last executing test programs:

3m21.674381984s ago: executing program 3 (id=280):
ioctl$XFS_IOC_ATTRLIST_BY_HANDLE(0xffffffffffffffff, 0x4058587a, &(0x7f0000000200)={{0xffffffffffffffff, &(0x7f0000000000)='syz1\x00', 0x0, 0x0, 0xcf46, 0x0, &(0x7f00000000c0)=0x2}, {[0x5, 0x0, 0x0, 0x2]}, 0x0, 0x0, 0x0})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000002c0)={'ip6tnl0\x00', &(0x7f0000000340)={'ip6gre0\x00', 0x0, 0x4, 0xc0, 0xc, 0xa, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private2, 0x8, 0x0, 0x7, 0x2}})
ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(0xffffffffffffffff, 0x4048587b, &(0x7f0000000d40)={{0xffffffffffffffff, &(0x7f0000000300)='skcipher\x00', 0x44000, 0x0, 0x3, &(0x7f0000000540)={@_ha_fsid}, 0x0}, 0x5, &(0x7f0000000e00)=[{0x1, 0x4caa, &(0x7f0000000700)='connmark\x00', &(0x7f0000000740), 0x0, 0x10}, {0x1, 0x4, &(0x7f0000000900)='connmar+\x00', &(0x7f0000000940)="ef95e112ba061e6e66d16a", 0xb, 0x2}, {0x1, 0x870, &(0x7f0000000980)='\x00', &(0x7f00000009c0)="9515dde9a164bbe50de6f6d046c5f49efba9c621e80713bc2651c3ff043bdce51ea5f97c8a0488a59b00383f454e54a5c034a99082d54b10ae81624eb2f3bd23", 0x40, 0x20}, {0x2, 0x0, &(0x7f0000000b40)=',^^\xd9&&\x00', &(0x7f0000000b80)="04259e439e7a36b5d608631e376f97100b26723336d45c44fd927ae6e950a716363751b014753aad831b9e71ff402ce54d6eab607518bc7e57", 0x39, 0x32}, {0x1, 0x80000001, 0x0, &(0x7f0000000c40)="63602c4d881e675a0ad3e49e5044e8dc7dba90124e2ec2dc19478c8788a3d8fc8cfbc6676ab7f1c1728d038c75822918bf5e875b92187f1db89522bc1cbfd69866fbbad56ff82be5ca52bca254949b8d5a3813a667bddff8ed771d00fac02a47ea360b4fb9", 0x65, 0xa}]})
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

3m21.357501875s ago: executing program 3 (id=281):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x13, 0x4, 0x0, &(0x7f00000000c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x6a, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x130}, 0x94)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket(0x400000000010, 0x3, 0x0)
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{&(0x7f0000000240)=@generic={0x21, "1aee2c4f6843c6782466293e62d4f664c2efa8906f0d97822ac0d88ecdd9d47e182b3b523c6243022c1be9fd662325c023ac48a28ae996c41561bb7e9903c408613b4d29da0b9d5af499caa7759c17c667af8acea6dc52148f1233494efd8f08aaab6382d5e33471a107ec47df5b5312764e134c68842fd1a2078151812e"}, 0x80, &(0x7f00000009c0)=[{&(0x7f00000002c0)="f973085a6ea39ea1b25a1c6b351e11245900557d1c8e9f86bae5e5c64e50ef25afb0295d0c303850b4bff4d088bf9df67e013836e2882dad3f7698b52997f7efa9eb96f09be1c3019445927c6b2fe32d38ae2bcad2ac0d85ebd42914fb18b7d0670f8b3be16755ead6a6fb713fa618ce2cf424ea7cc84b04016b9a2afbfaf68803f1c1acb74fef", 0x87}, {&(0x7f0000000380)="82f294054d05973abfac6a6f31050418457d017c5fd68b034cf51b9f6a6d71daa5c776bca90037bc7c3d88b151fbf856f69ebd05e750f13f02af646b284953b6640a08c827c6f2ff4ad8e84077f9f03f94792aa17c4743cba3f355bb9c5b04b91ed70d253db68e17cdd561fab504479f723388dda974e2a9fb1bcda474c08d6222179b19e902009ea3cb3e42408bab6c1f29cb62d05805063967de38327e", 0x9e}, {&(0x7f0000000480)="4ce09043b6aa2ae5946f67306c7f73ed469dfcfc5e1f4d8123a4a8a7b9be82f67f89605cd9bbf7254c156b00437f753a248daf68c5ebdc4a6346d336a6502e98eae72777956d1ebeeb855fae46b3ccb9fb3d593651b95ee00afe0816b3c6e7f3cb3b18fb5198643daa6b9cafde584957dd72ba27cef6604f5df59f0bee60bca63d75a9d812eb699c2d665b7179b22027cf748ac63bcc212703d44cb083e962eee9b5d212523c162b42377ebd0bc624bf9425f6f4772e36c6c2fd4f69b65cc435f93c1a490cb75162251e15942b29", 0xce}, {&(0x7f0000000780)="8ff2f15bd0017ce4b36b6bc4335634254cffcc40c0312f5ff35991272b79d76712dc0c3cfdc0d70ce8004884e6917bed9ffee1584df7f06c7bccac71daf78bf3c68b8d5e56357654784bdbc700bceb1049c6a47d53c5ac29f83aed3ae9968fe8", 0x60}, {&(0x7f0000000800)="5193f0b40db29d9ce06f429ed3c2c6405967f1e559f08c35f5e63ad64c2746967cca1bbeaf6206a79c42badb4fb453f294c2932cb5552a5f9c1d633207a53c2f54d98c2f9e4323eac6c20c56e7607d212b210a0325f7c289d1a2552d7a3f2176a47e95bc46471fae9167768d58f22ff10ba3cc2050b1ee838ce9e4ac5a1544fec3e291272cfaaa4817539972fb8bb2ede331312f556ecea24236759bf0d51003477ec489820505cea6045a9939974c6f2ee3815378dc0a620982383e84178b017ba52b", 0xc3}, {&(0x7f0000000900)="a9be9b2ff3a19d5a1226e5243d37d1fd2894c1ae880dc2316aa2d5ad08944c7135eb837eff354282dd5863c051eb7b9b17be0e4fdd6560f3f2c2c04af73a6cb75b5d05d6037f91e8f4f08e90d5313fb91fbdc5acd212f7d8c800a837a0236309d25e82d5767d8df7512b2beb324c2a2fd6f4ed3a3eb7396f02d515396a3be574d721df257dbf0bc39c617c69458d721eb85d0e5372751cd23cc88571f540aa75255a73b8c9cdc2e75edf622add4302f913d9", 0xb2}, {&(0x7f00000000c0)}], 0x7}}, {{&(0x7f0000000a40)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x80, &(0x7f0000000600)=[{&(0x7f0000000ac0)="3eb85e3024a2953147f5444738e1388e15fef01893884c2eeb5c559f4a030ee6b08fca1e38ee56dac9cbbea3d6d43e34d9daf81d45289d2bc841e2c4c7072582b15ce7ff3e22b0f19d8a2643280daeb9791b2d0f9b216a0fda4f30804b739da3cce1691d6d88ff52d3e43b26d935d69e99673e98e92fe2fd18e63d4d5699814d9843367774e155678592d0eec07073e851f50827bde418748aa0741684fe603e34dcc960678c7b3e71e48befa166d4a5247325fa881fc7857a8caadde6a2ac9cdcc4ead01267dbb4c639d6d8a80f9637e0c2a3f9623478134b943d5fba4f7e0ceed66c93cc8b", 0xe6}, {&(0x7f0000000bc0)="61275006ed747229311198ab94c7e6699587b0d033c2f17d1ccbd45cba520b6888fbad95d4d6ae3cc7172b392f90693e992e52408ba7f1874d1767303d6acb170f216f71908f53a3be1833a25eb1fb2ba3913dcc1de30c5c7e914b13514dea44fb2b964aaa280d5a85512fede48830ca6ea5cd18ff95c871d91454240f370e0c8e2629e58605c4b29017a160709ec76547c92a21d0ec5589e228922b105d0b8b29256620c44d2118334025dedd46db5194f22b349264de22068d3d4db627db4fa827907e5bc02b69c36e94f8149f12116f75", 0xd2}, {&(0x7f0000000580)="8f966bd94d169820f6b844307d323b8c13deaeff91", 0x15}], 0x3, &(0x7f0000000cc0)=[@mark={{0x14, 0x1, 0x24, 0x9a9}}, @mark={{0x14, 0x1, 0x24, 0x4}}, @timestamping={{0x14, 0x1, 0x25, 0x101}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x80}}, @txtime={{0x18, 0x1, 0x3d, 0x9d}}], 0x90}}, {{&(0x7f0000000d80)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x4e23, @local}, 0x2, 0x3, 0x1, 0x3}}, 0x80, &(0x7f0000000f00)=[{&(0x7f0000000e00)="abc662f2a7dc713d226b612e712df36db5547daf508fb74a679224eba0fe5f05c53081ff6ebac83c264c6deeec6d4546fe7d00337f488ecee46577d71b39e24cdef94f16295eb7", 0x47}, {&(0x7f0000000ec0)="6e20cbe6a4a132117801a95e6fd3ec5771da8352900bb19979b10fe02dd6f981361f62316da7b3f7abc9fbae1ea2ab5eea", 0x31}], 0x2, &(0x7f0000000f40)=[@timestamping={{0x14, 0x1, 0x25, 0x5}}], 0x18}}, {{&(0x7f0000000f80)=@can, 0x80, &(0x7f00000010c0)=[{&(0x7f0000001000)="3d9162a847e3afc18db28d0be9d1c220b784", 0x12}], 0x1}}, {{0x0, 0x0, &(0x7f0000003a40)=[{&(0x7f0000000640)="f3f4c60f4caeeeb0b0c17aa464613c", 0xf}], 0x1}}], 0x5, 0x20000044)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vlan1\x00'})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$WPAN_SECURITY_LEVEL(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000100)=0xfffffffe, 0x4)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

3m20.698835537s ago: executing program 3 (id=282):
socket(0x22, 0x2, 0x4)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x2c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
socket$key(0xf, 0x3, 0x2)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
symlink(0x0, 0x0)
setuid(0xee01)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0xc0405627, &(0x7f0000000100)={0x0, 0x980900})
socket(0x35, 0x800, 0x200)
close(0x3)

3m16.515957244s ago: executing program 3 (id=290):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
r0 = open(&(0x7f0000000280)='.\x00', 0x80, 0x122)
fcntl$notify(r0, 0x402, 0x8000003d)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ffd000/0x2000)=nil)
ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, &(0x7f0000000880))
madvise(&(0x7f00001c1000/0x3000)=nil, 0x3000, 0x9)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = open(&(0x7f0000000580)='./bus\x00', 0x84242, 0x1df2a23c5997fa5f)
r3 = syz_open_dev$dri(0x0, 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r3, 0xc01864c6, 0x0)
write$FUSE_CREATE_OPEN(r2, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x2, 0x5, 0x7, 0x3, 0x3, {0x400000080001, 0xff, 0x20ff, 0x8, 0xe, 0xd615, 0x9, 0x3, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x5, 0x2000001}}, {0x0, 0x14}}}, 0xa0)
sendfile(r2, r2, &(0x7f0000000080), 0x7f03)
syz_clone3(&(0x7f0000000300)={0x100000400, &(0x7f0000000040), 0x0, 0x0, {0x11}, &(0x7f00000005c0)=""/199, 0xc7, 0x0, 0x0, 0x0, {r2}}, 0x58)

3m12.165163285s ago: executing program 3 (id=297):
syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b1"], 0x0)
syz_usb_connect(0x5, 0x24, &(0x7f0000000a00)={{0x12, 0x1, 0x200, 0x7, 0x63, 0xd4, 0x40, 0x4fc, 0x504b, 0x52c4, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x5, 0x7, 0x20, 0x2e, "", [{{0x9, 0x4, 0x4b, 0xf, 0x0, 0x5d, 0xf9, 0xd5, 0x38}}]}}]}}, 0x0)
syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0xaa001000, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000008c0)=ANY=[@ANYBLOB="1400000026000900030008008000000002"], 0x14}, 0x1, 0x0, 0x0, 0x400c801}, 0x4000000)
syz_usb_connect$cdc_ecm(0x1, 0x8c, &(0x7f0000000a40)=ANY=[@ANYBLOB="12015002020000402505a1a440000102030109027a00010100204809040009020206000406240600000b052400ea0d0d240f0103000000730406e7050724140600050008241c010007090005241509000c241b0002fcfa0598001008152464413d10f67282e25e4f01a607c0ffcb7e392a09058103200004090a0905820208000e0801090503022406044702c41c5e5af4ec05664e7db0aea7763a18dd0b5c5c69563c21f40b18b117d862861757787d45181e32bb1dff28e4da553e5b0b3e1e8973bb5d047825e2fae508fe047cdb2d2e12a7ab628a3dd66d3c17f501bff54a9846c828a201ce008909a5650fea2321f29801dff7aba47fa8d0b0499591436e41309ff025852cdb5e0f2ab294188549ffb2eaa3649e59b0e2767ebb3f88bec813ec62640feab6505bfcf122a46e5fe36f6d20d819159be0dbe36b883d45553977ff2949c46e50d5dc01e074265f415ae479e64f1bf8c55b82f04de59803acad40a007624b070e218412f8fa82da888edf7ecb"], &(0x7f00000006c0)={0xa, &(0x7f0000000140)={0xa, 0x6, 0x110, 0x10, 0xf, 0x2, 0x40, 0xfc}, 0x0, 0x0, 0x7, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x429}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x2c30}}, {0x75, &(0x7f00000002c0)=@string={0x75, 0x3, "5aad5e09b76cbc84a0fc3a01c62995ec636115e780f4065721484a00fafb96276580d34473764878f970019cbc2de1eca812c15c77f34e64ae48b78fc244b43e89828fb26381ae3eb8de1177d0ea96d3fae31254d2e99722a53ce0291bbc2276f1f93a1337602a5dcfda969a32a61f44c3c889"}}, {0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0xc0a}}, {0x88, &(0x7f00000003c0)=@string={0x88, 0x3, "d0b4d9a31e9867a1f3de37334d914c00ac64c68899e87927bba60c20bdaf5b689b1d03aee29cbe24c4b779f5512ba75eefc05808e1f79fbd79e2257f9fe5ebc16d5e6265b09890c9538a34c307bc49c0bb6a58ca0f7380846cf0e1934a9ba10a81b4ebbe09bd68fd150acba0497c60c6b2364f5f8fed23663d474ad5111fefc7a02b7ae515e5"}}, {0x4, &(0x7f0000000580)=@lang_id={0x4, 0x3, 0x440a}}, {0xd5, &(0x7f00000005c0)=@string={0xd5, 0x3, "b573246625a180e56443bf3f30de8c77bd1c8ba8da01abc7d0650909e295bf1fde02568dd429d4afee991a99a020df11fd9f2a9d61ad413ea522b27c0e14051666794ab787b0fb0a838e31b3fc379620ff49221672c49f98616925523d3b13fc0a37d0c36ffbfedf58d201a159d496670f4df6b2eda3d2cecd04837b0c7b0784241ed3af4a7c77eea723107bde606e68a01dcd87134a5bca457eaa09f9e3e0571c34d48a0dc032d2d61940ec7e540bc440203be998c87a46b855d893c158ff88d2ab10815f6b919f0d4166cde3f613d92869e1"}}]})
timer_create(0x8, &(0x7f0000000340)={0x0, 0x21, 0x1, @thr={0x0, 0x0}}, &(0x7f0000bbdffc))
syz_usb_connect$midi(0x2, 0x6a, &(0x7f0000000740)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0x1430, 0x474b, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x58, 0x1, 0x1, 0x0, 0x10, 0x3, "", {{{0x9, 0x4, 0x0, 0x0, 0x1, 0x1, 0x3, 0x30, 0x6, [@midi_in_jack={0x6, 0x24, 0x2, 0x1, 0x3d, 0x9}, @midi_in_jack={0x6, 0x24, 0x2, 0x2, 0x5, 0xf1}, @ms_header={0x7, 0x24, 0x1, 0x3, 0x7}, @midi_out_jack={0x9, 0x24, 0x3, 0x1, 0xec, 0x1, [{0xe7, 0x8}], 0x4}, @midi_in_jack={0x6, 0x24, 0x2, 0x69b97326800ca23, 0x10}, @ms_header={0x7, 0x24, 0x1, 0xfff7, 0x7}], [{{0x9, 0x5, 0x9, 0x10, 0x10, 0x3, 0xf, 0xfa, {0x14, 0x25, 0x1, 0x10, "d55b254d7cd7fa38b7721c1bde33b354"}}}]}}}}}]}}, &(0x7f00000008c0)={0xa, &(0x7f00000007c0)={0xa, 0x6, 0x210, 0x3, 0x6, 0x5, 0x40, 0xc9}, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000840)=@lang_id={0x4, 0x3, 0x455}}]})
r2 = syz_open_dev$video(&(0x7f0000000580), 0x7, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$VIDIOC_TRY_EXT_CTRLS(r2, 0xc0205648, &(0x7f0000000000)={0x4, 0x1, 0x6, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x980912, 0x0, '\x00', @p_u32=&(0x7f0000000080)=0x1}})

3m1.132190474s ago: executing program 3 (id=318):
syz_80211_inject_frame(0x0, 0x0, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x0)

2m59.748476363s ago: executing program 32 (id=318):
syz_80211_inject_frame(0x0, 0x0, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x0)

21.282969712s ago: executing program 0 (id=718):
bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x48)
bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x3, &(0x7f0000000640)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x595}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000740)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a60000000000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

20.967899266s ago: executing program 1 (id=719):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r3 = socket$inet6(0xa, 0x1, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000340)}, 0x40000)
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_ATOMIC(r4, 0xc03864bc, &(0x7f0000000580)={0x401, 0x0, 0x0, &(0x7f00000000c0)=[0x3], &(0x7f0000000200), &(0x7f0000000340), 0x0, 0xfffffffffffffffe})
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000080)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x800, 0x0, 0x2, 0x1}, 0x20)
mount(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000000)='minix\x00', 0x0, 0x0)
add_key$fscrypt_v1(&(0x7f00000002c0), &(0x7f0000000300)={'fscrypt:', @desc4}, &(0x7f0000000440)={0x0, "8527d2100090af54bfbca283be11c0de7af30e90937920fcba13d90af61beaa44d66a6535daf1bc35fb3af1e9197e31d26589d073c10184095fb00", 0x14}, 0x48, 0xffffffffffffffff)
unshare(0x2c020400)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, 0x0, 0x48810)
recvmsg(0xffffffffffffffff, 0x0, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000100)={@loopback, 0x0, 0x2, 0x3, 0x9, 0x0, 0xc96e}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)

20.352276884s ago: executing program 0 (id=720):
r0 = socket(0x10, 0x3, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x800)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffd000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000400)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
io_submit(0x0, 0x1, &(0x7f0000000040)=[0x0])
write(r0, &(0x7f0000000000)="240000001a005f0214f9f407000904001f00000000000000000000000800040001000000", 0x24)

19.365887061s ago: executing program 1 (id=724):
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000002c0)={'ip6tnl0\x00', &(0x7f0000000340)={'ip6gre0\x00', 0x0, 0x4, 0xc0, 0xc, 0xa, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private2, 0x8, 0x0, 0x7, 0x2}})
ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(0xffffffffffffffff, 0x4048587b, &(0x7f0000000d40)={{0xffffffffffffffff, &(0x7f0000000300)='skcipher\x00', 0x44000, 0x0, 0x3, &(0x7f0000000540)={@_ha_fsid}, 0x0}, 0x5, &(0x7f0000000e00)=[{0x1, 0x4caa, &(0x7f0000000700)='connmark\x00', &(0x7f0000000740), 0x0, 0x10}, {0x1, 0x4, &(0x7f0000000900)='connmar+\x00', &(0x7f0000000940)="ef95e112ba061e6e66d16a", 0xb, 0x2}, {0x1, 0x870, &(0x7f0000000980)='\x00', &(0x7f00000009c0)="9515dde9a164bbe50de6f6d046c5f49efba9c621e80713bc2651c3ff043bdce51ea5f97c8a0488a59b00383f454e54a5c034a99082d54b10ae81624eb2f3bd23", 0x40, 0x20}, {0x2, 0x0, &(0x7f0000000b40)=',^^\xd9&&\x00', &(0x7f0000000b80)="04259e439e7a36b5d608631e376f97100b26723336d45c44fd927ae6e950a716363751b014753aad831b9e71ff402ce54d6eab607518bc7e57", 0x39, 0x32}, {0x1, 0x80000001, 0x0, &(0x7f0000000c40)="63602c4d881e675a0ad3e49e5044e8dc7dba90124e2ec2dc19478c8788a3d8fc8cfbc6676ab7f1c1728d038c75822918bf5e875b92187f1db89522bc1cbfd69866fbbad56ff82be5ca52bca254949b8d5a3813a667bddff8ed771d00fac02a47ea360b4fb9", 0x65, 0xa}]})
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

18.636357485s ago: executing program 1 (id=730):
syz_open_dev$vim2m(&(0x7f0000000000), 0x1, 0x2)
socket(0x40000000015, 0x4, 0x20000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x4088080, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, 0x0)
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
getpriority(0x2, r0)
sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x421, 0x70bd2a, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0xc35d4f6d52288271}, 0x200048c4)

15.784051779s ago: executing program 1 (id=732):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8f}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = open(0x0, 0x101080, 0x0)
getdents(r1, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000006b80)=[{{&(0x7f0000000040)={0xa, 0x4e24, 0x0, @remote}, 0x1c, 0x0}}, {{&(0x7f0000000340)={0xa, 0x4e24, 0x0, @remote}, 0x1c, 0x0, 0x0, &(0x7f0000003700)=ANY=[@ANYBLOB="e802000000000000290000000400"], 0x2e8}}], 0x2, 0x0)
r4 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r4, 0x29, 0x2a, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_mount_image$vfat(&(0x7f0000000440), &(0x7f0000000080)='./file0\x00', 0x2000000, &(0x7f0000000c00)=ANY=[@ANYBLOB="666c7573682c756e695f786c6174653d312c6e6f6e756d7461696c3d302c726f6469722c757466383d312c6e6f6e756d7461696c3d302c756e695f786c6174653d312c6e6f6e756d7461696c3d302c756e695f786c6174653d302c757466383d312c756e695f786c6174653d302c757466383d312c756e695f786c6174653d312c6e6f6e756d7461696c3d302c646f733178666c6f7070792c726f6469722c756e695f786c6174653d312c71756965742c00aaed2e6322e12ca43d55f4e47d9fb6f319fab9c81cd7b9b508d5df5619dad30ed85701f46d5bb2b85a6aecd28cb992054878a859b15b1598ee0b05192ff4df579d2dd32fb9a6a092bb22740cfe0636a3d8ff4e975e21fc6d6e2d6ece2beac2098361fe652ea69917e6d47463ceb0b35bc7a2f8799debe5e7b6e82c84ab25d06157c08f006d90e62a8026a845835dbf4ac25eec51c3ec73c82014eee15eaaa123084415546ca2e37c23d441b343cec1f74e52bc1f21eb18053a9b98d3a304fba3751bd0121940bc9d276f1e5352b9f4e674bb80ffeaaff6843ef1c8a7a7e0d592893a77ae91e025a35840e7ff4fdb3571d1986ed6f5a23d9ee6bf1cec94fb17af0627c04bf47586ce288a466c039a1ead7fd99feacc51d9f7a2e67f46a0b8ff45e5d7cb4affc1c539a764f5", @ANYRES32, @ANYRES64], 0x23, 0x318, &(0x7f0000000780)="$eJzs3c9rE1sUwPEzaX62ry9dPB6Px3twqSCKdGgC7lxYpAUxoLSNYAVhaqcaMk1KJhQiYrMQ3Lp20YVLEURw50bEbTf+Bf7addOdBYsjM5NM02RM02rtD7+fRXM6c87MnbkzzfSW3qyde7hQnLf1L05UPDERcXzL/hKpy+k3K+//n3r9h/+9UhNj05msUhERuX736fCr6sDVF3++TMjq0I219eyn1f+mRb5O35aIKtiq5G5LzZbLVc0tnivYRV2pK5Zp2KYqlGyzUlWGt96YtUw1b5UXF2vKKM0N9i9WTNtWRqmmimZNVcuqWqkp45ZRKCld19Vgv0BEhoIo0rFO61aYf7LhOLLudlCi7nZ7SHa9GcQar4kfaywOk7b+75rbcXH07WfL8CtsONGg/+M79D+OH//+//Col/sfx8/UtZlLY7nc+KRSSZGFB0v5pbz/6q9/NyAFscSUlckzM5vBo6F7qWju14mLufFR5RmSkwvLjfrlpbz/5jA236jPSNp9Tmmpl2Z9xq9X2+tj0t9an5W0/BVen1XiPZWKRFrq43LqREu9Lml5e1PKWl3mvEfcrfp7GaUuXM617T/l5bXjLQ8AAAAAAAAAcBToKrA1fq8Ff+pN6XrCG1sP1qfcxW6enxCMr49KWjbDx+dHQ8f3o/Jv9AAPHAAAAACA34hdu1M0LMus7D6QHnL6Hqe67CImIm4gcn/YbUzXDf7daHHbKncbIVVxEencTl8vbW4EqbP+/p5NNhomez1R+xhERKR1if/PGu7BW8+bOamw82NHdnUBjMRDzrxlJX/OUUjbUXwnaM0Rx3FCkyW5tws70XmAPQbaZnPJP6E5jtalXIv6OYYV85c0b8yd9n4+/HboMXB73wuS7Sdq5KO/XavLD43PwRAfAAAAgCOk5RcnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwQHqYM6xzbrbmvP3bk6XxEfGdU7K1f2gu8/4DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOIS+BQAA//+8NrDx")

15.724848243s ago: executing program 5 (id=733):
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x1000000, 0x0)
ioctl$DVB_DEMUX_DMX_REMOVE_PID(0xffffffffffffffff, 0x40026f34, &(0x7f00000000c0)=0x4)
r0 = getpid()
sched_setscheduler(r0, 0x6, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff})
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
socket(0x400000000010, 0x3, 0x0)
semget$private(0x0, 0x7, 0x191)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)

15.425371232s ago: executing program 6 (id=735):
socket$netlink(0x10, 0x3, 0x9)
syz_open_procfs(0x0, &(0x7f0000001380))
r0 = socket$key(0xf, 0x3, 0x2)
socket$netlink(0x10, 0x3, 0xc)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000000)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2405000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r1, @ANYBLOB="05", @ANYRESDEC=r0], 0x0)

14.097417896s ago: executing program 2 (id=738):
r0 = socket(0xa, 0x5, 0x0)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha1)\x00'}, 0x58)
r5 = accept4(r4, 0x0, 0x0, 0x80800)
sendto$inet_nvme_icreq_pdu(r5, 0x0, 0x0, 0x0, 0x0, 0x0)

13.885445934s ago: executing program 5 (id=740):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x200000, &(0x7f0000000200)={[{@block_validity}, {}, {@nombcache}, {@inode_readahead_blks}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@grpjquota}]}, 0x3, 0x57b, &(0x7f0000000800)="$eJzs3d1rW+UfAPDvSZu9/37rYAz1Qgq7cDKXrq0vE4TNS9HhQO9naLMymi6jScdaB9su3I03MgQRB+If4L2Xw3/Av2KggyGj6IUXVk56smV56Uua2cx8PnC25znnpN/z5DnPk+/JSUgAQ2s8/ScX8XJEfJVEHG7aNhrZxvH1/VYf35hJlyTW1j75PYkkW9fYP8n+P5hVXoqIn7+IOJlrj1tdXpkvlsulxaw+UVu4OlFdXjl1eaE4V5orXZmanj7z1vTUu++83WPL2oO+fuHPbz++/8GZL4+vfvPjwyN3kzgXh7JtTe1IegyYutVcGY/x7I/l41zLjpM7CDKIdvKksXtGsnGej3QOOBwj2agH/vtuRsQaMJxGTAAwrBp5QOPavvl6fiN/Nz32Rfbo/fULoPb2j66/NxL76tdGB1aTZ66M0uvdsT7ET2P89Nu9u+kSLe+ntLrZh3gADbduR8Tp0dH2+S/J5r/ene70JmyL1hhbff0Bdu5+mv+80Sn/yT3Jf6JD/nOww9jtxebjP/ewD2G6SvO/9zrmv0+mrrGRrPa/es6XTy5dLpdOR8T/I+JE5Pem9Y3u55xZfdA1V27O/9Iljd/IBbPjeDi699nHzBZrxZ20udmj2xGvPM1/k2ib//fVc93W/k+fjwtbjHGsdO/Vbts2b3+z/mfAaz9EvNax/5/e0Uo2vj85UT8fJhpnRbs/7hz7pVv87bW//9L+P7Bx+8eS5vu11e3H+H7fX6Vu23o9//ckn9bLe7J114u12uJkxJ7ko/b1U08f26g39k/bf+L4xvNfp/N/f0R8tsX23zl6p+uug9D/s9vq/2cK+bY1HQoPPvz8u27xt9b/b9ZLJ7I1W5n/tnJcvZ3NAAAAAAAAMLhyEXEoklzhSTmXKxTWP99xNA7kypVq7eSlytKV2ah/V3Ys8rnGne7DTZ+HmMw+D9uoT7XUpyPiSER8PbK/Xi/MVMqzu914AAAAAAAAAAAAAAAAAAAAGBAHu3z/P/XryG4fHfDc+clvGF6bjv9+/NITMJC8/sPwMv5heBn/MLyMfxhexj8ML+MfhpfxD8PL+AcAAAAAAAAAAAAAAAAAAAAAAAAAAIC+unD+fLqsrT6+MZPWZ68tL81Xrp2aLVXnCwtLM4WZyuLVwlylMlcuFWYqC5v9vXKlcnVyKpauT9RK1dpEdXnl4kJl6Urt4uWF4lzpYin/r7QKAAAAAAAAAAAAAAAAAAAAXizV5ZX5YrlcWlToWjgbA3EYPReSzXr5bHYy9BRidPcbqPAcCrs8MQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAk38CAAD//2iMNWI=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f00000001c0)={0x9, 0xfffffffffffffffd, 0x1, 0x2})

12.648435718s ago: executing program 2 (id=741):
r0 = socket$netlink(0x10, 0x3, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)

12.486914582s ago: executing program 5 (id=742):
syz_mount_image$xfs(&(0x7f0000000040), &(0x7f0000009740)='./file0\x00', 0x4000000, &(0x7f0000000a40)={[{@pquota}, {@sysvgroups}, {@nolargeio}, {@grpid}, {@nogrpid}, {@noalign}, {@inode64}, {@attr2}]}, 0x1, 0x97ee, &(0x7f0000012f40)="$eJzs3QW8rGWheP994ACHDkGwACkxSQkD6VBESVFCkJYUEAGlQwkVFAEFFFCQ7u4u6e7u7o7/58AB8bjgcn9/74XLWuvj2bNn5t2zn3m+87zu2e9mZsl5F51zYGCcgTd68/SfnbPr7csuNuaC6x678+Dr9tphoYeGXTzyGyfjzj7sdI5hp3MODAwMGnY7g964bPBsxxw7wsDggaH/+2djjDraCGMMDIw27Oyw2xmY+Y2T0fd/c7vXhosHOunQb7f9G/9eb8yhNzL0k6WXe2WtgYGBIW/7+qHjmvbf7qi0JeeYb95/Wr3lNsKwqwf987rXTwe/8W/0fQcGRt974J0fH0O3HeltX/u/2dDvOc7kA4vf/j587/9zLTnHfAsM5z90LY447LKZh67x4degseEf5zssuvoDw6Zw0LCJG/y29fJ+PO7/n1pyjnkXHHjndTyw0Dyb3P/a6/vNwXMPDAyeZ2Bg8LwDA4Pne7896j/T+/rgq6qqqvelOeacYehz9hGG+3lgyJs/19LPhRe8PN3dAwODF3rjeeLg5d58LlhVVVVVVVVVH8zmmHOGueD5/zjv9vx/0pO3Hrfn/1VVVVVVVVX/d1pgjjlnGPpcf7jn/xO92/P/xx88dL83/vZ/9pnf+KpX3987UVVVVVVVVVXv2rwL4PP/Sd/t+f9Fx0x6ac//q6qqqqqqqv7vtMhrr7222dteZ2/YxVO/eT09/z/1vluXed8GXFVVVVVVVVX/7V595KTT/vma7xMPDPd676837PcCg4444/LL37eBfjAa9O+/D9n8/R7T/9+GOg85aNKBgbUWf7+HUu9D/2deq77+R8rfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/MW9w/H/t17//9SjVnjzveA/M+UM15/0z698/b3/By+0wCNbvE9Dfz/6sB7/H1ht0MDAMN9xVhsYGFhojkUWm3pgYOCk62eYcoqBt66bZeh1Xx1vxNffIP7N/0xknnH5hjef7I3ToQ+UgfHfuo0jXr/9BV7bZ8RBww3ibY173H77rbrkczMOfzrVO9+PEd76bMxjH3zzv2UZYbiNhrzDF795+2/el+Gdh4196qFjn2b9NdeZZr2NNv7iamsuv8pKq6y01qzTzzTdjLPOOtNM06y82horTfvGx3eas0lf/zjXe5mzMYafs0fmePucDX/f3mnOJn33OXv9Fne5cMg33pyzwf/NOZvr3eds0tWGfaNxZx9pYLnX52bQwMC4c480sOHQM9ONMjAw7jzDtp1o6LZfG2+EgYGd/nlHh342yluPwUGbD91myXkXnfON3dTAwD9P/9k7vJ/9yMNGPvuw0zmGnc75xrcZZ+CfD8XBsx1z7AhD5+JfpmOMUUcbYYyBgdGGnR12OwOzvnEy2slvbvcO77M+3EBff5mV7d/493pjDgwMjD70k4mXP3WboVP/v/A+7f9P////b16zDHrr8Tho2L9h27zhNcd8C/zze70+DUPnbsRhl8081OQ//Nb2/9K/jXfSIQOTvst43+V1cV6PHl9rnDTBlv+p18Wh8U70LuN9l9fxfcfxLnH37g+8cVP/sfEOt69b8PWPs7+Xfd3Au+/rRqQbWOmSTw2/r/vWOw/xX3aXb87RKMNt9E77uon2nGTzobc/+7vv6xYcOvaR/mVfN8LAwLhzvbmvG7rjm3ekgZ2Gnpl+6Jn5Rho4YOiZGV4/M+rAGUPPfGmFtddYcegF8//742DqQf/yB5qwzuYdbp0Nett9HzTc33cOfuN09H3ffA+nd9hvDhp2t/7LfQU9bsd5l/G+y/tP4TwPvWzFI4dM8J96/yka75B3H+87vV/2O453x2dPvf0/PN631tlIb5uu+d/LOpv0X9fZ0Ls44ttWxnv9OWxF2P6Nzyd669Y22PTBt36mGGm42/2vfqaY/93X2TirDfd12+09MOjd5ma+9zI3n/y3fdAWb5+b9/rz1tSTv3H9iO8yN6PMuuxUb87NyP/NuZnvvzs3sw+M+K9zM3hgnoGBgSmG7R/mfS9zM9G7z817fdyMBtu/8flKb1009w4Hnffm3Aw/F//V3Mz7352bSd963Ezx+nWTjTAw8sgDGy6//vrrTvfGxzfPTv/Gx3dfg3O/l7kc5z8zlx8f/E5z+c+H6hh3X7rvf7EG/22f/ubtz/3fncuBt+ZyYLXhF0t9UOv3f+7yd5e/u/zd5e8uf3f5i3uH4/9vvf7/buN8dedhv9wY6dJJJtz2/R7v+9yH+vj/MN9/Of6/7YSTXDrCwFvXvevx2Te2+UAen535jZPR939zu+GPD/JA3/n47N6zzrz1/9Lx2f+n3lyr7+H3cO3/3eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/uLe4fj/tG/+HcB90y385LADoSM9tNVSC7/f432f+1Af/x/m+y/H/xdeaquHRhh467p3Pf7/xjaO4/93vjTvjh/k4/9vrtWO/9d/Uf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3lL+4djv/P/ubfARx66O4bv/n3AFePu/1J7/d43+c+rMf/e/9/b+3/3eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/uKGHf8fGO7tLb/b4wKD4///t3sH/4Xzxyz+i+SPWfwXzR+z+C+WP2bxXzx/zOK/RP6Yxf97+WMW/yXzxyz+388fs/j/IH/M4r9U/pjFf+n8MYv/MvljFv9l88cs/j/MH7P4L5c/ZvFfPn/M4v+j/DGL/wr5Yxb/FfPHLP4r5Y9Z/FfOH7P4r5I/ZvFfNX/M4r9a/pjF/8f5Yxb/1fPHLP5r5I9Z/NfMH7P4r5U/ZvFfO3/M4r9O/pjF/yf5Yxb/dfPHLP7r5Y9Z/NfPH7P4/zR/zOK/Qf6Yxf9n+WMW/w3zxyz+G+WPWfw3zh+z+P88f8zi/4v8MYv/JvljFv9N88cs/pvlj1n8N88fs/hvkT9m8d8yf8ziv1X+mMV/6/wxi/82+WMW/23zxyz+v8wfs/j/Kn/M4r9d/pjFf/v8MYv/DvljFv8d88cs/r/OH7P4/yZ/zOL/2/wxi/9O+WMW/53zxyz+v8sfs/j/Pn/M4r9L/pjF/w/5Yxb/XfPHLP675Y9Z/HfPH7P4/zF/zOL/p/wxi/8e+WMW/z3zxyz+e+WPWfz/nD9m8f9L/pjFf+/8MYv/PvljFv9988cs/n/NH7P4/y1/zOK/X/6YxX///DGL/9/zxyz+B+SPWfwPzB+z+B+UP2bxPzh/zOJ/SP6Yxf/Q/DGL/2H5Yxb/w/PHLP5H5I9Z/I/MH7P4H5U/ZvE/On/M4n9M/pjF/9j8MYv/cfljFv/j88cs/ifkj1n8T8wfs/iflD9m8T85f8zif0r+mMX/1Pwxi/9p+WMW/9Pzxyz+Z+SPWfzPzB+z+J+VP2bxPzt/zOJ/Tv6Yxf/c/DGL/3n5Yxb/8/PHLP4X5I9Z/C/MH7P4X5Q/ZvH/R/6Yxf/i/DGL/yX5Yxb/S/PHLP6X5Y9Z/C/PH7P4X5E/ZvG/Mn/M4n9V/pjF/+r8MYv/NfljFv9r88cs/tflj1n8r88fs/jfkD9m8b8xf8zif1P+mMX/5vwxi/8t+WMW/1vzxyz+t+WPWfxvzx+z+N+RP2bxvzN/zOJ/V/6Yxf/u/DGL/z35Yxb/e/PHLP735Y9Z/O/PH7P4P5A/ZvF/MH/M4v9Q/pjF/+H8MYv/I/ljFv9H88cs/o/lj1n8H88fs/g/kT9m8X8yf8zi/1T+mMX/6fwxi/8z+WMW/2fzxyz+z+WPWfyfzx+z+L+QP2bxfzF/zOL/Uv6Yxf/l/DGL/yv5Yxb/V/PHLP6v5Y9J/AcN5I9Z/Aflj1n8R8gfs/iPmD9m8R+cP2bxHyl/zOI/cv6YxX+U/DGL/5D8MYv/qPljFv/R8scs/qPnj1n8x8gfs/iPmT9m8R8rf8ziP3b+mMV/nPwxi/+4+WMW//Hyxyz+H8kfs/iPnz9m8Z8gf8zi/9H8MYv/hPljFv+J8scs/h/LH7P4fzx/zOL/ifwxi/8n88cs/p/KH7P4T5w/ZvGfJH/M4j9p/pjF/9P5Yxb/yd70H/I+jesDmsV/8tY/ZvGfIn/M4j9l/pjFf6r8MYv/Z/LHLP5T549Z/D+bP2bx/1z+mMX/8/ljFv8v5I9Z/L+YP2bx/1L+mMV/mvwxi/+0+WMW/+nyxyz+0+ePWfxnyB+z+M+YP2bx/3L+mMV/pvwxi//M+WMW/1nyxyz+s+aPWfy/kj9m8f9q/pjF/2v5Yxb/r+ePWfxnyx+z+H8jf8ziP3v+mMV/jvwxi/+c+WMW/7nyxyz+c+ePWfznyR+z+M+bP2bxny9/zOI/f/6YxX+B/DGL/zfzxyz+38ofs/gvmD9m8f92/pjFf6H8MYv/d/LHLP7fzR+z+C+cP2bxXyR/zOK/aP6YxX+x/DGL/+L5Yxb/JfLHLP7fyx+z+C+ZP2bx/37+mMX/B/ljFv+l8scs/kvnj1n8l8kfs/gvmz9m8f9h/pjFf7n8MYv/8vljFv8f5Y9Z/FfIH7P4r5g/ZvFfKX/M4r9y/pjFf5X8MYv/qvljFv/V8scs/j/OH7P4r54/ZvFfI3/M4r9m/pjFf638MYv/2vljFv918scs/j/JH7P4r5s/ZvFfL3/M4r9+/pjF/6f5Yxb/DfLHLP4/yx+z+G+YP2bx3yh/zOK/cf6Yxf/n+WMW/1/kj1n8N8kfs/hvmj9m8d8sf8ziv3n+mMV/i/wxi/+W+WMW/63yxyz+W+ePWfy3yR+z+G+bP2bx/2X+mMX/V/ljFv/t8scs/tvnj1n8d8gfs/jvmD9m8f91/pjF/zf5Yxb/3+aPWfx3yh+z+O+cP2bx/13+mMX/9/ljFv9d8scs/n/IH7P475o/ZvHfLX/M4r97/pjF/4/5Yxb/P+WPWfz3yB+z+O+ZP2bx3yt/zOL/5/wxi/9f8scs/nvnj1n898kfs/jvmz9m8f9r/pjF/2/5Yxb//fLHLP77549Z/P/+r/73/q+P6wOaxf+A1j9m8T8wf8zif1D+mMX/4Pwxi/8h+WMW/0Pzxyz+h+WPWfwPzx+z+B+RP2bxPzJ/zOJ/VP6Yxf/o/DGL/zH5Yxb/Y/PHLP7H5Y9Z/I/PH7P4n5A/ZvE/MX/M4n9S/pjF/+T8MYv/KfljFv9T88cs/qflj1n8T88fs/ifkT9m8T8zf8zif1b+mMX/7Pwxi/85+WMW/3Pzxyz+5+WPWfzPzx+z+F+QP2bxvzB/zOJ/Uf6YxP/18v/3JP6DLs4fs/hfkj9m8b80f8zif1n+mMX/8vwxi/8V+WMW/yvzxyz+V+WPWfyvzh+z+F+TP2bxvzZ/zOJ/Xf6Yxf/6/DGL/w35Yxb/G/PHLP435Y9Z/G/OH7P435I/ZvG/NX/M4n9b/pjF//b8MYv/HfljFv8788cs/nflj1n8784fs/jfkz9m8b83f8zif1/+mMX//vwxi/8D+WMW/wfzxyz+D+WPWfwfzh+z+D+SP2bxfzR/zOL/WP6Yxf/x/DGL/xP5Yxb/J/PHLP5P5Y9Z/J/OH7P4P5M/ZvF/Nn/M4v9c/pjF//n8MYv/C/mPTBda/F/MH7P4v5Q/ZvF/OX/M4v9K/pjF/9X8MYv/a/ljEv/XP83/37P4D8ofs/iPkD9m8R8xf8ziPzh/zOI/Uv6YxX/k/DGL/yj5Yxb/IfljFv9R88cs/qPlj1n8R88fs/iPkT9m8R8zf8ziP1b+mMV/7Pwxi/84+WMW/3Hzxyz+4+WPWfw/kj9m8R8/f8ziP0H+mMX/o/ljFv8J88cs/hPlj1n8P5Y/ZvH/eP6Yxf8T+WMW/0/mj1n8P5U/ZvGfOH/M4j9J/pjFf9L8MYv/p/PHLP6T5Y9Z/CfPH7P4T5E/ZvGfMn/M4j9V/pjF/zP5Yxb/qfPHLP6fzR+z+H8uf8zi//n8MYv/F/LHLP5fzB+z+H8pf8ziP03+mMV/2vyxQefsOtLAwMCH3n+6/DHL+p8+f8ziP0P+mMV/xvwxi/+X88cs/jPlj1n8Z84fs/jPkj9m8Z81f8zi/5X8MYv/V/PHLP5fyx+z+H89f8ziP1v+mMX/G/ljFv/Z88cs/nPkj1n858wfs/jPlT9m8Z87f8ziP0/+mMV/3vwxi/98+WMW//nzxyz+C+SPWfy/mT9m8f9W/pjFf8H8MYv/t/PHLP4L5Y9Z/L+TP2bx/27+mMV/4fwxi/8i+WMW/0Xzxyz+i+WPWfwXzx+z+C+RP2bx/17+mMV/yfwxi//388cs/j/IH7P4L5U/ZvFfOn/M4r9M/pjFf9n8MYv/D/PHLP7L5Y9Z/JfPH7P4/yh/zOK/Qv6YxX/F/DGL/0r5Yxb/lfPHLP6r5I9Z/FfNH7P4r5Y/ZvH/cf6YxX/1/DGL/xr5Yxb/NfPHLP5r5Y9Z/NfOH7P4r5M/ZvH/Sf6YxX/d/DGL/3r5Yxb/9fPHLP4/zR+z+G+QP2bx/1n+mMV/w/wxi/9G+WMW/43zxyz+P88fs/j/In/M4r9J/pjFf9P8MYv/ZvljFv/N88cs/lvkj1n8t8wfs/hvlT9m8d86f8ziv03+mMV/2/wxi/8v88cs/r/KH7P4b5c/ZvHfPn/M4r9D/pjFf8f8MYv/r/PHLP6/yR+z+P82f8ziv1P+mMV/5/wxi//v8scs/r/PH7P475I/ZvH/Q/6YxX/X/DGL/275Yxb/3fPHLP5/zB+z+P8pf8ziv0f+mMV/z/wxi/9e+WMW/z/nj1n8/5I/ZvHfO3/M4r9P/pjFf9/8MYv/X/PHLP5/yx+z+O+XP2bx3z9/zOL/9/wxi/8B+WMW/wPzxyz+B+WPWfwPzh+z+B+SP2bxPzR/zOJ/WP6Yxf/w/DGL/xH5Yxb/I/PHLP5H5Y9Z/I/OH7P4H5M/ZvE/Nn/M4n9c/pjF//j8MYv/CfljFv8T88cs/iflj1n8T84fs/ifkj9m8T81f8zif1r+mMX/9Pwxi/8Z+WMW/zPzxyz+Z+WPWfzPzh+z+J+TP2bxPzd/zOJ/Xv6Yxf/8/DGL/wX5Yxb/C/PHLP4X5Y9Z/P+RP2bxvzh/zOJ/Sf6Yxf/S/DGL/2X5Yxb/y/PHLP5X5I9Z/K/MH7P4X5U/ZvG/On/M4n9N/pjF/9r8MYv/dfljFv/r88cs/jfkj1n8b8wfs/jflD9m8b85f8zif0v+mMX/1vwxi/9t+WMW/9vzxyz+d+SPWfzvzB+z+N+VP2bxvzt/zOJ/T/6Yxf/e/DGL/335Yxb/+/PHLP4P5I9Z/B/MH7P4P5Q/ZvF/OH/M4v9I/pjF/9H8MYv/Y/ljFv/H88cs/k/kj1n8n8wfs/g/lT9m8X86f8zi/0z+mMX/2fwxi/9z+WMW/+fzxyz+L+SPWfxfzB+z+L+UP2bxfzl/zOL/Sv6Yxf/V/DGL/2v5YxL/EQfyxyz+g/LHLP4j5I9Z/EfMH7P4D84fs/iPlD9m8R85f8ziP0r+mMV/SP6YxX/U/DGL/2j5Yxb/0fPHLP5j5I9Z/MfMH7P4j5U/ZvEfO3/M4j9O/pjFf9z8MYv/ePljFv+P5I9Z/MfPH7P4T5A/ZvH/aP6YxX/C/DGL/0T5Yxb/j+WPWfw/nj9m8f9E/pjF/5P5Yxb/T+WPWfwnzh+z+E+SP2bxnzR/zOL/6fwxi/9k+WMW/8nzxyz+U+SPWfynzB+z+E+VP2bx/0z+mMV/6vwxi/9n88cs/p/LH7P4fz5/zOL/hfwxi/8X88cs/l/KH7P4T5M/ZvGfNn/M4j9d/pjFf/r8MYv/DPljFv8Z88cs/l/OH7P4z5Q/ZvGfOX/M4j9L/pjFf9b8MYv/V/LHLP5fzR+z+H8tf8zi//X8MYv/bPljFv9v5I9Z/GfPH7P4z5E/ZvGfM3/M4j9X/pjFf+78MYv/PPljFv9588cs/vPlj1n8588fs/gvkD9m8f9m/pjF/1v5Yxb/BfPHLP7fzh+z+C+UP2bx/07+mMX/u/ljFv+F88cs/ovkj1n8F80fs/gvlj9m8V88f8ziv0T+mMX/e/ljFv8l88cs/t/PH7P4/yB/zOK/VP6YxX/p/DGL/zL5Yxb/ZfPHLP4/zB+z+C+XP2bxXz5/zOL/o/wxi/8K+WMW/xXzxyz+K+WPWfxXzh+z+K+SP2bxXzV/zOK/Wv6Yxf/H+WMW/9Xzxyz+a+SPWfzXzB+z+K+VP2bxXzt/zOK/Tv6Yxf8n+WMW/3Xzxyz+6+WPWfzXzx+z+P80f8ziv0H+mMX/Z/ljFv8N88cs/hvlj1n8N84fs/j/PH/M4v+L/DGL/yb5Yxb/TfPHLP6b5Y9Z/DfPH7P4b5E/ZvHfMn/M4r9V/pjFf+v8MYv/NvljFv9t88cs/r/MH7P4/yp/zOK/Xf6YxX/7/DGL/w75Yxb/HfPHLP6/zh+z+P8mf8zi/9v8MYv/TvljFv+d88cs/r/LH7P4/z5/zOK/S/6Yxf8P+WMW/13zxyz+u+WPWfx3zx+z+P8xf8zi/6f8MYv/HvljFv8988cs/nvlj1n8/5w/ZvH/S/6YxX/v/DGL/z75Yxb/ffPHLP5/zR+z+P8tf8ziv1/+mMV///wxi//f88cs/gfkj1n8D8wfs/gflD9m8T84f8zif0j+mMX/0Pwxi/9h+WMW/8Pzxyz+R+SPWfyPzB+z+B+VP2bxPzp/zOJ/TP6Yxf/Y/DGL/3H5Yxb/4/PHLP4n5I9Z/E/MH7P4n5Q/ZvE/OX/M4n9K/pjF/9T8MYv/afljFv/T88cs/mfkj1n8z8wfs/iflT9m8T87f8zif07+mMX/3Pwxi/95+WMW//Pzxyz+F+SPWfwvzB+z+F+UP2bx/0f+mMX/4vwxi/8l+WMW/0vzxyz+l+WPWfwvzx+z+F+RP2bxvzJ/zOJ/Vf6Yxf/q/DGL/zX5Yxb/a/PHLP7X5Y9Z/K/PH7P435A/ZvG/MX/M4n9T/pjF/+b8MYv/LfljFv9b88cs/rflj1n8b88fs/jfkT9m8b8zf8zif1f+mMX/7vwxi/89+WMW/3vzxyz+9+WPWfzvzx+z+D+QP2bxfzB/zOL/UP6Yxf/h/DGL/yP5Yxb/R/PHLP6P5Y9Z/B/PH7P4P5E/ZvF/Mn/M4v9U/pjF/+n8MYv/M/ljFv9n88cs/s/lj1n8n88fs/i/kD9m8X8xf8zi/1L+mMX/5fwxi/8r+WMW/1fzxyz+r+WPSfwHD+SPWfwHvTf/kf/HxvUBzeI/Qusfs/iPmD9m8R+cP2bxHyl/zOI/cv6YxX+U/DGL/5D8MYv/qPljFv/R8scs/qPnj1n8x8gfs/iPmT9m8R8rf8ziP3b+mMV/nPwxi/+4+WMW//Hyxyz+H8kfs/iPnz9m8Z8gf8zi/9H8MYv/hPljFv+J8scs/h/LH7P4fzx/zOL/ifwxi/8n88cs/p/KH7P4T5w/ZvGfJH/M4j9p/pjF/9P5Yxb/yfLHLP6T549Z/KfIH7P4T5k/ZvGfKn/M4v+Z/DGL/9T5Yxb/z+aPWfw/lz9m8f98/pjF/wv5Yxb/L+aPWfy/lD9m8Z8mf8ziP23+mMV/uvwxi//0+WMW/xnyxyz+M+aPWfy/nD9m8Z8pf8ziP3P+mMV/lvwxi/+s+WMW/6/kj1n8v5o/ZvH/Wv6Yxf/r+WMW/9nyxyz+38gfs/jPnj9m8Z8jf8ziP2f+mMV/rvwxi//c+WMW/3nyxyz+8+aPWfznyx+z+M+fP2bxXyB/zOL/zfwxi/+38scs/gvmj1n8v50/ZvFfKH/M4v+d/DGL/3fzxyz+C+ePWfwXyR+z+C+aP2bxXyx/zOK/eP6YxX+J/DGL//fyxyz+S+aPWfy/nz9m8f9B/pjFf6n8MYv/0vljFv9l8scs/svmj1n8f5g/ZvFfLn/M4r98/pjF/0f5Yxb/FfLHLP4r5o9Z/FfKH7P4r5w/ZvFfJX/M4r9q/pjFf7X8MYv/j/PHLP6r549Z/NfIH7P4r5k/ZvFfK3/M4r92/pjFf538MYv/T/LHLP7r5o9Z/NfLH7P4r58/ZvH/af6YxX+D/DGL/8/yxyz+G+aPWfw3yh+z+G+cP2bx/3n+mMX/F/ljFv9N8scs/pvmj1n8N8sfs/hvnj9m8d8if8ziv2X+mMV/q/wxi//W+WMW/23yxyz+2+aPWfx/mT9m8f9V/pjFf7v8MYv/9vljFv8d8scs/jvmj1n8f50/ZvH/Tf6Yxf+3+WMW/53yxyz+O+ePWfx/lz9m8f99/pjFf5f8MYv/H/LHLP675o9Z/HfLH7P4754/ZvH/Y/6Yxf9P+WMW/z3yxyz+e+aPWfz3yh+z+P85f8zi/5f8MYv/3vljFv998scs/vvmj1n8/5o/ZvH/W/6YxX+//DGL//75Yxb/v+ePWfwPyB+z+B+YP2bxPyh/zOJ/cP6Yxf+Q/DGL/6H5Yxb/w/LHLP6H549Z/I/IH7P4H5k/ZvE/Kn/M4n90/pjF/5j8MYv/sfljFv/j8scs/sfnj1n8T8gfs/ifmD9m8T8pf8zif3L+mMX/lPwxi/+p+WMW/9Pyxyz+p+ePWfzPyB+z+J+ZP2bxPyt/zOJ/dv6Yxf+c/DGL/7n5Yxb/8/LHLP7n549Z/C/IH7P4X5g/ZvG/KH/M4v+P/DGL/8X5Yxb/S/LHLP6X5o9Z/C/LH7P4X54/ZvG/In/M4n9l/pjF/6r8MYv/1fljFv9r8scs/tfmj1n8r8sfs/hfnz9m8b8hf8zif2P+mMX/pvwxi//N+WMW/1vyxyz+t+aPWfxvyx+z+N+eP2bxvyN/zOJ/Z/6Yxf+u/DGL/935Yxb/e/LHLP735o9Z/O/LH7P4358/ZvF/IH/M4v9g/pjF/6H8MYv/w/ljFv9H8scs/o/mj1n8H8sfs/g/nj9m8X8if8zi/2T+mMX/qfwxi//T+WMW/2fyxyz+z+aPWfyfyx+z+D+fP2bxfyF/zOL/Yv6Yxf+l/DGL/8v5Yxb/V/LHLP6v5o9Z/F/LH5P4jzSQP2bxH5Q/ZvEfIX/M4j9i/pjFf3D+mMV/pPwxi//I+WMW/1Hyxyz+Q/LHLP6j5o9Z/EfLH7P4j54/ZvEfI3/M4j9m/pjFf6z8MYv/2PljFv9x8scs/uPmj1n8x8sfs/h/JH/M4j9+/pjFf4L8MYv/R/PHLP4T5o9Z/CfKH7P4fyx/zOL/8fwxi/8n8scs/p/MH7P4fyp/zOI/cf6YxX+S/DGL/6T5Yxb/T+ePWfwnyx+z+E+eP2bxnyJ/zOI/Zf6YxX+q/DGL/2fyxyz+U+ePWfw/mz9m8f9c/pjF//P5Yxb/L+SPWfy/mD9m8f9S/pjFf5r8MYv/tPljFv/p8scs/tPnj1n8Z8gfs/jPmD9m8f9y/pjFf6b8MYv/zPljFv9Z8scs/rPmj1n8v5I/ZvH/av6Yxf9r+WMW/6/nj1n8Z8sfs/h/I3/M4j97/pjFf478MYv/nPljFv+58scs/nPnj1n858kfs/jPmz9m8Z8vf8ziP3/+mMV/gfwxi/8388cs/t/KH7P4L5g/ZvH/dv6YxX+h/DGL/3fyxyz+33X5D36vG1r8F3b5v+cs/ovkj1n8F80fs/gvlj9m8V88f8ziv0T+mMX/e/ljFv8l88cs/t/PH7P4/yB/zOK/VP6YxX/p/DGL/zL5Yxb/ZfPHLP4/zB+z+C+XP2bxXz5/zOL/o/wxi/8K+WMW/xXzxyz+K+WPWfxXzh+z+K+SP2bxXzV/zOK/Wv6Yxf/H+WMW/9Xzxyz+a+SPWfzXzB+z+K+VP2bxXzt/zOK/Tv6Yxf8n+WMW/3Xzxyz+6+WPWfzXzx+z+P80f8ziv0H+mMX/Z/ljFv8N88cs/hvlj1n8N84fs/j/PH/M4v+L/DGL/yb5Yxb/TfPHLP6b5Y9Z/DfPH7P4b5E/ZvHfMn/M4r9V/pjFf+v8MYv/NvljFv9t88cs/r/MH7P4/yp/zOK/Xf6YxX/7/DGL/w75Yxb/HfPHLP6/zh+z+P8mf8zi/9v8MYv/TvljFv+d88cs/r/LH7P4/z5/zOK/S/6Yxf8P+WMW/13zxyz+u+WPWfx3zx+z+P8xf8zi/6f8MYv/HvljFv8988cs/nvlj1n8/5w/ZvH/S/6YxX/v/DGL/z75Yxb/ffPHLP5/zR+z+P8tf8ziv1/+mMV///wxi//f88cs/gfkj1n8D8wfs/gflD9m8T84f8zif0j+mMX/0Pwxi/9h+WMW/8Pzxyz+R+SPWfyPzB+z+B+VP2bxPzp/zOJ/TP6Yxf/Y/DGL/3H5Yxb/4/PHLP4n5I9Z/E/MH7P4n5Q/ZvE/OX/M4n9K/pjF/9T8MYv/afljFv/T88cs/mfkj1n8z8wfs/iflT9m8T87f8zif07+mMX/3Pwxi/95+WMW//Pzxyz+F+SPWfwvzB+z+F+UP2bx/0f+mMX/4vwxi/8l+WMW/0vzxyz+l+WPWfwvzx+z+F+RP2bxvzJ/zOJ/Vf6Yxf/q/DGL/zX5Yxb/a/PHLP7X5Y9Z/K/PH7P435A/ZvG/MX/M4n9T/pjF/+b8MYv/LfljFv9b88cs/rflj1n8b88fs/jfkT9m8b8zf8zif1f+mMX/7vwxi/89+WMW/3vzxyz+9+WPWfzvzx+z+D+QP2bxfzB/zOL/UP6Yxf/h/DGL/yP5Yxb/R/PHLP6P5Y9Z/B/PH7P4P5E/ZvF/Mn/M4v9U/pjF/+n8MYv/M/ljFv9n88cs/s/lj1n8n88fs/i/kD9m8X8xf8zi/1L+mMX/5fwxi/8r+WMW/1fzxyz+r+WPSfxHHsgfs/gPyh+z+I+QP2bxHzF/zOI/OH/M4j9S/pjFf+T8MYv/KPljFv8h+WMW/1Hzxyz+o+WPWfxHzx+z+I+RP2bxHzN/zOI/Vv6YxX/s/DGL/zj5Yxb/cfPHLP7j5Y9Z/D+SP2bxHz9/zOI/Qf6Yxf+j+WMW/wnzxyz+E+WPWfw/lj9m8f94/pjF/xP5Yxb/T+aPWfw/lT9m8Z84f8ziP0n+mMV/0vwxi/+n88cs/pPlj1n8J88fs/hPkT9m8Z8yf8ziP1X+mMX/M/ljFv+p88cs/p/NH7P4fy5/zOL/+fwxi/8X8scs/l/MH7P4fyl/zOI/Tf6YxX/a/DGL/3T5Yxb/6fPHLP4z5I9Z/GfMH7P4fzl/zOI/U/6YxX/m/DGL/yz5Yxb/WfPHLP5fyR+z+H81f8zi/7X8MYv/1/PHLP6z5Y9Z/L+RP2bxn/2/9h/lf3RcH9As/nO0/jGL/5z5Yxb/ufLHLP5z549Z/OfJH7P4z5s/ZvGfL3/M4j9//pjFf4H8MYv/N/PHLP7fyh+z+C+YP2bx/3b+mMV/ofwxi/938scs/t/NH7P4L5w/ZvFfJH/M4r9o/pjFf7H8MYv/4vljFv8l8scs/t/LH7P4L5k/ZvH/fv6Yxf8H+WMW/6Xyxz6k/oOGsx556fyxD6n/6719/S+TP2bxXzZ/zOL/w/wxi/9y+WMW/+Xzxyz+P8ofs/ivkD826JxBw2bmw+2/Yv6YZf2vlD9m8V85f8ziv0r+mMV/1fwxi/9q+WMW/x/nj1n8V88fs/ivkT9m8V8zf8ziv1b+mMV/7fwxi/86+WMW/5/kj1n8180fs/ivlz9m8V8/f8zi/9P8MYv/BvljFv+f5Y9Z/DfMH7P4b5Q/ZvHfOH/M4v/z/DGL/y/yxyz+m+SPWfw3zR+z+G+WP2bx3zx/zOK/Rf6YxX/L/DGL/1b5Yxb/rfPHLP7b5I9Z/LfNH7P4/zJ/zOL/q/wxi/92+WMW/+3zxyz+O+SPWfx3zB+z+P86f8zi/5v8MYv/b/PHLP475Y9Z/HfOH7P4/y5/zOL/+/wxi/8u+WMW/z/kj1n8d80fs/jvlj9m8d89f8zi/8f8MYv/n/LHLP575I9Z/PfMH7P475U/ZvH/c/6Yxf8v+WMW/73zxyz+++SPWfz3zR+z+P81f8zi/7f8MYv/fvljFv/988cs/n/PH7P4H5A/ZvE/MH/M4n9Q/pjF/+D8MYv/IfljFv9D88cs/oflj1n8D88fs/gfkT9m8T8yf8zif1T+mMX/6Pwxi/8x+WMW/2Pzxyz+x+WPWfyPzx+z+J+QP2bxPzF/zOJ/Uv6Yxf/k/DGL/yn5Yxb/U/PHLP6n5Y9Z/E/PH7P4n5E/ZvE/M3/M4n9W/pjF/+z8MYv/OfljFv9z88cs/uflj1n8z88fs/hfkD9m8b8wf8zif1H+mMX/H/ljFv+L88cs/pfkj1n8L80fs/hflj9m8b88f8zif0X+mMX/yvwxi/9V79F/8P/UuD6gWfyvbv1jFv9r8scs/tfmj1n8r8sfs/hfnz9m8b8hf8zif2P+mMX/pvwxi//N+WMW/1vyxyz+t+aPWfxvyx+z+N+eP2bxvyN/zOJ/Z/6Yxf+u/DGL/935Yxb/e/LHLP735o9Z/O/LH7P4358/ZvF/IH/M4v9g/pjF/6H8MYv/w/ljFv9H8scs/o/mj1n8H8sfs/g/nj9m8X8if8zi/2T+mMX/qfwxi//T+Q+MCpdZ/J/JH7P4P5s/ZvF/Ln/M4v98/pjF/4X8MYv/i/ljFv+X8scs/i/nj1n8X8kfs/i/mj9m8X8tf0ziP8pA/pjFf1D+mMV/hPwxi/+I+WMW/8H5Yxb/kfLHLP4j549Z/EfJH7P4D8kfs/iPmj9m8R8tf8ziP3r+mMV/jPwxi/+Y+WMW/7Hyxyz+Y+ePWfzHyR+z+I+b/7CG/Ms5i/94+WMW/4/kj1n8x88fs/hPkD9m8f9o/pjFf8L8MYv/RPljFv+P5Y9Z/D+eP2bx/0T+mMX/k/ljFv9P5Y9Z/CfOH7P4T5I/ZvGfNH/M4v/p/DGL/2T5Yxb/yfPHLP5T5I9Z/KfMH7P4T5U/ZvH/TP6YxX/q/DGL/2fzxyz+n8sfs/h/Pn/M4v+F/DGL/xfzxyz+X8ofs/hPkz9m8Z82f8ziP13+mMV/+vwxi/8M+WMW/xnzxyz+X84fs/jPlD9m8Z85f8ziP0v+mMV/1vwxi/9X8scs/l/NH7P4fy1/zOL/9fwxi/9s+WMW/2/kj1n8Z88fs/jPkT9m8Z8zf8ziP1f+mMV/7vwxi/88+WMW/3nzxyz+8+WPWfznzx+z+C+QP2bx/2b+mMX/W/ljFv8F88cs/t/OH7P4L5Q/ZvH/Tv6Yxf+7+WMW/4Xzxyz+i+SPWfwXzR+z+C+WP2bxXzx/zOK/RP6Yxf97+WMW/yXzxyz+388fs/j/IH/M4r9U/pjFf+n8MYv/MvljFv9l88cs/j/MH7P4L5c/ZvFfPn/M4v+j/DGL/wr5Yxb/FfPHLP4r5Y9Z/FfOH7P4r5I/ZvFfNX/M4r9a/pjF/8f5Yxb/1fPHLP5r5I9Z/NfMH7P4r5U/ZvFfO3/M4r9O/pjF/yf5Yxb/dfPHLP7r5Y9Z/NfPH7P4/zR/zOK/Qf6Yxf9n+WMW/w3zxyz+G+WPWfw3zh+z+P88f8zi/4v8MYv/JvljFv9N88cs/pvlj1n8N88fs/hvkT9m8d8yf8ziv1X+mMV/6/wxi/826N8jwuK/bdqYxf+X+WMW/1/lj1n8t8sfs/hvnz9m8d/hDf9XXnu/xvUBzeK/Y+sfs/j/On/M4v+b/DGL/2/zxyz+O+WPWfx3zh+z+P8uf8zi//v8MYv/LvljFv8/5I9Z/HfNH7P475Y/ZvHfPX/M4v/H/DGL/5/yxyz+e+SPWfz3zB+z+O+VP2bx//N78h/pf25cH9As/n9p/WMW/73zxyz+++SPWfz3zR+z+P81f8zi/7f8MYv/fvljFv/988cs/n/PH7P4H5A/ZvE/MH/M4n9Q/pjF/+D8MYv/IfljFv9D88cs/oflj1n8D88fs/gfkT9m8T8yf8zif1T+mMX/6Pwxi/8x+WMW/2Pzxyz+x+WPWfyPzx+z+J+QP2bxPzF/zOJ/Uv6Yxf/k/DGL/yn5Yxb/U/PHLP6n5Y9Z/E/PH7P4n5E/ZvE/M3/M4n9W/pjF/+z8MYv/OfljFv9z88cs/uflj1n8z88fs/hfkD9m8b8wf8zif1H+mMX/H/ljFv+L88cs/pfkj1n8L80fs/hflj9m8b88f8zif0X+mMX/yvwxi/9V+WMW/6vzxyz+1+SPWfyvzR+z+F+XP2bxvz5/zOJ/Q/6Yxf/G/DGL/035Yxb/m/PHLP635I9Z/G/NH7P435Y/ZvG/PX/M4n9H/pjF/878MYv/XfljFv+788cs/vfkj1n8780fs/jflz9m8b8/f8zi/0D+mMX/wfwxi/9D+WMW/4fzxyz+j+SPWfwfzR+z+D+WP2bxfzx/zOL/RP6Yxf/J/DGL/1P5Yxb/p/PHLP7P5I9Z/J/NH7P4P5c/ZvF/Pn/M4v9C/pjF/8X8MYv/S/ljFv+X88cs/q/kj1n8X80fs/i/lj8m8R8ykD9m8R+UP2bxHyF/zOI/Yv6YxX9w/pjFf6T8MYv/yPljFv9R8scs/kPyxyz+o+aPWfxHyx+z+I+eP2bxHyN/zOI/Zv6YxX+s/DGL/9j5Yxb/cfLHLP7j5o9Z/MfLH7P4fyR/zOI/fv6YxX+C/DGL/0fzxyz+E+aPWfwnyh+z+H8sf8zi//H8MYv/J/LHLP6fzB+z+H8qf8ziP3H+mMV/kvwxi/+k+WMW/0/nj1n8J8sfs/hPnj9m8Z8if8ziP2X+mMV/qvwxi/9n8scs/lPnj1n8P5s/ZvH/XP6Yxf/z+WMW/y/kj1n8v5g/ZvH/Uv6YxX+a/DGL/7T5Yxb/6fLHLP7T549Z/GfIH7P4z5g/ZvH/cv6YxX+m/DGL/8z5Yxb/WfLHLP6z5o9Z/L+SP2bx/+q7+u/+Pz+uD2gW/6+1/jGL/9fzxyz+s+WPWfy/kT9m8Z89f8ziP0f+mMV/zvwxi/9c+WMW/7nzxyz+8+SPWfznzR+z+M+XP2bxnz9/zOK/QP6Yxf+b+WMW/2/lj1n8F8wfs/h/O3/M4r9Q/pjF/zv5Yxb/7+aPWfwXzh+z+C+SP2bxXzR/zOK/WP6YxX/x/DGL/xL5Yxb/7+WPWfyXzB+z+H8/f8zi/4P8MYv/UvljFv+l88cs/svkj1n8l80fs/j/MH/M4r9c/pjFf/n8MYv/j/LHLP4r5I9Z/FfMH7P4r5Q/ZvFfOX/M4r9K/pjFf9X8MYv/avljFv8f549Z/FfPH7P4r5E/ZvFfM3/M4r9W/pjFf+38MYv/OvljFv+f5I9Z/NfNH7P4r5c/ZvFfP3/M4v/T/DGL/wb5Yxb/n+WPWfw3zB+z+G+UP2bx3zh/zOL/8/wxi/8v8scs/pvkj1n8N80fs/hvlj9m8d88f8ziv0X+mMV/y/wxi/9W+WMW/63zxyz+2+SPWfy3zR+z+P8yf8zi/6v8MYv/dvljFv/t88cs/jvkj1n8d8wfs/j/On/M4v+b/DGL/2/zxyz+O+WPWfx3zh+z+P8uf8zi//v8MYv/LvljFv8/5I9Z/HfNH7P475Y/ZvHfPX/M4v/H/DGL/5/yxyz+e+SPWfz3zB+z+O+VP2bx/3P+mMX/L/ljFv+988cs/vvkj1n8980fs/j/NX/M4v+3/DGL/375Yxb//fPHLP5/zx+z+B+QP2bxPzB/zOJ/UP6Yxf/g/DGL/yH5Yxb/Q/PHLP6H5Y9Z/A/PH7P4H5E/ZvE/Mn/M4n9U/pjF/+j8MYv/MfljFv9j88cs/sflj1n8j88fs/ifkD9m8T8xf8zif1L+mMX/5Pwxi/8p+WMW/1Pzxyz+p+WPWfxPzx+z+J+RP2bxPzN/zOJ/Vv6Yxf/s/DGL/zn5Yxb/c/PHLP7n5Y9Z/M/PH7P4X5A/ZvG/MH/M4n9R/pjF/x/5Yxb/i/PHLP6X5I9Z/C/NH7P4X5Y/ZvG/PH/M4n9F/pjF/8r8MYv/VfljFv+r88cs/tfkj1n8r80fs/hflz9m8b8+f8zif0P+mMX/xvwxi/9N+WMW/5vzxyz+t+SPWfxvzR+z+N+WP2bxvz1/zOJ/R/6Yxf/O/DGL/135Yxb/u/PHLP735I9Z/O/NH7P435c/ZvG/P3/M4v/Au/mP9b8wrg9oFv8HW/+Yxf+h/DGL/8P5Yxb/R/LHDP6DBg8MeTR/zOA/dP0/lj9m8X88f8zi/0T+mMX/yfwxi/9T+WMW/6fzxyz+z+SPWfyfzR+z+D+XP2bxfz5/zOL/Qv6Yxf/F/DGL/0v5Yxb/l/PHLP6v5I9Z/F/NH7P4v5Y/JvEfdSB/zOI/KH/M4j9C/pjFf8T8MYv/4Pwxi/9I+WMW/5Hzxyz+o+SPWfyH5I9Z/EfNH7P4j5Y/ZvEfPX/M4j9G/pjFf8z8MYv/WPljFv+x88cs/uPkj1n8x80fs/iPlz9m8f9I/pjFf/z8MYv/BPljFv+P5o9Z/CfMH7P4T5Q/ZvH/WP6Yxf/j+WMW/0/kj1n8P5k/ZvH/VP6YxX/i/DGL/yT5Yxb/SfPHLP6fzh+z+E+WP2bxnzx/zOI/Rf6YxX/K/DGL/1T5Yxb/z+SPWfynzh+z+H82f8zi/7n8MYv/5/PHLP5fkPlP9x63s/h/Ueb/XrP4fyl/zOI/Tf6YxX/agYHN3q8hfZCz+E/X+scs/tPnj1n8Z8gfs/jPmD9m8f9y/pjFf6b8MYv/zPljFv9Z8scs/rPmj1n8v5I/ZvH/av6Yxf9r+WMW/6/nj1n8Z8sfs/h/I3/M4j97/pjFf478MYv/nPljFv+58scs/nPnj1n858kfs/jPmz9m8Z8vf8ziP3/+mMV/gfwxi/8388cs/t/KH7P4L5g/ZvH/dv6YxX+h/DGL/3fyxyz+380fs/gvnD9m8V8kf8ziv2j+mMV/sfwxi//i+WMW/yXyxyz+38sfs/gvmT9m8f9+/pjF/wf5Yxb/pfLHLP5L549Z/JfJH7P4L5s/ZvH/Yf6YxX+5/DGL//L5Yxb/H+WPWfxXyB+z+K+YP2bxXyl/zOK/cv6YxX+V/DGL/6r5Yxb/1fLHLP4/zh+z+K+eP2bxXyN/zOK/Zv6YxX+t/DGL/9r5Yxb/dfLHLP4/yR+z+K+bP2bxXy9/zOK/fv6Yxf+n+WMW/w3yxyz+P8sfs/hvmD9m8d8of8ziv3H+mMX/5/ljFv9f5I9Z/DfJH7P4b5o/ZvHfLH/M4r95/pjFf4v8MYv/lvljFv+t8scs/lvnj1n8t8kfs/hvmz9m8f9l/pjF/1f5Yxb/7fLHLP7b549Z/HfIH7P475g/ZvH/df6Yxf83+WMW/9/mj1n8d8ofs/jvnD9m8f9d/pjF//f5Yxb/XfLHLP5/yB+z+O+aP2bx3y1/zOK/e/6Yxf+P+WMW/z/lj1n898gfs/jvmT9m8d8rf8zi/+f8MYv/X/LHLP57549Z/PfJH7P475s/ZvH/a/6Yxf9v+WMW//3yxyz+++ePWfz/nj9m8T8gf8zif2D+mMX/oPwxi//B+WMW/0Pyxyz+h+aPWfwPyx+z+B+eP2bxPyJ/zOJ/ZP6Yxf+o/DGL/9H5Yxb/Y/LHLP7H5o9Z/I/LH7P4H58/ZvE/IX/M4n9i/pjF/6T8MYv/yfljH17/PS5826WjnpI/9uH1/9f1f2r+mMX/tPwxi//p+WMW/zPyxyz+Z+aPWfzPyh+z+J+dP2bxPyd/zOJ/bv6Yxf+8/DGL//n5Yxb/C/LHLP4X5o9Z/C/KH7P4/yN/zOJ/cf6Yxf+S/DGL/6X5Yxb/y/LHLP6X549Z/K/IH7P4X5k/ZvG/Kn/M4n91/pjF/5r8MYv/tfljFv/r8scs/tfnj1n8b8gfs/jfmD9m8b8pf8zif3P+mMX/lvwxi/+t+WMW/9vyxyz+t+ePWfzvyB+z+N+ZP2bxvyt/zOJ/d/6Yxf+e/DGL/735Yxb/+/LHLP73549Z/B/IH7P4P5g/ZvF/KH/M4v9w/pjF/5H8MYv/o/ljFv/H8scs/o/nj1n8n8gfs/g/mT9m8X8qf8zi/3T+mMX/mfwxi/+z+WMW/+fyxyz+z+ePWfxfyB+z+L+YP2bxfyl/zOL/cv6Yxf+V/DGL/6v5Yxb/1/LHJP6jDeSPWfwH5Y9Z/EfIH7P4j5g/ZvEfnD9m8R8pf8ziP3L+mMV/FJX/qO95S4v/EJX/e8/iP2r+mMV/tPwxi//o+WMW/zHyxyz+Y+aPWfzHyh+z+I+dP2bxHyd/zOI/bv6YxX+8/DGL/0fyxyz+4+ePWfwnyB+z+H80f8ziP2H+mMV/ovwxi//H8scs/h/PH7P4fyJ/zOL/yfwxi/+n8scs/hPnj1n8J8kfs/hPmj9m8f90/pjFf7L8MYv/5PljFv8p8scs/lPmj1n8p8ofs/h/Jn/M4j91/pjF/7P5Yxb/z+WPWfw/nz9m8f9C/pjF/4v5Yxb/L+WPWfynyR+z+E+bP2bxny5/zOI/ff6YxX+G/DGL/4z5Yxb/L+ePWfxnyh+z+M+cP2bxnyV/zOI/a/6Yxf8r+WMW/6/mj1n8v5Y/ZvH/ev6YxX+2/DGL/zfyxyz+s+ePWfznyB+z+M+ZP2bxnyt/zOI/d/6YxX+e/DGL/7z5Yxb/+fLHLP7z549Z/BfIH7P4fzN/zOL/rfwxi/+C+WMW/2/nj1n8F8ofs/h/J3/M4v/d/DGL/8L5Yxb/RfLHLP6L5o9Z/BfLH7P4L54/ZvFfIn/M4v+9/DGL/5L5Yxb/7+ePWfx/kD9m8V8qf8ziv3T+mMV/mfwxi/+y+WMW/x/mj1n8l8sfs/gvnz9m8f9R/pjFf4X8MYv/ivljFv+V8scs/ivnj1n8V8kfs/ivmj9m8V8tf8zi/+P8MYv/6vljFv818scs/mvmj1n818ofs/ivnT9m8V8nf8zi/5P8MYv/uvljFv/18scs/uvnj1n8f5o/ZvHfIH/M4v+z/DGL/4b5Yxb/jfLHLP4b549Z/H+eP2bx/0X+mMV/k/wxi/+m+WMW/83yxyz+m+ePWfy3yB+z+G+ZP2bx3yp/zOK/df6YxX+b/DGL/7b5Yxb/X+aPWfx/lT9m8d8uf8ziv33+mMV/h/wxi/+O+WMW/1/nj1n8f5M/ZvH/bf6YxX+n/DGL/875Yxb/3+WPWfx/nz9m8d8lf8zi/4f8MYv/rvljFv/d8scs/rvnj1n8/5g/ZvH/U/6YxX+P/DGL/575Yxb/vfLHLP5/zh+z+P8lf8ziv3f+mMV/n/wxi/+++WMW/7/mj1n8/5Y/ZvHfL3/M4r9//pjF/+/5Yxb/A/LHLP4H5o9Z/A/KH7P4H5w/ZvE/JH/M4n9o/pjF/7D8MYv/4fljFv8j8scs/kfmj1n8j8ofs/gfnT9m8T8mf8zif2z+mMX/uPwxi//x+WMW/xPyxyz+J+aPWfxPyh+z+J/8Nv8R3o9xfUCz+J/S+scs/qfmj1n8T8sfs/ifnj9m8T8jf8zif2b+mMX/rPwxi//Z+WMW/3Pyxyz+5+aPWfzPyx+z+J+fP2bxvyB/zOJ/Yf6Yxf+i/DGL/z/yxyz+F+ePWfwvyR+z+F+aP2bxvyx/zOJ/ef6Yxf+K/DGL/5X5Yxb/q/LHLP5X549Z/K/JH7P4X5s/ZvG/Ln/M4n99/pjF/4b8MYv/jfljFv+b8scs/jfnj1n8b8kfs/jfmj9m8b8tf8zif3v+mMX/jvwxi/+d+WMW/7vyxyz+d+ePWfzvyR+z+N+bP2bxvy9/zOJ/f/6Yxf+B/DGL/4P5Yxb/h/LHLP4P549Z/B/JH7P4P5o/ZvF/LH/M4v94/pjF/4n8MYv/k/ljFv+n8scs/k/nj1n8n8kfs/g/mz9m8X8uf8zi/3z+mMX/hfwxi/+LQv9R38M2Fv+XhP7vJYv/y/ljFv9X8scs/q/mj1n8X8sfk/iPPpA/ZvEflD9m8R8hf8ziP2L+mMV/cP6YxX+k/DGL/8j5Yxb/UfLHLP5D8scs/qPmj1n8R8sfs/iPnj9m8R8jf8ziP2b+mMV/rPwxi//Y+WMW/3Hyxyz+4+aPWfzHyx+z+H8kf8ziP37+mMV/gvwxi/9H88cs/hPmj1n8J8ofs/h/LH/M4v/x/DGL/yfyxyz+n8wfs/h/Kn/M4j9x/pjFf5L8MYv/pPljFv9P549Z/CfLH7P4T54/ZvGfIn/M4j9l/pjFf6r8MYv/Z/LHLP5T549Z/D+bP2bx/1z+mMX/8/ljFv8v5I9Z/L+YP2bx/1L+mMV/mvwxi/+0+WMW/+nyxyz+0+ePWfxnyB+z+M+YP2bx/3L+mMV/pvwxi//M+WMW/1nyxyz+s+aPWfy/kj9m8Z97SP6Uxf9rrX/M4v/1/DGL/2z5Yxb/b+SPWfxnzx+z+M+RP2bxnzN/zOI/V/6YxX/u/DGL/zz5Yxb/efPHLP7z5Y9Z/OfPH7P4L5A/ZvH/Zv6Yxf9b+WMW/wXzxyz+384fs/gvlD9m8f9O/pjF/7v5Yxb/hfPHLP6L5I9Z/BfNH7P4L5Y/ZvFfPH/M4r9E/pjF/3v5Yxb/JfPHLP7fzx+z+P8gf8ziv1T+mMV/6fwxi/8y+WMW/2Xzxyz+P8wfs/gvlz9m8V8+f8zi/6P8MYv/CvljFv8V88cs/ivlj1n8V84fs/ivkj9m8V81f8ziv1r+mMX/x/ljFv/V88cs/mvkj1n818wfs/ivlT9m8V87f8ziv07+mMX/J/ljFv9188cs/uvlj1n8188fs/j/NH/M4r9B/pjF/2f5Yxb/DfPHLP4b5Y9Z/DfOH7P4/zx/zOL/i/wxi/8m+WMW/03zxyz+m+WPWfw3zx+z+G+RP2bx3zJ/zOK/Vf6YxX/r/DGL/zb5Yxb/bfPHLP6/zB+z+P8qf8ziv13+mMV/+/wxi/8O+WMW/x3zxyz+v84fs/j/Jn/M4v/b/LEPnf/bkN/uv1P+2IfO/x3W/875Yxb/3+WPWfx/nz9m8d8lf8zi/4f8MYv/rvljFv/d8scs/rvnj1n8/5g/ZvH/U/6YxX+P/DGL/575Yxb/vfLHLP5/zh+z+P8lf8ziv3f+mMV/n/wxi/+++WMW/7/mj1n8/5Y/ZvHfL3/M4r9//pjF/+/5Yxb/A/LHLP4H5o9Z/A/KH7P4H5w/ZvE/JH/M4n9o/pjF/7D8MYv/4fljFv8j8scs/kfmj1n8j8ofs/gfnT9m8T8mf8zif2z+mMX/uPwxi//x+WMW/xPyxyz+J+aPWfxPyh+z+J+cP/am/8CQgYEPs/8p+WOW9X9q/pjF/7T8MYv/6fljFv8z8scs/mfmj1n8z8ofs/ifnT9m8T8nf8zif27+mMX/vPwxi//5+WMW/wvyxyz+F+aPWfwvyh+z+P8jf8zif3H+mMX/kvwxi/+l+WMW/8vyxyz+l+ePWfyvyB+z+F+ZP2bxvyp/zOJ/df6Yxf+a/DGL/7X5Yxb/6/LHLP7X549Z/G/IH7P435g/ZvG/KX/M4n9z/pjF/5b8MYv/rfljFv/b8scs/rfnj1n878gfs/jfmT9m8b8rf8zif3f+mMX/nvwxi/+9+WMW//vyxyz+9+ePWfwfyB9z+Cf/Tjn8B0Z/qEcBZvF/OH/M4v9I/pjF/9H8MYv/Y/ljFv/H88cs/k/kj1n8n8wfs/g/lT9m8X86f8zi/0z+mMX/2fwxi/9z+WMW/+fzxyz+L+SPWfxfzB+z+L+UP2bxfzl/zOL/Sv6Yxf/V/DGL/2v5YxL/MQbyxyz+g/LHLP4j5I9Z/EfMH7P4D84fs/iPlD9m8R85f8ziP0r+mMV/SP6YxX/U/DGL/2j5Yxb/0fPHLP5j5I9Z/MfMH7P4j5U/ZvEfO3/M4j9O/pjFf9z8MYv/ePljFv+P5I9Z/MfPH7P4T5A/ZvH/aP6YxX/C/DGL/0T5Yxb/j+WPWfw/nj9m8f9E/pjF/5P5Yxb/T+WPWfwnzh+z+E+SP2bxnzR/zOL/6fwxi/9k+WMW/8nzxyz+U+SPWfynzB+z+E+VP2bx/0z+mMV/6vwxi/9n88cs/p/LH7P4fz5/zOL/hfwxi/8X88cs/l/KH7P4T5M/ZvGfNn/M4j9d/pjFf/r8MYv/DPljFv8Z88cs/l/OH7P4z5Q/ZvGfOX/M4j9L/pjFf9b8MYv/V/LHLP5fzR+z+H8tf8zi//X8MYv/bPljFv9v5I9Z/GfPH7P4z5E/ZvGfM3/M4j9X/pjFf+78MYv/PPljFv9588cs/vPlj1n8588fs/gvkD9m8f9m/pjF/1v5Yxb/BfPHLP7fzh+z+C+UP2bx/07+mMX/u/ljFv+F88cs/ovkj1n8F80fs/gvlj9m8V88f8ziv0T+mMX/e/ljFv8l88cs/t/PH7P4/yB/zOK/VP6YxX/p/DGL/zL5Yxb/ZfPHLP4/zB+z+C+XP2bxXz5/zOL/o/wxi/8K+WMW/xWN/u/hDlv8VzL6v4cs/ivnj1n8V8kfs/ivmj9m8V8tf8zi/+P8MYv/6vljFv818scs/mvmj1n818ofs/ivnT9m8V8nf8zi/5P8MYv/uvljFv/18scs/uvnj1n8f5o/ZvHfIH/M4v+z/DGL/4b5Yxb/jfLHLP4b549Z/H+eP2bx/0X+mMV/k/wxi/+m+WMW/83yxyz+m+ePWfy3yB+z+G+ZP2bx3yp/zOK/df6YxX+b/DGL/7b5Yxb/X+aPWfx/lT9m8d8uf8ziv33+mMV/h/wxi/+O+WMW/1/nj1n8f5M/ZvH/bf6YxX+n/DGL/875Yxb/3+WPWfx/nz9m8d8lf8zi/4f8MYv/rvljFv/d8scs/rvnj1n8/5g/ZvH/U/6YxX+P/DGL/575Yxb/vfLHLP5/zh+z+P8lf8ziv3f+mMV/n/wxi/+++WMW/7/mj1n8/5Y/ZvHfL3/M4r9//pjF/+/5Yxb/A/LHLP4H5o9Z/A/KH7P4H5w/ZvE/JH/M4n9o/pjF/7D8MYv/4fljFv8j8scs/kfmj1n8j8ofs/gfnT9m8T8mf8zif2z+mMX/uPwxi//x+WMW/xPyxyz+J+aPWfxPyh+z+J+cP2bxPyV/zOJ/av6Yxf+0/DGL/+n5Yxb/M/LHLP5n5o9Z/M/KH7P4n50/ZvE/J3/M4n9u/pjF/7z8MYv/+fljFv8L8scs/hfmj1n8L8ofs/j/I3/M4n9x/pjF/5L8MYv/pfljFv/L8scs/pfnj1n8r8gfs/hfmT9m8b8qf8zif3X+mMX/mvwxi/+1+WMW/+vyxyz+1+ePWfxvyB+z+N+YP2bxvyl/zOJ/c/6Yxf+W/LEPt//tb146xq35Yx9u/7ca47b8MYv/7fljFv878scs/nfmj1n878ofs/jfnT9m8b8nf8zif2/+2IfUf8rhLh3jvvyxD6n/6719/d+fP2bxfyB/zOL/YP6Yxf+h/DGL/8P5Yxb/R/LHLP6P5o9Z/B/LH7P4P54/ZvF/In/M4v9k/pjF/6n8MYv/0/ljFv9n8scs/s/mj1n8n8sfs/g/nz9m8X8hf8zi/2L+mMX/pfwxi//L+WMW/1fyxyz+r+aPWfxfyx+T+I85kD9m8R+UP2bxHyF/zOI/Yv6YxX9w/pjFf6T8MYv/yPljFv9R8scs/kPyxyz+o+aPWfxHyx+z+I+eP2bxHyN/zOI/Zv6YxX+s/DGL/9j5Yxb/cfLHLP7j5o9Z/MfLH7P4fyR/zOI/fv6YxX+C/DGL/0fzxyz+E+aPWfwnyh+z+H8sf8zi//H8MYv/J/LHLP6fzB+z+H8qf8ziP3H+mMV/kvwxi/+k+WMW/0/nj1n8J8sfs/hPnj9m8Z8if8ziP2X+mMV/qvwxi/9n8scs/lPnj1n8P5s/ZvH/XP6Yxf/z+WMW/y/kj1n8v5g/ZvH/Uv6YxX+a/DGL/7T5Yxb/6fLHLP7T549Z/GfIH7P4z5g/ZvH/cv6YxX+m/DGL/8z5Yxb/WfLH/sV/2GXjvM9j+v/VO/jPmj9mWf9fyR+z+H81f8zi/7X8MYv/1/PHLP6z5Y9Z/L+RP2bxnz1/zOI/R/6YxX/O/DGL/1z5Yxb/ufPHLP7z5I9Z/OfNH7P4z5c/ZvGfP3/M4r9A/pjF/5v5Yxb/b+WPWfwXzB+z+H87f8ziv1D+mMX/O/ljFv/v5o9Z/BfOH7P4L5I/ZvFfNH/M4r9Y/pjFf/H8MYv/EvljFv/v5Y9Z/JfMH7P4fz9/zOL/g/wxi/9S+WMW/6Xzxyz+y+SPWfyXzR+z+P8wf8ziv1z+mMV/+fwxi/+P8scs/ivkj1n8V8wfs/ivlD9m8V85f8ziv0r+mMV/1fwxi/9q+WMW/x/nj1n8V88fs/ivkT9m8V8zf8ziv1b+mMV/7fwxi/86+WMW/5/kj1n8180fs/ivlz9m8V8/f8zi/9P8MYv/BvljFv+f5Y9Z/DfMH7P4b5Q/ZvHfOH/M4v/z/DGL/y/yxyz+m+SPWfw3zR+z+G+WP2bx3zx/zOK/Rf6YxX/L/DGL/1b5Yxb/rfPHLP7b5I9Z/LfNH7P4/zJ/zOL/q/wxi/92+WMW/+3zxyz+O+SPWfx3zB+z+P86f8zi/5v8MYv/b/PHLP475Y9Z/HfOH/uw+g8Zzv93+WMfVv+B4fx/nz9m8d8lf8zi/4f8MYv/rvljFv/d8scs/rvnj1n8/5g/ZvH/U/6YxX+P/DGL/575Yxb/vfLHLP5/zh+z+P8lf8ziv3f+mMV/n/wxi/+++WMW/7/mj1n8/5Y/ZvHfL3/M4r9//pjF/+/5Yxb/A/LHLP4H5o9Z/A/KH7P4H5w/ZvE/JH/M4n9o/pjF/7D8MYv/4fljFv8j8scs/kfmj1n8j8ofs/gfnT9m8T8mf8zif2z+mMX/uPwxi//x+WMW/xPyxyz+J+aPWfxPyh+z+J+cP2bxPyV/zOJ/av6Yxf+0/DGL/+n5Yxb/M/LHLP5n5o9Z/M/KH7P4n50/ZvE/J3/M4n9u/pjF/7z8MYv/+fljFv8L8scs/hfmj1n8L8ofs/j/I3/M4n9x/pjF/5L8MYv/pfljFv/L8scs/pfnj1n8r8gfs/hfmT9m8b8qf8zif3X+mMX/mvwxi/+1+WMW/+vyxyz+1+ePWfxvyB+z+N+YP2bxvyl/zOJ/c/6Yxf+W/DGL/635Yxb/2/LHLP63549Z/O/IH7P435k/ZvG/K3/M4n93/pjF/578MYv/vfljFv/7hvff/H95XB/QLP73t/4xi/8D+WMW/wfzxyz+D+WPWfwfzh+z+D+SP2bxfzR/zOL/WP6Yxf/x/DGL/xP5Yxb/J/PHLP5P5Y9Z/J/OH7P4P5M/ZvF/Nn/M4v9c/pjF//n8MYv/C/ljFv8X88cs/i/lj1n8X84fs/i/kj9m8X81f8zi/1r+mMR/rIH8MYv/oPwxi/8I+WMW/xHzxyz+g/PHLP4j5Y9Z/EfOH7P4j5I/ZvEfkj9m8R81f8ziP1r+mMV/9Pwxi/8Y+WMW/zHzxyz+Y+WPWfzHzh+z+I+TP2bxHzd/zOI/Xv6Yxf8j+WMW//Hzxyz+E+SPWfw/mj9m8Z8wf8ziP1H+mMX/Y/ljFv+P549Z/D+RP2bx/2T+mMX/U/ljFv+J88cs/pPkj1n8J80fs/h/On/M4j9Z/pjFf/L8MYv/FPljFv8p88cs/lPlj1n8P5M/ZvGfOn/M4v/Z/DGL/+fyxyz+n88fs/h/IX/M4v/F/DGL/5fyxyz+0+SPWfynzR+z+E+XP2bxnz5/zOI/Q/6YxX/G/DGL/5fzxyz+M+WPWfxnzh+z+M+SP2bxnzV/zOL/lfwxi/9X88cs/l/LH7P4fz1/zOI/W/6Yxf8bav/lRn+nayz+s6v93zmL/xz5Yxb/OfPHLP5z5Y9Z/OfOH7P4z5M/ZvGfN3/M4j9f/pjFf/78MYv/AvljFv9v5o9Z/L+VP2bxXzB/zOL/7fwxi/9C+WMW/+/kj1n8v5s/ZvFfOH/M4r9I/pjFf9H8MYv/YvljFv/F88cs/kvkj1n8v5c/ZvFfMn/M4v/9/DGL/w/yxyz+S+WPWfyXzh+z+C+TP2bxXzZ/zOL/w/wxi/9y+WMW/+Xzxyz+P8ofs/ivkD9m8V8xf8ziv1L+mMV/5fwxi/8q+WMW/1Xzxyz+q+WPWfx/nD9m8V89f8ziv0b+mMV/zfwxi/9a+WMW/7Xzxyz+6+SPWfx/kj9m8V83f8ziv17+mMV//fwxi/9P88cs/hvkj1n8f5Y/ZvHfMH/M4r9R/pjFf+P8MYv/z/MfGBgY9d8usfj/In/M4r9J/pjFf9P8MYv/ZvljFv/N88cs/lvkj1n8t8wfs/hvlT9m8d86f8ziv03+mMV/2/wxi/8v88cs/r/KH7P4b5c/ZvHfPn/M4r9D/pjFf8f8MYv/r/PHLP6/yR+z+P82f8ziv1P+mMV/5/wxi//v8scs/r/PH7P475I/ZvH/Q/6YxX/X/DGL/275Yxb/3fPHLP5/zB+z+P8pf8ziv0f+mMV/z/wxi/9e+WMW/z/nj1n8/5I/ZvHfO3/M4r9P/pjFf9/8MYv/X/PHLP5/yx+z+O+XP2bx3z9/zOL/9/wxi/8B+WMW/wPzxyz+B+WPWfwPzh+z+B+SP2bxPzR/zOJ/WP6Yxf/w/DGL/xH5Yxb/I/PHLP5H5Y9Z/I/OH7P4H5M/ZvE/Nn/M4n9c/pjF//j8MYv/CfljFv8T88cs/iflj1n8T84fs/ifkj9m8T81f8zif1r+mMX/9Pwxi/8Z+WMW/zPzxyz+Z+WPWfzPzh+z+J+TP2bxPzd/zOJ/Xv6Yxf/8/DGL/wX5Yxb/C/PHLP4X5Y9Z/P+RP2bxvzh/zOJ/Sf6Yxf/S/DGL/2X5Yxb/y/PHLP5X5I9Z/K/MH7P4X5U/ZvG/On/M4n9N/pjF/9r8MYv/dfljFv/r88cs/jfkj1n8b8wfs/jflD9m8b85f8zif0v+mMX/1vwxi/9t+WMW/9vzxyz+d+SPWfzvzB+z+N+VP2bxvzt/zOJ/T/6Yxf/e/DGL/335Yxb/+/PHLP4P5I9Z/B/MH7P4P5Q/ZvF/OH/M4v9I/pjF/9H8MYv/Y/ljFv/H88cs/k/kj1n8n8wfs/g/lT9m8X86f8zi/0z+mMX/2fwxi/9z+WMW/+fzxyz+L+SPWfxfzB+z+L+UP2bxfzl/zOL/Sv6Yxf/V/DGL/2v5YxL/sQfyxyz+g/LHLP4j5I9Z/EfMH7P4D84fs/iPlD9m8R85f8ziP0r+mMV/SP6YxX/U/DGL/2j5Yxb/0fPHLP5j5I9Z/MfMH7P4j5U/ZvEfO3/M4j9O/pjFf9z8MYv/ePljFv+P5I9Z/MfPH7P4T5A/ZvH/aP7Y/8fO3Yd7Xdd3HP9xT5azT7sudWnDoTHXZiQyGrUQFcXjzSkTzbxHPQLJjdxIgCmw0Uodmy51s2ATC8ecrVricHPdrWhY1myN2FrlFNfCGHOwyJyx68A5BGdvz7XzZd+vm+/H4w/O+f2O71/K83r5+3lxXWXpf5j+oSz9D9c/lKX/z+gfytL/1fqHsvQ/Qv9Qlv5H6h/K0v81+oey9P9Z/UNZ+g/TP5Sl/1H6h7L0/zn9Q1n6D9c/lKX/0fqHsvQ/Rv9Qlv6v1T+Upf8I/UNZ+v+8/qEs/Y/VP5Sl/y/oH8rS/3X6h7L0/0X9Q1n6/5L+oSz9j9M/lKX/6/UPZek/Uv9Qlv5v0D+Upf/x+oey9B+lfyhL/xP0D2XpP1r/UJb+v6x/KEv/MfqHsvR/o/6hLP1/Rf9Qlv5j9Q9l6f8m/UNZ+r9Z/1CW/r+qfyhL/7foH8rSf5z+oSz9T9Q/lKX/eP1DWfqfpH8oS/+T9Q9l6X+K/qEs/SfoH8rS/1T9Q1n6n6Z/KEv/ifqHsvQ/Xf9Qlv5t+oey9D9D/1CW/mfqH8rS/yz9Q1n6n61/KEv/dv1DWfq/Vf9Qlv5v0z+Upf85+oey9H+7/qEs/c/VP5Sl/yT9Q1n6n6d/KEv/8/UPZen/Dv1DWfpfoH8oS/936h/K0v9C/UNZ+l+kfyhL/4v1D2Xpf4n+oSz9L9U/lKX/ZfqHsvS/XP9Qlv6T9Q9l6X+F/qEs/a/UP5Sl/1X6h7L079A/lKX/1fqHsvSfon8oS/+p+oey9J+mfyhL/3fpH8rS/xr9Q1n6T9c/lKX/DP1DWfrP1D+Upf8s/UNZ+l+rfyhL/9n6h7L0n6N/KEv/ufqHsvSfp38oS//r9A9l6T9f/1CW/u/WP5Sl/wL9Q1n6L9Q/lKX/Iv1DWfpfr38oS//36B/K0v8G/UNZ+t+ofyhL/8X6h7L0X6J/KEv/pfqHsvT/Nf1DWfr/uv6hLP2X6R/K0v+9+oey9P8N/UNZ+r9P/1CW/u/XP5Sl/036h7L0v1n/UJb+t+gfytL/N/UPZem/XP9Qlv6/pX8oS//f1j+Upf+t+oey9L9N/1CW/r+jfyhL/w/oH8rS/3b9Q1n636F/KEv/O/UPZen/u/qHsvT/Pf1DWfrfpX8oS/8P6h/K0v9D+oey9F+hfyhL/5X6h7L0/339Q1n6/4H+oSz979Y/lKX/Kv1DWfrfo38oS/8P6x/K0v8j+oey9F+tfyhL/3v1D2Xp/4f6h7L0X6N/KEv/P9I/lKX/ffqHsvT/Y/1DWfrfr38oS/+P6h/K0v9P9A9l6f8x/UNZ+n9c/1CW/p/QP5Sl/5/qH8rS/5P6h7L0f0D/UJb+a/UPZen/oP6hLP3/TP9Qlv7r9A9l6f+Q/qEs/f9c/1CW/n+hfyhL/4f1D2Xp/5f6h7L0/5T+oSz9P61/KEv/z+gfytL/s/qHsvT/nP6hLP3/Sv9Qlv6f1z+Upf8X9A9l6b9e/1CW/l/UP5Sl/1/rH8rSf4P+oSz9H9E/lKX/l/QPZen/Zf1DWfo/qn8oS/+v6B/K0v+r+oey9P8b/UNZ+j+mfyhL/6/pH8rS/2/1D2Xp/3X9Q1n6/53+oSz9N+ofytL/G/qHsvTfpH8oS/+/1z+Upf8/6B/K0v+b+oey9P9H/UNZ+n9L/1CW/t/WP5Sl/3f0D2Xp/7j+oSz9/0n/UJb+T+gfytL/Sf1DWfpv1j+Upf9T+oey9P9n/UNZ+n9X/1CW/v+ifyhL/+/pH8rSf4v+oSz9n9Y/lKX/9/UPZem/Vf9Qlv7/qn8oS/9t+oey9P83/UNZ+j+jfyhL/3/XP5Sl/3b9Q1n679A/lKX/f+gfytL/B/qHsvTfqX8oS/8f6h/K0v9Z/UNZ+v9I/1CW/s/pH8rS/z/1D2Xp/7z+oSz9f6x/KEv/XfqHkvR/ZUv/UJb+/fQPZenfX/9Qlv4D9A9l6T9Q/1CW/oP0D2XpP1j/UJb+Q/QPZek/VP9Qlv4v0z+Upf9B+oey9H+5/qEs/V+hfyhL/4P1D2Xp/1P6h7L0P0T/0EuuPwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwP81cxcuumby9Okdc3zjG9/4Zu83L/a/mQAAgP9tP/nQ/2L/nQAAAAAAAAAAAAAAAAAAAEBeTfzfib3Y/4wAAAAAAAAAAAAAAPD/XVv7SVsH9NvvqQH7PnjNox27v47eecHU1asfLN1fu358ZvCS/fd9sGvXrl0rnxk3oevhkFar1fm/9squx0N7Hne+/pJhKw7f86iM//ydj1866eCz5qy9beA3Vt7S/vSg3c8Oal1+9bTpHW/o32qVUwa1FnQ+OL5fq1VOG9S6tfPBqM4HEwe11nQ+OGH3g5e1PtP54PVXzpp+VecTp1f+PYOXirb2Ja0B+y22td+/Dfbd/5JhT0zt/trLS3a/2sBW1/6Hr/3SYT1+1u0F9t/9+uWknvvv8z8g8IL6tv9nN3V/7eUl/9v7/4c37FwU/eyF99/9+uVk+4f6BJ//99toz8/9PT7/HxW85N77E4duuL1z/23n3Xdk11MD/yef/3/y+uWUnvvvv9/n/87P8RO6P/8PabXKqQf42wGptLUv3drb+3/v+x/46h43/fbd/z1f2fyKzv3f+1xrWddTg/q4/wm9vf/f1OPvFeibtvZVu3q8//dh/60RwUvu3f+WtQfv/vy/+f4rD93nZ33Z/6k99z9y3oxrR85duOi4aTMmT+mY0jFz7Kgxx48eO3bMmJG7PxHs+fUAf1MgiQN7/28d1OOmX6vVsfd+/X23TOjc/7aHln2k66mhfdz/ab2+/x/l/R9Cw/u3Bg9uLZg8b96c4/f82v1w1J5f9/xlwf778N//Rx/b9Zd1/5lhv1br8L33Iy4dO6Rz/9fPLuu6nhrcx/1P7HX/4/f/s0qgbw7w/f+qHjf77f/ELTfO79z/MT941eaup/r63/+n97r/u73/w4Foa2/V+ibauf8Thiw9o9p1afPnf1CfJvY/bPutO6pdlzPsH+rTxP4nLX/zFdWuy5n2D/VpYv8PzrhsebXrcpb9Q32a2P/zP73jiGrX5Wz7h/o0sf/HvvvU6mrXpd3+oT5N7P+Dd7WfUO26vNX+oT5N7P+46344rtp1eZv9Q32a2P/VLz93TbXrco79Q32a2P8Zu04+tNp1ebv9Q32a2H+/pd9bUu26nGv/UJ8m9v/k5OWzql2XSfYP9Wli/2uGjXi22nU5z/6hPk3sf9nTb5xY7bqcb/9Qnyb2/9U7VjxW7bq8w/6hPk3s/xMXv2pFtetygf1DfZrY/4+GP3RQtevyTvuH+jSx/40b1zxQ7bpcaP9Qnyb2v3LNgOHVrstF9g/1aWL/i0+f8mi163Kx/UN9mtj/6DFfvqjadbnE/qE+Tez/8M9966lq1+VS+4f6NLH/cx+eP7fadbnM/qE+Tex//hEf/3G163K5/UN9mtj/WzqOmFrtuky2f6hPE/svtx20sdp1ucL+oT5N7P/CbavGV7suV9o/1KeJ/a875Asfq3ZdrrJ/qE8T+98+e+bYatelw/6hPk3s/zvvXfy+atflavuH+jSx/9uf+3qpdl2m2D/Up4n9bxl14cXVrstU+4f6NLH/VWc980i16zLN/qE+Tex/+brH51W7Lu+yf6hPE/tfv/7MJ6pdl2vsH+rTxP6PGTHy4GrXZbr9Q32a2P+sC5Z9qNp1mWH/UJ8m9n/K/Xe8ttp1mWn/UJ8m9j/0a+M+We26zLJ/qE8T+//0uPd/qtp1udb+oT5N7H/H+KOPrXZdZts/1KeJ/W96YNSd1a7LHPuH+jSx/w88clfF6zLX/qE+Tex/9uue31btusyzf6hPE/t/06TzF1a7LtfZP9Snif0fevfEL1a7LvPtH+rTxP4v+fb3z6l2Xd5t/1CfJvZ/9GFXHFntuiywf6hPE/ufOm3DzdWuy0L7h/o0sf8JKzeNrnZdFtk/1KeJ/R/y5Nx7ql2X6+0f6tPE/rcOOOzsatflPfYP9Wli//fe8PA3q12XG+wf6tPE/m++6aMd1a7LjfYP9Wli/5/dOXh7teuy2P4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/2IHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdiBYwEAAAAAYf7WQfRuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAUAAD//3II6Vg=")
syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f00000000c0)='./bus\x00', 0xd680, 0x0, 0xbe, 0x0, &(0x7f00000007c0))
syz_mount_image$ext4(0x0, &(0x7f00000000c0)='./bus/file0\x00', 0x80008, 0x0, 0x0, 0x0, &(0x7f0000000000))
rename(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./bus/file0\x00')

12.364292718s ago: executing program 2 (id=743):
r0 = syz_open_dev$sndpcmp(&(0x7f0000000040), 0x0, 0x80)
ioctl$SNDRV_PCM_IOCTL_PAUSE(r0, 0x40044145, 0x0)

12.279528042s ago: executing program 0 (id=744):
open(&(0x7f00000001c0)='./bus\x00', 0x4c27e, 0x2)
mremap(&(0x7f0000a11000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ba6000/0x2000)=nil)
munmap(&(0x7f0000a88000/0x1000)=nil, 0x1000)
mremap(&(0x7f00005a7000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f00004fe000/0x4000)=nil)
mremap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000fb0000/0x4000)=nil)
mremap(&(0x7f00003d6000/0x8000)=nil, 0x8000, 0x3000, 0x3, &(0x7f0000968000/0x3000)=nil)
mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000001000/0x1000)=nil)
munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000)

11.740251422s ago: executing program 2 (id=745):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)

11.633728642s ago: executing program 0 (id=746):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
fanotify_init(0x200, 0x0)
pipe2$9p(0x0, 0x84880)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000300)=@raw={'raw\x00', 0x8, 0x3, 0x2a8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x210, 0xffffff7a, 0xffffffff, 0x210, 0xffffffff, 0x7fffffe, 0x0, {[{{@uncond, 0x6, 0x130, 0x178, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x88, 0x88, 'bm\x00', "00000100cbd047da9ca965f96ad5801f0514d363ee84bb895919d9490f6785fba3c4a44f1e25ecefef2a2d6054f5260ece5ce1a56a5ef73be11d65bfe8c37674024c183ebacdf741cea92ded3a9ca54de15dd9ec8ef62f9e000000000000000000ffffff7f00", 0x80, 0x0, {0x4}}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0x6, 0x3, 0x6, '\x00', {0x3}}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, 0x0, 0xff000000, 'team_slave_0\x00', 'ip6gre0\x00', {0xff}, {}, 0x6, 0x3}, 0x0, 0x70, 0x98}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0x0, 0x0, 0x4}, {0x4, 0x5, 0x6}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x308)
mount$overlay(0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f0000000300)={[], [], 0x2f})
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204081, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000240)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002bbd7000feffffff1e000000080001007063690011000200303030303a30303a31302e300000bf0d20b0379fa30a0000000c008f00fdffffffffffffffdc0300"/75], 0x50}, 0x1, 0x0, 0x0, 0x4000081}, 0x20044010)

11.595077008s ago: executing program 6 (id=747):
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000407d1ed43001000000000109022400010000000009040000010300000009210000000122070009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000002c0)={0x2c, &(0x7f0000000840)=ANY=[@ANYBLOB="20fc83"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000600)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000580)={0x20, 0x1, 0x2, "8b75"}, 0x0})

11.229063152s ago: executing program 2 (id=749):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
prlimit64(0x0, 0xe, &(0x7f0000000380)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000280)={0x0, 0x0, r2, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000440)={r4, 0x0, 0x0, 0x0, 0x0, [<r5=>0x0], [], [0x8, 0x1]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000080)={r5, 0x0, <r6=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r6})

10.547354282s ago: executing program 0 (id=750):
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0542, 0x0)
syz_open_dev$vim2m(&(0x7f0000000000), 0x1, 0x2)
socket(0x40000000015, 0x4, 0x20000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = syz_clone(0x4088080, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x0, 0x0)
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
socketpair(0x1d, 0x800, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
getpriority(0x2, 0x0)
sendmsg$NL80211_CMD_RELOAD_REGDB(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r3, 0x421, 0x70bd2a, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0xc35d4f6d52288271}, 0x200048c4)

9.364621409s ago: executing program 4 (id=751):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r3 = socket$inet6(0xa, 0x1, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000340)}, 0x40000)
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_ATOMIC(r4, 0xc03864bc, &(0x7f0000000580)={0x401, 0x0, 0x0, &(0x7f00000000c0)=[0x3], &(0x7f0000000200), &(0x7f0000000340), 0x0, 0xfffffffffffffffe})
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000080)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x800, 0x0, 0x2, 0x1}, 0x20)
mount(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000000)='minix\x00', 0x0, 0x0)
add_key$fscrypt_v1(&(0x7f00000002c0), &(0x7f0000000300)={'fscrypt:', @desc4}, &(0x7f0000000440)={0x0, "8527d2100090af54bfbca283be11c0de7af30e90937920fcba13d90af61beaa44d66a6535daf1bc35fb3af1e9197e31d26589d073c10184095fb00", 0x14}, 0x48, 0xffffffffffffffff)
unshare(0x2c020400)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, 0x0, 0x48810)
recvmsg(0xffffffffffffffff, 0x0, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000100)={@loopback, 0x0, 0x2, 0x3, 0x9, 0x0, 0xc96e}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)

7.083310647s ago: executing program 1 (id=752):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x100)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
r4 = open(&(0x7f0000000580)='./bus\x00', 0x84242, 0x1df2a23c5997fa5f)
sendfile(r4, r4, &(0x7f0000000080), 0x7f03)

7.082964811s ago: executing program 4 (id=753):
socket$kcm(0x11, 0x2, 0x300)
socket$netlink(0x10, 0x3, 0x0)
timerfd_create(0x0, 0x0)
io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0x30be, 0x400, 0x8, 0x40000187})
socket(0x10, 0x803, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0xfffffffc, '\x00', 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB], 0x128}, 0x0)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@cred={{0x1c}}, @rights={{0x10}}], 0x30}, 0x122)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="540000001000010400000000000000ffff000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000060002000100000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES64], 0x54}, 0x1, 0x0, 0x0, 0x81}, 0x0)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)

7.028844362s ago: executing program 6 (id=754):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x100, 0xe}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000440)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r7, {0xffff, 0x5}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4, 0xa5bf4861, 0x4, 0x3ff, 0x10001}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}}, 0x800)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r8)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r9 = socket$kcm(0x11, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$kcm(r9, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r10, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000140)='\r', 0x1}], 0x1}, 0x4)

6.939655059s ago: executing program 0 (id=755):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x52)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000300)={r1}, 0xc)
write$binfmt_misc(r0, &(0x7f0000000240), 0xfffffecc)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCSETSW(r2, 0x5403, &(0x7f00000000c0)={0xffffffff, 0x0, 0x8000, 0xbbd7, 0x85, "10120dfe0ef7f0220000ff490a0080002a0008"})

5.31096256s ago: executing program 1 (id=756):
r0 = socket(0x10, 0x3, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x800)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffd000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000400)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
io_submit(0x0, 0x1, &(0x7f0000000040)=[0x0])
write(r0, &(0x7f0000000000)="240000001a005f0214f9f407000904001f00000000000000000000000800040001000000", 0x24)

5.044318288s ago: executing program 5 (id=757):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, 0x0, 0x0)
r1 = creat(&(0x7f00000000c0)='./file0\x00', 0xdafbe5d6891b6e4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeee, 0x8031, 0xffffffffffffffff, 0xfffff000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$binfmt_elf32(r1, &(0x7f0000000540)={{0x7f, 0x45, 0x4c, 0x46, 0x80, 0xc, 0x4, 0x0, 0x100000001, 0x2, 0x6, 0x1, 0xdd, 0x38, 0x345, 0x8, 0x5, 0x20, 0x1, 0x5, 0x9}, [{0x3, 0x4, 0x5, 0x6, 0x80, 0x6, 0x2, 0x5ba2}], "", ['\x00']}, 0x158)
close(r1)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8d40, 0x0)
syz_open_pts(r5, 0x0)
sendmmsg$inet(r0, &(0x7f0000002000)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000140)="91f8a9849519def28691bbc4173c3d6f", 0x10}, {&(0x7f0000000700)="641a6a2b863c0dd898013a3f97a834ebb75a925ab48c844221841a232932fc2e37e327de21450df098c113e179a0b1b9fb2104f678c1bc2a1da443c2dee540698aee3be6adb29bfca6e57480c7f263bad27769f52bf2ff4eeeefe54159", 0x5d}, {0x0}, {&(0x7f0000000e80)}, {&(0x7f00000016c0)="c6dfdb26a49ec48957e875c14417cfa6a918590b27ece25631c4a48ede", 0x1d}], 0x5}}], 0x1, 0x2090)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)

5.023209277s ago: executing program 2 (id=758):
socket(0xa, 0x3, 0x3a)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='uid_map\x00')
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000640)='/selinux/status\x00', 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r3, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x40, 0x140e, 0x400, 0x70bd25, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_RES_PDN={0x8, 0x3c, 0x1004}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1ff}, @RDMA_NLDEV_ATTR_RES_PDN={0x8, 0x3c, 0x5}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x40000}, 0x20008040)
socket(0x1e, 0x805, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3000009, 0x46031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000d23000/0x4000)=nil, 0x4000, 0x11)
r4 = socket$unix(0x1, 0x1, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_IBSS(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000100)={0x28, r6, 0x101, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_IE={0x4}, @NL80211_ATTR_SSID={0x5, 0x34, @random='n'}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000081}, 0x20004800)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', <r7=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xfff3}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x3c}}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000125c0)=@newtfilter={0x40, 0x2c, 0xd2b, 0x70bd2b, 0x2ddfdbfb, {0x0, 0x0, 0x0, r7, {0x8}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_FLAGS={0x8, 0x3, 0x1}]}}]}, 0x40}}, 0x24040084)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x2)

4.951624625s ago: executing program 4 (id=759):
syz_mount_image$msdos(&(0x7f0000000140), &(0x7f0000000300)='./file1\x00', 0x240084, &(0x7f00000010c0)=ANY=[@ANYBLOB="666c7573682c6e6f646f74732c646973636172642c646d61736b3d30303030303030303030303030303030303030303030322c646d61736b3d30303030303030303030303030303030303030303137372c646f74732c6e6f646f74732c71756965742c646f74732c0023c3cb4d2e3cbf18508098fe0de2af38db67d42d1bc4ab714d52f019082433fc9ca2d7174b2c4ece31c9f4c7a4d53914e100"/167], 0x1, 0x140, &(0x7f0000000440)="$eJzs27Fq21AUBuDj2m3ddvFcOgi6dDJtn6CluFAqaEnwkEwJOFnsYIgXJZMfJS8YCJ683ZAo2Imxhwy2IPq+RT/8CO4dpMMV6OjT2XAwnpyO/8+i3WhE60dkMW9EJ15FM0rTAABeknlKcZNSSm+n8e4qUkpVrwgA2DbzHwDqx/wHgPox/wGgfvYPDv/+zPPeXpa1I66nRb/ol9ey//0n733N7nWWd82Kot9c9N/KPnvav473D/33tf2b+PK57O+6X//ylf5DDLa/fQAAAKiFbraw9nzf7W7qy/To+8DK+b0VH1s72wYA8AyTi8vh8Wh0ci4IgrAIVb+ZgG1bPvRVrwQAAAAAAAAAAAAAANhkF78TVb1HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWHUbAAD//0DvUik=")
ioctl$VIDIOC_SUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565a, &(0x7f0000000180)={0x3, 0x980900, 0x1})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c09c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
socket$inet_sctp(0x2, 0x5, 0x84)
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220)
unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200)

4.919061674s ago: executing program 6 (id=760):
syz_mount_image$jfs(&(0x7f0000000180), &(0x7f0000000140)='./file2\x00', 0x0, &(0x7f0000000000)=ANY=[], 0xfd, 0x60d1, &(0x7f0000000340)="$eJzs3UuPHFfZB/CnL9NzyRvbil5ZxmLhOBASQny3IdzisGABSCAhr7E1mUQGB5BtEIksPJEXiAWXjwCbbFjki4Qda8QHwJKHVSQIhWrmHLu6p8c9jme6uuf8flK76ulT1X3K/6np7qmqPgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAxHe+/cOznYi4+st0x5GI/4teRDdiua5PRD1zOS/fj4hjm0tFHI2I3mJEvf7mP4cjLkTER4ciHmzcWa3vPrfLflw8c/vmJ9/91t9/84d7x3785o8+GG3/wf+f//C3dyOOfP+1Dz+5uyebDgAAAMWoqqrqpI/5x9Pn+27bnQIApiK//ldJvl+tVqvVe1r/vjtb/VEXWjdV491tFhGx3lynfs/gcDwAzJn1+LjtLtAi+RetHxHPtN0JYKZ12u4A++LBxp3VTsq303w9OLHVnv9OOZT/eufh9R07TScZPcdkWj9f96IXz+3Qn+Up9WGW5Py7o/lf3WofpOX2O/9p2Sn/QaSLmgqT8++N5j9iKP8/RsTc5t8dm3+pcv79J8l/vTfH+7/8AQAAAAA4+PLf/4+0fPx38ek3ZVd2PP67/HCTAQAAAAAAAGDufMrx/zaP3x9tPpDx/wAAAGBm1Z/Va3869Oi+TsTfDo9Ztv6If6UT8ezI8kBh0sUyK233AwAAAAAAAAAAAABK0t86h/dKJ2IhIp5dWamqqr41jdZP6mnXn3elbz+UrO1f8gAAsOWjQ+la/vtLW3d0Iuq5K+m7/hZWVlaqaml5pVqplhfz+9nB4lK13Phcm6f1fYuDXbwh7g+q+sGWGus1Tfq8PKl99PHq5xpUvV10bDraTh2A0m29Gj3winTAVNXhaPtdDvPB/n/w2P/ZjbZ/TgEAAID9V1VV1Ulf5308HfPvtt0pAGAalvLr/+hxAbVarVar1QevbqrGu9ssImK9uU79nsFw/AAwZ9bj47a7QIvkX7R+RBxruxPATOu03QH2xYONO6udlG+n+XqQxnfP54IM5b/e2Vwvrz9uOsnoOSbT+vm6F714bof+HJ1SH2ZJzr87mv/VrfZBWm6/85+WnfKvt/NIC/1pW86/N5r/iIOTf3ds/qXK+fefKP+e/AEAAAAAYIblv/8fcfw3bzIAAAAAAAAAzJ0HG3dW83Wv+fj/Z8cs12nOuf7zwMj5d3adv+t/D5Kcf3c0/5ETcnqN+ftvPMr/Xxt3Vj+4/c/P5OnM57/QG9TPvdDp9vrpnJ9q4a24HjdiLc5sW74/1H52W/vCUPu5Ce3nt7UP6vbl3H4qVuNncSPefNi+OOHEqKUJ7dWE9px/z/5fpJx/v3Gr819J7Z2Rae3++91t+31zOu55Lv/lPy9u37v22mDiEvei93DbmurtO7kvfXq8zf+TZwbxi1trN0/96trt2zfPRpoM3Xsu0mSP5fwX0i3n/9ILW+35935zf73//uCJ858V96K/Y/4vNObr7X15yn1rQ85/kG45//wKNH7/n+f8d97/X2mhPwAAAAAAAAAAAAAAAPA4VVVtXiJ6OSIupet/2ro2EwCYqt99L81USajVarVard6ruj9j/RlSjfd6s4il4XUuRcSvxz0YADDL/hsR/2i7E7RG/gXL3/dXTz/XdmeAqbr17ns/uXbjxtrNW233BAAAAAAAAAD4tPL4nyca4z9vngc0Mm700Pivb8SJuR3/szvobY51njbo+Xj8+N8n4/Hjf/cnPN/ChPZJIxYvTmhfmtA+9kKPhpz/8ynjnP/xtGEljf/6Ugv9aVvO/2Qa6znn/4WR5Zr5V3+e5/y7Q/mfvv3Oz0/feve9V6+/c+3ttbfXfnr2zKUL5y9eOH/x4um3rt9YO7P1b4s93l85/zz2tfNAy5Lzz5nLvyw5/8+nWv5lyfm/mGr5lyXnn9/vyb8sOf/82Uf+Zcn5v5xq+Zcl5//FVMu/LDn/V1It/7Lk/L+UavmXJef/aqrlX5ac/6lUy78sOf/TqZZ/WXL++QiX/MuS889nNsi/LDn/c6mWf1ly/udTLf+y5PwvpFr+Zcn5X0y1/MuS87+UavmXJef/5VTLvyw5/6+kWv5lyfm/lmr5lyXn/9VUy78sOf+vpVr+Zcn5fz3V8i9Lzv8bqZZ/WXL+30y1/MuS83891fIvy6Pv/zcz5Zl//zViBrqxHzNVVVUz0A0zTzHT9m8mAAAAAAAAAAAAAGDUNE4nbnsbAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4HztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwt7dxchV3mcAP/tlrw0JbvgmDqyNAQOLd9df4BCDSUJKSZtSEtKkJTWOvTZO/FWvnQBCZSm0JQpSkdoLetE0idIoUluBokhNJRohNVJ7V64SoUpRK3FhqVA5KGmVNrDVmfO+787Mzs7s2rvemXN+P4T/3p0zM++eOTO7z1rPHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDeho9M/klflmX5/7U/1mXZxfnf12R78g+nd670CgEAAIDz9U7tz7+9JH1izwKuVLfNP1/7r9+bmZmZyT7/9pl3/2xmJl0wkmUDq7Osdln0L7/4+Uz9NsEz2XBff93H/R3ufqDD5YMdLh/qcPmqDpev7nD5cIfL5+yAOdYUv4+p3dim2l/XFbs0uywbql22qcW1nulb3d8ff5dT01e7zszQwexwdiSbzMbnXKev9l+WvbIhv6/7snhf/XX3tT7LsrM/fXJ/XENf2MebsoY7q6l/7N66Jxt5+6dP7v/2qTevbjU77oY5K82yzRvzdT6bZbO/rsr6stVpn8R19tetc32LdQ40rLOvdr38783rPLvAdcavezis87U261wfPvfY9VmWTWfzbtPsmaw/W9t0r2l/DxdHRH4b+UP5vmxwUcfJhgUcJ/l13ri+8ThpPibj/t8Q9sngPGuofzjeenrVnP1+rsdJ/lV3w7Ga3/YD+Z0OD9f/arXhWM23efKG+Y+Blo9di2MgHct1x8DGTsdA/6qB2jHQP7vmjQ3HwMSc6/RnfbX7OnND+2Ng7NTRE2NTjz9x2+Gj+w5NHpo8NjG+c/u2Hdu37dgxdvDwkcnx4s/F7dIesjbrT8fgxvBaE4/Bm5q2rT8kZ76xdM+D4S55HuRf+6duzBd0cX82zzGeb/Ps5vN/HqTv+3XPg8G650HL19QWz4PBBTwP8m3Obl7Y98zBuv9brWG5XgvX1R0DK/n9ML/Ph2+e/7VwfVjXc7cs9vvhwJxjIH5ZfeG5l38m/bw3fEfYL3OPi2vyCy5alZ2emjy55bF9p06dnMjCuCAurXusmo+XtXVfUzbneOlf9PGy529+eeM1LT6/Luyr4VvbP1b5NttH2z9WtVf3xv25Kiv2Z8Nnt2ZhLLELvT9bfTfL92fKEm32Z77Ns7ed/8+CKZfUvf4NdXr9GxgaLF7/BtLeGGp4/Zv70AzUVpZlZ29b2OvfUPj/Qr/+XdYlr3/5vnp4S/tjIN/mubHFHgODbV//rg+zL6zn5pAYhuty/7u1y6eLw7Tusex43AwODoXjZjDeY+Nxs23OdfJby+978/i5HTebr298rBp+binhcZPvqz8fb3/c5Nu8OnH+rx1r4l/rXjtWdToGhgZW5esdSgdB8Xo3syYeA1uy/dnx7Eh2IF0nf5Tz+xrdurBjYFX4/0K/dlzVJcdAvq9e3Nr+GMi3+eG2pf3ZaXP4TNqm7men5t8vzJf5rxmcvb3m3bbUmT9f50d/9In0uVYZIt/mze2LzRnt99Ot4TMXtdhPzc+f+Y7pA9ki9lN2fsd0vs4jO9r/birf5rKdCzye9mRZ9vrE67Xfd4Xf73739I++1/B731a/U3594vX7xx788WLWDwDAuXu39uf0quJnzbp/sV7Iv/8DAAAAPSHm/v4wE/kfAAAASiPm/oEwE/kfAAAASiPm/sEwk4rk/0fv2PXSO09l6d0AZ4J4edwND9xVbBc73tPh45GZWfnnP/ytoZe+8tTC7rs/y7Jf3v/+lts/eldcV+FEXOcHGz8/x1XXLej+H3lodrv69084u6u4/fj1LPQwiF3lV8a21m535PGJ2nz1/qw2H5x+7pni9ouP4/ZnthXb/2V405I9B/sarr85rGdTmCPhPWUe2DO7H/IZr/fS+mv/6dJPz95fvF7fxvfWvswX/6C43fgeUS9cWmwfv+751v+PX/3OS/n2j93Qev1P9bde/5lwu2+E+Yvdxfb1+/wrdev/o7D+eH/xelu++YOW63/5ymL7l8Nx8fUwm9d/z59+4J1Wj1e8nz13FteL9z/+39tr14u3F2+/ef3DT0007I/m23/17eJ2dn/pZwP128fPx/uJHrmz8fjuC49vQ488y7Lv/HHWsJ+zDxXX+4em9cfbO3Fn6/Xf2rTOE33X1a4/+/Wsa/i6vvbXW1t+vXE9e/5uXcPX88K9Yf+9PfbD/HbPPBiOx3D5/75W3F7ze5m+fG/j603c/uvriudtvL2xpvW/0LT+6evyfdd5/fe9Xaz/5btXN6x/z8fC8XRfMTut/9BfXdJw/W98u3g8Tn559NjxqdOHD9Tt1frn8erhNWsvuvg9770kvJY2f7z3+KlHJ0+OjI+MZ9lID75l4HKv/5th/lcxppf+Hgo//llx3D3/8eL71k0/Lz5+IXz+kfB4xu+PX/uLoYbjtflxn767mOe7/lvCOhbqyq/+x3UL2vDM5145/fd/+GbzzwXx6zlx+XDt63txwxW1y/peLS5vfr3q5N8vb3xe/2RwvDa/H/brTHhn5o1XFPfXfPvxvUme/2Tx/I0/ycXrZ03vJ7JuoPHrON/1/yT8HPODqxpf/+Lx8f2nmt7NeV3Wly9hOrw+ZNPF5XGruL+fP3tFy/uL78OTTV+9mGXOa+rxqbEjh4+dfmzs1OTUqbGpx5/Ye/T46WOn9tbeu3TvFzpdf/b5vbb2/D4wuXN7Vnu2Hy/GMlvp9Z94aP+B28dvPDB5cN/pg6ceOjF58tD+qan9kwembtx38ODklztd//CB3RNbd227fevoocMHdt+xa9e2XaOHjx3Pl1EsqoOd418cPXZyb+0qU7u375rYsWP7+OjR4wcmd98+Pj56utP1a9+bRvNrf2n05OSRfacOH50cnTr8xOTuiV07d27t+O6PR08cnBoZO3n62NjpqcmTY8XXMnKq9un8e1+n61MNU8fD612TvvDT+Wdv3ZneHzf3rafnvalik8YfT7O3wntBxe9vnT6OuX8ozKQi+R8AAACqIOb+8Mb/sxfI/wAAAFAaMfevDjOR/wEAAKA0Yu4vkv9wOv17VfL/UvX/n9b/r9H/1//P9P8T/X/9/0z/X/+/A/1//f9eXr/+v/4/nXVb/z/k/mxNlvn3fwAAACipmPvXhpnI/wAAAFAaMfdfFGYi/wMAAEBpxNx/cZhJRfK/8//r/+v/t+v/x231/zP9/27o/2/6T/3/OfT/9f8z/f9zttL9+V5ffxf2/9fo/9Ntuq3/H3P/e8JMKpL/AQAAoApi7n9vmIn8DwAAAKURc/8lYSbyPwAAAJRGzP3rwkwqkv/1//X/9f+d/1//v5v6//Hazv+/UPr/+v+Z/v85m6c/n/9QqP/fm/1/5/+n63Rb/z/m/l8JM6lI/gcAAIAqiLn/fWEm8j8AAACURsz9l4aZyP8AAABQGjH3XxZmUpH8X83+/xtZlun/Z/r/+v9N69T/74b+f9vz/+v/t6D/r/+f6f+fs5Xuz/f6+vX/9f/prNv6/zH3Xx5mUpH8DwAAAFUQc/8VYSbyPwAAAJRGzP1XhpnI/wAAAFAaMfdfFWZSkfxfzf6/8//r/xf0/xvXqf+v/78c9P/1/9vR/9f/7+X16//r/9NZt/X/Y+6/OsykIvkfAAAAqiDm/mvCTOR/AAAAKI2Y+98fZiL/AwAAQGnE3L8+zKQi+V//X/9f/1//X/9f/3859Vb/v3/eS/T/C/r/jZau/z89uwD9/55Zv/6//j+ddVv/P+b+D4SZVCT/AwAAQBXE3H9tmIn8DwAAAKURc/91YSbyPwAAAJRGzP0jYSYVyf/6//r/+v/6//r/+v/Lqbf6//PT/y/o/zdaWP+/b3B2Ac7/v5RWev36//r/dNZt/f+Y+zeEmVQk/wMAAEAVxNy/McxE/gcAAIDSiLn/+jAT+R8AAABKI+b+TWEmFcn/+v/6//r/+v/6//r/y0n/X/+/nWr0/+sXoP+/lFZ6/fr/+v901m39/5j7bwgzqUj+BwAAgCqIuf/GMBP5HwAAAEoj5v6bwkzkfwAAACiNmPs3h5lUJP/r/+v/6//3cP9/QP8/0//vevr/+v/t6P93V/9/UP9f/1//nyXWbf3/mPtvDjOpSP4HAACAKoi5/5YwE/kfAAAASiPm/lvDTOR/AAAAKI2Y+0fDTCqS//X/9f/1/3u4/+/8/w3rX4L+/1D95/X/l4b+v/5/O/r/3dX/d/5//X/9f5Zat/X/Y+6/LcykIvkfAAAAqiDm/i1hJvI/AAAAlEbM/WNhJvI/AAAAlEbM/eNhJmXI//92tuMm+v8Xsv9f28f6//r/+v/h8i7s/zv//zLQ/9f/b0f/X/+/l9ev/6//T2fd1v+PuX8izKQM+R8AAACoibl/a5iJ/A8AAAClEXP/tjAT+R8AAABKI+b+7WEmFcn/PdL/35IKUD3d/3f+f/1//f9K9P//J7wo6v/X6P/r/7ej/6//38vrX4H+/2D9B/r/dJv+Fp/rtv5/zP07wkwqkv8BAACgCmLu3xlmIv8DAABAacTcf3uYifwPAAAApRFz/x1hJhXJ/z3S/y/J+f/1//X/9f8r0f8PnP+/oP+v/9+O/r/+fy+vf3H9/880f7tz/n8qodv6/zH37wozqUj+BwAAgCqIuf+DYSbyPwAAAJRGzP13hpnI/wAAANBTWp2HMIq5/0NhJhXJ//r/Ze//z6zW/9f/1/9vv379/+Wl/6//347+v/5/L69/Bc7/30D/n17Qbf3/mPt3h5lUJP8DAABAFcTcf1eYifwPAAAApRFz/91hJvI/AAAAlEbM/XvCTCqS//X/y97/r8z5/2uX6//r/+v/dx/9/0X0/1fr/+v/90b/P/zYov/fRf3//BjS/6cbdVv/P+b+e8JMKpL/AQAAoApi7v9wmIn8DwAAAKURc/9HwkzkfwAAACiNmPs/GmZSkfyv/6//X5L+v/P/6//r/3cp/f9lO/9/7aVQ/78wb/9/jf5/O7P9+Uuc/7/H+//O/0+36rb+f8z994aZVCT/AwAAQBXE3P+xMBP5HwAAAEoj5v5fDTOR/wEAAKA0Yu6/L8ykIvlf/1//X/9f/1//X/9/Oen/L1v/v0b/v+D8/+dmpfvzvb5+/X/9fzrrtv5/zP2/FmZSkfwPAAAAVRBz//1hJvI/AAAAlEbM/R8PM5H/AQAAoMesmveSmPt/PcykIvm/9/r/Iz3Z/+9Pt6//r/+v/6//r/+/lPT/9f8z/f9zttL9+V5fv/6//j+ddVv/P+b+3wgzqUj+BwAAgCqIuf8TYSbyPwAAAJRGzP2/GWYi/wMAAEBpxNz/QJhJRfL/Uvf/m6/fjvP/6/9n+v/6//r/+v/nqZf6/0P6/3Po/+v/9/L69f/1/+ms2/r/Mff/VphJRfI/AAAAVEHM/Q+Gmcj/AAAA0KUeXfQ1Yu7/ZJiJ/A8AAAClEXP/p8JMKpL/e+/8/73X/89vX/9f/z/T/9f/r9ur+v9Lp5f6/87/P5f+v/5/L69f/1//n866rf8fc/9DYSYVyf8AAABQBTH3fzrMRP4HAACA0oi5/7fDTOR/AAAAKI2Y+z8TZlKR/K//7/z/+v/6//r/+v/LSf9/bv8/fw3T/y/o/+v/9/L69f/1/+ms2/r/Mfd/NsykIvkfAAAAqiDm/t8JM5H/AQAAoDRi7v/dMBP5HwAAAEoj5v6Hw0wqkv/1//X/9f/1//X/9f+Xk/6/8/+3o/+v/9/L69f/1/+ns27r/8fc/7kwk4rkfwAAAKiCmPt/L8xE/gcAAIDSiLl/b5iJ/A8AAAClEXP/I2EmFcn/+v/6//r/1e3/r25ap/6//v9y0P/X/29H/1//v5fXr/+v/09n3db/j7l/X5jJnsa7AQAAAHpXzP2fDzOpyL//AwAAQBXE3L8/zET+BwAAgNKIuf9AmElF8r/+v/6//n91+//O/1/Q/19e+v/6/+3o/+v/9/L69f/1/+nsQvf/4/eB+fr/MfdPZlkl8z8AAABUQcz9B8NM5H8AAAAojZj7D4WZyP8AAABQGjH3PxpmUpH8r/+v/6//X9n+/2vfbVqn/r/+/3LQ/9f/b0f/X/+/l9ev/6//T2fddv7/mPsPh5lUJP8DAABAFcTc/4UwE/kfAAAASiPm/i+Gmcj/AAAAUBox9x8JM6lI/tf/1//X/z+n/v//zfR+/39h5/9fM3u/+v/6/+dC/1//vx39f/3/Xl6//r/+P511W/8/5v6jYSYVyf8AAABQBTH3Hwszkf8BAACgNGLuPx5mIv8DAABAacTcfyLMpCL5X/9/cf3/vnm6gfr/rddf4v5/TSX6/3X0//X/z4X+v/5/Oxeg//9u/VX0/xutdH++19ev/6//T2dd0f8fmv045v7fDzOpSP4HAACAKoi5/2SYSef8P7x8qwL+n737WrKsLP84vmlmGKh/Uf9b4MhjPfLQS/AarOIOzBnMmBVzVkTMipgxYM45J8wRUVQMqFVY0/08zzA902vt6d57+l3v+/kc8MgemFnojPqr5ssCAADYpNz9D41bfP0fAAAAupG7/2FxyyD7/+z+/4T+3/v/9f/6f/1/0P9vhv5f/z/F+//1/0t+fv2//p95TfT/9/n93P0Pj1sG2f8AAAAwgtz9j4hb7H8AAADoRu7+R8Yt9j8AAAB0I3f/o+KWQfa/9//r//X/+n/9v/5/m/T/+v+D5H8X6f/1/0t9fv2//p95rfX/ufsfHbcMsv8BAABgBLn7HxO32P8AAADQjdz9j41b7H8AAADoRu7+x8Utg+x//b/+X/+v/9f/n7f/v1v/vxn6f/3/FO//1/8v+fn1/xfe/5+Y+07pTmv9f+7+x8ctg+x/AAAAGEHu/ifELfY/AAAAdCN3/xPjFvsfAAAAupG7/5q4ZYj9f0L/r//X/y+x/z+h//f+/+XQ/+v/p+j/9f/H9/xXrlYr/b/3/7NtrfX/ufuvjVuG2P8AAAAwhtz9T4pb7H8AAABYgJ21/qjc/U+OW+x/AAAA6Ebu/qfELYPsf/2//l//v8D+3/v/9f8Lov/vv////0P286f0//r/hT+//l//z7zW+v/c/U+NWwbZ/wAAADCC3P1Pi1vsfwAAAOhG7v6nxy32PwAAAHQjd/8z4pZB9r/+X/+v/9f/6//1/9uk/++g/z9x5uO13/9/ar3n0f/r/5fy/Jec878e+n/9P+vYev//4Ot277r9f+7+6+KWQfY/AAAAjCB3/zPjFvsfAAAAupG7/1lxi/0PAAAA3cjd/+y4ZZD9r//X/5/p/++9RP+v/9f/n/lc/78Z+v8O+v+Z9/+vjtDP6//1/0t+fv2//p95W+//Z3r//b+fu/85ccsg+x8AAABGkLv/uXGL/Q8AAADdyN3/vLjF/gcAAIBu5O5/ftwyyP7X/+v/vf9f/6//1/9vk/6/2f5//y+9s+n/16L/1/8f1P8/aI3n1/8zgtb6/9z9L4hbBtn/AAAAMILc/S+MW+x/AAAA6Ebu/uvjFvsfAAAAupG7/0VxyyD7f5j+f1/Op//fo//X/6/O6f93huz/T3+m/98O/X+z/f80/f9a9P/6f+//1/8zrbX+P3f/i+OWQfY/AAAAjCB3/0viFvsfAAAAupG7/6Vxi/0PAAAA3cjd/7K4ZZD9P0z/v4/+f8+R+/9T+v/++v8LfP//pX30/97/vz36f/3/FP2//n/Jz6//1/8zr7X+P3f/y+OWQfY/AAAAdG9nVbv/FXGL/Q8AAADdyN3/yrjF/gcAAIBu5O5/VdwyyP7X/+v/vf9f/3+k/r+T9//r/7dH/6//n7Ju/7/S/9dfi/6/nefX/+v/mdda/5+7/9VxyyD7HwAAAEaQu/81cYv9DwAAAN3I3f/auMX+BwAAgG7k7n9d3DLI/tf/6//1//p//b/+f5v0//r/Kd7/r/9f8vPr//X/zGut/8/d//q4ZZD9DwAAACPI3f+GuMX+BwAAgG7k7r8hbrH/AQAAoBu5+98Yt+zf/zsX86kuHv2//l//r//X/+v/t0n/r/+f0nP/f++pw/f/lx/w4+n/13z+W07q/7fY/+evKf0/62it/8/df2Pc4uv/AAAA0I3c/W+KW+x/AAAA6Ebu/pviFvsfAAAAupG7/81xyyD7/6D+/67/2/t2/f969P/nf379v/5/3f7/ntvP/Hn6f/3/hdD/6/9Xjfb/3v/v/f9zf/5S+/+k/2cdrfX/ufvfErcMsv8BAABgBLn73xq32P8AAADQjdz9b4tb7H8AAADoRu7+t8ctg+z/zb///yr9v/5f/x9X/+/9//p//b/+f5r+X/+/5OfX/+v/mbeZ/v/S1ab6/9z974hbBtn/AAAAMILc/e+MW+x/AAAA6Ebu/nfFLfY/AAAAdCN3/7vjlkH2/+b7f+//1/9fYP+/M1j/f8Nt+v/4dv2//n8T9P/6/5X+/9COu59f+vPr//X/zGvt/f+5+2/enXrj7X8AAAAYwc27v7189Z64xf4HAACAbuTuvyVusf8BAACgG7n73xu3DLL/9f/6/2Pv/73/v+j/4z9X/b/+/wLo//X/K/3/oR13P7/059f/6/+Z11r/n7v/fXHLIPsfAAAARpC7//1xi/0PAAAA3Yjdv/c3v9v/AAAA0KUP7P728tUH45ZB9v/A/f9VR+3/r7jPv9b/n//59f8b6f9v3v9zT/+v/18S/b/+f4r+X/+/5Odvp/+PD67R/9Oe1vr/3P0filsG2f8AAAAwgtz9H45b7H8AAADoRu7+W+MW+x8AAAC6kbv/I3HLIPt/4P6/k/f/P+TOeAL9f7/9v/f/x11U/3+X/j/p//X/U/T/+v8lP387/b/3/9Ou1vr/3P0fjVsG2f8AAAAwgtz9H4tb7H8AAADoRu7+j8ct9j8AAAB0I3f/bXHLIPtf/7/0/t/7//X/+v8m+3/v/y/6f/3/FP3/zu7/E9H/L/P59f/6f+a11v/n7v9E3DLI/gcAAIAR5O7/ZNxi/wMAAEA3cvd/Km6x/wEAAKAbufs/HbcMsv/77f9v2pn6sfX/e7bZ/5/+QfT/g/T/1+r/V/r/A+n/9f9T9P/e/7/k59f/6/+Z11r/n7v/M3HLIPsfAAAARpC7/7Nxi/0PAAAA3cjd/7m4xf4HAACAbuTu/3zc8IArj++RNuvkAZ9Hb95v/z/trP7/PvGx/t/7//X/3v+f9P+bof/X/0/R/+v/l/z8+n/9P/Na6/9z938hbvH1fwAAAOhG7v4vxi32PwAAAHQjd/+X4hb7HwAAALqRu//Lccsg+1//7/3/+v/F9v9X6P/Pfn79f5v0//r/Kfp//f+Sn1//r/9nXmv9f+7+r8Qtg+x/AAAAGEHu/q/GLfY/AAAAdCN3/9fiFvsfAAAAupG7/+txyyD7X/+v/9f/L7b/9/7/fc+v/2+T/l//P0X/r/9f8vPr//X/zGut/8/d/424ZZD9DwAAACPI3f/NuMX+BwAAgG7k7v9W3GL/AwAAQDdy9387bhlk/+v/9f/6f/2//l//v036//76/9O/BvT/e/T/TfT/+dNE/6//p0Gt9f+5+78Ttwyy/wEAAGAEufu/G7fY/wAAANC6/X9754Fy938vbrH/AQAAoBu5+78ftwyy/3vu/6f+MP3/Hv2//n+l/9f/b5n+v7/+3/v/z1in/z/rnwCg/9+o435+/b/+n3mt9f+5+38Qtwyy/wEAAGAEuft/GLfY/wAAANCN3P0/ilvsfwAAAOhG7v4fxy2D7P+e+/8p+v89+n/9/0r/r//fMv2//n/KCP3/WfT/G3Xcz6//1/8z75j6/5OrA/r/3P0/iVsG2f8AAAAwgtz9t8ct9j8AAAB0I3f/T+MW+x8AAAC6kbv/Z3FLP/v/6lsnvlH/v/H+f/cnkf5f/7/S/+v/9f+79P/6/yn6f/3/kp9f/6//Z15r7//P3f/zuKWf/Q8AAADDy93/i7jF/gcAAIBu5O7/Zdxi/wMAAEA3cvf/Km4ZZP+32v/v/7d/Qf3/od7/n8+g/9f/b7n/v3Sl/9f/X2T6f/3/lOX0/yfO+6n+X/+v/9f/M621/j93/6/jlkH2PwAAAIwgd/9v4hb7HwAAALqRu/+3cYv9DwAAAN3I3f+7uGWQ/d9q/7/g9/8fqv8/2vv/z9TT+v/j7P93zvn+G+z/vf9f/3/R6f/1/1OW0/+fn/5f///A+9/v6vx5p//X/3Ou1vr/3P2/j1sG2f8AAAAwgtz9f4hb7H8AAADoRu7+O+IW+x8AAAC6kbv/j3HLIPtf/99D/+/9/230/+d+//r/7fX/pz/T/y+D/l//P0X/r/9f8vN7/7/+n3mt9f+5+++MWwbZ/wAAADCC3P1/ilvsfwAAAOhG7v4/xy2x/y87lqcCAAAANil3/11xSydf/9/f1e6n/9f/d9n/nxq3/79jkP7f+/+XQ/+v/5+i/9f/L/n59f/6f+a11v/n7v9L3NLJ/gcAAABWtfv/GrfY/wAAANCN3P1/i1vsfwAAAOhG7v6745ZB9r/+X/9/4f3/yfrrbrb/9/5//b/+vxn99v+X6f/1/0fu/6+/ce9j/f8yn1//r/9nXmv9f+7+v8ctg+x/AAAAGEHu/n/ELfY/AAAAdCN3/z/jFvsfAAAAupG7/19xyyD7X/+v/+/y/f/6f/2//r8Z/fb/3v+v//f+/6P18zsLf379v/6fdbTW/+fuvyduGWT/AwAAwAhy9/87brH/AQAAoBu5+/8Tt9j/AAAA0I3c/f+NWwbZ//p//b/+X/+v/9f/b5P+X/8/Rf8/cv+//OfX/+v/mdda/5+7/38BAAD//wDYMus=")
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1018e58, &(0x7f00000002c0)={[{@abort}, {@noblock_validity}, {@grpquota}, {@errors_remount}, {@auto_da_alloc}, {@inlinecrypt}]}, 0x6, 0x60d, &(0x7f0000000340)="$eJzs3c9rHGUfAPDvzCZ5kzZ90768vLwtigEPLUjTpBarXmzrwR4KFuxBxENDk9TQ7Q+aFGwtmIIHBQURr6K9+A94l9y9iaDePAtVpKKg0pXZnWk3yW66ptlskvl8YLPP88zsPs93Z5/MMzN5MgGU1mj2I43YG3HvbBIx0rRsOBoLR/P17v5y81z2SKJWe+XnJJK8rFg/yZ935pnBiPj6RMR/Kivrnbt+48JktdbwdsSh+YtXDs1dv3Fw9uLk+enz05cmDj975Oj4cxNHJtYlzp3588lTLz/2wTtvPDPzTfVgEsfiTP9bU7EsjvUyGqNxLw+xubwvIo5miRafy1azDUIotUr+feyPiP/FSFTquYaRmH2/p40DuqpWiagBJZXo/1BSxTigOLbv4Dg46f6oZOPcOd44AFoZf1/j3EgM1o+NdtxNmo6MGuc2dq9D/Vkdf93c90n2iCXnIX6/v3X61qGedhZuRcT/W8Wf1Nu2ux5pFn+6pB3Zl2A8Igby9r34CG1o/kJ14zzMatYafxoRx/LnrPzEGusfXZbf6PgBKKfF4/mOfCHLPdj/ZWOPYvwTLcY/wy32XWvR6/1f+/Ffsb8frJ8jT5eNw7Ixy+nWb9lffGaFH947+VG7+pvHf9kjq78YC26EO7ci9i2L/90s2Hz8k8WStNj+2Spnj3VWx0vf/nRySUHTRaNex1+7HbG/5fHPg1Fpllrl+uShmdnq9HjjZ8s6vvzq9c9blaebIP5s++9oE3/T9k+Xvy77TK50WMcXp29fbLds+KHxpz8OJGfqqYG85M3J+fmrExEDyakl71UvP7x6W4p1ivfI4j/wZOv+v+T7f2vp+wwVvzI7cOXVC3fbLVvL9m+6mHyv1mEb2snin3r49l/R/7OyDzus47fXrj3ebtlq8Q89SmAAAAAAAABQQmn9GmySjt1Pp+nYWGO+7H9jR1q9PDf/1Mzla5emIg7U/x6yPy2udI808kmWn8j/HrbIH16Wfzoi9kTEx5When7s3OXqVK+DBwAAAAAAAAAAAAAAAAAAgE1iZz7/v7hP9a+Vxvx/oCS6eYM5YHPT/6G86v1/xS2egDKw/4fy0v+hvPR/KC/9H8pL/4fy0v+hvPR/KC/9HwAAAAC2pT1PLH6fRMTC80P1R2YgX2ZGEGxv/b1uANAzlV43AOiZ+5f+DfahdDoa//+R/3PA7jcH6IGkVWF9cFBbvfMvtnwlAAAAAAAAAAAAANAF+/e2n/9vbjBsb6b9QXmtMv//s7W/FNgK/Ot/KC/H+MDDZvEPtltg/j8AAAAAAAAAAAAAbJjh+iNJx/K5wMORpmNjEbsiYnf0JzOz1enxiPh3RHxX6f9Xlp/odaMBAAAAAAAAAAAAAAAAAABgm5m7fuPCZLU6fbU58eeKki2YWOx85eIuqBvQsBfiH74qkq5/YruWlwxFxCbYgl1K9DWVJBEL2ZbfFA27Oheboxn1RI9/MQEAAAAAAAAAAAAAAAAAQAk1zT1ubd+nG9wiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANh4D+7/371Er2MEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALamvwMAAP//cUhAbA==")
getdents64(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000280)='./bus\x00', 0x3c9c9b, 0x0, 0x0, 0x0, &(0x7f00000000c0))

3.170604922s ago: executing program 5 (id=761):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001400), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000300)={<r3=>0xffffffffffffffff}, 0x111, 0x3}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0xfffc, 0x2, @empty, 0x2}, {0xa, 0x2, 0xfffffffe, @dev={0xfe, 0x80, '\x00', 0x39}}, r3, 0x40099d}}, 0x48)
close_range(0xffffffffffffffff, r2, 0x2)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
getdents64(0xffffffffffffffff, 0x0, 0x0)
fsync(0xffffffffffffffff)

2.916457251s ago: executing program 4 (id=762):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fanotify_init(0x200, 0x0)
pipe2$9p(0x0, 0x84880)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000300)=@raw={'raw\x00', 0x8, 0x3, 0x2a8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x210, 0xffffff7a, 0xffffffff, 0x210, 0xffffffff, 0x7fffffe, 0x0, {[{{@uncond, 0x6, 0x130, 0x178, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x88, 0x88, 'bm\x00', "00000100cbd047da9ca965f96ad5801f0514d363ee84bb895919d9490f6785fba3c4a44f1e25ecefef2a2d6054f5260ece5ce1a56a5ef73be11d65bfe8c37674024c183ebacdf741cea92ded3a9ca54de15dd9ec8ef62f9e000000000000000000ffffff7f00", 0x80, 0x0, {0x4}}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0x6, 0x3, 0x6, '\x00', {0x3}}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, 0x0, 0xff000000, 'team_slave_0\x00', 'ip6gre0\x00', {0xff}, {}, 0x6, 0x3}, 0x0, 0x70, 0x98}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0x0, 0x0, 0x4}, {0x4, 0x5, 0x6}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x308)
mount$overlay(0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f0000000300)={[], [], 0x2f})
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204081, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000240)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002bbd7000feffffff1e000000080001007063690011000200303030303a30303a31302e300000bf0d20b0379fa30a0000000c008f00fdffffffffffffffdc0300"/75], 0x50}, 0x1, 0x0, 0x0, 0x4000081}, 0x20044010)

1.406977477s ago: executing program 4 (id=763):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1d19cb307b3472ab9cdb042d2", "643fcbb2c5a57df67d074af6e8dafe09"}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x5, 0x0, 0x0, 0x60ff78ce1cb3c070}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
recvmmsg(r0, &(0x7f0000000940)=[{{0x0, 0x0, &(0x7f0000000540), 0x2}, 0x3}], 0x4000048, 0x0, 0x0)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, 0x0)

1.3968873s ago: executing program 5 (id=764):
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
r0 = syz_usb_connect(0x5, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="120100007516b7108c0d0e008f8e0018030109021b0001000000000904080001030000000905", @ANYBLOB="8fcf"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x48241, 0x0)

1.056277698s ago: executing program 6 (id=765):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8f}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = open(0x0, 0x101080, 0x0)
getdents(r1, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000006b80)=[{{&(0x7f0000000040)={0xa, 0x4e24, 0x0, @remote}, 0x1c, 0x0}}, {{&(0x7f0000000340)={0xa, 0x4e24, 0x0, @remote}, 0x1c, 0x0, 0x0, &(0x7f0000003700)=ANY=[@ANYBLOB="e802000000000000290000000400"], 0x2e8}}], 0x2, 0x0)
r4 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r4, 0x29, 0x2a, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_mount_image$vfat(&(0x7f0000000440), &(0x7f0000000080)='./file0\x00', 0x2000000, &(0x7f0000000c00)=ANY=[@ANYBLOB="666c7573682c756e695f786c6174653d312c6e6f6e756d7461696c3d302c726f6469722c757466383d312c6e6f6e756d7461696c3d302c756e695f786c6174653d312c6e6f6e756d7461696c3d302c756e695f786c6174653d302c757466383d312c756e695f786c6174653d302c757466383d312c756e695f786c6174653d312c6e6f6e756d7461696c3d302c646f733178666c6f7070792c726f6469722c756e695f786c6174653d312c71756965742c00aaed2e6322e12ca43d55f4e47d9fb6f319fab9c81cd7b9b508d5df5619dad30ed85701f46d5bb2b85a6aecd28cb992054878a859b15b1598ee0b05192ff4df579d2dd32fb9a6a092bb22740cfe0636a3d8ff4e975e21fc6d6e2d6ece2beac2098361fe652ea69917e6d47463ceb0b35bc7a2f8799debe5e7b6e82c84ab25d06157c08f006d90e62a8026a845835dbf4ac25eec51c3ec73c82014eee15eaaa123084415546ca2e37c23d441b343cec1f74e52bc1f21eb18053a9b98d3a304fba3751bd0121940bc9d276f1e5352b9f4e674bb80ffeaaff6843ef1c8a7a7e0d592893a77ae91e025a35840e7ff4fdb3571d1986ed6f5a23d9ee6bf1cec94fb17af0627c04bf47586ce288a466c039a1ead7fd99feacc51d9f7a2e67f46a0b8ff45e5d7cb4affc1c539a764f5", @ANYRES32, @ANYRES64], 0x23, 0x318, &(0x7f0000000780)="$eJzs3c9rE1sUwPEzaX62ry9dPB6Px3twqSCKdGgC7lxYpAUxoLSNYAVhaqcaMk1KJhQiYrMQ3Lp20YVLEURw50bEbTf+Bf7addOdBYsjM5NM02RM02rtD7+fRXM6c87MnbkzzfSW3qyde7hQnLf1L05UPDERcXzL/hKpy+k3K+//n3r9h/+9UhNj05msUhERuX736fCr6sDVF3++TMjq0I219eyn1f+mRb5O35aIKtiq5G5LzZbLVc0tnivYRV2pK5Zp2KYqlGyzUlWGt96YtUw1b5UXF2vKKM0N9i9WTNtWRqmmimZNVcuqWqkp45ZRKCld19Vgv0BEhoIo0rFO61aYf7LhOLLudlCi7nZ7SHa9GcQar4kfaywOk7b+75rbcXH07WfL8CtsONGg/+M79D+OH//+//Col/sfx8/UtZlLY7nc+KRSSZGFB0v5pbz/6q9/NyAFscSUlckzM5vBo6F7qWju14mLufFR5RmSkwvLjfrlpbz/5jA236jPSNp9Tmmpl2Z9xq9X2+tj0t9an5W0/BVen1XiPZWKRFrq43LqREu9Lml5e1PKWl3mvEfcrfp7GaUuXM617T/l5bXjLQ8AAAAAAAAAcBToKrA1fq8Ff+pN6XrCG1sP1qfcxW6enxCMr49KWjbDx+dHQ8f3o/Jv9AAPHAAAAACA34hdu1M0LMus7D6QHnL6Hqe67CImIm4gcn/YbUzXDf7daHHbKncbIVVxEencTl8vbW4EqbP+/p5NNhomez1R+xhERKR1if/PGu7BW8+bOamw82NHdnUBjMRDzrxlJX/OUUjbUXwnaM0Rx3FCkyW5tws70XmAPQbaZnPJP6E5jtalXIv6OYYV85c0b8yd9n4+/HboMXB73wuS7Sdq5KO/XavLD43PwRAfAAAAgCOk5RcnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwQHqYM6xzbrbmvP3bk6XxEfGdU7K1f2gu8/4DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOIS+BQAA//+8NrDx")

4.503047ms ago: executing program 6 (id=766):
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
readv(r0, &(0x7f0000001300)=[{&(0x7f0000000180)=""/4096, 0x1000}], 0x1)
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
io_uring_setup(0x4fee, &(0x7f0000000040)={0x0, 0x2d83, 0xc000, 0xa, 0x20002f7})
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4)
write$cgroup_int(r1, &(0x7f0000000140), 0xfffffdef)

0s ago: executing program 4 (id=767):
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
pipe(0x0)
sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, &(0x7f0000002300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x800)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$inet6(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r3, 0x29, 0x4e, &(0x7f0000000040)=0x9, 0x4)
setsockopt$inet6_mreq(r3, 0x29, 0x1d, &(0x7f0000000200)={@empty}, 0x14)
bind$inet6(r3, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x43}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4a}, 0x90)

kernel console output (not intermixed with test programs):

vice loop0): mounted with root inode @ nid 36.
[  170.310146][ T6743] syz.0.228: attempt to access beyond end of device
[  170.310146][ T6743] loop0: rw=524288, sector=256, nr_sectors = 8 limit=16
[  170.311474][ T6748] fuse: Unknown parameter '0x0000000000000003'
[  170.378543][ T6743] syz.0.228: attempt to access beyond end of device
[  170.378543][ T6743] loop0: rw=524288, sector=0, nr_sectors = 1024 limit=16
[  170.546048][   T29] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  170.661007][ T6743] syz.0.228: attempt to access beyond end of device
[  170.661007][ T6743] loop0: rw=524288, sector=0, nr_sectors = 1792 limit=16
[  170.739738][ T6756] capability: warning: `syz.0.228' uses deprecated v2 capabilities in a way that may be insecure
[  170.785284][   T29] usb 2-1: Using ep0 maxpacket: 32
[  170.797813][   T29] usb 2-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  170.808370][ T6743] syz.0.228: attempt to access beyond end of device
[  170.808370][ T6743] loop0: rw=0, sector=256, nr_sectors = 8 limit=16
[  170.837677][ T6743] erofs (device loop0): read error -5 @ 1 of nid 89
[  171.037107][   T30] audit: type=1800 audit(1775309045.089:6): pid=6743 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.228" name="file2" dev="loop0" ino=89 res=0 errno=0
[  171.068514][   T29] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  171.865468][   T29] gspca_main: nw80x-2.14.0 probing 055f:d001
[  172.033376][ T6762] syzkaller0: entered promiscuous mode
[  172.150553][ T6762] syzkaller0: entered allmulticast mode
[  173.208398][   T29] gspca_nw80x: reg_w err -71
[  173.213152][   T29] nw80x 2-1:3.0: probe with driver nw80x failed with error -71
[  173.304129][   T29] usb 2-1: USB disconnect, device number 7
[  175.583674][ T6803] fuse: Unknown parameter '0x0000000000000003'
[  176.163461][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  176.854405][ T5889] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  177.041596][ T5889] usb 1-1: config index 0 descriptor too short (expected 23569, got 27)
[  177.055936][ T5889] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  177.203085][ T5889] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  177.243118][ T5889] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  177.350510][ T5889] usb 1-1: Manufacturer: syz
[  177.358480][ T5889] usb 1-1: config 0 descriptor??
[  177.390074][ T6833] warning: `syz.1.254' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  177.649387][ T5889] rc_core: IR keymap rc-hauppauge not found
[  177.682942][ T5889] Registered IR keymap rc-empty
[  177.710160][ T5889] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  177.793376][ T5889] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input5
[  177.842190][    C1] igorplugusb 1-1:0.0: Error: urb status = -32
[  177.851123][ T6808] netlink: 8 bytes leftover after parsing attributes in process `syz.4.247'.
[  177.878604][ T5889] usb 1-1: USB disconnect, device number 8
[  177.926958][ T6808] netlink: 'syz.4.247': attribute type 20 has an invalid length.
[  178.136754][ T6840] loop5: detected capacity change from 0 to 32768
[  178.178041][ T6840] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.255 (6840)
[  178.195297][ T6840] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  178.205473][ T6840] BTRFS info (device loop5): using sha256 checksum algorithm
[  178.237394][ T6808] netlink: 'syz.4.247': attribute type 21 has an invalid length.
[  178.339962][ T6840] BTRFS info (device loop5): enabling ssd optimizations
[  178.347079][ T6840] BTRFS info (device loop5): turning on async discard
[  178.354730][ T6840] BTRFS info (device loop5): enabling free space tree
[  179.333933][ T6865] loop0: detected capacity change from 0 to 256
[  179.420882][ T6865] exFAT-fs (loop0): failed to test first cluster bit of root dir(5)
[  179.782281][ T6832] syz.4.247 (6832): drop_caches: 2
[  179.975283][ T6868] fuse: Unknown parameter 'fd0x0000000000000003'
[  180.077345][ T5832] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  180.614449][   T10] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  181.014275][   T10] usb 2-1: Using ep0 maxpacket: 16
[  181.119337][   T10] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[  181.454266][   T10] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  181.514830][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  181.683710][   T10] usb 2-1: config 0 descriptor??
[  181.766017][   T10] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  182.191981][   T10] usb 1-1: new full-speed USB device number 9 using dummy_hcd
[  182.754579][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  182.979978][   T10] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  183.009597][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  183.224073][   T10] usb 1-1: Product: syz
[  183.230551][   T10] usb 1-1: Manufacturer: syz
[  183.248242][   T10] usb 1-1: SerialNumber: syz
[  183.881848][   T10] usb 1-1: config 0 descriptor??
[  184.132442][   T10] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  184.150786][ T5889] usb 2-1: USB disconnect, device number 8
[  184.324324][   T24] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  184.858114][   T24] usb 4-1: config index 0 descriptor too short (expected 23569, got 27)
[  184.881556][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  184.909805][   T24] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  184.933462][   T24] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  184.975472][   T24] usb 4-1: Manufacturer: syz
[  185.009328][   T24] usb 4-1: config 0 descriptor??
[  185.044398][ T5922] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  185.280238][ T5922] usb 2-1: config index 0 descriptor too short (expected 23569, got 27)
[  185.372719][ T5922] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  185.428709][ T5922] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  185.525790][ T5922] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  185.593106][ T5922] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  185.687053][ T5828] usb 3-1: new full-speed USB device number 5 using dummy_hcd
[  185.709701][ T5922] usb 2-1: Manufacturer: syz
[  185.784249][   T24] rc_core: IR keymap rc-hauppauge not found
[  185.827470][ T5922] usb 2-1: config 0 descriptor??
[  185.922261][   T10] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  185.975644][ T5828] usb 3-1: config index 0 descriptor too short (expected 51227, got 27)
[  186.001673][ T5922] igorplugusb 2-1:0.0: incorrect number of endpoints
[  186.081523][   T24] Registered IR keymap rc-empty
[  186.087717][   T24] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  186.099913][ T5828] usb 3-1: config 24 has too many interfaces: 199, using maximum allowed: 32
[  186.117006][   T24] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input6
[  186.131717][ T5828] usb 3-1: config 24 has an invalid descriptor of length 111, skipping remainder of the config
[  186.153650][ T6926] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  186.180569][   T10] usb 1-1: USB disconnect, device number 9
[  186.191260][ T5828] usb 3-1: config 24 has 0 interfaces, different from the descriptor's value: 199
[  186.216125][ T6926] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  186.238250][ T5828] usb 3-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[  186.241914][    C1] igorplugusb 4-1:0.0: Error: urb status = -32
[  186.247387][ T5828] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  186.263056][ T5828] usb 3-1: Product: syz
[  186.267430][ T5828] usb 3-1: Manufacturer: syz
[  186.271887][   T24] usb 4-1: USB disconnect, device number 9
[  186.272018][ T5828] usb 3-1: SerialNumber: syz
[  186.524172][ T6943] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  186.533304][ T6943] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  186.555174][ T6943] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  186.563966][ T6943] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  186.946092][ T5828] usb 3-1: USB disconnect, device number 5
[  186.969247][ T5904] udevd[5904]: setting owner of /dev/bus/usb/003/005 to uid=0, gid=0 failed: No such file or directory
[  187.333697][ T6950] loop5: detected capacity change from 0 to 512
[  187.514634][   T10] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  187.675898][   T10] usb 1-1: config 5 has an invalid interface number: 75 but max is 0
[  187.675933][   T10] usb 1-1: config 5 has no interface number 0
[  187.675966][   T10] usb 1-1: config 5 interface 75 has no altsetting 0
[  187.686198][   T10] usb 1-1: New USB device found, idVendor=04fc, idProduct=504b, bcdDevice=52.c4
[  187.720048][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  187.725936][ T6950] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  187.740539][   T10] usb 1-1: Product: syz
[  187.740565][   T10] usb 1-1: Manufacturer: syz
[  187.740583][   T10] usb 1-1: SerialNumber: syz
[  187.914510][ T6950] ext4 filesystem being mounted at /34/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  188.316134][ T6962] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  188.327177][ T6962] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  188.344133][ T6962] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  188.355312][ T6962] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  189.083647][ T5832] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  189.457389][ T5828] usb 2-1: USB disconnect, device number 9
[  190.056100][ T6976] loop5: detected capacity change from 0 to 32768
[  190.093909][ T6976] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  190.190606][ T6976] XFS (loop5): Ending clean mount
[  190.207130][ T6976] XFS (loop5): Quotacheck needed: Please wait.
[  190.355535][   T10] gspca_main: sunplus-2.14.0 probing 04fc:504b
[  190.364764][   T10] gspca_sunplus: reg_w_riv err -71
[  190.369976][   T10] sunplus 1-1:5.75: probe with driver sunplus failed with error -71
[  190.443938][   T10] usb 1-1: USB disconnect, device number 10
[  190.457516][ T6976] XFS (loop5): Quotacheck: Done.
[  190.802106][   T30] audit: type=1800 audit(1775309064.839:7): pid=6988 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.283" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop5" ino=4430 res=0 errno=0
[  191.295381][ T5828] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  191.493157][ T5832] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  192.164806][ T5828] usb 2-1: Using ep0 maxpacket: 16
[  192.197729][ T5828] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  192.228394][ T5828] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  192.304699][ T5828] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  192.354281][ T5828] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  192.378992][ T6990] Cannot find add_set index 0 as target
[  192.462569][ T5828] usb 2-1: config 0 descriptor??
[  192.518212][ T5828] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  192.851304][ T7001] loop3: detected capacity change from 0 to 40427
[  192.905619][ T7001] F2FS-fs (loop3): invalid crc value
[  192.976446][ T7001] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  192.989452][ T7001] F2FS-fs (loop3): Start checkpoint disabled!
[  193.012858][ T7001] F2FS-fs (loop3): f2fs_disable_checkpoint() finish, err:0
[  193.020874][ T7001] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  193.149650][   T30] audit: type=1800 audit(1775309067.209:8): pid=7005 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.290" name="bus" dev="loop3" ino=10 res=0 errno=0
[  193.588832][ T7005] syz.3.290: attempt to access beyond end of device
[  193.588832][ T7005] loop3: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  193.610956][ T7005] syz.3.290: attempt to access beyond end of device
[  193.610956][ T7005] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  193.629970][ T7005] syz.3.290: attempt to access beyond end of device
[  193.629970][ T7005] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  193.647104][ T7005] syz.3.290: attempt to access beyond end of device
[  193.647104][ T7005] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  193.666809][ T7005] syz.3.290: attempt to access beyond end of device
[  193.666809][ T7005] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  193.690239][ T7005] syz.3.290: attempt to access beyond end of device
[  193.690239][ T7005] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  193.705810][ T7005] syz.3.290: attempt to access beyond end of device
[  193.705810][ T7005] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  193.728607][ T7005] syz.3.290: attempt to access beyond end of device
[  193.728607][ T7005] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  193.745017][ T7005] syz.3.290: attempt to access beyond end of device
[  193.745017][ T7005] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  193.761880][ T7005] syz.3.290: attempt to access beyond end of device
[  193.761880][ T7005] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  193.865297][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  193.879888][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  195.080187][ T5889] usb 2-1: USB disconnect, device number 10
[  195.439198][ T7013] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  199.532019][ T6195] bio_check_eod: 184 callbacks suppressed
[  199.532036][ T6195] kworker/u8:10: attempt to access beyond end of device
[  199.532036][ T6195] loop3: rw=1, sector=77824, nr_sectors = 3000 limit=40427
[  199.701452][ T6195] kworker/u8:10: attempt to access beyond end of device
[  199.701452][ T6195] loop3: rw=1, sector=80824, nr_sectors = 1096 limit=40427
[  199.773181][   T62] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  199.821788][ T7053] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  199.850892][ T6195] kworker/u8:10: attempt to access beyond end of device
[  199.850892][ T6195] loop3: rw=1, sector=49152, nr_sectors = 2800 limit=40427
[  199.903931][ T6195] kworker/u8:10: attempt to access beyond end of device
[  199.903931][ T6195] loop3: rw=1, sector=51952, nr_sectors = 1296 limit=40427
[  199.956295][ T7057] syzkaller0: entered promiscuous mode
[  199.972886][ T6195] kworker/u8:10: attempt to access beyond end of device
[  199.972886][ T6195] loop3: rw=1, sector=57344, nr_sectors = 2448 limit=40427
[  200.044287][ T7057] syzkaller0: entered allmulticast mode
[  200.219036][ T6195] kworker/u8:10: attempt to access beyond end of device
[  200.219036][ T6195] loop3: rw=1, sector=59792, nr_sectors = 3616 limit=40427
[  200.239711][ T7060] loop2: detected capacity change from 0 to 64
[  200.317363][ T7060] fuse: Unknown parameter '0xffffffffffffffff00000000000000000000'
[  200.331953][ T7060] Trying to free block not in datazone
[  200.337726][ T7060] syz.2.305: attempt to access beyond end of device
[  200.337726][ T7060] loop2: rw=8390657, sector=412, nr_sectors = 2 limit=64
[  200.351429][ T7060] Buffer I/O error on dev loop2, logical block 206, lost async page write
[  200.403562][ T6195] kworker/u8:10: attempt to access beyond end of device
[  200.403562][ T6195] loop3: rw=1, sector=63408, nr_sectors = 2352 limit=40427
[  200.500318][ T6195] kworker/u8:10: attempt to access beyond end of device
[  200.500318][ T6195] loop3: rw=1, sector=65760, nr_sectors = 1256 limit=40427
[  200.555443][   T62] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  200.637851][ T6195] kworker/u8:10: attempt to access beyond end of device
[  200.637851][ T6195] loop3: rw=1, sector=45160, nr_sectors = 8 limit=40427
[  200.720496][ T6195] CPU: 0 UID: 0 PID: 6195 Comm: kworker/u8:10 Not tainted syzkaller #0 PREEMPT(full) 
[  200.720529][ T6195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  200.720545][ T6195] Workqueue: writeback wb_workfn (flush-7:3)
[  200.720585][ T6195] Call Trace:
[  200.720595][ T6195]  <TASK>
[  200.720605][ T6195]  dump_stack_lvl+0xe8/0x150
[  200.720644][ T6195]  f2fs_handle_critical_error+0x37c/0x540
[  200.720690][ T6195]  f2fs_write_end_io+0xcdb/0xff0
[  200.720741][ T6195]  __submit_merged_bio+0x256/0x700
[  200.720795][ T6195]  __submit_merged_write_cond+0x3c9/0x4e0
[  200.720843][ T6195]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  200.720898][ T6195]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.720940][ T6195]  f2fs_write_data_pages+0x2975/0x35e0
[  200.721030][ T6195]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  200.721174][ T6195]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.721204][ T6195]  ? __lock_acquire+0x6b5/0x2cf0
[  200.721265][ T6195]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  200.721307][ T6195]  do_writepages+0x32e/0x550
[  200.721360][ T6195]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.721389][ T6195]  ? reacquire_held_locks+0x104/0x190
[  200.721426][ T6195]  ? writeback_sb_inodes+0x477/0x1a20
[  200.721470][ T6195]  __writeback_single_inode+0x133/0x11a0
[  200.721508][ T6195]  ? do_raw_spin_unlock+0xf5/0x210
[  200.721542][ T6195]  writeback_sb_inodes+0x992/0x1a20
[  200.721632][ T6195]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  200.721665][ T6195]  ? do_raw_spin_lock+0x12b/0x2f0
[  200.721747][ T6195]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.721783][ T6195]  ? rcu_is_watching+0x15/0xb0
[  200.721820][ T6195]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.721861][ T6195]  wb_writeback+0x456/0xb70
[  200.721901][ T6195]  ? queue_io+0x1f1/0x4a0
[  200.721948][ T6195]  ? __pfx_wb_writeback+0x10/0x10
[  200.721980][ T6195]  ? do_raw_spin_lock+0x12b/0x2f0
[  200.722031][ T6195]  wb_workfn+0x414/0xf50
[  200.722064][ T6195]  ? look_up_lock_class+0x57/0x110
[  200.722119][ T6195]  ? __pfx_wb_workfn+0x10/0x10
[  200.722153][ T6195]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.722182][ T6195]  ? do_raw_spin_lock+0x12b/0x2f0
[  200.722213][ T6195]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  200.722239][ T6195]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.722277][ T6195]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.722310][ T6195]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.722341][ T6195]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.722374][ T6195]  ? process_scheduled_works+0xa8d/0x18c0
[  200.722412][ T6195]  ? process_scheduled_works+0xa8d/0x18c0
[  200.722449][ T6195]  process_scheduled_works+0xb6e/0x18c0
[  200.722528][ T6195]  ? __pfx_process_scheduled_works+0x10/0x10
[  200.722570][ T6195]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.722599][ T6195]  ? assign_work+0x3d5/0x5e0
[  200.722641][ T6195]  worker_thread+0xa53/0xfc0
[  200.722701][ T6195]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.722743][ T6195]  kthread+0x388/0x470
[  200.722777][ T6195]  ? __pfx_worker_thread+0x10/0x10
[  200.722809][ T6195]  ? __pfx_kthread+0x10/0x10
[  200.722837][ T6195]  ret_from_fork+0x51e/0xb90
[  200.722876][ T6195]  ? __pfx_ret_from_fork+0x10/0x10
[  200.722908][ T6195]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.722937][ T6195]  ? __switch_to+0xc7d/0x1450
[  200.722974][ T6195]  ? __pfx_kthread+0x10/0x10
[  200.722999][ T6195]  ret_from_fork_asm+0x1a/0x30
[  200.723047][ T6195]  </TASK>
[  200.723054][ T6195] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  201.079975][ T6195] CPU: 0 UID: 0 PID: 6195 Comm: kworker/u8:10 Not tainted syzkaller #0 PREEMPT(full) 
[  201.080006][ T6195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  201.080022][ T6195] Workqueue: writeback wb_workfn (flush-7:3)
[  201.080061][ T6195] Call Trace:
[  201.080071][ T6195]  <TASK>
[  201.080081][ T6195]  dump_stack_lvl+0xe8/0x150
[  201.080121][ T6195]  f2fs_handle_critical_error+0x37c/0x540
[  201.080167][ T6195]  f2fs_write_end_io+0xcdb/0xff0
[  201.080219][ T6195]  __submit_merged_bio+0x256/0x700
[  201.080266][ T6195]  __submit_merged_write_cond+0x3c9/0x4e0
[  201.080332][ T6195]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  201.080392][ T6195]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.080434][ T6195]  f2fs_write_data_pages+0x2975/0x35e0
[  201.080525][ T6195]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  201.080669][ T6195]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.080698][ T6195]  ? __lock_acquire+0x6b5/0x2cf0
[  201.080757][ T6195]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  201.080808][ T6195]  do_writepages+0x32e/0x550
[  201.080856][ T6195]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.080919][ T6195]  ? reacquire_held_locks+0x104/0x190
[  201.080956][ T6195]  ? writeback_sb_inodes+0x477/0x1a20
[  201.081000][ T6195]  __writeback_single_inode+0x133/0x11a0
[  201.081039][ T6195]  ? do_raw_spin_unlock+0xf5/0x210
[  201.081072][ T6195]  writeback_sb_inodes+0x992/0x1a20
[  201.081150][ T6195]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  201.081183][ T6195]  ? do_raw_spin_lock+0x12b/0x2f0
[  201.081266][ T6195]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.081295][ T6195]  ? rcu_is_watching+0x15/0xb0
[  201.081331][ T6195]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.081373][ T6195]  wb_writeback+0x456/0xb70
[  201.081414][ T6195]  ? queue_io+0x1f1/0x4a0
[  201.081460][ T6195]  ? __pfx_wb_writeback+0x10/0x10
[  201.081491][ T6195]  ? do_raw_spin_lock+0x12b/0x2f0
[  201.081538][ T6195]  wb_workfn+0x414/0xf50
[  201.081570][ T6195]  ? look_up_lock_class+0x57/0x110
[  201.081625][ T6195]  ? __pfx_wb_workfn+0x10/0x10
[  201.081658][ T6195]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.081687][ T6195]  ? do_raw_spin_lock+0x12b/0x2f0
[  201.081718][ T6195]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  201.081745][ T6195]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.081791][ T6195]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.081825][ T6195]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.081855][ T6195]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.081889][ T6195]  ? process_scheduled_works+0xa8d/0x18c0
[  201.081923][ T6195]  ? process_scheduled_works+0xa8d/0x18c0
[  201.081960][ T6195]  process_scheduled_works+0xb6e/0x18c0
[  201.082039][ T6195]  ? __pfx_process_scheduled_works+0x10/0x10
[  201.082087][ T6195]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.082116][ T6195]  ? assign_work+0x3d5/0x5e0
[  201.082158][ T6195]  worker_thread+0xa53/0xfc0
[  201.082218][ T6195]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.082261][ T6195]  kthread+0x388/0x470
[  201.082288][ T6195]  ? __pfx_worker_thread+0x10/0x10
[  201.082319][ T6195]  ? __pfx_kthread+0x10/0x10
[  201.082347][ T6195]  ret_from_fork+0x51e/0xb90
[  201.082386][ T6195]  ? __pfx_ret_from_fork+0x10/0x10
[  201.082434][ T6195]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.082463][ T6195]  ? __switch_to+0xc7d/0x1450
[  201.082498][ T6195]  ? __pfx_kthread+0x10/0x10
[  201.082525][ T6195]  ret_from_fork_asm+0x1a/0x30
[  201.082587][ T6195]  </TASK>
[  201.082596][ T6195] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  202.613889][   T62] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  203.234552][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  204.537263][   T62] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.204427][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  207.145123][ T7079] Bluetooth: hci1: command 0x0406 tx timeout
[  207.151195][ T7079] Bluetooth: hci3: command 0x0406 tx timeout
[  207.634931][ T7079] Bluetooth: hci5: command 0x0406 tx timeout
[  207.641898][ T7079] Bluetooth: hci4: command 0x0406 tx timeout
[  207.648569][ T7079] Bluetooth: hci0: command 0x0406 tx timeout
[  207.783356][ T7097] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  208.039811][ T7101] 
: renamed from bridge_slave_0 (while UP)
[  209.172884][   T62] bridge_slave_1: left allmulticast mode
[  209.234734][   T62] bridge_slave_1: left promiscuous mode
[  209.241397][   T62] bridge0: port 2(bridge_slave_1) entered disabled state
[  209.371384][ T7112] loop5: detected capacity change from 0 to 512
[  209.416911][   T62] bridge_slave_0: left allmulticast mode
[  209.440621][   T62] bridge_slave_0: left promiscuous mode
[  209.459637][   T62] bridge0: port 1(bridge_slave_0) entered disabled state
[  210.372628][ T7112] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  210.448504][ T7112] ext4 filesystem being mounted at /42/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  210.624465][ T7119] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  211.246404][ T5832] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  211.267826][ T5136] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  211.276446][ T5136] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  211.284180][ T5136] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  211.292697][ T5136] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  211.300466][ T5136] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  213.369040][ T5819] Bluetooth: hci2: command tx timeout
[  214.585160][   T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  214.694973][   T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  214.729740][   T62] bond0 (unregistering): Released all slaves
[  214.765674][ T7162] binder: 7157:7162 ioctl c0306201 2000000004c0 returned -14
[  214.904633][ T7111] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  214.913558][ T7111] batman_adv: batadv0: Removing interface: batadv_slave_0
[  214.921615][ T7111] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  214.929023][ T7111] batman_adv: batadv0: Removing interface: batadv_slave_1
[  215.425554][ T5819] Bluetooth: hci2: command tx timeout
[  215.626154][ T7168] loop5: detected capacity change from 0 to 4096
[  216.698454][ T7193] loop4: detected capacity change from 0 to 512
[  216.967917][ T7193] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  217.154589][ T7193] ext4 filesystem being mounted at /58/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  217.283107][   T62] hsr_slave_0: left promiscuous mode
[  217.328881][   T62] hsr_slave_1: left promiscuous mode
[  217.383071][   T62] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  217.402857][   T62] batman_adv: batadv0: Removing interface: batadv_slave_0
[  217.504389][ T5819] Bluetooth: hci2: command tx timeout
[  217.580518][   T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  217.683601][   T62] batman_adv: batadv0: Removing interface: batadv_slave_1
[  218.077730][ T7199] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  218.227203][ T5816] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  218.318901][   T62] veth1_macvtap: left promiscuous mode
[  218.375571][   T62] veth0_macvtap: left promiscuous mode
[  218.456418][   T62] veth1_vlan: left promiscuous mode
[  218.461941][   T62] veth0_vlan: left promiscuous mode
[  219.584349][ T5819] Bluetooth: hci2: command tx timeout
[  219.636793][   T10] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  219.752135][   T62] team0 (unregistering): Port device team_slave_1 removed
[  219.804751][   T62] team0 (unregistering): Port device team_slave_0 removed
[  219.841788][   T10] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  219.864278][   T10] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  219.874169][   T10] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  219.893819][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  219.933740][ T7231] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  219.961724][   T10] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  220.479912][ T7128] chnl_net:caif_netlink_parms(): no params data found
[  221.172457][ T7246] loop5: detected capacity change from 0 to 4096
[  221.315683][ T7246] ntfs3(loop5): Mark volume as dirty due to NTFS errors
[  221.341653][ T7128] bridge0: port 1(bridge_slave_0) entered blocking state
[  221.393943][ T7246] ntfs3(loop5): Failed to load $Extend (-22).
[  221.407562][ T7128] bridge0: port 1(bridge_slave_0) entered disabled state
[  221.442928][ T7246] ntfs3(loop5): Failed to initialize $Extend.
[  221.450929][ T7128] bridge_slave_0: entered allmulticast mode
[  221.696666][ T7128] bridge_slave_0: entered promiscuous mode
[  222.004572][ T7128] bridge0: port 2(bridge_slave_1) entered blocking state
[  222.548766][ T7128] bridge0: port 2(bridge_slave_1) entered disabled state
[  222.556859][ T7128] bridge_slave_1: entered allmulticast mode
[  222.595760][ T7128] bridge_slave_1: entered promiscuous mode
[  223.808701][ T7128] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  223.914134][ T7128] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  224.159002][ T7128] team0: Port device team_slave_0 added
[  224.215548][ T7128] team0: Port device team_slave_1 added
[  224.418265][ T7128] batman_adv: batadv0: Adding interface: batadv_slave_0
[  224.454446][ T7128] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  224.569918][ T7128] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  224.832120][ T7128] batman_adv: batadv0: Adding interface: batadv_slave_1
[  224.874396][ T7128] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  225.033778][ T7128] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  225.448752][ T5889] usb 3-1: USB disconnect, device number 6
[  225.883080][ T7128] hsr_slave_0: entered promiscuous mode
[  225.925145][ T7128] hsr_slave_1: entered promiscuous mode
[  225.958437][ T7128] debugfs: 'hsr0' already exists in 'hsr'
[  225.978520][ T7128] Cannot create hsr debugfs directory
[  226.391261][ T7316] loop2: detected capacity change from 0 to 4096
[  226.622732][ T7319] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  226.814556][ T5889] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[  227.371843][ T5889] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  227.396987][ T5889] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  227.436295][ T5889] usb 6-1: Product: syz
[  227.464291][ T5889] usb 6-1: Manufacturer: syz
[  227.468939][ T5889] usb 6-1: SerialNumber: syz
[  227.553590][ T5889] usb 6-1: config 0 descriptor??
[  227.799647][ T5889] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  227.834238][ T7128] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  227.891230][ T7128] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  227.986127][ T7128] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  228.042025][ T7128] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  228.255081][ T7351] netlink: 8 bytes leftover after parsing attributes in process `syz.1.367'.
[  228.394811][    T9] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  228.397672][ T7128] 8021q: adding VLAN 0 to HW filter on device bond0
[  228.482753][ T7128] 8021q: adding VLAN 0 to HW filter on device team0
[  228.522954][ T5943] bridge0: port 1(bridge_slave_0) entered blocking state
[  228.530187][ T5943] bridge0: port 1(bridge_slave_0) entered forwarding state
[  228.579340][    T9] usb 5-1: Using ep0 maxpacket: 16
[  228.591669][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  228.609368][   T62] bridge0: port 2(bridge_slave_1) entered blocking state
[  228.616589][   T62] bridge0: port 2(bridge_slave_1) entered forwarding state
[  228.624317][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  228.640744][    T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  228.727039][    T9] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  228.778286][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  228.821852][    T9] usb 5-1: config 0 descriptor??
[  229.226353][    C1] raw-gadget.0 gadget.5: ignoring, device is not running
[  229.233835][    C1] raw-gadget.0 gadget.5: ignoring, device is not running
[  229.245064][ T5889] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  229.460798][    T9] usbhid 5-1:0.0: can't add hid device: -71
[  229.484966][    T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  229.558380][ T5828] usb 6-1: USB disconnect, device number 3
[  229.646076][    T9] usb 5-1: USB disconnect, device number 7
[  230.346519][ T7128] 8021q: adding VLAN 0 to HW filter on device batadv0
[  230.598448][ T7335] loop0: detected capacity change from 0 to 32768
[  230.638866][ T7335] btrfs: Deprecated parameter 'usebackuproot'
[  230.690601][ T7383] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  230.727286][ T7335] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  230.944482][ T7383] block device autoloading is deprecated and will be removed.
[  231.924975][ T7335] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.364 (7335)
[  233.103337][ T7398] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  233.110908][ T7398] batman_adv: batadv0: Removing interface: batadv_slave_0
[  233.157956][ T7398] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  233.166182][ T7398] batman_adv: batadv0: Removing interface: batadv_slave_1
[  233.405420][ T7409] 
: renamed from bridge_slave_0 (while UP)
[  233.805974][ T7411] loop4: detected capacity change from 0 to 40427
[  233.855942][ T7411] F2FS-fs (loop4): invalid crc value
[  233.879110][ T7128] veth0_vlan: entered promiscuous mode
[  233.973054][ T7411] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  234.012943][ T7411] F2FS-fs (loop4): Start checkpoint disabled!
[  234.028127][ T7411] F2FS-fs (loop4): f2fs_disable_checkpoint() finish, err:0
[  234.061322][ T7411] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  234.101967][ T7128] veth1_vlan: entered promiscuous mode
[  234.236346][   T30] audit: type=1800 audit(1775309108.299:9): pid=7416 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.380" name="bus" dev="loop4" ino=10 res=0 errno=0
[  234.328481][ T7416] bio_check_eod: 1 callbacks suppressed
[  234.328515][ T7416] syz.4.380: attempt to access beyond end of device
[  234.328515][ T7416] loop4: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  234.350193][ T7416] syz.4.380: attempt to access beyond end of device
[  234.350193][ T7416] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  234.372873][ T7416] syz.4.380: attempt to access beyond end of device
[  234.372873][ T7416] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  234.391262][ T7416] syz.4.380: attempt to access beyond end of device
[  234.391262][ T7416] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  234.407875][ T7416] syz.4.380: attempt to access beyond end of device
[  234.407875][ T7416] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  234.484851][ T7416] syz.4.380: attempt to access beyond end of device
[  234.484851][ T7416] loop4: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  234.659303][ T7128] veth0_macvtap: entered promiscuous mode
[  234.787788][ T7128] veth1_macvtap: entered promiscuous mode
[  234.863930][ T7128] batman_adv: batadv0: Interface activated: batadv_slave_0
[  234.966855][ T7128] batman_adv: batadv0: Interface activated: batadv_slave_1
[  235.043709][ T7416] syz.4.380: attempt to access beyond end of device
[  235.043709][ T7416] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  235.083834][  T134] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  235.130010][  T134] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  235.202320][  T134] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  235.224823][  T134] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  235.316243][  T134] kworker/u8:5: attempt to access beyond end of device
[  235.316243][  T134] loop4: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  235.384071][  T134] CPU: 0 UID: 0 PID: 134 Comm: kworker/u8:5 Not tainted syzkaller #0 PREEMPT(full) 
[  235.384098][  T134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  235.384110][  T134] Workqueue: writeback wb_workfn (flush-7:4)
[  235.384142][  T134] Call Trace:
[  235.384149][  T134]  <TASK>
[  235.384157][  T134]  dump_stack_lvl+0xe8/0x150
[  235.384194][  T134]  f2fs_handle_critical_error+0x37c/0x540
[  235.384244][  T134]  f2fs_write_end_io+0xcdb/0xff0
[  235.384286][  T134]  __submit_merged_bio+0x256/0x700
[  235.384320][  T134]  __submit_merged_write_cond+0x3c9/0x4e0
[  235.384357][  T134]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  235.384398][  T134]  ? srso_alias_return_thunk+0x5/0xfbef5
[  235.384430][  T134]  f2fs_write_data_pages+0x2975/0x35e0
[  235.384499][  T134]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  235.384544][  T134]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  235.384607][  T134]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  235.384659][  T134]  ? srso_alias_return_thunk+0x5/0xfbef5
[  235.384681][  T134]  ? __lock_acquire+0x6b5/0x2cf0
[  235.384721][  T134]  ? __pfx_f2fs_inode_chksum_set+0x10/0x10
[  235.384751][  T134]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  235.384782][  T134]  do_writepages+0x32e/0x550
[  235.384820][  T134]  ? srso_alias_return_thunk+0x5/0xfbef5
[  235.384841][  T134]  ? reacquire_held_locks+0x104/0x190
[  235.384869][  T134]  ? writeback_sb_inodes+0x477/0x1a20
[  235.384903][  T134]  __writeback_single_inode+0x133/0x11a0
[  235.384932][  T134]  ? do_raw_spin_unlock+0xf5/0x210
[  235.384957][  T134]  writeback_sb_inodes+0x992/0x1a20
[  235.385006][  T134]  ? __lock_acquire+0x6b5/0x2cf0
[  235.385038][  T134]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  235.385062][  T134]  ? do_raw_spin_lock+0x12b/0x2f0
[  235.385145][  T134]  ? srso_alias_return_thunk+0x5/0xfbef5
[  235.385171][  T134]  ? rcu_is_watching+0x15/0xb0
[  235.385199][  T134]  ? srso_alias_return_thunk+0x5/0xfbef5
[  235.385230][  T134]  wb_writeback+0x456/0xb70
[  235.385261][  T134]  ? queue_io+0x1f1/0x4a0
[  235.385296][  T134]  ? __pfx_wb_writeback+0x10/0x10
[  235.385320][  T134]  ? do_raw_spin_lock+0x12b/0x2f0
[  235.385357][  T134]  wb_workfn+0x414/0xf50
[  235.385382][  T134]  ? look_up_lock_class+0x57/0x110
[  235.385424][  T134]  ? __pfx_wb_workfn+0x10/0x10
[  235.385449][  T134]  ? srso_alias_return_thunk+0x5/0xfbef5
[  235.385470][  T134]  ? do_raw_spin_lock+0x12b/0x2f0
[  235.385493][  T134]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  235.385513][  T134]  ? srso_alias_return_thunk+0x5/0xfbef5
[  235.385554][  T134]  ? srso_alias_return_thunk+0x5/0xfbef5
[  235.385579][  T134]  ? srso_alias_return_thunk+0x5/0xfbef5
[  235.385602][  T134]  ? srso_alias_return_thunk+0x5/0xfbef5
[  235.385626][  T134]  ? process_scheduled_works+0xa8d/0x18c0
[  235.385651][  T134]  ? process_scheduled_works+0xa8d/0x18c0
[  235.385679][  T134]  process_scheduled_works+0xb6e/0x18c0
[  235.385741][  T134]  ? __pfx_process_scheduled_works+0x10/0x10
[  235.385784][  T134]  ? srso_alias_return_thunk+0x5/0xfbef5
[  235.385812][  T134]  ? assign_work+0x3d5/0x5e0
[  235.385851][  T134]  worker_thread+0xa53/0xfc0
[  235.385897][  T134]  ? srso_alias_return_thunk+0x5/0xfbef5
[  235.385929][  T134]  kthread+0x388/0x470
[  235.385949][  T134]  ? __pfx_worker_thread+0x10/0x10
[  235.385973][  T134]  ? __pfx_kthread+0x10/0x10
[  235.385994][  T134]  ret_from_fork+0x51e/0xb90
[  235.386023][  T134]  ? __pfx_ret_from_fork+0x10/0x10
[  235.386046][  T134]  ? srso_alias_return_thunk+0x5/0xfbef5
[  235.386067][  T134]  ? __switch_to+0xc7d/0x1450
[  235.386094][  T134]  ? __pfx_kthread+0x10/0x10
[  235.386115][  T134]  ret_from_fork_asm+0x1a/0x30
[  235.386163][  T134]  </TASK>
[  235.944284][  T134] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  236.984337][   T24] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[  237.086091][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  237.115638][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  237.219244][   T24] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  237.248546][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  237.284941][   T24] usb 6-1: Product: syz
[  237.289207][   T24] usb 6-1: Manufacturer: syz
[  237.293880][   T24] usb 6-1: SerialNumber: syz
[  237.443431][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  237.481736][   T24] usb 6-1: config 0 descriptor??
[  237.503808][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  238.196223][   T24] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  238.633849][ T7451] loop0: detected capacity change from 0 to 512
[  238.674272][ T7451] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  238.758195][ T7451] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  238.815878][ T7451] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c018, mo2=0002]
[  238.898846][ T7451] System zones: 1-12
[  238.947162][ T7451] EXT4-fs (loop0): 1 truncate cleaned up
[  239.002492][ T7451] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  239.044287][   T10] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  239.080984][ T7463] loop2: detected capacity change from 0 to 512
[  239.154286][ T7463] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  239.197559][ T7463] EXT4-fs (loop2): 1 truncate cleaned up
[  239.214352][   T10] usb 5-1: Using ep0 maxpacket: 16
[  239.226083][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  239.245862][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  239.248084][ T7463] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  239.274276][   T10] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  239.299630][   T10] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  239.308971][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  239.320740][ T7465] loop1: detected capacity change from 0 to 1024
[  239.337949][   T10] usb 5-1: config 0 descriptor??
[  239.352472][ T7465] EXT4-fs: inline encryption not supported
[  239.728702][ T7474] 
: renamed from bridge_slave_0 (while UP)
[  240.316186][   T10] usbhid 5-1:0.0: can't add hid device: -71
[  240.322401][   T10] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  240.351086][   T24] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  240.373369][ T7465] EXT4-fs (loop1): stripe (6) is not aligned with cluster size (16), stripe is disabled
[  240.391303][   T10] usb 5-1: USB disconnect, device number 8
[  240.393089][   T24] usb 6-1: USB disconnect, device number 4
[  240.535784][ T5830] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  240.592636][ T5820] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  240.645523][ T7465] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  241.418715][ T5834] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  241.783040][ T7498] netlink: 12 bytes leftover after parsing attributes in process `syz.5.407'.
[  242.224487][ T7507] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  242.788413][ T7510] loop4: detected capacity change from 0 to 64
[  243.119817][ T7513] fuse: Unknown parameter '0xffffffffffffffff00000000000000000000'
[  243.130930][ T7513] Trying to free block not in datazone
[  243.136692][ T7513] syz.4.408: attempt to access beyond end of device
[  243.136692][ T7513] loop4: rw=8390657, sector=412, nr_sectors = 2 limit=64
[  243.150225][ T7513] Buffer I/O error on dev loop4, logical block 206, lost async page write
[  243.331661][ T7518] netlink: 'syz.6.410': attribute type 1 has an invalid length.
[  243.787191][   T24] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  243.873228][ T7532] 
: renamed from bridge_slave_0 (while UP)
[  243.994410][ T5889] usb 7-1: new full-speed USB device number 2 using dummy_hcd
[  244.007875][ T7535] syzkaller0: entered promiscuous mode
[  244.014395][   T24] usb 6-1: Using ep0 maxpacket: 16
[  244.026269][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  244.052302][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  244.065683][ T7535] syzkaller0: entered allmulticast mode
[  244.096236][   T24] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  244.128350][   T24] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  244.155177][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  244.188457][ T5889] usb 7-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  244.209344][ T5889] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  244.224931][   T24] usb 6-1: config 0 descriptor??
[  244.234368][ T5889] usb 7-1: Product: syz
[  244.248951][ T5889] usb 7-1: Manufacturer: syz
[  244.259556][ T5889] usb 7-1: SerialNumber: syz
[  244.285402][ T5889] usb 7-1: config 0 descriptor??
[  244.519076][ T5889] usb 7-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  244.647796][ T7525] loop2: detected capacity change from 0 to 32768
[  244.680098][   T24] usbhid 6-1:0.0: can't add hid device: -71
[  244.714657][   T24] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  244.767403][   T24] usb 6-1: USB disconnect, device number 5
[  244.773350][ T7525] 
[  244.773350][ T7525]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  244.773350][ T7525] 
[  244.964374][ T5820] 
[  244.964374][ T5820]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  244.964374][ T5820] 
[  245.025767][ T5820] 
[  245.025767][ T5820]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  245.025767][ T5820] 
[  245.410018][ T7556] Cannot find add_set index 0 as target
[  245.435547][ T7556] overlayfs: overlapping lowerdir path
[  245.528886][ T7557] netlink: 32 bytes leftover after parsing attributes in process `syz.1.417'.
[  247.094355][ T5889] dvb_usb_rtl28xxu 7-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  247.786078][ T5889] usb 7-1: USB disconnect, device number 2
[  247.853728][ T7572] loop4: detected capacity change from 0 to 64
[  247.910427][ T7572] fuse: Unknown parameter '0xffffffffffffffff00000000000000000000'
[  247.921807][ T7572] Trying to free block not in datazone
[  247.927637][ T7572] syz.4.424: attempt to access beyond end of device
[  247.927637][ T7572] loop4: rw=8390657, sector=412, nr_sectors = 2 limit=64
[  247.941264][ T7572] Buffer I/O error on dev loop4, logical block 206, lost async page write
[  250.709750][ T7615] Cannot find del_set index 4 as target
[  250.733925][ T7615] overlayfs: overlapping lowerdir path
[  250.835593][ T7616] netlink: 32 bytes leftover after parsing attributes in process `syz.5.435'.
[  251.698331][ T7620] loop6: detected capacity change from 0 to 32768
[  251.714856][ T7620] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.436 (7620)
[  251.745967][ T7622] netlink: 8 bytes leftover after parsing attributes in process `syz.5.437'.
[  251.793061][ T7620] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  251.804416][ T7620] BTRFS info (device loop6): using crc32c checksum algorithm
[  251.958777][ T7620] BTRFS info (device loop6): setting nodatasum
[  251.965244][ T7620] BTRFS info (device loop6): setting nodatacow
[  251.971437][ T7620] BTRFS info (device loop6): turning on async discard
[  251.979742][ T7620] BTRFS info (device loop6): enabling free space tree
[  251.986629][ T7620] BTRFS info (device loop6): enabling auto defrag
[  251.993044][ T7620] BTRFS info (device loop6): max_inline set to 0
[  252.206639][ T7642] BTRFS info (device loop6 state M): max_inline set to 0
[  252.998981][   T24] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  253.030721][ T7128] BTRFS info (device loop6): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  253.069465][   T24] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  255.028480][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  255.035002][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  256.738685][ T7691] loop4: detected capacity change from 0 to 4096
[  257.273645][ T7691] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  257.394258][ T7701] loop0: detected capacity change from 0 to 40427
[  257.447041][ T7701] F2FS-fs (loop0): invalid crc value
[  257.524547][   T24] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  257.545741][ T7701] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  257.564546][ T7701] F2FS-fs (loop0): Start checkpoint disabled!
[  257.601048][ T7701] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0
[  257.611026][ T7701] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  257.726633][   T24] usb 6-1: config index 0 descriptor too short (expected 23569, got 27)
[  257.735850][   T30] audit: type=1800 audit(1775309131.799:10): pid=7705 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.452" name="bus" dev="loop0" ino=10 res=0 errno=0
[  257.917004][ T7691] ntfs3(loop4): Failed to load $Extend (-22).
[  258.003486][ T7691] ntfs3(loop4): Failed to initialize $Extend.
[  258.087355][   T24] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  258.098406][   T24] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  258.132291][   T24] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  258.141653][   T24] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  258.961978][   T30] audit: type=1800 audit(1775309132.999:11): pid=7711 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.450" name="file1" dev="loop4" ino=30 res=0 errno=0
[  259.054272][   T24] usb 6-1: Manufacturer: syz
[  259.065463][   T24] usb 6-1: config 0 descriptor??
[  259.088982][   T24] igorplugusb 6-1:0.0: incorrect number of endpoints
[  259.282417][ T7698] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  259.291378][ T7698] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  259.375068][  T144] kworker/u8:6: attempt to access beyond end of device
[  259.375068][  T144] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  259.437701][  T144] CPU: 0 UID: 0 PID: 144 Comm: kworker/u8:6 Not tainted syzkaller #0 PREEMPT(full) 
[  259.437736][  T144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  259.437752][  T144] Workqueue: writeback wb_workfn (flush-7:0)
[  259.437792][  T144] Call Trace:
[  259.437802][  T144]  <TASK>
[  259.437813][  T144]  dump_stack_lvl+0xe8/0x150
[  259.437852][  T144]  f2fs_handle_critical_error+0x37c/0x540
[  259.437898][  T144]  f2fs_write_end_io+0xcdb/0xff0
[  259.437950][  T144]  __submit_merged_bio+0x256/0x700
[  259.437997][  T144]  __submit_merged_write_cond+0x3c9/0x4e0
[  259.438046][  T144]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  259.438101][  T144]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.438144][  T144]  f2fs_write_data_pages+0x2975/0x35e0
[  259.438235][  T144]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  259.438295][  T144]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  259.438372][  T144]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  259.438442][  T144]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.438471][  T144]  ? __lock_acquire+0x6b5/0x2cf0
[  259.438523][  T144]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.438558][  T144]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  259.438607][  T144]  do_writepages+0x32e/0x550
[  259.438656][  T144]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.438685][  T144]  ? reacquire_held_locks+0x104/0x190
[  259.438722][  T144]  ? writeback_sb_inodes+0x477/0x1a20
[  259.438768][  T144]  __writeback_single_inode+0x133/0x11a0
[  259.438807][  T144]  ? do_raw_spin_unlock+0xf5/0x210
[  259.438841][  T144]  writeback_sb_inodes+0x992/0x1a20
[  259.438906][  T144]  ? do_raw_spin_unlock+0xf5/0x210
[  259.438942][  T144]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  259.438975][  T144]  ? do_raw_spin_lock+0x12b/0x2f0
[  259.439058][  T144]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.439088][  T144]  ? rcu_is_watching+0x15/0xb0
[  259.439125][  T144]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.439166][  T144]  wb_writeback+0x456/0xb70
[  259.439207][  T144]  ? queue_io+0x1f1/0x4a0
[  259.439254][  T144]  ? __pfx_wb_writeback+0x10/0x10
[  259.439287][  T144]  ? do_raw_spin_lock+0x12b/0x2f0
[  259.439337][  T144]  wb_workfn+0x414/0xf50
[  259.439371][  T144]  ? look_up_lock_class+0x57/0x110
[  259.439425][  T144]  ? __pfx_wb_workfn+0x10/0x10
[  259.439459][  T144]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.439488][  T144]  ? do_raw_spin_lock+0x12b/0x2f0
[  259.439519][  T144]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  259.439546][  T144]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.439584][  T144]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.439624][  T144]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.439655][  T144]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.439688][  T144]  ? process_scheduled_works+0xa8d/0x18c0
[  259.439722][  T144]  ? process_scheduled_works+0xa8d/0x18c0
[  259.439759][  T144]  process_scheduled_works+0xb6e/0x18c0
[  259.439839][  T144]  ? __pfx_process_scheduled_works+0x10/0x10
[  259.439883][  T144]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.439912][  T144]  ? assign_work+0x3d5/0x5e0
[  259.439954][  T144]  worker_thread+0xa53/0xfc0
[  259.440015][  T144]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.440058][  T144]  kthread+0x388/0x470
[  259.440085][  T144]  ? __pfx_worker_thread+0x10/0x10
[  259.440117][  T144]  ? __pfx_kthread+0x10/0x10
[  259.440145][  T144]  ret_from_fork+0x51e/0xb90
[  259.440185][  T144]  ? __pfx_ret_from_fork+0x10/0x10
[  259.440216][  T144]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.440245][  T144]  ? __switch_to+0xc7d/0x1450
[  259.440281][  T144]  ? __pfx_kthread+0x10/0x10
[  259.440309][  T144]  ret_from_fork_asm+0x1a/0x30
[  259.440389][  T144]  </TASK>
[  259.440400][  T144] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  259.774304][   T29] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  260.109128][   T29] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  260.125677][   T29] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  260.156132][   T29] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  260.181447][   T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  260.207180][   T29] usb 5-1: config 0 descriptor??
[  260.492557][ T5889] usb 6-1: USB disconnect, device number 6
[  260.645005][   T29] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  260.837810][ T7746] loop1: detected capacity change from 0 to 512
[  260.865488][   T29] usb 3-1: Using ep0 maxpacket: 16
[  260.880709][   T29] usb 3-1: config index 0 descriptor too short (expected 16456, got 72)
[  260.954431][   T29] usb 3-1: config 0 has an invalid interface number: 125 but max is 1
[  261.006331][ T7746] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  261.086491][   T29] usb 3-1: config 0 has an invalid interface number: 125 but max is 1
[  261.244338][   T29] usb 3-1: config 0 has an invalid interface number: 125 but max is 1
[  261.268259][ T7746] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  261.304252][    C1] EXT4-fs (loop1): error count since last fsck: 1
[  261.310752][    C1] EXT4-fs (loop1): initial error at time 1775309135: ext4_mb_generate_buddy:1317
[  261.319996][    C1] EXT4-fs (loop1): last error at time 1775309135: ext4_mb_generate_buddy:1317
[  261.398789][   T29] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[  261.531920][   T29] usb 3-1: config 0 has no interface number 0
[  261.551557][ T7746] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2858: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  261.626048][   T29] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[  261.656952][ T7746] EXT4-fs (loop1): 1 truncate cleaned up
[  261.681323][   T29] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[  261.698659][ T7746] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  261.759617][   T29] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  261.810268][   T29] usb 3-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  261.847720][   T29] usb 3-1: config 0 interface 125 has no altsetting 0
[  261.872687][   T29] usb 3-1: config 0 interface 125 has no altsetting 2
[  261.927696][   T29] usb 3-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  261.978980][   T29] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  262.015423][   T29] usb 3-1: Product: syz
[  262.221400][   T29] usb 3-1: Manufacturer: syz
[  262.233095][   T29] usb 3-1: SerialNumber: syz
[  262.247531][   T29] usb 3-1: config 0 descriptor??
[  262.248522][ T5834] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  262.266099][   T29] usb 3-1: selecting invalid altsetting 2
[  263.434875][   T29] get_1284_register timeout
[  263.439586][    C1] usb 3-1: async_complete: urb error -104
[  263.445497][    C1] usb 3-1: async_complete: urb error -104
[  263.451329][    C1] usb 3-1: async_complete: urb error -104
[  263.457167][    C1] usb 3-1: async_complete: urb error -104
[  264.043194][   T10] usb 3-1: USB disconnect, device number 7
[  264.126171][   T29] usb 5-1: USB disconnect, device number 9
[  264.487033][ T7781] loop1: detected capacity change from 0 to 40427
[  264.501104][ T7781] F2FS-fs (loop1): invalid crc value
[  264.601574][ T7781] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  264.614742][ T7781] F2FS-fs (loop1): Start checkpoint disabled!
[  264.623485][ T7781] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  264.635747][ T7781] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  264.723162][   T30] audit: type=1800 audit(1775309138.779:12): pid=7793 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.469" name="bus" dev="loop1" ino=10 res=0 errno=0
[  265.246062][   T36] kworker/u8:2: attempt to access beyond end of device
[  265.246062][   T36] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  265.264848][   T10] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  265.294590][   T36] CPU: 1 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT(full) 
[  265.294625][   T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  265.294640][   T36] Workqueue: writeback wb_workfn (flush-7:1)
[  265.294678][   T36] Call Trace:
[  265.294688][   T36]  <TASK>
[  265.294695][   T36]  dump_stack_lvl+0xe8/0x150
[  265.294725][   T36]  f2fs_handle_critical_error+0x37c/0x540
[  265.294760][   T36]  f2fs_write_end_io+0xcdb/0xff0
[  265.294799][   T36]  __submit_merged_bio+0x256/0x700
[  265.294840][   T36]  __submit_merged_write_cond+0x3c9/0x4e0
[  265.294877][   T36]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  265.294918][   T36]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.294950][   T36]  f2fs_write_data_pages+0x2975/0x35e0
[  265.294980][   T36]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.295039][   T36]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  265.295084][   T36]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  265.295142][   T36]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  265.295193][   T36]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.295215][   T36]  ? __lock_acquire+0x6b5/0x2cf0
[  265.295254][   T36]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.295280][   T36]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  265.295311][   T36]  do_writepages+0x32e/0x550
[  265.295347][   T36]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.295368][   T36]  ? reacquire_held_locks+0x104/0x190
[  265.295396][   T36]  ? writeback_sb_inodes+0x477/0x1a20
[  265.295429][   T36]  __writeback_single_inode+0x133/0x11a0
[  265.295458][   T36]  ? do_raw_spin_unlock+0xf5/0x210
[  265.295483][   T36]  writeback_sb_inodes+0x992/0x1a20
[  265.295545][   T36]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  265.295569][   T36]  ? do_raw_spin_lock+0x12b/0x2f0
[  265.295632][   T36]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.295653][   T36]  ? rcu_is_watching+0x15/0xb0
[  265.295680][   T36]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.295711][   T36]  wb_writeback+0x456/0xb70
[  265.295741][   T36]  ? queue_io+0x1f1/0x4a0
[  265.295776][   T36]  ? __pfx_wb_writeback+0x10/0x10
[  265.295800][   T36]  ? do_raw_spin_lock+0x12b/0x2f0
[  265.295843][   T36]  wb_workfn+0x414/0xf50
[  265.295869][   T36]  ? look_up_lock_class+0x57/0x110
[  265.295909][   T36]  ? __pfx_wb_workfn+0x10/0x10
[  265.295935][   T36]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.295956][   T36]  ? do_raw_spin_lock+0x12b/0x2f0
[  265.295979][   T36]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  265.295999][   T36]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.296027][   T36]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.296052][   T36]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.296075][   T36]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.296100][   T36]  ? process_scheduled_works+0xa8d/0x18c0
[  265.296125][   T36]  ? process_scheduled_works+0xa8d/0x18c0
[  265.296152][   T36]  process_scheduled_works+0xb6e/0x18c0
[  265.296212][   T36]  ? __pfx_process_scheduled_works+0x10/0x10
[  265.296244][   T36]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.296265][   T36]  ? assign_work+0x3d5/0x5e0
[  265.296297][   T36]  worker_thread+0xa53/0xfc0
[  265.296324][   T36]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.296362][   T36]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.296394][   T36]  kthread+0x388/0x470
[  265.296414][   T36]  ? __pfx_worker_thread+0x10/0x10
[  265.296438][   T36]  ? __pfx_kthread+0x10/0x10
[  265.296459][   T36]  ret_from_fork+0x51e/0xb90
[  265.296488][   T36]  ? __pfx_ret_from_fork+0x10/0x10
[  265.296511][   T36]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.296532][   T36]  ? __switch_to+0xc7d/0x1450
[  265.296559][   T36]  ? __pfx_kthread+0x10/0x10
[  265.296580][   T36]  ret_from_fork_asm+0x1a/0x30
[  265.296627][   T36]  </TASK>
[  265.298794][   T36] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  265.931527][   T10] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  265.985081][   T10] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  266.007949][   T10] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  266.033306][ T5934] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  266.053411][   T10] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  266.146248][   T10] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  266.188563][   T10] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  266.227266][   T10] usb 1-1: Product: syz
[  266.239225][ T5934] usb 7-1: config index 0 descriptor too short (expected 23569, got 27)
[  266.251251][   T10] usb 1-1: Manufacturer: syz
[  266.258158][ T5934] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  266.301129][   T10] cdc_wdm 1-1:1.0: skipping garbage
[  266.373416][ T7811] loop4: detected capacity change from 0 to 1024
[  267.283461][ T5934] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  267.296497][   T10] cdc_wdm 1-1:1.0: skipping garbage
[  267.301877][   T10] cdc_wdm 1-1:1.0: skipping garbage
[  267.307166][   T10] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22
[  267.316618][ T5934] usb 7-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  267.325910][ T5934] usb 7-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  267.333912][ T5934] usb 7-1: Manufacturer: syz
[  267.345662][   T10] usb 1-1: USB disconnect, device number 11
[  267.360689][ T5934] usb 7-1: config 0 descriptor??
[  267.373479][ T5934] igorplugusb 7-1:0.0: incorrect number of endpoints
[  267.478132][ T5971] hfsplus: b-tree write err: -5, ino 3
[  267.675931][ T7797] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  267.971487][ T7797] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  269.947401][ T5889] usb 7-1: USB disconnect, device number 3
[  272.084750][ T7842] netlink: 12 bytes leftover after parsing attributes in process `syz.6.488'.
[  273.066446][ T7856] loop5: detected capacity change from 0 to 1024
[  273.152271][ T7856] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  274.142236][ T5832] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  274.184304][   T24] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  274.395306][   T24] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  274.523901][   T24] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  274.647782][   T24] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  274.763633][   T24] usb 5-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xF7, changing to 0x87
[  274.888710][   T24] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x87 has invalid maxpacket 14129, setting to 64
[  274.976557][   T24] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  275.006373][   T24] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  275.032228][   T24] usb 5-1: Product: syz
[  275.044355][   T24] usb 5-1: Manufacturer: syz
[  275.061340][   T24] cdc_wdm 5-1:1.0: skipping garbage
[  275.067171][   T24] cdc_wdm 5-1:1.0: skipping garbage
[  275.072873][   T24] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22
[  275.848390][ T7878] loop0: detected capacity change from 0 to 131072
[  275.872606][   T24] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  275.896243][ T7878] F2FS-fs (loop0): invalid crc value
[  275.968590][ T5889] usb 5-1: USB disconnect, device number 10
[  275.987776][ T7878] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  276.008227][ T7878] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  276.085500][ T7878] F2FS-fs (loop0): sanity_check_inode: inode (ino=4) has corrupted i_extra_isize: 6, max: 36
[  276.169005][   T24] usb 7-1: config index 0 descriptor too short (expected 23569, got 27)
[  276.240209][   T24] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  276.255361][   T24] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  276.270489][   T24] usb 7-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  276.284456][   T24] usb 7-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  276.292720][   T24] usb 7-1: Manufacturer: syz
[  276.303452][   T24] usb 7-1: config 0 descriptor??
[  276.312344][   T24] igorplugusb 7-1:0.0: incorrect number of endpoints
[  276.381455][ T7875] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  276.692183][ T7879] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  276.719870][ T7879] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  277.180232][ T7875] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  278.294229][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  278.851657][ T5897] usb 7-1: USB disconnect, device number 4
[  279.221045][ T7875] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  279.484121][ T7875] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  279.889931][  T157] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  280.168484][ T6196] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  281.089975][ T5943] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  281.224692][ T5943] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  286.069547][ T7952] loop6: detected capacity change from 0 to 128
[  286.300652][ T7952] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  286.371862][ T7952] hpfs: filesystem error: improperly stopped
[  286.385058][ T5889] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  286.463494][ T7952] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  286.621532][ T5889] usb 6-1: config index 0 descriptor too short (expected 23569, got 27)
[  286.669647][ T7952] hpfs: You really don't want any checks? You are crazy...
[  287.045883][ T7952] hpfs: hpfs_map_sector(): read error
[  287.051308][ T7952] hpfs: code page support is disabled
[  287.097078][ T7952] hpfs: hpfs_map_4sectors(): unaligned read
[  287.138305][ T7952] hpfs: hpfs_map_4sectors(): unaligned read
[  287.169091][ T7952] hpfs: filesystem error: unable to find root dir
[  287.260644][ T7961] loop4: detected capacity change from 0 to 1024
[  287.383337][ T7961] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  287.419482][ T7952] hpfs: hpfs_map_4sectors(): unaligned read
[  287.427195][ T7961] ext4 filesystem being mounted at /93/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  287.703860][ T5889] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  288.124585][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  288.270334][ T7966] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 112: padding at end of block bitmap is not set
[  288.289276][ T5889] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  288.354311][   T10] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  288.365989][   T30] audit: type=1800 audit(1775309162.429:13): pid=7961 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.525" name="file1" dev="loop4" ino=15 res=0 errno=0
[  288.419657][ T5889] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  288.432505][ T7961] EXT4-fs error (device loop4): ext4_map_blocks:828: inode #15: block 3: comm syz.4.525: lblock 3 mapped to illegal pblock 3 (length 1)
[  288.447658][ T5889] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  288.464266][ T5889] usb 6-1: Manufacturer: syz
[  288.471134][ T7961] EXT4-fs error (device loop4): ext4_ext_remove_space:2969: inode #15: comm syz.4.525: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0)
[  288.508548][ T5889] usb 6-1: config 0 descriptor??
[  288.514672][ T7971] hpfs: hpfs_map_4sectors(): unaligned read
[  288.528044][ T5889] igorplugusb 6-1:0.0: incorrect number of endpoints
[  288.544815][   T10] usb 1-1: Using ep0 maxpacket: 16
[  288.579941][ T7961] EXT4-fs error (device loop4): ext4_map_blocks:828: inode #15: comm syz.4.525: lblock 0 mapped to illegal pblock 0 (length 1)
[  288.584671][ T7971] hpfs: hpfs_map_sector(): read error
[  288.621437][   T10] usb 1-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0
[  288.641735][ T7961] EXT4-fs error (device loop4): ext4_ext_remove_space:2969: inode #15: comm syz.4.525: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 3, max 4(4), depth 0(0)
[  288.665578][   T10] usb 1-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0
[  288.680586][   T10] usb 1-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  288.694515][   T10] usb 1-1: config 1 interface 0 has no altsetting 0
[  288.703731][   T10] usb 1-1: New USB device found, idVendor=0521, idProduct=b1a8, bcdDevice= 0.40
[  288.720740][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  288.730179][   T10] usb 1-1: Product: syz
[  288.740654][   T10] usb 1-1: Manufacturer: syz
[  288.750841][   T10] usb 1-1: SerialNumber: syz
[  288.836718][ T7944] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  288.913882][ T7944] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  289.464230][ T7983] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  289.475322][ T7983] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  289.490834][ T7983] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  289.502295][ T7983] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  289.937429][ T5816] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  290.105463][ T7979] loop1: detected capacity change from 0 to 32768
[  290.122354][   T10] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 12 if 0 alt 255 proto 1 vid 0x0521 pid 0xB1A8
[  290.151741][   T10] usb 1-1: USB disconnect, device number 12
[  290.173639][   T10] usblp0: removed
[  290.216704][ T7979] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.530 (7979)
[  290.233800][ T7979] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  290.244113][ T7979] BTRFS info (device loop1): using crc32c checksum algorithm
[  290.363177][ T7979] BTRFS info (device loop1): setting nodatasum
[  290.369458][ T7979] BTRFS info (device loop1): setting nodatacow
[  290.375765][ T7979] BTRFS info (device loop1): turning on async discard
[  290.384121][ T7979] BTRFS info (device loop1): enabling free space tree
[  290.390992][ T7979] BTRFS info (device loop1): enabling auto defrag
[  290.397472][ T7979] BTRFS info (device loop1): max_inline set to 0
[  290.880932][ T8004] BTRFS info (device loop1 state M): max_inline set to 0
[  291.035961][ T5897] usb 6-1: USB disconnect, device number 7
[  291.542989][ T5834] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  293.450369][ T8030] loop6: detected capacity change from 0 to 512
[  293.693884][ T8030] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem
[  294.505748][ T8030] EXT4-fs error (device loop6): ext4_validate_block_bitmap:432: comm syz.6.540: bg 0: block 104: invalid block bitmap
[  294.675457][ T8030] loop6: lost filesystem error report for type 5 error -117
[  294.680832][ T8030] EXT4-fs error (device loop6) in ext4_mb_clear_bb:6685: Corrupt filesystem
[  294.688223][    C0] EXT4-fs (loop6): error count since last fsck: 1
[  294.688254][    C0] EXT4-fs (loop6): initial error at time 1775309168: ext4_validate_block_bitmap:432
[  294.688278][    C0] EXT4-fs (loop6): last error at time 1775309168: ext4_validate_block_bitmap:432
[  294.932642][ T8030] loop6: lost filesystem error report for type 5 error -117
[  294.942969][ T8030] EXT4-fs error (device loop6): ext4_free_branches:1023: inode #11: comm syz.6.540: invalid indirect mapped block 1 (level 1)
[  295.184408][ T8030] loop6: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  295.190615][ T8030] EXT4-fs (loop6): 1 truncate cleaned up
[  295.261174][ T8030] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  295.585798][ T8047] netdevsim netdevsim0 netdevsim0: entered allmulticast mode
[  295.752305][ T7128] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  295.816143][    T9] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  295.987319][    T9] usb 2-1: config index 0 descriptor too short (expected 23569, got 27)
[  295.996046][    T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  296.006789][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  296.022862][    T9] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  296.176929][ T8056] loop4: detected capacity change from 0 to 32768
[  296.253491][    T9] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  296.264380][    T9] usb 2-1: Manufacturer: syz
[  296.280152][ T8056] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  296.319135][ T8056] XFS (loop4): Ending clean mount
[  296.327895][ T8056] XFS (loop4): Quotacheck needed: Please wait.
[  296.342442][    T9] usb 2-1: config 0 descriptor??
[  296.361987][    T9] igorplugusb 2-1:0.0: incorrect number of endpoints
[  296.584628][ T8056] XFS (loop4): Quotacheck: Done.
[  297.596659][ T8070] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  297.620056][ T8052] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  297.663928][ T8052] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  297.701515][ T5816] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  298.157620][ T8079] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  298.171045][ T8079] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  298.188614][ T8079] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  298.200301][ T8079] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  300.244350][ T5889] usb 2-1: USB disconnect, device number 11
[  305.032523][ T8115] netlink: 48 bytes leftover after parsing attributes in process `syz.5.559'.
[  306.304488][    T9] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  306.646444][ T8132] loop4: detected capacity change from 0 to 64
[  306.664594][    T9] usb 1-1: Using ep0 maxpacket: 8
[  306.727813][    T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  306.860904][    T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  307.011109][    T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  307.174142][    T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  307.342316][    T9] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  307.432232][   T10] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  307.518118][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  307.833267][    T9] hub 1-1:1.0: bad descriptor, ignoring hub
[  307.839438][    T9] hub 1-1:1.0: probe with driver hub failed with error -5
[  307.847244][    T9] cdc_wdm 1-1:1.0: skipping garbage
[  307.852453][    T9] cdc_wdm 1-1:1.0: skipping garbage
[  307.868257][    T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  307.874317][    T9] cdc_wdm 1-1:1.0: Unknown control protocol
[  307.912294][   T10] usb 7-1: config index 0 descriptor too short (expected 23569, got 27)
[  307.921081][   T10] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  307.939440][   T10] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  307.963170][ T5816] hfs: node 4:3 still has 1 user(s)!
[  307.992797][   T10] usb 7-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  308.021883][   T10] usb 7-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  308.040366][   T10] usb 7-1: Manufacturer: syz
[  308.068030][   T10] usb 7-1: config 0 descriptor??
[  308.116982][   T10] igorplugusb 7-1:0.0: incorrect number of endpoints
[  308.917492][ T8148] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  308.926378][ T8148] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  308.936337][ T8148] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  308.945519][ T8148] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  310.099368][   T10] usb 7-1: USB disconnect, device number 5
[  310.875556][ T8159] loop5: detected capacity change from 0 to 32768
[  311.352398][ T8168] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  311.360030][ T8168] batman_adv: batadv0: Removing interface: batadv_slave_0
[  311.386550][ T8168] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  311.395223][ T8168] batman_adv: batadv0: Removing interface: batadv_slave_1
[  311.425309][ T8159] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  311.443155][ T8172] loop1: detected capacity change from 0 to 1024
[  311.620404][ T8172] EXT4-fs: inline encryption not supported
[  311.685089][ T8172] EXT4-fs (loop1): stripe (6) is not aligned with cluster size (16), stripe is disabled
[  312.022587][ T8172] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  313.116397][ T5834] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  313.135782][   T24] usb 1-1: USB disconnect, device number 13
[  313.141896][ T8121] cdc_wdm 1-1:1.0: Error autopm - -16
[  313.143182][ T5832] ocfs2: Unmounting device (7,5) on (node local)
[  315.634788][   T10] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  315.816253][   T10] usb 5-1: config index 0 descriptor too short (expected 23569, got 27)
[  316.477226][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  316.483685][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  316.500584][   T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  316.634878][   T10] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  316.695705][   T10] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  316.707641][   T10] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  316.735497][   T10] usb 5-1: Manufacturer: syz
[  316.756716][   T10] usb 5-1: config 0 descriptor??
[  316.817837][   T10] igorplugusb 5-1:0.0: incorrect number of endpoints
[  317.322963][ T8215] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  317.335095][ T8215] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  317.351999][ T8215] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  317.363832][ T8215] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  318.231647][ T8219] loop5: detected capacity change from 0 to 40427
[  318.309921][ T8219] F2FS-fs (loop5): invalid crc value
[  318.382295][ T8219] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  318.392385][ T8219] F2FS-fs (loop5): Start checkpoint disabled!
[  318.400344][ T8219] F2FS-fs (loop5): f2fs_disable_checkpoint() finish, err:0
[  318.408117][ T8219] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  318.498955][   T30] audit: type=1800 audit(1775309192.559:14): pid=8223 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.588" name="bus" dev="loop5" ino=10 res=0 errno=0
[  318.564673][ T8223] syz.5.588: attempt to access beyond end of device
[  318.564673][ T8223] loop5: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  318.772027][ T8223] syz.5.588: attempt to access beyond end of device
[  318.772027][ T8223] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  318.788461][ T8223] syz.5.588: attempt to access beyond end of device
[  318.788461][ T8223] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  318.804092][ T8223] syz.5.588: attempt to access beyond end of device
[  318.804092][ T8223] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  318.820257][ T8223] syz.5.588: attempt to access beyond end of device
[  318.820257][ T8223] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  318.838368][ T8223] syz.5.588: attempt to access beyond end of device
[  318.838368][ T8223] loop5: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  318.855095][ T8223] syz.5.588: attempt to access beyond end of device
[  318.855095][ T8223] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  318.872920][ T8223] syz.5.588: attempt to access beyond end of device
[  318.872920][ T8223] loop5: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  318.889861][ T8223] syz.5.588: attempt to access beyond end of device
[  318.889861][ T8223] loop5: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  319.017387][ T8223] syz.5.588: attempt to access beyond end of device
[  319.017387][ T8223] loop5: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  319.070715][   T24] usb 5-1: USB disconnect, device number 11
[  319.614795][ T8227] loop1: detected capacity change from 0 to 40427
[  319.818729][ T8227] F2FS-fs (loop1): invalid crc value
[  320.009209][ T8227] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  320.019707][ T8227] F2FS-fs (loop1): Start checkpoint disabled!
[  320.051580][ T8227] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  320.059944][ T8227] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  320.307934][   T30] audit: type=1800 audit(1775309194.259:15): pid=8227 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.589" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  320.690821][   T30] audit: type=1800 audit(1775309194.319:16): pid=8234 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.589" name="bus" dev="loop1" ino=10 res=0 errno=0
[  321.224632][   T49] CPU: 0 UID: 0 PID: 49 Comm: kworker/u8:3 Not tainted syzkaller #0 PREEMPT(full) 
[  321.224669][   T49] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  321.224685][   T49] Workqueue: writeback wb_workfn (flush-7:5)
[  321.224724][   T49] Call Trace:
[  321.224733][   T49]  <TASK>
[  321.224743][   T49]  dump_stack_lvl+0xe8/0x150
[  321.224780][   T49]  f2fs_handle_critical_error+0x37c/0x540
[  321.224823][   T49]  f2fs_write_end_io+0xcdb/0xff0
[  321.224869][   T49]  __submit_merged_bio+0x256/0x700
[  321.224912][   T49]  __submit_merged_write_cond+0x3c9/0x4e0
[  321.224956][   T49]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  321.225006][   T49]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.225045][   T49]  f2fs_write_data_pages+0x2975/0x35e0
[  321.225128][   T49]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  321.225216][   T49]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.225249][   T49]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.225296][   T49]  ? finish_task_switch+0x240/0x920
[  321.225327][   T49]  ? lockdep_hardirqs_on+0x7a/0x110
[  321.225359][   T49]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.225391][   T49]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.225419][   T49]  ? rcu_is_watching+0x15/0xb0
[  321.225472][   T49]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.225502][   T49]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  321.225543][   T49]  do_writepages+0x32e/0x550
[  321.225596][   T49]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.225624][   T49]  ? reacquire_held_locks+0x104/0x190
[  321.225662][   T49]  ? writeback_sb_inodes+0x477/0x1a20
[  321.225703][   T49]  __writeback_single_inode+0x133/0x11a0
[  321.225740][   T49]  ? do_raw_spin_unlock+0xf5/0x210
[  321.225772][   T49]  writeback_sb_inodes+0x992/0x1a20
[  321.225838][   T49]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  321.225871][   T49]  ? do_raw_spin_lock+0x12b/0x2f0
[  321.225941][   T49]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.225969][   T49]  ? rcu_is_watching+0x15/0xb0
[  321.226004][   T49]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.226042][   T49]  wb_writeback+0x456/0xb70
[  321.226080][   T49]  ? queue_io+0x1f1/0x4a0
[  321.226120][   T49]  ? __pfx_wb_writeback+0x10/0x10
[  321.226152][   T49]  ? do_raw_spin_lock+0x12b/0x2f0
[  321.226196][   T49]  wb_workfn+0x414/0xf50
[  321.226227][   T49]  ? look_up_lock_class+0x57/0x110
[  321.226273][   T49]  ? __pfx_wb_workfn+0x10/0x10
[  321.226305][   T49]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.226334][   T49]  ? do_raw_spin_lock+0x12b/0x2f0
[  321.226362][   T49]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  321.226388][   T49]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.226423][   T49]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.226455][   T49]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.226486][   T49]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.226517][   T49]  ? process_scheduled_works+0xa8d/0x18c0
[  321.226550][   T49]  ? process_scheduled_works+0xa8d/0x18c0
[  321.226584][   T49]  process_scheduled_works+0xb6e/0x18c0
[  321.226661][   T49]  ? __pfx_process_scheduled_works+0x10/0x10
[  321.226701][   T49]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.226729][   T49]  ? assign_work+0x3d5/0x5e0
[  321.226767][   T49]  worker_thread+0xa53/0xfc0
[  321.226821][   T49]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.226860][   T49]  kthread+0x388/0x470
[  321.226885][   T49]  ? __pfx_worker_thread+0x10/0x10
[  321.226917][   T49]  ? __pfx_kthread+0x10/0x10
[  321.226942][   T49]  ret_from_fork+0x51e/0xb90
[  321.226979][   T49]  ? __pfx_ret_from_fork+0x10/0x10
[  321.227010][   T49]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.227038][   T49]  ? __switch_to+0xc7d/0x1450
[  321.227071][   T49]  ? __pfx_kthread+0x10/0x10
[  321.227096][   T49]  ret_from_fork_asm+0x1a/0x30
[  321.227153][   T49]  </TASK>
[  321.227204][   T49] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  321.778324][   T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted syzkaller #0 PREEMPT(full) 
[  321.778359][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  321.778376][   T12] Workqueue: writeback wb_workfn (flush-7:1)
[  321.778415][   T12] Call Trace:
[  321.778425][   T12]  <TASK>
[  321.778435][   T12]  dump_stack_lvl+0xe8/0x150
[  321.778473][   T12]  f2fs_handle_critical_error+0x37c/0x540
[  321.778516][   T12]  f2fs_write_end_io+0xcdb/0xff0
[  321.778561][   T12]  __submit_merged_bio+0x256/0x700
[  321.778605][   T12]  __submit_merged_write_cond+0x3c9/0x4e0
[  321.778658][   T12]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  321.778709][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.778748][   T12]  f2fs_write_data_pages+0x2975/0x35e0
[  321.778787][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.778857][   T12]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  321.778911][   T12]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  321.778978][   T12]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  321.779040][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.779070][   T12]  ? __lock_acquire+0x6b5/0x2cf0
[  321.779119][   T12]  ? __pfx_f2fs_inode_chksum_set+0x10/0x10
[  321.779153][   T12]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  321.779193][   T12]  do_writepages+0x32e/0x550
[  321.779238][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.779267][   T12]  ? reacquire_held_locks+0x104/0x190
[  321.779303][   T12]  ? writeback_sb_inodes+0x477/0x1a20
[  321.779346][   T12]  __writeback_single_inode+0x133/0x11a0
[  321.779383][   T12]  ? do_raw_spin_unlock+0xf5/0x210
[  321.779415][   T12]  writeback_sb_inodes+0x992/0x1a20
[  321.779483][   T12]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  321.779516][   T12]  ? do_raw_spin_lock+0x12b/0x2f0
[  321.779587][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.779616][   T12]  ? rcu_is_watching+0x15/0xb0
[  321.779657][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.779696][   T12]  wb_writeback+0x456/0xb70
[  321.779735][   T12]  ? queue_io+0x1f1/0x4a0
[  321.779778][   T12]  ? __pfx_wb_writeback+0x10/0x10
[  321.779810][   T12]  ? do_raw_spin_lock+0x12b/0x2f0
[  321.779856][   T12]  wb_workfn+0x414/0xf50
[  321.779886][   T12]  ? look_up_lock_class+0x57/0x110
[  321.779944][   T12]  ? __pfx_wb_workfn+0x10/0x10
[  321.779982][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.780011][   T12]  ? do_raw_spin_lock+0x12b/0x2f0
[  321.780041][   T12]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  321.780068][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.780104][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.780136][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.780166][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.780199][   T12]  ? process_scheduled_works+0xa8d/0x18c0
[  321.780232][   T12]  ? process_scheduled_works+0xa8d/0x18c0
[  321.780268][   T12]  process_scheduled_works+0xb6e/0x18c0
[  321.780338][   T12]  ? __pfx_process_scheduled_works+0x10/0x10
[  321.780378][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.780424][   T12]  ? assign_work+0x3d5/0x5e0
[  321.780467][   T12]  worker_thread+0xa53/0xfc0
[  321.780521][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.780561][   T12]  kthread+0x388/0x470
[  321.780587][   T12]  ? __pfx_worker_thread+0x10/0x10
[  321.780619][   T12]  ? __pfx_kthread+0x10/0x10
[  321.780651][   T12]  ret_from_fork+0x51e/0xb90
[  321.780689][   T12]  ? __pfx_ret_from_fork+0x10/0x10
[  321.780720][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  321.780749][   T12]  ? __switch_to+0xc7d/0x1450
[  321.780783][   T12]  ? __pfx_kthread+0x10/0x10
[  321.780810][   T12]  ret_from_fork_asm+0x1a/0x30
[  321.780867][   T12]  </TASK>
[  321.780906][   T12] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  322.524438][ T8245] loop6: detected capacity change from 0 to 512
[  322.648257][ T8245] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  322.757888][ T8245] EXT4-fs (loop6): 1 orphan inode deleted
[  322.847124][ T8245] EXT4-fs (loop6): 1 truncate cleaned up
[  322.904609][ T8245] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  323.091121][ T8251] EXT4-fs error (device loop6): ext4_inlinedir_to_tree:1332: inode #12: block 7: comm syz.6.595: path /36/file0/file0: bad entry in directory: directory entry overrun - offset=788, inode=13, rec_len=784, size=60 fake=0
[  323.657834][ T8251] EXT4-fs (loop6): Remounting filesystem read-only
[  324.369054][ T7128] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  325.117798][ T8272] netlink: 4 bytes leftover after parsing attributes in process `syz.1.594'.
[  325.241993][ T8273] 9pnet_fd: Insufficient options for proto=fd
[  326.046359][ T8266] loop5: detected capacity change from 0 to 64
[  326.990503][ T8277] fuse: Unknown parameter '0xffffffffffffffff00000000000000000000'
[  327.146144][ T8277] Trying to free block not in datazone
[  327.158847][ T8277] bio_check_eod: 231 callbacks suppressed
[  327.158877][ T8277] syz.5.593: attempt to access beyond end of device
[  327.158877][ T8277] loop5: rw=8390657, sector=412, nr_sectors = 2 limit=64
[  327.178504][ T8277] Buffer I/O error on dev loop5, logical block 206, lost async page write
[  330.672044][ T8313] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  333.923343][ T8319] loop6: detected capacity change from 0 to 256
[  334.311715][ T8319] FAT-fs (loop6): Directory bread(block 64) failed
[  334.336464][ T8319] FAT-fs (loop6): Directory bread(block 65) failed
[  334.366101][ T8319] FAT-fs (loop6): Directory bread(block 66) failed
[  334.386935][ T5819] Bluetooth: hci2: command 0x0406 tx timeout
[  334.402428][ T8319] FAT-fs (loop6): Directory bread(block 67) failed
[  334.434438][ T8319] FAT-fs (loop6): Directory bread(block 68) failed
[  334.483031][ T8319] FAT-fs (loop6): Directory bread(block 69) failed
[  334.593615][ T8319] FAT-fs (loop6): Directory bread(block 70) failed
[  334.678741][ T8319] FAT-fs (loop6): Directory bread(block 71) failed
[  334.776273][ T8319] FAT-fs (loop6): Directory bread(block 72) failed
[  334.852042][ T8319] FAT-fs (loop6): Directory bread(block 73) failed
[  335.345895][ T8333] loop2: detected capacity change from 0 to 64
[  335.359314][ T8319] syz.6.613: attempt to access beyond end of device
[  335.359314][ T8319] loop6: rw=8912896, sector=1160, nr_sectors = 4 limit=256
[  335.380260][ T8319] syz.6.613: attempt to access beyond end of device
[  335.380260][ T8319] loop6: rw=8388608, sector=1160, nr_sectors = 4 limit=256
[  335.399044][   T30] audit: type=1800 audit(1775309209.459:17): pid=8319 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.613" name="file0" dev="loop6" ino=1048618 res=0 errno=0
[  335.508661][ T8336] loop0: detected capacity change from 0 to 1024
[  335.648977][ T8337] syz.6.613: attempt to access beyond end of device
[  335.648977][ T8337] loop6: rw=8388608, sector=1160, nr_sectors = 4 limit=256
[  335.725579][ T8339] fuse: Unknown parameter '0xffffffffffffffff00000000000000000000'
[  336.289568][ T8339] Trying to free block not in datazone
[  336.344760][ T8339] syz.2.617: attempt to access beyond end of device
[  336.344760][ T8339] loop2: rw=8390657, sector=412, nr_sectors = 2 limit=64
[  336.500133][ T8339] Buffer I/O error on dev loop2, logical block 206, lost async page write
[  336.666212][ T8319] syz.6.613: attempt to access beyond end of device
[  336.666212][ T8319] loop6: rw=8388608, sector=1160, nr_sectors = 4 limit=256
[  336.905608][   T12] hfsplus: b-tree write err: -5, ino 3
[  336.916737][ T8347] loop1: detected capacity change from 0 to 512
[  337.024947][ T8347] EXT4-fs error (device loop1): ext4_orphan_get:1423: comm syz.1.623: bad orphan inode 15
[  337.063111][ T8347] loop1: lost filesystem error report for type 5 error -117
[  337.064235][    C0] EXT4-fs (loop1): error count since last fsck: 1
[  337.078066][    C0] EXT4-fs (loop1): initial error at time 1775309211: ext4_orphan_get:1423
[  337.086628][    C0] EXT4-fs (loop1): last error at time 1775309211: ext4_orphan_get:1423
[  337.269673][ T8347] ext4_test_bit(bit=14, block=18) = 1
[  338.035704][ T8347] is_bad_inode(inode)=0
[  338.138980][ T8347] NEXT_ORPHAN(inode)=1023
[  338.294380][ T8347] max_ino=32
[  338.297704][ T8347] i_nlink=0
[  338.342706][ T8347] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2970: inode #15: comm syz.1.623: corrupted xattr block 19: invalid header
[  338.366551][ T8347] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  338.412781][ T8347] EXT4-fs warning (device loop1): ext4_evict_inode:285: xattr delete (err -117)
[  338.602270][ T8347] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0009-000000000000 r/w without journal. Quota mode: none.
[  338.960574][ T8347] ext4 filesystem being mounted at /119/éq‰Y’3aK supports timestamps until 2038-01-19 (0x7fffffff)
[  340.659579][ T8352] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 449: padding at end of block bitmap is not set
[  340.915203][ T5834] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0009-000000000000.
[  341.061757][ T8375] syzkaller0: entered promiscuous mode
[  342.180833][ T8385] loop1: detected capacity change from 0 to 512
[  342.194638][ T8385] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  342.234362][ T8385] EXT4-fs (loop1): 1 truncate cleaned up
[  342.401932][ T8385] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  342.411379][ T8392] loop2: detected capacity change from 0 to 512
[  342.430788][ T8384] loop6: detected capacity change from 0 to 4096
[  342.448725][ T8395] loop0: detected capacity change from 0 to 128
[  342.506569][ T8398] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  342.520186][ T8394] loop4: detected capacity change from 0 to 64
[  342.540902][ T8392] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  342.612185][ T8392] ext4 filesystem being mounted at /108/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  343.318482][ T8402] fuse: Unknown parameter '0xffffffffffffffff00000000000000000000'
[  343.352739][ T8402] Trying to free block not in datazone
[  343.359392][ T8402] syz.4.637: attempt to access beyond end of device
[  343.359392][ T8402] loop4: rw=8390657, sector=412, nr_sectors = 2 limit=64
[  343.372947][ T8402] Buffer I/O error on dev loop4, logical block 206, lost async page write
[  343.477466][ T5834] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  343.510886][ T8392] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2970: inode #15: comm syz.2.639: corrupted xattr block 33: invalid checksum
[  343.667280][ T8392] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -74
[  343.762600][ T8392] EXT4-fs warning (device loop2): ext4_evict_inode:285: xattr delete (err -74)
[  344.070222][ T5820] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  348.026860][ T8437] can0: slcan on ttyS3.
[  348.215832][ T8436] can0 (unregistered): slcan off ttyS3.
[  349.343120][ T8448] bridge1: entered promiscuous mode
[  349.415824][ T8448] bridge1: entered allmulticast mode
[  349.784301][   T24] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  349.875086][ T8455] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  349.977179][   T24] usb 1-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config
[  350.004286][   T24] usb 1-1: config 1 interface 0 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 6
[  350.041672][   T24] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  350.054850][ T8462] capability: warning: `syz.2.651' uses 32-bit capabilities (legacy support in use)
[  350.082897][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  350.106744][   T24] usb 1-1: Product: syz
[  350.119304][   T24] usb 1-1: Manufacturer: syz
[  350.140549][   T24] usb 1-1: SerialNumber: syz
[  350.175905][   T24] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  350.322222][  T809] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  350.545171][   T10] usb 1-1: USB disconnect, device number 14
[  350.706450][ T8455] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  350.966669][ T8455] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  351.217021][ T8455] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  351.354380][ T5922] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  351.479187][  T157] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  351.504528][  T809] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[  351.530114][  T809] ath9k_htc: Failed to initialize the device
[  351.537561][  T134] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  351.554355][ T5922] usb 2-1: Using ep0 maxpacket: 16
[  351.576822][ T5922] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  351.588209][   T10] usb 1-1: ath9k_htc: USB layer deinitialized
[  351.621214][ T5922] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  351.674150][ T5922] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  351.727921][ T5922] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  351.758212][ T5922] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  351.766864][  T134] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  351.818989][  T134] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  351.879532][ T5922] usb 2-1: config 0 descriptor??
[  352.723290][   T10] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  353.024459][   T10] usb 1-1: Using ep0 maxpacket: 32
[  353.073388][ T5922] microsoft 0003:045E:07DA.0003: ignoring exceeding usage max
[  353.084316][   T10] usb 1-1: device descriptor read/all, error -71
[  353.117082][ T5922] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[  353.285840][ T5922] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[  353.331520][ T5922] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[  353.383379][ T5922] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[  353.411414][ T5922] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[  353.440751][ T5922] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[  353.479319][ T5922] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[  353.534983][ T5922] microsoft 0003:045E:07DA.0003: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  353.590360][ T5922] microsoft 0003:045E:07DA.0003: no inputs found
[  353.660773][ T5922] microsoft 0003:045E:07DA.0003: could not initialize ff, continuing anyway
[  353.746427][ T5922] usb 2-1: USB disconnect, device number 12
[  353.929993][ T8510] fido_id[8510]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  356.142236][   T24] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  356.454447][   T24] usb 2-1: Using ep0 maxpacket: 32
[  356.469111][   T24] usb 2-1: config 0 has an invalid interface number: 188 but max is 0
[  356.496389][   T24] usb 2-1: config 0 has no interface number 0
[  356.519032][   T24] usb 2-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  356.565544][   T24] usb 2-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  356.602148][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  356.807505][   T24] usb 2-1: Product: syz
[  356.817317][   T24] usb 2-1: Manufacturer: syz
[  356.848775][   T24] usb 2-1: SerialNumber: syz
[  357.497960][   T24] usb 2-1: config 0 descriptor??
[  357.540393][ T8527] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  357.775046][ T8527] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  358.266188][ T8542] loop6: detected capacity change from 0 to 40427
[  358.283154][ T8542] F2FS-fs (loop6): invalid crc value
[  358.377568][ T8542] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  358.389432][ T8542] F2FS-fs (loop6): Start checkpoint disabled!
[  358.398796][ T8542] F2FS-fs (loop6): f2fs_disable_checkpoint() finish, err:0
[  358.407862][ T8542] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[  359.770616][   T24] asix 2-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  359.802144][   T24] asix 2-1:0.188 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  359.876523][ T8561] syz.0.679 (8561) used greatest stack depth: 17008 bytes left
[  359.976980][   T24] asix 2-1:0.188: probe with driver asix failed with error -71
[  360.175820][   T24] usb 2-1: USB disconnect, device number 13
[  360.607330][ T8578] loop4: detected capacity change from 0 to 128
[  360.686435][ T8578] syz.4.688: attempt to access beyond end of device
[  360.686435][ T8578] loop4: rw=2049, sector=154, nr_sectors = 6 limit=128
[  360.707075][ T8581] loop1: detected capacity change from 0 to 512
[  360.845729][ T8578] syz.4.688: attempt to access beyond end of device
[  360.845729][ T8578] loop4: rw=8390657, sector=158, nr_sectors = 2 limit=128
[  360.951742][ T8583] ufs: You didn't specify the type of your ufs filesystem
[  360.951742][ T8583] 
[  360.951742][ T8583] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  360.951742][ T8583] 
[  360.951742][ T8583] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  360.982548][ T8583] ufs: ufstype=old is supported read-only
[  360.990672][ T8583] ufs: ufs_fill_super(): bad magic number
[  361.655705][ T8578] Buffer I/O error on dev loop4, logical block 79, lost async page write
[  361.768898][ T8581] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  361.819600][ T8578] syz.4.688: attempt to access beyond end of device
[  361.819600][ T8578] loop4: rw=8390657, sector=160, nr_sectors = 2 limit=128
[  361.844452][ T8581] ext4 filesystem being mounted at /128/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  361.955963][ T8578] Buffer I/O error on dev loop4, logical block 80, lost async page write
[  362.243596][ T8578] syz.4.688: attempt to access beyond end of device
[  362.243596][ T8578] loop4: rw=8390657, sector=154, nr_sectors = 2 limit=128
[  362.269290][ T5834] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  362.340238][ T8578] Buffer I/O error on dev loop4, logical block 77, lost async page write
[  362.401816][ T8578] syz.4.688: attempt to access beyond end of device
[  362.401816][ T8578] loop4: rw=8390657, sector=156, nr_sectors = 2 limit=128
[  362.464254][ T8578] Buffer I/O error on dev loop4, logical block 78, lost async page write
[  362.496654][ T8578] syz.4.688: attempt to access beyond end of device
[  362.496654][ T8578] loop4: rw=8390657, sector=158, nr_sectors = 2 limit=128
[  362.554293][ T8578] Buffer I/O error on dev loop4, logical block 79, lost async page write
[  362.595259][ T8578] syz.4.688: attempt to access beyond end of device
[  362.595259][ T8578] loop4: rw=8390657, sector=160, nr_sectors = 2 limit=128
[  362.649168][ T8578] Buffer I/O error on dev loop4, logical block 80, lost async page write
[  362.649388][ T8578] syz.4.688: attempt to access beyond end of device
[  362.649388][ T8578] loop4: rw=2049, sector=162, nr_sectors = 88 limit=128
[  362.649669][ T8578] syz.4.688: attempt to access beyond end of device
[  362.649669][ T8578] loop4: rw=2049, sector=138, nr_sectors = 12 limit=128
[  362.994760][ T8605] loop0: detected capacity change from 0 to 40427
[  363.039851][ T8605] F2FS-fs (loop0): invalid crc value
[  363.105653][ T8605] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  363.110676][ T8605] F2FS-fs (loop0): Start checkpoint disabled!
[  363.132898][ T8605] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0
[  363.150380][ T8605] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  363.260201][ T5943] kworker/u8:8: attempt to access beyond end of device
[  363.260201][ T5943] loop0: rw=1, sector=77824, nr_sectors = 408 limit=40427
[  363.303589][ T5943] CPU: 0 UID: 0 PID: 5943 Comm: kworker/u8:8 Not tainted syzkaller #0 PREEMPT(full) 
[  363.303628][ T5943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  363.303648][ T5943] Workqueue: writeback wb_workfn (flush-7:0)
[  363.303735][ T5943] Call Trace:
[  363.303744][ T5943]  <TASK>
[  363.303756][ T5943]  dump_stack_lvl+0xe8/0x150
[  363.303795][ T5943]  f2fs_handle_critical_error+0x37c/0x540
[  363.303841][ T5943]  f2fs_write_end_io+0xcdb/0xff0
[  363.303898][ T5943]  __submit_merged_bio+0x256/0x700
[  363.303943][ T5943]  __submit_merged_write_cond+0x3c9/0x4e0
[  363.303993][ T5943]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  363.304047][ T5943]  ? srso_alias_return_thunk+0x5/0xfbef5
[  363.304090][ T5943]  f2fs_write_data_pages+0x2975/0x35e0
[  363.304129][ T5943]  ? srso_alias_return_thunk+0x5/0xfbef5
[  363.304208][ T5943]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  363.304267][ T5943]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  363.304344][ T5943]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  363.304412][ T5943]  ? srso_alias_return_thunk+0x5/0xfbef5
[  363.304441][ T5943]  ? __lock_acquire+0x6b5/0x2cf0
[  363.304494][ T5943]  ? __pfx_f2fs_inode_chksum_set+0x10/0x10
[  363.304529][ T5943]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  363.304571][ T5943]  do_writepages+0x32e/0x550
[  363.304619][ T5943]  ? srso_alias_return_thunk+0x5/0xfbef5
[  363.304648][ T5943]  ? reacquire_held_locks+0x104/0x190
[  363.304698][ T5943]  ? writeback_sb_inodes+0x477/0x1a20
[  363.304742][ T5943]  __writeback_single_inode+0x133/0x11a0
[  363.304780][ T5943]  ? do_raw_spin_unlock+0xf5/0x210
[  363.304814][ T5943]  writeback_sb_inodes+0x992/0x1a20
[  363.304890][ T5943]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  363.304923][ T5943]  ? do_raw_spin_lock+0x12b/0x2f0
[  363.305004][ T5943]  ? srso_alias_return_thunk+0x5/0xfbef5
[  363.305034][ T5943]  ? rcu_is_watching+0x15/0xb0
[  363.305070][ T5943]  ? srso_alias_return_thunk+0x5/0xfbef5
[  363.305115][ T5943]  wb_writeback+0x456/0xb70
[  363.305156][ T5943]  ? queue_io+0x1f1/0x4a0
[  363.305202][ T5943]  ? __pfx_wb_writeback+0x10/0x10
[  363.305235][ T5943]  ? do_raw_spin_lock+0x12b/0x2f0
[  363.305285][ T5943]  wb_workfn+0x414/0xf50
[  363.305318][ T5943]  ? look_up_lock_class+0x57/0x110
[  363.305372][ T5943]  ? __pfx_wb_workfn+0x10/0x10
[  363.305406][ T5943]  ? srso_alias_return_thunk+0x5/0xfbef5
[  363.305435][ T5943]  ? do_raw_spin_lock+0x12b/0x2f0
[  363.305466][ T5943]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  363.305493][ T5943]  ? srso_alias_return_thunk+0x5/0xfbef5
[  363.305531][ T5943]  ? srso_alias_return_thunk+0x5/0xfbef5
[  363.305565][ T5943]  ? srso_alias_return_thunk+0x5/0xfbef5
[  363.305597][ T5943]  ? srso_alias_return_thunk+0x5/0xfbef5
[  363.305631][ T5943]  ? process_scheduled_works+0xa8d/0x18c0
[  363.305665][ T5943]  ? process_scheduled_works+0xa8d/0x18c0
[  363.305716][ T5943]  process_scheduled_works+0xb6e/0x18c0
[  363.305797][ T5943]  ? __pfx_process_scheduled_works+0x10/0x10
[  363.305839][ T5943]  ? srso_alias_return_thunk+0x5/0xfbef5
[  363.305869][ T5943]  ? assign_work+0x3d5/0x5e0
[  363.305911][ T5943]  worker_thread+0xa53/0xfc0
[  363.305947][ T5943]  ? srso_alias_return_thunk+0x5/0xfbef5
[  363.305998][ T5943]  ? srso_alias_return_thunk+0x5/0xfbef5
[  363.306045][ T5943]  kthread+0x388/0x470
[  363.306072][ T5943]  ? __pfx_worker_thread+0x10/0x10
[  363.306104][ T5943]  ? __pfx_kthread+0x10/0x10
[  363.306132][ T5943]  ret_from_fork+0x51e/0xb90
[  363.306171][ T5943]  ? __pfx_ret_from_fork+0x10/0x10
[  363.306202][ T5943]  ? srso_alias_return_thunk+0x5/0xfbef5
[  363.306231][ T5943]  ? __switch_to+0xc7d/0x1450
[  363.306268][ T5943]  ? __pfx_kthread+0x10/0x10
[  363.306296][ T5943]  ret_from_fork_asm+0x1a/0x30
[  363.306360][ T5943]  </TASK>
[  363.672187][ T8612] loop4: detected capacity change from 0 to 1024
[  363.709438][ T5943] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  364.164383][ T8620] netlink: 'syz.1.700': attribute type 10 has an invalid length.
[  364.175501][ T8620] team0: Device vxcan1 is of different type
[  364.752993][ T8625] loop6: detected capacity change from 0 to 128
[  364.785676][ T8625] FAT-fs (loop6): bogus number of reserved sectors
[  364.792223][ T8625] FAT-fs (loop6): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero
[  364.864370][ T8625] FAT-fs (loop6): Can't find a valid FAT filesystem
[  365.084692][   T10] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  365.262029][ T5828] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  365.272044][   T10] usb 2-1: Using ep0 maxpacket: 32
[  365.286191][   T10] usb 2-1: config 0 has an invalid interface number: 51 but max is 0
[  365.314427][   T10] usb 2-1: config 0 has no interface number 0
[  365.320576][   T10] usb 2-1: config 0 interface 51 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  365.355607][   T10] usb 2-1: config 0 interface 51 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  365.377113][   T10] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  365.386764][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  365.395306][   T10] usb 2-1: Product: syz
[  365.406886][   T10] usb 2-1: Manufacturer: syz
[  365.420397][   T10] usb 2-1: SerialNumber: syz
[  365.440237][ T5828] usb 5-1: Using ep0 maxpacket: 32
[  365.460369][   T10] usb 2-1: config 0 descriptor??
[  365.478625][ T5828] usb 5-1: config 2 has an invalid interface number: 88 but max is 0
[  365.489330][   T10] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  365.514686][ T5828] usb 5-1: config 2 has no interface number 0
[  365.520931][ T5828] usb 5-1: config 2 interface 88 altsetting 7 bulk endpoint 0x6 has invalid maxpacket 256
[  365.560709][ T5828] usb 5-1: config 2 interface 88 has no altsetting 0
[  365.581995][ T5828] usb 5-1: New USB device found, idVendor=0557, idProduct=2009, bcdDevice=c7.1e
[  365.616209][ T5828] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  365.634330][ T5828] usb 5-1: Product: syz
[  365.638609][ T5828] usb 5-1: Manufacturer: syz
[  365.654385][ T5828] usb 5-1: SerialNumber: syz
[  365.676828][ T8631] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  365.694695][   T10] usb 2-1: qt2_setup_urbs - submit read urb failed -90
[  365.701996][   T10] quatech2 2-1:0.51: probe with driver quatech2 failed with error -90
[  365.774364][ T5897] usb 3-1: new full-speed USB device number 8 using dummy_hcd
[  365.905957][ T8631] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  365.930074][ T8627] loop1: detected capacity change from 0 to 64
[  365.982640][ T5897] usb 3-1: not running at top speed; connect to a high speed hub
[  366.084866][ T5897] usb 3-1: config 55 has an invalid interface number: 173 but max is 1
[  366.108359][ T5897] usb 3-1: config 55 has an invalid interface number: 173 but max is 1
[  366.211726][ T5897] usb 3-1: config 55 has 1 interface, different from the descriptor's value: 2
[  366.310442][ T5897] usb 3-1: config 55 has no interface number 0
[  366.389221][ T5897] usb 3-1: config 55 interface 173 has no altsetting 0
[  366.507773][ T5897] usb 3-1: New USB device found, idVendor=1199, idProduct=0025, bcdDevice=be.2f
[  366.553868][ T5897] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  366.584346][ T5897] usb 3-1: Product: syz
[  366.596120][ T5897] usb 3-1: Manufacturer: syz
[  366.614264][ T5897] usb 3-1: SerialNumber: syz
[  366.684148][ T5889] usb 2-1: USB disconnect, device number 14
[  366.791044][ T8641] loop5: detected capacity change from 0 to 32768
[  367.314769][ T5828] asix 5-1:2.88 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  367.318462][ T5897] sierra 3-1:55.173: Sierra USB modem converter detected
[  367.341486][ T5828] asix 5-1:2.88: probe with driver asix failed with error -71
[  367.385568][ T8641] ERROR: (device loop5): dtReadFirst: stbl[0] out of bound
[  367.385568][ T8641] 
[  367.396546][ T5897] usb 3-1: Sierra USB modem converter now attached to ttyUSB0
[  367.397887][ T5828] usb 5-1: USB disconnect, device number 12
[  367.450339][ T8641] ERROR: (device loop5): remounting filesystem as read-only
[  367.462091][ T5897] usb 3-1: USB disconnect, device number 8
[  367.526318][ T5897] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0
[  367.567846][ T5897] sierra 3-1:55.173: device disconnected
[  368.463309][ T8662] Driver unsupported XDP return value 0 on prog  (id 17) dev N/A, expect packet loss!
[  368.613459][ T8664] loop5: detected capacity change from 0 to 1024
[  371.036651][ T8687] loop5: detected capacity change from 0 to 131072
[  371.048732][ T8691] netlink: 4 bytes leftover after parsing attributes in process `syz.6.727'.
[  371.149854][ T8687] F2FS-fs (loop5): invalid crc value
[  371.246684][ T8687] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  371.301446][ T8687] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4
[  374.523893][ T8722] loop2: detected capacity change from 0 to 2048
[  374.559403][ T7803]  loop2: [ICS]
[  374.595428][ T8722]  loop2: [ICS]
[  374.595542][   T24] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  374.633964][   T29] libceph: connect (1)[c::]:6789 error -101
[  374.840707][   T29] libceph: mon0 (1)[c::]:6789 connect error
[  374.917266][ T8717] ceph: No mds server is up or the cluster is laggy
[  375.056578][   T24] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  375.074150][   T24] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  375.175310][ T8734] loop5: detected capacity change from 0 to 1024
[  375.205830][ T8734] EXT4-fs: Ignoring removed orlov option
[  375.303564][   T24] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  375.323224][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  375.335782][   T24] usb 7-1: SerialNumber: syz
[  376.331451][ T8734] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  376.359271][ T8743] netlink: 'syz.2.741': attribute type 4 has an invalid length.
[  376.440174][ T5832] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  376.528592][   T24] usb 7-1: 0:2 : does not exist
[  376.528708][   T24] usb 7-1: unit 48 not found!
[  376.984994][   T24] usb 7-1: USB disconnect, device number 6
[  377.118888][ T7803] udevd[7803]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  377.718912][ T8759] Cannot find add_set index 0 as target
[  377.744852][ T8759] overlayfs: overlapping lowerdir path
[  377.846668][ T8760] netlink: 32 bytes leftover after parsing attributes in process `syz.0.746'.
[  377.909009][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  377.924232][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  378.104690][ T5897] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  379.365591][ T5897] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  379.376825][ T5897] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  379.394617][ T5897] usb 7-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.01
[  379.403704][ T5897] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  379.409157][ T8769] faux_driver vgem: [drm] Unknown color mode 181; guessing buffer size.
[  379.539620][ T5897] usb 7-1: config 0 descriptor??
[  380.401949][ T8777] loop1: detected capacity change from 0 to 128
[  381.214307][ T8777] FAT-fs (loop1): bogus number of reserved sectors
[  381.220933][ T8777] FAT-fs (loop1): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero
[  381.230288][ T8777] FAT-fs (loop1): Can't find a valid FAT filesystem
[  381.787858][ T5897] usbhid 7-1:0.0: can't add hid device: -71
[  381.795617][ T5897] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  381.813254][ T5897] usb 7-1: USB disconnect, device number 7
[  383.792000][ T8790] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  384.212519][ T8799] loop4: detected capacity change from 0 to 128
[  386.855729][ T8813] Cannot find del_set index 4 as target
[  386.873360][ T8813] overlayfs: overlapping lowerdir path
[  386.977027][ T8814] netlink: 32 bytes leftover after parsing attributes in process `syz.4.762'.
[  387.784299][   T10] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  387.965135][   T10] usb 6-1: Using ep0 maxpacket: 16
[  387.976608][   T10] usb 6-1: config 0 has an invalid interface number: 8 but max is 0
[  387.985009][   T10] usb 6-1: config 0 has no interface number 0
[  387.991145][   T10] usb 6-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  388.048501][   T10] usb 6-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  388.096801][   T10] usb 6-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  388.153178][   T10] usb 6-1: Product: syz
[  388.181224][   T10] usb 6-1: SerialNumber: syz
[  388.315996][ T8823] loop6: detected capacity change from 0 to 128
[  388.410769][ T8823] FAT-fs (loop6): bogus number of reserved sectors
[  388.417532][ T8823] FAT-fs (loop6): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero
[  388.426943][ T8823] FAT-fs (loop6): Can't find a valid FAT filesystem
[  388.793165][   T10] usb 6-1: config 0 descriptor??
[  388.847930][   T10] cm109 6-1:0.8: invalid payload size 24, expected 4
[  388.894480][   T10] input: CM109 USB driver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.8/input/input7
[  389.263222][    C0] cm109 6-1:0.8: cm109_urb_irq_callback: urb status -71
[  389.263266][    C0] ------------[ cut here ]------------
[  389.263337][    C0] URB ffff888029814b00 submitted while active
[  389.263352][    C0] WARNING: drivers/usb/core/urb.c:379 at usb_submit_urb+0x7b/0x18b0, CPU#0: syz.4.767/8834
[  389.263397][    C0] Modules linked in:
[  389.263462][    C0] CPU: 0 UID: 0 PID: 8834 Comm: syz.4.767 Not tainted syzkaller #0 PREEMPT(full) 
[  389.263491][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  389.263508][    C0] RIP: 0010:usb_submit_urb+0x7e/0x18b0
[  389.263541][    C0] Code: 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 b7 51 f8 fa 49 83 3e 00 74 40 e8 bc 02 8e fa 48 8d 3d 95 60 e7 08 48 89 de <67> 48 0f b9 3a b8 f0 ff ff ff eb 11 e8 a1 02 8e fa eb 05 e8 9a 02
[  389.263563][    C0] RSP: 0018:ffffc90000007960 EFLAGS: 00010083
[  389.263587][    C0] RAX: ffffffff8737b214 RBX: ffff888029814b00 RCX: 0000000000040000
[  389.263608][    C0] RDX: ffffc90002161000 RSI: ffff888029814b00 RDI: ffffffff901f12b0
[  389.263629][    C0] RBP: 000000000000000f R08: 0000000000000003 R09: 0000000000000004
[  389.263645][    C0] R10: dffffc0000000000 R11: fffff52000000f2c R12: 0000000000000820
[  389.263665][    C0] R13: ffff88802c7d7830 R14: ffff888029814b08 R15: dffffc0000000000
[  389.263695][    C0] FS:  00007fb2995396c0(0000) GS:ffff888125454000(0000) knlGS:0000000000000000
[  389.263719][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  389.263738][    C0] CR2: 0000000000000000 CR3: 0000000051daa000 CR4: 0000000000350ef0
[  389.263758][    C0] Call Trace:
[  389.263768][    C0]  <IRQ>
[  389.263782][    C0]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  389.263818][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  389.263851][    C0]  ? ___ratelimit+0x58c/0x8d0
[  389.263891][    C0]  cm109_urb_irq_callback+0x6e2/0xcb0
[  389.263928][    C0]  __usb_hcd_giveback_urb+0x376/0x540
[  389.263977][    C0]  dummy_timer+0xbbd/0x45d0
[  389.264035][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  389.264066][    C0]  ? __lock_acquire+0x6b5/0x2cf0
[  389.264137][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  389.264165][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  389.264212][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  389.264256][    C0]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  389.264286][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  389.264325][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  389.264365][    C0]  __hrtimer_run_queues+0x53a/0xcc0
[  389.264432][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  389.264467][    C0]  ? ktime_get_update_offsets_now+0x3b2/0x3d0
[  389.264499][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  389.264541][    C0]  hrtimer_run_softirq+0x182/0x5a0
[  389.264589][    C0]  handle_softirqs+0x22a/0x870
[  389.264628][    C0]  ? __irq_exit_rcu+0x5f/0x150
[  389.264680][    C0]  __irq_exit_rcu+0x5f/0x150
[  389.264716][    C0]  irq_exit_rcu+0x9/0x30
[  389.264750][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  389.264784][    C0]  </IRQ>
[  389.264793][    C0]  <TASK>
[  389.264805][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  389.264834][    C0] RIP: 0010:_raw_spin_unlock_irq+0x29/0x50
[  389.264866][    C0] Code: 90 f3 0f 1e fa 53 48 89 fb 48 83 c7 18 48 8b 74 24 08 e8 1a 8c ef f5 48 89 df e8 52 01 f0 f5 e8 ed 6c 1b f6 fb bf 01 00 00 00 <e8> 32 be e1 f5 65 8b 05 9b 8f 6a 07 85 c0 74 07 5b e9 6c 10 5e f5
[  389.264889][    C0] RSP: 0018:ffffc90014f07370 EFLAGS: 00000202
[  389.264913][    C0] RAX: 0000000000004e2f RBX: ffff88806659d7c0 RCX: 0000000080000001
[  389.264932][    C0] RDX: 0000000000000007 RSI: ffffffff8defb34b RDI: 0000000000000001
[  389.264950][    C0] RBP: ffffc90014f074d0 R08: ffffffff9011d3b7 R09: 1ffffffff2023a76
[  389.264970][    C0] R10: dffffc0000000000 R11: fffffbfff2023a77 R12: ffffc90014f07420
[  389.264990][    C0] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000001
[  389.265027][    C0]  shmem_add_to_page_cache+0xa5e/0xd40
[  389.265084][    C0]  ? __pfx_shmem_add_to_page_cache+0x10/0x10
[  389.265131][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  389.265163][    C0]  ? percpu_ref_put+0xf9/0x180
[  389.265200][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  389.265232][    C0]  ? __mem_cgroup_charge+0x149/0x1e0
[  389.265267][    C0]  shmem_alloc_and_add_folio+0x869/0xf80
[  389.265297][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  389.265335][    C0]  ? filemap_get_entry+0xca/0x320
[  389.265364][    C0]  ? filemap_get_entry+0xca/0x320
[  389.265394][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  389.265426][    C0]  ? filemap_get_entry+0x2ac/0x320
[  389.265456][    C0]  ? __pfx_filemap_get_entry+0x10/0x10
[  389.265488][    C0]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[  389.265521][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  389.265553][    C0]  ? shmem_allowable_huge_orders+0x5ec/0x690
[  389.265604][    C0]  shmem_get_folio_gfp+0x5a9/0x1670
[  389.265678][    C0]  shmem_fault+0x179/0x390
[  389.265717][    C0]  __do_fault+0x138/0x390
[  389.265753][    C0]  do_pte_missing+0x228f/0x3490
[  389.265784][    C0]  ? do_pte_missing+0x130a/0x3490
[  389.265822][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  389.265858][    C0]  ? handle_mm_fault+0xee/0x3310
[  389.265903][    C0]  handle_mm_fault+0x1bec/0x3310
[  389.265961][    C0]  ? handle_mm_fault+0xee/0x3310
[  389.266012][    C0]  ? __pfx_handle_mm_fault+0x10/0x10
[  389.266055][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  389.266086][    C0]  ? follow_page_pte+0x841/0x1450
[  389.266123][    C0]  ? __pfx_follow_page_pte+0x10/0x10
[  389.266150][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  389.266191][    C0]  __get_user_pages+0x165b/0x29d0
[  389.266267][    C0]  populate_vma_page_range+0x2be/0x3c0
[  389.266310][    C0]  ? __pfx_populate_vma_page_range+0x10/0x10
[  389.266355][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  389.266386][    C0]  ? down_read+0x272/0x2e0
[  389.266422][    C0]  ? __mm_populate+0x173/0x390
[  389.266464][    C0]  __mm_populate+0x25f/0x390
[  389.266506][    C0]  ? __pfx___mm_populate+0x10/0x10
[  389.266547][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  389.266587][    C0]  vm_mmap_pgoff+0x3aa/0x4f0
[  389.266626][    C0]  ? __se_sys_futex+0x3a8/0x450
[  389.266666][    C0]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  389.266711][    C0]  ? __pfx___se_sys_futex+0x10/0x10
[  389.266746][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  389.266777][    C0]  ? rcu_is_watching+0x15/0xb0
[  389.266819][    C0]  ? ksys_mmap_pgoff+0xf3/0x760
[  389.266861][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  389.266892][    C0]  ? __x64_sys_mmap+0x7f/0x140
[  389.266933][    C0]  do_syscall_64+0x14d/0xf80
[  389.266969][    C0]  ? trace_irq_disable+0x3b/0x150
[  389.266992][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  389.267026][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  389.267053][    C0] RIP: 0033:0x7fb29859c819
[  389.267076][    C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  389.267099][    C0] RSP: 002b:00007fb299539028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  389.267126][    C0] RAX: ffffffffffffffda RBX: 00007fb298815fa0 RCX: 00007fb29859c819
[  389.267146][    C0] RDX: b635773f06ebbeee RSI: 0000000000b36000 RDI: 0000200000000000
[  389.267166][    C0] RBP: 00007fb298632c91 R08: ffffffffffffffff R09: 0000000000000000
[  389.267185][    C0] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000000
[  389.267202][    C0] R13: 00007fb298816038 R14: 00007fb298815fa0 R15: 00007ffcdc9cf0a8
[  389.267241][    C0]  </TASK>
[  389.267256][    C0] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  389.267273][    C0] CPU: 0 UID: 0 PID: 8834 Comm: syz.4.767 Not tainted syzkaller #0 PREEMPT(full) 
[  389.267301][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  389.267318][    C0] Call Trace:
[  389.267328][    C0]  <IRQ>
[  389.267339][    C0]  vpanic+0x56c/0xa60
[  389.267377][    C0]  ? __pfx__printk+0x10/0x10
[  389.267403][    C0]  ? __pfx_vpanic+0x10/0x10
[  389.267436][    C0]  ? is_bpf_text_address+0x292/0x2b0
[  389.267463][    C0]  ? is_bpf_text_address+0x26/0x2b0
[  389.267503][    C0]  panic+0xc5/0xd0
[  389.267540][    C0]  ? __pfx_panic+0x10/0x10
[  389.267594][    C0]  __warn+0x315/0x4f0
[  389.267628][    C0]  ? usb_submit_urb+0x7b/0x18b0
[  389.267659][    C0]  ? usb_submit_urb+0x7b/0x18b0
[  389.267697][    C0]  __report_bug+0x29a/0x540
[  389.267731][    C0]  ? __pfx_dev_vprintk_emit+0x10/0x10
[  389.267774][    C0]  ? usb_submit_urb+0x7b/0x18b0
[  389.267806][    C0]  ? __pfx___report_bug+0x10/0x10
[  389.267846][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  389.267877][    C0]  ? dev_printk_emit+0xee/0x140
[  389.267926][    C0]  report_bug_entry+0x19a/0x290
[  389.267962][    C0]  ? usb_submit_urb+0x7e/0x18b0
[  389.267990][    C0]  ? usb_submit_urb+0x83/0x18b0
[  389.268019][    C0]  handle_bug+0xce/0x200
[  389.268059][    C0]  exc_invalid_op+0x1a/0x50
[  389.268099][    C0]  asm_exc_invalid_op+0x1a/0x20
[  389.268125][    C0] RIP: 0010:usb_submit_urb+0x7e/0x18b0
[  389.268156][    C0] Code: 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 b7 51 f8 fa 49 83 3e 00 74 40 e8 bc 02 8e fa 48 8d 3d 95 60 e7 08 48 89 de <67> 48 0f b9 3a b8 f0 ff ff ff eb 11 e8 a1 02 8e fa eb 05 e8 9a 02
[  389.268178][    C0] RSP: 0018:ffffc90000007960 EFLAGS: 00010083
[  389.268201][    C0] RAX: ffffffff8737b214 RBX: ffff888029814b00 RCX: 0000000000040000
[  389.268221][    C0] RDX: ffffc90002161000 RSI: ffff888029814b00 RDI: ffffffff901f12b0
[  389.268242][    C0] RBP: 000000000000000f R08: 0000000000000003 R09: 0000000000000004
[  389.268258][    C0] R10: dffffc0000000000 R11: fffff52000000f2c R12: 0000000000000820
[  389.268277][    C0] R13: ffff88802c7d7830 R14: ffff888029814b08 R15: dffffc0000000000
[  389.268307][    C0]  ? usb_submit_urb+0x74/0x18b0
[  389.268351][    C0]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  389.268384][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  389.268415][    C0]  ? ___ratelimit+0x58c/0x8d0
[  389.268456][    C0]  cm109_urb_irq_callback+0x6e2/0xcb0
[  389.268492][    C0]  __usb_hcd_giveback_urb+0x376/0x540
[  389.268540][    C0]  dummy_timer+0xbbd/0x45d0
[  389.268597][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  389.268628][    C0]  ? __lock_acquire+0x6b5/0x2cf0
[  389.268698][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  389.268727][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  389.268768][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  389.268813][    C0]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  389.268845][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  389.268888][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  389.268929][    C0]  __hrtimer_run_queues+0x53a/0xcc0
[  389.268990][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  389.269028][    C0]  ? ktime_get_update_offsets_now+0x3b2/0x3d0
[  389.269062][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  389.269104][    C0]  hrtimer_run_softirq+0x182/0x5a0
[  389.269152][    C0]  handle_softirqs+0x22a/0x870
[  389.269193][    C0]  ? __irq_exit_rcu+0x5f/0x150
[  389.269237][    C0]  __irq_exit_rcu+0x5f/0x150
[  389.269273][    C0]  irq_exit_rcu+0x9/0x30
[  389.269305][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  389.269340][    C0]  </IRQ>
[  389.269350][    C0]  <TASK>
[  389.269361][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  389.269390][    C0] RIP: 0010:_raw_spin_unlock_irq+0x29/0x50
[  389.269423][    C0] Code: 90 f3 0f 1e fa 53 48 89 fb 48 83 c7 18 48 8b 74 24 08 e8 1a 8c ef f5 48 89 df e8 52 01 f0 f5 e8 ed 6c 1b f6 fb bf 01 00 00 00 <e8> 32 be e1 f5 65 8b 05 9b 8f 6a 07 85 c0 74 07 5b e9 6c 10 5e f5
[  389.269445][    C0] RSP: 0018:ffffc90014f07370 EFLAGS: 00000202
[  389.269467][    C0] RAX: 0000000000004e2f RBX: ffff88806659d7c0 RCX: 0000000080000001
[  389.269486][    C0] RDX: 0000000000000007 RSI: ffffffff8defb34b RDI: 0000000000000001
[  389.269504][    C0] RBP: ffffc90014f074d0 R08: ffffffff9011d3b7 R09: 1ffffffff2023a76
[  389.269524][    C0] R10: dffffc0000000000 R11: fffffbfff2023a77 R12: ffffc90014f07420
[  389.269545][    C0] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000001
[  389.269582][    C0]  shmem_add_to_page_cache+0xa5e/0xd40
[  389.269637][    C0]  ? __pfx_shmem_add_to_page_cache+0x10/0x10
[  389.269689][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  389.269721][    C0]  ? percpu_ref_put+0xf9/0x180
[  389.269758][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  389.269789][    C0]  ? __mem_cgroup_charge+0x149/0x1e0
[  389.269824][    C0]  shmem_alloc_and_add_folio+0x869/0xf80
[  389.269853][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  389.269890][    C0]  ? filemap_get_entry+0xca/0x320
[  389.269918][    C0]  ? filemap_get_entry+0xca/0x320
[  389.269948][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  389.269980][    C0]  ? filemap_get_entry+0x2ac/0x320
[  389.270010][    C0]  ? __pfx_filemap_get_entry+0x10/0x10
[  389.270041][    C0]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[  389.270074][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  389.270106][    C0]  ? shmem_allowable_huge_orders+0x5ec/0x690
[  389.270157][    C0]  shmem_get_folio_gfp+0x5a9/0x1670
[  389.270220][    C0]  shmem_fault+0x179/0x390
[  389.270258][    C0]  __do_fault+0x138/0x390
[  389.270293][    C0]  do_pte_missing+0x228f/0x3490
[  389.270324][    C0]  ? do_pte_missing+0x130a/0x3490
[  389.270362][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  389.270397][    C0]  ? handle_mm_fault+0xee/0x3310
[  389.270444][    C0]  handle_mm_fault+0x1bec/0x3310
[  389.270502][    C0]  ? handle_mm_fault+0xee/0x3310
[  389.270552][    C0]  ? __pfx_handle_mm_fault+0x10/0x10
[  389.270595][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  389.270626][    C0]  ? follow_page_pte+0x841/0x1450
[  389.270663][    C0]  ? __pfx_follow_page_pte+0x10/0x10
[  389.270696][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  389.270737][    C0]  __get_user_pages+0x165b/0x29d0
[  389.270813][    C0]  populate_vma_page_range+0x2be/0x3c0
[  389.270856][    C0]  ? __pfx_populate_vma_page_range+0x10/0x10
[  389.270900][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  389.270931][    C0]  ? down_read+0x272/0x2e0
[  389.270970][    C0]  ? __mm_populate+0x173/0x390
[  389.271012][    C0]  __mm_populate+0x25f/0x390
[  389.271054][    C0]  ? __pfx___mm_populate+0x10/0x10
[  389.271094][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  389.271135][    C0]  vm_mmap_pgoff+0x3aa/0x4f0
[  389.271174][    C0]  ? __se_sys_futex+0x3a8/0x450
[  389.271214][    C0]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  389.271253][    C0]  ? __pfx___se_sys_futex+0x10/0x10
[  389.271288][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  389.271320][    C0]  ? rcu_is_watching+0x15/0xb0
[  389.271362][    C0]  ? ksys_mmap_pgoff+0xf3/0x760
[  389.271405][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  389.271437][    C0]  ? __x64_sys_mmap+0x7f/0x140
[  389.271479][    C0]  do_syscall_64+0x14d/0xf80
[  389.271515][    C0]  ? trace_irq_disable+0x3b/0x150
[  389.271539][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  389.271573][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  389.271600][    C0] RIP: 0033:0x7fb29859c819
[  389.271624][    C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  389.271646][    C0] RSP: 002b:00007fb299539028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  389.271682][    C0] RAX: ffffffffffffffda RBX: 00007fb298815fa0 RCX: 00007fb29859c819
[  389.271703][    C0] RDX: b635773f06ebbeee RSI: 0000000000b36000 RDI: 0000200000000000
[  389.271722][    C0] RBP: 00007fb298632c91 R08: ffffffffffffffff R09: 0000000000000000
[  389.271741][    C0] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000000
[  389.271758][    C0] R13: 00007fb298816038 R14: 00007fb298815fa0 R15: 00007ffcdc9cf0a8
[  389.271798][    C0]  </TASK>
[  389.274888][    C0] Kernel Offset: disabled