink: 'syz.6.1425': attribute type 10 has an invalid length.
[  321.419759][ T9872] BTRFS info (device loop9): rebuilding free space tree
[  321.472359][ T9872] BTRFS info (device loop9): disabling free space tree
[  321.479324][ T9872] BTRFS info (device loop9): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  321.530368][ T9872] BTRFS info (device loop9): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  321.715955][   T30] audit: type=1800 audit(1748486551.949:312): pid=9872 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.1420" name="bus" dev="loop9" ino=263 res=0 errno=0
[  322.436242][ T9922] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  322.700358][ T7364] BTRFS info (device loop9): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  322.988495][ T9933] loop6: detected capacity change from 0 to 256
[  323.025783][ T9933] MINIX-fs: mounting file system with errors, running fsck is recommended
[  323.516019][ T9940] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1443'.
[  323.541513][ T9943] loop9: detected capacity change from 0 to 64
[  323.598698][ T9940] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1443'.
[  324.012566][ T9947] loop8: detected capacity change from 0 to 256
[  324.250540][ T9953] netlink: 4 bytes leftover after parsing attributes in process `syz.9.1448'.
[  324.970217][ T9942] loop6: detected capacity change from 0 to 32768
[  324.995083][ T9942] ocfs2: Slot 0 on device (7,6) was already allocated to this node!
[  325.070823][ T9947] FAT-fs (loop8): Directory bread(block 64) failed
[  325.082441][ T9947] FAT-fs (loop8): Directory bread(block 65) failed
[  325.122244][ T9947] FAT-fs (loop8): Directory bread(block 66) failed
[  325.152328][ T9947] FAT-fs (loop8): Directory bread(block 67) failed
[  325.159011][ T9947] FAT-fs (loop8): Directory bread(block 68) failed
[  325.207863][ T9942] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  325.225016][ T9947] FAT-fs (loop8): Directory bread(block 69) failed
[  325.267989][ T9947] FAT-fs (loop8): Directory bread(block 70) failed
[  325.288874][ T9947] FAT-fs (loop8): Directory bread(block 71) failed
[  325.295788][ T9947] FAT-fs (loop8): Directory bread(block 72) failed
[  325.302896][ T9947] FAT-fs (loop8): Directory bread(block 73) failed
[  325.581222][ T6180] ocfs2: Unmounting device (7,6) on (node local)
[  325.761409][ T9980] loop8: detected capacity change from 0 to 512
[  325.827217][ T9980] EXT4-fs error (device loop8): ext4_orphan_get:1391: inode #15: comm syz.8.1461: casefold flag without casefold feature
[  325.891558][ T9980] EXT4-fs error (device loop8): ext4_orphan_get:1394: comm syz.8.1461: couldn't read orphan inode 15 (err -117)
[  325.967767][ T9980] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  326.310647][ T6910] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  326.768503][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  326.775435][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  327.367663][T10005] loop6: detected capacity change from 0 to 32768
[  327.382172][T10005] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.1469 (10005)
[  327.406328][T10005] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  327.416701][T10005] BTRFS info (device loop6): using crc32c (crc32c-x86_64) checksum algorithm
[  327.425654][T10005] BTRFS info (device loop6): disk space caching is enabled
[  327.432928][T10005] BTRFS warning (device loop6): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  327.684610][T10005] BTRFS info (device loop6): rebuilding free space tree
[  327.742206][T10005] BTRFS info (device loop6): disabling free space tree
[  327.749177][T10005] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  327.758935][T10005] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  328.103751][T10035] netlink: 830 bytes leftover after parsing attributes in process `syz.1.1475'.
[  328.355004][T10005] BTRFS warning (device loop6 state M): remount supports changing free space tree only from RO to RW
[  328.366269][T10005] BTRFS info (device loop6 state M): allowing degraded mounts
[  328.373864][T10005] BTRFS info (device loop6 state M): turning on flush-on-commit
[  328.382520][T10005] BTRFS info (device loop6 state M): force clearing of disk cache
[  328.390365][T10005] BTRFS info (device loop6 state M): not using ssd optimizations
[  328.398909][T10005] BTRFS info (device loop6 state M): not using spread ssd allocation scheme
[  328.512563][ T6180] BTRFS info (device loop6): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  328.886871][T10007] loop8: detected capacity change from 0 to 32768
[  328.954433][T10007] XFS (loop8): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  329.056125][T10007] XFS (loop8): Ending clean mount
[  329.070916][T10007] XFS (loop8): Quotacheck needed: Please wait.
[  329.126367][T10007] XFS (loop8): Quotacheck: Done.
[  329.686616][ T6910] XFS (loop8): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  329.740815][ T5914] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  329.933624][ T5914] usb 7-1: Using ep0 maxpacket: 16
[  329.950380][ T5914] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD7, changing to 0x87
[  329.998838][ T5914] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  330.248190][ T5914] usb 7-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[  330.284912][ T5914] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  330.320977][ T5914] usb 7-1: Product: syz
[  330.342034][ T5914] usb 7-1: Manufacturer: syz
[  330.342555][T10077] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  330.362241][ T5914] usb 7-1: SerialNumber: syz
[  330.391886][ T5914] usb 7-1: config 0 descriptor??
[  330.682755][ T5914] appledisplay 7-1:0.0: Error while getting initial brightness: -110
[  330.694273][ T5914] appledisplay 7-1:0.0: probe with driver appledisplay failed with error -110
[  330.762750][   T24] usb 9-1: new high-speed USB device number 11 using dummy_hcd
[  330.891596][    T9] usb 7-1: USB disconnect, device number 13
[  330.942372][   T24] usb 9-1: Using ep0 maxpacket: 16
[  330.963759][   T24] usb 9-1: config index 0 descriptor too short (expected 16456, got 72)
[  330.996453][   T24] usb 9-1: config 0 has an invalid interface number: 125 but max is 1
[  331.020943][   T24] usb 9-1: config 0 has an invalid interface number: 125 but max is 1
[  331.048288][   T24] usb 9-1: config 0 has an invalid interface number: 125 but max is 1
[  331.060775][   T24] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 2
[  331.095410][   T24] usb 9-1: config 0 has no interface number 0
[  331.112354][   T24] usb 9-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[  331.139640][   T24] usb 9-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[  331.164449][   T24] usb 9-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  331.183213][   T24] usb 9-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  331.206959][   T24] usb 9-1: config 0 interface 125 has no altsetting 0
[  331.222226][   T24] usb 9-1: config 0 interface 125 has no altsetting 2
[  331.231825][   T24] usb 9-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  331.242074][   T24] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  331.252939][   T24] usb 9-1: Product: syz
[  331.257197][   T24] usb 9-1: Manufacturer: syz
[  331.261881][   T24] usb 9-1: SerialNumber: syz
[  331.271256][   T24] usb 9-1: config 0 descriptor??
[  331.281249][   T24] usb 9-1: selecting invalid altsetting 2
[  332.250804][T10100] loop5: detected capacity change from 0 to 40427
[  332.294863][    C1] usb 9-1: async_complete: urb error -71
[  332.301211][   T24] get_1284_register: usb error -71
[  332.306640][   T24] uss720 9-1:0.125: probe with driver uss720 failed with error -71
[  332.338829][   T24] usb 9-1: USB disconnect, device number 11
[  332.345232][T10100] F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  332.543571][T10100] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  332.643603][T10132] loop9: detected capacity change from 0 to 512
[  332.669316][ T7414] syz-executor: attempt to access beyond end of device
[  332.669316][ T7414] loop5: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  332.729778][T10132] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  332.745173][ T7414] CPU: 1 UID: 0 PID: 7414 Comm: syz-executor Not tainted 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  332.745224][ T7414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  332.745247][ T7414] Call Trace:
[  332.745259][ T7414]  <TASK>
[  332.745273][ T7414]  dump_stack_lvl+0x16c/0x1f0
[  332.745338][ T7414]  f2fs_handle_critical_error+0x621/0x9f0
[  332.745391][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.745437][ T7414]  ? __asan_memset+0x23/0x50
[  332.745485][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.745545][ T7414]  f2fs_write_end_io+0x73d/0xac0
[  332.745610][ T7414]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  332.745675][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.745733][ T7414]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  332.745789][ T7414]  bio_endio+0x6d2/0x810
[  332.745836][ T7414]  submit_bio_noacct+0x56d/0x1ec0
[  332.745904][ T7414]  __submit_merged_bio+0x33c/0x770
[  332.745969][ T7414]  __submit_merged_write_cond+0x319/0x3f0
[  332.746047][ T7414]  f2fs_write_cache_pages+0x2139/0x2680
[  332.746147][ T7414]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  332.746208][ T7414]  ? lock_acquire+0x179/0x350
[  332.746273][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.746336][ T7414]  ? check_path.constprop.0+0x24/0x50
[  332.746412][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.746457][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.746502][ T7414]  ? __lock_acquire+0xf7f/0x1ba0
[  332.746587][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.746632][ T7414]  ? do_raw_spin_lock+0x12c/0x2b0
[  332.746726][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.746771][ T7414]  ? lock_acquire+0x179/0x350
[  332.746830][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.746886][ T7414]  f2fs_write_data_pages+0x4ad/0xd90
[  332.746962][ T7414]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  332.747045][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.747100][ T7414]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  332.747168][ T7414]  do_writepages+0x1b5/0x820
[  332.747234][ T7414]  ? __pfx_do_writepages+0x10/0x10
[  332.747289][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.747338][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.747384][ T7414]  ? do_raw_spin_lock+0x12c/0x2b0
[  332.747423][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.747469][ T7414]  ? find_held_lock+0x2b/0x80
[  332.747519][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.747571][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.747617][ T7414]  ? do_raw_spin_unlock+0x172/0x230
[  332.747660][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.747717][ T7414]  filemap_fdatawrite_wbc+0x104/0x160
[  332.747777][ T7414]  __filemap_fdatawrite_range+0xb2/0xf0
[  332.747818][ T7414]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  332.747930][ T7414]  ? find_held_lock+0x2b/0x80
[  332.747980][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.748035][ T7414]  ? do_raw_spin_unlock+0x172/0x230
[  332.748079][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.748133][ T7414]  f2fs_sync_dirty_inodes+0x2a9/0x990
[  332.748201][ T7414]  block_operations+0x2a3/0xfd0
[  332.748256][ T7414]  ? __pfx_block_operations+0x10/0x10
[  332.748366][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.748413][ T7414]  ? down_write+0x14d/0x200
[  332.748451][ T7414]  ? __pfx_down_write+0x10/0x10
[  332.748491][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.748537][ T7414]  ? rcu_is_watching+0x12/0xc0
[  332.748592][ T7414]  f2fs_write_checkpoint+0x2b8/0x45b0
[  332.748640][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.748685][ T7414]  ? kfree+0x2b6/0x4d0
[  332.748730][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.748781][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.748827][ T7414]  ? rcu_is_watching+0x12/0xc0
[  332.748872][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.748919][ T7414]  ? kthread_stop+0x273/0x650
[  332.748961][ T7414]  kill_f2fs_super+0x3c2/0x470
[  332.749010][ T7414]  ? __pfx_kill_f2fs_super+0x10/0x10
[  332.749049][ T7414]  ? lockdep_hardirqs_on+0x7c/0x110
[  332.749133][ T7414]  deactivate_locked_super+0xc1/0x1a0
[  332.749187][ T7414]  deactivate_super+0xde/0x100
[  332.749240][ T7414]  cleanup_mnt+0x225/0x450
[  332.749298][ T7414]  task_work_run+0x150/0x240
[  332.749344][ T7414]  ? __pfx_task_work_run+0x10/0x10
[  332.749384][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.749434][ T7414]  ? __pfx___x64_sys_umount+0x10/0x10
[  332.749506][ T7414]  syscall_exit_to_user_mode+0x27b/0x2a0
[  332.749571][ T7414]  do_syscall_64+0xda/0x260
[  332.749640][ T7414]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  332.749678][ T7414] RIP: 0033:0x7f824c38fc97
[  332.749708][ T7414] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  332.749746][ T7414] RSP: 002b:00007fff1f423d68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  332.749782][ T7414] RAX: 0000000000000000 RBX: 00007f824c41089d RCX: 00007f824c38fc97
[  332.749807][ T7414] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff1f423e20
[  332.749832][ T7414] RBP: 00007fff1f423e20 R08: 0000000000000000 R09: 0000000000000000
[  332.749856][ T7414] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff1f424eb0
[  332.749881][ T7414] R13: 00007f824c41089d R14: 0000000000051334 R15: 00007fff1f424ef0
[  332.749939][ T7414]  </TASK>
[  332.749953][ T7414] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  332.932310][T10132] ext4 filesystem being mounted at /164/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  332.985620][ T5830] Bluetooth: hci0: command 0xfc11 tx timeout
[  333.036803][ T5848] Bluetooth: hci0: Entering manufacturer mode failed (-110)
[  333.226684][    C0] vkms_vblank_simulate: vblank timer overrun
[  333.320253][ T7414] CPU: 0 UID: 0 PID: 7414 Comm: syz-executor Not tainted 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  333.320304][ T7414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  333.320326][ T7414] Call Trace:
[  333.320338][ T7414]  <TASK>
[  333.320351][ T7414]  dump_stack_lvl+0x16c/0x1f0
[  333.320416][ T7414]  f2fs_handle_critical_error+0x621/0x9f0
[  333.320468][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  333.320514][ T7414]  ? __asan_memset+0x23/0x50
[  333.320561][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  333.320621][ T7414]  f2fs_write_end_io+0x73d/0xac0
[  333.320682][ T7414]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  333.320753][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  333.320811][ T7414]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  333.320867][ T7414]  bio_endio+0x6d2/0x810
[  333.320914][ T7414]  submit_bio_noacct+0x56d/0x1ec0
[  333.320982][ T7414]  __submit_merged_bio+0x33c/0x770
[  333.321047][ T7414]  __submit_merged_write_cond+0x319/0x3f0
[  333.321120][ T7414]  f2fs_write_cache_pages+0x2139/0x2680
[  333.321219][ T7414]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  333.321280][ T7414]  ? lock_acquire+0x179/0x350
[  333.321345][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  333.321408][ T7414]  ? check_path.constprop.0+0x24/0x50
[  333.321486][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  333.321530][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  333.321575][ T7414]  ? __lock_acquire+0xf7f/0x1ba0
[  333.321660][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  333.321705][ T7414]  ? do_raw_spin_lock+0x12c/0x2b0
[  333.321808][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  333.321853][ T7414]  ? lock_acquire+0x179/0x350
[  333.321913][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  333.321972][ T7414]  f2fs_write_data_pages+0x4ad/0xd90
[  333.322052][ T7414]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  333.322131][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  333.322187][ T7414]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  333.322256][ T7414]  do_writepages+0x1b5/0x820
[  333.322321][ T7414]  ? __pfx_do_writepages+0x10/0x10
[  333.322376][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  333.322424][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  333.322469][ T7414]  ? do_raw_spin_lock+0x12c/0x2b0
[  333.322508][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  333.322552][ T7414]  ? find_held_lock+0x2b/0x80
[  333.322599][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  333.322651][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  333.322695][ T7414]  ? do_raw_spin_unlock+0x172/0x230
[  333.322743][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  333.322798][ T7414]  filemap_fdatawrite_wbc+0x104/0x160
[  333.322858][ T7414]  __filemap_fdatawrite_range+0xb2/0xf0
[  333.322897][ T7414]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  333.323010][ T7414]  ? find_held_lock+0x2b/0x80
[  333.323059][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  333.323105][ T7414]  ? do_raw_spin_unlock+0x172/0x230
[  333.323147][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  333.323200][ T7414]  f2fs_sync_dirty_inodes+0x2a9/0x990
[  333.323266][ T7414]  block_operations+0x2a3/0xfd0
[  333.323320][ T7414]  ? __pfx_block_operations+0x10/0x10
[  333.323429][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  333.323472][ T7414]  ? down_write+0x14d/0x200
[  333.323509][ T7414]  ? __pfx_down_write+0x10/0x10
[  333.323548][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  333.323592][ T7414]  ? rcu_is_watching+0x12/0xc0
[  333.323645][ T7414]  f2fs_write_checkpoint+0x2b8/0x45b0
[  333.323691][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  333.323741][ T7414]  ? kfree+0x2b6/0x4d0
[  333.323783][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  333.323834][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  333.323878][ T7414]  ? rcu_is_watching+0x12/0xc0
[  333.323921][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  333.323966][ T7414]  ? kthread_stop+0x273/0x650
[  333.324007][ T7414]  kill_f2fs_super+0x3c2/0x470
[  333.324048][ T7414]  ? __pfx_kill_f2fs_super+0x10/0x10
[  333.324086][ T7414]  ? lockdep_hardirqs_on+0x7c/0x110
[  333.324168][ T7414]  deactivate_locked_super+0xc1/0x1a0
[  333.324220][ T7414]  deactivate_super+0xde/0x100
[  333.324272][ T7414]  cleanup_mnt+0x225/0x450
[  333.324328][ T7414]  task_work_run+0x150/0x240
[  333.324372][ T7414]  ? __pfx_task_work_run+0x10/0x10
[  333.324410][ T7414]  ? srso_alias_return_thunk+0x5/0xfbef5
[  333.324459][ T7414]  ? __pfx___x64_sys_umount+0x10/0x10
[  333.324527][ T7414]  syscall_exit_to_user_mode+0x27b/0x2a0
[  333.324590][ T7414]  do_syscall_64+0xda/0x260
[  333.324655][ T7414]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  333.324693][ T7414] RIP: 0033:0x7f824c38fc97
[  333.324721][ T7414] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  333.324762][ T7414] RSP: 002b:00007fff1f423d68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  333.324797][ T7414] RAX: 0000000000000000 RBX: 00007f824c41089d RCX: 00007f824c38fc97
[  333.324821][ T7414] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff1f423e20
[  333.324844][ T7414] RBP: 00007fff1f423e20 R08: 0000000000000000 R09: 0000000000000000
[  333.324867][ T7414] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff1f424eb0
[  333.324890][ T7414] R13: 00007f824c41089d R14: 0000000000051334 R15: 00007fff1f424ef0
[  333.324947][ T7414]  </TASK>
[  333.833059][    C0] vkms_vblank_simulate: vblank timer overrun
[  333.898605][T10145] loop8: detected capacity change from 0 to 512
[  333.905478][ T7414] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  333.972369][ T7364] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  333.988740][T10145] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  334.057245][T10145] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  334.154377][T10145] ext4 filesystem being mounted at /189/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  334.290320][ T6910] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  334.382314][   T24] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  334.412359][ T5895] usb 10-1: new high-speed USB device number 8 using dummy_hcd
[  334.532348][   T24] usb 3-1: Using ep0 maxpacket: 16
[  334.546355][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  334.562148][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  334.583110][   T24] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  334.600174][ T5895] usb 10-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  334.612462][   T24] usb 3-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  334.631825][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  334.635766][ T5895] usb 10-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  334.658741][ T5895] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 66
[  334.692093][ T5895] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  334.705854][   T24] usb 3-1: config 0 descriptor??
[  334.730007][ T5895] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  334.767527][ T5895] usb 10-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  334.788739][ T5895] usb 10-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  334.812036][ T5895] usb 10-1: Product: syz
[  334.822194][ T5895] usb 10-1: Manufacturer: syz
[  334.837659][T10167] program syz.6.1529 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  334.851611][ T5895] cdc_wdm 10-1:1.0: skipping garbage
[  334.872284][ T5895] cdc_wdm 10-1:1.0: skipping garbage
[  334.900076][ T5895] cdc_wdm 10-1:1.0: cdc-wdm0: USB WDM device
[  334.908180][ T5895] cdc_wdm 10-1:1.0: Unknown control protocol
[  334.920314][T10170] netlink: 16 bytes leftover after parsing attributes in process `syz.8.1530'.
[  334.938302][T10170] netlink: 16 bytes leftover after parsing attributes in process `syz.8.1530'.
[  335.138658][   T24] input: HID 0955:7214 Haptics as /devices/virtual/input/input38
[  335.244946][   T24] shield 0003:0955:7214.001E: Registered Thunderstrike controller
[  335.269732][   T24] shield 0003:0955:7214.001E: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.2-1/input0
[  335.368070][ T5914] shield 0003:0955:7214.001E: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  335.385009][   T24] usb 3-1: USB disconnect, device number 12
[  335.397140][ T5914] shield 0003:0955:7214.001E: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  335.440868][ T5914] shield 0003:0955:7214.001E: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  335.472131][ T5914] shield 0003:0955:7214.001E: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  335.598611][T10182] loop5: detected capacity change from 0 to 32768
[  335.731067][T10182] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): Using encoding defined by superblock: utf8-12.1.0
[  335.743397][    T9] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  335.772969][T10182] bcachefs (loop5): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  335.772969][T10182]   allowing incompatible features above 0.0: (unknown version)
[  335.803049][    C0] vkms_vblank_simulate: vblank timer overrun
[  335.809255][T10182] bcachefs (loop5): initializing new filesystem
[  335.816716][T10182] bcachefs (loop5): going read-write
[  335.866227][T10182] bcachefs (loop5): marking superblocks
[  335.890268][T10182] bcachefs (loop5): initializing freespace
[  335.898541][T10182] bcachefs (loop5): done initializing freespace
[  335.908924][T10182] bcachefs (loop5): reading snapshots table
[  335.915469][T10182] bcachefs (loop5): reading snapshots done
[  335.967025][T10182] bcachefs (loop5): done starting filesystem
[  336.012252][    T9] usb 7-1: Using ep0 maxpacket: 8
[  336.024253][    T9] usb 7-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  336.034895][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  336.064177][    T9] usb 7-1: config 0 descriptor??
[  336.135336][ T7414] bcachefs (loop5): shutting down
[  336.140868][ T7414] bcachefs (loop5): going read-only
[  336.146537][ T7414] bcachefs (loop5): finished waiting for writes to stop
[  336.161863][ T7414] bcachefs (loop5): flushing journal and stopping allocators, journal seq 2
[  336.222190][ T5895] usb 9-1: new high-speed USB device number 12 using dummy_hcd
[  336.242225][ T7414] bcachefs (loop5): flushing journal and stopping allocators complete, journal seq 3
[  336.268602][ T7414] bcachefs (loop5): clean shutdown complete, journal seq 4
[  336.286431][    T9] asix 7-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  336.344742][ T7414] bcachefs (loop5): marking filesystem clean
[  336.412591][ T5895] usb 9-1: Using ep0 maxpacket: 32
[  336.429739][ T5895] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  336.440805][ T5895] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  336.444587][ T7414] bcachefs (loop5): shutdown complete
[  336.451045][ T5895] usb 9-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  336.485535][ T5895] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  336.513349][ T5895] usb 9-1: config 0 descriptor??
[  336.987660][ T5895] savu 0003:1E7D:2D5A.001F: hiddev1,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.8-1/input0
[  337.113207][    T9] asix 7-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  337.124199][    T9] asix 7-1:0.0: probe with driver asix failed with error -71
[  337.149623][    T9] usb 7-1: USB disconnect, device number 14
[  337.239033][ T5895] usb 10-1: USB disconnect, device number 8
[  337.250787][   T10] usb 9-1: USB disconnect, device number 12
[  338.076118][T10225] loop9: detected capacity change from 0 to 512
[  338.102613][T10225] EXT4-fs (loop9): mounting ext3 file system using the ext4 subsystem
[  338.149285][T10225] EXT4-fs (loop9): invalid journal inode
[  338.164198][T10225] EXT4-fs (loop9): can't get journal size
[  338.214080][T10225] EXT4-fs (loop9): 1 truncate cleaned up
[  338.221857][T10225] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  338.360605][T10225] EXT4-fs warning (device loop9): verify_group_input:136: Cannot add at group 1986356271 (only 1 groups)
[  338.543950][T10233] batadv_slave_0: entered promiscuous mode
[  338.565117][T10232] batadv_slave_0: left promiscuous mode
[  338.614561][ T7364] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  338.880310][T10237] random: crng reseeded on system resumption
[  340.142493][   T24] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  340.305966][   T24] usb 6-1: Using ep0 maxpacket: 32
[  340.339296][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  340.373477][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  340.383340][ T5914] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  340.412580][   T24] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  340.421659][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  340.484044][   T24] usb 6-1: config 0 descriptor??
[  340.583359][ T5914] usb 3-1: Using ep0 maxpacket: 8
[  340.603215][ T5914] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 47056, setting to 1024
[  340.632264][ T5914] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  340.653627][ T5914] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 26912, setting to 1024
[  340.686166][ T5914] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  340.728667][ T5914] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  340.748197][ T5914] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  340.758919][ T5914] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  340.802145][   T10] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  340.936658][   T24] savu 0003:1E7D:2D5A.0020: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.5-1/input0
[  340.952205][   T10] usb 7-1: Using ep0 maxpacket: 32
[  340.970163][   T10] usb 7-1: config 0 has an invalid interface number: 85 but max is 0
[  340.977732][ T5914] usb 3-1: usb_control_msg returned -71
[  340.983171][ T5895] usb 10-1: new high-speed USB device number 9 using dummy_hcd
[  340.984937][ T5914] usbtmc 3-1:16.0: can't read capabilities
[  341.012354][   T10] usb 7-1: config 0 has no interface number 0
[  341.018705][   T10] usb 7-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  341.028610][ T5914] usb 3-1: USB disconnect, device number 13
[  341.039867][   T10] usb 7-1: config 0 interface 85 has no altsetting 0
[  341.053452][   T10] usb 7-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  341.070192][   T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  341.091074][   T10] usb 7-1: Product: syz
[  341.101208][   T10] usb 7-1: Manufacturer: syz
[  341.111345][   T10] usb 7-1: SerialNumber: syz
[  341.117112][T10194] syz.1.1538 (10194): drop_caches: 1
[  341.126466][   T10] usb 7-1: config 0 descriptor??
[  341.152200][ T5895] usb 10-1: Using ep0 maxpacket: 16
[  341.173730][ T5895] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  341.201818][   T24] usb 6-1: USB disconnect, device number 11
[  341.210702][ T5895] usb 10-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  341.232953][ T5895] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  341.272757][ T5895] usb 10-1: config 0 descriptor??
[  341.720972][ T5895] mcp2221 0003:04D8:00DD.0021: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.9-1/input0
[  341.755210][   T10] appletouch 7-1:0.85: Geyser mode initialized.
[  341.775136][   T10] input: appletouch as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.85/input/input39
[  341.956533][ T5914] usb 7-1: USB disconnect, device number 15
[  342.014510][ T5914] appletouch 7-1:0.85: input: appletouch disconnected
[  342.164911][ T5895] usb 10-1: USB disconnect, device number 9
[  342.569012][T10298] loop8: detected capacity change from 0 to 256
[  342.598370][T10296] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  342.606319][T10296] IPv6: NLM_F_CREATE should be set when creating new route
[  342.613595][T10296] IPv6: NLM_F_CREATE should be set when creating new route
[  342.637378][T10298] exFAT-fs (loop8): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  343.445629][T10317] loop9: detected capacity change from 0 to 2048
[  343.561081][T10317] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  343.706393][   T30] audit: type=1800 audit(1748486573.939:313): pid=10317 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.1588" name="file1" dev="loop9" ino=1415 res=0 errno=0
[  344.331933][T10338] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  344.356248][T10340] loop5: detected capacity change from 0 to 1024
[  344.615137][T10345] loop9: detected capacity change from 0 to 512
[  344.679843][T10345] EXT4-fs error (device loop9): ext4_iget_extra_inode:4692: inode #15: comm syz.9.1601: corrupted in-inode xattr: overlapping e_value 
[  344.718728][T10345] EXT4-fs error (device loop9): ext4_orphan_get:1394: comm syz.9.1601: couldn't read orphan inode 15 (err -117)
[  344.788025][T10345] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  344.958883][ T7364] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  345.611767][T10382] (unnamed net_device) (uninitialized): ARP target 1.0.0.0 is already present
[  345.632047][T10382] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (1)
[  346.953583][T10411] loop8: detected capacity change from 0 to 32768
[  346.963625][T10411] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.1631 (10411)
[  346.982378][T10411] BTRFS info (device loop8): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  346.992614][T10411] BTRFS info (device loop8): using xxhash64 (xxhash64-generic) checksum algorithm
[  347.001892][T10411] BTRFS info (device loop8): disk space caching is enabled
[  347.009246][T10411] BTRFS warning (device loop8): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  347.205899][T10411] BTRFS info (device loop8): rebuilding free space tree
[  347.231841][T10411] BTRFS info (device loop8): disabling free space tree
[  347.238905][T10411] BTRFS info (device loop8): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  347.252461][T10411] BTRFS info (device loop8): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  347.355539][T10411] BTRFS error (device loop8): balance: mixed groups data and metadata options must be the same
[  347.402379][ T5830] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  347.496119][T10442] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  347.536089][ T6910] BTRFS info (device loop8): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  347.582002][   T30] audit: type=1326 audit(1748486577.799:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10444 comm="syz.2.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1653b8e969 code=0x7ffc0000
[  347.604470][    C0] vkms_vblank_simulate: vblank timer overrun
[  347.647395][   T30] audit: type=1326 audit(1748486577.809:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10444 comm="syz.2.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=34 compat=0 ip=0x7f1653b8e969 code=0x7ffc0000
[  347.669814][    C0] vkms_vblank_simulate: vblank timer overrun
[  347.705123][T10448] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  347.741353][T10448] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  347.783398][T10448] overlayfs: overlay with incompat feature 'volatile' cannot be mounted
[  347.796700][T10450] loop9: detected capacity change from 0 to 1024
[  348.920635][T10473] loop8: detected capacity change from 0 to 32768
[  349.032066][ T5893] usb 3-1: new full-speed USB device number 14 using dummy_hcd
[  349.087524][T10473] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): Using encoding defined by superblock: utf8-12.1.0
[  349.119525][T10473] bcachefs (loop8): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  349.119525][T10473]   allowing incompatible features above 0.0: (unknown version)
[  349.149943][T10473] bcachefs (loop8): initializing new filesystem
[  349.157520][T10473] bcachefs (loop8): going read-write
[  349.210781][T10473] bcachefs (loop8): marking superblocks
[  349.225128][ T5893] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  349.230094][T10473] bcachefs (loop8): initializing freespace
[  349.246579][T10473] bcachefs (loop8): done initializing freespace
[  349.256500][T10473] bcachefs (loop8): reading snapshots table
[  349.262561][T10473] bcachefs (loop8): reading snapshots done
[  349.313816][ T5893] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  349.364732][T10473] bcachefs (loop8): done starting filesystem
[  349.391525][ T5893] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  349.424889][ T5893] usb 3-1: config 0 descriptor??
[  349.443276][ T5893] hub 3-1:0.0: bad descriptor, ignoring hub
[  349.449696][ T5893] hub 3-1:0.0: probe with driver hub failed with error -5
[  349.474677][ T5893] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  349.502883][   T30] audit: type=1800 audit(1748486579.709:316): pid=10473 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.1652" name="file1" dev="loop8" ino=4098 res=0 errno=0
[  349.685889][T10476] netlink: 182 bytes leftover after parsing attributes in process `syz.2.1653'.
[  349.787511][ T6910] bcachefs (loop8): shutting down
[  349.806229][ T6910] bcachefs (loop8): going read-only
[  349.811507][ T6910] bcachefs (loop8): finished waiting for writes to stop
[  349.836644][ T5893] usb 3-1: USB disconnect, device number 14
[  349.876027][T10498] loop6: detected capacity change from 0 to 1024
[  349.895135][ T6910] bcachefs (loop8): flushing journal and stopping allocators, journal seq 4
[  349.923596][T10498] EXT4-fs: Ignoring removed nomblk_io_submit option
[  350.024208][T10498] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  350.037261][ T6910] bcachefs (loop8): flushing journal and stopping allocators complete, journal seq 4
[  350.061753][ T6910] bcachefs (loop8): clean shutdown complete, journal seq 5
[  350.143529][ T6910] bcachefs (loop8): marking filesystem clean
[  350.300287][ T6180] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  350.423307][ T6910] bcachefs (loop8): shutdown complete
[  350.547215][T10506] loop9: detected capacity change from 0 to 32768
[  350.555671][T10506] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop9 (7:9) scanned by syz.9.1661 (10506)
[  350.579102][T10506] BTRFS info (device loop9): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  350.589337][T10506] BTRFS info (device loop9): using crc32c (crc32c-x86_64) checksum algorithm
[  350.599771][T10506] BTRFS info (device loop9): disk space caching is enabled
[  350.607116][T10506] BTRFS warning (device loop9): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  350.778656][T10506] BTRFS info (device loop9): rebuilding free space tree
[  350.792162][    T9] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  350.810497][T10506] BTRFS info (device loop9): disabling free space tree
[  350.817886][T10506] BTRFS info (device loop9): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  350.827904][T10506] BTRFS info (device loop9): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  350.865365][T10496] loop5: detected capacity change from 0 to 32768
[  350.918696][T10496] XFS (loop5): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  350.962198][    T9] usb 3-1: Using ep0 maxpacket: 8
[  350.985554][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  351.004194][T10496] XFS (loop5): Ending clean mount
[  351.022101][    T9] usb 3-1: New USB device found, idVendor=0eef, idProduct=72c4, bcdDevice= 0.00
[  351.052188][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  351.079191][    T9] usb 3-1: config 0 descriptor??
[  351.092378][T10506] BTRFS warning (device loop9): failed to trim 1 device(s), last error -512
[  351.148567][ T7364] BTRFS info (device loop9): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  351.268604][ T7414] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  351.618899][    T9] hid-multitouch 0003:0EEF:72C4.0022: unknown main item tag 0x0
[  351.702314][    T9] hid-multitouch 0003:0EEF:72C4.0022: hidraw0: USB HID v0.03 Device [HID 0eef:72c4] on usb-dummy_hcd.2-1/input0
[  351.771074][    T9] usb 3-1: USB disconnect, device number 15
[  351.968487][T10544] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  352.552727][ T5895] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  352.742192][ T5895] usb 7-1: Using ep0 maxpacket: 32
[  352.764046][ T5895] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  352.795755][ T5895] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  352.819748][T10563] loop5: detected capacity change from 0 to 1024
[  352.842459][ T5895] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  352.876093][ T5895] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  352.900773][T10563] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  352.930692][T10563] ext4 filesystem being mounted at /175/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  352.949442][ T5895] usb 7-1: config 0 descriptor??
[  353.088023][T10563] EXT4-fs error (device loop5): ext4_validate_block_bitmap:440: comm syz.5.1672: bg 0: block 393: padding at end of block bitmap is not set
[  353.140882][T10563] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 21 with max blocks 44 with error 117
[  353.199626][T10563] EXT4-fs (loop5): This should not happen!! Data will be lost
[  353.199626][T10563] 
[  353.376434][ T7414] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  353.414298][ T5895] savu 0003:1E7D:2D5A.0023: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.6-1/input0
[  353.554339][T10575] ipvlan2: entered promiscuous mode
[  353.585345][T10575] ipvlan2: entered allmulticast mode
[  353.620231][T10575] bridge0: entered allmulticast mode
[  353.659329][T10575] batman_adv: batadv0: Adding interface: ipvlan2
[  353.696756][T10575] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  353.730928][ T5895] usb 7-1: USB disconnect, device number 16
[  353.737187][T10577] netlink: 16 bytes leftover after parsing attributes in process `syz.9.1677'.
[  353.752962][T10575] batman_adv: batadv0: Interface activated: ipvlan2
[  354.085289][T10584] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1680'.
[  355.002786][ T5895] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  355.182218][ T5895] usb 2-1: Using ep0 maxpacket: 32
[  355.190002][ T5895] usb 2-1: config 0 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  355.239002][ T5895] usb 2-1: config 0 interface 0 has no altsetting 0
[  355.270061][ T5895] usb 2-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00
[  355.309543][ T5895] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  355.345782][ T5895] usb 2-1: config 0 descriptor??
[  355.844791][ T5895] uclogic 0003:5543:0781.0024: ignoring exceeding usage max
[  355.885633][T10630] loop9: detected capacity change from 0 to 40427
[  355.909615][ T5895] uclogic 0003:5543:0781.0024: unbalanced collection at end of report description
[  355.961933][ T5895] uclogic 0003:5543:0781.0024: parse failed
[  355.968314][ T5895] uclogic 0003:5543:0781.0024: probe with driver uclogic failed with error -22
[  356.038617][ T5895] usb 2-1: USB disconnect, device number 8
[  356.048367][T10630] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5
[  356.213158][ T7364] syz-executor: attempt to access beyond end of device
[  356.213158][ T7364] loop9: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  356.251853][ T7364] CPU: 1 UID: 0 PID: 7364 Comm: syz-executor Not tainted 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  356.251906][ T7364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  356.251928][ T7364] Call Trace:
[  356.251944][ T7364]  <TASK>
[  356.251958][ T7364]  dump_stack_lvl+0x16c/0x1f0
[  356.252042][ T7364]  f2fs_handle_critical_error+0x621/0x9f0
[  356.252095][ T7364]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.252140][ T7364]  ? __asan_memset+0x23/0x50
[  356.252189][ T7364]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.252250][ T7364]  f2fs_write_end_io+0x73d/0xac0
[  356.252312][ T7364]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  356.252378][ T7364]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.252436][ T7364]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  356.252492][ T7364]  bio_endio+0x6d2/0x810
[  356.252539][ T7364]  submit_bio_noacct+0x56d/0x1ec0
[  356.252607][ T7364]  __submit_merged_bio+0x33c/0x770
[  356.252673][ T7364]  __submit_merged_write_cond+0x319/0x3f0
[  356.252746][ T7364]  f2fs_write_cache_pages+0x2139/0x2680
[  356.252843][ T7364]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  356.252911][ T7364]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.252954][ T7364]  ? __lock_acquire+0x5ca/0x1ba0
[  356.253026][ T7364]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.253068][ T7364]  ? __lock_acquire+0x5ca/0x1ba0
[  356.253234][ T7364]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.253277][ T7364]  ? arch_stack_walk+0xa6/0x100
[  356.253333][ T7364]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.253388][ T7364]  f2fs_write_data_pages+0x4ad/0xd90
[  356.253459][ T7364]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  356.253532][ T7364]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.253579][ T7364]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.253621][ T7364]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  356.253683][ T7364]  do_writepages+0x1b5/0x820
[  356.253743][ T7364]  ? __pfx_do_writepages+0x10/0x10
[  356.253794][ T7364]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.253838][ T7364]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.253879][ T7364]  ? do_raw_spin_lock+0x12c/0x2b0
[  356.253914][ T7364]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.253955][ T7364]  ? find_held_lock+0x2b/0x80
[  356.254009][ T7364]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.254056][ T7364]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.254097][ T7364]  ? do_raw_spin_unlock+0x172/0x230
[  356.254136][ T7364]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.254187][ T7364]  filemap_fdatawrite_wbc+0x104/0x160
[  356.254242][ T7364]  __filemap_fdatawrite_range+0xb2/0xf0
[  356.254278][ T7364]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  356.254378][ T7364]  ? find_held_lock+0x2b/0x80
[  356.254423][ T7364]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.254466][ T7364]  ? do_raw_spin_unlock+0x172/0x230
[  356.254505][ T7364]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.254554][ T7364]  f2fs_sync_dirty_inodes+0x2a9/0x990
[  356.254614][ T7364]  block_operations+0x2a3/0xfd0
[  356.254664][ T7364]  ? __pfx_block_operations+0x10/0x10
[  356.254763][ T7364]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.254804][ T7364]  ? down_write+0x14d/0x200
[  356.254838][ T7364]  ? __pfx_down_write+0x10/0x10
[  356.254875][ T7364]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.254916][ T7364]  ? rcu_is_watching+0x12/0xc0
[  356.254966][ T7364]  f2fs_write_checkpoint+0x2b8/0x45b0
[  356.255014][ T7364]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.255055][ T7364]  ? kfree+0x2b6/0x4d0
[  356.255095][ T7364]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.255141][ T7364]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.255182][ T7364]  ? rcu_is_watching+0x12/0xc0
[  356.255223][ T7364]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.255263][ T7364]  ? kthread_stop+0x273/0x650
[  356.255302][ T7364]  kill_f2fs_super+0x3c2/0x470
[  356.255339][ T7364]  ? __pfx_kill_f2fs_super+0x10/0x10
[  356.255375][ T7364]  ? lockdep_hardirqs_on+0x7c/0x110
[  356.255450][ T7364]  deactivate_locked_super+0xc1/0x1a0
[  356.255498][ T7364]  deactivate_super+0xde/0x100
[  356.255546][ T7364]  cleanup_mnt+0x225/0x450
[  356.255598][ T7364]  task_work_run+0x150/0x240
[  356.255638][ T7364]  ? __pfx_task_work_run+0x10/0x10
[  356.255674][ T7364]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.255719][ T7364]  ? __pfx___x64_sys_umount+0x10/0x10
[  356.255783][ T7364]  syscall_exit_to_user_mode+0x27b/0x2a0
[  356.255841][ T7364]  do_syscall_64+0xda/0x260
[  356.255902][ T7364]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  356.255937][ T7364] RIP: 0033:0x7f497fd8fc97
[  356.255964][ T7364] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  356.255998][ T7364] RSP: 002b:00007ffc58bbe068 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  356.256035][ T7364] RAX: 0000000000000000 RBX: 00007f497fe1089d RCX: 00007f497fd8fc97
[  356.256057][ T7364] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc58bbe120
[  356.256078][ T7364] RBP: 00007ffc58bbe120 R08: 0000000000000000 R09: 0000000000000000
[  356.256100][ T7364] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc58bbf1b0
[  356.256122][ T7364] R13: 00007f497fe1089d R14: 0000000000056eea R15: 00007ffc58bbf1f0
[  356.256173][ T7364]  </TASK>
[  356.819681][ T7364] F2FS-fs (loop9): Stopped filesystem due to reason: 3
[  357.122064][    T9] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  357.218367][   T10] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  357.272210][    T9] usb 6-1: Using ep0 maxpacket: 8
[  357.290906][    T9] usb 6-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d
[  357.310848][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  357.351349][    T9] usb 6-1: Product: syz
[  357.370820][    T9] usb 6-1: Manufacturer: syz
[  357.390686][    T9] usb 6-1: SerialNumber: syz
[  357.395541][   T10] usb 3-1: Using ep0 maxpacket: 32
[  357.433993][    T9] usb 6-1: config 0 descriptor??
[  357.440199][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  357.465250][    T9] gspca_main: sonixj-2.14.0 probing 0c45:613e
[  357.487592][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  357.509298][   T10] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  357.520799][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  357.552541][T10661] loop9: detected capacity change from 0 to 16
[  357.565157][   T10] usb 3-1: config 0 descriptor??
[  357.591167][T10661] erofs (device loop9): mounted with root inode @ nid 36.
[  357.687285][T10661] overlayfs: failed to resolve './file1': -2
[  357.710827][T10666] loop8: detected capacity change from 0 to 1024
[  357.780146][T10663] loop6: detected capacity change from 0 to 4096
[  357.796051][   T30] audit: type=1800 audit(1748486588.019:317): pid=10666 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.1716" name="file1" dev="loop8" ino=20 res=0 errno=0
[  357.816619][    C0] vkms_vblank_simulate: vblank timer overrun
[  357.902614][T10669] mmap: syz.1.1717 (10669) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  358.002568][   T10] savu 0003:1E7D:2D5A.0025: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0
[  358.048273][ T1070] hfsplus: b-tree write err: -5, ino 4
[  358.057631][T10672] loop9: detected capacity change from 0 to 512
[  358.092569][T10672] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[  358.159622][T10672] EXT4-fs (loop9): 1 truncate cleaned up
[  358.189343][T10672] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  358.261608][T10672] syz.9.1718 (pid 10672) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  358.286476][ T5893] usb 3-1: USB disconnect, device number 16
[  358.320482][T10677] loop8: detected capacity change from 0 to 2048
[  358.346341][T10677] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  358.395193][ T7364] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  358.407895][   T30] audit: type=1800 audit(1748486588.629:318): pid=10677 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.1719" name="file1" dev="loop8" ino=1415 res=0 errno=0
[  358.459344][    T9] gspca_sonixj: reg_w1 err -71
[  358.492298][ T5914] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  358.522190][    T9] sonixj 6-1:0.0: probe with driver sonixj failed with error -71
[  358.542377][    T9] usb 6-1: USB disconnect, device number 12
[  358.672030][ T5914] usb 2-1: Using ep0 maxpacket: 16
[  358.698204][ T5914] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  358.728351][ T5914] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  358.758521][ T5914] usb 2-1: config 0 interface 0 has no altsetting 0
[  358.775712][ T5914] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  358.811929][ T5914] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  358.835088][ T5914] usb 2-1: config 0 descriptor??
[  359.283490][ T5914] hid (null): report_id 0 is invalid
[  359.290611][ T5914] hid (null): invalid report_size 4076
[  359.312035][ T5914] hid (null): unknown global tag 0xc
[  359.312157][ T5991] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  359.342575][ T5914] hid (null): invalid report_size 59118
[  359.348209][ T5914] hid (null): global environment stack underflow
[  359.372009][ T5914] hid (null): unknown global tag 0xd
[  359.401139][T10681] loop6: detected capacity change from 0 to 32768
[  359.429322][T10681] XFS: ikeep mount option is deprecated.
[  359.466134][T10681] XFS (loop6): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  359.468452][    T9] usb 2-1: USB disconnect, device number 9
[  359.482805][ T5991] usb 3-1: Using ep0 maxpacket: 16
[  359.497701][ T5991] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  359.524524][ T5991] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  359.535956][ T5991] usb 3-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[  359.546800][ T5991] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  359.569768][ T5991] usb 3-1: config 0 descriptor??
[  359.661050][T10681] XFS (loop6): Ending clean mount
[  359.679861][T10681] XFS (loop6): Quotacheck needed: Please wait.
[  359.801881][T10703] netlink: 24 bytes leftover after parsing attributes in process `syz.8.1727'.
[  359.846781][T10681] XFS (loop6): Quotacheck: Done.
[  359.992445][T10706] netlink: 24 bytes leftover after parsing attributes in process `syz.8.1727'.
[  360.026339][ T5991] hid (null): global environment stack underflow
[  360.049940][T10706] nbd: device at index 64 is going down
[  360.219602][ T5991] usb 3-1: string descriptor 0 read error: -71
[  360.292119][ T5991] usb 3-1: Max retries (5) exceeded reading string descriptor 200
[  360.317568][ T5991] letsketch 0003:6161:4D15.0027: probe with driver letsketch failed with error -32
[  360.376536][ T5991] usb 3-1: USB disconnect, device number 17
[  360.466206][T10715] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  360.634180][    T9] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  360.690800][ T6180] XFS (loop6): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  360.812569][    T9] usb 6-1: Using ep0 maxpacket: 8
[  360.828884][    T9] usb 6-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  360.872365][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  360.880427][    T9] usb 6-1: Product: syz
[  360.918980][    T9] usb 6-1: Manufacturer: syz
[  360.926708][    T9] usb 6-1: SerialNumber: syz
[  360.978462][    T9] usb 6-1: config 0 descriptor??
[  360.988188][    T9] gspca_main: sq930x-2.14.0 probing 2770:930c
[  361.142054][ T5893] usb 9-1: new high-speed USB device number 13 using dummy_hcd
[  361.315762][T10734] loop6: detected capacity change from 0 to 512
[  361.335040][ T5893] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  361.365034][ T5893] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  361.386583][ T5893] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  361.405586][ T5893] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  361.430773][T10724] raw-gadget.1 gadget.8: fail, usb_ep_enable returned -22
[  361.445196][T10737] loop9: detected capacity change from 0 to 256
[  361.469406][ T5893] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[  361.604341][T10734] EXT4-fs error (device loop6): ext4_iget_extra_inode:4692: inode #15: comm syz.6.1735: corrupted in-inode xattr: overlapping e_value 
[  361.634453][T10734] EXT4-fs error (device loop6): ext4_orphan_get:1394: comm syz.6.1735: couldn't read orphan inode 15 (err -117)
[  361.708274][T10734] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  361.787977][   T10] usb 9-1: USB disconnect, device number 13
[  361.935753][ T6180] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  362.232276][    T9] gspca_sq930x: reg_w 0105 0f00 failed -71
[  362.499989][T10753] loop9: detected capacity change from 0 to 512
[  362.559883][T10753] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  362.641435][T10753] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  362.735724][T10753] ext4 filesystem being mounted at /207/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  362.902194][    T9] gspca_sq930x: Sensor ov9630 not yet treated
[  362.908489][    T9] sq930x 6-1:0.0: probe with driver sq930x failed with error -22
[  362.956373][    T9] usb 6-1: USB disconnect, device number 13
[  363.058562][ T7364] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  363.635680][T10772] loop9: detected capacity change from 0 to 32768
[  363.954382][T10770] loop8: detected capacity change from 0 to 65536
[  363.989087][T10771] loop5: detected capacity change from 0 to 32768
[  363.999262][T10772] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop9 (7:9) scanned by syz.9.1751 (10772)
[  364.034919][T10772] BTRFS info (device loop9): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  364.045184][T10772] BTRFS info (device loop9): using xxhash64 (xxhash64-generic) checksum algorithm
[  364.054491][T10772] BTRFS info (device loop9): disk space caching is enabled
[  364.061722][T10772] BTRFS warning (device loop9): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  364.143539][T10770] XFS (loop8): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  364.274128][T10771] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): Using encoding defined by superblock: utf8-12.1.0
[  364.296229][T10770] XFS (loop8): Ending clean mount
[  364.307946][T10771] bcachefs (loop5): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  364.307946][T10771]   allowing incompatible features above 0.0: (unknown version)
[  364.339698][T10771] bcachefs (loop5): initializing new filesystem
[  364.347137][T10771] bcachefs (loop5): going read-write
[  364.385189][T10770] XFS (loop8): Metadata CRC error detected at xfs_agf_read_verify+0x139/0x1e0, xfs_agf block 0x1 
[  364.396205][T10770] XFS (loop8): Unmount and run xfs_repair
[  364.402094][T10770] XFS (loop8): First 128 bytes of corrupted metadata buffer:
[  364.409494][T10770] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  364.418714][T10770] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  364.429916][T10770] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  364.438909][T10770] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  364.448034][T10770] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  364.460573][T10770] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  364.469503][T10770] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  364.478432][T10770] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  364.487351][T10770] XFS (loop8): metadata I/O error in "xfs_read_agf+0x290/0x560" at daddr 0x1 len 1 error 74
[  364.527833][T10771] bcachefs (loop5): marking superblocks
[  364.545684][T10771] bcachefs (loop5): initializing freespace
[  364.553997][T10771] bcachefs (loop5): done initializing freespace
[  364.563735][T10771] bcachefs (loop5): reading snapshots table
[  364.569714][T10771] bcachefs (loop5): reading snapshots done
[  364.576118][ T6910] XFS (loop8): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  364.612603][ T6910] XFS (loop8): Uncorrected metadata errors detected; please run xfs_repair.
[  364.641883][T10771] bcachefs (loop5): done starting filesystem
[  364.679577][T10772] BTRFS info (device loop9): rebuilding free space tree
[  364.714265][T10772] BTRFS info (device loop9): disabling free space tree
[  364.721251][T10772] BTRFS info (device loop9): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  364.732426][T10772] BTRFS info (device loop9): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  364.851728][   T30] audit: type=1800 audit(1748486595.079:319): pid=10771 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1753" name="file1" dev="loop5" ino=4098 res=0 errno=0
[  364.951687][T10772] BTRFS error (device loop9): balance: mixed groups data and metadata options must be the same
[  365.027359][ T7364] BTRFS info (device loop9): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  365.300345][T10817] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1760'.
[  365.423230][ T7414] bcachefs (loop5): shutting down
[  365.428307][ T7414] bcachefs (loop5): going read-only
[  365.486179][ T7414] bcachefs (loop5): finished waiting for writes to stop
[  365.582306][ T7414] bcachefs (loop5): flushing journal and stopping allocators, journal seq 4
[  365.700743][T10825] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  365.735072][ T7414] bcachefs (loop5): flushing journal and stopping allocators complete, journal seq 4
[  365.755144][ T7414] bcachefs (loop5): clean shutdown complete, journal seq 5
[  365.824260][ T7414] bcachefs (loop5): marking filesystem clean
[  366.069763][ T7414] bcachefs (loop5): shutdown complete
[  366.420381][T10829] loop9: detected capacity change from 0 to 32768
[  366.891154][T10822] loop6: detected capacity change from 0 to 32768
[  366.912783][T10822] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.1763 (10822)
[  366.947333][T10822] BTRFS info (device loop6): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  366.964313][T10822] BTRFS info (device loop6): using xxhash64 (xxhash64-generic) checksum algorithm
[  366.998693][T10822] BTRFS info (device loop6): using free-space-tree
[  367.169315][T10856] loop8: detected capacity change from 0 to 2048
[  367.265723][T10856] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  367.311808][T10822] BTRFS info (device loop6): rebuilding free space tree
[  367.370266][T10856] EXT4-fs error (device loop8): ext4_mb_generate_buddy:1217: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters
[  367.450322][T10873] EXT4-fs (loop8): Delayed block allocation failed for inode 16 at logical offset 10 with max blocks 23 with error 28
[  367.529621][T10873] EXT4-fs (loop8): This should not happen!! Data will be lost
[  367.529621][T10873] 
[  367.539412][T10873] EXT4-fs (loop8): Total free blocks count 0
[  367.546880][T10873] EXT4-fs (loop8): Free/Dirty block details
[  367.552976][T10873] EXT4-fs (loop8): free_blocks=66060304
[  367.558558][T10873] EXT4-fs (loop8): dirty_blocks=48
[  367.565198][T10873] EXT4-fs (loop8): Block reservation details
[  367.571205][T10873] EXT4-fs (loop8): i_reserved_data_blocks=3
[  367.579134][T10856] EXT4-fs (loop8): Delayed block allocation failed for inode 16 at logical offset 0 with max blocks 32 with error 28
[  367.585383][T10822] BTRFS info (device loop6): balance: start 
[  367.617595][T10822] BTRFS info (device loop6): balance: ended with status: 0
[  367.808561][ T6180] BTRFS info (device loop6): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  367.866835][T10829] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): Using encoding defined by superblock: utf8-12.1.0
[  367.901389][T10829] bcachefs (loop9): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,fix_errors=no,norecovery,recovery_pass_last=check_extents,nojournal_transaction_names,no_data_io
[  367.901389][T10829]   allowing incompatible features above 0.0: (unknown version)
[  367.932342][T10829] bcachefs (loop9): recovering from clean shutdown, journal seq 10
[  367.940437][T10829] bcachefs (loop9): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.25: extent_flags
[  367.940437][T10829]   running recovery passes: check_allocations,check_extents_to_backpointers,check_inodes
[  367.971002][T10829] bcachefs (loop9): running explicit recovery pass check_topology (2), currently at recovery_pass_empty (0)
[  367.984941][T10829] bcachefs (loop9): bcachefs (loop9): error validating btree node on loop9 at btree dirents level 0/0
[  367.984971][T10829]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0
[  367.985008][T10829]   node offset 0/24 bset u64s 0: invalid bkey format: field 0 too large: 18446744073709551615 + 131072 > 18446744073709551615
[  367.985044][T10829]   u64s 3 fields 64:131072, 64:0, 32:0, 0:0, 0:0, 0:0, btree topology error: 
[  368.034447][T10829] bcachefs (loop9): flagging btree dirents lost data
[  368.041177][T10829] bcachefs (loop9): running explicit recovery pass check_lrus (14), currently at recovery_pass_empty (0)
[  368.052476][T10829] bcachefs (loop9): running explicit recovery pass check_backpointers_to_extents (16), currently at recovery_pass_empty (0)
[  368.065391][T10829] bcachefs (loop9): running explicit recovery pass scan_for_btree_nodes (1), currently at recovery_pass_empty (0)
[  368.080631][T10829] bcachefs (loop9): error reading btree root btree=dirents level=0: btree_node_read_error, fixing
[  368.093237][T10829] bcachefs (loop9): bcachefs (loop9): error validating btree node on loop9 at btree xattrs level 0/0
[  368.093266][T10829]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 1 ptr: 0:31:0 gen 0
[  368.093298][T10829]   node offset 0/16: incorrect min_key: got 0:8796093022208:0 should be POS_MIN, btree topology error: 
[  368.131570][T10829] bcachefs (loop9): flagging btree xattrs lost data
[  368.138860][T10829] bcachefs (loop9): error reading btree root btree=xattrs level=0: btree_node_read_error, fixing
[  368.151241][T10829] bcachefs (loop9): bcachefs (loop9): error validating btree node at btree alloc level 0/0
[  368.151268][T10829]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0
[  368.151299][T10829]   node offset 8/24 bset u64s 375 bset byte offset 184: keys out of order: u64s 11 type alloc_v4 0:32:0 len 0 ver 0 > u64s 11 type alloc_v4 0:2:0 len 0 ver 0, fixing
[  368.192641][T10829] bcachefs (loop9): btree_node_read_work: rewriting btree node at due to error
[  368.192641][T10829]   btree=alloc level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0
[  368.226772][T10829] bcachefs (loop9): scan_for_btree_nodes...
[  368.387279][T10829] bcachefs (loop9): btree node scan found 3 nodes after overwrites
[  368.401642][T10829]  done
[  368.405079][T10829] bcachefs (loop9): check_topology...
[  368.405637][T10829] bcachefs (loop9): btree root dirents unreadable, must recover from scan
[  368.422895][T10829] bcachefs (loop9): no nodes found for btree dirents, continuing
[  368.442055][T10829] bcachefs (loop9): btree root xattrs unreadable, must recover from scan
[  368.450681][T10829] bcachefs (loop9): bch2_get_scanned_nodes(): recovery btree=xattrs level=0 POS_MIN - SPOS_MAX
[  368.463452][T10829] bcachefs (loop9): bch2_get_scanned_nodes(): recovering u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key 0:8796093022208:0 durability: 1 ptr: 0:31:0 gen 0
[  368.496513][T10829] bcachefs (loop9): bch2_get_scanned_nodes(): recovery btree=xattrs level=0 POS_MIN - 0:8796093022207:U32_MAX
[  368.508865][T10829] bcachefs (loop9): btree node with incorrect min_key  at btree=xattrs level=1:
[  368.508893][T10829]   parent: u64s 5 type btree_ptr SPOS_MAX len 0 ver 0
[  368.508914][T10829]   next: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key 0:8796093022208:0 durability: 1 ptr: 0:31:0 gen 0, fixing
[  368.543277][T10829] bcachefs (loop9): set_node_min(): u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key 0:8796093022208:0 durability: 1 ptr: 0:31:0 gen 0 -> POS_MIN
[  368.561729][T10829]  done
[  368.565046][T10829] bcachefs (loop9): accounting_read... done
[  368.579816][T10829] bcachefs (loop9): alloc_read... done
[  368.585486][T10829] bcachefs (loop9): snapshots_read... done
[  368.591539][T10829] bcachefs (loop9): Fixed errors, running fsck a second time to verify fs is clean
[  368.601906][T10829] bcachefs (loop9): done starting filesystem
[  368.802373][    T9] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  368.875749][ T7364] bcachefs (loop9): shutting down
[  368.998912][    T9] usb 3-1: Using ep0 maxpacket: 16
[  369.023550][    T9] usb 3-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[  369.062061][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  369.070095][    T9] usb 3-1: Product: syz
[  369.084256][ T7364] bcachefs (loop9): shutdown complete
[  369.090514][    T9] usb 3-1: Manufacturer: syz
[  369.095267][    T9] usb 3-1: SerialNumber: syz
[  369.121496][    T9] usb 3-1: config 0 descriptor??
[  369.146696][    T9] ssu100 3-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  369.262316][ T5914] usb 7-1: new full-speed USB device number 17 using dummy_hcd
[  369.463986][ T5914] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  369.502066][ T5914] usb 7-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  369.546660][ T5914] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  369.575578][ T5914] usb 7-1: config 0 descriptor??
[  369.581580][T10887] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  370.026712][ T5914] elan 0003:04F3:0755.0028: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.6-1/input0
[  370.172940][    T9] ssu100 3-1:0.0: probe with driver ssu100 failed with error -71
[  370.208955][    T9] usb 3-1: USB disconnect, device number 18
[  370.311413][ T5991] usb 7-1: USB disconnect, device number 17
[  370.343398][T10901] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  370.653270][T10905] loop8: detected capacity change from 0 to 64
[  371.174230][T10915] loop5: detected capacity change from 0 to 256
[  371.342132][T10915] FAT-fs (loop5): Directory bread(block 64) failed
[  371.372250][T10915] FAT-fs (loop5): Directory bread(block 65) failed
[  371.378907][T10915] FAT-fs (loop5): Directory bread(block 66) failed
[  371.421576][T10915] FAT-fs (loop5): Directory bread(block 67) failed
[  371.436125][T10915] FAT-fs (loop5): Directory bread(block 68) failed
[  371.466436][T10915] FAT-fs (loop5): Directory bread(block 69) failed
[  371.499431][T10915] FAT-fs (loop5): Directory bread(block 70) failed
[  371.512170][T10915] FAT-fs (loop5): Directory bread(block 71) failed
[  371.529010][T10915] FAT-fs (loop5): Directory bread(block 72) failed
[  371.561288][T10915] FAT-fs (loop5): Directory bread(block 73) failed
[  372.030073][T10937] loop9: detected capacity change from 0 to 16
[  372.050078][T10937] erofs (device loop9): mounted with root inode @ nid 36.
[  372.094539][    T9] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[  372.103357][ T5991] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  372.272218][ T5991] usb 7-1: Using ep0 maxpacket: 32
[  372.293525][    T9] usb 9-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  372.313516][ T5991] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  372.327293][    T9] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  372.342068][ T5991] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  372.363426][    T9] usb 9-1: config 0 descriptor??
[  372.368456][ T5991] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  372.384587][    T9] cp210x 9-1:0.0: cp210x converter detected
[  372.400835][ T5991] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  372.429547][ T5991] usb 7-1: config 0 descriptor??
[  372.794282][    T9] cp210x 9-1:0.0: failed to get vendor val 0x000e size 3: -32
[  372.889262][ T5991] savu 0003:1E7D:2D5A.0029: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.6-1/input0
[  373.032442][    T9] usb 9-1: cp210x converter now attached to ttyUSB0
[  373.185583][ T5914] usb 7-1: USB disconnect, device number 18
[  373.218893][    T9] usb 9-1: USB disconnect, device number 14
[  373.251428][    T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  373.291054][    T9] cp210x 9-1:0.0: device disconnected
[  373.959070][T10972] 
[  373.961449][T10972] =====================================================
[  373.968385][T10972] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
[  373.975848][T10972] 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 Not tainted
[  373.982960][T10972] -----------------------------------------------------
[  373.989888][T10972] syz.6.1815/10972 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[  373.997622][T10972] ffffffff8e00c098 (tasklist_lock){.+.+}-{3:3}, at: send_sigurg+0xed/0xc80
[  374.006309][T10972] 
[  374.006309][T10972] and this task is already holding:
[  374.013675][T10972] ffff888076f06c20 (&f_owner->lock){....}-{3:3}, at: send_sigurg+0x5f/0xc80
[  374.022435][T10972] which would create a new lock dependency:
[  374.028337][T10972]  (&f_owner->lock){....}-{3:3} -> (tasklist_lock){.+.+}-{3:3}
[  374.035975][T10972] 
[  374.035975][T10972] but this new dependency connects a SOFTIRQ-irq-safe lock:
[  374.045430][T10972]  (&dev->event_lock#2){..-.}-{3:3}
[  374.045492][T10972] 
[  374.045492][T10972] ... which became SOFTIRQ-irq-safe at:
[  374.058383][T10972]   lock_acquire+0x179/0x350
[  374.063018][T10972]   _raw_spin_lock_irqsave+0x3a/0x60
[  374.068340][T10972]   input_event+0x70/0xb0
[  374.072701][T10972]   atp_complete_geyser_3_4+0xa2c/0x16f0
[  374.078352][T10972]   __usb_hcd_giveback_urb+0x38d/0x6e0
[  374.083858][T10972]   usb_hcd_giveback_urb+0x39b/0x450
[  374.089184][T10972]   dummy_timer+0x180e/0x3a20
[  374.093873][T10972]   __hrtimer_run_queues+0x202/0xad0
[  374.099173][T10972]   hrtimer_run_softirq+0x17d/0x350
[  374.104388][T10972]   handle_softirqs+0x219/0x8e0
[  374.109260][T10972]   __irq_exit_rcu+0x109/0x170
[  374.114044][T10972]   irq_exit_rcu+0x9/0x30
[  374.118395][T10972]   sysvec_apic_timer_interrupt+0xa4/0xc0
[  374.124145][T10972]   asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  374.130232][T10972]   __sanitizer_cov_trace_pc+0x41/0x70
[  374.135705][T10972]   input_open_device+0x289/0x390
[  374.140754][T10972]   mousedev_open_device+0xe0/0x140
[  374.145974][T10972]   mousedev_open+0x2fd/0x580
[  374.150730][T10972]   chrdev_open+0x234/0x6a0
[  374.155269][T10972]   do_dentry_open+0x744/0x1c10
[  374.160147][T10972]   vfs_open+0x82/0x3f0
[  374.164313][T10972]   path_openat+0x1e5e/0x2d40
[  374.169111][T10972]   do_filp_open+0x20b/0x470
[  374.173732][T10972]   do_sys_openat2+0x11b/0x1d0
[  374.178509][T10972]   __x64_sys_openat+0x174/0x210
[  374.183463][T10972]   do_syscall_64+0xcd/0x260
[  374.188090][T10972]   entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  374.194083][T10972] 
[  374.194083][T10972] to a SOFTIRQ-irq-unsafe lock:
[  374.201364][T10972]  (tasklist_lock){.+.+}-{3:3}
[  374.201414][T10972] 
[  374.201414][T10972] ... which became SOFTIRQ-irq-unsafe at:
[  374.214047][T10972] ...
[  374.214061][T10972]   lock_acquire+0x179/0x350
[  374.221258][T10972]   _raw_read_lock+0x5f/0x70
[  374.225879][T10972]   __do_wait+0x105/0x890
[  374.230250][T10972]   do_wait+0x21e/0x5a0
[  374.234443][T10972]   kernel_wait+0x9f/0x160
[  374.238869][T10972]   call_usermodehelper_exec_work+0xf1/0x170
[  374.244874][T10972]   process_one_work+0x9cf/0x1b70
[  374.249914][T10972]   worker_thread+0x6c8/0xf10
[  374.254608][T10972]   kthread+0x3c5/0x780
[  374.258776][T10972]   ret_from_fork+0x48/0x80
[  374.263298][T10972]   ret_from_fork_asm+0x1a/0x30
[  374.268182][T10972] 
[  374.268182][T10972] other info that might help us debug this:
[  374.268182][T10972] 
[  374.278538][T10972] Chain exists of:
[  374.278538][T10972]   &dev->event_lock#2 --> &f_owner->lock --> tasklist_lock
[  374.278538][T10972] 
[  374.291639][T10972]  Possible interrupt unsafe locking scenario:
[  374.291639][T10972] 
[  374.300307][T10972]        CPU0                    CPU1
[  374.305673][T10972]        ----                    ----
[  374.311039][T10972]   lock(tasklist_lock);
[  374.315296][T10972]                                local_irq_disable();
[  374.322053][T10972]                                lock(&dev->event_lock#2);
[  374.329281][T10972]                                lock(&f_owner->lock);
[  374.336152][T10972]   <Interrupt>
[  374.339605][T10972]     lock(&dev->event_lock#2);
[  374.344486][T10972] 
[  374.344486][T10972]  *** DEADLOCK ***
[  374.344486][T10972] 
[  374.352653][T10972] 2 locks held by syz.6.1815/10972:
[  374.357855][T10972]  #0: ffff8880294069c0 (&u->lock){+.+.}-{3:3}, at: unix_stream_sendmsg+0xc74/0x1160
[  374.367432][T10972]  #1: ffff888076f06c20 (&f_owner->lock){....}-{3:3}, at: send_sigurg+0x5f/0xc80
[  374.376645][T10972] 
[  374.376645][T10972] the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
[  374.387059][T10972]   -> (&dev->event_lock#2){..-.}-{3:3} {
[  374.392851][T10972]      IN-SOFTIRQ-W at:
[  374.397018][T10972]                         lock_acquire+0x179/0x350
[  374.403561][T10972]                         _raw_spin_lock_irqsave+0x3a/0x60
[  374.410961][T10972]                         input_event+0x70/0xb0
[  374.417232][T10972]                         atp_complete_geyser_3_4+0xa2c/0x16f0
[  374.424802][T10972]                         __usb_hcd_giveback_urb+0x38d/0x6e0
[  374.432214][T10972]                         usb_hcd_giveback_urb+0x39b/0x450
[  374.439446][T10972]                         dummy_timer+0x180e/0x3a20
[  374.446047][T10972]                         __hrtimer_run_queues+0x202/0xad0
[  374.453261][T10972]                         hrtimer_run_softirq+0x17d/0x350
[  374.460395][T10972]                         handle_softirqs+0x219/0x8e0
[  374.467189][T10972]                         __irq_exit_rcu+0x109/0x170
[  374.473889][T10972]                         irq_exit_rcu+0x9/0x30
[  374.480152][T10972]                         sysvec_apic_timer_interrupt+0xa4/0xc0
[  374.487816][T10972]                         asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  374.495812][T10972]                         __sanitizer_cov_trace_pc+0x41/0x70
[  374.503198][T10972]                         input_open_device+0x289/0x390
[  374.510157][T10972]                         mousedev_open_device+0xe0/0x140
[  374.517285][T10972]                         mousedev_open+0x2fd/0x580
[  374.523980][T10972]                         chrdev_open+0x234/0x6a0
[  374.530435][T10972]                         do_dentry_open+0x744/0x1c10
[  374.537227][T10972]                         vfs_open+0x82/0x3f0
[  374.543307][T10972]                         path_openat+0x1e5e/0x2d40
[  374.549927][T10972]                         do_filp_open+0x20b/0x470
[  374.556458][T10972]                         do_sys_openat2+0x11b/0x1d0
[  374.563149][T10972]                         __x64_sys_openat+0x174/0x210
[  374.570019][T10972]                         do_syscall_64+0xcd/0x260
[  374.576560][T10972]                         entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  374.584469][T10972]      INITIAL USE at:
[  374.588543][T10972]                        lock_acquire+0x179/0x350
[  374.594995][T10972]                        _raw_spin_lock_irqsave+0x3a/0x60
[  374.602136][T10972]                        input_inject_event+0x9f/0x390
[  374.609016][T10972]                        led_set_brightness+0x217/0x290
[  374.615962][T10972]                        kbd_led_trigger_activate+0xcb/0x110
[  374.623363][T10972]                        led_trigger_set+0x59a/0xc50
[  374.630058][T10972]                        led_trigger_set_default+0x1bd/0x2a0
[  374.637452][T10972]                        led_classdev_register_ext+0x7b8/0xa10
[  374.645017][T10972]                        input_leds_connect+0x552/0x8e0
[  374.651971][T10972]                        input_attach_handler.isra.0+0x184/0x260
[  374.659727][T10972]                        input_register_device+0xa84/0x1130
[  374.667036][T10972]                        atkbd_connect+0x5da/0xa20
[  374.673571][T10972]                        serio_driver_probe+0x77/0xb0
[  374.680354][T10972]                        really_probe+0x241/0xa90
[  374.686786][T10972]                        __driver_probe_device+0x1de/0x440
[  374.694006][T10972]                        driver_probe_device+0x4c/0x1b0
[  374.700960][T10972]                        __driver_attach+0x283/0x580
[  374.707660][T10972]                        bus_for_each_dev+0x13e/0x1d0
[  374.714458][T10972]                        serio_handle_event+0x247/0xa50
[  374.721421][T10972]                        process_one_work+0x9cf/0x1b70
[  374.728288][T10972]                        worker_thread+0x6c8/0xf10
[  374.734808][T10972]                        kthread+0x3c5/0x780
[  374.740797][T10972]                        ret_from_fork+0x48/0x80
[  374.747139][T10972]                        ret_from_fork_asm+0x1a/0x30
[  374.753845][T10972]    }
[  374.756513][T10972]    ... key      at: [<ffffffff9ae397e0>] __key.7+0x0/0x40
[  374.763839][T10972]  -> (&new->fa_lock){....}-{3:3} {
[  374.769098][T10972]     INITIAL USE at:
[  374.773088][T10972]                      lock_acquire+0x179/0x350
[  374.779366][T10972]                      _raw_write_lock_irq+0x36/0x50
[  374.786087][T10972]                      fasync_remove_entry+0xb2/0x1e0
[  374.792952][T10972]                      fasync_helper+0xaf/0xd0
[  374.799126][T10972]                      lease_modify+0x232/0x500
[  374.805386][T10972]                      locks_remove_file+0x29e/0x5b0
[  374.812095][T10972]                      __fput+0x351/0xb70
[  374.817847][T10972]                      task_work_run+0x150/0x240
[  374.824222][T10972]                      syscall_exit_to_user_mode+0x27b/0x2a0
[  374.831633][T10972]                      do_syscall_64+0xda/0x260
[  374.837914][T10972]                      entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  374.845561][T10972]     INITIAL READ USE at:
[  374.849993][T10972]                           lock_acquire+0x179/0x350
[  374.856714][T10972]                           _raw_read_lock_irqsave+0x74/0x90
[  374.864117][T10972]                           kill_fasync+0x138/0x510
[  374.870722][T10972]                           lease_break_callback+0x23/0x30
[  374.877936][T10972]                           __break_lease+0x674/0x1810
[  374.884815][T10972]                           do_dentry_open+0x6e1/0x1c10
[  374.891778][T10972]                           vfs_open+0x82/0x3f0
[  374.898029][T10972]                           path_openat+0x1e5e/0x2d40
[  374.904823][T10972]                           do_filp_open+0x20b/0x470
[  374.911529][T10972]                           do_sys_openat2+0x11b/0x1d0
[  374.918392][T10972]                           __x64_sys_openat+0x174/0x210
[  374.925435][T10972]                           do_syscall_64+0xcd/0x260
[  374.932150][T10972]                           entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  374.940227][T10972]   }
[  374.942811][T10972]   ... key      at: [<ffffffff9ab68000>] __key.0+0x0/0x40
[  374.950043][T10972]   ... acquired at:
[  374.953931][T10972]    _raw_read_lock_irqsave+0x74/0x90
[  374.959331][T10972]    kill_fasync+0x138/0x510
[  374.963934][T10972]    mousedev_notify_readers+0x6d8/0xa30
[  374.969591][T10972]    mousedev_event+0x84e/0x1490
[  374.974549][T10972]    input_handle_events_default+0x119/0x1b0
[  374.980547][T10972]    input_pass_values+0x6c7/0x890
[  374.985686][T10972]    input_handle_event+0xf00/0x14d0
[  374.991001][T10972]    input_inject_event+0x1cd/0x390
[  374.996225][T10972]    evdev_write+0x457/0x750
[  375.000841][T10972]    vfs_write+0x25f/0x1180
[  375.005369][T10972]    ksys_write+0x205/0x240
[  375.009899][T10972]    do_syscall_64+0xcd/0x260
[  375.014619][T10972]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  375.020701][T10972] 
[  375.023111][T10972] -> (&f_owner->lock){....}-{3:3} {
[  375.028360][T10972]    INITIAL USE at:
[  375.032262][T10972]                    lock_acquire+0x179/0x350
[  375.038371][T10972]                    _raw_write_lock_irq+0x36/0x50
[  375.044908][T10972]                    __f_setown+0x61/0x3c0
[  375.050723][T10972]                    generic_setlease+0xef2/0x1300
[  375.057250][T10972]                    kernel_setlease+0x106/0x140
[  375.063601][T10972]                    vfs_setlease+0x258/0x2d0
[  375.069688][T10972]                    fcntl_setlease+0x3ed/0x5a0
[  375.075954][T10972]                    do_fcntl+0x75a/0x1590
[  375.081778][T10972]                    __x64_sys_fcntl+0x170/0x200
[  375.088117][T10972]                    do_syscall_64+0xcd/0x260
[  375.094231][T10972]                    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  375.101703][T10972]    INITIAL READ USE at:
[  375.106053][T10972]                         lock_acquire+0x179/0x350
[  375.112593][T10972]                         _raw_read_lock_irqsave+0x74/0x90
[  375.119818][T10972]                         send_sigio+0x31/0x3e0
[  375.126074][T10972]                         kill_fasync+0x214/0x510
[  375.132500][T10972]                         lease_break_callback+0x23/0x30
[  375.139534][T10972]                         __break_lease+0x674/0x1810
[  375.146229][T10972]                         do_dentry_open+0x6e1/0x1c10
[  375.153017][T10972]                         vfs_open+0x82/0x3f0
[  375.159093][T10972]                         path_openat+0x1e5e/0x2d40
[  375.165711][T10972]                         do_filp_open+0x20b/0x470
[  375.172247][T10972]                         do_sys_openat2+0x11b/0x1d0
[  375.178935][T10972]                         __x64_sys_openat+0x174/0x210
[  375.185806][T10972]                         do_syscall_64+0xcd/0x260
[  375.192343][T10972]                         entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  375.200248][T10972]  }
[  375.202746][T10972]  ... key      at: [<ffffffff9ab68040>] __key.1+0x0/0x40
[  375.209894][T10972]  ... acquired at:
[  375.213703][T10972]    _raw_read_lock_irqsave+0x74/0x90
[  375.219110][T10972]    send_sigio+0x31/0x3e0
[  375.223540][T10972]    kill_fasync+0x214/0x510
[  375.228141][T10972]    lease_break_callback+0x23/0x30
[  375.233357][T10972]    __break_lease+0x674/0x1810
[  375.238234][T10972]    do_dentry_open+0x6e1/0x1c10
[  375.243197][T10972]    vfs_open+0x82/0x3f0
[  375.247450][T10972]    path_openat+0x1e5e/0x2d40
[  375.252242][T10972]    do_filp_open+0x20b/0x470
[  375.256949][T10972]    do_sys_openat2+0x11b/0x1d0
[  375.261850][T10972]    __x64_sys_openat+0x174/0x210
[  375.266891][T10972]    do_syscall_64+0xcd/0x260
[  375.271602][T10972]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  375.277687][T10972] 
[  375.280024][T10972] 
[  375.280024][T10972] the dependencies between the lock to be acquired
[  375.280040][T10972]  and SOFTIRQ-irq-unsafe lock:
[  375.293552][T10972] -> (tasklist_lock){.+.+}-{3:3} {
[  375.298718][T10972]    HARDIRQ-ON-R at:
[  375.302708][T10972]                     lock_acquire+0x179/0x350
[  375.308898][T10972]                     _raw_read_lock+0x5f/0x70
[  375.315083][T10972]                     __do_wait+0x105/0x890
[  375.321016][T10972]                     do_wait+0x21e/0x5a0
[  375.326771][T10972]                     kernel_wait+0x9f/0x160
[  375.332759][T10972]                     call_usermodehelper_exec_work+0xf1/0x170
[  375.340327][T10972]                     process_one_work+0x9cf/0x1b70
[  375.346932][T10972]                     worker_thread+0x6c8/0xf10
[  375.353188][T10972]                     kthread+0x3c5/0x780
[  375.358924][T10972]                     ret_from_fork+0x48/0x80
[  375.365011][T10972]                     ret_from_fork_asm+0x1a/0x30
[  375.371455][T10972]    SOFTIRQ-ON-R at:
[  375.375445][T10972]                     lock_acquire+0x179/0x350
[  375.381634][T10972]                     _raw_read_lock+0x5f/0x70
[  375.387819][T10972]                     __do_wait+0x105/0x890
[  375.393747][T10972]                     do_wait+0x21e/0x5a0
[  375.399502][T10972]                     kernel_wait+0x9f/0x160
[  375.405495][T10972]                     call_usermodehelper_exec_work+0xf1/0x170
[  375.413064][T10972]                     process_one_work+0x9cf/0x1b70
[  375.419671][T10972]                     worker_thread+0x6c8/0xf10
[  375.425928][T10972]                     kthread+0x3c5/0x780
[  375.431658][T10972]                     ret_from_fork+0x48/0x80
[  375.437750][T10972]                     ret_from_fork_asm+0x1a/0x30
[  375.444196][T10972]    INITIAL USE at:
[  375.448096][T10972]                    lock_acquire+0x179/0x350
[  375.454198][T10972]                    _raw_write_lock_irq+0x36/0x50
[  375.460730][T10972]                    copy_process+0x3f09/0x91b0
[  375.467000][T10972]                    kernel_clone+0xfc/0x960
[  375.473011][T10972]                    user_mode_thread+0xc7/0x110
[  375.479366][T10972]                    rest_init+0x23/0x2b0
[  375.485195][T10972]                    start_kernel+0x3e9/0x4d0
[  375.491301][T10972]                    x86_64_start_reservations+0x18/0x30
[  375.498361][T10972]                    x86_64_start_kernel+0xb0/0xc0
[  375.504898][T10972]                    common_startup_64+0x13e/0x148
[  375.511421][T10972]    INITIAL READ USE at:
[  375.515759][T10972]                         lock_acquire+0x179/0x350
[  375.522297][T10972]                         _raw_read_lock+0x5f/0x70
[  375.528826][T10972]                         __do_wait+0x105/0x890
[  375.535102][T10972]                         do_wait+0x21e/0x5a0
[  375.541201][T10972]                         kernel_wait+0x9f/0x160
[  375.547538][T10972]                         call_usermodehelper_exec_work+0xf1/0x170
[  375.555454][T10972]                         process_one_work+0x9cf/0x1b70
[  375.562408][T10972]                         worker_thread+0x6c8/0xf10
[  375.569020][T10972]                         kthread+0x3c5/0x780
[  375.575097][T10972]                         ret_from_fork+0x48/0x80
[  375.581524][T10972]                         ret_from_fork_asm+0x1a/0x30
[  375.588318][T10972]  }
[  375.590814][T10972]  ... key      at: [<ffffffff8e00c098>] tasklist_lock+0x18/0x40
[  375.598556][T10972]  ... acquired at:
[  375.602355][T10972]    lock_acquire+0x179/0x350
[  375.607068][T10972]    _raw_read_lock+0x5f/0x70
[  375.611770][T10972]    send_sigurg+0xed/0xc80
[  375.616288][T10972]    sk_send_sigurg+0x76/0x360
[  375.621072][T10972]    unix_stream_sendmsg+0xe77/0x1160
[  375.626481][T10972]    ____sys_sendmsg+0xa98/0xc70
[  375.631450][T10972]    ___sys_sendmsg+0x134/0x1d0
[  375.636322][T10972]    __sys_sendmmsg+0x200/0x420
[  375.641192][T10972]    __x64_sys_sendmmsg+0x9c/0x100
[  375.646327][T10972]    do_syscall_64+0xcd/0x260
[  375.651043][T10972]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  375.657136][T10972] 
[  375.659457][T10972] 
[  375.659457][T10972] stack backtrace:
[  375.665352][T10972] CPU: 0 UID: 60929 PID: 10972 Comm: syz.6.1815 Not tainted 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) 
[  375.665398][T10972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  375.665419][T10972] Call Trace:
[  375.665432][T10972]  <TASK>
[  375.665444][T10972]  dump_stack_lvl+0x116/0x1f0
[  375.665502][T10972]  check_irq_usage+0x7dc/0x920
[  375.665554][T10972]  ? __lock_acquire+0xaa4/0x1ba0
[  375.665617][T10972]  ? check_path.constprop.0+0x24/0x50
[  375.665674][T10972]  ? __lock_acquire+0x1189/0x1ba0
[  375.665726][T10972]  ? srso_alias_return_thunk+0x5/0xfbef5
[  375.665767][T10972]  __lock_acquire+0x1189/0x1ba0
[  375.665832][T10972]  lock_acquire+0x179/0x350
[  375.665886][T10972]  ? send_sigurg+0xed/0xc80
[  375.665929][T10972]  _raw_read_lock+0x5f/0x70
[  375.665976][T10972]  ? send_sigurg+0xed/0xc80
[  375.666014][T10972]  send_sigurg+0xed/0xc80
[  375.666047][T10972]  ? srso_alias_return_thunk+0x5/0xfbef5
[  375.666088][T10972]  ? find_held_lock+0x2b/0x80
[  375.666135][T10972]  sk_send_sigurg+0x76/0x360
[  375.666175][T10972]  unix_stream_sendmsg+0xe77/0x1160
[  375.666237][T10972]  ? srso_alias_return_thunk+0x5/0xfbef5
[  375.666279][T10972]  ? aa_sk_perm+0x2f4/0xb10
[  375.666320][T10972]  ? srso_alias_return_thunk+0x5/0xfbef5
[  375.666363][T10972]  ? __pfx_unix_stream_sendmsg+0x10/0x10
[  375.666422][T10972]  ? __pfx_aa_sk_perm+0x10/0x10
[  375.666463][T10972]  ? srso_alias_return_thunk+0x5/0xfbef5
[  375.666514][T10972]  ____sys_sendmsg+0xa98/0xc70
[  375.666569][T10972]  ? srso_alias_return_thunk+0x5/0xfbef5
[  375.666611][T10972]  ? copy_msghdr_from_user+0x10a/0x160
[  375.666653][T10972]  ? __pfx_____sys_sendmsg+0x10/0x10
[  375.666712][T10972]  ? srso_alias_return_thunk+0x5/0xfbef5
[  375.666759][T10972]  ___sys_sendmsg+0x134/0x1d0
[  375.666802][T10972]  ? __pfx____sys_sendmsg+0x10/0x10
[  375.666855][T10972]  ? srso_alias_return_thunk+0x5/0xfbef5
[  375.666897][T10972]  ? find_held_lock+0x2b/0x80
[  375.666952][T10972]  __sys_sendmmsg+0x200/0x420
[  375.667002][T10972]  ? __pfx___sys_sendmmsg+0x10/0x10
[  375.667051][T10972]  ? __pfx_do_futex+0x10/0x10
[  375.667110][T10972]  ? srso_alias_return_thunk+0x5/0xfbef5
[  375.667152][T10972]  ? xfd_validate_state+0x5d/0x180
[  375.667189][T10972]  ? srso_alias_return_thunk+0x5/0xfbef5
[  375.667230][T10972]  ? rcu_is_watching+0x12/0xc0
[  375.667274][T10972]  __x64_sys_sendmmsg+0x9c/0x100
[  375.667316][T10972]  ? srso_alias_return_thunk+0x5/0xfbef5
[  375.667358][T10972]  ? lockdep_hardirqs_on+0x7c/0x110
[  375.667411][T10972]  do_syscall_64+0xcd/0x260
[  375.667468][T10972]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  375.667504][T10972] RIP: 0033:0x7f93f7f8e969
[  375.667530][T10972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  375.667563][T10972] RSP: 002b:00007f93f8e2d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  375.667596][T10972] RAX: ffffffffffffffda RBX: 00007f93f81b5fa0 RCX: 00007f93f7f8e969
[  375.667619][T10972] RDX: 0000000000000001 RSI: 0000200000006c40 RDI: 0000000000000003
[  375.667641][T10972] RBP: 00007f93f8010ab1 R08: 0000000000000000 R09: 0000000000000000
[  375.667662][T10972] R10: 0000000000040015 R11: 0000000000000246 R12: 0000000000000000
[  375.667683][T10972] R13: 0000000000000000 R14: 00007f93f81b5fa0 R15: 00007ffd0801f218
[  375.667717][T10972]  </TASK>
[  376.016067][T10976] loop5: detected capacity change from 0 to 2048
[  376.116667][T10976] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)