last executing test programs:

1m24.408182194s ago: executing program 0 (id=90):
r0 = userfaultfd(0x80001)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140))
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000})

1m24.348335721s ago: executing program 0 (id=92):
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
bind$phonet(r1, &(0x7f0000000040)={0x23, 0x4, 0x3}, 0x10)
bind$phonet(r0, &(0x7f0000000040)={0x23, 0x4}, 0x10)
close(r0)

1m24.233491025s ago: executing program 0 (id=95):
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[<r1=>0x0], &(0x7f0000000340)=[<r2=>0x0], 0x0, 0x0, 0x1, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)=[r2, r1], 0x2})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000240)={0x0})
close(0x3)

1m24.105127311s ago: executing program 0 (id=96):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0)

1m23.97493216s ago: executing program 0 (id=99):
r0 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000280)={&(0x7f0000002080)=[{0x7, 0x211, 0x0, 0x0}, {0x50, 0x4000, 0x0, 0x0}, {0x401, 0x0, 0x0, 0x0}], 0x3})

1m23.603085938s ago: executing program 0 (id=104):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'netdevsim0\x00', <r1=>0x0})
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000300000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r1}, 0x94)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x34, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r1, 0xd120}, [@IFLA_XDP={0x14, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r2}, @IFLA_XDP_FLAGS={0x8, 0x3, 0x2}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x88000}, 0x0)

1m23.392363599s ago: executing program 32 (id=104):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'netdevsim0\x00', <r1=>0x0})
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000300000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r1}, 0x94)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x34, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r1, 0xd120}, [@IFLA_XDP={0x14, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r2}, @IFLA_XDP_FLAGS={0x8, 0x3, 0x2}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x88000}, 0x0)

1m0.852602883s ago: executing program 1 (id=286):
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000005600)='./file0\x00', 0x0, &(0x7f0000000240), 0x1, 0x5599, &(0x7f0000005680)="$eJzs3X1oVecdB/BzTaKhFpPV1alY6RSqdGVTW5DNUeNLZjvfkhq0NTXGaWudrViZW9qJCwliOi2NSh2jrjhkRVtWApO+iFPXoUM2psikszLnim44ahZ1gh2Tjdx7n+u955rk1nVNXz6fknvuc3/nec5zD+eP+731OTcCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAKIoSm289OevImvqxM8fNeeA/j7y669ljk5aNPnL25/N3TCuqWv1U3fSGlrq5UzqaKxfPP3p1/aEoSqT6pfsvnHzfA4/OWTizNAxYX53alpd3ecjk4+lUo2/Oi539cv8WRVFUEhugKL2tLMpqJ+IHiFblD9it6k1X3lxWM/XtxssXJg6vHbU3/63TqbS3J9Bb0tfVmWvXUkXysU9sj0w769JL5Fyiqf7xC+4jeRMAwAcypiq5yXwcTX/EzbQb4/VYuyLWbo21wyeE1uzGjUiN27ered4er/fSPCtSUaFfl/OM1dPnP9OuivePtWNR4wPMM3fXdKQp7WqeK2P13ponAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMfJu5PmXZgy/cXLfSfV7hiy4a+z+mxcv+9UbfVLd+2sPrHujf61ddMbWurmTulorlw8/+jV9YeiqDzZL5Hqnnhj08Kn+tbNfHDzQ2srZ0w49FpRetywLc7aOfpjePLVsij6VlblTBj23IAoqsotJJvRj/MLy5JP7g8FAAAAPk2GJB/7ZNqpOFiS004k02Qi+V+QCovVm668uaxm6tuNly9MHF47au+Nj1fVxXgV1x0v0y6/9pfICsYh/sbHu1YPu67KG6d78RHjef7YtHdmnBlRf27rlfNNTWsv7h534K73tkw93/zNd/av6Hf/cyPy8n959/k/nDn5HwAAgP+F/B8fp3s95f+3ZlfOaPvDvT/6/biv/31o9cZ3m/YmVg09vmLkd+ZNPPXa869fzcv/t+ccMi//hxmH/N8nurH8DwAAAB9n/+/8X5E3Tvd6yv/PHDwxdM+ogzWN0furyv6VOLhk36nnvtZ8ec29216oPDvrsf55+X9MYfm/OHva4cXfhQkvL4uiMYWfVAAAACBH+P/u175aCHk99c1BPK+/PP7FnRdLZxYvKf7yrl3bnl5TevcdA5fWLn5l9EtDnjg8/9nVefm/orD8X/LRvF0AAACgAIs23L100D/mjd+2pH32rVePVg66Z/vRO25un7G6Zv2kFbec/kpe/q8qLP/36523AwAAAFzHsfmPLFrxt9071v16xOQxpe9PGTn7e3WX9hwe++9RNR0vjP/GW3n5v76w/H9Tepte+ZDqdCj8K4QtZVFU2vlkZarwm6h1YqYAAAAAfEhCTm/44eylDZuf2fbPizV3vtJ8y8utf374C+V3bpz2s+9vOT63adO+vPy/svv7/4c7HYT1/zn3/8tb/59VSN31b4IbAwAAAPBZlL+eP9weP/XLBV39/n6h6/8fe3r4o1u/+5Olv7itfHfitpNPfumJ5ocrfzpwYHvL6JHNRYNL8vJ/Y2H5vyh7+2H+/h8AAADcgE/a7/89lDdO93q6//+0BesOL2gf+/kDLe3Pjxn02znFDy7Y+af2m/c/Oax9/7nzLcPy8n9rYfk/bPtnv70D4fw0l0XR4M4n6bsJ7grTXR4rtJVkFVInPtZjTuiRLrT1yyokrYz1GFcWRV/sfNIYK3wuFFpjhY4B6cL2WOFIKKSvh0zh1VjhQLjStg5ITzdeeD0U0gss2sIKiv6ZJRGxHpe66tFZuG6Pk5mDAwAAfKaE8JzOsiW5zSgeZdsSPe1wU0879Olph6KediiO7RDfsavXo/rcQnj9L6dXv/f48l/WTmi4Z+7kPcOOP37f2bE/+PbaX83uv6XxxKUpTXn5f3th+T+cir6pTVfr/6Ow/j/9u4aZ9f/1oVAeK7SFQlX8jgFV4RipsLshHKO8Kt2jY3CmAAAAAJ9q4XuBol6eBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBf9u49Sq6qThTw7nd30uk0OI6AykSdJEZMdydBlICLPERUjHQYZFTGPEg65NEkIQ8kwYWBsBwUdQLBxDvDXQS4WYCixDgEERgSlcC9RHnNMAzyFLiBUSFc3nCZ3NV9aleqzulKV0wa0tzv+6NrV/3289Sja59zah8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPj/w+BDv7LgilOeuWnkC3936imNC59+bsxlB3/kiPqb5h48/PUtd8+6fcrxZ10w5eSJO1YeO+Mrd7/591tDaO8uV5EUr/j5RVOX1U6Z9KWLv3zOsZ8/auum2ly9uXgY2PWnMnfn/Njqk4NCuKEihOp0YGRjEqjJ3W+M9b2vMYQDwq5AvkTHgKREuuFwW0MI68KuQL6qGxtCaCwInHTvL2/9blfikoYQhoYQ6tJtPFyXtNGQDgyrTQID0oEF1UnglZ2JfODnlUkA9lp8M+Rf9BvaizM091yuxOuvZp917O2VHl5VTDSXzven8X3cqQK16Qfa9+ppy1RHn8i8PTZ7t/WDd1tmO6/ytBV+kcp9Q9m5K1QXKmd2zJq+tHNJfKQytLRUlaqpj57nh5//+ow9Sfeb12HsQPM+eR1W7dh+59mNn7pu9aD1r64ce+WWve3mQwWbtDDd1+pC7jXXb57HaJzPk37w9st8SxriS1cI4V9vqNv26hcuf/nTa7ZcPem8v13zzIjTW9veuO+F6yctWLXg+v/+i8z8v3n38//4co63lUW5Y6tvNCVz8/hIY0w815TMzQEAAKDf6A97Tac+NOvF4b/5xD9PvvHR7YOO/5tFqw/+de2Wdz34VOX4Z285ecT81zLz/yHlHf+Ph/wbC0e7OYRx3YmVg0M4qPvxJHBN7M6pg0P4QHeqvTgwPhXYHMLB3YkR+apSJepjiSGpwPamXGBcKrA1BtpTgfUxsCoVOD8GNqQCM2JgcyowIQbCnOJxfKQpN46yAw0xMC3ZiBviWQgvNMXWUtvqd/mqAAAA9pHc7LCm+G7BuQ57myFOLzc09JYhnoFdMkNdqob0DDY/rSpZQ3VvNVT2VkN+3Ct2P/xMzRW91Zw5DaOiOMPSb/7h/rFfXDW3euj22sNemnfczN8d8/41O1s++uPanT8cd9fahsz8v2338/+6HjpSkTn+H8Lk7r8xd2Uu0pmPT2svygAAAADshdETP/ZPl733l9fdcuLnfzv4jiOv2PjDqbVjv/XK0nt+uGLCudt+dEFm/j+uvPP/4z6RqoLMYVvcDTFvcAhtxYGk2qOygeSo98BcAAAAAPqD/PH4/LHwObnb5BTt9Hw6m799D/PHA//jesw//pC/fmzDf8z99k8nTjli7TmPzd9+1+EfrWn7m+cf/tIF86Z947JvZub/7eWd/z+g+DbpxNbYi9WDQ6gvCNwee9kV6DYkBh47pjiQG//WuAEujFXlTkzIV3VhLDEtBtpSgXWlStydL3FQcSD3ZOUbX5kfx5xciYIAAAAAvOXi7oB4XD6e/3/fgg/PPmpb3aG3rKr46V/uuKZz4vVtNc+M/VXT61/4whNff63xzMz8f9qenf/fPQ/OnN7fOTCE1uoQqtI/DNg2IFkYMAYaK3KJWwYkdVWlqzp3QAhHdw0sXdXjufX/q9NrDN7bkFQVAwd98Ornh3UlrmwIobUwcP8pl3+sK7EkFcg3/sWGEP6qa7Tpxq+vTxqvSTe+tj6EQwsC+apOrQ+hq7HadFW/rMtdxyBd1XV1IbyrIJCv6oi6EJYFAPqp+K90ZuGDi5ctnze9s7NjUR8m4j78hjBrTmdHy4wFnTPrSvRpZqrPRcsYnZsdU8nlkFLiEkWr7lk7tJx0/neCbYV9ye3Hz5w4mLsfvwvVdI9zdE3R3THpIX/4Q9kmQsE3qbdryAMKK9n1JGbqj/lrw8BQv3Rxx6KWs6YvWbJoVPK33Oyjk79xUMm2GpXeVgN66tt+8PIYXlhJ65LTF7YuXrZ85JzTp5/WcVrH/NFtYw5vO3LMqCM+3to1qrbkby9DHd5T1amh7rz8rR/qIdUFlbwVnxoSEhL9LfE/zjj95DuOnPOpE+5d+oGj1oybcPaNh89qXXPb9ZPWT3ts8I9GXZKZ/y/c/fw/furET/7c+gyljv83x8P8yeO7DvNPi4F15R7/by51ND9/YsCQVGBFDKxwmB8AAIB3hrg7Mu52jHutH6q74qrDL3329C2jJn7tzOaRv57wwXEHfvqML99x3H/+3/d/7xN//N+Z+f+K8n7/v4/W/88vXf+5Usv8j4gl2kqt/59e5j+//v+KUuv/p5f5z6//v+5tWP9/aT6Q2iQvWP8fAAB4J3jr1v/vdXn/9AUCMhl6Xd4/fYGATIZel/Ev9wIBe7z+/5PHXPv0B97/TPvPrr/j8ekXn3HOx9fUD9uxrL7l9m//+y9u/MqpgzLz/1Xlzf8t3A8AAAD7j2uPffLfjr3q+7ec3Pjsj2sWzT7/5vNuahz2WsWsjfMnDJh8zez/ysz/15U3/3/r1/8Lpc7/H1Iq0F5qYUDr/wEAANBPlVr/b/tP6i+9sHHHuk0bXv/ske9+/Tt3fOdrry34wQ8+89H3zV48adyEmzPz/w3lzf/jaReVRbljb95oSta0C+k17Z5ryv9kAAAAAPqHytDSUlNm3qKVUcf/+W3GpUB3ly504nE//WT70HffPufaKa3/cN99Ha2H3NnUsH7+zi+d8PTyp05YeWVm/r+5vPl/0e8yqnZsv/Psxk9d98bqQetfXTn2yi27jv8DAAAAfafc/RIAAAAAAAAAAAAAAMDb770Lxoy/t+Xxd1+0evn5zdddcfmbm1q3fPUfL6na/uHZf7hg7uiGzO//w+TucqV+/x+v+xd/X/AXRbljq72v/5e7f9LxP1nWvWThtqYQPlQYmHfevANC7tr8wwsDt351xHu6EuelS9z8yISnuhJT04HPjDzw5a7E0anAtLhI4sHpQLyq4suDUoG4vOJ96UDcHhvSgdpc4FuDknFUpLfVM43JtqpIb6sHG0MYXBDIb6sbGpM2KtIDvCQVyA/wjHQgDvALuUBlulc/GZj0KgYaY9HLBia9AgBgvxW/BdaEWXM6O9riV/h4e0h18W1UtGTZudlqq8psPi5NtuqetUPLSVelv4vuutZ4TajrGsKozNfVwiwV3aPcN7X0sun+osSQe1vtra82XW3pETUkI2qZsaBzZk2vAx/Te5bR1b1mGZWZ7BRmqezepGXUUkZfyhhRmdumjC7H+5WhpaUqlWtsDDaHIr29Isr9vX5Pa/6VekV0+cSXb/rD41ubPn3Ye9pPO/+eyvff+6sDr3jxQ688dN1hm/7bR9b++urM/L+5vPl/XeG4Xs5dDGBFvLLeUYNDmFbmiAAAAOCdb/b8Ry6+4FcXbX+sfdhTC1ovuvWBZT9YXt10zfnHPnjzmS+d8r2pexu/9skTfvvAb3+0cdj4WxaOGfDEWVdedtw9d92xetvxb95w2P8ZOePRzPx/SHnz/7hjLHcoONnbsTle/3/l4BC6L63fnASuicM9dXAIH+hOtccSyQX1PxdLtCWBa+IOkxGxxLT24qrqY2BDKrC9KRfYnApsjYHcXoqrQ25XzkVNIXysOzW5uMTCWKI5FTghBoakAi0x0JYKDIqBcanAHwflAu2pwJ0xEOYUb6ufDcptKwAAgD2Rm2fVFN8N6XnehureMlT0lmFAbxkqe8tQ11uGUqOI9zfGDDWFx+NzGeJDNelaG1K1ZDLEi+Hvcb8yGcLdxTnTBTNN588kaS7OGTN8+x8f/OT0lx6+YemP3hh+4rmf/PH3tm16be4Tp40cPO3VsfNGfPuPmfl/W3nz/wHFt0nrW+P8f9f1/5LA7bF7q+Op40Ni4LFjigO5HQNb42T3wnxV7bkSuUn7hbHEuBgYkgosjIFxqcC0ybnAuvcUB3Iz7XzjK/ONz8mVKAgAAADAWy7uIIi7aeL8/9K/mz353O+0dqyc9dWnps0Y+ukDL33fpcfcNOk3c9cedOCpd14zLzP/H1fe/D+2N7CwsfNjb54cFMINFbt6kw+MbEwCcT9GY/x5/PsaQzigYAdHvkTHgKREbarhcFtD8gv12nRVNzYkawzE+yfd+8tbv9uVuKQhhKEFe1/ybTxcl7TRkA4Mq00CA9KBBdVJIO75yQd+XpkEYK/l9wrGF1TuVJe85p7LlXj9vVOuCZoeXmYfaA/5evrNVV+pSz+Q26eat2dPW6Y6+kTm7bHZu60/vtuavdsKv0jlvqHs3BWqC5UzO2ZNX9q5JD5S+EvWjD56nnv6Jevu0vvgdbjiz+9t7+rSHWhLfXy09Vyu59dhRayuasf2O89u/NR1qwetf3Xl2Cu3lN2NEuIm/cuvjR/2UMHm7Wt1Ifea63efJ+0+T/rjv4EhnrYQwqbnvlF/5okn/tsB/7Rw0/cf/a/mV7/1zTs2blzW1HJz1ZpJF3722sz8v728+X916rbba3FjLh4cwocLNu62uPknDk4+BwsCyafku7KB5JD7E00lPzkBAABgX8vv7sjvL5iTu01OCE/Pk7P52/cwf9xfMa7H/OX2+4TP3/0vf7vid6u/uGX9AxW/+f3GK04YM3XhYwvvu3jiP/+v31/16I2Z+f+03c//61PddPzf8X/6iOP/Pdrfd0XXpx9YsVe7ojPV0Scc/+/R/v5uc/y/R47/O/7fE8f/e+H4f4/296ct8y1poS9dIYSnn/2XC//hgmUnPfTqu4+4+IE/PTjx7IobOv9j+kPPdLzx0Vdm3XpoZv6/sLz5v/X/el60L7/+37RS6/8tLLX+3wrr/wEAAH2qxEJz6XleZvW+TIb06n2ZDL0uENjrEoPW/9vj9f82nFz9+1/P/ffvf+6+pw+vnHr/f46eP++m4UcdM+KqNU+t+NcX2lsy8/8V5c3/48thYGHr/WX9vyGTS1S1KgYWWhgQAACA/VGpHQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8vcaceedL33lh+2G3Lrlt5cnj/3r1qV//7NEH/+zKnZ/YHL7x4vKX7ply/FkXTDl54o6Vx874yt1v/v3WEOZ0l6tIilf8/KKpy2qnTPrSxV8+59jPH7V1U12u3prc7XuLcsdW32gKYV3BI40x8VxT151dgZOO/8my6q7EtqYQPlQYmHfevAO6EuubQhheGLj1qyPe05U4L13i5kcmPNWVmJoOfGbkgS93JY7OBSrS3b10UNLdinR3vzsohMEFgXx35w4qrirfxnG5QGW6jasakzZioDEW/UFj0kYMdMYSc+pDaK0OoSpd1f+sS6qqSlf1i7qkqqp0VefUhXB0CKE6XdUjtUlV1emR31WbVBUDB33w6ueHdSXW1YbQWhi4/5TLP9aVOCMVyDd+Ym0If9X1kkk3vrEmabwm3fglNSEcGkKoTZd4sTopUZsu8Xh1CO8qCOQbn10dwrLAO0L88JlZ+ODiZcvnTe/s7FjUh4naXFsNYdaczo6WGQs6Z9al+lRKRUF657nZeGWZY3/4+a/P6Lpddc/aoeWkq3Plarq7PLqm6O6YfdX7ij7qfezXgMJKdj0fmfpj/towMNQvXdyxqOWs6UuWLBqV/C03++jkb1UummyrUftqW5Xrz91WwwsraV1y+sLWxcuWj5xz+vTTOk7rmD+6bczhbUeOGXXEx1u7RtWW/N0XQ708G6/q46EeUl1QyVvxASAhIdHfEpVFn25t+/u/7MwX/V0drQl13R/QmWlFYZaK7lHui0GP3318Xw46MyXJjGhUZuKQyTK69yxjMpOJXVkakizd3+syk8PCmiq7N2m8XxlaWkr+p2suvlu4+f7Uw+YtV9x05aYBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+H/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuBQAAP//CAsM0g==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x1d)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x20008})
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
pwritev2(r1, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0x100000}], 0x1, 0x5412, 0x0, 0xa)

58.622395695s ago: executing program 1 (id=295):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000010140)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

57.697152466s ago: executing program 1 (id=297):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="0100000004000000ff0f000005"], 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0xb, 0x6, 0x5004, 0x7, 0x1}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000007300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r1}, 0x10)

57.530310121s ago: executing program 1 (id=298):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f0000000380)='devtmpfs\x00', 0x4000, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x2a05004, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00')

57.104476294s ago: executing program 1 (id=300):
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'syztnl0\x00', &(0x7f0000000040)={'syztnl2\x00', 0x0, 0x29, 0x10, 0xd, 0x2, 0x5, @ipv4={'\x00', '\xff\xff', @broadcast}, @private0={0xfc, 0x0, '\x00', 0x1}, 0x7800, 0x8000, 0x14853, 0x400000}})
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x48, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x4, {0x3}}}}]}]}, 0x48}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="00020006000000e62b428cc8e778000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800c0001006d6163766c616e0030000280080006"], 0x68}, 0x1, 0x0, 0x0, 0x4000810}, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003f000b05d25a806c8c6394f90324fc60100002000a000300053582c137153e3704020180fc0b09000c00", 0x33fe0}], 0x1}, 0x0)

56.463679505s ago: executing program 1 (id=303):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
readv(r1, &(0x7f00000002c0)=[{&(0x7f0000000040)=""/57, 0x39}], 0x1)
readv(r1, &(0x7f00000015c0)=[{&(0x7f0000000300)=""/253, 0xfd}], 0x1)

56.029497604s ago: executing program 33 (id=303):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
readv(r1, &(0x7f00000002c0)=[{&(0x7f0000000040)=""/57, 0x39}], 0x1)
readv(r1, &(0x7f00000015c0)=[{&(0x7f0000000300)=""/253, 0xfd}], 0x1)

2.945252195s ago: executing program 3 (id=814):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
r1 = socket$unix(0x1, 0x5, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r2=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, r2, 0x0)
fsetxattr$system_posix_acl(r0, &(0x7f0000000500)='system.posix_acl_access\x00', &(0x7f0000000a00)={{}, {0x1, 0x2}, [], {0x4, 0x2}, [], {0x10, 0x2}, {0x20, 0x1}}, 0x24, 0x1)

2.866375274s ago: executing program 4 (id=815):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="4dc07f947163300c", 0x8)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f0000003300)=[{{0x0, 0x0, &(0x7f0000001700)=[{&(0x7f0000001180)="a9b9c7e3196d3172827dc56d6c959180d124fefa33312326e3676fc1279e2019e624b4301f1833c561f1881d94", 0x2d}, {&(0x7f0000001280)="b6289a6dc561edfd9174143b61905136c1dc23f3b3e0f35754a4de0a1399f20efd0f132e450ca47ab20f81df977451b9050cf04468ffee432b465f39accdbebecaed3ecbb1eac45740e3fe83ac8893def51e646a2776129f35ae13cfa5f9cb6d2f1d5703ae72669e2684", 0x6a}, {&(0x7f0000001340)="72e246b89ad6cfd76a75c9b64120da297d54e9c36f05857937b5d3ffcbb1d3a3f602575785e92a667cf388", 0x2b}, {&(0x7f0000001440)="87e688d600602215a5a7151ebdfa0a0951daac1901be94d96949f3fcca010e896d105f3e849ca64209056596af31789b67d73491a2661eecf439", 0x3a}, {&(0x7f0000001500)="07974171ab88243233a37eb66034c9bcdf5f299fcc5a7088025206d6dc06ca9c3017a444378848f5f37ec1bed3b476f69c2ebce5ecaed42ca9c820a935e9fcb1f0be4a810f3cc87572547e928d24c7adec8c9442f605f042f9b001f75498", 0x5e}, {&(0x7f0000001640)="cafa21e6507cdc6ac2b9cef59ba00059b7c4bb3f0040", 0x16}], 0x6, 0x0, 0x0, 0x8040010}}], 0x1, 0x20000000)

2.732262584s ago: executing program 3 (id=818):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000180)={'wpan1\x00', <r2=>0x0})
sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)={0x1c, r1, 0x2586ad4018a3b31b, 0x1, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000540), r0)

2.701187849s ago: executing program 3 (id=819):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000004000000000000000201801000020786c3500000000002020207b1af8ff00000000bfa10000000000000701000094ffffffb702000008000000b703000000000020850000002d000000850000002a00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f00000002c0)='kmem_cache_free\x00', r0}, 0x18)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x2ed})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffb000/0x4000)=nil, 0x4000}, 0x1})

2.689178076s ago: executing program 4 (id=820):
openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000a500e9406b06f92094ff010203010902121001000000000904"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000540)={0x44, &(0x7f0000000300)={0x0, 0x0, 0x2, "6d10"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000004c0)={0x44, &(0x7f0000000100)={0x0, 0x18, 0x2, "fc67"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000380)={{{@in=@multicast2, @in6=@remote}}, {{@in6=@initdev}, 0x0, @in6=@local}}, &(0x7f0000000240)=0xe8)

2.574444699s ago: executing program 3 (id=823):
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f0000000280)={[{@noload}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1}}, {@bh}, {@noload}, {@data_err_ignore}, {@usrjquota}]}, 0xfe, 0x44d, &(0x7f0000000900)="$eJzs3MtvG8UfAPDvrp30/Ut+UB4tLQQKouKRNOnzwKUIJA4gIcGhiFNI0qrUbaAJEq0qKBzKEVXijjgi8RdwggsCTkhc4Y4qVaiXFiQko13vpsa107hx6rb+fKRNZrzjzHx3d+zZGTsBDKyx7EcSsTkifouIkUb2vwXGGr+uXTk389eVczNJ1Otv/Jnk5a5eOTdTFi2ft6mRqdeL/Lo29V54O2K6Vps7XeQnFk++N7Fw5uzzx09OH5s7Nndq6tChfXt3Dh+Y2t+TOLO4rm7/aH7HtlfeuvjazJGL7/z0TdbezcX+5jh6ZaxxdNt6qteV9dmWpnRS7WND6EolIrLTNZT3/5GoxIalfSPx8qd9bRywpur1er3d+3PhfB24hyXR7xYA/VG+0Wf3v+V2m4Yed4TLhyPeP9iI/1qxNfZUIy3KDLXc3/bSWEQcOf/3l9kWazQPAQDQ7LvDEfFcu/FfGg82lftfsYYyGhH/j4j7IuL+iNgaEQ9E5GUfioiHu6y/dYXkxvFPeumWAluhbPz3QrG2tTT++6eex18YrRS5LXn8Q8nR47W5PcUx2R1D67L85DJ1fP/Sr5932tc8/su2rP5yLNiQXqq2TNDNTi9OrzLsJZc/idhebYk/l0S5jJNExLaI2N7VX75+h3H8ma93dCp18/iX0YN1pvpXEU83zv/5aIm/lHRcn5w8eGBq/8T6qM3tmSivihv9/MuF1zvVv6r4eyA7/xtbr//cUvyjyfqIhTNnT+TrtQvd13Hh98863tPc6vU/nLyZp4eLxz6cXlw8PRkxnLx64+NT159b5svyWfy7d7WLP81f48oj8UhEZBfxzoh4NCIeK9r+eEQ8ERG7lon/xxeffLf7+JeZle+hLP7Zm53/aD7/3ScqJ374tvv4S9n535endhePrOT1b6UNXM2xAwAAgLtFmn8GPknHl9JpOj7e+Az/1tiY1uYXFp89Ov/BqdnGZ+VHYygtZ7pGmuZDJ4u54TI/1ZLfW8wbf1HZkOfHZ+Zrs/0OHgbcpg79P/NHpd+tA9ac72vB4NL/YXDp/zC49H8YXPo/DK52/f/jPrQDuP28/8Pg0v9hcOn/MLj0fxhIHb8bn67qK/8S93wi0u6fVY07pPF3U6K64n9mcYuJdW139fuVCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDf+DQAA//9X4u4v")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120)
getdents64(r0, &(0x7f0000000480)=""/240, 0xffb3)

2.202906147s ago: executing program 2 (id=829):
r0 = socket$kcm(0x29, 0x2, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
ioctl$sock_proto_private(r0, 0x89e2, &(0x7f0000000040))

2.055375732s ago: executing program 3 (id=831):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000340)={[{@coherency_buffered}, {@heartbeat_none}, {@intr}, {@err_cont}, {@journal_async_commit}, {@localflocks}, {@intr}, {@journal_async_commit}]}, 0x9, 0x444b, &(0x7f00000088c0)="$eJzs3c9vE9kdAPA3kwAJBZpQDlSqVEtFatVWUcKJNkgkIRASSKloQVUvxkkMpHVilDhVDxzSG1VPlXqoekBdaW85rFAOe2X/hL3skT0jLYe9rLQS2qxsjxPPOFa8bJxs2M/nkPG83/Z35vnNwXlxovJocTW3uJorLOfK8w9WL+b+Vi6tLRVDfEB27f/YwfXPjkvHQ9vPvRvXyWFfe99nt69e/8O9iyF8tPDJq62tra1Q1RsSUWg20vT6i8+fzDcfG+KQVm03dNWfQwjnWsZV1RNC+NOH9XcxnqRNJMf+EMLp5B3ee/Kv+7l9Gs3zl8XL+TezTzdHL8xsPNts/96jEP5X+vGvHy599rOe0U9/uU/dAwAAAAAAAAAAAAAAAABwxE3duX3398Mj4UUUejei1t/rTiXHdr+P3do3P+3+mwUAAAAAAAAAAAAAAAAAAIDvqJ3f/+eis7v8/n8yOY61qb91pftjpHumf3d78trwSLL/e5TNPtufvHg93hMGd9n3Pbv/+3imgd33f2/p561ditL9DoQoHkqdx/HQUAjvJRu/n49OxqXyauVXD8prywv7NowjKx3/+u79qegkG/p3Gv+JTPvd3///Ry1XU/X8fssldry7wziituN/pRr/nrbl3v9H1FH8r2bqHUT8eXvp+7+3ltbfXGCsPgFU4//v3r3jP5lpf1/i/8E/W5LOhBByUXWsudQMUF3DVNPbrVdIS8f/WC0tNXUmH2S7+//LTPyvZdo/rPl/PftFxK7S8a9/R/alSuzc/4Px3vf/9Uz7hxH/6vjX92+J+U5Lx/9EPbE3VaT2SXY6/09l2u9W/O/GyTjPRKkrYCOqp7f7f3WkpePf15LfeL56PR53tP67kal/UM9/jX4bz3+N6f8XUf35j92l49/ftlyn9/90pt5O/Le6MPrq8iTnCeBbSMf/ZC0tvXYeqP3tNP4zmfa7Nf/XViV9jfjvzCdfnain/9/6ryPp+P+gnhg3l1iv/a2t/6K91/83M+0fxvqvOv71uLu9viua498TTrUtV43/xx18/9/K1Ot+/EMYttZ/a+n7/3TbcrX7v2/v+M9m6nU7/j/vZuMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAR8BEchwIUTyUOo/joaEQribn58PJaK6wkJ8rlef/uhrCZJKeC2ejh6XyXKGUX1wuLxTzhVKpPB/CtST/XOiLVkvlSn6p8Pj6dlv90aNiYaUyVyxUQghTSfpPwulGW3OLlaXC4xDCje28H8bllcePCsv5hcWV3w4PDw+H6e0xDEbFv1eKy5V67/XcEGa26w5ETYOrZd/cHsup6C/ltZXlQqmWfqupTqk8Xyg11ZlN8v4TBqPKytryfKFSzJfKDxv9Haax5Dg5feePd26NtOTfj+rHiYMdFgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADf0IvR3/w3hNBbP4tDCGONF9Fu5Z+/LF7Ov5l9ujl6YWbj2earduUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC+ZgcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgq7dIzSQBCFAfjNWKidx7BadjvbFUW0cEXwBHoMD6NH8RLeIUWKtClCIJmFsNmFbZLq+5oH8zPzHswDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJ6n9+7jrW4iUlxtLiP+vv4Xh/lLqT/34/cvzjAjp/P82j081k3593SU35WjZZt36Xr1/Rkjtfc72JPhPu31fa4n55rat6n5+r43kXIVEW3Jb1POVTXvLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANiyAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhR04FgAAAAAQ5m8dRd8GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPwKAAD///Y7H0Y=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents64(r0, 0x0, 0x0)
lseek(r0, 0xfffffffffffffffd, 0x1)
getdents64(r0, 0x0, 0x31)

2.010677241s ago: executing program 6 (id=832):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000340)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x5}}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@resgid}, {@nobarrier}, {@usrjquota}]}, 0x3, 0x44a, &(0x7f0000000400)="$eJzs281vG0UbAPBn10n6vv1KKOWjpUCgQkR8JE1aoAcuIJA4FIEEh3IMTlpVdRvUBIlWFQ0IlQsSqgRnxBGJv4AbFwSckLjCHVWqoJcWTkG73m1t106b1rFD/ftJm8x4x555PDve2R07gIE1nv1JIrZGxG8RMVrPNhcYr/+7evls9e/LZ6tJrKy89WeSl7ty+Wy1LFo+b0uRmUgj0k+SopJmi6fPHJ+t1eZPFfmppRPvTS2ePvPssROzR+ePzp+cOXjwwP7pF56fea4rcWZxXdn94cKeXa+9c+H16uEL7/70bdbercX+xji6ZTwL/K+VXOu+J7pdWZ9ta0gnQ31sCGtSiYisu4bz8T8albjeeaPx6sd9bRywrrJz06bOu5dXgLtYEv1uAdAf5Yk+u/4ttx5NPTaESy/VL4CyuK8WW33PUKRFmeGW69tuGo+Iw8v/fJVtsU73IQAAGn1W/fJQPNNu/pfG/Q3lthdrKGMRcU9E7IiIeyNiZ0TcF5GXfSAiHlxj/a1LQzfOf9KLtxXYLcrmfy8Wa1vN879y9hdjlSK3LY9/ODlyrDa/r3hPJmJ4U5afXqWO71/59fNO+xrnf9mW1V/OBYt2XBxquUE3N7s0m09Ku+DSRxG7h9rFn1xbCUgiYldE7F7bS28vE8ee+mZPp0I3j38VXVhnWvk64sl6/y9HS/ylZPX1yan/RW1+31R5VNzo51/Ov9mp/juKvwuy/t/cfPy3FhlLGtdrF9dex/nfP+14TXO7x/9I8nbeLyPFYx/MLi2dmo4YSQ7l+abHZ64/t8yX5bP4J/a2H/87iudk9TwUEdlB/HBEPBIRjxZtfywiHo+IvavE/+PLnfdthP6fa/v5d+34b+n/tScqx3/4rlP9t9b/B/LURPFI/vl3E7fawDt57wAAAOC/Is2/A5+kk9fSaTo5Wf8O/87YnNYWFpeePrLw/sm5+nflx2I4Le90jTbcD51OlotXrOdninvF5f79xX3jLyr/z/OT1YXaXJ9jh0G3pcP4z/xR6XfrgHXXbh1tZqQPDQF6rnX8p83Zc2/0sjFAT/m9Ngyum4z/tFftAHrP+R8GV7vxf64lby0A7k7O/zC4jH8YXMY/DC7jHwbSnfyuX2KQE5FuiGZIrFOi359MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3fFvAAAA//+uEO7O")
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_X86_SETUP_MCE(r2, 0x4140aecd, &(0x7f00000003c0)={0x0, 0x0, 0x8})

1.725306764s ago: executing program 5 (id=836):
syz_mount_image$xfs(&(0x7f0000009600), &(0x7f0000009640)='./file2\x00', 0x200800, &(0x7f0000000380)={[{@lazytime}, {@dax_never}, {@filestreams}, {@uqnoenforce}, {@dax_always}]}, 0x4, 0x9647, &(0x7f0000012cc0)="$eJzs3Qm4pnPh+P/nDGNfxlBJqalGtMiaJaqZwQyFZIl2ZElZChXatEhpo0R79i1bWULZWkn2FkoIlSyRFtsw/+uYM4zxJn37/v6+9X6/r+uc53nu577v83k+r3s5R3NdbTZ5o0mDwVyD6Y0bzNrZV02ZOuaK9W89fMuFjlrupDv3e/iK4yeMPE4ceZw0GAxGjbw9NH3Z2MHJp4wazP7A8oead+55huYfDJYfeTmyn8HK0x/mv3TGetNmadaBDj30bZ/pXw+04PCPGH5yyH57HToYDMbMtP3QYDC05yM+qLTNJk6Z/JDVg27DVqNHns/8Ncf0r/kvGAzmP23Ax8fM6w49AR9p+Gfu+fyzRq//BPzs/7g2mzhlnVn8h8/F2UaWrTx8js96Dhqb9Ti/eYnNVx2ZwgeOt8Fg+BL3sHPlP6LNJk5ed/Do1/nB4audt8+06dfNOQfTbxRzDwaDeUaur/M90S717zVx0goP3LNnvB5hn3Es70nHxbFvOuH+4Zv0YDBYeDAYu/aMe0FVVVX9ZzRx0gprwP1/rse6/5944mKndf+vqqr6z22diZNWGL7Xz3L/n++x7v87L3b+h6f/t/8JK0/f6v4n9kNUVVXVv9TkdfD+P+ax7v8rr3Hxut3/q6qq/nPbcL0H7v/zzXL/X+Sx7v+vP2G1xUfWm/F7w30z7XJopv894d6Zls820/J7Zlo+eqb9zLz+HDMtv2um5XMOvwfrjxsMxs7494JTH1o8dtzweyPL755p+YSH/p3O+DVnWj5xpuWTZ1o+aWSsw8unzLR8ykzrr/0YU11VVfV/pg1XmLzGYKZ/Zz+yeNEZ79P9/9zTr176iRpvVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV/Wd2/61nnDUYDIYGg8GowWDqYOT5zI+DadOmTRt+feI5l1zyhA30/0ZDZ181ZeqYK9a/9fAtFzpquZPu3O+hWfqP7T//E9S/07D/XMeMGwx23OSJHko9AXX+u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7j7bz3jrJFjYNRgMHUw8nzPGY+n7/u6N4ysuuqmJ91+wENbjp+w3cizs6+aMnW7J2DsT0BDw591zBXr33r4lgsdtdxJd+73X3D2/Od/gvp3esB/u6HBYOT8HjN8Lq8/ccONlxoMBgfcftKmKw0efG+V4fdWGzvbYLYHNl3qge9rjecd77n29McJw98WeXAfJz6w/3WmHTzb0CyDmKmXnn3d4W/d7M4VZ31c8tE/x6gZTw695tQ7pk2bNu1hC0ea61E2nrH/GZ9l1vN8ZOxLDY99mV13eMcyu+y+x9Lb7bDFtltvu/WOy62wyoorLb/cSqu+eJltttt+62Wnf3+UORv3wPc1Hs+czTfrnN06ceY5m/WzPdqcjXvsOXtgj1P3GNp4xpzN/i/O2RqPPWfjthv5QeMnjB5s/sDUDA0G49ccPdht+MVycw4G49caWXfR4XVXHztqMNj3oQ86/GzOB4/BoT2H19ls8kaTHhrZIz/hI67TD1tx/ISRx4kjj5OmD3Hc4KFDcezg5FNGDc/Fw6Z53rnnGZp/MFh+5OXIfgarjrx70Iz1ps3SrAMdeujbPtO/HmjB4Z0MP3nbsmdcOXwuzrL9/4v+R9f/R3itMvTgRA2NfI2sM91r4pR1HvpZD0zD8NzNNrJs5WGTWefsf7NHjHfc7IMxjzHeyetMWmF48SzzP2MTPL5uW+K8904/tiasPH2r+//HKDTe+R5jvOtMxPHO91jjPeZ9F50yfVf/a+Od5Vq37gPfJzyea93gsa91s9EOtr5w8Vmvda989CE+7DyeMUdzzrLSo13rdjtw+T2H9z/hsa916w6PffTDrnWjBoPxa8y41g1f+CaPHuw7/GL54RdTRg+OGn6xwgMv5h6cM/ziRW/ZafuthhesPWNOlh3e74SxQw+4n7fyTUtO+/y0aWuOjGXC2IePdeT4GDfz/Xzi2OmTOWPbGfsdXnXGfm98yvT3Jo/sd+K/sN8Z29J4b19w+ntTRvY7aZb9jn6M/c7Y9hHnw1JDD164HuV6M3mW683I3zgzftzDvuaY/jX/BYPB/KeR7yzr/tNrJp2/cz3GeCdOWmGN4fHNcv4+eDjS+XvRlCuG7xXzDwaDhQeDsWvPGPu/2NCjjXf2xx7vJBjv7I813suO3mG9/4XxDmYa78OOs802nH6srD1ynE35F47fGdvOeh0b/cC70y/7az+e69i4R1zHPjTbqFkme6Ye7Xe2rWD96c8Xfej33KuOP3LG3I+eZb//7He2mT7LEFzHxszy9/yota8dDNGc73nM6hcP7f/Ycz568PC/LWbM+YxtH2vOpzyeOX/6Y8/54/09eannTH9/9Czjn3nON/jU0z45Y87nmGW//2zOpzz2veORcz5hMJrmfNl7ps/bY11PH23OZ2w7Y86HP+JqY2cfrDV8zxqZ88mPZ84X/d85zueB9ac/3/rBRWceftJrZsz5rHP8z+Z88r865+MePM7HP/Des0cN5phjsNsWu+6683LTv894ufz073wtuuuq6fP8WPfSRzOase1jnRdrPh6jMY/LaOifGS02+6MZPXRqHbbTzk/+n16L1vxXjQZ8LbriyOnz9li/Fz3anM/Ylu6Di8y0/ax/h2643gO/d883y31wxiZ4Hzzz9HX3nrHLkc3um2WYM+6r9860fLaZlt8z0/LRM+1n5vXnmGn5XTMtH/4Ic8y0/gzWccN/844sn/rQ6mOHf3kaN7L87pmWT3ho2/FrzrR84kzLJ8+0fNJDh8b4KTMtnzLT+msP/sVm/Dfp7Wa9yNfjrf/+6y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvLX9z9t55x1sgxMGowmDqY/nxo5HGw59AGt7x8+HEwGIxe+bhpGzzR432CGzr7qilTx1yx/q2Hb7nQUcuddOd+/wVnz3/+J6h/pwf8txsaDEbO7zHbDQaD9SduuPFSg8Fgg2nHrTxq8OB7iw6/t/rYUYPBvkMP28GcD64ztOfwOptN3mjSYDDXyBrjHvFDH3EePWzF8RNGHieOPE6afn0aN3joeB07OPmUUYPZH1j+UPPOPc/Q/IPB8iMvR/YzWHn6w/yXzlhv2izNOtChh77tM/3rgRYc/hHDT3bbdsozhudqlu3/zzTjWr3dqH+6aue/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL392/5t/R8t9Wou7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+6oam/7+7lrXOf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vf3f/cf5fZ/1cHUk9Inf/u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y1/c/beecdbIMTBqMJg6mP58aM+Rx8HQCSc/b+QQGb375Ucc/ESP9wlu6Oyrpkwdc8X6tx6+5UJHLXfSnfv9F5w9//mfoP6dHvDfbmgwGDm/x2w3GAzWn7jhxksNBoODj7h891GDB99bdPi91ceOGgz2HXrYDuZ8cJ2hPYfX2WzyRpMGg7lG1hj3iB/6iPPoYSuOnzDyOHHkcdL069O4wUPH69jByaeMGsz+wPKHmnfueYbmHwyWH3k5sp/BytMf5r90xnrTZmnWgQ499G2f6V8PtODwjxh+std8V50wPFezbP9/phnX6u1G/dNVO//d5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8tf3P23nnHWyDEwajCYOpj+fNTI49CeN1z/gY2HH4dfL7T23lc90eN9ghs6+6opU8dcsf6th2+50FHLnXTnfv8FZ89//ieof6dh/7mOGTcY7LjJEz2UegLq/HeXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn9x9996xlkjT0c9tHTUnh0X2NDZV02ZOuaK9W89fMuFjlrupDv3e6IH9O/2KP4fyh+z+H84f8zi/5H8MYv/R/PHLP575Y9Z/D+WP2bx3zt/zOL/8fwxi/8n8scs/vvkj1n8P5k/ZvH/VP6Yxf/T+WMW/8/kj1n8P5s/ZvHfN3/M4r9f/pjF/3P5Yxb/z+ePWfz3zx+z+H8hf8zif0D+mMX/wPwxi/8X88cs/l/KH7P4fzl/zOL/lfwxi/9X88cs/l/LH7P4fz1/zOL/jfwxi/9B+WMW/4Pzxyz+h+SPWfwPzR+z+B+WP2bxPzx/zOJ/RP6Yxf/I/DGL/1H5Yxb/o/PHLP7H5I9Z/L+ZP2bxPzZ/zOJ/XP6Yxf/4/DGL/wn5Yxb/E/PHLP7fyh+z+H87f8zif1L+mMX/5Pwxi/8p+WMW/1Pzxyz+38kfs/iflj9m8T89f8zif0b+mMX/u/ljFv/v5Y9Z/M/MH7P4n5U/ZvE/O3/M4n9O/pjF/9z8MYv/9/PHLP4/yB+z+P8wf8zi/6P8MYv/j/PHLP4/yR+z+J+XP2bxPz9/zOL/0/wxi/8F+WMW/5/lj1n8L8wfs/hflD9m8b84f8zif0n+mMX/0vwxi/9l+WMW/8vzxyz+P88fs/j/In/M4v/L/DGL/6/yxyz+V+SPWfyvzB+z+P86f8zi/5v8MYv/VfljFv/f5o9Z/K/OH7P4X5M/ZvG/Nn/M4v+7/DGL/3X5Yxb/6/PHLP435I9Z/H+fP2bx/0P+mMX/j/ljFv8b88cs/n/KH7P435Q/ZvG/OX/M4n9L/pjF/9b8MYv/n/PHLP635Y9Z/G/PH7P4/yV/zOJ/R/6Yxf+v+WMW/7/lj1n8/54/ZvH/R/6Yxf/O/DGL/135Yxb/u/PHLP735I9Z/O/NH7P4T80fs/jflz9m8b8/f8ziPy1/TOI/2yB/zOI/lD9m8R+VP2bxny1/zOI/e/6YxX90/pjFf478MYv/nPljFv+58scs/nPnj1n858kfs/jPmz9m8Z8vf8ziP3/+mMV/gfwxi/+C+WMW/zH5Yxb/hfLHLP5j88cs/gvnj1n8F8kfs/g/KX/M4v/k/DGL/1Pyxyz+i+aPWfyfmj9m8V8sf8zi/7T8MYv/0/PHLP6L549Z/J+RP2bxf2b+mMV/XP6Yxf9Z+WMW/2fn/4hmH3k0+D8nf8xy/o/PH7P4L5E/ZvF/bv6YxX/J/DGL/1L5Yxb/5+WPWfyfnz9m8X9B/pjF/4X5Yxb/pfPHLP4vyh+z+C+TP2bxXzZ/zOK/XP6YxX/5/DGL/wr5Yxb/FfPHLP4vzh+z+K+UP2bxXzl/zOK/Sv6YxX/V/DGL/0vyxyz+q+WPWfxXzx+z+L80f8zi/7L8MYv/y/PHLP4T8scs/hPzxyz+k/LHLP5r5I9Z/NfMH7P4r5U/ZvGfnD9m8Z+i8p/tca9p8V9b5f/4s/ivkz9m8X9F/pjF/5X5Yxb/dfPHLP7r5Y9Z/NfPH7P4vyp/zOK/Qf6Yxf/V+WMW/w3zxyz+G+WPWfw3zh+z+G+SP2bxf03+mMV/0/wxi/9m+WMW/9fmj1n8X5c/ZvF/ff6Yxf8N+WMW/zfmj1n835Q/ZvF/c/6YxX/z/DGL/xb5Yxb/LfPHLP5vyR+z+G+VP2bx3zp/zOK/Tf6YxX/b/DGL/1vzxyz+2+WPWfzflj9m8X97/pjFf/v8MYv/DvljFv8d88cs/jvlj1n835E/ZvF/Z/6YxX/n/DGL/y75Yxb/XfPHLP7vyh+z+L87f8zi/578MYv/bvljFv/d88cs/nvkj1n835s/ZvF/X/6Yxf/9+WMW/w/kj1n8P5g/ZvHfM3/M4v+h/DGL/4fzxyz+H8kfs/h/NH/M4r9X/pjF/2P5Yxb/vfPHLP4fzx+z+H8if8ziv0/+mMX/k/ljFv9P5Y9Z/D+dP2bx/0z+mMX/s/ljFv9988cs/vvlj1n8P5c/ZvH/fP6YxX///DGL/xfyxyz+B+SPWfwPzB+z+H8xf8zi/6X8MYv/l/PHLP5fyR+z+H81f8zi/7X8MYv/1/PHLP7fyB+z+B+UP2bxPzh/zOJ/SP6Yxf/Q/DGL/2H5Yxb/w/PHLP5H5I9Z/I/MH7P4H5U/ZvE/On/M4n9M/pjF/5v5Yxb/Y/PHLP7H5Y9Z/I/PH7P4n5A/ZvE/MX/M4v+t/DGL/7fzxyz+J+WPWfxPzh+z+J+SP2bxPzV/zOL/nfwxi/9p+WMW/9Pzxyz+Z+SPWfy/mz9m8f9e/pjF/8z8MYv/WfljFv+z88cs/ufkj1n8z80fs/h/P3/M4v+D/DGL/w/zxyz+P8ofs/j/OH/M4v+T/DGL/3n5Yxb/8/PHLP4/zR+z+F+QP2bx/1n+mMX/wvwxi/9F+WMW/4vzxyz+l+SPWfwvzR+z+F+WP2bxvzx/zOL/8/wxi/8v8scs/r/MH7P4/yp/zOJ/Rf6Yxf/K/DGL/6/zxyz+v8kfs/hflT9m8f9t/pjF/+r8MYv/NfljFv9r88cs/r/LH7P4X5c/ZvG/Pn/M4n9D/pjF//f5Yxb/P+SPWfz/mD9m8b8xf8zi/6f8MYv/TfljFv+b88cs/rfkj1n8b80fs/j/OX/M4n9b/pjF//b8MYv/X/LHLP535I9Z/P+aP2bx/1v+mMX/7/ljFv9/5I9Z/O/MH7P435U/ZvG/O3/M4n9P/pjF/978MYv/1Pwxi/99+WMW//vzxyz+0/LHJP6zD/LHLP5D+WMW/1H5Yxb/2fLHLP6z549Z/Efnj1n858gfs/jPmT9m8Z8rf8ziP3f+mMV/nvwxi/+8+WMW//nyxyz+8+ePWfwXyB+z+C+YP2bxH5M/ZvFfKH/M4j82f8ziv3D+mMV/kfwxi/+T8scs/k/OH7P4PyV/zOK/aP6Yxf+p+WMW/8Xyxyz+T8sfs/g/PX/M4r94/pjF/xn5Yxb/Z+aPWfzH5Y9Z/J+VP2bxf3b+mMX/OfljFv/x+WMW/yXyxyz+z80fs/gvmT9m8V8qf8zi/7z8MYv/8/PHLP4vyB+z+L8wf8ziv3T+mMX/RfljFv9l8scs/svmj1n8l8sfs/gvnz9m8V8hf8ziv2L+mMX/xfljFv+V8scs/ivnj1n8V8kfs/ivmj9m8X9J/pjFf7X8MYv/6vljFv+X5o9Z/F+WP2bxf3n+mMV/Qv6YxX9i/pjFf1L+mMV/jfwxi/+a+WMW/7Xyxyz+k/PHLP5T8scs/mvnj1n818kfs/i/In/M4v/K/DGL/7r5Yxb/9fLHLP7r549Z/F+VP2bx3yB/zOL/6sEl+UMW/w07/zGL/0b5Yxb/jfPHLP6b5I9Z/F+TP2bx3zR/zOK/Wf6Yxf+1+WMW/9flj1n8X58/ZvF/Q/6Yxf+N+WMW/zflj1n835w/ZvHfPH/M4r9F/pjFf8v8MYv/W/LHLP5b5Y9Z/LfOH7P4b5M/ZvHfNn/M4v/W/DGL/3b5Yxb/t+WPWfzfnj9m8d8+f8ziv0P+mMV/x/wxi/9O+WMW/3fkj1n835k/ZvHfOX/M4r9L/pjFf9f8MYv/u/LHLP7vzh+z+L8nf8ziv1v+mMV/9/wxi/8e+WMW//fmj1n835c/ZvF/f/6Yxf8D+WMW/w/mj1n898wfs/h/KH/M4v/h/DGL/0fyxyz+H80fs/jvlT9m8f9Y/pjFf+/8MYv/x/PHLP6fyB+z+O+TP2bx/2T+mMX/U/ljFv9P549Z/D+TP2bx/2z+mMV/3/wxi/9++WMW/8/lj1n8P58/ZvHfP3/M4v+F/DGL/wH5Yxb/A/PHLP5fzB+z+H8pf8zi/+X8MYv/V/LHLP5fzR+z+H8tf8zi//X8MYv/N/LHLP4H5Y9Z/A/OH7P4H5I/ZvE/NH/M4n9Y/pjF//D8MYv/EfljFv8j88cs/kflj1n8j84fs/gfkz9m8f9m/pjF/9j8MYv/cfljFv/j88cs/ifkj1n8T8wfs/h/K3/M4v/t/DGL/0n5Yxb/k/PHLP6n5I9Z/E/NH7P4fyd/zOJ/Wv6Yxf/0/DGL/xn5Yxb/7+aPWfy/lz9m8T8zf8zif1b+mMX/7Pwxi/85+WMW/3Pzxyz+388fs/j/IH/M4v/D/DGL/4/yxyz+P84fs/j/JH/M4n9e/pjF//z8MYv/T/PHLP4X5I9Z/H+WP2bxvzB/zOJ/Uf6Yxf/i/DGL/yX5Yxb/S/PHLP6X5Y9Z/C/PH7P4/zx/zOL/i/wxi/8v88cs/r/KH7P4X5E/ZvG/Mn/M4v/r/DGL/2/yxyz+V+U/3LTZZllg8f9t/pjF/+r8MYv/NfljFv9r88cs/r/LH7P4X5c/ZvG/Pn/M4n9D/pjF//f5Yxb/P+SPWfz/mD9m8b8xf8zi/6f8MYv/TfljFv+b88cs/rfkj1n8b80fs/j/OX/M4n9b/pjF//b8MYv/X/LHLP535I9Z/P+aP2bx/1v+mMX/7/ljFv9/5I9Z/O/MH7P435U/ZvG/O3/M4n9P/pjF/978MYv/1Pwxi/99+WMW//vzxyz+0/LHJP6jB/ljFv+h/DGL/6j8MYv/bPljFv/Z88cs/qPzxyz+c+SPWfznzB+z+M+VP2bxnzt/zOI/T/6YxX/e/DGL/3z5Yxb/+fPHLP4L5I9Z/BfMH7P4j8kfs/gvlD9m8R+bP2bxXzh/zOK/SP6Yxf9J+WMW/yfnj1n8n5I/ZvFfNH/M4v/U/DGL/2L5Yxb/p+WPWfyfnj9m8V88f8zi/4z8MYv/M/PHLP7j8scs/s/KH7P4Pzt/zOL/nPwxi//4/DGL/xL5Yxb/5+aPWfyXzB+z+C+VP2bxf17+mMX/+fljFv8X5I9Z/F+YP2bxXzp/zOL/ovwxi/8y+WMW/2Xzxyz+y+WPWfyXzx+z+K+QP2bxXzF/zOL/4vwxi/9K+WMW/5Xzxyz+q+SPWfxXzR+z+L8kf8ziv1r+mMV/9fwxi/9L88cs/i/LH7P4vzx/zOI/IX/M4j8xf8ziPyl/zOK/Rv6YxX/N/DGL/1r5Yxb/yfljFv8p+WMW/7Xzxyz+6+SPWfxfkT9m8X9l/pjFf938MYv/evljFv/188cs/q/KH7P4b5A/ZvF/df6YxX/D/DGL/0b5Yxb/jfPHLP6b5I9Z/F+TP2bx3zR/zOK/Wf6Yxf+1+WMW/9flj1n8X58/ZvF/Q/6Yxf+N+WMW/zflj1n835w/ZvHfPH/M4r9F/pjFf8v8MYv/W/LHLP5b5Y9Z/LfOH7P4b5M/ZvHfNn/M4v/W/DGL/3b5Yxb/t+WPWfzfnj9m8d8+f8ziv0P+mMV/x/wxi/9O+WMW/3fkj1n835k/ZvHfOX/M4r9L/pjFf9f8MYv/u/LHLP7vzh+z+L8nf8ziv1v+mMV/9/wxi/8e+WMW//fmj1n835c/ZvF/f/6Yxf8D+WMW/w/mj1n898wfs/h/KH/M4v/h/DGL/0fyxyz+H80fs/jvlT9m8f9Y/pjFf+/8MYv/x/PHLP6fyB+z+O+TP2bx/2T+mMX/U/ljFv9P549Z/D+TP2bx/2z+mMV/3/wxi/9++WMW/8/lj1n8P58/ZvHfP3/M4v+F/DGL/wH5Yxb/A/PHLP5fzB+z+H8pf8zi/+X8MYv/V/LHLP5fzR+z+H8tf8zi//X8MYv/N/LHLP4H5Y9Z/A/OH7P4H5I/ZvE/NH/M4n9Y/pjF//D8MYv/EfljFv8j88cs/kflj1n8j84fs/gfkz9m8f9m/pjF/9j8MYv/cfljFv/j88cs/ifkj1n8T8wfs/h/K3/M4v/t/DGL/0n5Yxb/k/PHLP6n5I9Z/E/NH7P4fyd/zOJ/Wv6Yxf/0/DGL/xn5Yxb/7+aPWfy/lz9m8T8zf8zif1b+mMX/7Pwxi/85+WMW/3Pzxyz+388fs/j/IH/M4v/D/DGL/4/yxyz+P84fs/j/JH/M4n9e/pjF//z8MYv/T/PHLP4X5I9Z/H+WP2bxvzB/zOJ/Uf6Yxf/i/DGL/yX5Yxb/S/PHLP6X5Y9Z/C/PH7P4/zx/zOL/i/wxi/8v88cs/r/KH7P4X5E/ZvG/Mn/M4v/r/DGL/2/yxyz+V+WPWfx/mz9m8b86f8zif03+mMX/2vwxi//v8scs/tflj1n8r88fs/jfkD9m8f99/pjF/w/5Yxb/P+aPWfxvzB+z+P8pf8zif1P+mMX/5vwxi/8t+WMW/1vzxyz+f84fs/jflj9m8b89f8zi/5f8MYv/HfljFv+/5o9Z/P+WP2bx/3v+mMX/H/ljFv8788cs/nflj1n8784fs/jfkz9m8b83f8ziPzV/zOJ/X/6Yxf/+/DGL/7T8MYn/HIP8MYv/UP6YxX9U/pjFf7b8MYv/7PljFv/R+WMW/znyxyz+c+aPWfznyh+z+M+dP2bxnyd/zOI/b/6YxX++/DGL//z5Yxb/BfLHLP4L5o9Z/Mfkj1n8F8ofs/iPzR+z+C+cP2bxXyR/zOL/pPwxi/+T88cs/k/JH7P4L5o/ZvF/av6YxX+x/DGL/9Pyxyz+T88fs/gvnj9m8X9G/pjF/5n5Yxb/cfljFv9n5Y9Z/J+dP2bxf07+mMV/fP6YxX+J/DGL/3Pzxyz+S+aPWfyXyh+z+D8vf8zi//z8MYv/C/LHLP4vzB+z+C+dP2bxf1H+mMV/mfwxi/+y+WMW/+Xyxyz+y+ePWfxXyB+z+K+YP2bxf3H+mMV/pfwxi//K+WMW/1Xyxyz+q+aPWfxfkj9m8V8tf8ziv3r+mMX/pfljFv+X5Y9Z/F+eP2bxn5A/ZvGfmD9m8Z+UP2bxXyN/zOK/Zv6YxX+t/DGL/+T8MYv/lPwxi//a+WMW/3Xyxyz+r8gfs/i/Mn/M4r9u/pjFf738MYv/+vljFv9X5Y9Z/DfIH7P4vzp/zOK/Yf6YxX+j/DGL/8b5Yxb/TfLHLP6vyR+z+G+aP2bx3yx/zOL/2vwxi//r8scs/q/PH7P4vyF/zOL/xvwxi/+b8scs/m/OH7P4b54/ZvHfIn/M4r9l/pjF/y35Yxb/rfLHLP5b549Z/LfJH7P4b5s/ZvF/a/6YxX+7/DGL/9vyxyz+b88fs/hvnz9m8d8hf8ziv2P+mMV/p/wxi/878scs/u/MH7P475w/ZvHfJX/M4r9r/pjF/135Yxb/d+ePWfzfkz9m8d8tf8ziv3v+mMV/j/wxi/9788cs/u/LH7P4vz9/zOL/gfwxi/8H88cs/nvmj1n8P5Q/ZvH/cP6Yxf8j+WMW/4/mj1n898ofs/h/LH/M4r93/pjF/+P5Yxb/T+SPWfz3yR+z+H8yf8zi/6n8MYv/p/PHLP6fyR+z+H82f8ziv2/+mMV/v/wxi//n8scs/p/PH7P4758/ZvH/Qv6Yxf+A/DGL/4H5Yxb/L+aPWfy/lD9m8f9y/pjF/yv5Yxb/r+aPWfy/lj9m8f96/pjF/xv5Yxb/g/LHLP4H549Z/A/JH7P4H5o/ZvE/LH/M4n94/pjF/4j8MYv/kfljFv+j8scs/kfnj1n8j8kfs/h/M3/M4n9s/pjF/7j8MYv/8fljFv8T8scs/ifmj1n8v5U/ZvH/dv6Yxf+k/DGL/8n5Yxb/U/LHLP6n5o9Z/L+TP2bxPy1/zOJ/ev6Yxf+M/DGL/3fzxyz+38sfs/ifmT9m8T8rf8zif3b+mMX/nPwxi/+5+WMW/+/nj1n8f5A/ZvH/Yf6Yxf9H+WMW/x/nj1n8f5I/ZvE/L3/M4n9+/pjF/6f5Yxb/C/LHLP4/yx+z+F+YP2bxvyh/zOJ/cf6Yxf+S/DGL/6X5Yxb/y/LHLP6X549Z/H+eP2bx/0X+mMX/l/ljFv9f5Y9Z/K/IH7P4X5k/ZvH/df6Yxf83+WMW/6vyxyz+v80fs/hfnT9m8b8mf8zif23+mMX/d/ljFv/r8scs/tfnj1n8b8gfs/j/XuU/+nGvafH/g8r/8Wfx/2P+mMX/xvwxi/+f8scs/jflj1n8b84fs/jfkj9m8b81f8zi/+f8MYv/bfljFv/b88cs/n/JH7P435E/ZvH/a/6Yxf9v+WMW/7/nj1n8/5E/ZvG/M3/M4n9X/pjF/+78MYv/PfljFv9788cs/lPzxyz+9+WPWfzvzx+z+E/LH5P4zznIH7P4D+WPWfxH5Y9Z/GfLH7P4z54/ZvEfnT9m8Z8jf8ziP2f+mMV/rvwxi//c+WMW/3nyxyz+8+aPWfznyx+z+M+fP2bxXyB/zOK/YP6YxX9M/pjFf6H8MYv/2Pwxi//C+WMW/0Xyxyz+T8ofs/g/OX/M4v+U/DGL/6L5Yxb/p+aPWfwXyx+z+D8tf8zi//T8MYv/4vljFv9n5I9Z/J+ZP2bxH5c/ZvF/Vv6Yxf/Z+WMW/+fkj1n8x+ePWfyXyB+z+D83f8ziv2T+mMV/qfwxi//z8scs/s/PH7P4vyB/zOL/wvwxhf/4wZxL548p/AeDOV+UP2bxXyZ/zOK/bP6YxX+5/DGL//L5Yxb/FfLHLP4r5o9Z/F+cP2bxXyl/zOK/cv6YxX+V/DGL/6r5Yxb/l+SPWfxXyx+z+K+eP2bxf2n+mMX/ZfljFv+X549Z/Cfkj1n8J+aPWfwn5Y9Z/NfIH7P4r5k/ZvFfK3/M4j85f8ziPyV/zOK/dv6YxX+d/DGL/yvyxyz+r8wfs/ivmz9m8V8vf8ziv37+mMX/VfljFv8N8scs/q/OH7P4b5g/ZvHfKH/M4r9x/pjFf5P8MYv/a/LHLP6b5o9Z/DfLH7P4vzZ/zOL/uvwxi//r88cs/m/IH7P4vzF/zOL/pvwxi/+b88cs/pvnj1n8t8gfs/hvmT9m8X9L/pjFf6v8MYv/1vljFv9t8scs/tvmj1n835o/ZvHfLn/M4v+2/DGL/9vzxyz+2+ePWfx3yB+z+O+YP2bx3yl/zOL/jvwxi/8788cs/jvnj1n8d8kfs/jvmj9m8X9X/pjF/935Yxb/9+SPWfx3yx+z+O+eP2bx3yN/zOL/3vwxi//78scs/u/PH7P4fyB/zOL/wfwxi/+e+WMW/w/lj1n8P5w/ZvH/SP6Yxf+j+WMW/73yxyz+H8sfs/jvnT9m8f94/pjF/xP5Yxb/ffLHLP6fzB+z+H8qf8zi/+n8MYv/Z/LHLP6fzR+z+O+bP2bx3y9/zOL/ufwxi//n88cs/vvnj1n8v5A/ZvE/IH/M4n9g/pjF/4v5Yxb/L+WPWfy/nD9m8f9K/pjF/6v5Yxb/r+WPWfy/nj9m8f9G/pjF/6D8MYv/wfljFv9D8scs/ofmj1n8D8sfs/gfnj9m8T8if8zif2T+mMX/qPwxi//R+WMW/2Pyxyz+38wfs/gfmz9m8T8uf8zif3z+mMX/hPwxi/+J+WMW/2/lj1n8v50/ZvE/KX/M4n9y/pjF/5T8MYv/qfljFv/v5I9Z/E/LH7P4n54/ZvE/I3/M4v/d/DGL//fyxyz+Z+aPWfzPyh+z+J+dP2bxPyd/zOJ/bv6Yxf/7+WMW/x/kj1n8f5g/ZvH/Uf6Yxf/H+WMW/5/kj1n8z8sfs/ifnz9m8f9p/pjF/4L8MYv/z/LHLP4X5o9Z/C/KH7P4X5w/ZvG/JH/M4n9p/pjF/7L8MYv/5fljFv+f549Z/H+RP2bx/2X+mMX/V/ljFv8r8scs/lfmj1n8f50/ZvH/Tf6Yxf+q/DGL/2/zxyz+V+ePWfyvyR+z+F+bP2bx/13+mMX/uvwxi//1+WMW/xvyxyz+v88fs/j/IX/M4v/H/DGL/435Yxb/P+WPWfxvyh+z+N+cP2bxvyV/zOJ/a/6Yxf/P+WMW/9vyxyz+t+ePWfz/kj9m8b8jf8zi/9f8MYv/3/LHLP5/zx+z+P8jf8zif2f+mMX/rvwxi//d+WMW/3vyxyz+9+aPWfyn5o9Z/O/LH7P4358/ZvGflj8m8Z9rkD9m8R/KH7P4j8ofs/jPlj9m8Z89f8ziPzp/zOI/R/6YxX/O/DGL/1z5Yxb/ufPHLP7z5I9Z/OfNH7P4z5c/ZvGfP3/M4r9A/pjFf8H8MYv/mPwxi/9C+WMW/7H5Yxb/hfPHLP6L5I9Z/J+UP2bxf3L+mMX/KfljFv9F88cs/k/NH7P4L5Y/ZvF/Wv6Yxf/p+WMW/8Xzxyz+z8gfs/g/M3/M4j8uf8zi/6z8MYv/s/PHLP7PyR+z+I/PH7P4L5E/ZvF/bv6YxX/J/DGL/1L5Yxb/5+WPWfyfnz9m8X9B/pjF/4X5Yxb/pfPHLP4vyh+z+C+TP2bxXzZ/zOK/XP6YxX/5/DGL/wr5Yxb/FfPHLP4vzh+z+K+UP2bxXzl/zOK/Sv6YxX/V/DGL/0vyxyz+q+WPWfxXzx+z+L80f8zi/7L8MYv/y/PHLP4T8scs/hPzxyz+k/LHLP5r5I9Z/NfMH7P4r5U/ZvGfnD9m8Z+SP2bxXzt/zOK/Tv6Yxf8V+WMW/1fmj1n8180fs/ivlz9m8V8/f8zi/6r8MYv/BvljFv9X549Z/DfMH7P4b5Q/ZvHfOH/M4r9J/pjF/zX5Yxb/TfPHLP6b5Y9Z/F+bP2bxf13+mMX/9fljFv835I9Z/N+YP2bxf1P+mMX/zfljFv/N88cs/lvkj1n8t8wfs/i/JX/M4r9V/pjFf+v8MYv/NvljFv9t88cs/m/NH7P4b5c/ZvF/W/6Yxf/t+WMW/+3zxyz+O+SPWfx3zB+z+O+UP2bxf0f+mMX/nfljFv+d88cs/rvkj1n8d80fs/i/K3/M4v/u/DGL/3vyxyz+u+WPWfx3zx+z+O+RP2bxf2/+mMX/ffljFv/3549Z/D+QP2bx/2D+mMV/z/wxi/+H8scs/h/OH7P4fyR/zOL/0fwxi/9e+WMW/4/lj1n8984fs/h/PH/M4v+J/DGL/z75Yxb/T+aPWfw/lT9m8f90/pjF/zP5Yxb/z+aPWfz3zR+z+O+XP2bx/1z+mMX/8/ljFv/988cs/l/IH7P4H5A/ZvE/MH/M4v/F/DGL/5fyxyz+X84fs/h/JX/M4v/V/DGL/9fyxyz+X88fs/h/I3/M4n9Q/pjF/+D8MYv/IfljFv9D88cs/oflj1n8D88fs/gfkT9m8T8yf8zif1T+mMX/6Pwxi/8x+WMW/2/mj1n8j80fs/gflz9m8T8+f8zif0L+mMX/xPwxi/+38scs/t/OH7P4n5Q/ZvE/OX/M4n9K/pjF/9T8MYv/d/LHLP6n5Y9Z/E/PH7P4n5E/ZvH/bv6Yxf97+WMW/zPzxyz+Z+WPWfzPzh+z+J+TP2bxPzd/zOL//fwxi/8P8scs/j/MH7P4/yh/zOL/4/wxi/9P8scs/uflj1n8z38c/lcs8P9yYP83s/j/tPMfs/hfkD9m8f9Z/pjF/8L8MYv/RfljFv+L88cs/pfkj1n8L80fs/hflj9m8b88f8zi//P8MYv/L/LHLP6/zB+z+P8qf8zif0X+mMX/yvwxi/+v88cs/r/JH7P4X5U/ZvH/bf6Yxf/q/DGL/zX5Yxb/a/PHLP6/yx+z+F+XP2bxvz5/zOJ/Q/6Yxf/3+WMW/z/kj1n8/5g/ZvG/MX/M4v+n/DGL/035Yxb/m/PHLP635I9Z/G/NH7P4/zl/zOJ/W/6Yxf/2/DGL/1/yxyz+d+SPWfz/mj9m8f9b/pjF/+/5Yxb/f+SPWfzvzB+z+N+VP2bxvzt/zOJ/T/6Yxf/e/DGL/9T8MYv/ffljFv/788cs/tPyxyT+cw/yxyz+Q/ljFv9R+WMW/9nyxyz+s+ePWfxH549Z/OfIH7P4z5k/ZvGfK3/M4j93/pjFf578MYv/vPljFv/58scs/vPnj1n8F8gfs/gvmD9m8R+TP2bxXyh/zOI/Nn/M4r9w/pjFf5H8MYv/k/LHLP5Pzh+z+D8lf8ziv2j+mMX/qfljFv/F8scs/k/LH7P4Pz1/zOK/eP6Yxf8Z+WMW/2fmj1n8x+WPWfyflT9m8X92/pjF/zn5Yxb/8fljFv8l8scs/s/NH7P4L5k/ZvFfKn/M4v+8/DGL//Pzxyz+L8gfs/i/MH/M4r90/pjF/0X5Yxb/ZfLHLP7L5o9Z/JfLH7P4L58/ZvFfIX/M4r9i/pjF/8X5Yxb/lfLHLP4r549Z/FfJH7P4r5o/ZvF/Sf6YxX+1/DGL/+r5Yxb/l+aPWfxflj9m8X95/pjFf0L+mMV/Yv6YxX9S/pjFf438MYv/mvljFv+18scs/pPzxyz+U/LHLP5r549Z/NfJH7P4vyJ/zOL/yvwxi/+6+WMW//Xyxyz+6+ePWfxflT9m8d8gf8zi/+r8MYv/hvljFv+N8scs/hvnj1n8N8kfs/i/Jn/M4r9p/pjFf7P8MYv/a/PHLP6vyx+z+L8+f8zi/4b8MYv/G/PHLP5vyh+z+L85f8ziv3n+mMV/i/wxi/+W+WMW/7fkj1n8t8ofs/hvnT9m8d8mf8ziv23+mMX/rfljFv/t8scs/m/LH7P4vz1/zOK/ff6YxX+H/DGL/475Yxb/nfLHLP7vyB+z+L8zf8ziv3P+mMV/l/wxi/+u+WMW/3flj1n8350/ZvF/T/6YxX+3/DGL/+75Yxb/PfLHLP7vzR+z+L8vf8zi//78MYv/B/LHLP4fzB+z+O+ZP2bx/1D+mMX/w/ljFv+P5I9Z/D+aP2bx3yt/zOL/sfwxi//e+WMW/4/nj1n8P5E/ZvHfJ3/M4v/J/DGL/6fyxyz+n84fs/h/Jn/M4v/Z/DGL/775Yxb//fLHLP6fyx+z+H8+f8ziv3/+mMX/C/ljFv8D8scs/gfmj1n8v5g/ZvH/Uv6Yxf/L+WMW/6/kj1n8v5o/ZvH/Wv6Yxf/r+WMW/2/kj1n8D8ofs/gfnD9m8T8kf8zif2j+mMX/sPwxi//h+WMW/yPyxyz+R+aPWfyPyh+z+B+dP2bxPyZ/zOL/zfwxi/+x+WMW/+Pyxyz+x+ePWfxPyB+z+J+YP2bx/1b+mMX/2/ljFv+T8scs/ifnj1n8T8kfs/ifmj9m8f9O/pjF/7T8MYv/6fljFv8z8scs/t/NH7P4fy9/zOJ/Zv6Yxf+s/DGL/9n5Yxb/c/LHLP7n5o9Z/L+fP2bx/0H+mMX/h/ljFv8f5Y9Z/H+cP2bx/0n+mMX/vPwxi//5+WMW/5/mj1n8L8gfs/j/LH/M4n9h/pjF/6L8MYv/xfljFv9L8scs/pfmj1n8L8sfs/hfnj9m8f95/pjF/xf5Yxb/X+aPWfx/lT9m8b8if8zif2X+mMX/1/ljFv/f5I9Z/K/KH7P4/zZ/7OH+o5/o4fz7PYr/1fljlvP/mvwxi/+1+WMW/9/lj1n8r8sfs/hfnz9m8b8hf8zi//v8MYv/H/LHLP5/zB+z+N+YP2bx/1P+mMX/pvwxi//N+WMW/1vyxyz+t+aPWfz/nD9m8b8tf8zif3v+mMX/L/ljFv878scs/n/NH7P4/y1/zOL/9/wxi/8/8scs/nfmj1n878ofs/jfnT9m8b8nf8zif2/+mMV/av6Yxf++/DGL//35Yxb/afljEv95BvljFv+h/DGL/6j8MYv/bPljFv/Z88cs/qPzxyz+c+SPWfznzB+z+M+VP2bxnzt/zOI/T/7Yf7//XA++lf8j++/3f6B55ssfs/jPnz9m8V8gf8ziv2D+mMV/TP6YxX+h/DGL/9j8MYv/wvljFv9F8scs/k/KH7P4Pzl/zOL/lPwxi/+i+WMW/6fmj1n8F8sfs/g/LX/M4v/0/DGL/+L5Yxb/Z+SPWfyfmT9m8R+XP2bxf1b+mMX/2fljFv/n5I9Z/Mfnj1n8l8gfs/g/N3/M4r9k/pjFf6n8MYv/8/LHLP7Pzx+z+L8gf8zi/8L8MYv/0vljFv8X5Y9Z/JfJH7P4L5s/ZvFfLn/M4r98/pjFf4X8MYv/ivljFv8X549Z/FfKH7P4r5w/ZvFfJX/M4r9q/pjF/yX5Yxb/1fLHLP6r549Z/F+aP2bxf1n+mMX/5fljFv8J+WMW/4n5Yxb/SfljFv818scs/mvmj1n818ofs/hPzh+z+E/JH7P4r50/ZvFfJ3/M4v+K/DGL/yvzxyz+6+aPWfzXyx+z+K+fP2bxf1X+mMV/g/wxi/+r88cs/hvmj1n8N8ofs/hvnD9m8d8kf8zi/5r8MYv/pvljFv/N8scs/q/NH7P4vy5/zOL/+vwxi/8b8scs/m/MH7P4vyl/zOL/5vwxi//m+WMW/y3yxyz+W+aPWfzfkj9m8d8qf8ziv3X+mMV/m/wxi/+2+WMW/7fmj1n8t8sfs/i/LX/M4v/2/DGL//b5Yxb/HfLHLP475o9Z/HfKH7P4vyN/zOL/zvwxi//O+WMW/13yxyz+u+aPWfzflT9m8X93/pjF/z35Yxb/3fLHLP67549Z/PfIH7P4vzd/zOL/vvwxi//788cs/h/IH7P4fzB/zOK/Z/6Yxf9D+WMW/w/nj1n8P5I/ZvH/aP6YxX+v/DGL/8fyxyz+e+ePWfw/nj9m8f9E/pjFf5/8MYv/J/PHLP6fyh+z+H86f8zi/5n8MYv/Z/PHLP775o9Z/PfLH7P4fy5/zOL/+fwxi//++WMW/y/kj1n8D8gfs/gfmD9m8f9i/pjF/0v5Yxb/L+ePWfy/kj9m8f9q/pjF/2v5Yxb/r+ePWfy/kT9m8T8of8zif3D+mMX/kPwxi/+h+WMW/8Pyxyz+h+ePWfyPyB+z+B+ZP2bxPyp/zOJ/dP6Yxf+Y/DGL/zfzxyz+x+aPWfyPyx+z+B+fP2bxPyF/zOJ/Yv6Yxf9b+WMW/2/nj1n8T8ofs/ifnD9m8T8lf8zif2r+mMX/O/ljFv/T8scs/qfnj1n8z8gfs/h/N3/M4v+9/DGL/5n5Yxb/s/LHLP5n549Z/M/JH7P4n5s/ZvH/fv6Yxf8H+WMW/x/mj1n8f5Q/ZvH/cf6Yxf8n+WMW//Pyxyz+5+ePWfx/mj9m8b8gf8zi/7P8MYv/hfljFv+L8scs/hfnj1n8L8kfs/hfmj9m8b8sf8zif3n+mMX/5/ljFv9f5I9Z/H+ZP2bx/1X+mMX/ivwxi/+V+WMW/1/nj1n8f5M/ZvG/Kn/M4v/b/DGL/9X5Yxb/a/LHLP7X5o9Z/H+XP2bxvy5/zOJ/ff6Yxf+G/DGL/+/zxyz+f8gfs/j/MX/M4n9j/pjF/0/5Yxb/m/LHLP43549Z/G/JH7P435o/ZvH/c/6Yxf+2/DGL/+35Yxb/v+SPWfzvyB+z+P81f8zi/7f8MYv/3/PHLP7/yB+z+N+ZP2bxvyt/zOJ/d/6Yxf+e/DGL/735Yxb/qfljFv/78scs/vfnj1n8p+WPSfznHeSPWfyH8scs/qPyxyz+s+WPWfxnzx+z+I/OH7P4z5E/ZvGfM3/M4j9X/pjFf+78MYv/PPljFv9588cs/vPlj1n8588fs/gvkD9m8V8wf8ziPyZ/zOK/UP6YxX9s/pjFf+H8MYv/IvljFv8n5Y9Z/J+cP2bxf0r+mMV/0fwxi/9T88cs/ovlj1n8n5Y/ZvF/ev6YxX/x/DGL/zPyxyz+z8wfs/iPyx+z+D8rf8zi/+z8MYv/c/LHLP7j88cs/kvkj1n8n5s/ZvFfMn/M4r9U/pjF/3n5Yxb/5+ePWfxfkD9m8X9h/pjFf+n8MYv/i/LHLP7L5I9Z/JfNH7P4L5c/ZvFfPn/M4r9C/pjFf8X8MYv/i/PHLP4r5Y9Z/FfOH7P4r5I/ZvFfNX/M4v+S/DGL/2r5Yxb/1fPHLP4vzR+z+L8sf8zi//L8MYv/hPwxi//E/DGL/6T8MYv/GvljFv8188cs/mvlj1n8J+ePWfyn5I9Z/NfOH7P4r5M/ZvF/Rf6Yxf+V+WMW/3Xzxyz+6+WPWfzXzx+z+L8qf8ziv0H+mMX/1fljFv8N88cs/hvlj1n8N84fs/hvkj9m8X9N/pjFf9P8MYv/ZvljFv/X5o9Z/F+XP2bxf33+mMX/DfljFv835o9Z/N+UP2bxf3P+mMV/8/wxi/8W+WMW/y3zxyz+b8kfs/hvlT9m8d86f8ziv03+mMV/2/wxi/9b88cs/tvlj1n835Y/ZvF/e/6YxX/7/DGL/w75Yxb/HfPHLP475Y9Z/N+RP2bxf2f+mMV/5/wxi/8u+WMW/13zxyz+78ofs/i/O3/M4v+e/DGL/275Yxb/3fPHLP575I9Z/N+bP2bxf1/+mMX//fljFv8P5I9Z/D+YP2bx3zN/zOL/ofwxi/+H88cs/h/JH7P4fzR/zOK/V/6Yxf9j+WMW/73zxyz+H88fs/h/In/M4r9P/pjF/5P5Yxb/T+WPWfw/nT9m8f9M/pjF/7P5Yxb/ffPHLP775Y9Z/D+XP2bx/3z+mMV///wxi/8X8scs/gfkj1n8D8wfs/h/MX/M4v+l/DGL/5fzxyz+X8kfs/h/NX/M4v+1/DGL/9fzxyz+38gfs/gflD9m8T84f8zif0j+mMX/0Pwxi/9h+WMW/8Pzxyz+R+SPWfyPzB+z+B+VP2bxPzp/zOJ/TP6Yxf+b+WMW/2Pzxyz+x+WPWfyPzx+z+J+QP2bxPzF/zOL/rfwxi/+388cs/iflj1n8T84fs/ifkj9m8T81f8zi/538MYv/afljFv/T88cs/mfkj1n8v5s/ZvH/Xv6Yxf/M/DGL/1n5Yxb/s/PHLP7n5I9Z/M/NH7P4fz9/zOL/g/wxi/8P88cs/j/KH7P4/zh/zOL/k/wxi/95+WMW//Pzxyz+P80fs/hfkD9m8f9Z/pjF/8L8MYv/RfljFv+L88cs/pfkj1n8L80fs/hflj9m8b88f8zi//P8MYv/L/LHLP6/zB+z+P8qf8zif0X+mMX/yvwxi/+v88cs/r/JH7P4X5U/ZvH/bf6Yxf/q/DGL/zX5Yxb/a/PHLP6/yx+z+F+XP2bxvz5/zOJ/Q/6Yxf/3+WMW/z/kj1n8/5g/ZvG/MX/M4v+n/DGL/035Yxb/m/PHLP635I9Z/G/NH7P4/zl/zOJ/W/6Yxf/2/DGL/1/yxyz+d+SPWfz/mj9m8f9b/pjF/+/5Yxb/f+SPWfzvzB+z+N+VP2bxvzt/zOJ/T/6Yxf/e/DGL/9T8MYv/ffljFv/788cs/tPyxyT+8w3yxyz+Q/ljFv9R+WMW/9nyxyz+s+ePWfxH549Z/OfIH7P4z5k/ZvGfK3/M4j93/pjFf578MYv/vPljFv/58scs/vPnj1n8F8gfs/gvmD9m8R+TP2bxXyh/zOI/Nn/M4r9w/pjFf5H8MYv/k/LHLP5Pzh+z+D8lf8ziv2j+mMX/qfljFv/F8scs/k/LH7P4Pz1/zOK/eP6Yxf8Z+WMW/2fmj1n8x+WPWfyflT9m8X92/pjF/zn5Yxb/8fljFv8l8scs/s/NH7P4L5k/ZvFfKn/M4v+8/DGL//Pzxyz+L8gfs/i/MH/M4r90/pjF/0X5Yxb/ZfLHLP7L5o9Z/JfLH7P4L58/ZvFfIX/M4r9i/pjF/8X5Yxb/lfLHLP4r549Z/FfJH7P4r5o/ZvF/Sf6YxX+1/DGL/+r5Yxb/l+aPWfxflj9m8X95/pjFf0L+mMV/Yv6YxX9S/pjFf438MYv/mvljFv+18scs/pPzxyz+U/LHLP5r549Z/NfJH7P4vyJ/zOL/yvwxi/+6+WMW//Xyxyz+6+ePWfxflT9m8d8gf8zi/+r8MYv/hvljFv+N8scs/hvnj1n8N8kfs/i/Jn/M4r9p/pjFf7P8MYv/a/PHLP6vyx+z+L8+f8zi/4b8MYv/G/PHLP5vyh+z+L85f8ziv3n+mMV/i/wxi/+W+WMW/7fkj1n8t8ofs/hvnT9m8d8mf8ziv23+mMX/rfljFv/t8scs/m/LH7P4vz1/zOK/ff6YxX+H/DGL/475Yxb/nfLHHvTf5oT/av935I9Zzv935o9Z/HfOH7P475I/ZvHfNX/M4v+u/DGL/7vzxyz+78kfs/jvlj9m8d89f8ziv0f+mMX/vfljFv/35Y9Z/N+fP2bx/0D+mMX/g/ljFv8988cs/h/KH7P4fzh/zOL/kfwxi/9H88cs/nvlj1n8P5Y/ZvHfO3/M4v/x/DGL/yfyxyz+++SPWfw/mT9m8f9U/pjF/9P5Yxb/z+SPWfw/mz9m8d83f8ziv1/+mMX/c/ljFv/P549Z/PfPH7P4fyF/zOJ/QP6Yxf/A/DGL/xfzxyz+X8ofs/h/OX/M4v+V/DGL/1fzxyz+X8sfs/h/PX/M4v+N/DGL/0H5Yxb/g/PHLP6H5I9Z/A/NH7P4H5Y/ZvE/PH/M4n+E0n+Of7qGxf9Ipf8/z+J/VP6Yxf/o/DGL/zH5Yxb/b+aPWfyPzR+z+B+XP2bxPz5/zOJ/Qv6Yxf/E/DGL/7fyxyz+384fs/iflD9m8T85f8zif0r+mMX/1Pwxi/938scs/qflj1n8T88fs/ifkT9m8f9u/pjF/3v5Yxb/M/PHLP5n5Y9Z/M/OH7P4n5M/ZvE/N3/M4v/9/DGL/w/yxyz+P8wfs/j/KH/M4v/j/DGL/0/yxyz+5+WPWfzPzx+z+P80f8zif0H+mMX/Z/ljFv8L88cs/hflj1n8L84fs/hfkj9m8b80f8zif1n+mMX/8vwxi//P88cs/r/IH7P4/zJ/zOL/q/wxi/8V+WMW/yvzxyz+v84fs/j/Jn/M4n9V/pjF/7f5Yxb/q/PHLP7X5I9Z/K/NH7P4/y5/zOJ/Xf6Yxf/6/DGL/w35Yxb/3+ePWfz/kD9m8f9j/pjF/8b8MYv/n/LHLP435Y9Z/G/OH7P435I/ZvG/NX/M4v/n/DGL/235Yxb/2/PHLP5/yR+z+N+RP2bx/2v+mMX/b/ljFv+/549Z/P+RP2bxvzN/zOJ/V/6Yxf/u/DGL/z35Yxb/e/PHLP5T88cs/vflj1n8788fs/hPyx+T+M8/eAz/D/7/MKz/q1n8hzr/MYv/qPwxi/9s+WMW/9nzxyz+o/PHLP5z5I9Z/OfMH7P4z5U/ZvGfO3/M4j9P/pjFf978MYv/fPljFv/588cs/gvkj1n8F8wfs/iPyR+z+C+UP2bxH5s/ZvFfOH/M4r9I/pjF/0n5Yxb/J+ePWfyfkj9m8V80f8zi/9T8MYv/YvljFv+n5Y9Z/J+eP2bxXzx/zOL/jPwxi/8z88cs/uPyxyz+z8ofs/g/O3/M4v+c/DGL//j8MYv/EvljFv/n5o9Z/JfMH7P4L5U/ZvF/Xv6Yxf/5+WMW/xfkj1n8X5g/ZvFfOn/M4v+i/DGL/zL5Yxb/ZfPHLP7L5Y9Z/JfPH7P4r5A/ZvFfMX/M4v/i/DGL/0r5Yxb/lfPHLP6r5I9Z/FfNH7P4vyR/zOK/Wv6YxX/1/DGL/0vzxyz+L8sfs/i/PH/M4j8hf8ziPzF/zOI/KX/M4r9G/pjFf838MYv/WvljFv/J+WMW/yn5Yxb/tfPHLP7r5I9Z/F+RP2bxf2X+mMV/3fwxi/96+WMW//Xzxyz+r8ofs/hvkD9m8X91/pjFf8P8MYv/RvljFv+N88cs/pvkj1n8X5M/ZvHfNH/M4r9Z/pjF/7X5Yxb/1+WPWfxfnz9m8X9D/pjF/435Yxb/N+WPWfzfnD9m8d88f8ziv0X+mMV/y/wxi/9b8scs/lvlj1n8t84fs/hvkz9m8d82f8zi/9b8MYv/dvljFv+35Y9Z/N+eP2bx3z5/zOK/Q/6YxX/H/DGL/075Yxb/d+SPWfzfmT9m8d85f8ziv0v+mMV/1/wxi/+78scs/u/OH7P4vyd/zOK/W/6YxX/3/DGL/x75Yxb/9+aPWfzflz9m8X9//pjF/wP5Yxb/D+aPWfz3zB+z+H8of8zi/+H8MYv/R/LHLP4fzR+z+O+VP2bx/1j+mMV/7/wxi//H88cs/p/IH7P475M/ZvH/ZP6Yxf9T+WMW/0/nj1n8P5M/ZvH/bP6YxX/f/DGL/375Yxb/z+WPWfw/nz9m8d8/f8zi/4X8MYv/AfljFv8D88cs/l/MH7P4fyl/zOL/5fwxi/9X8scs/l/NH7P4fy1/zOL/9fwxi/838scs/gflj1n8D84fs/gfkj9m8T80f8zif1j+mMX/8Pwxi/8R+WMW/yPzxyz+R+WPWfyPzh+z+B+TP2bx/2b+mMX/2Pwxi/9x+WMW/+Pzxyz+J+SPWfxPzB+z+H8rf8zi/+38MYv/SfljFv+T88cs/qfkj1n8T80fs/h/J3/M4n9a/pjF//T8MYv/GfljFv/v5o9Z/L+XP2bxPzN/zOJ/Vv6Yxf/s/DGL/zn5Yxb/c/PHLP7fzx+z+P8gf8zi/8P8MYv/j/LHLP4/zh+z+P8kf8zif17+mMX//Pwxi/9P88cs/hfkj1n8f5Y/ZvG/MH/M4n9R/pjF/+L8MYv/JfljFv9L88cs/pflj1n8L88fs/j/PH/M4v+L/DGL/y/zxyz+v8ofs/hfkT9m8b8yf8zi/+v8MYv/b/LHLP5X5Y9Z/H+bP2bxvzp/zOJ/Tf6Yxf/a/DGL/+/yxyz+1+WPWfyvzx+z+N+QP2bx/33+mMX/D/ljFv8/5o9Z/G/MH7P4/yl/zOJ/U/6Yxf/m/DGL/y35Yxb/W/PHLP5/zh+z+N+WP2bxvz1/zOL/l/wxi/8d+WMW/7/mj1n8/5Y/ZvH/e/6Yxf8f+WMW/zvzxyz+d+WPWfzvzh+z+N+TP2bxvzd/zOI/NX/M4n9f/pjF//78MYv/tPwxif8Cg/wxi/9Q/pjFf1T+mMV/tvwxi//s+WMW/9H5Yxb/OfLHLP5z5o9Z/OfKH7P4z50/ZvGfJ3/M4j9v/pjFf778MYv//PljFv8F8scs/gvmj1n8x+SPWfwXyh+z+I/NH7P4L5w/ZvFfJH/M4v+k/DGL/5Pzxyz+T8kfs/gvmj9m8X9q/pjFf7H8MYv/0/LHLP5Pzx+z+C+eP2bxf0b+mMX/mfljFv9x+WMW/2flj1n8n50/ZvF/Tv6YxX98/pjFf4n8MYv/c/PHLP5L5o9Z/JfKH7P4Py9/zOL//Pwxi/8L8scs/i/MH7P4L50/ZvF/Uf6YxX+Z/DGL/7L5Yxb/5fLHLP7L549Z/FfIH7P4r5g/ZvF/cf6YxX+l/DGL/8r5Yxb/VfLHLP6r5o9Z/F+SP2bxXy1/zOK/ev6Yxf+l+WMW/5flj1n8X54/ZvGfkD9m8Z+YP2bxn5Q/ZvFfI3/M4r+myH+uf2Fdi/9aIv9/JYv/5Pwxi/+U/DGL/9r5Yxb/dfLHLP6vyB+z+L8yf8ziv27+mMV/vfwxi//6+WMW/1flj1n8N8gfs/i/On/M4r9h/pjFf6P8MYv/xvljFv9N8scs/q/JH7P4b5o/ZvHfLH/M4v/a/DGL/+vyxyz+r88fs/i/IX/M4v/G/DGL/5vyxyz+b84fs/hvnj9m8d8if8ziv2X+mMX/LfljFv+t8scs/lvnj1n8t8kfs/hvmz9m8X9r/pjFf7v8MYv/2/LHLP5vzx+z+G+fP2bx3yF/zOK/Y/6YxX+n/DGL/zvyxyz+78wfs/jvnD9m8d8lf8ziv2v+mMX/XfljFv93549Z/N+TP2bx3y1/zOK/e/6YxX+P/DGL/3vzxyz+78sfs/i/P3/M4v+B/DGL/wfzxyz+e+aPWfw/lD9m8f9w/pjF/yP5Yxb/j+aPWfz3yh+z+H8sf8ziv3f+mMX/4/ljFv9P5I9Z/PfJH7P4fzJ/zOL/qfwxi/+n88cs/p/JH7P4fzZ/zOK/b/6YxX+//DGL/+fyxyz+n88fs/jvnz9m8f9C/pjF/4D8MYv/gfljFv8v5o9Z/L+UP2bx/3L+mMX/K/ljFv+v5o9Z/L+WP2bx/3r+mMX/G/ljFv+D8scs/gfnj1n8D8kfs/gfmj9m8T8sf8zif3j+mMX/iPwxi/+R+WMW/6Pyxyz+R+ePWfyPyR+z+H8zf8zif2z+mMX/uPwxi//x+WMW/xN0/o/v01r8T9T5P74s/t/KH7P4fzt/zOJ/Uv6Yxf/k/DGL/yn5Yxb/U/PHLP7fyR+z+J+WP2bxPz1/zOJ/Rv6Yxf+7+WMW/+/lj1n8z8wfs/iflT9m8T87f8zif07+mMX/3Pwxi//388cs/j/IH7P4/zB/zOL/o/wxi/+P88cs/j/JH7P4n5c/ZvE/P3/M4v/T/DGL/wX5Yxb/n+WPWfwvzB+z+F+UP2bxvzh/zOJ/Sf6Yxf/S/DGL/2X5Yxb/y/PHLP4/zx+z+P8if8zi/8v8MYv/r/LHLP5X5I9Z/K/MH7P4/zp/zOL/m/wxi/9V+WMW/9/mj1n8r84fs/hfkz9m8b82f8zi/7v8MYv/dfljFv/r88cs/jfkj1n8f58/ZvH/Q/6Yxf+P+WMW/xvzxyz+f8ofs/jflD9m8b85f8zif0v+mMX/1vwxi/+f88cs/rflj1n8b88fs/j/JX/M4n9H/pjF/6/5Yxb/v+WPWfz/nj9m8f9H/pjF/878MYv/XfljFv+788cs/vfkj1n8780fs/hPzR+z+N+XP2bxvz9/zOI/LX9M4r/gIH/M4j+UP2bxH5U/ZvGfLX/M4j97/g9rtpFHi//o/DGL/xz5Yxb/OfPHLP5z5Y9Z/OfOH7P4z5M/ZvGfN3/M4j9f/pjFf/78MYv/AvljFv8F88cs/mPyxyz+C+WPWfzH5o9Z/BfOH7P4L5I/ZvF/Uv6Yxf/J+WMW/6fkj1n8F80fs/g/NX/M4r9Y/pjF/2n5Yxb/p+ePWfwXzx+z+D8jf8zi/8z8MYv/uPwxi/+z8scs/s/OH7P4Pyd/zOI/Pn/M4r9E/pjF/7n5Yxb/JfPHLP5L5Y9Z/J+XP2bxf37+mMX/BfljFv8X5o9Z/JfOH7P4vyh/zOK/TP6YxX/Z/DGL/3L5Yxb/5fPHLP4r5I9Z/FfMH7P4vzh/zOK/Uv6YxX/l/DGL/yr5Yxb/VfPHLP4vyR+z+K+WP2bxXz1/zOL/0vwxi//L8scs/i/PH7P4T8gfs/hPzB+z+E/KH7P4r5E/ZvFfM3/M4r9W/pjFf3L+mMV/Sv6YxX/t/DGL/zr5Yxb/V+SPWfxfmT9m8V83f8ziv17+mMV//fwxi/+r8scs/hvkj1n8X50/ZvHfMH/M4r9R/pjFf+P8MYv/JvljFv/X5I9Z/DfNH7P4b5Y/ZvF/bf6Yxf91+WMW/9fnj1n835A/ZvF/Y/6Yxf9N+WMW/zfnj1n8N88fs/hvkT9m8d8yf8zi/5b8MYv/VvljFv+t88cs/tvkj1n8t80fs/i/NX/M4r9d/pjF/235Yxb/t+ePWfy3zx+z+O+QP2bx3zF/zOK/U/6Yxf8d+WMW/3fmj1n8d84fs/jvkj9m8d81f8zi/678MYv/u/PHLP7vyR+z+O+WP2bx3z1/zOK/R/6Yxf+9+WMW//flj1n835///8cePSAAQihQAPxG3Gzbtm3btu3dbNu2bdu2bdt1gXeC3swVJmr5H+g/avkf5D9q+d/Tf9Tyv5f/qOV/b/9Ry/8+/qOW/339Ry3/+/mPWv739x+1/B/gP2r5P9B/1PJ/kP+o5f9g/1HL/yH+o5b/Q/1HLf+H+Y9a/g/3H7X8H+E/avk/0n/U8n+U/6jl/2j/Ucv/Mf6jlv9j/Uct/8f5j1r+j/cftfyf4D9q+T/Rf9Tyf5L/qOX/ZP9Ry/8p/qOW/1P9Ry3/p/mPWv5P9x+1/J/hP2r5P9N/1PJ/lv+o5f9s/1HL/zn+o5b/c/1HLf/n+Y9a/s/3H7X8X+A/avm/0H/U8n+R/6jl/2L/Ucv/Jf6jlv9L/Uct/5f5j1r+L/cftfxf4T9q+b/Sf9Tyf5X/qOX/av9Ry/81/qOW/2v9Ry3/1/mPWv6v9x+1/N/gP2r5v9F/1PJ/k/+o5f9m/1HL/y3+o5b/W/1HLf+3+Y9a/m/3H7X83+E/avm/03/U8n+X/6jl/27/Ucv/Pf6jlv97/Uct//f5j1r+7/cftfw/4D9q+X/Qf9Ty/5D/qOX/Yf9Ry/8j/qOW/0f9Ry3/j/mPWv4f9x+1/D/hP2r5f9J/1PL/lP+o5f9p/1HL/zP+o5b/Z/1HLf/P+Y9a/p/3H7X8v+A/avl/0X/U8v+S/6jl/2X/Ucv/K/6jlv9X/Uct/6/5j1r+X/cftfy/4T9q+X/Tf9Ty/5b/qOX/bf9Ry/87/qOW/3f9Ry3/7/mPWv7f9x+1/H/gP2r5/9B/1PL/kf+o5f9j/1HL/yf+o5b/T/1HLf+f+Y9a/j/3H7X8f+E/avn/0n/U8v+V/6jl/2v/Ucv/N/6jlv9v/Uct/9/5j1r+v/cftfz/4D9q+f/Rf9Ty/5P/qOX/Z/9Ry/8v/qOW/1/9Ry3/v/mPWv5/9x+1/P/hPyr5H/A3/1HL/9/9Ry3///Aftfz/03/U8v8v/1HL/7/9Ry3///Eftfz/13/U8v8//1HL///9Ry3/g/mPWv4H9x+1/A/hP2r5H9J/1PI/lP+o5X9o/1HL/wD/Ucv/MP6jlv9h/Uct/8P5j1r+h/cftfyP4D9q+R/Rf9TyP5L/qOV/ZP9Ry/8o/qOW/1H9Ry3/o/mPWv5H9x+1/I/hP2r5H9N/1PI/lv+o5X9s/1HL/zj+o5b/cf1HLf/j+Y9a/sf3H7X8T+A/avmf0H/U8j+R/6jlf2L/Ucv/JP6jlv9J/Uct/5P5j1r+J/cftfxP4T9q+Z/Sf9TyP5X/qOV/av9Ry/80/qOW/2n9Ry3/0/mPWv6n9x+1/M/gP2r5n9F/1PI/k/+o5X9m/1HL/yz+o5b/Wf1HLf+z+Y9a/mf3H7X8z+E/avmf03/U8j+X/6jlf27/Ucv/PP6jlv95/Uct//P5j1r+5/cftfwv4D9q+V/Qf9Tyv5D/qOV/Yf9Ry/8i/qOW/0X9Ry3/i/mPWv4X9x+1/C/hP2r5X9J/1PK/lP+o5X9p/1HL/zL+o5b/Zf1HLf/L+Y9a/pf3H7X8r+A/avlf0X/U8r+S/6jlf2X/Ucv/Kv6jlv9V/Uct/6v5j1r+V/cftfyv4T9q+V/Tf9Tyv5b/qOV/bf9Ry/86/qOW/3X9Ry3/6/mPWv7X9x+1/G/gP2r539B/1PK/kf+o5X9j/1HL/yb+o5b/Tf1HLf+b+Y9a/jf3H7X8b+E/avnf0n/U8r+V/6jlf2v/Ucv/Nv6jlv9t/Uct/9v5j1r+t/cftfzv4D9q+d/Rf9Tyv5P/qOV/Z/9Ry/8u/qOW/139Ry3/u/mPWv539x+1/O/hP2r5H+g/avkf5D/6y/0DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwJ/t2G1tnWfhx/O62jrE//2TEBZehySYXCokw2z1kvCBsMrbVQTeexwBHt3Zjo91m12FXwD28mEQID5JMskSJsmUoYSY0EgPBCiIadFETDT4AohBF40QIuiUu1pz2tLTHrvFc9boW5fN50XPu++x3b2vy3X0vMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD479XQuPDI+Jphp8YPPfjg4Za+1zlHV9584Lc9Fw68lj9eNsIlxw096O3t7Z3z3Owd5cNTiqIo/Ww7y8eTKsel6++s/0Jn/1FY0PPSkuNTft545MCa0x+p6z56f23f2dripnUbWls+Nq4owsW1RWfpoK6mKMLi2uK+0kF96WBJbfFI6WB238GpxbdLB+ev3dzaXDqxNPp7Bv8rGhp3FuOHFVsM+9NgaP87679158DrKJccuNqEotz/FV3ff6viswEn6H/g+mFhZf9V/waBE6qu/xcWDLyOcsl/uf9PfmrVKyN9duL+B64fPq5/SGeE5/9hjVY+91c8/88Y4ZKD+6tquo6X+r/0tmdnlk9N+Hee/9+9fri4sv9xw57/S8/xiwae/08pinDJGL8d8J7S0LjryGj3/9H7nzC9YlMztP8z2jfvL/X/+JLvPVE+VVtl/4tGuf+PW1rxawWq09D45d6K+38V/RcfGeGSg/2//cSvHy71/9jvHzhzyGfV9H9JZf+zOtq2zNq6veu8DW1N61vWt2yqmz1/zrz6unkXzJ3V90jQ/3WM3xV4bxjb/b+YXLGpKYqWwf013QeeLvU/98EH55RPTaqy/8Wj3v9nuP/DiD40rpg4sehs6uhor+v/OnBY3/+1/4eN0H8Vf/8/65zyD6stv9YUxbTB/V1n3r2i1P87h57dXT41scr+l4za/4LBnxeIMMb7f3PFZlj/Bw+91Pf8v+zeg2eUT1X79/+lo/b/qvs/jEVDY8X/8PMfVup/V3FZZKehwX//g3Ry9P/YOzf0xK3DJ/QP6eTo/3efO3pu3Dos0z+kk6P/CRsfeD5uHS7VP6STo//lU+eviFuHy/QP6eTof+2r5/45bh0a9Q/p5Oj/nC/t7oxbh+X6h3Ry9P9Q+5xtceuwQv+QTo7+f3raQ6/FrcPl+od0cvR/7Ng9N8atwxX6h3Ry9N+95+wfxK3DlfqHdHL0f/m6hSFuHa7SP6STo//p0/74eNw6XK1/SCdH//P+9PfT4tbhGv1DOjn6v+PzK/bFrcO1+od0cvQ//vpXXoxbh5X6h3Ry9L/07G0L49bhOv1DOjn6b/5Jc2/cOqzSP6STo/9ZX//Rhrh1uF7/kE6O/g8vf3RP3DrcoH9IJ0f/e+qKKXHrcKP+IZ0c/X/tu6cfiluHT+of0snR/2+eenJ+3Dqs1j+kk6P/5z5w+zfi1uEm/UM6Ofq/d82LZ8WtQ5P+IZ0c/T+89/kvxq3DGv1DOjn6f+ONtv+LW4e1+od0cvQ/edKpr8etQ7P+IZ0c/S+89SvtcevQon9IJ0f/bbu7fxi3Duv0D+nk6P/Dx6etiluH9fqHdHL0v3Lu3vfHrcPN+od0cvT/vmUX7opbhw36h3Ry9H9Rz0cviluHjfqHdHL03/HMZ78atw636B/SydH/3pmvLY5bh1b9Qzo5+n959dIfx61Dm/4hnRz9v/XodZvi1mGT/iGdHP0/+bO3j8Wtw2b9Qzo5+v//Cxb9NW4dtugf0snR/+Ilb66NW4dP6R/SydH/xu5/vBy3Du36h3Ry9D/z8NXL4tZhq/4hnRz9f+e8uv1x69Chf0gnR/93XrmvPm4dtukf0snR//6Dd90dtw636h/SydH/m7+YMT1uHT6tf0gnR//3Tzl0bdw6dOof0snR/y831T4Ttw7b9Q/p5Oj/b/um7ohbhy79Qzo5+n/69Z4/xK3DbfqHdHL0v3rCrybGrcPt+od0cvQ/tWvLfXHrcIf+IZ0c/c+/p+n8uHX4jP4hnRz9b/3LC9+MW4cd+od0tm7vuqWptbWl3RtvvPFm8M3J/pMJSO3d6E/2rwQAAAAAAAAAAAAAADiRHP+c6GT/HgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB/sgMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYUdOBYAAAAAEOZvHUTvBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF8BAAD//+8S49Y=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000540), 0x44800, 0x0)
sendfile(r0, r1, 0x0, 0xfffe82)
openat(0xffffffffffffff9c, &(0x7f0000000600)='./file1\x00', 0x1f, 0x20)

1.701290165s ago: executing program 2 (id=837):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r0, 0x0)
syz_mount_image$exfat(&(0x7f0000000000), &(0x7f0000000240)='./file1\x00', 0x0, &(0x7f00000000c0)=ANY=[], 0x1, 0x1513, &(0x7f0000002d00)="$eJzs3Au4TlW3OPAx5pxLm9Cb5D7HHIs3uUySJJeERJIkSZJbQpIkSUhscktCEnJPcg/JLST3+y33kHySJAkJSeb/0df3d77Td0595+sc5zl7/J5nPXuOvd4x1lh77Od911rPs/c37QdWrlulYm1mhn8J/vVLKgCkAEAfALgGACIAKJGlRBbAIZBeY+q/dhDx53poypXuQFxJMv+0Teaftsn80zaZf9om80/bZP5pm8w/bZP5C5GWbZma81rZ0u72P/f8H+T5//868vn/f8jhIqO+WFfk+g7/RIrMP22T+adtMv+0Teaftsn80zaZ//9xEUCF/2S3zD9tk/kLkZZd6efPsl3Z7Ur//gkhhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGESBvOhcsMAPxtfaX7EkIIIYQQQgghxJ8nXHWlOxBCCCGEEEIIIcR/PwQFGgxEkA6ughRIDxngasgImSAzXAMJuBaywHWQFa6HbJAdckBOyAW5IQ9YIHDAEENeyAdJuAHyw41QAApCISgMHopAUbgJisHNUBxugRJwK5SE26AUlIYyUBZuh3JwB5SHClAR7oRKcBdUhipwN1SFe6Aa3AvV4T6oAfdDTXgAasGDUBsegjrwMNSFR6AePAr1oQE0hEbQ+L+U/yJ0hpegC3SFVOgG3eFl6AE9oRf0hj7wCvSFV6EfvAb9YQAMhNdhELwBg+FNGAJDYRi8BcNhBIyEUTAaxsBYeBvGwTswHt6FCTARJsFkmAJTYRq8B9NhBsyE92EWfACzYQ7MhXkwHz6EBbAQFsFHsBg+hiWwFJbBclgBK2EVrIY1sBbWwXrYABthE2yGLfAJbIVtsB12wE7YBbvhU9gDe2EffAb74fN/Mv/sv8vvgICAChUaNJgO02EKpmAGzIAZMSNmxsyYwARmwSyYFbNiNsyGOTAH5sJcmAfzICEhI2NezItJTGJ+zI8FsAAWwkLo0WNRLIrF8GYsjsWxBJbAklgSS2FpLI1lsSyWw3JYHstjRayIlbASVsbKeDfejfdgNayG1REBoAbWxJpYC2thbayNdbAO1sW6WA/rYX2sjw2xITbGxtgEm2BTbIrNsTm2wBbYEltiK2yFrbE1tsE22BbbYjtsh+2xPXbAjtgRX8QX8SV8CbtiJdUNu2N37IE9sBf2xt74CvbFV/FVfA374wAciK/j6/gGDsYzOASH4jAchuXUCByJo5DVGByLY3EcjsPxOB4n4ESciJNxCk7FaTgNp+MMnIHv4yz8AD/AOTgH5+F8nI8LcCEuwkW4GM/iElyKy3A5rsCVuAJX4xpcjetwPa7DjbgRN+Nm/AQ/wW24DXfgDtyFu/BT/BT34l7sj/txPx7AA3gQD+IhPISH8TAewSN4FI/iMTyGx/E4nsCTeApP4mk8jWfwLJ7Dc3gez+MFfD7XV3V2FVzbH9QlRhmVTqVTKSpFZVAZVEaVUWVWmVVCJVQWlUVlVVlVNpVN5VA5VC6VS+VReRQpUqxilVflVUmVVPlVflVAFVCFVCHllVdFVVFVTBVTxVVxVULdqkqq21QpVVo182VVWVVONfflVQVVUVVUldRdqrKqoqqoqqqqqqaqqeqquqqhaqia6gFVS3XDXviQujSZumoA1lMDsb5qoBqqRuoNfEw1UYOxqWqmmqsn1FAcgi1VE99KPa1aq5HYRj2rRuFzqp0ag+3VC6qD6qg6qRdVZ9XUd0n361ugmow9VE/VS/VWmeAudWlildVrqr8aoAaq19U8fEMNVm+qIWqoGqbeUsPVCDVSjVKj1Rg1Vr2txql31Hj1rpqgJqpJarKaoqaqaeo9NV3NUDPV+2qW+kDNVnPUXDVPzVcfqgVqoVqkPlKL1cdqiVqqlqnlaoVaqVap1WqNWqvWqfVqg9qoNqnNaov6RG1V29R2tUPtVLvUbvWp2qP2qn3qM7Vffa4OqL+og+oLdUh9qQ6rr9QR9bU6qr5Rx9S36rj6Tp1QJ9Up9b06rX5QZ9RZdU79qM6rn9QF9bO6qIICjVpprY2OdDp9lU7R6XUGfbXOqDPpzPoandDX6iz6Op1VX6+z6ew6h86pc+ncOo+2mrTTrGOdV+fTSX2Dzq9v1AV0QV1IF9ZeF9FF9U26mL5ZF9e36BL6Vl1S36ZL6dK6jC6rb9fl9B26vK6gK+o7dSV9l66sq+i7dVV9j66m79XV9X26hr5f19QP6Fr6QV1bP6Tr6Id1Xf2Irqcf1fV1A91QN9KN9WO6iX5cN9XNdHP9hG6hn9Qt9VO6lX5at9bP6Db6Wd1WP6fb6ed1e/2C7qA76k76Z31RB91Fd9Wpupvurl/WPXRP3Uv31n30K7qvflX306/p/nqAHqhf14P0G3qwflMP0UP1MP2WHq5H6JF6lB6tx+ix+m09Tr+jx+t39QQ9UU/Sk/UUPVX3+rXSzD+Q/84/yO/3y9E36y36E71Vb9Pb9Q69U+/Su/VuvUfv0fv0Pr1f79cH9AF9UB/Uh/QhfVgf1kf0EX1UH9XH9DF9XB/XJ/RJ/aP+Xp/WP+gz+qw+q3/U5/V5feHXnwEYNMpoY0xk0pmrTIpJbzKYq01Gk8lkNteYhLnWZDHXmazmepPNZDc5TE6Ty+Q2eYw1ZJxhE5u8Jp9JmhtMfnOjKWAKmkKmsPGmiClqbvqX83+vv8amsWlimpimpqlpbpqbFqaFaWlamlamlWltWps2po1pa9qadqadaW/amw6mg+lkOpnOprPpYrqYVJNqupuXTQ/T0/QyvU0f84rpa/qafqaf6W/6m4FmoBlkBpnBZrAZYoaYYWaYGW6Gm5FmpBltRpuxZqwZZ8aZ8Wa8mWAmmElmkplipphpZpqZbqabmWammWVmmdlmtplr5pr5Zr5ZYBaYRWaRWWwWmyVmqVlqlpvlZqVZaVab1WatWWvWm/Vmo9lolpgtZovZaraa7Wa72Wl2mt1mt9lj9ph9Zp/Zb/abA+aAOWgOmkPmkDlsDpsj5og5ao6aY+aYOW6OmxPmhDllTpnT5rQ5Y86Yc+acOW/OmwvmgrloLl667ItUpCITmShdlC5KiVKiDFGGKGOUMcocZY4SUSLKEmWJskbXR9mi7FGOKGeUK8odpYKNKHIRR3GUN8oXJaMbovzRjVGBqGBUKCoc+ahIVDS6KSoW3RwVj26JSkS3RiWj26JSUemoTFQ2uj0qF90RlY8qRBWjO6NK0V1R5ahKdHdUNbonqhbdG1WP7otqRPdHNaMHolrRg1Ht6KGoTvRwVDd6JKoXPRrVjxpEDaNGUeM/tX4IZ7I/7rvYrjbVdrPd7cu2h+1pe9neto99xfa1r9p+9jXb3w6wA+3rdpB9ww62b9ohdqgdZt+yw+0IO9KOsqPtGDvWvm3H2XfsePuunWAn2kl2sp1ip9pp9j073c6wM+37dpb9wM62c+xcO8/Otx/aBXahXWQ/sovtx3aJXWqX2eV2hV1pV9nVdo1da9fZ9XaD3Wg32c12i/3EbrXb7Ha7w+60u+xu+6ndY/faffYzu99+bg/Yv9iD9gt7yH5pD9uv7BH7tT1qv7HH7Lf2uP3OnrAn7Sn7vT1tf7Bn7Fl7zv5oz9uf7AX7s71ow6WL+0sf72TIUDpKRymUQhkoA2WkjJSZMlOCEpSFslBWykrZKBvloByUi3JRHspDlzAx5aW8lKQk5af8VIAKUCEqRJ48FaWiVIyKUXEqTiWoBJWkklSKSlEZKkO30+10B91BFagC3Ul30l10F1WhKlSVqlI1qkbVqTrVoBpUk2pSLapFtak21aE6VJfqUj2qR/WpPjWkhtSYGlMTakJNqSk1p+bUglpQS2pJragVtabW1IbaUFtqS+2oHbWn9tSBOlAn6kSdqTN1oS6USqnUnbpTD+pBvagX9aE+1Jf6Uj/qR/2pPw2kgTSIBtFgGkxDaCgNo7doOI2gkTSKRtMYGktjaRyNo/E0nibQBJpEk2gKTaFpNI2m03SaSTNpFs2i2TSb5tJcmk/zaQEtoEW0iBbTYlpCS2gZLaMVtIJW0SpaQ2toHa2jDbSBNtEm2kJbaCttpe20nXbSTtpNu2kP7aF9tI/20346QAfoIB2kQ3SIDtNhOkJH6CgdpWN0jI7TcTpBJ+gUnaLTdJrO0Bk6R+foPP1EF+hnukiBUpyCDO5ql9FlcpndNS7FpXcZ3F8vmC7FOVxOl8vldnmcddlc9r+LyTlXwBV0hVxh510RV9Td9Ju4lCvtyriy7nZXzt3hyv8mrurucdXcva66u89VcXf/XVzD3e9qukdcLfeoq+0auDqukavrHnH13KOuvmvgGrpGroV70rV0T7lW7mnX2j3zm3iBW+jWuLVunVvv9ri97pz70R1137jz7ifXxXV1fdwrrq971fVzr7n+bsBv4mHuLTfcjXAj3Sg32o35TTzJTXZT3FQ3zb3nprsZv4nnuw/dLLfIzXZz3Fw375f4Uk+L3EdusfvYLXFL3TK33K1wK90qt/r/97rcbXSb3Ga3233qtrptbrvb4Xa6Xb/El85jn/vM7XefuyPua3fQfeEOuWPusPvql/jS+R1z37rj7jt3wp10p9z37rT7wZ1xZ385/0vn/r372V10wQEjK9ZsOOJ0fBWncHrOwFdzRs7EmfkaTvC1nIWv46x8PWfj7JyDc3Iuzs152DKxY+aY83I+TvINnJ9v5AJckAtxYfZchIvyTVyMb+bifAuX4Fu5JN/Gpbg0l+GyfDuX4zu4PFfginwnVwqBK3MVvpur8j1cje/l6nwf1+D7uSY/wLX4Qa7ND3Edfpjr8iNcjx/l+tyAG3IjbsyPcRN+nJtyM27OT3ALfpJb8lPcip/m1vwMt+FnuS0/x+34eW7PL3AH7sid+EXuzC9xF+7KqdyNu/PL3IN7ci/uzX34Fe7Lr3I/fo378wAeyK/zIH6DB/ObPISH8jB+i4fzCB7Jo3g0j+Gx/DaP43d4PL/LE3giT+LJPIWn8jR+j6fzDJ7J7/Ms/oBn8xyey/N4Pn/IC3ghL+KPeDF/zEt4KS/j5byCV/IqXs1reC2v4/W8gTfyJt7MW/gT3srbeDvv4J28i3fzp7yH9/I+/oz38+d8gP/CB/kLPsRf8mH+io/w13yUv+Fj/C0f5+/4BJ/kU/w9n+Yf+Ayf5XP8I5/nn/gC/8wXOTDEGKtYxyaO4nTxVXFKnD7OEF8dZ4wzxZnja+JEfG2cJb4uzhpfH2eLs8c54pxxrjh3nCe2McUu5jiO88b54mR8Q5w/vjEuEBeMC8WFYx8XiYvGN8XF4pvj4vEtcYn41rhkfFtcKi4dP3Jf2fj2uFx8R1w+rhBXjO+MK8V3xZXjKvHdcdX4nrhafG9cPb4vLh7fH9eMH4hrxQ/GteOH4jrxw3Hd+JG4XvxoXD9uEDeMG8WN48fiJvHjcdO4Wdw8fiJuET8Zt4yfilvFT8et42d+d39q3C3uHr8cvxyHcK+em5yXnJ/8MLkguTC5KPlRcnHy4+SS5NLksuTy5IrkyuSq5OrkmuTa5Lrk+uSG5MbkpuTmZAhVrgKPXnntjY98On+VT/HpfQZ/tc/oM/nM/hqf8Nf6LP46n9Vf77P57D6Hz+lz+dw+j7eevPPsY5/X5/NJf4PP72/0BXxBX8gX9t4X8UV9I9/YN/ZN/OO+qW/mm/sn/BP+Sf+kf8o/5Z/2rf0zvo1/1rf1z/l2/nn/vH/Bd/AdfSf/ou/sX/JdfFef6lN9d9/d9/A9fC/fy/fxfXxf39f38/18f9/fD/QD/SA/yA/2g/0QP8QP88P8cD/cj/Qj/Wg/2o/1Y/04P86P9+P9BD/BT/KT/BQ/xU/z0/x0P93P9DP9rAKz/Gw/28/1c/18P98v8Av8Ir/IL/aL/RK/xC/zy/wKv8Kv8qv8Gr/Gr/Pr/Aa/wW/ym/wWv8Vv9Vv9dr/d7/Q7/W6/2+/xe/w+v8/v9/v9AX/AH/QH/SH/pT/sv/JH/Nf+qP/GH/Pf+uP+O3/Cn/Sn/Pf+tP/Bn/Fn/Tn/oz/vf/IX/M/+og9+bOLtxLjEO4nxiXcTExITE5MSkxNTElMT0xLvJaYnZiRmJt5PzEp8kJidmJOYm5iXmJ/4MLEgsTCxKPFRYnHi48SSxNLEssTyxIrEykQIubfGIW/IF5LhhpA/3BgKhIKhUCgcfCgSioabQrFwcygebgklwq2hZLgtlAqlQ5nwaKgfGoSGoVFoHB4LTcLjoWloFpqHJ0KL8GRoGZ4KrcLToXV4JrQJz4a24bnQLjwf2ocXQofQMXQKL4bO4aXQJXQNqaFb6B5eDj1Cz9Ar9A59wiuhb3g19Auvhf5hQBgYXg+DwhthcHgzDAlDw7DwVhgeRoSRYVQYHcaEseHtMC68E8aHd8OEMDFMCpPDlDA1TAvvhelhRpgZ3g+zwgdhdpgT5oZ5YX74MCwIC8Oi8FFYHD4OS8LSsCwsDyvCyrAqrA5rwtqwLqwPG8LGsClsDlvCJ2Fr2Ba2hx1hZ9gVdodPw56wN+wLn4X94fNwIPwlHAxfhEPhy3A4fBWOhK/D0fBNOBa+DcfDd+FEOBlOhe/D6fBDOBPOhnPhx3A+/BQuhJ/DRfmbNSGEEEKIP0T/zv5u/+B76QBA/bruDgCZtuU8/O9rbsj213VPlatFAgCe7tr+ob9tlSqlpqb++tolGqJ8cwAg8ff1/xYvhebwJLSCZlDsH/bXU3U8z79TP3krQIZ/k5MCl+PL9W/+D+o/9sSwBSXjc1n+k/pzAArku5yTHi7Hl+sX/w/qZ2/yO/2n/2IsQNN/k5MRLseX6xeFx+EZaPV3r/wDAxZCCCGEEEIIkSb0VGXa/t7986X781zmcs5VcDn+vftzIYQQQgghhBBCXHnPdez01GOtWjVr+8cW+OtzgX8u609b1Nq299lLh78yR5fFf3mBAPC/oA1Z/PHFFX5jEkIIIYQQQvzpLl/0X+lOhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEKItOt/4t+JXelzFEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIa60/xcAAP//daA1bQ==")
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)

1.580260013s ago: executing program 3 (id=838):
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, 0x0)
socket$packet(0x11, 0x3, 0x300)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000940)={0x2, 0x0, [{0x8000000, 0x93, &(0x7f0000000400)=""/147}, {0xb2bf7131dfee82e3, 0x0, 0x0}]})

1.339399303s ago: executing program 34 (id=838):
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, 0x0)
socket$packet(0x11, 0x3, 0x300)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000940)={0x2, 0x0, [{0x8000000, 0x93, &(0x7f0000000400)=""/147}, {0xb2bf7131dfee82e3, 0x0, 0x0}]})

1.332849177s ago: executing program 6 (id=840):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x9}]}, 0x0)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000300)=0x8)
setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000100)={r2, 0x5}, 0x8)

1.332386177s ago: executing program 2 (id=841):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x141800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_EXCEPTION_PAYLOAD(r1, 0x4068aea3, &(0x7f0000000580)={0xa4, 0x0, 0x1})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@x86={0xfd, 0x3, 0x1, 0x0, 0x5, 0x7, 0xcf, 0x10, 0x8, 0x8, 0x8, 0x7, 0x0, 0x1, 0x1e, 0x1, 0x45, 0xd8, 0x2, '\x00', 0x4, 0x11000})

1.258229728s ago: executing program 6 (id=842):
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x81, 0x0, 0x0, 0x69}, 0x10)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x9)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000040)={0xdddd0000, 0x10000})

1.164186551s ago: executing program 2 (id=843):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f0000000240)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x300, 0x14}, @ipv4=@tcp={{0x5, 0x4, 0x0, 0x3c, 0x61, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x2200, 0x22eb, 0x41424344, 0x41424344, 0x0, 0x0, 0x17b}, {"4adcda08f6e83e2aa00e133f88a8349f88a8d34258b7ce59c9f907afa16494c9529c474f408faf3b9f94bd27baf2da8080408833ba4d60cbac74d79515ed013b4664253d3804bf1877f18388d7054aa3bf345bbb74377cd019eb8d5294b42bce5511ddbded4c12b4945c39510aafdc664833262f20a650a2101116f625f18e5dbc2412dc411b90f73e7eb0391ad372be5c5701acd97fa67aeefc8347ec24071f4a5af78ea30b0e3c4171eff58bcf976022b363d9d6d3be78d12b6afd47c8ca6e9e5032df8da904f85e2b6b130dbb484f45a8d3a0c61f431932caa843eb5cc79cd741e0119a9deb81bfa1e9217b1be19242e8fe489fe6a0d03ac85f11bb4c6d029f0091110917e1bd175d1382d341eb56d0645f4056442c20c398d9c1b6acd8b55c4cc272ba50cacfb06473577ba82c3c518628c86c3df02a8479a00574e46a711fce33db"}}}}, 0xfdef)

1.097992746s ago: executing program 6 (id=844):
syz_mount_image$udf(&(0x7f0000000000), &(0x7f00000094c0)='./file1\x00', 0x0, &(0x7f0000001940)=ANY=[], 0x1, 0xc25, &(0x7f0000002580)="$eJzs3V9oXNl9B/DfmStZY22aaLOJN2mz6UBKYpTa+F9sBZcgZxW1AccbIit0n6LRHzvDyiMjyY03bYPakhb6ErovpS9FNF1ayEPpQ7ePVZotJJRCCXlIHwqCJss+9EEPgdKWjcK9c0Ya2fJau15ZsvfzMePvnTu/OzrnntGdO6AzNwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAiM9+7tKp0+mgWwEAPExXJr506myKgYNuBwDw8Fz1+R8AAAAAAAAAAAAAAA67FEUcixSDr2ykqep+R/1yq33r9uTY+O6bHU2RohZFVV/e6qfPnD33qfMXRrr55tu/0z4cz01cvdR4duHGzcW5paW52cZkuzWzMDu352d40O3vNFztgMaNF27NXru21Dhz8uyOh28PvTbwxLGhixdOnB/p1k6OjY9P9NT09b/tn36Xe83wOBJFNCPFG0Ovp2ZE1OLB98V9Xjv77WjVieGqE5Nj41VH5lvN9nL5YKrlqlpEo2ej0e4+eghj8UBGI1bK5pcNHi67N3Gzudicnp9rfLG5uNxabi20U63T2rI/jajFSIpYjYj1XSb59kcRH40UL53aSNMRUXT3wyericH3b09tH/q4B2U7G/0Rq7VHYMwOsYEo4kqk+Nmrx2Om3Gf5Fh+P+EKZr0S8XOZnIlL5wjgX8VOTxR8bfVHEv0WKhbSRZqvjQfe4cvnLjc+3ry301HaPK4/8+8PDdMiPTfUoYro64m+kt3+yAwAAAAAAAAAAAAAAAMA77WgU8e1I8UfP/E41rziqeenvuzjynud/s3fO+NP3eZ6y9mRErNT2Nie3P08dTrXy3z50jD2pRxHfyPP//uCgGwMAAAAAAAAAAAAAAAAAAPCuVsTzkeIrJ46n1aiu/XskqmuKt9rXG1eb0/Odq8J2r/3bvWb65ubmZiN1cjTnVM6VnKs513Ku54xa3j7naM6pnCs5V3Ou5VzPGUXePudozqmcKzlXc67lXM8ZfXn7nKM5p3Ku5FzNuZZzPWcckmv3AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8TmpRxM8jxbe+tpEiRcRoxFR0cm3goFsHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJTqqYiTkWLt+Xp1f7UWcTUifr65udm9RcRGmQ/qoPsKAAAAAAAAAAAAAAAAAAAAh1Yq4mOR4qn/20iNiLg99NrAE8eGLl44cX6kiCJSWdJb/9zE1UuNZxdu3FycW1qam21MtlszC7Nze/1x9cut9q3bk2Pj+9KZ+zq6z+0/Wn924eaLi63rX13e9fHB+qXppeXF5szuD8fRqEVM9a4Zrho8OTZeNXq+1WxXm6baPRpYixjda2cAAAAAAAAAAAAAAAAAAAA4NAZTEZ+LFD/5z3OpO2+8rzPn/5c694qt2pd/b/u7AObvyK7e7w/Yy3Laa0OHq4n3jcmx8fGJntV9/XeXlm1KqYinI8UnXvpQNR8+xeCuc+PLuveWdTfO5bqhXynrVnZU1Ycnx8YbVxbaJy7Nzy/MNJeb0/NzjYmbzZn8xQEre+0GAAAAAAAAAAAAAAAAAAAA7GYwFfGjSPHff/vvqXvd+Tz/v69zr2f+/29UU+gr9bQzt1Rz+99bze3vLL/v4sjgR5+51/r9mP9ftimlIr4ZKc7+6EPV9fS78/+n7qgt6/4kUrz+zEdyXe1IWdfsdqfzjNda83Onytq/jBS/+ka3Nqra67n2qe3a02Xt0Ujx5xs7a7+aaz+wXXumrD0eKb73X7vXfnC79mxZ+5NI8Y9/0+jWDpa1v5trj23XnpxZmJ+9324tx/87keKvr/xW6vb5nuPf8/0PK3fklrvG/M2X36nxH+pZt5LH9Y/z+DfvM/7nI8V36h/JdZ19P50ff7L6f3v8PxEp/uNfd9Zey7Xv3649vdduHbRy/L8dKb77Fz/e6nMe//74+/+N7RHfOf6/3Lczt14lBzT+T/asG8rtmnnru+NdZ+nFr7/QnJ+fW7RgwYKFrYWDPjLxMJTv/38aKf7/WJG65zH5/f89nXvb53//843t9/+Ld+SWA3r/f3/Puov5rKW/L6K+fONm/9MR9aUXv36idaN5fe76XPvM6VOf/vT506dOn+8/0j25217a8757HJTj/4NI8cO/++HW55it87/K7uf/g3fklgMa/6d6+7TjvGbPu+JdqRz/v4oUT372x1ufN3eO/87z/+7n/+Mf25lbv38HNP4f6Fk3lNvVeov7AgAAAAAAAAAA4FEymIr4s0jx23/466k7h2gvf/83e0duOaC//zrWs272Ic1r2PNOBgA4RMrzvw9Gin/a/P7WXO6d53/xa93a3vO/ezkM1/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBHXYoifj9SDL6ykdYGyvsd9cut9q3bk2Pju292NEWKWhRVfXmrnz5z9tynzl8Y6eabb/9O+3A8N3H1UuPZhRs3F+eWluZmG5Pt1szC7Nyen+FBt7/TcLUDGjdeuDV77dpS48zJszsevj302sATx4YuXjhxfqRTO9CYHBsfn+ip6et/2z/9Luke649EEd+PFG8MvZ6+OxBRiwffF/d57ey3o1UnhqtOTI6NVx2ZbzXby+WDqZarahGNno1Gu/soj9t+jsUDGY1YKZtfNni47N7EzeZic3p+rvHF5uJya7m10E61TmvL/jSiFiMpYjUi1gfufrr+KOKbkeKlUxvpnwciiu5++OSViS+dOnv/9tT2oY97ULaz0R+xWnsExuwQG4gi/iFS/OzV4/G9gYi+6Nzi4xFfKPOViJfL/ExEKl8Y5yJ+usvriEdTXxRxLlIspI306kB5POgeVy5/ufH59rWFntruceWRf394mA75sakeRfygOuJvpH/xew0AAAAAAAAAAAAAAABwiBSxGim+cuJ4quYHb80pbrWvN642p+c70/q6c/+6c6Y3Nzc3G6mTozmncq7kXM25lnM9Z9Ty9jlHc07lXMm5mnMt53rOKPL2OUdzTuVcybmacy3nes7oy9vnHM05lXMl52rOtZzrOeOQzN0DAAAAAAAAAAAAAAAAAAAeL7Uoqqu4f+trG2lzoHN96ano5JrrgT72fhEAAP//gMd2Mw==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0xc0086c43, &(0x7f00000002c0)=0x700)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0xc0086c43, &(0x7f0000000f40)=0x6ff)

1.007343981s ago: executing program 5 (id=845):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4)
setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000000)=0x8, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x24000800, &(0x7f00000002c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
recvmmsg(r0, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001fc0)=""/148, 0x94}, 0x2}], 0x1, 0x40002001, 0x0)

833.100176ms ago: executing program 4 (id=846):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000c00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000980)={0x30, r2, 0x1, 0x4, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SCAN_FREQUENCIES={0x14, 0x2c, 0x0, 0x1, [{0x8, 0x0, 0x39d}, {0x8, 0x0, 0x39d}]}]}, 0x30}}, 0x0)

832.167953ms ago: executing program 6 (id=847):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
syz_usb_disconnect(r0)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000040)=ANY=[], 0x0)
io_uring_setup(0x1de0, &(0x7f00000000c0)={0x0, 0x45d6})
ioctl$EVIOCRMFF(r0, 0x40085507, &(0x7f00000000c0)=0x18)

711.121731ms ago: executing program 4 (id=848):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x480, &(0x7f0000000000), 0x1, 0x786, &(0x7f0000000f80)="$eJzs3c9rHGUfAPDvbLNJ37Tv27zwwms9BQQNlG5Mja2Ch4oHESwU9Gy7bLahZpMt2U1pQkCLCF4EFQ+CXnq2Wm9e/XHVP8C7B2mpmhYjHiQym9102+ymmzSbbdnPByZ5npnZfOc7z8w8T3aG3QD61mj6IxNxOCI+SCIO1ecnEZGtlQYiTq6vt7qyXEinJNbWXvstqa1ze2W5EE2vSR2oVx6LiO/ejTiS2Ry3srg0ky+VivP1+nh19sJ4ZXHp6PnZ/HRxujh3fGJy8tiJZ08c371c//hx6eCND19+6suTf73z/2vvf5/EyThYX9acx24ZjdH6Psmmu/AuL8Vbux2up5JebwA7kp6a+9bP8jicpOWBXm8SANBl6Sh0DQDoM4n+HwD6TON9gNsry4XG1Nt3JPbWzRcjYv96/o37m+tLBur37PbX7oMO307uujOSRMTILsQfjYjPvn7jajpFl+5DArTy9uWIODsyuvn6n2x6ZmG7nu5gndF76hvxf8o+YHTgfr5Jxz/PtRr/ZTbGP9Fi/DPU4tzdibbn/4bM9V0I01Y6/nuh6dm21ab860b21Wv/ro35ssm586Viem37T0SMRXYorU9sEWPs1t+32i1rHv/9/tGbn6fx09931shcHxi6+zVT+Wr+QXJudvNyxOMDrfJPNto/aTP+Pd1hjFeef+/TdsvS/NN8G9Pm/Ltr7UrEky3b/84TbcmWzyeO1w6H8cZB0cJXP38y3C5+c/un0+rK8loScXX3M20tbf/hrfMfSZqf16xsP8YPVw59225Zi/wLjf+F1rU+/geT12vlwfq8S/lqdX4iYjB5dfP8Y3de26g31k/zH3ui9fm/1fGfjk7Odpj/wI1fv9h5/t2V5j+1rfbffuHa6sy+dvE7a//JWmmsPqeT61+nG/gg+w4AAAAAAAAAAAAAAAAAAAAAAAAAOpWJiIORZHIb5Uwml1v/Du//xXCmVK5Uj5wrL8xNRe27skcim2l81OWhps9Dnah/Hn6jfuye+jMR8d+I+HjoX7V6rlAuTfU6eQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACoO9Dm+/9Tvwz1eusAgK7Z3+sNAAD2nP4fAPqP/h8A+o/+HwD6j/4fAPqP/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAuO33qVDqt/bmyXEjrUxcXF2bKF49OFSszudmFQq5Qnr+Qmy6Xp0vFXKE8e7+/VyqXL0zG3MKl8WqxUh2vLC6dmS0vzFXPnJ/NTxfPFLN7khUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbE9lcWkmXyoV5xUegcJAvdUelu3ZUSHTSGKvgg52K4uHYGd2r9DDixIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAI+SfAAAA///WoyFe")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
write$FUSE_WRITE(r0, &(0x7f00000000c0)={0x18}, 0xfffffdef)
openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4242, 0x5c)
open(&(0x7f00000001c0)='./file1\x00', 0x14927e, 0x20)

680.514157ms ago: executing program 5 (id=849):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000200)={0x2020}, 0x2020)
mount(&(0x7f0000000300), &(0x7f0000000080)='.\x00', &(0x7f0000000040)='binder\x00', 0x2200892, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r1, &(0x7f0000006b40)={0x2020}, 0x206e)

635.860944ms ago: executing program 2 (id=850):
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000002e80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000380)='mm_khugepaged_scan_pmd\x00', r1}, 0x18)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)

532.246424ms ago: executing program 5 (id=851):
unshare(0x6020400)
r0 = timerfd_create(0x0, 0x0)
timerfd_settime(r0, 0x3, &(0x7f0000000100)={{}, {0x0, 0x3938700}}, 0x0)
clock_adjtime(0x0, &(0x7f0000000000)={0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x3b9ac9ff, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff8})
timerfd_settime(r0, 0x3, &(0x7f0000000000)={{0x77359400}, {0x77359400}}, 0x0)

458.450852ms ago: executing program 5 (id=852):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000240))
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000240)=@x86={0x0, 0xe, 0x3, 0x0, 0x1, 0x4, 0xee, 0x5e, 0x3, 0x4, 0x2, 0x0, 0x0, 0x72, 0x7, 0x7, 0x4, 0x5, 0x1, '\x00', 0x5, 0x7})

389.854218ms ago: executing program 2 (id=853):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x0, &(0x7f0000000140), 0x3, 0x4cd, &(0x7f0000000c80)="$eJzs3M9vFGUfAPDvbHdpgZfXioiCKAU0Nia2UFA4eMHExIMmRjzIsWkrQRYwtAchREpi8Ezi3Xg03jTxqkfjyT8ADx5MDAkxXABPa2Z3pt3ur+7CtqXs55Ns+zwzz8zzPDPzzD77PDsbwMAaS/8kEf+LiFsR8VQtujLBWO3f/btXZx7cvToTi5XKqX+Sarp7aTyTb7c9i4wXIgpfJg07rJm/fOXcdLk8dymLTy6c/2xy/vKV18+enz4zd2buwtSJE8eOHjn+5tQbvVeqRX5pve7t/eLivj3vnr75/kwxXz6S/a+vR1vF3oox1mHdK73t6rG3oy6cNB+na+taGLo2kl3WpbT9Xy0fPL3RBQLWTaVSqQy3X71YaXS9aQmwaSWx0SUANkb+Rp9+/s1f69T1eCzcOVn7AJTW+372qq0pRiFLU2r4fNtPYxHx8eK/36Sv6DQO8ecaFQAAGDi/nMx7go39v0Lsrkv3/2wOZTQino6InRHxTETsiohnI6ppn4uI5xszSCIqHfLf1RBfzv/HbBahcPuRK9lB2v97K5vbWtn/y3t/MTqUxXZE5B3mucPZMRmP0vAnZ8tzR9rsf8sq+df3/9JXmn/eF8zKcbvYMEA3O70w/XC1bXbnesTeYmP9k2J64vJpnCQi9kTE3h72O1oXPvvad/uWIqWV6Vavf1WlxZRez/NxrVS+jXi1dv4XY8X5X84x6Tw/OTkS5bnDk+lVcLhlHr/9fuODdvmvWv+f/mrc5J3jP5961GovSc//trrrP/L52+X6jyYRydJ87XxEZai3PG788VV1v2OHmtc97PW/JfmoGs7b1+fTCwuXjkRsSd5rXj61vG0ez9On9R8/1Lr978y2SY/ECxGRXsQvRsRLEbE/K/uBiDgYES2qtuTXt1/+tN26Lq//NZPWf7bl/W/F+V+er+8ykG+cLhk6d+DWgzY3j+7O/7FqaDxb0vr+l6y4RXRb0kc7egAAALA5FKL63f/CxFK4UJiYqI0B7YpthfLF+YX9EXFhtvaMwGiUCvlIV208uJTk45+jdfGphvjRbNz466Gt1fjEzMXy7EZXHgbc9mqbT5raf+rvHsd5gU2oD/NowCa1WvvffXOdCgKsO+//MLjq2v9imySLvikDTybv/zC4WrX/a/F9x2cX3DNg86toyzDQtH8YXMX4cClcfey55dO2wJPI+z8MpF6f6+8tUBluvWokWvxiwMjaFGNri7w2JJD2rPq4w1JEdJd468NkkXcB2//CQ6G3HQ5H86qh6LRV0sPvOOSB9KismvjM7r5f/PlvovT7svlhuZ2WujzdfQpsyO0IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg7/4LAAD///QJ1ng=")
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000004c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b)
fdatasync(r0)

319.818532ms ago: executing program 4 (id=854):
r0 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfad6}, &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r3 = socket$rds(0x15, 0x5, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x44, 0x0, r3, 0x0, 0x0})
io_uring_enter(r0, 0xdb4, 0x0, 0x0, 0x0, 0x0)

241.398265ms ago: executing program 5 (id=855):
prlimit64(0x0, 0xe, 0x0, 0x0)
syz_mount_image$ocfs2(&(0x7f0000000140), &(0x7f0000000040)='./file1\x00', 0x8008c4, &(0x7f0000000080)=ANY=[@ANYBLOB='acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noacl,\x00'/119, @ANYRES32], 0x1, 0x4436, &(0x7f0000004480)="$eJzs3c9rm+cdAPDnfe0sdpZkdpZDBoMJFtjYhrFz2ubAHMeJYyeeR9aE0osi20riVraCLZcecnBvgZ4KPZQeQguFUnwKPvSa/gm99JieA+2hl0Ih1EXSK1vvawmrxrKb8PlA9Oh9fitfvY8eHeQnTlTuL67mFldzheVcef7u6oXc2+XS2lIxxIfkqMenM92Ik9gfndnLV/9/+0IIXy58/Xxra2srVPWGlkaanv/w/cP55rQhzrSp9tu6t4PyRgjh7K55VfWEEF7/IoQohHApyRtP0v4QwulQL7v98L07uQOazZNnxYv5FzOPNkfPT2883mz/2qMQPir94R/3lr79c8/oN387oOEBAAAAAAAAAAAAAAAAAHjJTd6cvfW/4ZHwNAq9G9Hu3+tOJmmL38fOfl5Ptw7Gnw7j5QIAAAAAAAAAAAAAAAAAAMCv0s7v/3PRmRa//59I0rE27bf+0/050j1T/52duDI8kpz/Hu0q/2eS9d2lnjDY4tz37PnvlzLtW5//vnuc/WrMrzHuQIjiodR1HA8NhfBJcvD7uehEXCqvVv5+t7y2vHBg03hppeNfP70/FZ3kQP9O4z+e6b/75///fte7qXp95+DeYq+0dPx72tb79N2oo/hfzrQ7jPizf+n499by+psrjNUXgGr83+/dO/4Tmf67Ff/TIYRcVJ1rLrUCVPcw1fx2+xXS0vE/VstLLZ3Jf2S7+//HTPyvZPo/qvV/PftBREvp+P+mlteXqrFz/w/Ge93/feHq9vP6G+co4l+d/7rP/46k43+8ntnb9JgsB52u/5OZ/rsV/1txMsPTUeodsBHV81v8vTpaSMe/b1f5zve/uKP937VM+8P6/tcYt/H9r7H8/zWqf/+jtXT8+9vW6/T+n8q06/b6P1bb/7Ff6fifqOWl984DtcdO4z+d6b9b8a/tSvoa8d9ZT346Xs//2P6vI+n4/7aeGTfXWK891vZ/0d77/+uZ/o9i/1ed/3rc3VFfFen4n2xb77PFKHzVwef/jUy7ar/HujP1bcP2+vuWjv+ptvVq93/f3vGfybTr9v3/l252DgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPASGE/SgRDFQ6nrOB4aCuFycn0unIjmCgv5uVJ5/q3VECaS/Fw4E90rlecKpfzicnmhmC+USuX5EK4k5WdDX7RaKlfyS4UHV7f76o/uFwsrlblioRJCmEzy/xhONfqaW6wsFR6EEK5tl/0uLq88uF9Yzi8srvx7eHh4OExtz2EwKr5TKS5X6qPXS0OY3m47EDVNrlZ8fXsuJ6M3y2sry4VSLf9GU5tSeb5Qamozk5R9EAajysra8nyhUsyXyvca4x2lsSSdmLr52s0bI7vK70T1dPxwpwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAL/R09F8fhhB661dxCCEXJU+i5F/Kk2fFi/kXM482R89PbzzefN6qDgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8zA4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV26RilgSAKA/CbAdHSY1gtu53tiiJauCJ4Aj2Gh9GjeAnvYJEibYoQSGYh7E6xTVJ9X/Ngfmbeg3kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMByj2/D+2vbRaS42l5G/H7+/R/nz6V+31UuX5xnRk7n6WW4f2i78u9plt+Wo1Wf9+lm/fURlTr6mezJdJ8O5n2mqvtWMc439r2OlJuI6Et+k3JummVvAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADs2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3jqJvAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4FcAAAD//6KfHYs=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x109142, 0x4b)
writev(r0, &(0x7f0000000100)=[{&(0x7f0000000940)="6a9d", 0x2}], 0x1)
truncate(&(0x7f0000000900)='./file1\x00', 0xe00)

98.741196ms ago: executing program 4 (id=856):
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0a0000000100a80cc97bcf8e9c36000000000000434a4bb8a6916468be14aec83e3b400115ed60e3e9d0d91ce663ef1ec7bf9afbd78a4de0c76a8a9a023a2a5669936d9cf54fdb225afe484ea654868ce1245bde14c1b2a46bea14c4accdcf7ea9"], 0x50)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x282, 0x0)
mmap(&(0x7f0000463000/0x3000)=nil, 0x3000, 0x2000007, 0x38011, r1, 0x3000)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})

0s ago: executing program 6 (id=857):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f00000007c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000800)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000006c0)={0x2c, r2, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x10001}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8040}, 0x40)

kernel console output (not intermixed with test programs):

g 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  124.470013][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  124.501689][   T43] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  124.518408][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  124.602775][   T43] usb 4-1: config 0 descriptor??
[  124.645196][   T43] hub 4-1:0.0: USB hub found
[  124.788378][ T7219] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  124.806019][ T7219] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  124.817192][   T43] hub 4-1:0.0: 1 port detected
[  124.829236][ T7219] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  124.849837][ T7219] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  124.923409][ T7413] loop4: detected capacity change from 0 to 128
[  124.953085][ T7413] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  124.999287][ T7413] ext4 filesystem being mounted at /88/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  125.064507][ T7219] 8021q: adding VLAN 0 to HW filter on device bond0
[  125.078062][ T7413] syz.4.356 (pid 7413) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  125.084445][ T7219] 8021q: adding VLAN 0 to HW filter on device team0
[  125.123677][   T44] bridge0: port 1(bridge_slave_0) entered blocking state
[  125.131008][   T44] bridge0: port 1(bridge_slave_0) entered forwarding state
[  125.151558][ T5856] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  125.170387][   T44] bridge0: port 2(bridge_slave_1) entered blocking state
[  125.177762][   T44] bridge0: port 2(bridge_slave_1) entered forwarding state
[  125.228009][   T43] usb 4-1: USB disconnect, device number 6
[  125.569359][ T7219] 8021q: adding VLAN 0 to HW filter on device batadv0
[  125.649576][ T7411] loop5: detected capacity change from 0 to 40427
[  125.678128][ T7411] F2FS-fs (loop5): build fault injection rate: 771
[  125.706677][ T7411] F2FS-fs (loop5): invalid crc value
[  125.875588][ T7411] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  125.924703][ T7411] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  126.012811][   T51] Bluetooth: hci2: command tx timeout
[  126.041147][ T6379] syz-executor: attempt to access beyond end of device
[  126.041147][ T6379] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  126.075589][   T43] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  126.086916][ T6379] CPU: 0 UID: 0 PID: 6379 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  126.086945][ T6379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  126.086957][ T6379] Call Trace:
[  126.086965][ T6379]  <TASK>
[  126.086973][ T6379]  dump_stack_lvl+0x189/0x250
[  126.087004][ T6379]  ? __pfx_dump_stack_lvl+0x10/0x10
[  126.087028][ T6379]  ? __pfx_queue_work_on+0x10/0x10
[  126.087047][ T6379]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  126.087068][ T6379]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  126.087095][ T6379]  f2fs_handle_critical_error+0x37c/0x540
[  126.087126][ T6379]  f2fs_write_end_io+0x886/0xb60
[  126.087153][ T6379]  __submit_merged_bio+0x27a/0x6a0
[  126.087182][ T6379]  __submit_merged_write_cond+0x255/0x530
[  126.087210][ T6379]  f2fs_write_data_pages+0x261d/0x3000
[  126.087237][ T6379]  ? arch_stack_walk+0xfc/0x150
[  126.087277][ T6379]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  126.087304][ T6379]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  126.087329][ T6379]  ? rcu_is_watching+0x15/0xb0
[  126.087365][ T6379]  ? folios_put_refs+0x559/0x640
[  126.087393][ T6379]  ? __pfx_folios_put_refs+0x10/0x10
[  126.087412][ T6379]  ? rcu_is_watching+0x15/0xb0
[  126.087430][ T6379]  ? lru_add+0xa2f/0xd80
[  126.087449][ T6379]  ? lru_add+0x198/0xd80
[  126.087469][ T6379]  ? do_raw_spin_lock+0x121/0x290
[  126.087497][ T6379]  ? do_raw_spin_unlock+0x122/0x240
[  126.087520][ T6379]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  126.087550][ T6379]  do_writepages+0x32b/0x550
[  126.087576][ T6379]  ? rcu_is_watching+0x15/0xb0
[  126.087598][ T6379]  ? do_raw_spin_unlock+0x122/0x240
[  126.087623][ T6379]  filemap_fdatawrite+0x199/0x240
[  126.087648][ T6379]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  126.087692][ T6379]  ? rcu_is_watching+0x15/0xb0
[  126.087714][ T6379]  ? do_raw_spin_unlock+0x122/0x240
[  126.087739][ T6379]  f2fs_sync_dirty_inodes+0x31f/0x830
[  126.087781][ T6379]  f2fs_write_checkpoint+0x93e/0x2440
[  126.087802][ T6379]  ? stack_depot_save_flags+0x40/0x860
[  126.087843][ T6379]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  126.087882][ T6379]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  126.087919][ T6379]  ? kfree+0x18e/0x440
[  126.087947][ T6379]  kill_f2fs_super+0x2cc/0x6d0
[  126.087971][ T6379]  ? __pfx_kill_f2fs_super+0x10/0x10
[  126.087998][ T6379]  ? shrinker_free+0x2ce/0x3e0
[  126.088020][ T6379]  deactivate_locked_super+0xb9/0x130
[  126.088044][ T6379]  cleanup_mnt+0x425/0x4c0
[  126.088064][ T6379]  task_work_run+0x1d1/0x260
[  126.088089][ T6379]  ? __pfx_task_work_run+0x10/0x10
[  126.088110][ T6379]  ? __x64_sys_umount+0x122/0x160
[  126.088130][ T6379]  ? __pfx___x64_sys_umount+0x10/0x10
[  126.088154][ T6379]  ? rcu_is_watching+0x15/0xb0
[  126.088174][ T6379]  exit_to_user_mode_loop+0xec/0x130
[  126.088200][ T6379]  do_syscall_64+0x2bd/0x3b0
[  126.088225][ T6379]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  126.088244][ T6379]  ? clear_bhb_loop+0x60/0xb0
[  126.088266][ T6379]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  126.088285][ T6379] RIP: 0033:0x7f975158ff17
[  126.088302][ T6379] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  126.088319][ T6379] RSP: 002b:00007ffd19740158 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  126.088342][ T6379] RAX: 0000000000000000 RBX: 00007f9751611c05 RCX: 00007f975158ff17
[  126.088356][ T6379] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd19740210
[  126.088368][ T6379] RBP: 00007ffd19740210 R08: 0000000000000000 R09: 0000000000000000
[  126.088379][ T6379] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd197412a0
[  126.088392][ T6379] R13: 00007f9751611c05 R14: 000000000001ebfd R15: 00007ffd197412e0
[  126.088500][ T6379]  </TASK>
[  126.088516][ T6379] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  126.170252][ T7219] veth0_vlan: entered promiscuous mode
[  126.486263][ T7219] veth1_vlan: entered promiscuous mode
[  126.552106][   T43] usb 4-1: Using ep0 maxpacket: 32
[  126.559093][   T43] usb 4-1: config 0 interface 0 has no altsetting 0
[  126.569245][   T43] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  126.592182][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  126.593739][ T7219] veth0_macvtap: entered promiscuous mode
[  126.600244][   T43] usb 4-1: Product: syz
[  126.600263][   T43] usb 4-1: Manufacturer: syz
[  126.600276][   T43] usb 4-1: SerialNumber: syz
[  126.646863][   T43] usb 4-1: config 0 descriptor??
[  126.689046][ T7219] veth1_macvtap: entered promiscuous mode
[  126.716421][ T7481] loop4: detected capacity change from 0 to 512
[  126.788194][ T7483] Bluetooth: MGMT ver 1.23
[  126.798756][ T7481] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -117
[  126.798806][ T7219] batman_adv: batadv0: Interface activated: batadv_slave_0
[  126.819299][ T7219] batman_adv: batadv0: Interface activated: batadv_slave_1
[  126.869324][ T7481] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #13: comm syz.4.371: invalid indirect mapped block 256 (level 1)
[  126.889584][ T3007] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  126.920713][ T7481] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #13: comm syz.4.371: invalid indirect mapped block 2683928664 (level 1)
[  126.964878][ T3007] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  126.977184][ T7481] EXT4-fs (loop4): 1 truncate cleaned up
[  127.003407][ T7481] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  127.023789][ T3007] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  127.040129][ T3007] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  127.080977][   T30] audit: type=1326 audit(1755642016.029:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7480 comm="syz.4.371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8de8d8ebe9 code=0x7ffc0000
[  127.136567][ T5856] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  127.147137][   T43] gs_usb 4-1:0.0: Configuring for 1 interfaces
[  127.156189][   T30] audit: type=1326 audit(1755642016.029:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7480 comm="syz.4.371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=30 compat=0 ip=0x7f8de8d8ebe9 code=0x7ffc0000
[  127.188254][ T5231] udevd[5231]: worker [5875] terminated by signal 33 (Unknown signal 33)
[  127.208242][ T5231] udevd[5231]: worker [5875] failed while handling '/devices/virtual/mac80211_hwsim/hwsim16'
[  127.218928][   T30] audit: type=1326 audit(1755642016.029:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7480 comm="syz.4.371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8de8d8ebe9 code=0x7ffc0000
[  127.241897][    C1] vkms_vblank_simulate: vblank timer overrun
[  127.248396][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.256536][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.326984][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.345727][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.456348][ T7489] loop5: detected capacity change from 0 to 32768
[  127.498762][ T7489] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  127.559055][ T7489] XFS (loop5): Ending clean mount
[  127.598918][ T7513] netlink: 72 bytes leftover after parsing attributes in process `syz.4.378'.
[  127.679457][ T6379] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  127.796331][   T43] usb 4-1: USB disconnect, device number 7
[  127.842325][ T7519] loop4: detected capacity change from 0 to 128
[  128.098961][   T51] Bluetooth: hci2: command tx timeout
[  128.445897][ T7550] loop5: detected capacity change from 0 to 4096
[  128.451391][ T7555] loop3: detected capacity change from 0 to 128
[  128.509609][ T7559] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  128.510949][ T7555] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  128.632173][   T30] audit: type=1326 audit(1755642017.589:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7562 comm="syz.2.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff0af8ebe9 code=0x7ffc0000
[  128.654683][ T7555] ext4 filesystem being mounted at /65/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  128.761641][   T30] audit: type=1326 audit(1755642017.629:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7562 comm="syz.2.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff0af8ebe9 code=0x7ffc0000
[  128.832175][   T30] audit: type=1326 audit(1755642017.629:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7562 comm="syz.2.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff0af8ebe9 code=0x7ffc0000
[  128.891259][ T7568] loop2: detected capacity change from 0 to 1024
[  128.904789][ T7542] loop6: detected capacity change from 0 to 32768
[  128.917102][ T7542] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.390 (7542)
[  128.925445][ T5867] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  128.935985][ T7568] hfsplus: failed to load root directory
[  128.956243][   T30] audit: type=1326 audit(1755642017.639:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7562 comm="syz.2.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7eff0af8ebe9 code=0x7ffc0000
[  128.960985][ T7542] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  129.012219][ T7542] BTRFS info (device loop6): using crc32c (crc32c-lib) checksum algorithm
[  129.031561][ T7544] loop4: detected capacity change from 0 to 32768
[  129.045103][   T30] audit: type=1326 audit(1755642017.639:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7562 comm="syz.2.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff0af8ebe9 code=0x7ffc0000
[  129.092541][ T7544] XFS: ikeep mount option is deprecated.
[  129.178517][   T30] audit: type=1326 audit(1755642017.639:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7562 comm="syz.2.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff0af8ebe9 code=0x7ffc0000
[  129.201252][   T30] audit: type=1326 audit(1755642017.639:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7562 comm="syz.2.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff0af8ebe9 code=0x7ffc0000
[  129.268939][ T7544] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  129.335378][ T7542] BTRFS info (device loop6): rebuilding free space tree
[  129.351103][ T7544] XFS (loop4): Ending clean mount
[  129.368933][ T7542] BTRFS info (device loop6): allowing degraded mounts
[  129.376534][ T7542] BTRFS info (device loop6): enabling ssd optimizations
[  129.383866][ T7542] BTRFS info (device loop6): enabling free space tree
[  129.390814][ T7542] BTRFS info (device loop6): force clearing of disk cache
[  129.398443][ T7542] BTRFS info (device loop6): use zstd compression, level 3
[  129.406297][ T7542] BTRFS info (device loop6): max_inline set to 0
[  129.419419][ T7544] XFS (loop4): Quotacheck needed: Please wait.
[  129.477702][ T7544] XFS (loop4): Quotacheck: Done.
[  129.492945][   T10] usb 3-1: new full-speed USB device number 5 using dummy_hcd
[  129.632425][ T5856] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  129.666820][ T7219] BTRFS info (device loop6): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  129.702344][   T10] usb 3-1: config 0 has an invalid interface number: 31 but max is 0
[  129.725249][   T10] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  129.727348][ T7571] loop5: detected capacity change from 0 to 32768
[  129.748857][ T7608] loop3: detected capacity change from 0 to 4096
[  129.800570][   T10] usb 3-1: config 0 has no interface number 0
[  129.810680][ T7571] 
[  129.810680][ T7571]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  129.810680][ T7571] 
[  129.822095][   T10] usb 3-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  129.832506][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  129.847985][   T10] usb 3-1: Product: syz
[  129.883760][   T10] usb 3-1: Manufacturer: syz
[  129.893058][   T10] usb 3-1: SerialNumber: syz
[  129.914000][ T7571] find_entry called with index = 0
[  129.921109][   T10] usb 3-1: config 0 descriptor??
[  129.951178][ T7571] read_mapping_page failed!
[  129.957008][   T10] hub 3-1:0.31: bad descriptor, ignoring hub
[  129.978802][ T7571] ERROR: (device loop5): txCommit: 
[  129.978802][ T7571] 
[  129.980536][   T10] hub 3-1:0.31: probe with driver hub failed with error -5
[  130.024730][ T7571] ERROR: (device loop5): remounting filesystem as read-only
[  130.033610][   T10] usb 3-1: Found UVC 0.04 device syz (046d:08c3)
[  130.054872][   T10] uvcvideo 3-1:0.31: Entity type for entity Output 6 was not initialized!
[  130.073920][   T10] usb 3-1: Failed to create links for entity 6
[  130.085831][ T7618] read_mapping_page failed!
[  130.093351][   T10] usb 3-1: Failed to register entities (-22).
[  130.104922][ T7618] ERROR: (device loop5): txCommit: 
[  130.104922][ T7618] 
[  130.365772][   T10] usb 3-1: USB disconnect, device number 5
[  131.482430][ T7663] netlink: 12 bytes leftover after parsing attributes in process `syz.5.420'.
[  131.572132][ T7651] loop4: detected capacity change from 0 to 131072
[  131.590003][ T7651] F2FS-fs (loop4): Test dummy encryption mode enabled
[  131.610200][ T7651] F2FS-fs (loop4): invalid crc value
[  131.670132][ T7651] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  131.680677][ T7651] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  131.787750][ T7651] F2FS-fs (loop4): access invalid blkaddr:1281
[  131.795196][ T7651] CPU: 0 UID: 0 PID: 7651 Comm: syz.4.414 Not tainted syzkaller #0 PREEMPT(full) 
[  131.795224][ T7651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  131.795237][ T7651] Call Trace:
[  131.795245][ T7651]  <TASK>
[  131.795253][ T7651]  dump_stack_lvl+0x189/0x250
[  131.795285][ T7651]  ? __pfx_dump_stack_lvl+0x10/0x10
[  131.795310][ T7651]  ? __pfx_f2fs_get_dnode_of_data+0x10/0x10
[  131.795336][ T7651]  ? __pfx_f2fs_lookup_read_extent_cache_block+0x10/0x10
[  131.795371][ T7651]  __f2fs_is_valid_blkaddr+0xe52/0x14f0
[  131.795405][ T7651]  f2fs_get_read_data_folio+0x3d2/0x7d0
[  131.795435][ T7651]  ? __pfx_f2fs_get_read_data_folio+0x10/0x10
[  131.795464][ T7651]  ? __filemap_get_folio+0x9a6/0xaf0
[  131.795484][ T7651]  ? f2fs_hash_filename+0x821/0xad0
[  131.795505][ T7651]  f2fs_find_data_folio+0x195/0x3c0
[  131.795534][ T7651]  __f2fs_find_entry+0x7a7/0xef0
[  131.795578][ T7651]  ? __pfx___f2fs_find_entry+0x10/0x10
[  131.795611][ T7651]  f2fs_lookup+0x264/0x9f0
[  131.795639][ T7651]  ? do_raw_spin_lock+0x121/0x290
[  131.795663][ T7651]  ? __pfx_f2fs_lookup+0x10/0x10
[  131.795690][ T7651]  ? rcu_is_watching+0x15/0xb0
[  131.795721][ T7651]  ? do_raw_spin_unlock+0x122/0x240
[  131.795746][ T7651]  ? _raw_spin_unlock+0x28/0x50
[  131.795765][ T7651]  ? d_alloc+0x144/0x190
[  131.795787][ T7651]  lookup_one_qstr_excl+0x131/0x360
[  131.795812][ T7651]  filename_create+0x224/0x3c0
[  131.795837][ T7651]  ? __might_fault+0xb0/0x130
[  131.795867][ T7651]  ? __pfx_filename_create+0x10/0x10
[  131.795896][ T7651]  do_mkdirat+0xa0/0x590
[  131.795922][ T7651]  ? __pfx_do_mkdirat+0x10/0x10
[  131.795949][ T7651]  ? getname_flags+0x1e5/0x540
[  131.795969][ T7651]  __x64_sys_mkdirat+0x87/0xa0
[  131.795995][ T7651]  do_syscall_64+0xfa/0x3b0
[  131.796020][ T7651]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  131.796040][ T7651]  ? clear_bhb_loop+0x60/0xb0
[  131.796061][ T7651]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  131.796079][ T7651] RIP: 0033:0x7f8de8d8d457
[  131.796098][ T7651] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  131.796117][ T7651] RSP: 002b:00007f8de9ba4e68 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[  131.796141][ T7651] RAX: ffffffffffffffda RBX: 00007f8de9ba4ef0 RCX: 00007f8de8d8d457
[  131.796156][ T7651] RDX: 00000000000001ff RSI: 0000200000000040 RDI: 00000000ffffff9c
[  131.796170][ T7651] RBP: 00002000000002c0 R08: 00002000000000c0 R09: 0000000000000000
[  131.796185][ T7651] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000200000000040
[  131.796199][ T7651] R13: 00007f8de9ba4eb0 R14: 0000000000000000 R15: 0000000000000000
[  131.796220][ T7651]  </TASK>
[  132.066348][ T7651] F2FS-fs (loop4): access invalid blkaddr:1281
[  132.075352][ T7651] CPU: 0 UID: 0 PID: 7651 Comm: syz.4.414 Not tainted syzkaller #0 PREEMPT(full) 
[  132.075383][ T7651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  132.075395][ T7651] Call Trace:
[  132.075402][ T7651]  <TASK>
[  132.075410][ T7651]  dump_stack_lvl+0x189/0x250
[  132.075441][ T7651]  ? __pfx_dump_stack_lvl+0x10/0x10
[  132.075464][ T7651]  ? __pfx_f2fs_get_dnode_of_data+0x10/0x10
[  132.075500][ T7651]  ? __filemap_get_folio+0x79f/0xaf0
[  132.075520][ T7651]  ? __pfx_f2fs_lookup_read_extent_cache_block+0x10/0x10
[  132.075552][ T7651]  ? filemap_get_entry+0xad/0x2f0
[  132.075572][ T7651]  __f2fs_is_valid_blkaddr+0xe52/0x14f0
[  132.075605][ T7651]  f2fs_get_read_data_folio+0x3d2/0x7d0
[  132.075632][ T7651]  ? __pfx_folio_mark_accessed+0x10/0x10
[  132.075655][ T7651]  ? __pfx_f2fs_get_read_data_folio+0x10/0x10
[  132.075680][ T7651]  ? rcu_is_watching+0x15/0xb0
[  132.075701][ T7651]  ? __filemap_get_folio+0x79f/0xaf0
[  132.075721][ T7651]  ? f2fs_hash_filename+0x821/0xad0
[  132.075741][ T7651]  f2fs_find_data_folio+0x195/0x3c0
[  132.075766][ T7651]  __f2fs_find_entry+0x7a7/0xef0
[  132.075806][ T7651]  ? __pfx___f2fs_find_entry+0x10/0x10
[  132.075839][ T7651]  f2fs_lookup+0x264/0x9f0
[  132.075866][ T7651]  ? __pfx_f2fs_lookup+0x10/0x10
[  132.075891][ T7651]  ? __pfx_d_alloc_parallel+0x10/0x10
[  132.075913][ T7651]  ? __raw_spin_lock_init+0x45/0x100
[  132.075937][ T7651]  ? __init_waitqueue_head+0xa9/0x150
[  132.075962][ T7651]  __lookup_slow+0x297/0x3d0
[  132.075985][ T7651]  ? __pfx___lookup_slow+0x10/0x10
[  132.076013][ T7651]  ? down_read+0x1ad/0x2e0
[  132.076041][ T7651]  lookup_slow+0x53/0x70
[  132.076062][ T7651]  walk_component+0x2d2/0x400
[  132.076080][ T7651]  ? path_lookupat+0x156/0x430
[  132.076100][ T7651]  path_lookupat+0x163/0x430
[  132.076124][ T7651]  filename_lookup+0x212/0x570
[  132.076146][ T7651]  ? __pfx_filename_lookup+0x10/0x10
[  132.076176][ T7651]  ? strncpy_from_user+0x150/0x290
[  132.076206][ T7651]  ? getname_flags+0x1e5/0x540
[  132.076225][ T7651]  user_path_at+0x3a/0x60
[  132.076247][ T7651]  __se_sys_name_to_handle_at+0x180/0x8a0
[  132.076267][ T7651]  ? __se_sys_futex+0x36f/0x400
[  132.076293][ T7651]  ? __pfx___se_sys_name_to_handle_at+0x10/0x10
[  132.076330][ T7651]  ? rcu_is_watching+0x15/0xb0
[  132.076348][ T7651]  ? __x64_sys_name_to_handle_at+0x20/0xc0
[  132.076380][ T7651]  do_syscall_64+0xfa/0x3b0
[  132.076404][ T7651]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  132.076424][ T7651]  ? clear_bhb_loop+0x60/0xb0
[  132.076445][ T7651]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  132.076464][ T7651] RIP: 0033:0x7f8de8d8ebe9
[  132.076492][ T7651] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  132.076510][ T7651] RSP: 002b:00007f8de9ba5038 EFLAGS: 00000246 ORIG_RAX: 000000000000012f
[  132.076534][ T7651] RAX: ffffffffffffffda RBX: 00007f8de8fb5fa0 RCX: 00007f8de8d8ebe9
[  132.076550][ T7651] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  132.076565][ T7651] RBP: 00007f8de8e11e19 R08: 0000000000000000 R09: 0000000000000000
[  132.076578][ T7651] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  132.076590][ T7651] R13: 00007f8de8fb6038 R14: 00007f8de8fb5fa0 R15: 00007ffc31ef3f98
[  132.076613][ T7651]  </TASK>
[  132.829587][ T7684] loop6: detected capacity change from 0 to 32768
[  132.867596][ T7698] loop3: detected capacity change from 0 to 512
[  132.884876][ T7698] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  132.889116][ T7684] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  132.974395][ T7698] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  133.009069][ T7698] EXT4-fs (loop3): orphan cleanup on readonly fs
[  133.061061][ T7681] loop2: detected capacity change from 0 to 32768
[  133.070617][ T7684] XFS (loop6): Ending clean mount
[  133.079329][ T7681] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.426 (7681)
[  133.101265][ T7698] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #16: comm syz.3.433: corrupted inode contents
[  133.133931][ T7698] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #16: comm syz.3.433: mark_inode_dirty error
[  133.144811][ T7681] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  133.180326][ T7698] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #16: comm syz.3.433: corrupted inode contents
[  133.197440][ T7705] A link change request failed with some changes committed already. Interface veth0_virt_wifi may have been left with an inconsistent configuration, please check.
[  133.219257][ T7681] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[  133.239435][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  133.248503][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  133.249239][ T7698] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #16: comm syz.3.433: mark_inode_dirty error
[  133.302046][ T7219] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  133.336743][ T7698] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #16: comm syz.3.433: corrupted inode contents
[  133.382890][ T7698] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem
[  133.442263][ T7698] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #16: comm syz.3.433: corrupted inode contents
[  133.470360][ T7681] BTRFS info (device loop2): allowing degraded mounts
[  133.512046][ T7681] BTRFS info (device loop2): enabling ssd optimizations
[  133.519331][ T7681] BTRFS info (device loop2): enabling free space tree
[  133.562105][ T7681] BTRFS info (device loop2): force zlib compression, level 3
[  133.562619][ T7698] EXT4-fs error (device loop3): ext4_truncate:4666: inode #16: comm syz.3.433: mark_inode_dirty error
[  133.652331][ T7698] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem
[  133.703126][ T7698] EXT4-fs (loop3): 1 truncate cleaned up
[  133.742743][ T3007] __quota_error: 12 callbacks suppressed
[  133.742763][ T3007] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  133.798715][ T3007] EXT4-fs error (device loop3): ext4_release_dquot:6973: comm kworker/u8:6: Failed to release dquot type 1
[  133.857670][ T5854] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  133.863513][ T7698] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  134.073250][ T5867] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  134.090608][ T7746] binder: 7745:7746 ioctl c0306201 0 returned -14
[  134.123587][ T7746] binder: 7745:7746 ioctl 4c0a 0 returned -22
[  134.287544][ T7728] loop5: detected capacity change from 0 to 32768
[  134.344292][ T7728] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.436 (7728)
[  134.429090][ T7728] BTRFS info (device loop5): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  134.523269][ T7728] BTRFS info (device loop5): using blake2b (blake2b-256-generic) checksum algorithm
[  134.593037][ T7760] loop3: detected capacity change from 0 to 8192
[  134.625726][ T7760] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  134.696930][ T7735] loop6: detected capacity change from 0 to 40427
[  134.710337][ T7728] BTRFS info (device loop5): enabling ssd optimizations
[  134.738857][ T7786] loop2: detected capacity change from 0 to 1024
[  134.757495][ T7735] F2FS-fs (loop6): invalid crc value
[  134.765400][ T7728] BTRFS info (device loop5): enabling free space tree
[  134.803047][ T7728] BTRFS info (device loop5): use zstd compression, level 3
[  134.859489][ T7786] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  134.974262][   T30] audit: type=1800 audit(1755642023.939:39): pid=7728 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.436" name="file1" dev="loop5" ino=260 res=0 errno=0
[  135.109235][ T7735] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  135.215064][ T7735] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  135.263380][ T6379] BTRFS info (device loop5): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  135.481774][ T7815] loop2: detected capacity change from 0 to 512
[  135.492171][ T5891] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  135.537734][ T7815] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  135.563132][ T7815] EXT4-fs (loop2): orphan cleanup on readonly fs
[  135.580121][ T7815] Quota error (device loop2): v2_read_file_info: Block with free entry 1 out of range (1, 6).
[  135.658326][ T7815] EXT4-fs warning (device loop2): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  135.662125][   T24] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  135.692126][ T5891] usb 5-1: Using ep0 maxpacket: 32
[  135.699473][ T5891] usb 5-1: config 0 has an invalid interface number: 132 but max is 0
[  135.722459][ T5891] usb 5-1: config 0 has no interface number 0
[  135.729331][ T5891] usb 5-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  135.756001][ T7815] EXT4-fs (loop2): Cannot turn on quotas: error -117
[  135.786382][ T5891] usb 5-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  135.797715][ T7815] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.454: bg 0: block 40: padding at end of block bitmap is not set
[  135.817435][ T5891] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  135.853405][   T24] usb 4-1: Using ep0 maxpacket: 16
[  135.859796][ T5891] usb 5-1: Product: syz
[  135.865102][ T5891] usb 5-1: Manufacturer: syz
[  135.880566][ T7815] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  135.891754][ T5891] usb 5-1: SerialNumber: syz
[  135.902282][   T24] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=10.00
[  135.911536][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  135.923156][ T5891] usb 5-1: config 0 descriptor??
[  135.928644][ T7815] EXT4-fs (loop2): 1 truncate cleaned up
[  135.945223][   T24] usb 4-1: Product: syz
[  135.952921][ T5891] em28xx 5-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  135.966878][ T7815] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  135.992027][   T24] usb 4-1: Manufacturer: syz
[  135.996786][   T24] usb 4-1: SerialNumber: syz
[  136.002220][ T5891] em28xx 5-1:0.132: Video interface 132 found:
[  136.023147][   T24] usb 4-1: config 0 descriptor??
[  136.033639][   T24] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected
[  136.045186][ T7815] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  136.062430][   T24] usb 4-1: Detected FT-X
[  136.235963][   T24] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  136.349469][ T7816] loop5: detected capacity change from 0 to 40427
[  136.369096][ T5891] em28xx 5-1:0.132: unknown em28xx chip ID (0)
[  136.403504][ T7816] F2FS-fs (loop5): build fault injection rate: 690
[  136.448878][ T5891] em28xx 5-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[  136.468244][ T7816] F2FS-fs (loop5): invalid crc value
[  136.474263][ T5891] em28xx 5-1:0.132: board has no eeprom
[  136.551033][ T7816] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  136.560420][ T5891] em28xx 5-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  136.568484][ T5891] em28xx 5-1:0.132: analog set to bulk mode.
[  136.575332][   T43] em28xx 5-1:0.132: Registering V4L2 extension
[  136.581925][ T7816] F2FS-fs (loop5): Start checkpoint disabled!
[  136.600873][ T7816] F2FS-fs (loop5): f2fs_disable_checkpoint() finish, err:0
[  136.619604][ T5891] usb 5-1: USB disconnect, device number 4
[  136.629970][ T7816] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  136.650370][ T5891] em28xx 5-1:0.132: Disconnecting em28xx
[  136.677130][   T24] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  136.822189][   T43] em28xx 5-1:0.132: Config register raw data: 0xffffffed
[  136.834749][   T43] em28xx 5-1:0.132: AC97 chip type couldn't be determined
[  136.842987][   T43] em28xx 5-1:0.132: No AC97 audio processor
[  136.858063][   T43] usb 5-1: Decoder not found
[  136.863330][   T43] em28xx 5-1:0.132: failed to create media graph
[  136.869926][   T43] em28xx 5-1:0.132: V4L2 device video103 deregistered
[  136.892848][   T24] usb 4-1: USB disconnect, device number 8
[  136.909372][   T24] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  136.924812][   T43] em28xx 5-1:0.132: Remote control support is not available for this card.
[  136.934276][   T24] ftdi_sio 4-1:0.0: device disconnected
[  136.952246][ T5891] em28xx 5-1:0.132: Closing input extension
[  136.963847][ T5891] em28xx 5-1:0.132: Freeing device
[  137.360459][ T7869] sctp: [Deprecated]: syz.2.470 (pid 7869) Use of int in max_burst socket option deprecated.
[  137.360459][ T7869] Use struct sctp_assoc_value instead
[  137.662843][ T7862] loop4: detected capacity change from 0 to 32768
[  137.689847][ T7862] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.468 (7862)
[  137.760512][ T7862] BTRFS info (device loop4): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  137.824223][ T7862] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm
[  137.905561][ T7882] loop3: detected capacity change from 0 to 512
[  137.951869][ T7882] EXT4-fs (loop3): Test dummy encryption mode enabled
[  137.995820][ T7882] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  138.105521][ T7882] EXT4-fs error (device loop3): xattr_find_entry:333: inode #15: comm syz.3.476: corrupted xattr entries
[  138.137602][ T7862] BTRFS info (device loop4): enabling ssd optimizations
[  138.153025][ T7862] BTRFS info (device loop4): enabling free space tree
[  138.156768][ T7882] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  138.235673][ T7909] loop2: detected capacity change from 0 to 256
[  138.252394][ T7882] EXT4-fs (loop3): 1 orphan inode deleted
[  138.259613][ T7882] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  138.414560][ T5856] BTRFS info (device loop4): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  138.521341][ T5867] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  139.761366][ T7920] loop6: detected capacity change from 0 to 40427
[  139.850061][ T7920] F2FS-fs (loop6): Small segment_count (9 < 1 * 24)
[  139.880482][ T7920] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  140.146372][ T7920] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  140.156287][ T5941] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  140.204271][ T7920] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  140.224852][ T7944] loop4: detected capacity change from 0 to 32768
[  140.242055][ T7920] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  140.247450][ T7944] BTRFS: device fsid 34a2da50-e117-4d40-8878-8e0fb0127b5f devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.489 (7944)
[  140.280063][ T7937] loop5: detected capacity change from 0 to 40427
[  140.302964][ T7944] BTRFS info (device loop4): first mount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f
[  140.311085][ T7920] syz.6.481: attempt to access beyond end of device
[  140.311085][ T7920] loop6: rw=2049, sector=53248, nr_sectors = 8 limit=40427
[  140.334097][ T5941] usb 3-1: Using ep0 maxpacket: 16
[  140.352792][ T7937] F2FS-fs: heap/no_heap options were deprecated
[  140.359736][ T7944] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm
[  140.371916][ T5941] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  140.384831][ T7219] syz-executor: attempt to access beyond end of device
[  140.384831][ T7219] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  140.399806][ T7937] F2FS-fs (loop5): Insane cp_payload (553648128 >= 504)
[  140.409607][ T7937] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  140.425715][ T5941] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  140.437749][ T7219] CPU: 1 UID: 0 PID: 7219 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  140.437782][ T7219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  140.437794][ T7219] Call Trace:
[  140.437802][ T7219]  <TASK>
[  140.437810][ T7219]  dump_stack_lvl+0x189/0x250
[  140.437841][ T7219]  ? __pfx_dump_stack_lvl+0x10/0x10
[  140.437864][ T7219]  ? __pfx_queue_work_on+0x10/0x10
[  140.437883][ T7219]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  140.437904][ T7219]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  140.437931][ T7219]  f2fs_handle_critical_error+0x37c/0x540
[  140.437962][ T7219]  f2fs_write_end_io+0x886/0xb60
[  140.437987][ T7219]  __submit_merged_bio+0x27a/0x6a0
[  140.438015][ T7219]  __submit_merged_write_cond+0x255/0x530
[  140.438044][ T7219]  f2fs_write_data_pages+0x261d/0x3000
[  140.438090][ T7219]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  140.438126][ T7219]  ? is_bpf_text_address+0x292/0x2b0
[  140.438152][ T7219]  ? is_bpf_text_address+0x26/0x2b0
[  140.438193][ T7219]  ? stack_trace_save+0x9c/0xe0
[  140.438216][ T7219]  ? __pfx_stack_trace_save+0x10/0x10
[  140.438251][ T7219]  ? unwind_next_frame+0xa5/0x2390
[  140.438278][ T7219]  ? filemap_get_folios_tag+0xed/0x630
[  140.438297][ T7219]  ? rcu_is_watching+0x15/0xb0
[  140.438320][ T7219]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  140.438348][ T7219]  do_writepages+0x32b/0x550
[  140.438374][ T7219]  ? rcu_is_watching+0x15/0xb0
[  140.438651][ T7219]  ? do_raw_spin_unlock+0x122/0x240
[  140.438676][ T7219]  filemap_fdatawrite+0x199/0x240
[  140.438705][ T7219]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  140.438759][ T7219]  ? rcu_is_watching+0x15/0xb0
[  140.438780][ T7219]  ? do_raw_spin_unlock+0x122/0x240
[  140.438806][ T7219]  f2fs_sync_dirty_inodes+0x31f/0x830
[  140.438835][ T7219]  f2fs_write_checkpoint+0x93e/0x2440
[  140.438870][ T7219]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  140.438889][ T7219]  ? kasan_record_aux_stack+0xbd/0xd0
[  140.438939][ T7219]  kill_f2fs_super+0x2cc/0x6d0
[  140.438963][ T7219]  ? __pfx_kill_f2fs_super+0x10/0x10
[  140.438990][ T7219]  ? shrinker_free+0x2ce/0x3e0
[  140.439012][ T7219]  deactivate_locked_super+0xb9/0x130
[  140.439037][ T7219]  cleanup_mnt+0x425/0x4c0
[  140.439060][ T7219]  task_work_run+0x1d1/0x260
[  140.439087][ T7219]  ? __pfx_task_work_run+0x10/0x10
[  140.439110][ T7219]  ? __x64_sys_umount+0x122/0x160
[  140.439133][ T7219]  ? __pfx___x64_sys_umount+0x10/0x10
[  140.439157][ T7219]  ? rcu_is_watching+0x15/0xb0
[  140.439178][ T7219]  exit_to_user_mode_loop+0xec/0x130
[  140.439206][ T7219]  do_syscall_64+0x2bd/0x3b0
[  140.439231][ T7219]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.439249][ T7219]  ? clear_bhb_loop+0x60/0xb0
[  140.439270][ T7219]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.439289][ T7219] RIP: 0033:0x7f405d18ff17
[  140.439308][ T7219] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  140.439327][ T7219] RSP: 002b:00007ffd3fb383a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  140.439350][ T7219] RAX: 0000000000000000 RBX: 00007f405d211c05 RCX: 00007f405d18ff17
[  140.439366][ T7219] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd3fb38460
[  140.439378][ T7219] RBP: 00007ffd3fb38460 R08: 0000000000000000 R09: 0000000000000000
[  140.439391][ T7219] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd3fb394f0
[  140.439403][ T7219] R13: 00007f405d211c05 R14: 0000000000022409 R15: 00007ffd3fb39530
[  140.439427][ T7219]  </TASK>
[  140.439437][ T7219] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  140.493627][ T5941] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  140.493681][ T5941] usb 3-1: New USB device found, idVendor=054c, idProduct=1000, bcdDevice= 0.00
[  140.638278][ T7937] F2FS-fs (loop5): invalid crc value
[  140.807708][ T5941] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  140.931183][ T7937] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  140.942530][ T5941] usb 3-1: config 0 descriptor??
[  140.954711][ T7937] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  140.963658][ T7944] BTRFS info (device loop4): enabling ssd optimizations
[  140.971827][ T7944] BTRFS info (device loop4): enabling free space tree
[  141.012420][ T7937] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  141.144051][ T7944] BTRFS info (device loop4): setting compat-ro feature flag for VERITY (0x4)
[  141.191837][   T30] audit: type=1800 audit(1755642030.149:40): pid=7937 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.486" name="file1" dev="loop5" ino=10 res=0 errno=0
[  141.303567][ T6379] syz-executor: attempt to access beyond end of device
[  141.303567][ T6379] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  141.324709][ T5856] BTRFS info (device loop4): last unmount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f
[  141.339503][ T6379] CPU: 1 UID: 0 PID: 6379 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  141.339534][ T6379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  141.339547][ T6379] Call Trace:
[  141.339554][ T6379]  <TASK>
[  141.339563][ T6379]  dump_stack_lvl+0x189/0x250
[  141.339595][ T6379]  ? __pfx_dump_stack_lvl+0x10/0x10
[  141.339616][ T6379]  ? rcu_is_watching+0x15/0xb0
[  141.339635][ T6379]  ? __pfx_queue_work_on+0x10/0x10
[  141.339655][ T6379]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  141.339677][ T6379]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  141.339705][ T6379]  ? f2fs_hw_is_readonly+0x39b/0x470
[  141.339735][ T6379]  f2fs_handle_critical_error+0x37c/0x540
[  141.339765][ T6379]  f2fs_write_end_io+0x886/0xb60
[  141.339790][ T6379]  __submit_merged_bio+0x27a/0x6a0
[  141.339819][ T6379]  f2fs_submit_page_write+0xe16/0x21b0
[  141.339855][ T6379]  ? __f2fs_is_valid_blkaddr+0xd2a/0x14f0
[  141.339888][ T6379]  do_write_page+0x40f/0xac0
[  141.339908][ T6379]  ? f2fs_encrypt_one_page+0xaf/0x940
[  141.339935][ T6379]  f2fs_outplace_write_data+0x11a/0x220
[  141.339958][ T6379]  f2fs_do_write_data_page+0x113e/0x1650
[  141.339991][ T6379]  ? __pfx_f2fs_do_write_data_page+0x10/0x10
[  141.340016][ T6379]  ? css_rstat_updated+0x23a/0x4f0
[  141.340043][ T6379]  f2fs_write_single_data_page+0xa68/0x16a0
[  141.340078][ T6379]  ? __pfx_f2fs_write_single_data_page+0x10/0x10
[  141.340115][ T6379]  ? mlock_drain_local+0x79/0x490
[  141.340134][ T6379]  ? mlock_drain_local+0x28e/0x490
[  141.340155][ T6379]  f2fs_write_data_pages+0x195b/0x3000
[  141.340199][ T6379]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  141.340247][ T6379]  ? __mod_zone_page_state+0xd7/0x140
[  141.340276][ T6379]  ? folios_put_refs+0x560/0x640
[  141.340300][ T6379]  ? __pfx_folios_put_refs+0x10/0x10
[  141.340319][ T6379]  ? rcu_is_watching+0x15/0xb0
[  141.340339][ T6379]  ? lru_add+0xa2f/0xd80
[  141.340357][ T6379]  ? lru_add+0x198/0xd80
[  141.340386][ T6379]  ? folio_batch_move_lru+0x319/0x3a0
[  141.340410][ T6379]  ? filemap_get_folios_tag+0xed/0x630
[  141.340429][ T6379]  ? rcu_is_watching+0x15/0xb0
[  141.340451][ T6379]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  141.340480][ T6379]  do_writepages+0x32b/0x550
[  141.340505][ T6379]  ? rcu_is_watching+0x15/0xb0
[  141.340527][ T6379]  ? do_raw_spin_unlock+0x122/0x240
[  141.340553][ T6379]  filemap_fdatawrite+0x199/0x240
[  141.340579][ T6379]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  141.340623][ T6379]  ? rcu_is_watching+0x15/0xb0
[  141.340642][ T6379]  ? do_raw_spin_unlock+0x122/0x240
[  141.340665][ T6379]  f2fs_sync_dirty_inodes+0x31f/0x830
[  141.340690][ T6379]  f2fs_write_checkpoint+0x93e/0x2440
[  141.340720][ T6379]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  141.340761][ T6379]  kill_f2fs_super+0x2cc/0x6d0
[  141.340781][ T6379]  ? __pfx_kill_f2fs_super+0x10/0x10
[  141.340805][ T6379]  ? shrinker_free+0x2ce/0x3e0
[  141.340827][ T6379]  deactivate_locked_super+0xb9/0x130
[  141.340852][ T6379]  cleanup_mnt+0x425/0x4c0
[  141.340876][ T6379]  task_work_run+0x1d1/0x260
[  141.340904][ T6379]  ? __pfx_task_work_run+0x10/0x10
[  141.340929][ T6379]  ? __x64_sys_umount+0x122/0x160
[  141.340953][ T6379]  ? __pfx___x64_sys_umount+0x10/0x10
[  141.340978][ T6379]  ? rcu_is_watching+0x15/0xb0
[  141.340999][ T6379]  exit_to_user_mode_loop+0xec/0x130
[  141.341028][ T6379]  do_syscall_64+0x2bd/0x3b0
[  141.341053][ T6379]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.341072][ T6379]  ? clear_bhb_loop+0x60/0xb0
[  141.341093][ T6379]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.341111][ T6379] RIP: 0033:0x7f975158ff17
[  141.341130][ T6379] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  141.341148][ T6379] RSP: 002b:00007ffd19740158 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  141.341172][ T6379] RAX: 0000000000000000 RBX: 00007f9751611c05 RCX: 00007f975158ff17
[  141.341187][ T6379] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd19740210
[  141.341200][ T6379] RBP: 00007ffd19740210 R08: 0000000000000000 R09: 0000000000000000
[  141.341212][ T6379] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd197412a0
[  141.341226][ T6379] R13: 00007f9751611c05 R14: 0000000000022772 R15: 00007ffd197412e0
[  141.341248][ T6379]  </TASK>
[  141.757960][    C1] vkms_vblank_simulate: vblank timer overrun
[  141.777661][ T6379] F2FS-fs (loop5): Remounting filesystem read-only
[  141.796007][ T5941] sony 0003:054C:1000.0005: unknown main item tag 0x4
[  141.812242][ T6379] syz-executor: attempt to access beyond end of device
[  141.812242][ T6379] loop5: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  141.851736][ T5941] sony 0003:054C:1000.0005: hidraw0: USB HID v0.00 Device [HID 054c:1000] on usb-dummy_hcd.2-1/input0
[  141.866701][ T8009] loop6: detected capacity change from 0 to 8
[  141.875118][ T6379] CPU: 1 UID: 0 PID: 6379 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  141.875148][ T6379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  141.875161][ T6379] Call Trace:
[  141.875169][ T6379]  <TASK>
[  141.875177][ T6379]  dump_stack_lvl+0x189/0x250
[  141.875208][ T6379]  ? __pfx_dump_stack_lvl+0x10/0x10
[  141.875230][ T6379]  ? __pfx_queue_work_on+0x10/0x10
[  141.875249][ T6379]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  141.875271][ T6379]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  141.875294][ T6379]  f2fs_handle_critical_error+0x37c/0x540
[  141.875335][ T6379]  f2fs_write_end_io+0x886/0xb60
[  141.875384][ T6379]  __submit_merged_bio+0x27a/0x6a0
[  141.875430][ T6379]  __submit_merged_write_cond+0x255/0x530
[  141.875476][ T6379]  f2fs_write_single_data_page+0x11c2/0x16a0
[  141.875514][ T6379]  ? __pfx_f2fs_write_single_data_page+0x10/0x10
[  141.875548][ T6379]  ? mlock_drain_local+0x79/0x490
[  141.875567][ T6379]  ? mlock_drain_local+0x28e/0x490
[  141.875587][ T6379]  f2fs_write_data_pages+0x195b/0x3000
[  141.875648][ T6379]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  141.875696][ T6379]  ? __mod_zone_page_state+0xd7/0x140
[  141.875727][ T6379]  ? folios_put_refs+0x560/0x640
[  141.875751][ T6379]  ? __pfx_folios_put_refs+0x10/0x10
[  141.875770][ T6379]  ? rcu_is_watching+0x15/0xb0
[  141.875789][ T6379]  ? lru_add+0xa2f/0xd80
[  141.875808][ T6379]  ? lru_add+0x198/0xd80
[  141.875826][ T6379]  ? folio_batch_move_lru+0x319/0x3a0
[  141.875849][ T6379]  ? filemap_get_folios_tag+0xed/0x630
[  141.875867][ T6379]  ? rcu_is_watching+0x15/0xb0
[  141.875887][ T6379]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  141.875913][ T6379]  do_writepages+0x32b/0x550
[  141.875939][ T6379]  ? rcu_is_watching+0x15/0xb0
[  141.875960][ T6379]  ? do_raw_spin_unlock+0x122/0x240
[  141.875983][ T6379]  filemap_fdatawrite+0x199/0x240
[  141.876009][ T6379]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  141.876049][ T6379]  ? rcu_is_watching+0x15/0xb0
[  141.876070][ T6379]  ? do_raw_spin_unlock+0x122/0x240
[  141.876094][ T6379]  f2fs_sync_dirty_inodes+0x31f/0x830
[  141.876119][ T6379]  f2fs_write_checkpoint+0x93e/0x2440
[  141.876152][ T6379]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  141.876198][ T6379]  kill_f2fs_super+0x2cc/0x6d0
[  141.876221][ T6379]  ? __pfx_kill_f2fs_super+0x10/0x10
[  141.876247][ T6379]  ? shrinker_free+0x2ce/0x3e0
[  141.876269][ T6379]  deactivate_locked_super+0xb9/0x130
[  141.876293][ T6379]  cleanup_mnt+0x425/0x4c0
[  141.876315][ T6379]  task_work_run+0x1d1/0x260
[  141.876343][ T6379]  ? __pfx_task_work_run+0x10/0x10
[  141.876366][ T6379]  ? __x64_sys_umount+0x122/0x160
[  141.876391][ T6379]  ? __pfx___x64_sys_umount+0x10/0x10
[  141.876416][ T6379]  ? rcu_is_watching+0x15/0xb0
[  141.876437][ T6379]  exit_to_user_mode_loop+0xec/0x130
[  141.876464][ T6379]  do_syscall_64+0x2bd/0x3b0
[  141.876498][ T6379]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.876518][ T6379]  ? clear_bhb_loop+0x60/0xb0
[  141.876540][ T6379]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.876558][ T6379] RIP: 0033:0x7f975158ff17
[  141.876576][ T6379] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  141.876594][ T6379] RSP: 002b:00007ffd19740158 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  141.876624][ T6379] RAX: 0000000000000000 RBX: 00007f9751611c05 RCX: 00007f975158ff17
[  141.876639][ T6379] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd19740210
[  141.876652][ T6379] RBP: 00007ffd19740210 R08: 0000000000000000 R09: 0000000000000000
[  141.876664][ T6379] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd197412a0
[  141.876677][ T6379] R13: 00007f9751611c05 R14: 0000000000022772 R15: 00007ffd197412e0
[  141.876698][ T6379]  </TASK>
[  141.876707][ T6379] F2FS-fs (loop5): Remounting filesystem read-only
[  141.920732][ T5941] sony 0003:054C:1000.0005: failed to claim input
[  142.103055][ T7998] loop3: detected capacity change from 0 to 32768
[  142.284080][ T7998] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.496 (7998)
[  142.315103][ T7998] BTRFS info (device loop3): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  142.357755][ T7998] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  142.563997][ T5941] usb 3-1: USB disconnect, device number 6
[  142.651274][ T7998] BTRFS info (device loop3): enabling ssd optimizations
[  142.694342][ T7998] BTRFS info (device loop3): enabling free space tree
[  142.755407][ T8039] loop4: detected capacity change from 0 to 1024
[  142.837139][   T30] audit: type=1800 audit(1755642031.799:41): pid=7998 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.496" name="file1" dev="loop3" ino=260 res=0 errno=0
[  142.837730][ T8039] hfsplus: xattr searching failed
[  142.859060][    C1] vkms_vblank_simulate: vblank timer overrun
[  143.163659][ T5867] BTRFS info (device loop3): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  143.322517][ T1174] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  143.414431][   T51] Bluetooth: hci0: unexpected event for opcode 0x041c
[  143.532258][ T1174] usb 7-1: Using ep0 maxpacket: 32
[  143.573186][ T1174] usb 7-1: New USB device found, idVendor=0403, idProduct=fa78, bcdDevice= 0.06
[  143.590864][ T1174] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  143.612673][ T1174] usb 7-1: SerialNumber: syz
[  143.619534][ T1174] usb 7-1: config 0 descriptor??
[  143.628342][ T1174] ftdi_sio 7-1:0.0: FTDI USB Serial Device converter detected
[  143.650314][ T8072] syzkaller1: entered promiscuous mode
[  143.658959][ T1174] usb 7-1: Detected SIO
[  143.681039][ T1174] usb 7-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  143.683024][ T8072] syzkaller1: entered allmulticast mode
[  143.850687][ T1174] usb 7-1: USB disconnect, device number 2
[  143.863776][ T1174] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  143.889512][ T1174] ftdi_sio 7-1:0.0: device disconnected
[  144.274539][ T8091] loop3: detected capacity change from 0 to 8192
[  144.361123][ T8083] loop5: detected capacity change from 0 to 32768
[  144.376773][ T8083] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.513 (8083)
[  144.487363][ T8083] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  144.519392][ T8083] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm
[  144.659520][ T5231] udevd[5231]: worker [7086] terminated by signal 33 (Unknown signal 33)
[  144.668816][ T5231] udevd[5231]: worker [7086] failed while handling '/devices/virtual/block/loop5'
[  144.713028][ T5941] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  144.778257][ T8083] BTRFS info (device loop5): enabling ssd optimizations
[  144.792160][ T8083] BTRFS info (device loop5): enabling free space tree
[  144.887066][ T5941] usb 3-1: Using ep0 maxpacket: 32
[  144.962478][ T5941] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 14385, setting to 1024
[  145.003426][ T5941] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  145.003633][ T5231] udevd[5231]: worker [6027] terminated by signal 33 (Unknown signal 33)
[  145.029938][ T5941] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  145.042610][ T5941] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  145.042877][ T6379] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  145.061177][ T5941] usb 3-1: Product: syz
[  145.080204][ T5231] udevd[5231]: worker [6027] failed while handling '/devices/virtual/block/loop5'
[  145.090621][ T5941] usb 3-1: Manufacturer: syz
[  145.112125][ T5941] usb 3-1: SerialNumber: syz
[  145.135648][ T5941] usb 3-1: config 0 descriptor??
[  145.145398][ T8125] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  145.314561][ T8164] loop3: detected capacity change from 0 to 32768
[  145.361827][ T8164] XFS (loop3): Mounting V5 Filesystem 6b3d8c96-b8b2-4f73-8344-2893082bca0b
[  145.445545][ T8164] XFS (loop3): Ending clean mount
[  145.597488][ T5941] usb 3-1: USB disconnect, device number 7
[  145.626329][ T8204] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  145.656985][ T5867] XFS (loop3): Unmounting Filesystem 6b3d8c96-b8b2-4f73-8344-2893082bca0b
[  145.667661][ T8204] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  145.683619][ T8204] overlayfs: conflicting lowerdir path
[  145.926408][ T8216] input: syz1 as /devices/virtual/input/input6
[  146.243703][ T8229] loop6: detected capacity change from 0 to 2048
[  146.336452][ T8219] loop5: detected capacity change from 0 to 32768
[  146.353830][ T8229] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  146.455578][ T8219] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  146.521456][ T8241] loop4: detected capacity change from 0 to 4096
[  146.583962][ T8219] XFS (loop5): Ending clean mount
[  146.599870][ T8219] XFS (loop5): Quotacheck needed: Please wait.
[  146.657677][ T8219] XFS (loop5): Quotacheck: Done.
[  146.723055][ T7219] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  146.889377][ T6379] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  146.905598][   T30] audit: type=1326 audit(1755642035.869:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8251 comm="syz.4.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8de8d8ebe9 code=0x7ffc0000
[  146.979503][   T30] audit: type=1326 audit(1755642035.889:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8251 comm="syz.4.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8de8d8ebe9 code=0x7ffc0000
[  146.991150][ T8227] loop3: detected capacity change from 0 to 32768
[  147.050796][   T30] audit: type=1326 audit(1755642035.889:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8251 comm="syz.4.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f8de8d8ebe9 code=0x7ffc0000
[  147.102584][   T30] audit: type=1326 audit(1755642035.889:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8251 comm="syz.4.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8de8d8ebe9 code=0x7ffc0000
[  147.152167][   T30] audit: type=1326 audit(1755642035.889:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8251 comm="syz.4.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8de8d8ebe9 code=0x7ffc0000
[  147.195385][   T30] audit: type=1326 audit(1755642035.889:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8251 comm="syz.4.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8de8d8ebe9 code=0x7ffc0000
[  147.200112][ T8227] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  147.218098][   T30] audit: type=1326 audit(1755642035.889:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8251 comm="syz.4.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8de8d8ebe9 code=0x7ffc0000
[  147.249932][   T30] audit: type=1326 audit(1755642035.899:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8251 comm="syz.4.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8de8d8ebe9 code=0x7ffc0000
[  147.285022][   T30] audit: type=1326 audit(1755642035.899:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8251 comm="syz.4.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f8de8d8ebe9 code=0x7ffc0000
[  147.307949][   T30] audit: type=1326 audit(1755642035.899:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8251 comm="syz.4.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8de8d8ebe9 code=0x7ffc0000
[  147.364942][ T8264] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  147.377418][ T8258] loop4: detected capacity change from 0 to 4096
[  147.452235][   T51] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  147.461139][   T51] Bluetooth: hci0: Injecting HCI hardware error event
[  147.468844][   T51] Bluetooth: hci0: hardware error 0x00
[  147.477692][ T8227] XFS (loop3): Ending clean mount
[  147.492079][ T8271] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  147.522662][ T8227] XFS (loop3): Quotacheck needed: Please wait.
[  147.559444][ T8256] loop2: detected capacity change from 0 to 32768
[  147.623788][ T8256] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  147.636635][ T8227] XFS (loop3): Quotacheck: Done.
[  147.784066][ T8256] XFS (loop2): Ending clean mount
[  147.801832][ T5867] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  147.838252][ T8256] XFS (loop2): Quotacheck needed: Please wait.
[  147.878132][ T8256] XFS (loop2): Quotacheck: Done.
[  148.105484][ T5854] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  148.331296][ T8286] loop5: detected capacity change from 0 to 32768
[  148.358056][ T8286] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.553 (8286)
[  148.416875][ T8286] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  148.483010][ T8286] BTRFS info (device loop5): using crc32c (crc32c-lib) checksum algorithm
[  148.708258][ T8286] BTRFS info (device loop5): allowing degraded mounts
[  148.740766][ T8286] BTRFS info (device loop5): enabling ssd optimizations
[  148.748436][ T5913] usb 3-1: new full-speed USB device number 8 using dummy_hcd
[  148.772561][ T8286] BTRFS info (device loop5): enabling free space tree
[  148.812109][ T8286] BTRFS info (device loop5): force zlib compression, level 3
[  148.930617][ T8348] loop4: detected capacity change from 0 to 128
[  148.962858][ T5913] usb 3-1: config 0 has an invalid interface number: 93 but max is 0
[  148.981403][ T5913] usb 3-1: config 0 has no interface number 0
[  149.021201][ T5913] usb 3-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65
[  149.039014][ T5913] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=67
[  149.041142][ T6379] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  149.068612][ T8350] netlink: 12 bytes leftover after parsing attributes in process `syz.6.568'.
[  149.077860][ T5913] usb 3-1: Product: syz
[  149.082548][ T5913] usb 3-1: Manufacturer: syz
[  149.087175][ T5913] usb 3-1: SerialNumber: syz
[  149.104565][ T5913] usb 3-1: config 0 descriptor??
[  149.313761][ T5913] dvb-usb: found a 'DiBcom TFE7090PVR reference design' in warm state.
[  149.339132][ T5913] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  149.360065][ T5913] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  149.404235][ T5913] usb 3-1: media controller created
[  149.411926][ T5913] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  149.488275][ T8359] syzkaller1: entered promiscuous mode
[  149.516175][ T8359] syzkaller1: entered allmulticast mode
[  149.537501][   T51] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  149.591489][ T8347] loop3: detected capacity change from 0 to 32768
[  149.598969][ T5913] DVB: Unable to find symbol dib7000p_attach()
[  149.614477][ T8347] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.566 (8347)
[  149.651878][ T5913] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  149.671733][ T8347] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  149.704550][ T5913] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  149.731002][ T8352] loop4: detected capacity change from 0 to 32768
[  149.741056][ T8347] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm
[  149.751075][ T5913] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  149.792428][ T5913] usb 3-1: media controller created
[  149.799514][ T5913] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  149.828365][ T8352] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  149.912823][ T5913] dib0700: the master dib7090 has to be initialized first
[  149.972362][ T5913] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  150.007452][ T8347] BTRFS info (device loop3): rebuilding free space tree
[  150.087061][ T5856] ocfs2: Unmounting device (7,4) on (node local)
[  150.087542][ T8347] BTRFS info (device loop3): allowing degraded mounts
[  150.152217][ T8347] BTRFS info (device loop3): enabling ssd optimizations
[  150.182110][ T8347] BTRFS info (device loop3): enabling free space tree
[  150.189151][ T8347] BTRFS info (device loop3): force clearing of disk cache
[  150.196637][ T5913] rc_core: IR keymap rc-dib0700-rc5 not found
[  150.212239][ T8347] BTRFS info (device loop3): use zstd compression, level 3
[  150.228706][ T5913] Registered IR keymap rc-empty
[  150.249119][ T8395] netlink: 104 bytes leftover after parsing attributes in process `syz.4.574'.
[  150.249186][ T5913] dvb-usb: could not initialize remote control.
[  150.262115][ T8347] BTRFS info (device loop3): max_inline set to 0
[  150.312006][ T5913] dvb-usb: DiBcom TFE7090PVR reference design successfully initialized and connected.
[  150.383466][ T5913] usb 3-1: USB disconnect, device number 8
[  150.479140][ T5913] dvb-usb: DiBcom TFE7090PVR reference design successfully deinitialized and disconnected.
[  150.730938][ T5867] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  151.351741][ T8422] input: syz0 as /devices/virtual/input/input8
[  151.400099][ T8422] input: failed to attach handler leds to device input8, error: -6
[  151.655542][ T8424] netlink: 28 bytes leftover after parsing attributes in process `syz.2.585'.
[  151.687396][ T8420] io-wq is not configured for unbound workers
[  152.357736][ T8434] loop3: detected capacity change from 0 to 4096
[  152.391538][ T8434] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512).
[  152.450882][ T8434] ntfs3(loop3): Failed to load $Extend (-22).
[  152.478455][ T8434] ntfs3(loop3): Failed to initialize $Extend.
[  152.712100][ T8452] loop5: detected capacity change from 0 to 512
[  152.778531][ T8452] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  152.821691][ T8452] EXT4-fs (loop5): 1 truncate cleaned up
[  152.884358][ T8452] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  152.945203][ T6379] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  153.229480][ T8480] loop6: detected capacity change from 0 to 256
[  153.232076][ T5941] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  153.248208][ T8480] vfat: Bad value for 'shortname'
[  153.393558][ T5941] usb 5-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  153.410853][ T5941] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  153.432149][   T10] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  153.454060][ T5941] usb 5-1: config 0 descriptor??
[  153.474423][ T5941] gspca_main: cpia1-2.14.0 probing 0813:0001
[  153.593655][ T8466] loop3: detected capacity change from 0 to 40427
[  153.622192][   T10] usb 6-1: Using ep0 maxpacket: 32
[  153.627684][ T8466] F2FS-fs (loop3): invalid crc value
[  153.645038][   T10] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  153.671862][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  153.700733][   T10] usb 6-1: config 0 descriptor??
[  153.745593][ T8466] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  153.768479][ T8466] F2FS-fs (loop3): Start checkpoint disabled!
[  153.804598][ T8466] F2FS-fs (loop3): f2fs_disable_checkpoint() finish, err:0
[  153.833032][ T8466] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  153.868454][ T5941] cpia1 5-1:0.0: unexpected state after lo power cmd: 00
[  153.900714][ T1162] kworker/u8:5: attempt to access beyond end of device
[  153.900714][ T1162] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  153.917550][ T8483] loop6: detected capacity change from 0 to 40427
[  153.918573][ T1162] CPU: 0 UID: 0 PID: 1162 Comm: kworker/u8:5 Not tainted syzkaller #0 PREEMPT(full) 
[  153.918597][ T1162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  153.918610][ T1162] Workqueue: writeback wb_workfn (flush-7:3)
[  153.918646][ T1162] Call Trace:
[  153.918654][ T1162]  <TASK>
[  153.918661][ T1162]  dump_stack_lvl+0x189/0x250
[  153.918688][ T1162]  ? __pfx_dump_stack_lvl+0x10/0x10
[  153.918708][ T1162]  ? __pfx_queue_work_on+0x10/0x10
[  153.918727][ T1162]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  153.918747][ T1162]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  153.918771][ T1162]  f2fs_handle_critical_error+0x37c/0x540
[  153.918799][ T1162]  f2fs_write_end_io+0x886/0xb60
[  153.918823][ T1162]  __submit_merged_bio+0x27a/0x6a0
[  153.918849][ T1162]  __submit_merged_write_cond+0x255/0x530
[  153.918875][ T1162]  f2fs_write_data_pages+0x261d/0x3000
[  153.918916][ T1162]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  153.918947][ T1162]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  153.918981][ T1162]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  153.919010][ T1162]  ? trace_f2fs_writepages+0x7f/0x200
[  153.919034][ T1162]  ? f2fs_write_node_pages+0x478/0x6e0
[  153.919058][ T1162]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  153.919082][ T1162]  ? f2fs_update_inode+0x13d9/0x2620
[  153.919105][ T1162]  ? f2fs_write_inode+0x3fb/0x5f0
[  153.919127][ T1162]  ? __pfx_f2fs_balance_fs+0x10/0x10
[  153.919151][ T1162]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  153.919177][ T1162]  do_writepages+0x32b/0x550
[  153.919201][ T1162]  ? unwind_next_frame+0xa5/0x2390
[  153.919236][ T1162]  __writeback_single_inode+0x145/0xff0
[  153.919259][ T1162]  ? do_raw_spin_unlock+0x122/0x240
[  153.919283][ T1162]  writeback_sb_inodes+0x6c7/0x1010
[  153.919312][ T1162]  ? fprop_reflect_period_percpu+0x6b/0x330
[  153.919335][ T1162]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  153.919374][ T1162]  ? rcu_is_watching+0x15/0xb0
[  153.919396][ T1162]  wb_writeback+0x43b/0xaf0
[  153.919420][ T1162]  ? queue_io+0x3b1/0x590
[  153.919442][ T1162]  ? __pfx_wb_writeback+0x10/0x10
[  153.919466][ T1162]  ? rcu_is_watching+0x15/0xb0
[  153.919485][ T1162]  wb_workfn+0x409/0xef0
[  153.919509][ T1162]  ? __pfx_wb_workfn+0x10/0x10
[  153.919526][ T1162]  ? rcu_is_watching+0x15/0xb0
[  153.919544][ T1162]  ? rcu_is_watching+0x15/0xb0
[  153.919564][ T1162]  ? process_scheduled_works+0x9ef/0x17b0
[  153.919580][ T1162]  ? rcu_is_watching+0x15/0xb0
[  153.919596][ T1162]  ? lock_acquire+0x5f/0x360
[  153.919623][ T1162]  ? rcu_is_watching+0x15/0xb0
[  153.919638][ T1162]  ? process_scheduled_works+0x9ef/0x17b0
[  153.919654][ T1162]  ? process_scheduled_works+0x9ef/0x17b0
[  153.919672][ T1162]  process_scheduled_works+0xae1/0x17b0
[  153.919702][ T1162]  ? __pfx_process_scheduled_works+0x10/0x10
[  153.919727][ T1162]  worker_thread+0x8a0/0xda0
[  153.919746][ T1162]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  153.919767][ T1162]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  153.919786][ T1162]  ? __kthread_parkme+0x7b/0x200
[  153.919810][ T1162]  kthread+0x70e/0x8a0
[  153.919831][ T1162]  ? __pfx_worker_thread+0x10/0x10
[  153.919849][ T1162]  ? __pfx_kthread+0x10/0x10
[  153.919870][ T1162]  ? rcu_is_watching+0x15/0xb0
[  153.919887][ T1162]  ? __pfx_kthread+0x10/0x10
[  153.919908][ T1162]  ret_from_fork+0x3f9/0x770
[  153.919927][ T1162]  ? __pfx_ret_from_fork+0x10/0x10
[  153.919947][ T1162]  ? __switch_to_asm+0x39/0x70
[  153.919969][ T1162]  ? __switch_to_asm+0x33/0x70
[  153.919989][ T1162]  ? __pfx_kthread+0x10/0x10
[  153.920010][ T1162]  ret_from_fork_asm+0x1a/0x30
[  153.920039][ T1162]  </TASK>
[  153.920918][ T1162] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  153.944447][ T8483] F2FS-fs (loop6): invalid crc value
[  153.957376][   T10] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  154.092061][ T5891] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  154.094690][   T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  154.198159][ T8483] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  154.199991][   T10] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  154.206031][ T8483] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  154.212652][   T10] usb 6-1: media controller created
[  154.278661][ T5891] usb 3-1: New USB device found, idVendor=5543, idProduct=0047, bcdDevice= 0.00
[  154.303101][ T5941] gspca_cpia1: usb_control_msg 02, error -32
[  154.326501][ T5891] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  154.377292][ T7219] syz-executor: attempt to access beyond end of device
[  154.377292][ T7219] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  154.381184][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  154.398762][ T7219] CPU: 1 UID: 0 PID: 7219 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  154.398792][ T7219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  154.398803][ T7219] Call Trace:
[  154.398810][ T7219]  <TASK>
[  154.398817][ T7219]  dump_stack_lvl+0x189/0x250
[  154.398846][ T7219]  ? __pfx_dump_stack_lvl+0x10/0x10
[  154.398866][ T7219]  ? __pfx_queue_work_on+0x10/0x10
[  154.398885][ T7219]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  154.398904][ T7219]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  154.398928][ T7219]  f2fs_handle_critical_error+0x37c/0x540
[  154.398958][ T7219]  f2fs_write_end_io+0x886/0xb60
[  154.398982][ T7219]  __submit_merged_bio+0x27a/0x6a0
[  154.399008][ T7219]  __submit_merged_write_cond+0x255/0x530
[  154.399033][ T7219]  f2fs_write_data_pages+0x261d/0x3000
[  154.399073][ T7219]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  154.399105][ T7219]  ? is_bpf_text_address+0x292/0x2b0
[  154.399141][ T7219]  ? __mod_zone_page_state+0xd7/0x140
[  154.399169][ T7219]  ? folios_put_refs+0x560/0x640
[  154.399193][ T7219]  ? __pfx_folios_put_refs+0x10/0x10
[  154.399230][ T7219]  ? rcu_is_watching+0x15/0xb0
[  154.399249][ T7219]  ? lru_add+0xa2f/0xd80
[  154.399266][ T7219]  ? lru_add+0x198/0xd80
[  154.399285][ T7219]  ? do_raw_spin_lock+0x121/0x290
[  154.399311][ T7219]  ? do_raw_spin_unlock+0x122/0x240
[  154.399332][ T7219]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  154.399359][ T7219]  do_writepages+0x32b/0x550
[  154.399383][ T7219]  ? rcu_is_watching+0x15/0xb0
[  154.399402][ T7219]  ? do_raw_spin_unlock+0x122/0x240
[  154.399425][ T7219]  filemap_fdatawrite+0x199/0x240
[  154.399449][ T7219]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  154.399489][ T7219]  ? rcu_is_watching+0x15/0xb0
[  154.399508][ T7219]  ? do_raw_spin_unlock+0x122/0x240
[  154.399530][ T7219]  f2fs_sync_dirty_inodes+0x31f/0x830
[  154.399555][ T7219]  f2fs_write_checkpoint+0x93e/0x2440
[  154.399572][ T7219]  ? stack_depot_save_flags+0x40/0x860
[  154.399610][ T7219]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  154.399645][ T7219]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  154.399662][ T7219]  ? kfree+0x18e/0x440
[  154.399688][ T7219]  kill_f2fs_super+0x2cc/0x6d0
[  154.399707][ T7219]  ? __pfx_kill_f2fs_super+0x10/0x10
[  154.399732][ T7219]  ? shrinker_free+0x2ce/0x3e0
[  154.399752][ T7219]  deactivate_locked_super+0xb9/0x130
[  154.399773][ T7219]  cleanup_mnt+0x425/0x4c0
[  154.399794][ T7219]  task_work_run+0x1d1/0x260
[  154.399820][ T7219]  ? __pfx_task_work_run+0x10/0x10
[  154.399841][ T7219]  ? __x64_sys_umount+0x122/0x160
[  154.399863][ T7219]  ? __pfx___x64_sys_umount+0x10/0x10
[  154.399886][ T7219]  ? rcu_is_watching+0x15/0xb0
[  154.399905][ T7219]  exit_to_user_mode_loop+0xec/0x130
[  154.399929][ T7219]  do_syscall_64+0x2bd/0x3b0
[  154.399952][ T7219]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.399969][ T7219]  ? clear_bhb_loop+0x60/0xb0
[  154.399989][ T7219]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.400006][ T7219] RIP: 0033:0x7f405d18ff17
[  154.400023][ T7219] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  154.400039][ T7219] RSP: 002b:00007ffd3fb383a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  154.400060][ T7219] RAX: 0000000000000000 RBX: 00007f405d211c05 RCX: 00007f405d18ff17
[  154.400073][ T7219] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd3fb38460
[  154.400084][ T7219] RBP: 00007ffd3fb38460 R08: 0000000000000000 R09: 0000000000000000
[  154.400096][ T7219] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd3fb394f0
[  154.400108][ T7219] R13: 00007f405d211c05 R14: 0000000000025acb R15: 00007ffd3fb39530
[  154.400128][ T7219]  </TASK>
[  154.400136][ T7219] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  154.458376][ T5941] gspca_cpia1: usb_control_msg 02, error -71
[  154.458404][ T5941] cpia1 5-1:0.0: only firmware version 1 is supported (got: 0)
[  154.464695][ T5941] usb 5-1: USB disconnect, device number 5
[  154.475129][ T5891] usb 3-1: config 0 descriptor??
[  154.544677][   T10] az6027: usb out operation failed. (-71)
[  154.826540][   T10] az6027: usb out operation failed. (-71)
[  154.833583][   T10] stb0899_attach: Driver disabled by Kconfig
[  154.839862][   T10] az6027: no front-end attached
[  154.839862][   T10] 
[  154.847399][   T10] az6027: usb out operation failed. (-71)
[  154.853266][   T10] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  154.864799][   T10] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input9
[  154.890049][   T10] dvb-usb: schedule remote query interval to 400 msecs.
[  154.904667][   T24] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  154.909674][   T10] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  154.935104][   T10] usb 6-1: USB disconnect, device number 3
[  154.993650][   T10] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  155.087201][   T24] usb 4-1: config index 0 descriptor too short (expected 45, got 36)
[  155.106128][   T24] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  155.143991][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  155.158811][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  155.175083][ T5891] usb 3-1: string descriptor 0 read error: -71
[  155.189174][ T5891] uclogic 0003:5543:0047.0006: failed retrieving string descriptor #200: -71
[  155.199616][   T24] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  155.215260][ T5891] uclogic 0003:5543:0047.0006: failed retrieving pen parameters: -71
[  155.235567][ T5891] uclogic 0003:5543:0047.0006: failed probing pen v2 parameters: -71
[  155.267249][   T24] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  155.280435][ T8511] netlink: 20 bytes leftover after parsing attributes in process `syz.6.624'.
[  155.289698][ T5891] uclogic 0003:5543:0047.0006: failed probing parameters: -71
[  155.289790][ T5891] uclogic 0003:5543:0047.0006: probe with driver uclogic failed with error -71
[  155.297530][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  155.298447][ T5891] usb 3-1: USB disconnect, device number 9
[  155.351394][   T24] usb 4-1: config 0 descriptor??
[  155.373839][ T8501] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  155.501536][ T8515] loop4: detected capacity change from 0 to 4096
[  155.542678][ T8516] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  155.830348][   T24] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  155.839086][   T24] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  155.853746][   T24] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  155.869555][   T24] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  155.888160][   T24] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  155.919326][   T24] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  155.956118][   T24] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  156.040112][ T8526] loop4: detected capacity change from 0 to 512
[  156.063742][ T8526] EXT4-fs (loop4): Test dummy encryption mode enabled
[  156.095299][ T8526] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  156.150824][ T8526] EXT4-fs error (device loop4): ext4_orphan_get:1418: comm syz.4.630: bad orphan inode 131083
[  156.163581][   T10] usb 4-1: USB disconnect, device number 9
[  156.227601][ T8526] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  156.325003][ T5856] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  156.465469][ T8546] netlink: 4 bytes leftover after parsing attributes in process `syz.6.636'.
[  156.618712][ T8554] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  156.629651][ T8556] loop6: detected capacity change from 0 to 64
[  156.984827][ T8568] loop3: detected capacity change from 0 to 2048
[  158.061200][ T8590] loop4: detected capacity change from 0 to 32768
[  158.257626][ T8590] JBD2: Ignoring recovery information on journal
[  158.437266][ T8590] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  158.643402][ T5891] kernel read not supported for file /swradio1 (pid: 5891 comm: kworker/1:3)
[  158.732863][ T8577] loop6: detected capacity change from 0 to 262144
[  158.746567][ T8577] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.652 (8577)
[  158.761545][ T8577] BTRFS info (device loop6): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  158.773573][ T8577] BTRFS info (device loop6): using xxhash64 (xxhash64-generic) checksum algorithm
[  158.831612][ T5856] ocfs2: Unmounting device (7,4) on (node local)
[  158.899361][   T12] BTRFS warning (device loop6): checksum verify failed on logical 22036480 mirror 1 wanted 0x23e101be1e001a29 found 0x09049c5cc74d15fb level 0
[  158.920790][ T8634] Dead loop on virtual device ip6_vti0, fix it urgently!
[  158.970697][ T8634] Dead loop on virtual device ip6_vti0, fix it urgently!
[  159.022748][ T8577] BTRFS info (device loop6): enabling ssd optimizations
[  159.030726][ T8577] BTRFS info (device loop6): enabling free space tree
[  159.037904][ T8634] Dead loop on virtual device ip6_vti0, fix it urgently!
[  159.050177][ T8600] loop2: detected capacity change from 0 to 32768
[  159.059731][ T8634] Dead loop on virtual device ip6_vti0, fix it urgently!
[  159.067542][ T8634] Dead loop on virtual device ip6_vti0, fix it urgently!
[  159.076577][ T8634] Dead loop on virtual device ip6_vti0, fix it urgently!
[  159.236958][ T7219] BTRFS info (device loop6): last unmount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  159.619713][ T8665] loop2: detected capacity change from 0 to 1024
[  159.707131][ T8665] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  160.110039][ T8661] loop4: detected capacity change from 0 to 32768
[  160.116327][ T5854] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.162066][ T5891] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  160.290742][   T30] kauditd_printk_skb: 6 callbacks suppressed
[  160.290763][   T30] audit: type=1326 audit(1755642049.249:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8680 comm="syz.5.687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f975158ebe9 code=0x7ffc0000
[  160.393044][ T5891] usb 7-1: config 0 has an invalid interface number: 18 but max is 0
[  160.401309][ T5891] usb 7-1: config 0 has no interface number 0
[  160.442410][   T30] audit: type=1326 audit(1755642049.269:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8680 comm="syz.5.687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f975158ebe9 code=0x7ffc0000
[  160.472219][ T5891] usb 7-1: New USB device found, idVendor=050d, idProduct=011b, bcdDevice=6f.a4
[  160.506123][ T5891] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  160.577955][ T5891] usb 7-1: config 0 descriptor??
[  160.594315][ T5891] usb 7-1: bad CDC descriptors
[  160.808742][ T5891] usb 7-1: USB disconnect, device number 3
[  160.935896][ T8704] loop3: detected capacity change from 0 to 128
[  160.963600][ T8706] netlink: 168 bytes leftover after parsing attributes in process `syz.5.698'.
[  161.009067][ T8704] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  161.104379][ T8704] ext4 filesystem being mounted at /116/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  161.268842][ T5867] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  161.372323][ T8693] loop2: detected capacity change from 0 to 32768
[  161.388193][ T8696] loop4: detected capacity change from 0 to 32768
[  161.406008][ T8693] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.692 (8693)
[  161.409157][ T8713] loop3: detected capacity change from 0 to 2048
[  161.427027][ T8696] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.693 (8696)
[  161.445495][ T8693] BTRFS info (device loop2): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  161.458523][ T8696] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  161.475391][ T8693] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm
[  161.488982][ T8696] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  161.508347][ T8713] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  161.568082][ T8693] BTRFS info (device loop2): rebuilding free space tree
[  161.608837][ T8693] BTRFS info (device loop2): setting nodatasum
[  161.621846][ T8696] BTRFS info (device loop4): rebuilding free space tree
[  161.643493][ T8693] BTRFS info (device loop2): allowing degraded mounts
[  161.650348][ T8693] BTRFS info (device loop2): enabling free space tree
[  161.674829][ T8696] BTRFS info (device loop4): allowing degraded mounts
[  161.684373][ T8715] loop6: detected capacity change from 0 to 32768
[  161.693915][ T8693] BTRFS info (device loop2): force clearing of disk cache
[  161.701189][ T8693] BTRFS info (device loop2): force zlib compression, level 3
[  161.701841][ T8696] BTRFS info (device loop4): enabling ssd optimizations
[  161.708916][ T8715] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.702 (8715)
[  161.729884][ T8696] BTRFS info (device loop4): enabling free space tree
[  161.730954][ T5867] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  161.739414][ T8696] BTRFS info (device loop4): force clearing of disk cache
[  161.754436][ T8696] BTRFS info (device loop4): use zstd compression, level 3
[  161.761834][ T8715] BTRFS info (device loop6): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  161.772342][ T8696] BTRFS info (device loop4): max_inline set to 0
[  161.799201][ T8715] BTRFS info (device loop6): using sha256 (sha256-lib) checksum algorithm
[  161.861823][ T8693] BTRFS info (device loop2): balance: start 
[  161.901191][ T8693] BTRFS info (device loop2): balance: ended with status: 0
[  161.975633][ T8715] BTRFS info (device loop6): enabling ssd optimizations
[  162.016100][ T8715] BTRFS info (device loop6): enabling free space tree
[  162.056722][ T5856] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  162.067487][ T5854] BTRFS info (device loop2): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  162.081536][   T30] audit: type=1326 audit(1755642051.039:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8770 comm="syz.5.706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f975158ebe9 code=0x7ffc0000
[  162.108328][   T30] audit: type=1326 audit(1755642051.049:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8770 comm="syz.5.706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f975158ebe9 code=0x7ffc0000
[  162.132708][   T30] audit: type=1326 audit(1755642051.049:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8770 comm="syz.5.706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f975158ebe9 code=0x7ffc0000
[  162.157421][   T30] audit: type=1326 audit(1755642051.049:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8770 comm="syz.5.706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f975158ebe9 code=0x7ffc0000
[  162.193534][ T7219] BTRFS info (device loop6): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  162.204868][   T30] audit: type=1326 audit(1755642051.049:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8770 comm="syz.5.706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f975158ebe9 code=0x7ffc0000
[  162.228820][   T30] audit: type=1326 audit(1755642051.049:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8770 comm="syz.5.706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f975158ebe9 code=0x7ffc0000
[  162.332508][   T30] audit: type=1326 audit(1755642051.049:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8770 comm="syz.5.706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f975158ebe9 code=0x7ffc0000
[  162.407612][ T8778] loop4: detected capacity change from 0 to 128
[  162.412200][   T30] audit: type=1326 audit(1755642051.049:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8770 comm="syz.5.706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f975158ebe9 code=0x7ffc0000
[  162.426246][ T8778] EXT4-fs: Ignoring removed nobh option
[  162.494316][ T8778] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  162.522438][ T8778] ext4 filesystem being mounted at /167/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  162.628610][ T8784] loop6: detected capacity change from 0 to 4096
[  162.641262][ T8778] fscrypt (loop4, inode 12): Unsupported encryption modes (contents 0, filenames 0)
[  162.679437][ T8784] ntfs3(loop6): ino=18, mi_enum_attr
[  162.692252][ T8784] ntfs3(loop6): Mark volume as dirty due to NTFS errors
[  162.702635][ T5856] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  162.716585][ T8784] ntfs3(loop6): ino=1a, mi_enum_attr
[  162.955744][ T8792] loop6: detected capacity change from 0 to 4096
[  163.012051][ T8792] EXT4-fs (loop6): Test dummy encryption mode enabled
[  163.065546][ T8792] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  163.102278][ T8792] System zones: 0-5
[  163.114242][ T8792] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  163.165838][ T8780] loop2: detected capacity change from 0 to 32768
[  163.229535][ T8780] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  163.242382][ T8780] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  163.262682][ T8780] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms
[  163.299301][ T8797] loop3: detected capacity change from 0 to 32768
[  163.308600][ T5941] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  163.315835][ T5941] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  163.345559][ T7219] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  163.378985][ T8797] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  163.441151][ T5941] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 125ms
[  163.449911][ T5941] gfs2: fsid=syz:syz.0: jid=0: Done
[  163.461799][ T8780] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  163.484583][ T8797] XFS (loop3): Ending clean mount
[  163.496895][ T8797] XFS (loop3): Quotacheck needed: Please wait.
[  163.519515][ T8813] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  163.561658][ T8797] XFS (loop3): Quotacheck: Done.
[  163.760901][ T8780] gfs2: fsid=syz:syz.0: found 1 quota changes
[  163.797931][ T5867] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  163.923275][ T8819] loop5: detected capacity change from 0 to 32768
[  163.933413][ T8809] loop6: detected capacity change from 0 to 32768
[  163.950449][ T8819] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz'
[  163.958014][ T8819] CPU: 1 UID: 0 PID: 8819 Comm: syz.5.723 Not tainted syzkaller #0 PREEMPT(full) 
[  163.958043][ T8819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  163.958055][ T8819] Call Trace:
[  163.958062][ T8819]  <TASK>
[  163.958070][ T8819]  dump_stack_lvl+0x189/0x250
[  163.958100][ T8819]  ? __pfx_dump_stack_lvl+0x10/0x10
[  163.958124][ T8819]  ? __pfx__printk+0x10/0x10
[  163.958146][ T8819]  ? kernfs_root+0x1c/0x230
[  163.958168][ T8819]  ? kernfs_path_from_node+0x250/0x290
[  163.958187][ T8819]  ? kernfs_path_from_node+0x2f/0x290
[  163.958209][ T8819]  sysfs_create_dir_ns+0x259/0x280
[  163.958230][ T8819]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  163.958249][ T8819]  ? do_raw_spin_unlock+0x122/0x240
[  163.958274][ T8819]  kobject_add_internal+0x59f/0xb40
[  163.958303][ T8819]  kobject_init_and_add+0x125/0x190
[  163.958329][ T8819]  ? __pfx_kobject_init_and_add+0x10/0x10
[  163.958365][ T8819]  ? __raw_spin_lock_init+0x45/0x100
[  163.958388][ T8819]  ? __init_swait_queue_head+0xa9/0x150
[  163.958412][ T8819]  gfs2_sys_fs_add+0x234/0x450
[  163.958433][ T8819]  ? __pfx_gfs2_sys_fs_add+0x10/0x10
[  163.958456][ T8819]  ? __pfx_alloc_workqueue_noprof+0x10/0x10
[  163.958488][ T8819]  gfs2_fill_super+0x13c0/0x20d0
[  163.958521][ T8819]  ? __pfx_gfs2_fill_super+0x10/0x10
[  163.958547][ T8819]  ? sb_set_blocksize+0x104/0x180
[  163.958578][ T8819]  ? setup_bdev_super+0x4c1/0x5b0
[  163.958605][ T8819]  get_tree_bdev_flags+0x40e/0x4d0
[  163.958630][ T8819]  ? __pfx_gfs2_fill_super+0x10/0x10
[  163.958655][ T8819]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  163.958683][ T8819]  gfs2_get_tree+0x51/0x1e0
[  163.958706][ T8819]  vfs_get_tree+0x92/0x2b0
[  163.958731][ T8819]  do_new_mount+0x2a2/0xa30
[  163.958759][ T8819]  ? ns_capable+0x8a/0xf0
[  163.958777][ T8819]  ? __pfx_do_new_mount+0x10/0x10
[  163.958805][ T8819]  ? path_mount+0x61c/0xfe0
[  163.958830][ T8819]  ? user_path_at+0x44/0x60
[  163.958854][ T8819]  __se_sys_mount+0x317/0x410
[  163.958884][ T8819]  ? __pfx___se_sys_mount+0x10/0x10
[  163.958911][ T8819]  ? rcu_is_watching+0x15/0xb0
[  163.958930][ T8819]  ? __x64_sys_mount+0x20/0xc0
[  163.958958][ T8819]  do_syscall_64+0xfa/0x3b0
[  163.958982][ T8819]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.959000][ T8819]  ? clear_bhb_loop+0x60/0xb0
[  163.959020][ T8819]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.959038][ T8819] RIP: 0033:0x7f975159038a
[  163.959055][ T8819] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  163.959073][ T8819] RSP: 002b:00007f975234de68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  163.959096][ T8819] RAX: ffffffffffffffda RBX: 00007f975234def0 RCX: 00007f975159038a
[  163.959110][ T8819] RDX: 0000200000000140 RSI: 0000200000001c00 RDI: 00007f975234deb0
[  163.959124][ T8819] RBP: 0000200000000140 R08: 00007f975234def0 R09: 0000000000000004
[  163.959138][ T8819] R10: 0000000000000004 R11: 0000000000000246 R12: 0000200000001c00
[  163.959151][ T8819] R13: 00007f975234deb0 R14: 00000000000125e2 R15: 0000200000000800
[  163.959173][ T8819]  </TASK>
[  163.959196][ T8819] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory.
[  163.985133][ T8809] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.719 (8809)
[  163.985647][ T8819] gfs2: fsid=syz:syz: error -17 adding sysfs files
[  164.248908][ T8827] netlink: 32 bytes leftover after parsing attributes in process `syz.3.725'.
[  164.340350][ T8809] BTRFS info (device loop6): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  164.350911][ T8809] BTRFS info (device loop6): using sha256 (sha256-lib) checksum algorithm
[  164.414466][ T8825] loop4: detected capacity change from 0 to 32768
[  164.422747][ T8825] BTRFS info: device /dev/loop4 (7:4) using temp-fsid 41aae902-713b-4062-8677-35d0fc1d986a
[  164.463324][ T8825] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.727 (8825)
[  164.484106][ T8819] capability: warning: `syz.5.723' uses deprecated v2 capabilities in a way that may be insecure
[  164.537220][ T8825] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  164.550364][ T8842] vxcan1: tx drop: invalid sa for name 0xfffffffffffffffa
[  164.551602][ T8825] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  164.583857][ T8846] loop3: detected capacity change from 0 to 164
[  164.583899][ T8809] BTRFS info (device loop6): enabling ssd optimizations
[  164.608817][ T8846] rock: directory entry would overflow storage
[  164.621376][ T8846] rock: sig=0x66, size=4, remaining=3
[  164.639306][ T8809] BTRFS info (device loop6): enabling free space tree
[  164.643895][ T8856] loop2: detected capacity change from 0 to 512
[  164.669997][ T8846] rock: directory entry would overflow storage
[  164.681577][ T8856] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  164.683458][ T8846] rock: sig=0x66, size=4, remaining=3
[  164.701467][ T8856] ext4 filesystem being mounted at /178/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  164.740700][ T8825] BTRFS info (device loop4): enabling ssd optimizations
[  164.755025][ T8856] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #2: comm syz.2.731: corrupted inode contents
[  164.784900][ T8825] BTRFS info (device loop4): enabling free space tree
[  164.793309][ T8856] EXT4-fs error (device loop2): ext4_dirty_inode:6538: inode #2: comm syz.2.731: mark_inode_dirty error
[  164.812785][ T7219] BTRFS info (device loop6): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  164.838804][ T8874] loop5: detected capacity change from 0 to 64
[  164.853809][ T8856] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #2: comm syz.2.731: corrupted inode contents
[  164.875816][ T8856] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #2: comm syz.2.731: mark_inode_dirty error
[  164.908415][ T8122] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared)
[  164.971059][ T6379] hfs: node 4:3 still has 1 user(s)!
[  164.988967][ T5854] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  165.028637][ T5856] BTRFS info (device loop4): last unmount of filesystem 41aae902-713b-4062-8677-35d0fc1d986a
[  165.225589][ T8888] loop2: detected capacity change from 0 to 256
[  165.283372][ T8888] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  165.304814][ T8888] exFAT-fs (loop2): Medium has reported failures. Some data may be lost.
[  165.340673][ T8886] loop3: detected capacity change from 0 to 8192
[  165.348691][ T8888] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  165.578633][ T8881] loop5: detected capacity change from 0 to 32768
[  165.624649][ T8884] loop6: detected capacity change from 0 to 32768
[  165.665928][ T8881] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  165.688671][ T8884] XFS (loop6): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  165.771480][ T8881] XFS (loop5): Ending clean mount
[  165.797391][ T8884] XFS (loop6): Ending clean mount
[  165.814288][ T8881] XFS (loop5): Quotacheck needed: Please wait.
[  165.878301][ T8896] loop4: detected capacity change from 0 to 32768
[  165.879977][ T8881] XFS (loop5): Quotacheck: Done.
[  165.905439][   T30] kauditd_printk_skb: 5 callbacks suppressed
[  165.905459][   T30] audit: type=1800 audit(1755642054.869:73): pid=8884 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.732" name="file1" dev="loop6" ino=6150 res=0 errno=0
[  165.979367][ T8896] ocfs2: Mounting device (7,4) on (node local, slot 0) with writeback data mode.
[  166.024994][ T7219] XFS (loop6): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  166.092474][ T6379] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  166.157681][ T5856] ocfs2: Unmounting device (7,4) on (node local)
[  166.209143][ T8916] loop2: detected capacity change from 0 to 32768
[  166.244288][ T8916] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.746 (8916)
[  166.360805][ T8916] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  166.388036][ T8916] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  166.449567][ T8933] loop6: detected capacity change from 0 to 2048
[  166.486739][ T8933] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  166.593565][ T8933] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  166.613838][ T8916] BTRFS info (device loop2): enabling ssd optimizations
[  166.620869][ T8916] BTRFS info (device loop2): enabling free space tree
[  166.629613][ T8931] loop4: detected capacity change from 0 to 32768
[  166.637264][ T8938] loop3: detected capacity change from 0 to 4096
[  166.638533][ T8931] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.750 (8931)
[  166.671078][ T8931] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  166.684011][ T8931] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  166.698560][ T8956] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  166.711066][ T7219] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.730101][ T5854] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  166.760241][   T30] audit: type=1800 audit(1755642055.719:74): pid=8938 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.753" name="file1" dev="loop3" ino=15 res=0 errno=0
[  166.816449][ T8931] BTRFS info (device loop4): rebuilding free space tree
[  166.846723][ T8931] BTRFS info (device loop4): allowing degraded mounts
[  166.862450][ T8931] BTRFS info (device loop4): enabling ssd optimizations
[  166.869575][ T8931] BTRFS info (device loop4): enabling free space tree
[  166.877167][ T8931] BTRFS info (device loop4): force clearing of disk cache
[  166.884572][ T8931] BTRFS info (device loop4): use zstd compression, level 3
[  166.891814][ T8931] BTRFS info (device loop4): max_inline set to 0
[  166.926887][ T8980] loop3: detected capacity change from 0 to 512
[  166.982127][ T1174] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  167.011786][ T8982] syzkaller1: entered promiscuous mode
[  167.027642][ T8982] syzkaller1: entered allmulticast mode
[  167.052862][ T5856] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  167.142082][ T1174] usb 6-1: Using ep0 maxpacket: 8
[  167.165000][ T1174] usb 6-1: config 179 has an invalid interface number: 65 but max is 0
[  167.184960][ T1174] usb 6-1: config 179 has no interface number 0
[  167.198105][ T1174] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  167.222208][ T1174] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  167.250669][ T1174] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  167.276466][ T1174] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  167.303830][ T1174] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  167.334175][ T1174] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  167.348253][ T1174] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  167.363504][ T8963] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  167.596054][ T5941] input: Generic X-Box pad as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:179.65/input/input10
[  167.827541][ T5891] usb 6-1: USB disconnect, device number 4
[  167.827625][    C0] xpad 6-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  167.842219][    C0] xpad 6-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  168.008516][   T30] audit: type=1326 audit(1755642056.969:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9022 comm="syz.3.778" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f751978ebe9 code=0x0
[  168.244306][ T9016] loop2: detected capacity change from 0 to 32768
[  168.263560][ T9016] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.775 (9016)
[  168.622549][ T9026] loop6: detected capacity change from 0 to 40427
[  168.630812][ T9026] F2FS-fs (loop6): Insane cp_payload (553648128 >= 504)
[  168.640416][ T9026] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  168.651117][ T9026] F2FS-fs (loop6): build fault injection rate: 17008
[  168.674026][ T9026] F2FS-fs (loop6): build fault injection type: 0x1f8
[  168.696163][ T9026] F2FS-fs (loop6): invalid crc value
[  168.813340][ T9026] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  168.844687][ T9026] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  168.872986][ T9026] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  169.193502][ T9040] loop5: detected capacity change from 0 to 32768
[  169.238715][ T9026] syz.6.779: attempt to access beyond end of device
[  169.238715][ T9026] loop6: rw=2049, sector=53248, nr_sectors = 8 limit=40427
[  169.297668][ T9040] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  169.333448][ T9020] loop4: detected capacity change from 0 to 262144
[  169.341805][ T9020] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.777 (9020)
[  169.342081][ T7219] syz-executor: attempt to access beyond end of device
[  169.342081][ T7219] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  169.370360][ T9020] BTRFS info (device loop4): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  169.370600][ T9040] XFS (loop5): Ending clean mount
[  169.381487][ T9020] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm
[  169.387542][ T9016] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  169.437405][ T9016] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  169.448786][ T9040] XFS (loop5): syz.5.784 should use fallocate; XFS_IOC_{ALLOC,FREE}SP ioctl unsupported
[  169.470332][ T7219] CPU: 1 UID: 0 PID: 7219 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  169.470366][ T7219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  169.470379][ T7219] Call Trace:
[  169.470387][ T7219]  <TASK>
[  169.470396][ T7219]  dump_stack_lvl+0x189/0x250
[  169.470429][ T7219]  ? __pfx_dump_stack_lvl+0x10/0x10
[  169.470452][ T7219]  ? __pfx_queue_work_on+0x10/0x10
[  169.470473][ T7219]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  169.470495][ T7219]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  169.470520][ T7219]  f2fs_handle_critical_error+0x37c/0x540
[  169.470551][ T7219]  f2fs_write_end_io+0x886/0xb60
[  169.470577][ T7219]  __submit_merged_bio+0x27a/0x6a0
[  169.470606][ T7219]  __submit_merged_write_cond+0x255/0x530
[  169.470634][ T7219]  f2fs_write_data_pages+0x261d/0x3000
[  169.470675][ T7219]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  169.470709][ T7219]  ? is_bpf_text_address+0x292/0x2b0
[  169.470747][ T7219]  ? __mod_zone_page_state+0xd7/0x140
[  169.470779][ T7219]  ? folios_put_refs+0x560/0x640
[  169.470804][ T7219]  ? __pfx_folios_put_refs+0x10/0x10
[  169.470825][ T7219]  ? rcu_is_watching+0x15/0xb0
[  169.470846][ T7219]  ? lru_add+0xa2f/0xd80
[  169.470865][ T7219]  ? lru_add+0x198/0xd80
[  169.470884][ T7219]  ? folio_batch_move_lru+0x319/0x3a0
[  169.470908][ T7219]  ? filemap_get_folios_tag+0xed/0x630
[  169.470927][ T7219]  ? rcu_is_watching+0x15/0xb0
[  169.470947][ T7219]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  169.470977][ T7219]  do_writepages+0x32b/0x550
[  169.471003][ T7219]  ? rcu_is_watching+0x15/0xb0
[  169.471023][ T7219]  ? do_raw_spin_unlock+0x122/0x240
[  169.471048][ T7219]  filemap_fdatawrite+0x199/0x240
[  169.471075][ T7219]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  169.471115][ T7219]  ? rcu_is_watching+0x15/0xb0
[  169.471136][ T7219]  ? do_raw_spin_unlock+0x122/0x240
[  169.471162][ T7219]  f2fs_sync_dirty_inodes+0x31f/0x830
[  169.471187][ T7219]  f2fs_write_checkpoint+0x93e/0x2440
[  169.471219][ T7219]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  169.471260][ T7219]  kill_f2fs_super+0x2cc/0x6d0
[  169.471291][ T7219]  ? __pfx_kill_f2fs_super+0x10/0x10
[  169.471317][ T7219]  ? shrinker_free+0x2ce/0x3e0
[  169.471339][ T7219]  deactivate_locked_super+0xb9/0x130
[  169.471363][ T7219]  cleanup_mnt+0x425/0x4c0
[  169.471387][ T7219]  task_work_run+0x1d1/0x260
[  169.471415][ T7219]  ? __pfx_task_work_run+0x10/0x10
[  169.471439][ T7219]  ? __x64_sys_umount+0x122/0x160
[  169.471463][ T7219]  ? __pfx___x64_sys_umount+0x10/0x10
[  169.471488][ T7219]  ? rcu_is_watching+0x15/0xb0
[  169.471508][ T7219]  exit_to_user_mode_loop+0xec/0x130
[  169.471536][ T7219]  do_syscall_64+0x2bd/0x3b0
[  169.471561][ T7219]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.471581][ T7219]  ? clear_bhb_loop+0x60/0xb0
[  169.471603][ T7219]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.471622][ T7219] RIP: 0033:0x7f405d18ff17
[  169.471640][ T7219] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  169.471658][ T7219] RSP: 002b:00007ffd3fb383a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  169.471682][ T7219] RAX: 0000000000000000 RBX: 00007f405d211c05 RCX: 00007f405d18ff17
[  169.471696][ T7219] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd3fb38460
[  169.471717][ T7219] RBP: 00007ffd3fb38460 R08: 0000000000000000 R09: 0000000000000000
[  169.471730][ T7219] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd3fb394f0
[  169.471744][ T7219] R13: 00007f405d211c05 R14: 0000000000029536 R15: 00007ffd3fb39530
[  169.471765][ T7219]  </TASK>
[  169.471774][ T7219] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  169.613518][ T9038] loop3: detected capacity change from 0 to 40427
[  169.775610][    C0] vkms_vblank_simulate: vblank timer overrun
[  169.849466][ T6379] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  169.851138][ T9038] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  169.867021][ T9038] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  169.920237][ T9038] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  169.941156][ T9038] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  169.952943][ T8113] BTRFS warning (device loop4): checksum verify failed on logical 22036480 mirror 1 wanted 0x23e101be1e001a29 found 0x09049c5cc74d15fb level 0
[  169.982398][ T9038] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  169.993075][ T9020] BTRFS info (device loop4): read error corrected: ino 0 off 22036480 (dev /dev/loop4 sector 43040)
[  170.004535][ T9020] BTRFS info (device loop4): read error corrected: ino 0 off 22040576 (dev /dev/loop4 sector 43048)
[  170.016397][ T9020] BTRFS info (device loop4): read error corrected: ino 0 off 22044672 (dev /dev/loop4 sector 43056)
[  170.028230][ T9020] BTRFS info (device loop4): read error corrected: ino 0 off 22048768 (dev /dev/loop4 sector 43064)
[  170.054685][ T8170] BTRFS warning (device loop4): checksum verify failed on logical 30457856 mirror 1 wanted 0x402e75f1de9ccfe6 found 0x42450c21b86dd7c2 level 0
[  170.074387][ T9020] BTRFS info (device loop4): read error corrected: ino 0 off 30457856 (dev /dev/loop4 sector 75872)
[  170.086657][ T9020] BTRFS info (device loop4): read error corrected: ino 0 off 30461952 (dev /dev/loop4 sector 75880)
[  170.094325][   T30] audit: type=1800 audit(1755642059.049:76): pid=9038 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.783" name="file2" dev="loop3" ino=10 res=0 errno=0
[  170.100032][ T9020] BTRFS info (device loop4): read error corrected: ino 0 off 30466048 (dev /dev/loop4 sector 75888)
[  170.132182][ T9020] BTRFS info (device loop4): read error corrected: ino 0 off 30470144 (dev /dev/loop4 sector 75896)
[  170.143507][ T9020] BTRFS info (device loop4): enabling ssd optimizations
[  170.150750][ T9020] BTRFS info (device loop4): turning on sync discard
[  170.158218][ T9020] BTRFS info (device loop4): enabling free space tree
[  170.159318][ T9016] BTRFS info (device loop2): enabling ssd optimizations
[  170.196111][ T9016] BTRFS info (device loop2): enabling free space tree
[  170.235689][   T30] audit: type=1800 audit(1755642059.199:77): pid=9020 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.777" name="file1" dev="loop4" ino=260 res=0 errno=0
[  170.257049][    C0] vkms_vblank_simulate: vblank timer overrun
[  170.359065][ T5856] BTRFS info (device loop4): last unmount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  170.392443][ T8113] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared)
[  170.462295][   T10] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  170.528980][ T9095] loop3: detected capacity change from 0 to 2048
[  170.550488][ T9095] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  170.564485][ T5854] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  170.613705][   T10] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  170.627726][   T10] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  170.648354][   T10] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  170.676089][   T10] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  170.686130][   T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  170.695618][   T10] usb 7-1: Product: syz
[  170.705482][   T10] usb 7-1: Manufacturer: syz
[  170.715786][   T10] usb 7-1: SerialNumber: syz
[  170.835134][ T9101] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  170.941322][   T10] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 4 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  170.963012][ T9108] loop3: detected capacity change from 0 to 512
[  170.970094][ T9108] EXT4-fs: Ignoring removed mblk_io_submit option
[  171.012533][ T9108] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -13
[  171.029620][ T9108] EXT4-fs error (device loop3): ext4_clear_blocks:876: inode #13: comm syz.3.794: attempt to clear invalid blocks 2 len 1
[  171.044005][ T9108] EXT4-fs (loop3): Remounting filesystem read-only
[  171.051396][ T9108] EXT4-fs (loop3): 1 truncate cleaned up
[  171.063453][ T9108] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  171.111771][ T5867] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  171.156003][ T5941] usb 7-1: USB disconnect, device number 4
[  171.168830][ T5941] usblp0: removed
[  171.262290][   T10] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  171.422132][   T10] usb 6-1: Using ep0 maxpacket: 32
[  171.439486][   T10] usb 6-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  171.452152][   T10] usb 6-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  171.475693][   T10] usb 6-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 48, changing to 9
[  171.494625][   T10] usb 6-1: config 155 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 8240, setting to 1024
[  171.508432][   T10] usb 6-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  171.528335][   T10] usb 6-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  171.543507][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  171.563606][   T10] usb 6-1: Product: syz
[  171.567816][   T10] usb 6-1: Manufacturer: syz
[  171.569831][ T9120] loop3: detected capacity change from 0 to 32768
[  171.580687][   T10] usb 6-1: SerialNumber: syz
[  171.596090][    C0] imon 6-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  171.608478][   T10] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:155.0/input/input11
[  171.628591][ T9120] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  171.672111][ T9120] XFS (loop3): Ending clean mount
[  171.699922][ T9120] XFS (loop3): User initiated shutdown received.
[  171.707443][ T9120] XFS (loop3): Log I/O Error (0x6) detected at xfs_fs_goingdown+0x71/0x150 (fs/xfs/xfs_fsops.c:476).  Shutting down filesystem.
[  171.721010][ T9120] XFS (loop3): Please unmount the filesystem and rectify the problem(s)
[  171.750173][ T5867] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  171.837746][   T10] imon:send_packet: packet tx failed (-71)
[  171.863004][   T10] imon 6-1:155.0: panel buttons/knobs setup failed
[  171.880776][ T9143] loop6: detected capacity change from 0 to 128
[  171.891995][   T10] imon 6-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  171.893009][ T9143] FAT-fs (loop6): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  171.922980][   T10]  (id 0x00)
[  171.952486][ T9143] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  172.036444][   T10] rc_core: IR keymap rc-imon-pad not found
[  172.052059][   T10] Registered IR keymap rc-empty
[  172.067387][   T10] imon 6-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  172.068753][ T9152] loop2: detected capacity change from 0 to 128
[  172.090594][   T10] imon 6-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  172.102716][ T9156] loop3: detected capacity change from 0 to 512
[  172.110546][   T10] imon:send_packet: packet tx failed (-71)
[  172.138053][ T9154] loop4: detected capacity change from 0 to 4096
[  172.152147][   T10] imon 6-1:155.0: remote input dev register failed
[  172.161557][ T9156] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  172.177027][   T10] imon 6-1:155.0: imon_init_intf0: rc device setup failed
[  172.197316][   T30] audit: type=1800 audit(1755642061.149:78): pid=9156 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.810" name="file1" dev="loop3" ino=15 res=0 errno=0
[  172.289617][   T10] imon 6-1:155.0: unable to initialize intf0, err 0
[  172.299456][ T5867] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.317363][   T10] imon:imon_probe: failed to initialize context!
[  172.333916][   T10] imon 6-1:155.0: unable to register, err -19
[  172.382239][   T10] usb 6-1: USB disconnect, device number 5
[  172.717482][ T9186] loop3: detected capacity change from 0 to 512
[  172.758229][ T9186] EXT4-fs: Ignoring removed bh option
[  172.787988][ T9186] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  172.797760][ T9187] loop6: detected capacity change from 0 to 4096
[  172.821246][ T9190] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  172.823749][   T10] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  172.920169][ T9186] EXT4-fs (loop3): 1 truncate cleaned up
[  172.936087][ T9186] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  173.072188][   T10] usb 5-1: config index 0 descriptor too short (expected 4114, got 18)
[  173.089539][ T9186] overlayfs: upper fs needs to support d_type.
[  173.101835][   T10] usb 5-1: New USB device found, idVendor=066b, idProduct=20f9, bcdDevice=ff.94
[  173.118120][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  173.133573][   T10] usb 5-1: Product: syz
[  173.142641][   T10] usb 5-1: Manufacturer: syz
[  173.153531][   T10] usb 5-1: SerialNumber: syz
[  173.167911][   T10] usb 5-1: config 0 descriptor??
[  173.186016][ T5867] EXT4-fs error (device loop3): ext4_lookup:1787: inode #14: comm syz-executor: invalid fast symlink length 39
[  173.223898][ T5867] EXT4-fs error (device loop3): ext4_lookup:1787: inode #14: comm syz-executor: invalid fast symlink length 39
[  173.362896][ T9208] loop6: detected capacity change from 0 to 512
[  173.388582][ T9208] EXT4-fs error (device loop6): ext4_iget_extra_inode:5104: inode #15: comm syz.6.832: corrupted in-inode xattr: invalid ea_ino
[  173.420664][ T9208] EXT4-fs error (device loop6): ext4_orphan_get:1397: comm syz.6.832: couldn't read orphan inode 15 (err -117)
[  173.450245][ T9208] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  173.525291][ T5867] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  173.560752][ T8170] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.607340][   T30] audit: type=1800 audit(1755642062.569:79): pid=9217 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.837" name="nullb0" dev="devtmpfs" ino=3364 res=0 errno=0
[  173.677983][ T8170] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.690262][ T7219] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  173.768622][ T8170] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.788996][   T10] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  173.804097][   T10] asix 5-1:0.0: probe with driver asix failed with error -71
[  173.826840][   T10] usb 5-1: USB disconnect, device number 6
[  173.856796][ T8170] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.872937][ T9215] loop5: detected capacity change from 0 to 32768
[  173.919016][ T9215] XFS (loop5): DAX unsupported by block device. Turning off DAX.
[  173.944516][ T9215] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  174.015869][ T8170] bridge_slave_1: left allmulticast mode
[  174.022550][ T8170] bridge_slave_1: left promiscuous mode
[  174.028464][ T8170] bridge0: port 2(bridge_slave_1) entered disabled state
[  174.042756][ T8170] bridge_slave_0: left allmulticast mode
[  174.048661][ T8170] bridge_slave_0: left promiscuous mode
[  174.055499][ T8170] bridge0: port 1(bridge_slave_0) entered disabled state
[  174.065461][ T9215] XFS (loop5): Ending clean mount
[  174.075174][ T9215] XFS (loop5): Quotacheck needed: Please wait.
[  174.096024][ T9215] XFS (loop5): Quotacheck: Done.
[  174.145741][   T30] audit: type=1800 audit(1755642063.109:80): pid=9215 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.836" name="file1" dev="loop5" ino=9286 res=0 errno=0
[  174.199820][ T9238] loop6: detected capacity change from 0 to 2048
[  174.217681][ T6379] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  174.233385][   T30] audit: type=1804 audit(1755642063.139:81): pid=9215 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.836" name="/newroot/133/file2/file1" dev="loop5" ino=9286 res=1 errno=0
[  174.263368][ T9238] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  174.349590][ T5863] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  174.361016][ T5863] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  174.369239][ T5863] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  174.378406][ T5863] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  174.389805][ T5863] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  174.416151][ T8170] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  174.430716][ T8170] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  174.441611][ T8170] bond0 (unregistering): Released all slaves
[  174.459318][ T9236] syzkaller1: entered promiscuous mode
[  174.465745][ T9236] syzkaller1: entered allmulticast mode
[  174.570160][ T9251] loop4: detected capacity change from 0 to 2048
[  174.592173][ T9251] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  174.789503][ T8170] hsr_slave_0: left promiscuous mode
[  174.826173][ T8170] hsr_slave_1: left promiscuous mode
[  174.845259][ T8170] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  174.849146][ T9268] loop2: detected capacity change from 0 to 512
[  174.867496][ T8170] batman_adv: batadv0: Removing interface: batadv_slave_0
[  174.877462][ T9268] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.853: iget: bad i_size value: 38620345925642
[  174.888829][ T8170] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  174.894197][ T9268] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.853: couldn't read orphan inode 15 (err -117)
[  174.898539][ T8170] batman_adv: batadv0: Removing interface: batadv_slave_1
[  174.915223][ T5856] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  174.921287][ T9268] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  174.952121][ T8170] veth1_macvtap: left promiscuous mode
[  174.958350][ T8170] veth0_macvtap: left promiscuous mode
[  174.964578][ T8170] veth1_vlan: left promiscuous mode
[  174.970863][ T8170] veth0_vlan: left promiscuous mode
[  175.086290][ T9275] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.853: bg 0: block 5: invalid block bitmap
[  175.132893][ T9275] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 556 with error 28
[  175.177172][ T9275] EXT4-fs (loop2): This should not happen!! Data will be lost
[  175.177172][ T9275] 
[  175.186889][ T9277] BUG: kernel NULL pointer dereference, address: 0000000000000000
[  175.195189][ T9277] #PF: supervisor instruction fetch in kernel mode
[  175.202195][ T9277] #PF: error_code(0x0010) - not-present page
[  175.208460][ T9277] PGD 8000000063c3f067 P4D 8000000063c3f067 PUD 0 
[  175.215215][ T9277] Oops: Oops: 0010 [#1] SMP KASAN PTI
[  175.220757][ T9277] CPU: 1 UID: 0 PID: 9277 Comm: syz.4.856 Not tainted syzkaller #0 PREEMPT(full) 
[  175.230157][ T9277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  175.240770][ T9277] RIP: 0010:0x0
[  175.244574][ T9277] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[  175.252667][ T9277] RSP: 0018:ffffc90016527978 EFLAGS: 00010287
[  175.259023][ T9277] RAX: ffffffff81f75e94 RBX: 1ffffd400026d928 RCX: 0000000000080000
[  175.267122][ T9277] RDX: ffffc9000c75c000 RSI: ffffea000136c940 RDI: ffff888025341c00
[  175.275835][ T9277] RBP: ffffc90016527a30 R08: ffffea000136c947 R09: 1ffffd400026d928
[  175.284183][ T9277] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000
[  175.292349][ T9277] R13: ffffea000136c948 R14: ffffea000136c940 R15: 1ffffd400026d929
[  175.300499][ T9277] FS:  00007f8de9ba56c0(0000) GS:ffff888125b08000(0000) knlGS:0000000000000000
[  175.309882][ T9277] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  175.316515][ T9277] CR2: ffffffffffffffd6 CR3: 000000002ea1e000 CR4: 00000000003526f0
[  175.324691][ T9277] Call Trace:
[  175.327994][ T9277]  <TASK>
[  175.330924][ T9277]  filemap_read_folio+0x114/0x380
[  175.335978][ T9277]  ? __pfx_filemap_read_folio+0x10/0x10
[  175.341531][ T9277]  ? filemap_add_folio+0x1af/0x270
[  175.346655][ T9277]  do_read_cache_folio+0x350/0x590
[  175.351771][ T9277]  freader_get_folio+0x3c4/0x830
[  175.356894][ T9277]  freader_fetch+0xa3/0x5d0
[  175.361493][ T9277]  ? query_matching_vma+0x174/0x620
[  175.366715][ T9277]  __build_id_parse+0x133/0x7d0
[  175.371667][ T9277]  ? __pfx___build_id_parse+0x10/0x10
[  175.377077][ T9277]  ? __might_fault+0xb0/0x130
[  175.381765][ T9277]  ? __might_fault+0xcc/0x130
[  175.386452][ T9277]  procfs_procmap_ioctl+0x76f/0xce0
[  175.391694][ T9277]  ? __pfx_procfs_procmap_ioctl+0x10/0x10
[  175.397531][ T9277]  ? __se_sys_futex+0x36f/0x400
[  175.402551][ T9277]  ? __fget_files+0x2a/0x420
[  175.407277][ T9277]  ? __fget_files+0x3a0/0x420
[  175.411991][ T9277]  ? __fget_files+0x2a/0x420
[  175.416608][ T9277]  ? bpf_lsm_file_ioctl+0x9/0x20
[  175.421569][ T9277]  ? __pfx_procfs_procmap_ioctl+0x10/0x10
[  175.427566][ T9277]  __se_sys_ioctl+0xfc/0x170
[  175.432187][ T9277]  do_syscall_64+0xfa/0x3b0
[  175.436725][ T9277]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  175.442847][ T9277]  ? clear_bhb_loop+0x60/0xb0
[  175.447554][ T9277]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  175.453545][ T9277] RIP: 0033:0x7f8de8d8ebe9
[  175.457993][ T9277] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  175.477694][ T9277] RSP: 002b:00007f8de9ba5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  175.486478][ T9277] RAX: ffffffffffffffda RBX: 00007f8de8fb5fa0 RCX: 00007f8de8d8ebe9
[  175.495129][ T9277] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 0000000000000003
[  175.503136][ T9277] RBP: 00007f8de8e11e19 R08: 0000000000000000 R09: 0000000000000000
[  175.511512][ T9277] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  175.519671][ T9277] R13: 00007f8de8fb6038 R14: 00007f8de8fb5fa0 R15: 00007ffc31ef3f98
[  175.527663][ T9277]  </TASK>
[  175.530692][ T9277] Modules linked in:
[  175.534792][ T9277] CR2: 0000000000000000
[  175.538978][ T9277] ---[ end trace 0000000000000000 ]---
[  175.544719][ T9277] RIP: 0010:0x0
[  175.548204][ T9277] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[  175.555744][ T9277] RSP: 0018:ffffc90016527978 EFLAGS: 00010287
[  175.561881][ T9277] RAX: ffffffff81f75e94 RBX: 1ffffd400026d928 RCX: 0000000000080000
[  175.570664][ T9277] RDX: ffffc9000c75c000 RSI: ffffea000136c940 RDI: ffff888025341c00
[  175.578739][ T9277] RBP: ffffc90016527a30 R08: ffffea000136c947 R09: 1ffffd400026d928
[  175.587159][ T9277] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000
[  175.595146][ T9277] R13: ffffea000136c948 R14: ffffea000136c940 R15: 1ffffd400026d929
[  175.603289][ T9277] FS:  00007f8de9ba56c0(0000) GS:ffff888125b08000(0000) knlGS:0000000000000000
[  175.612238][ T9277] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  175.618832][ T9277] CR2: ffffffffffffffd6 CR3: 000000002ea1e000 CR4: 00000000003526f0
[  175.626890][ T9277] Kernel panic - not syncing: Fatal exception
[  175.633377][ T9277] Kernel Offset: disabled
[  175.637800][ T9277] Rebooting in 86400 seconds..