last executing test programs:

15m31.381182896s ago: executing program 32 (id=6626):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="4800000010000305000000000000000000cf0000", @ANYRES32=0x0, @ANYBLOB="03000000000000002000128008000100677265001400028008000600ac14142408000700e000000108000a00", @ANYRES32], 0x48}}, 0x0)

13m18.108082608s ago: executing program 33 (id=8117):
syz_mount_image$udf(&(0x7f0000000f00), &(0x7f0000000080)='./file0\x00', 0xa0008e, &(0x7f0000000180)={[{@adinicb}, {@iocharset={'iocharset', 0x3d, 'iso8859-7'}}, {@nostrict}, {@uid}, {}, {@iocharset={'iocharset', 0x3d, 'cp737'}}, {@mode={'mode', 0x3d, 0x40000008}}, {@noadinicb}, {@longad}, {@gid_forget}, {@unhide}, {@longad}, {@anchor={'anchor', 0x3d, 0x907}}]}, 0x1, 0xc4d, &(0x7f0000000f40)="$eJzs3U9sHNd9B/DfGy3FldxWTJwqThoHm7ZIZcZy9S+mYhXuqqbZBpBlIhRzC8CVSKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBAhQwWMzsW3FJkbYskhIlfz429Z2deW/mvZn1jCzozQsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIOL3Xr546nTaZsOhh9AYAOCBuDz2tVNntnv+AwCPrSs7/f8/AAAAAAAAAAAAAABwUKQo4slIMXd5LU1Unzvql9p9t26PD49sX+1IqmoeqsqXP/XTZ86e+/LzQ+e7eak98wH199pn49WxKxcbL83enJufWliYmmyMz7SvzU5O3fMedlt/q8HqBDRuvnZr8vr1hcaZ585u2nx74L3+J44PXBh65uTT3bLjwyMjYxtF6r3la/fdkI6dRngcjiJORopnv/+z1IqIInZ/LuoP9tpvdaTqxGDVifHhkaoj0+3WzGK5cbR7IoqIRk+lZvccbX8totb3QPuws2bEUtn8ssGDZffG5lrzravTU43R1vxie7E9OzOaOq0t+9OIIs6niOWIWO2/e3d9UUQtUnz32Fq6mt/6UZ2HL1UDg3duR7GPfbwHZTsbfRHLxSNwzQ6w/ijilUjx87dPxLV8n6nuNV+MeKXMH0a8WeaLEan8YpyLeHeb7xGPploU8efl9b+wliar+0H3vnLp642vzlyf7Snbva98xOfDXXeKh/R8OLIlH4wDfm+qRxGt6o6/lu7/NzsAAAAAAAAAAAAAAAAA7LUjUcRnIsXL//ZH1bjiqMalH7sw9PsDv9w7ZvypD9lPWfa5iFgq7m1M7uE8MHA0jab0kMcSf5zVo4g/zuP/vv2wGwMAAAAAAAAAAAAAAAAAAPCxVsRPI8UL75xIy9E7p3h75kbjSuvqdGdW2O7cv90509fX19cbqZPNnBM5l3Iu51zJuZozilw/ZzPnRM6lnMs5V3Ku5oxDuX7OZs6JnEs5l3Ou5FzNGbVcP2cz50TOpZzLOVdyruaMAzJ3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIt6PFN/55lqKFBHNiIno5Er/w24dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFDqT0X8IFI0/qB5Z10tIlL1b8eJ8pdz0Txc5iejOVTmi9G8mLNVZa357YfQfnanLxXxk0jRX3/rzgXP17+v8+nO1yDe/NbGp8/WOnmou3Hgvf4njh+7MDTy+ad2Wk7bNWDwUnvm1u3G+PDIyFjP6lo++id71g3k4xZ703UiYuH1N15rTU9Pzd//QvkVuM/q3Su5i6M/yIVUe2SaamEvFqJ2IJrxcPq+Sf1h3JzYd+Xz/91I8dvv/Hv3gd95/tfjlzqf7jzh4xd/svH8f2Hrju7x+V/bWi8//8snwXbP/yd71r2QfzfSV4uoL96c6zseUV94/Y2T7ZutG1M3pmbOnTr1laGhr5w91Xc4on69PT3Vs7QnpwsAAAAAAAAAAAAAAADgwUlF/G6kaP1kLTUi4nY1XmvgwtAzJ58+FIeq8Vabxm2/OnblYuOl2Ztz81MLC1OTjfGZ9rXZyal7PVy9Gu41PjyyL535UEf2uf1H6i/Nzr0+377xh4vbbj9av3h1YXG+dW37zXEkiohm75rBqsHjwyNVo6fbrZmq6ui2g+k/ur5UxH9EimvnGukLeV0e/791hP+m8f9LW3e0h+P/P390Y/zfJ3qKlsdMqYhfRIrf+oun4gtVO4/GXecsl/ubSDF4/nO5XBwuy3Xb0HmvQGdkYFn2fyLFP7y/uWx3POSTG2VPf6ST+wgor/+xSPGDP/te/Hpet/n9D9tf/6Nbd7RP73/4VM+6o5veV7DrrpOv/8lI8eKTb8VvVGv+7wPf/9F9Y8OJTuGN93Ps0/X/1Z51A/m4v7lXnQcAAAAAAAAAAHiE9aUi/jZS/Giklp7P6+7l7/9Nbt3RPv39r0/3rJvcm/mKPnRh1ycVAAAAAA6IvlTETyPFjcW37oyh3jz+u2f85+9sjP8cTlu2Vn/O9yvVewP28s//eg3k407svtsAAAAAAAAAAAAAAAAAAABwoKRUxPN5PvWJajz/5I7zqa9Eipf/69lcLh0vy3XngR+ofq1fnp05eXF6erYei62r01ONsbnWtamy7qcixdpffy7XLar51bvzzXfmeN+Yi30+Uoz8XbdsZy727tzknfnA6+vrEafLsp+IFP/595vL5qmp89zR1X7PlGX/KlJ845+2L3t8o+zZsuz3IsWPv9Holj1alu2+H/XTG2WfuzZb7MNVAQAAAAAAAAAAAAAAAAAA4OOmLxXxp5Hiv28u3xnLn+f/7+v5WHnzWz3z/W9xu5rnf6Ca/3+n5fuZ/796r8DSTkcFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDHU4oi3ogUc5fX0kp/+bmjfqk9c+v2+PDI9tWOpKrmoap8+VM/febsuS8/P3S+mx9cf699Jl4du3Kx8dLszbn5qYWFqcnG+Ez72uzk1D3vYbf1txqsTkDj5mu3Jq9fX2icee7sps23B97rf+L4wIWhZ04+3S07PjwyMtZTptZ330e/S9ph/eEo4i8jxbPf/1n6UX9EEbs/Fx/y3dlvR6pODFadGB8eqToy3W7NLJYbR7snooho9FRqds/RA7gWu9KMWCqbXzZ4sOze2FxrvnV1eqox2ppfbC+2Z2dGU6e1ZX8aUcT5FLEcEav9d++uL4p4LVJ899ha+uf+iEPd8/Cly2NfO3Vm53YU+9jHe1C2s9EXsVw8AtfsAOuPIv4xUvz87RPxL/0Rtej8xBcjXinzhxFvRud6p/KLcS7i3W2+RzyaalHE/5bX/8Jaeru/vB907yuXvt746sz12Z6y3fvKI/98eJAO+L2pHkX8uLrjr6V/9d81AAAAAAAAAAAAAAAAwAFSxK9FihfeOZGq8cF3xhS3Z240rrSuTneG9XXH/nXHTK+vr683UiebOSdyLuVczrmSczVnFLl+zmaZ9fX1ifx5KedyzpWcqznjUK6fs5lzIudSzuWcKzlXc0Yt18/ZzDmRcynncs6VnKs544CM3QMAAAAAAAAAAAAAAAAAAB4vRfVPiu98cy2t93fml56ITq6YD/Sx9/8BAAD//9kg9g0=")
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x43, 0x150)

12m30.327572884s ago: executing program 7 (id=8638):
r0 = fsopen(&(0x7f00000001c0)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000000c0)='test_dummy_encryption', &(0x7f0000000180)='v1to_da_alloc', 0x0)

12m29.855715308s ago: executing program 7 (id=8644):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
flistxattr(r0, 0x0, 0x0)

12m29.54543264s ago: executing program 7 (id=8649):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000003140)=ANY=[@ANYBLOB="c01800002000010a0000000000000000020000002c01018028014880ed00a90013466820cd76bb221fbb4acd690c6a8b9c760a61eeec7793b579aefdb936d00f403d3f04637cdb9ac70e28c5dd66ddedde2d0930650e6821f9a26a4a193c1d06a3e75523f901e44fe087ae32c836c6d6ddba3af8e9a2beae8936168f9fa38c395f5cf7408df69c60bf584bee86a6312e9ce866e456c3eda6f2924082d78a2f385bdbd0c9afb54758c102bf13094645fb6aa34d424ec776691fee3d25307f61fed2752babf7c686e8a3d9b59a8343bcf4121bf5cf400a0c1070855fac565cad8968a97ce0a12a1161054d82d0a240b7dedf9ba3cc63e9d1c3b9a8402f7d5b4cafcd48928a3d4a76498900000014007c00ff01000000000000000000000000000108003d00", @ANYRES32=0x0, @ANYBLOB="08001a"], 0x18c0}}, 0x0)

12m29.140882556s ago: executing program 7 (id=8655):
syz_mount_image$exfat(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x800, &(0x7f00000003c0)={[{@dmask={'dmask', 0x3d, 0x1}}, {@sys_tz}, {}, {@iocharset={'iocharset', 0x3d, 'cp936'}}, {@iocharset={'iocharset', 0x3d, 'iso8859-14'}}, {@zero_size_dir}, {@gid}, {@keep_last_dots}, {}, {@sys_tz}, {@errors_remount}, {@errors_continue}]}, 0x4, 0x152f, &(0x7f00000037c0)="$eJzs3AucTVX7OPDnWWvtMSSdJrkMa61nc5LLIklySZJLkiRJkltC0iSvJCSG3JKGJCSXIbkMIblMTBr3+/2SkCRNkoTklqz/Z8r81Vvv/33f39svv/9vnu/nsz+znrP2s/ba85yzz977nJlvug6r1aR29UZEBP8R/OVHIgDEAsAgALgGAAIAKB9XPi6zP6fExP9sI+zP9VDKlZ4Bu5K4/tkb1z974/pnb1z/7I3rn71x/bM3rn/2xvVnLDvbMqPgtbxk34Xv/2dn/P7/v0hG6XFfrCt9fTeAmH81hev//z/8D3K5/v9rBf/KSlz/7I3rn13FXukJsP8B+PWfHeT4hz1c/+yN689Ydvbre8GxcOXvR//VC0Sy92cgV/r5xxhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGMsezjrL1MAkNW+0vNijDHGGGOMMcbYn8fnuNIzYIwxxhhjjDHG2H8/BAESFAQQAzkgFnJCLhAAMVn910IcXAd54XrIB/mhABSEeCgEhUGDAQsEIRSBohCFG6AY3AjFoQSUhFLgoDSUgZugLNwM5eAWKA+3QgW4DSpCJagMVeB2qAp3QDW4E6rDXVADakItqA13Qx24B+rCvVAP7oP6cD80gAegITwIjeAhaAwPQxN4BJrCo9AMmkMLaAmt/kv5L0BPeBF6QW9IhD7QF16CftAfBsBAGAQvw2B4BYbAq5AEQ2EYvAbD4XUYAW/ASBgFo+FNGANvwVgYB+NhAiTDRJgEb8NkeAemwFSYBtMhBWbATHgXZsFsmAPvwVx4H+bBfFgACyEVPoBFsBjS4ENYAh9BOiyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVtsB12wE7YBR/DbvgE9sBe2Aefwn747N/MP/N3+d0QEFCgQIUKYzAGYzEWc2EuzI25MQ/mwQhGMA7jMC/mxXyYDwtgAYzHeCyMhdGgQULCIlgEoxjFYlgMi2NxLIkl0aHDMlgGy+LNWA7LYXksjxWwAlbESlgJq2AVrIpVsRpWw+pYHWtgDayFtfBuvBv7YF2si/WwHtbH+lm3p7ARNsLG2BibYBNsik2xGTbDFtgCW2ErbI2tsQ22wXbYDttje+yAHTABE7AjdsRO2Ak7Y2fsgl2wK3bFbtgdu2e8kAPwRXwRe2MN0Qf7Yl/sh0k5BuBAHIgv42B8BV/BVzEJh+IwfA1fw9dxBJ7GkTgKR+NorCrewrE4DklMwGRMxkk4CSfjZJyCU3EqTscUnIEzcSbOwtk4G9/Dufg+vo/zcT4uxFRMxUW4GNMwDZfgGUzHpbgMl+MKXIkrcDWuwdW4DtfjOtyIG3EzbsatuBW343bciTvxY1QA+Anuxb2YhPtxPx7AA3gQD+IhPIQZmIGH8TAewSN4FI/iMTyGx/EEnsQTeApP4Wk8g2fxLJ7H83gBn4v/qvHHJdYmgcikhBIxIkbEiliRS+QSuUVukUfkEREREXEiTuQVeUU+kU8UEAVEvIgXhUVhYYQRJMLMI4WIiqgoJoqJ4qK4KClKCiecKCPKiLKirCgnyony4lZRQdwmKopKoq2rIqqIqqKdqybuFNVFdVFD1BS1RG1RW9QRdURdUVfUE/VEfVFfNBAPiIaiDw7Ah0RmZZqIodhUDMNmormQl45QrcUIbCPainbiCTEKR2IH0doliKdFRzEWO4m/iXH4rOgiJmBX8bzoJrqLHuIF0VO0cb1EbzEF+4i+Yjr2E/3FADFQzMKa4j2cm7OWeFUkiaFimHhNLMTXxQjxhhgpRonR4k0xRrwlxopxYryYIJLFRDFJvC0mi3fEFDFVTBPTRYqYIWaKd8UsMVvMEe+JueJ9MU/MFwvEQpEqPhCLxGKRJj4US8RHIl0sFcvEcrFCrBSrxGqxRqwV68R6sUFsFJvEZrFFbBXbxHaxQ+wUu8THYrf4ROwRe8U+8anYLz4TB8Tn4qD4QhwSX4oM8ZU4LL4WR8Q34qj4VhwT34nj4oQ4Kb4Xp8QP4rQ4I86Kc+K8+FFcED+Ji8ILkCiFlFLJQMbIHDJW5pS55FUytwyyjv8yTl4n88rrZT6ZXxaQBWW8LCQLSy2NtJJkKIvIojIqb5DF5I2yuCwhS8pS0snSsoy8SZaVN8ty8hZZXt4qK8jbZEVZSVaWVeTtsqq8Q0Lkl23UkDVlLVlb3i0T4R5ZV94r68n7ZH15v2wgH5AN5YOykXxINpYPyybyEdlUPiqbyeayhWwpW8nHZGv5uGwj28p28gnZXj4pO8inZIJ8WnaU/tJT5FnZRT4nu8rnZTfZXfaQP8mL0stesreEPiD7ypdkP9lfDpAD5SD5shwsX5FD5KsySQ6Vw+Rrcrh8XY6Qb8iRcpQcLd+UY+RbcqwcJ8fLCTJZTpST5NtysnxHTpFT5TQ5XabIGXLApZHmSPlP89/+g/whP299s9wit8ptcrvcIXfKXfJjuVvulnvkHrlP7pP75X55QB6QB+VBeUgekhkyQx6Wh+UReUQelUflMXlMHpcn5Dn5vTwlf5Cn5Rl5Rp6T5+V5eeHS7wAUKqGkUipQMSqHilU5VS51lcqtrlZ51DUqoq5Vceo6lVddr/Kp/KqAKqjiVSFVWGlllFWkQlVEFVVRdQNeesKokqqUcqq0KqNu+nfyVTF1oyquSvwmP2t+if9gfq1UK9VatVZtVBvVTrVT7VV71UF1UAkqQXVUHVUn1Ul1Vp1VF9VFdVVdVTfVTfVQPVRP1VP1Ur1UokpUfdVLqp/qrwaogWqQellk7sMQNUQlqSQ1TA1Tw9VwNUKNUCPVSDVajVZj1Bg1Vo1V49V4layS1SQ1SU1Wk9UUNUVNU9NUikpRM9VMNUvNUnPUHDVXzVXz1Dy1QC1QqSpVLVKLVJpKU0vUEpWulqqlarlarlaqlWq1Wq3WqrVqvVqvNqqNKl1tUVvUNrVN7VA71C61S+1Wu9UetUftU/vUfrVfHVAH1EF1UB1Sh1SGylCH1WF1RB1RR9VRdUwdU8fVcXVSnVSn1Cl1Wp1WZ9VZdV6dVxfUBXVRXcw87QtEIAIVqCAmiAlig9ggV5AryB3kDvIEeYJIEAnigrggb3B9kC/IHxQICgbxQaGgcKADE9hAXCp6NLghKBbcGBQPSgQlg1KBC0oHZYKbgrLBzUG54JagfHBrUCG4LagYVAoqB1WC24OqwR1BteDOoHpwV1AjqBnUCmoHdwd1gnuCusG9Qb3gvqB+cH/QIHggaBg8GDQKHgoaBw8HTYJHgqbBo0GzoHnQImgZtPpTx/f+dP7HXS/dWyfqPrqvfkn30/31AD1QD9Iv68H6FT1Ev6qT9FA9TL+mh+vX9Qj9hh6pR+nR+k09Rr+lx+pxeryeoJP1RD1Jv60n63f0FD1VT9PTdYqeoWfqd/UsPVvP0e/pufp9PU/P1wv0Qp2qP9CL9GKdpj/US/RHOl0v1cv0cr1Cr9Sr9Gq9Rq/V6/R6vUFv1Jv0Zr1Fb9Xb9Ha9Q+/Uu/THerf+RO/Re/U+/anerz/TB/Tn+qD+Qh/SX+oM/ZU+rL/WR/Q3+qj+Vh/T3+nj+oQ+qb/Xp/QP+rQ+o8/qc/q8/lFf0D/pi9pnntxnvr0bZZSJMTEm1sSaXCaXyW1ymzwmj4mYiIkzcSavyWvymXymgClg4k28KWwKm0xkyBQxRUzURE0xU8wUN8VNSVPSOONMGVPGlDVlTTlTzpQ35U0FU8FUNBVNZVPZ3G5uN3eYO8yd5k5zl7nL1DQ1TW1T29QxdUxdU9fUM/VMfVPfNDANTEPT0DQyjUxj09g0MU1MU9PUNDPNTAvTwrQyrUxr09q0MW1MO9POtDftTQfTwSSYBNPRdDSdTCfT2XQ2XUwX09V0Nd1MN9PD9DA9TU/Ty/QyiSbR9DV9TT/TzwwwA8wgM8gMNoPNEDPEJJkkM8wMM8PNcDPCjDAjzSgzOvNE1bxlxppxZryZYJJNsplkJpnJZrKZYqaYaWaaSTEpZqaZaWaZWWaOmWPmmrlmnplnFpgFJtWkmkVmkUkzaWaJWWLSTbpZZpaZFWaFWWVWmTVmjVln1pkNsMFsMpvMFrPFbDPbzA6zw+wyu8xus9vsMXvMPrPP7Df7zQFzwBw0B80hc8hkmAxz2Bw2R8wRc9QcNcfMMXPcHDcnzUlzypwyp81pc9acNedN/kvvl97E2pw2l73K5rZX2zz2Gvv3cQFb0MbbQraw1Tafzf+b2Fhri9sStqQtZZ0tbcvYm34XV7SVbGVbxd5uq9o7bLXfxXXsPbauvdfWs/fZ2vbu38T17f22gX3ENkQEsM1tY9vSNrGP2Kb2UdvMNrctbEvb3j5pO9inbIJ92na0z/wuXmQX2zV2rV1n19s9dq89a8/ZI/Ybe97+aHvZ3naQfdkOtq/YIfZVm2SH/i4ebd+0Y+xbdqwdZ8fbCb+Lp9npNsXOsDPtu3aWnf27ONV+YOfaNDvPzrcL7MKf48w5pdkP7RL7kU23ASyzy+0Ku9Kusqv/71yX2412k91sd9tP7Da73e6wO+2urBNhu9fus5/a/fYze9h+bQ/aL+whe9Rm2K9+jjP376j91h6z39nj9oQ9ab+3p+wPKis7c9+/tz/Zi9ZbICQgSYoCiqEcFEs5KRddRbnpaspD11CErqU4uo7y0vWUj/JTASpI8VSICpMmQ5aIQipCRSlKN1DW9EpSKXJUmsrQTVSWbqZydAuVp1upAt1GFakSVaYqdDtVpTuoGt1J1ekuqkE1qRbVprupDt1Ddeleqkf3UX26nxrQA9SQHqRG9BA1poepCT1CTelRakbNqQW1pFb0GLWmx6kNtaV29AS1pyepAz1FCfQ0daRnqBP9jTrTs9SFnqOu9Dx1o+7Ug16gnvQi9aLelEh9qC+9RP2oPw2ggTSIXqbB9AoNoVcpiYbSMHqNhtPrNILeoJE0ikbTmzSG3qKxNI7G0wRKpok0id6myfQOTaGpNI2mUwrNoJn0Ls2i2TSH3qO59D7No/m0gBZSKn1Ai2gxpdGHtIQ+onRaSstoOa2glbSKVtMaWkvraD1toI20iTbTFtpK22g77aCdtIs+pt30Ce2hvbSPPqX99BkdoM/pIH1Bh+hLyqCv6DB9TUfoGzpK3/re9B0dpxN0kr6nU/QDnaYzdJbO0Xn6kS7QT3SRPEGIoQhlqMIgjAlzhLFhzjBXeFWYO7w6zBNeE0bCa8O48Lowb3h9mC/MHxYIC4bxYaGwcKhDE9qQwjAsEhYNo+ENYbHwxrB4WCIsGZYKXVg6LBPeFJYNbw7LhbeE5cNbwwrhbWHFsFL4yH1VwtvDquEdYbXwzrB6eFdYI6wZ1gprh3eHdcJ7wrrhvWG98L6wXHh/2CB8IGwYPhg2Ch8KG4cPh03CR8Km4aNhs7B52CJsGbYKHwtbh4+HbcK2YbvwqrB9+GTYIXwqTAifDjuGz/zcf//irP4nftefGPYJ+4YvhS+F3t8rF0QXRlOjH0QXRRdH06IfRpdEP4qmR5dGl0WXR1dEV0ZXRVdH10TXRtdF10c3RDdGN0U3R72vnQMcOuGkUy5wMS6Hi3U5XS53lcvtrnZ53DUu4q51ce46l9dd7/K5/K6AK+jiXSFX2GlnnHXkQlfEFXVRd4Mr5m50xV0JV9KVcs6VdmVcS9fKtXKt3eOujWvr2rkn3BPuSfeke8o95Z52Hd0zrpP7m+vsnnVd3HPuOfe86+a6ux7uBdfTTczzy2sy0fV1fV0/188NcAPcIDfIDXaD3RA3xCW5JDfMDXPD3XA3wo1wI91IN9qNdmPcGDfWjXXj3XiX7JLdJDfJTXaT3RQ3xU1z01yKS3Ez3Uw3y81yVWf/spV5bp5b4Ba4VJfqFrnMc8Y0t8Qtceku3S1zy9wKt8KtcqvcGrfGrXPr3Aa3wW1ym9wWt8Vtc9vcDrfD7XK73G632+3x1/wyqNvvDrgD7qA76A65L12G+8oddl+7I+4bd9R9646579xxd8KddN+7U+4Hd9qdcWfdOXfe/eguuJ/cReddcmRiZFLk7cjkyDuRKZGpkWmR6ZGUyIzIzMi7kVmR2ZE5kfcicyPvR+ZF5kcWRBZGUiMfRBZFFkfSIh9GlkQ+iqRHlkaWRZZHVkRWRrwvtC30RXxRH/U3+GL+Rl/cl/AlfSnvfGlfxt/ky/qbfTl/iy/vb/UV/G2+oq/kK/tHfTPf3LfwLX0r/5hv7R/3bXxb384/4dv7J30H/5RP8E/7jv4Z38n/zXf2z/ou/jnf1T/vu/nuvod/wff0L/pevrdP9H18X/+S7+f7+wF+oB/kX/aD/St+iH/VJ/mhfph/zQ/3r/sR/g0/0o/yo2Pe9GOyLpFhgk/2E/0k/7af7N/xU/xUP81P9yl+hp/p3/Wz/Gw/x7/n5/r3/Tw/3y/wC32q/8Av8ot9mv/QL/Ef+XS/NOumsV/lV/s1fq1f59f7DX6j3+Q3+y1+q9/mt/sdfqff5T/2u/0nfo/f6/f5T/1+/5k/4D/3B/0X/pD/0mf4r/xh/7U/4r/xR/23/pj/zh/3J/xJ/70/5X/wp/0Zf9af8+f9j/6C/8lf5L9ZY4wxxhj7l0y83BS/7fnldn6fP8gRv1q5LwBcvb1gxq/7M88oN+T7pd1fxLePAMDTvbs+lLXUqJGYmHhp3XQJQdH5AFmfBGX6+asHl+Kl0A6ehARoC2X/cP79Rffz9E/Gj94KkOtXObFwOb48/ucAmPgH4z/2xOhFFcKzcf+P8ecDFC96OScnXI6XQruf76+0hXL/YP75W/+T+ef8Ihmgza9ycsPl+PL8y8Dj8Awk/GZNxhhjjDHGGGPsF/1F5c5Z159Z3/j8o+vzeHU5Jwdcjv/Z9TljjDHGGGOMMcauvGe793jqsYSEtp3//Ua1/1LWv9xoCv9dI3PjDxveA2Q9ogDgPxwQILMh/8q92PqXbCvp0kvn77tWnPMB/M8o5Z/RuMIHJsYYY4wxxtif7vJJ/28fV1dqQowxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGWDb0V/w7sSu9j4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxtiV9n8CAAD//7wUAB0=")
mount$bind(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333c06, 0x0)

12m28.516068296s ago: executing program 7 (id=8663):
r0 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x3000005, 0x12, r0, 0x80000000)

12m27.730667957s ago: executing program 7 (id=8671):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000240)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})

12m27.003464047s ago: executing program 34 (id=8671):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000240)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})

9m9.050771534s ago: executing program 2 (id=11021):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x101602, 0x0)
fallocate(r0, 0x1, 0x0, 0x140000804000004)

9m8.776282312s ago: executing program 2 (id=11027):
syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', 0x2200006, &(0x7f00000002c0)=ANY=[@ANYBLOB="766f6c756d653d30303030303030303030303030303030303036322c756d61736b3d30303030303030303030303030303030303430303031312c616e63686f723d30303030303030303030303030303036353533352c6769643d666f726765742c766f6c756d653d30303030303030303030303030303030313032332c6e6f7672732c6e6f7672732c6c617374626c6f636b3d30303030303030303030303030303030303030302c696f636861727365743d69736f383835392d332c00db89fcc57928b242f98f43b3877d9fef38d921eb1dde8ef1febcf6b9c64896379c03c9780a40503a32f8baf74b740c77b3f590f469f9490d614e1cbbf83f8d722372f8524955ef3a5b66549131951817f14ae7c4e6fae062a7cfb3e249a4b9ebd1c81b134d3042ff379a205964c1cedf1ca8125dca72e1e5c630"], 0x1, 0xc32, &(0x7f0000000e00)="$eJzs3U1sXNd9N+D/uRyKI/l9KyZ2FCeNi0lbpLJiufqKqViFO6pptgFkWQjF7AJwJI7UgSmSIKlGNtKC6aaLLgIURRdZEWiNAikaGE0RdMm0LpBsvCiy6opoYSMoumCLAFkFLO6dM9KQIm1GFCVKeh6b+s3ce86dc+4Z3ysLOvcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDxe6+dP3EyPexWAAAP0sXxr5445f4PAE+Uy/7/HwAAAAAAAAAAAAAA9rsURTwdKeYurqXJ6n1X/UJn8OatidGxrasdTFXNgap8+VM/eer0mS+9NHK2lxc6Mx9R/377bLwxfvl849XZG3Pz7YWF9lRjYqZzdXaqveMj7Lb+ZseqE9C48ebNqWvXFhqnXjy9Yfet4Q+HnjoyfG7k+ePP9cpOjI6Njd8pUu8vX7vnhnRtN8PjQBRxPFK88L2fplZEFLH7c1F/sGO/2cGqE8eqTkyMjlUdme60ZhbLnZd6J6KIaPRVavbO0dZjEbXBB9qH7TUjlsrmlw0+VnZvfK4137oy3W5cas0vdhY7szOXUre1ZX8aUcTZFLEcEatDdx9uMIqoRYrvHF5LVyJioHcevlhNDN6+HcUe9nEHynY2BiOWi0dgzPaxoSji9Ujxs/eOxtV8namuNV+IeL3MH0S8U+YrEan8YpyJ+GCL7xGPploU8efl+J9bS1PV9aB3XbnwtcZXZq7N9pXtXVd+yfvDXVeKh3R/OLgpH4x9fm2qRxGt6oq/lu79NzsAAAAAAAAAAAAAAAAA3G8Ho4jPRIrX/u2PqnnFUc1LP3xu5PeH/3//nPFnP+Y4ZdkXI2Kp2Nmc3AN5YuCldCmlhzyX+ElWjyL+OM//+9bDbgwAAAAAAAAAAAAAAAAAAMATrYifRIqX3z+alqN/TfHOzPXG5daV6e6qsL21f3trpq+vr683UjebOSdzLuVczrmSczVnFLl+zmbOyZxLOZdzruRczRkDuX7OZs7JnEs5l3Ou5FzNGbVcP2cz52TOpZzLOVdyruaMfbJ2LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIn4RKb79jbUUKSKaEZPRzZWhh906AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA0lIr4fqRo/EHz9rZaRKTq366j5S9nonmgzE9Gc6TMV6J5PmerylrzWw+h/ezOYCrix5FiqP7u7QHP4z/YfXf7axDvfPPOu8/WujnQ2zn84dBTRw6fGxn7tWe3e522asCxC52Zm7caE6NjY+N9m2v50z/Zt204f25xf7pORCy89fabrenp9vy9vyi/Aruo/gi9SLUnpadeVC+iti+a8XD6zhOgvP9/ECl++/1/793wu/f/evy/7rvbd/j4+Z/cuf+/vPlAO7z/1zbXy/f/8p6+1f3/6b5tL+ffjQzWIuqLN+YGj0TUF956+3jnRut6+3p75syJE18eGfny6RODByLq1zrT7b5X9+V0AQAAAAAAAAAAAAAAADw4qYjfjRStH6+lRkTcquZrDZ8bef74cwMxUM232jBv+43xy+cbr87emJtvLyy0pxoTM52rs1PtnX5cvZruNTE6tied+VgH97j9B+uvzs69Nd+5/oeLW+4/VD9/ZWFxvnV1691xMIqIZv+WY1WDJ0bHqkZPd1ozVdVLW06m/+UNpiL+I1JcPdNIn8/b8vz/zTP8N8z/X9p8oD2a//+Jvm3lZ6ZUxM8jxW/9xbPx+aqdh+Kuc5bL/U2kOHb2c7lcHCjL9drQfa5Ad2ZgWfZ/IsU//GJj2d58yKfvlD254xP7iCjH/3Ck+P6ffTd+PW/b+PyHrcf/0OYD7dH4P9O37dCG5xXsuuvk8T8eKV55+t34jbzto57/0Xv2xtFc+PbzOfZo/D/Vt204f+5v3p+uAwAAAAAAAAAAPNIGUxF/Gyl+OFZLL+VtO/n7f1ObD7RHf//r033bpu7PekUf+2LXJxUAAAAA9onBVMRPIsX1xXdvz6HeOP+7b/7n79yZ/zmaNu2t/pzvV6rnBtzPP//rN5w/d3L33QYAAAAAAAAAAAAAAAAAAIB9JaUiXsrrqU9W8/mntl1PfSVSvPZfL+Ry6UhZrrcO/HD1a/3i7Mzx89PTs1dbi60r0+3G+Fzrarus+0ykWPvrz+W6RbW+em+9+e4a73fWYp+PFGN/1yvbXYu9tzb5M72yS+2TZdlPRIr//PuNZXvrWH/qznFPlWX/KlJ8/Z+2LnvkTtnTZdnvRooffb3RK3uoLNt7Puqn75R98epssQejAgAAAAAAAAAAAAAAAAAAwJNmMBXxp5Hiv28s357Ln9f/H+x7W3nnm33r/W9yq1rnf7ha/3+71/ey/n/1XIGl7T4VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTymKeDtSzF1cSytD5fuu+oXOzM1bE6NjW1c7mKqaA1X58qd+8tTpM196aeRsLz+6/v32mXhj/PL5xquzN+bm2wsL7anGxEzn6uxUe8dH2G39zY5VJ6Bx482bU9euLTROvXh6w+5bwx8OPXVk+NzI88ef65WdGB0bG+8rUxu850+/S9pm+4Eo4i8jxQvf+2n64VBEEbs/Fx/z3dlrB6tOHKs6MTE6VnVkutOaWSx3XuqdiCKi0Vep2TtHD2AsdqUZsVQ2v2zwsbJ743Ot+daV6XbjUmt+sbPYmZ25lLqtLfvTiCLOpojliFgduvtwg1HEm5HiO4fX0j8PRQz0zsMXL45/9cSp7dtR7GEfd6BsZ2MwYrn4qDHbosNsMBRF/GOk+Nl7R+NfhiJq0f2JL0S8XuYPIt6J7nin8otxJuIDp/WxUYsi/rcc/3Nr6b2h8nrQu65c+FrjKzPXZvvK9q4rj/z94UHa5/eTehTxo+qKv5b+1X/XAAAAAAAAAAAAAAAAAPtIEb8aKV5+/2iq5gffnlPcmbneuNy6Mt2d1teb+9ebM72+vr7eSN1s5pzMuZRzOedKztWcUeT6OZtl1tfXJ/P7pZzLOVdyruaMgVw/ZzPnZM6lnMs5V3Ku5oxarp+zmXMy51LO5ZwrOVdzxj6ZuwcAAAAAAAAAAAAAAAAAADxeiuqfFN/+xlpaH6rWlx7o7VuxHuhj7/8CAAD//0pa+Ck=")
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x802053, 0x0, 0xfc, 0x0, &(0x7f00000000c0))

9m8.229073583s ago: executing program 2 (id=11035):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x1082302, 0x0)
ioctl$TIOCGWINSZ(r0, 0x5413, 0x0)

9m7.872487289s ago: executing program 2 (id=11040):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f0000000b40)=ANY=[@ANYBLOB='iocharset=koi8-r,umask=00000000000000000000005,namecase=1,uid=', @ANYRESHEX=0x0, @ANYBLOB="2c666d61736b3d30303030303030303030303030303030303030303235362c646973636172642c666d61736b3d30303030303030303030303030303030303030303030362c757466382c756d61736b3d30303030303030303030303030303030303030303030362c616c6c6f775f7574696d653d30303030303030303030303030303030303134373037302c00a9be803a3d9ca5ba4db406dd0b5459a27d7abc3b60c1d4bbac4948d4f3788a00a3c80b1a12055d2eeace5828d472e71a44f7bd33fedd00041a89e7c8b566db5aa2675eb7a1960d9cafe3683a5bcd652df3c1b26964fb49ac33708e0ece227120888d8415dc28effbe7bb2c30703dc3328ec8e0014adab48920710452a0e3cc5ed20983ca8f6364b1e77f757201c7351e80c867cddd58f0d458ee6f0dd1c04610712dfed5947f2377704b03f3f89384757085de2c0dcae856c9b09e00ab778266f2fc3374d212ec41116ade69654203903d6851a4bd26b285"], 0x1, 0x1528, &(0x7f00000037c0)="$eJzs3AuYT9X6OPD3XWvtMSS+TXIZ1lrv5ptclkmSXJLkkiRJkuSWkDTJkYTEEJI0JCG5DEkMIblMTBr3+/2SkCRNkoTklqz/M+FxOnX+p/M7/XKe37yf59mP9X73ftd+9/f9XvbeZubbrkNrNaldvRERwX8EL/yTBACxADAQAPICQAAA5ePKx2Wtzykx6T/bCftzPZh6pStgVxL3P3vj/mdv3P/sjfufvXH/szfuf/bG/c/euP+MZWebphW6hpfsu/D9/+yMv///D8ksM/bLNWWu6wYQ80dTuP/ZG/f//6zgj2zE/c/euP/ZVeyVLoD9F+D3f3aQ45+u4f5nb9x/xrKzK33/+UovEPkvew6O5LzQmL/q+BljjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMsb/AaX+ZAoBL4ytdF2OMMcYYY4wxxv48PseVroAxxhhjjDHGGGP/+xAESFAQQAzkgFjICblAAMDVkAfyQgSugTi4FvLBdZAfCkBBKATxUBiKgAYDFghCKArFIArXQ3G4AUpASSgFpcFBGUiAG6Es3ATl4GYoD7dABbgVKkIlqAxV4DaoCrdDNbgDqsOdUANqQi2oDXdBHbgb6sI9UA/uhfpwHzSA+6EhPACN4EFoDA9BE3gYmsIj0AyaQwtoCa3+R/nPQ094AXpBb0iCPtAXXoR+0B8GwEswEF6GQfAKDIZXIRmGwFB4DYbB6zAc3oARMBJGwZswGt6CMTAWxsF4SIEJMBHehknwDkyGd2EKTIVUmAbT4T2YATNhFrwPs+EDmANzYR7MhzT4EBbAQkiHj2ARfAwZsBiWwFJYBsthBayEVbAa1sBaWAfrYQNshE2wGbbAVtgG22EHfAI74VPYBbthD3wGe+HzfzP/1D/kd0NAQIECFSqMwRiMxVjMhbkwN+bGPJgHIxjBOIzDfJgP82N+LIgFMR7jsQgWQYMGCQmLYlGMYhSLY3EsgSWwFJZChw4TMAHL4k1YDstheSyPFbACVsRKWAmrYBWsilWxGlbD6lgda2ANrIW18C68C/tgXayL9bAe1sf6l25PYSNshI2xMTbBJtgUm2IzbIYtsAW2wlbYGltjG2yD7bAdtsf22AE7YCImYkfsiJ2wE3bGztgFu2BX7IrdsDt2z3w+B+AL+AL2xhqiD/bFvtgPk3MMwJfwJXwZB+Er+Aq+isk4BIfia/gavo7D8SSOwJE4CkdhVfEWjsGxSGI8pmAKTsSJOAknYVah7+JUTMVpOB2n4wyciTPxfZyNH+AHOBfn4nxMwzRcgAsxHdNxEZ7CDFyMS3ApLsPluAxX4ipciWtwLa7B9bgeN+JG3IybcStuxe24HT9BBYCf4m7cjcm4F/fiPtyH+3E/HsADmImZeBAP4iE8hIfxMB7BI3gUj+FxPIYn8ASexFN4Gk/jWTyL5/DZ+K8bf1JydTKILEooESNiRKyIFblELpFb5BZ5RB4RERERJ+JEPpFP5Bf5RUFRUMSLeFFEFBFGGEEijAEAERVRUVwUFyVECVFKlBJOOJEgEkRZUVaUE+VEeXGLqCBuFRVFJdHWVRFVRFXRzlUTd4jqorqoIWqKWqK2qC3qiDqirqgr6ol6or6oLxqI+0VD0QcH4IMiqzNNxBBsKoZiM9FcyIufYK3FcGwj2op24nExEkdgB9HaJYqnREcxBjuJv4mx+IzoIsZjV/Gc6Ca6ix7iedFTtHG9RG8xGfuIvmIq9hP9xQDxkpiBNcX7ODtnLfGqSBZDxFDxmpiPr4vh4g0xQowUo8SbYrR4S4wRY8U4MV6kiAlionhbTBLviMniXTFFTBWpYpqYLt4TM8RMMUu8L2aLD8QcMVfME/NFmvhQLBALRbr4SCwSH4sMsVgsEUvFMrFcrBArxSqxWqwRa8U6sV5sEBvFJrFZbBFbxTaxXewQn4id4lOxS+wWe8RnYq/4XOwTX4j94ktxQHwlMsXX4qD4RhwS34rD4jtxRHwvjopj4rj4QZwQP4qT4pQ4Lc6Is+IncU78LM4LL0CiFFJKJQMZI3PIWJlT5pJXydwyuPjsXiPj5LUyn7xO5pcFZEFZSMbLwrKI1NJIK0mGsqgsJqPyellc3iBLyJKylCwtnSwjE+SNsqy8SZaTN8vy8hZZQd4qK8pKsrKsIm+TVeXtEiIX9lFD1pS1ZG15l0yCu2VdeY+sJ++V9eV9soG8XzaUD8hG8kHZWD4km8iHZVP5iGwmm8sWsqVsJR+VreVjso1sK9vJx2V7+YTsIJ+UifIp2VH6iy+RZ2QX+azsKp+T3WR32UP+LM9LL3vJ3hL6gOwrX5T9ZH85IBYA5MtykHxFDpavymQ5RA6Vr8lh8nU5XL4hR8iRcpR8U46Wb8kxcqwcJ8fLFDlBTpRvy0nyHTlZviunyKkyVU6TA+TAX2aaJeW/zH/7d/IH/7L3jXKT3Cy3yK1ym9wud8hP5E65U+6Su+QeuUfulXvlPrlP7pf75QF5QGbKTHlQHpSH5CF5WB6WR+QReVQek2fkD/KE/FGelKfkKXlGnpVn5bmLzwEoVEJJpVSgYlQOFatyqlzqKpVbXa3yqLwqoq5RcepalU9dp/KrAqqgKqTiVWFVRGlllFWkQlVUFVNRdT1efMGoUqq0cqqMSlA3/jv5qri6QZVQJX+Vf6m+pH9SXyvVSrVWrVUb1Ua1U+1Ue9VedVAdVKJKVB1VR9VJdVKdVWfVRXVRXVVX1U11Uz1UD9VT9VS9VC+VpJJUX/Wi6qf6qwHqJTVQvawGqUFqsBqsklWyGqqGqmFqmBquhqsRaoQapUap0Wq0GqPGqHFqnEpRKWqimqgmqUlqspqspqgpKlWlqulqupqhZqhZapaarWarOWqOmqfmqTSVphaoBSpdpatFapHKUIvVYrVULVXL1XK1Uq1Uq9VqtVatVevVepWhNqlNaovaorapbWqH2qF2qp1ql9ql9qg9aq/aq/apfWq/2q8OqAMqU2Wqg+qgOqQOqcPqsDqijqij6qg6ro6rE+qEOqlOqtPqtDqrzqpz6pw6r85nnfYFIhCBClQQE8QEsUFskCvIFeQOcgd5gjxBJIgEcUFckC+4LsgfFAgKBoWC+KBwUCTQgQlsIC42PRpcHxQPbghKBCWDUkHpwAVlgoTgxqBscFNQLrg5KB/cElQIbg0qBpWCykGV4LaganB7UC24I6ge3BnUCGoGtYLawV1BneDuoG5wT1AvuDeoH9wXNAjuDxoGDwSNggeDxsFDQZPg4aBp8EjQLGgetAhaBq3+1Pm9P1ngMddL99ZJuo/uq1/U/XR/PUC/pAfql/Ug/YoerF/VyXqIHqpf08P063q4fkOP0CP1KP2mHq3f0mP0WD1Oj9cpeoKeqN/Wk/Q7erJ+V0/RU3Wqnqan6/f0DD1Tz9Lv69n6Az1Hz9Xz9Hydpj/UC/RCna4/0ov0xzpDL9ZL9FK9TC/XK/RKvUqv1mv0Wr1Or9cb9Ea9SW/WW/RWvU1v1zv0J3qn/lTv0rv1Hv2Z3qs/1/v0F3q//lIf0F/pTP21Pqi/0Yf0t/qw/k4f0d/ro/qYPq5/0Cf0j/qkPqVP6zP6rP5Jn9M/6/PaZ53cZ329G2WUiTExJtbEmlwml8ltcps8Jo+JmIiJM3Emn8ln8pv8pqApaOJNvCliipgsZMgUNUVN1ERNcVPclDAlTClTyjjjTIJJMGVNWVPOlDPlTXlTwVQwFU1FU9lUNreZ28zt5nZzh7nD3GnuNDVNTVPb1DZ1TB1T19Q19Uw9U9/UNw1MA9PQNDSNTCPT2DQ2TUwT09Q0Nc1MM9PCtDCtTCvT2rQ2bUwb0860M+1Ne9PBdDCJJtF0NB1NJ9PJdDadTRfTxXQ1XU030830MD1MT9PT9DK9TJJJMn1NX9PP9DMDzAAz0Aw0g8wgM9gMNskm2Qw1Q80wM8wMN8PNCDPSjMo6UTVvmTFmrBlnxpsUk2ImmolmkplkJpvJZoqZYlJNqpluppsZZoaZZWaZ2Wa2mWPmmHlmnkkzaWaBWWDSTbpZZBaZDJNhlpglZplZZlaYFWaVWWXWmDVmHawzG8wGs8lsMlvMFrPNbDM7zA6z0+w0u8wus8fsMXvNXrPP7DP7zX5zwBwwmSbTHDQHzSFzyBw2h80Rc8QcNUfNcXPcnDAnzElz0pw2p81ZU+Di96U3sTanzWWvsrnt1TaPzWv/MS5oC9l4W9gWsdrmtwV+FRtrbQlb0paypa2zZWyCvfE3cUVbyVa2Vexttqq93Vb7TVzH3m3r2ntsPXuvrW3v+lVc395nG9iHbUNEANvcNrYtbRP7sG1qH7HNbHPbwra07e0TtoN90ibap2xH+/Rv4gV2oV1lV9s1dq3dZXfb0/aMPWS/tWftT7aX7W0H2pftIPuKHWxftcl2yG/iUfZNO9q+ZcfYsXacHf+beIqdalPtNDvdvmdn2Jm/idPsh3a2Tbdz7Fw7z87/Jc6qKd1+ZBfZj22GDWCJXWqX2eV2hV15qVaf1663G+xGu9N+arfYrXab3W53XDoRtrvtHvuZ3Ws/twftN3a//dIesIdtpv36lzjr+A7b7+wR+709ao/Z4/YHe8L+qC5lZx37D/Zne956C4QEJElRQDGUg2IpJ+Wiqyg3XU15KC9F6BqKo2spH11H+akAFaRCFE+FqQhpMmSJKKSiVIyidD1dKq8UlSZHZSiBbqSydBOVo5upPN1CFehWqkiVqDJVoduoKt1O1egOqk53Ug2qSbWoNt1Fdehuqkv3UD26l+rTfdSA7qeG9AA1ogepMT1ETehhakqPUDNqTi2oJbWiR6k1PUZtqC21o8epPT1BHehJSqSnqCM9TZ3ob9SZnqEu9Cx1peeoG3WnHvQ89aQXqBf1piTqQ33pRepH/WkAvUQD6WUaRK/QYHqVkmkIDaXXaBi9TsPpDRpBI2kUvUmj6S0aQ2NpHI2nFJpAE+ltmkTv0GR6l6bQVEqlaTSd3qMZNJNm0fs0mz6gOTSX5tF8SqMPaQEtpHT6iBbRx5RBi2kJLaVltJxW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nXbQJ7STPqVdtJv20Ge0lz6nffQF7acv6QB9RZn0NR2kb+gQfUuH6Tvfm76no3SMjtMPdIJ+pJN0ik7TGTpLP9E5+pnOkycIMRShDFUYhDFhjjA2zBnmCq8Kc4dXh3nCvGEkvCaMC68N84XXhfnDAmHBsFAYHxYOi4Q6NKENKQzDomGxMBpeHxYPbwhLhCXDUmHp0IVlwoTwxrBseFNYLrw5LB/eElYIbw0rhpXCh++tEt4WVg1vD6uFd4TVwzvDGmHNsFZYO7wrrBPeHdYN7wnrhfeG5cL7wgbh/WHD8IGwUfhg2Dh8KGwSPhw2DR8Jm4XNwxZhy7BV+GjYOnwsbBO2DduFj4ftwyfCDuGTYWL4VNgxfPqX9fct/Ofrk8I+Yd/wxfDF0Pt75Lzo/Gha9MPogujCaHr0o+ii6MfRjOji6JLo0uiy6PLoiujK6Kro6uia6Nrouuj66Iboxqj3tXOAQyecdMoFLsblcLEup8vlrnK53dUuj8vrIu4aF+eudfncdS6/K+AKukIu3hV2RZx2xllHLnRFXTEXdde74u4GV8KVdKVcaedcGZfgWrpWrpVr7R5zbVxb18497h53T7gn3JPuSfeU6+iedp3c31xn94zr4p51z7rnXDfX3fVwz7uebkKeC+/JJNfX9XX9XD83wA1wA91AN8gNcoPdYJfskt1QN9QNc8PccDfcjXAj3Cg3yo12o90YN8aNc+NciktxE91EN8lNcpPdZDfFTXGpLtVNd9PdDDfDVZ15YS9z3Bw3z81zaS7NLXBZ54zpbpFb5DJchlvilrhlbplb4Va4VW6VW+PWuHVundvgNrhNbpPb4ra4bW6b2+F2uJ1up9vl816Y1O11+9w+t9/tdwfcVy7Tfe0Oum/cIfetO+y+c0fc9+6oO+aOux/cCfejO+lOudPujDvrfnLn3M/uvPMuJTIhMjHydmRS5J3I5Mi7kSmRqZHUyLTI9Mh7kRmRmZFZkfcjsyMfROZE5kbmReZH0iIfRhZEFkbSIx9FFkU+jmREFkeWRJZGlkWWR7wvvCX0RX0xH/XX++L+Bl/Cl/SlfGnvfBmf4G/0Zf1Nvpy/2Zf3t/gK/lZf0Vfylf0jvplv7lv4lr6Vf9S39o/5Nr6tb+cf9+39E76Df9In+qd8R/+07+T/5jv7Z3wX/6zv6p/z3Xx338M/73v6F3wv39sn+T6+r3/R9/P9/QD/kh/oX/aD/Ct+sH/VJ/shfqh/zQ/zr/vh/g0/wo/0o2Le9KMvXSLDeJ/iJ/iJ/m0/yb/jJ/t3/RQ/1af6aX66f8/P8DP9LP++n+0/8HP8XD/Pz/dp/kO/wC/06f4jv8h/7DP84ks3lf0Kv9Kv8qv9Gr/Wr/Pr/Qa/0W/ym/0Wv9Vv89v9Dv+J3+k/9bv8br/Hf+b3+s/9Pv+F3++/9Af8Vz7Tf+0P+m/8If+tP+y/80f89/6oP+aP+x/8Cf+jP+lP+dP+jD/rf/Ln/M/+PP/OGmOMMcbYHzLh8lD8es2F2/l9fidH/N3GfQHg6q2FMv9+fdYZ5br8F8b9RXz7CAA81bvrg5eWGjWSkpIubpshISg2F+DS/wRliYHL8WJoB09AIrSFsr9bf3/R/Sz9i/mjtwDk+rucWLgcX57/CwBM+p35H3181IIK4em4/8/8cwFKFLuckxMux4uh3S/3V9pCuX9Sf4HW/6L+nF+mALT5u5zccDm+XH8CPAZPQ+KvtmSMMcYYY4wxxi7oLyp3vnT9eeknPn/v+jxeXc7JAZfjf3V9zhhjjDHGGGOMsSvvme49nnw0MbFt539/UO1/lPWHB03hf2tmHvzuwHuAS48oAPgPJwTIGsi/8ig2/yX7Sr741vnHVcvO+AD+O1r5Zwyu8AcTY4wxxhhj7E93+aT/14+rK1UQY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDGWDf0Vf07sSh8jY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxdqX9vwAAAP//kfb+pw==")
mount$bind(&(0x7f0000000240)='./file0\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0)

9m7.35732927s ago: executing program 2 (id=11048):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000001000)=@newsa={0x138, 0x10, 0x832152701231f605, 0x70bd27, 0x1000, {{@in=@loopback, @in=@remote, 0x4e22, 0x0, 0x2}, {@in6=@remote, 0xfffffffc, 0x6c}, @in=@remote, {0x0, 0x8001000000000001}, {}, {0x0, 0x0, 0x20}, 0x3, 0x0, 0xa, 0x4, 0x0, 0x64}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}}, 0x40080)

9m6.709312343s ago: executing program 2 (id=11058):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="4000000066001fff0000000000000000", @ANYRES64], 0x40}}, 0x4000800)

9m6.009692285s ago: executing program 35 (id=11058):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="4000000066001fff0000000000000000", @ANYRES64], 0x40}}, 0x4000800)

1m26.915434366s ago: executing program 1 (id=16562):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000380)='./file0\x00', 0x2000002, &(0x7f0000000340), 0x9, 0x558, &(0x7f0000001a80)="$eJzs3c9vHFcdAPDvjH8mdeoEeoAKSIBCQFHW8aaNql5oLiBUVUIgDohDauyNZbLOBntd1cYS7t8AB67wJ3BA4oDUEwduHJE4IKRyQApggWIkkAbN7NjZJLvtut4f1e7nI41m3szufL8vzsx7+7yeF8DEuhIRBxExGxFvRcRiuT8pl3i9teSve3S4v3p0uL+aRJZ95x9JcTzfF23vyT1XnnM+Ir79jYgfJG0B51qr7d29eyv1em2r3L3U3HywtL27d31jc2W9tl67X63eWr5149Wbr1T7VtfLm796+PWNN77729989v0/HHz1x3laC+Wx9np8FNNd9reqPnMS5/i1b5wl2MfIVLmeHXEefDRpRHwiIr5QXP+LMdX1fzIAMC6ybDGyxfYyADDu0mIMLEkr5VjAQqRppdIaw3shzqf1xnbz2t3Gzv211ljZxZhJ727Uazcuzf3pR0WPYSbJy8vFseJ4Ua4+Vb4ZEZci4mdz54pyZbVRXxtdtwcAJtpzT7X//55rtf89SAaeHAAwOPOjTgAAGDrtPwBMHu0/AEyeHtr/8pf9BwPPBQAYjlN8/k8HmQcAMDzG/wFg8mj/AWCifOvNN/MlOyqff7329u7Ovcbb19dq2/cqmzurldXG1oPKeqOxXjyzZ/PDzldvNB4svxw77yw1a9vNpe3dvTubjZ37zTvFc73v1GaGUisA4INcuvzeH5OIOHjtXLFE21wO2moYb71/n2fOHQHGTNtD/Ez8AxPGRQ+Tq/ce/e8HmgcwOh0f5j3fcfNJPz9FEN8zgo+Vq5/uffzfHM8wXvw9L0yuqYjWxH6nMjeQXIDhOv34vx4DjIssSyLLzp2UsiybbS8AAOPnDN/ozX7Sjw4IMHJJa+n6fO++/P4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAxsxCRPwwkrRSzuy5EGlaqURciIiLMZPc3ajXbkTE83E5Imbm8vLyqJMGAM4o/Vs591dcXXxp4emjs8l/isn+Z/PWv9y3tZzv/+fJ/rnW2yOqj993hnkFAYA+e2el2dyqluu2D/KPDvdXj5dh5vPwdvyvnIr4Qhzurx6dxJ+O6WI9X/Qlzv8rKcutuUhfjIipPsQ/eDciPtWp/kkxNnKxnPm0PX6UsS8MNX76RPy0ONZa552vT/YhF5g0792OiNc7XX9pXCnWna//+eIOdXYPb7dOdlTe+44O92eP4x/f/6Y6xM+v+Su9xnj5d998Zme22Dr2bsSL0yfx56Pt/nMcP+kS/6Ue4//5M5/76de6HMt+EXE1nqj/6uMIj7eWmpsPlrZ3965vbK6s19Zr96vVW8u3brx685XqUjFGvXQ8Uv2sv7927fluueX1P98l/nzH+s+evPdLPdb/l/996/uf/4D4X/lip/hpvNAxfkveJn65x/gr53/ddfruPP5al/p/2M//Wo/x3//r3lqPLwUAhmB7d+/eSr1e2zrTRv4ptB/neWYjT7GvJ+ywMduW/F9isLFOtTHTr3/V6WEnP33SV+zvmb+Xn3HIP4u077U408ajYcUa7X0JGLzHF/2oMwEAAAAAAAAAAAAAALoZxp8ujbqOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjK//BwAA//9FJ7wx")
chown(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)

1m25.946365355s ago: executing program 1 (id=16571):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt(r0, 0xff, 0x1, 0x0, 0x0)

1m25.387211367s ago: executing program 1 (id=16580):
r0 = socket$inet6(0xa, 0x1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000004c0)={'ip6tnl0\x00', &(0x7f0000000740)={'syztnl1\x00', 0x0, 0x29, 0x0, 0x3, 0x0, 0x8, @mcast1, @local, 0x7, 0x7, 0x202, 0x8}})

1m24.998109986s ago: executing program 1 (id=16585):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000040)='./file1\x00', 0xa08813, &(0x7f0000000380)={[{@discard_sync}, {@notreelog}, {@compress_force}, {@compress}, {@flushoncommit}, {@rescue={'rescue', 0x3d, 'imetacsums'}}, {@user_subvol_rm}, {@nodiscard}]}, 0xfb, 0x5142, &(0x7f0000005140)="$eJzs3U+IVVUcB/Dz5s0/FZyXENgqi0CqhYObiIieMkFF0SsXgxE4tQjShZMg0UIQW/Rv4SspaiG5klokszCC2riQwgjchoa5cKMYSC7aacy797x579x5972ZZhrRz0dm7j33d8+55z3u4n2fc+8NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEEJ48Y/Pj7VWhhevn7s1deHSdH3vkR3T1w9NbTofQqW1vZLX9+x87tW3du15aTx2mHklW9ZqvQ6Zdb2cNUa7Ns736/55I4QwkgxQzZfPbiiM2rl6oDhgqdtX95/cdrC+9fTxZvXmtYtniy+deeNrPYG1kp9XVxbOpXrr91CyR7vdcepVuk7RrH96wv0vLwIAWJLJRmvR/jiaf8Rttw+n9aRdT9rNpB0/ITQ7G8uRjTvaa55b0voazbOeRYWxnvNM6vn732430v5JO4kaS5hn9655pBnvNc/ZpL5W8wQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4kzz6zvDDZfVzt6YuXJqu7z2yY/r6oalN50OotbZXsnJl/QfH639/t/PUkZ+2f336yguPV/N+cTncsXP4Pa48ORHCmx2VK3HYqxtDaHQXWs3wVbHwdmvl+VgAAADgbvJA6/dQu53FwZGudqWVJiutf1EWFm9f3X9y28H61tPHm9Wb1y6eXf54jR7jrVt0vHa7tvBT6QjGMf6m4y3U464HCuOUS0dM8/wTlyf/KetfyP+18vwf3zn5HwAAgGUbXc38X1nSeL3yf33R+d25+f/71//8tKx/If9v6TpkIf/HGcf8PxSWl/8BAADgTrba+b9eGKdcv/w/9vLIN2X9C/l/crD8P9w57bjxtzjhfRMhTPabOgAAANBD/H/3ha8WYl7PvjlI8/rTjx29VDZeIf/XB8v/Iyv6qgAAAID/4sSXux8pqxfyf2Ow/D+2qrMGAAAAluLdj8Y/LKsX8v/MYPl/fb7Mr3zIOv0c/wrh2EQI4/Mrs1nhl9B8pl0AAAAAVkjM6X99tvfHsv0K+X+2/P7/8U4H8fr/rvv/Fa7/7yhkd/17yo0BAAAAuBcVr+ePt8fPnlzQ6/n7g17//+C6o6+VHb+Q/w8Plv+rncuVfP4fAAAALMNKP/9/te//v7swTrl+9/+//+P3fi3rX8j/zcHyf1xu6Hx5ZyqV7P15fyKEzfMr+d0Ev42H25cU5kY6Ci2NpMeu2CMvzI11FFpmkx7bJ0J4aH7lcFK4LxaaSeHGxrxwIimcj4X8fGgXTiWFM/FM+2JjPt208EMs5BdYzMUrKDa0L4lIetzs1WO+sGiPi+2DAwAA3FNieM6z7Eh3M6RRdq7Sb4f1/XYY6rdDtd8Ow8kO6Y69toeZ7kLc3rywdWnP/z8xWP6Pb8Votuh1/X+I1//nzzVsX/8/Ewu1pDAXC430jgGNeIws7H4Sj1Fr5D1ubG4XAAAA4K4WvxeorvE8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+Ze9eY+S66gOAn9nXeB/e3QQqQopggTrGgNdrOzzUpmKdpioKpaxLSlQhio29Dos32NhOwREgxwalKIKmJRJ8KIojhGo+JLVIENAkihsJo6h5oFSNSKJEpHWCiELTAAqFVKSavffM3jl352F71/Gmv5/knTPzP4977sxcz7mPcwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4/+HY5z/5N63i9/z2kkcev3zyYwc3Xf7MZy4594EQpuZer2ThysC1X5v8+c0X33Lw9g033nbi0rf05eXyeBis/enKn3wu1npiZQjfqYTQkwbWDmWB3vz5UKzvNUMhnBPmA/US0wNZibTh8P3+EA6H+UC9qu/1hzBUCFz24N13fbGWuKE/hFUhhGraxmPVrI3+NHBBXxYYSAO7erLAr17M1APf7coCcNril6H+oT861ZhhdOFyTT5/vYu2YC+ttHvdMTHaPN/PNi3xQhX0pS9MndbbVqqOJVH6ehzzbWv1bRv+3+z/vgXynclvW2k9X+9tK/6Qyn+hvDgfqoau7dM7tl41uy++0hXGx7ub1bREW9WHn/v0tpNJn+1b/dJ/1qOL8jn80v2rbu5e8977blu76qkjbz309Oku5o8Kq7SYXmrVkH/mls37GE3anqTde/PZ97aVfiWN+dEVQtjx0d97X6t4afw/2nr8Hz/O8bGrIXes9YXhbGweXxmKiWeHs7E5AAAALBvLYa/prvE731koPlJN6iuN/8c6O/4fD/nng/mst8dCmJxLHBoJ4by517PAN2NzHxkJ4fVzqanGwKYkcCyEV88l1tSrSkqsiCXGksBPhvPAZBI4HgNTSeAbMXB9EvhcDBxNAtti4FgSuDgGwkxjP948nPej40B/DGzJVuLReBbCL4Zja8m6erReFQAAwCLJR4e9jU8L5zqcboY4vDza3y5DPAO7aYZqUkM6gq0Pq5rW0NOqhq4Qjna1q6He7wOtu19atkq7mkunYVQaM3ztl3/9/tBCafw/0Xr8X11gQSql4/8hbJ77G3N35ZHZenzLVEMGAAAA4DQM/s8TX28VL43/Jzs7/z/uE+kuZA73xt0QO0dCmGgMZNX+QTmQHfUezAMAAACwHNSPx9ePhc/kj9kp2ul4upx/6iTzxwP/kwvm7zt2x5ZWy1sa/091dv7/QONjthDH41J8eSSEFYXAD+JS1gJzxmLgx+9qDOT9Px5XwHWxqvzEhHpV18USW2JgIgkcblbih/US5zUG8jer3vihej9m8hKFAAAAAJxxcXdAPC4fz/9/w282fLJVudL4f8vJnf8/Nw4und4/OxjCup4QutMLA+4dyCYGjIGhSp64cyCrqzut6pqBEC6qdSyt6ol8/v+edI7BB/uzqmLgvDccee6CWuLr/SGsKwYe+uBNb6sl9iWBeuN/0R/C62q9TRv/9oqs8d608a+sCOG1hUC9qo+sCKHWWF9a1d3V/D4GaVX/VA3hFYVAvaq3V0PYHwBYpuJ/pduLL+7df/XOrbOz03uWMBH34feHHTOz0+Pbds1urzZZpu3JMjdMY3RNuU+d3vnm0XyKog/cunmok3T9OsGJYlv5fvzSiYP58/hbqHeunxt6G55uTLv8pjeWmwiFX1LNuty1xF0eKFYy/yaW6o/5+8JgWHHV3uk945/aum/fnvXZ306zb8j+xsNM2bpan66rgYWWrYOPR9PZshKnuq5WFytZt+/K3ev27r967cyVW6+YvmL64+vfvmHiwomNE++4cF2tVxPZ3zZdXb1Q1UlXX7ypw34tYlfP7ylUcia2GhISEsstsWtwdcv/k0vj/92tx/9xqxO3/Pn8DM2O/4/Gw/zZ6/OH+bfEwOFOj/+PNjuaXz8xYCwJHIiBAw7zAwAA8PIQB/lxb2bcK/3TNd9+qlW50vj/QGfX/y/S/P/1qesvbTbN/5pYYqLZ/P/pNP/1+f8PNJv///rYx7yX9fn/D78E8/9fVQ8kq+QX5v8HAABeDs7c/P9tp/dPbxBQytB2ev/0BgGlDG2n8e/0BgEnPf//Y//xl/8VWiiN/6/vbPxv4n4AAAA4e3z2Tz/5O63ipfH/4c7G/2d+/r/Q7Pz/sWaBqWYTA5r/DwAAgGWq2fx/o9cOfLhVudL4/2hn4/942kVXQ+5Y6wvD2Zx2IZ3T7tnh+iUDAAAAsDx0hfHx3g7zNsyMuunU23w4nwq0VbroiT8+cXLn/x/rbPzfcF3Gl+5fdXP3mvfe98Jta1c9deSth56eP/4PAAAALJ1O90sAAAAAAAAAAAAAAAAvvSf+/eDGVvHS9f9h89zrza7/j/f9i9cXvLIhd6y1/fx/+fPL3nPL/rkpC+8dDuGNxcDOgzvPCfm9+VcXA3d9aM2raomDaYk7Hr/4yVriw2ng3WvPfb6WuCgJbImTJL46DcS7Kj6/MgnE6RX/LQ3E9XE0DfTlgS+szPpRSdfVT4eydVVJ19UjQyGMFAL1dfWdoayNStrBG5JAvYOfSAOxg3+WB7ryQP22jrcMZksVA0Ox6I2D2VIBAHDWir8Ce8OOmdnpifgbLz6e39P4GDVMWXZNudpKh80/mk9N9oFbNw91ku5OfyHP32u8N1RrXVjf1SpLZa6Xi1NLm1X3yiZdbjfbW1eTcqmTXXV9zXvUn/VofNuu2e29bTu+sX2WDT1ts6wvDXaKWbrmVmkHtXSwLB30qMN108Eix+ddYXy8O8n1+zE4Ghq0+0R0er1+cZ6/Zp+CYp6Pnzj0q1b1lcb/o52N/6vFfj2f3wzgQLyz3t+OmOYfAAAAltYXNv36q/Hf+6+956FWeUvj/7HOxv9xD1Z+KDjb23Es3v//0EgIc7fWH80C34zNfWQkhNfPpaZiieyG+pfGEhNZ4Jtxh8maWGLLVGNVK2LgaBL4yXAeOJYEjsdAvpfiSMh35fzdcAhvm0ttbiyxO5YYTQLvi4GxJDAeAxOhca/PyhiYTEo8szIPTCWBf42BMNO4rm5dma8rAACAk5EPUXobn4Z0nHe0p12GSrsMA+0ydLXLUG2XoVkv4vNvxQy9yckrlUKm3rTW/qSWUoZ4M/yTXq5ShvDDxpxpwVLT8fyD+vkGlcYMt7+zpxpaKI3/Jzob/w80PmatH4/j//n7/2WBH8TF+3I8dXwsBn78rsZAvmPgeBzsXlevaiovkQ/ar4slJmNgLAnsjoHJJLBlcx44/KrGQD7Srjd+qN74TF6iEAAAAIDF13IUH8fr8/fcj+P/G/d+frBVudL4f7Kz8X/cITFYbOxzsdYTK0P4TiWEnjSwdigLxP0YQ/Hy+NcMhXBOYQdHvcT0QFaiL2k4fL8/u0K9L63qe/3ZxQfx+WUP3n3XF2uJG/pDWFVYlfU2HqtmbfSngQv6ssBAGtjVkwXinp964LtdWQBOW32vYPxA5ae61I0uXK7J5+/lck/QtHulfaAL5FvomqulUtpU5/tU607ubWuz5WeRlL4ex3zbluO3bdS3rfhDKv+F8uJ8qBq6tk/v2HrV7L74SvFK1pIlep+LV6l2kl6Ez+GBU1/a9qrpAkwkm4+Jhcst/DmsxOq+dP+qm7vXvPe+29aueurIWw893fFiNBEvFL77M/8y9KPC6l1q1ZB/5pbd9mTK9mRZ/DeQfLvHvG0hhM3PfOW6VvHS+H+qs/F/T/I459dxZe4dCeFNhZV7b1z9fzSSbQcLgWwr+YpyIDvk/p/DTbecAAAAsNjquzvq+wtm8sfshPB0nFzOP3WS+eP+iskF8zdbznS/xcBffWhVq36Vxv9bWo//VySL6fi/4/8sEcf/F3S274pekb5w4LR2RZeqa88G6BQ4/r+gs/3b1tHx/wW+Qy/zAz+O/zv+vxDH/9tw/H9BZ/vbVtrC7z7TP7rOSk/94Z2PtIqXxv+7Oxv/m/9v4Un76vP/bUkC9fn/djeb/++A+f8AAIAl1WSiuXScV5q9r5Qhnb2vlKHtBIFtpxhMDz6fyfn/KvO7D5fT/H9Pnv/Yb0ILpfH/gc7G//HjMFhsfbnM/ze2uUlV18fAbhMDAgAAcDZqtoMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAl9btf//f21vF7/ntJY88fvnkxw5uuvyZz1xy7gMhzMy9XsnClYFrvzb585svvuXg7RtuvO3EpW+p5uV688ffbcgda31hOITDhVeGYuLZ4dqT+cBl77llf08tce9wCG8sBnYe3HlOLfGN4RBWFwN3fWjNq2qJg2mJOx6/+Mla4sNp4N1rz32+lrgoD1TSxf2HldniVtLF/eLKEEYKgfrifmxlY1X1Nv4kD3SlbfzjUNZGDAzFol8dytqIgdlYYmZFCOt6QuhOq7qnmlXVnVb1z9Wsqu60qs9WQ7gohNCTVvV4X1ZVT9rzB/qyqmLgvDccee6CWuJwXwjrioGHPnjT22qJTySBeuN/3hfC62ofmbTxb/Vmjfemjd/QG8JrQwh9aYlf9mQl+tIST/SE8IpCoN74R3tC2B94WYgbn4Yt2t79V+/cOjs7vWcJE315W/1hx8zs9Pi2XbPbq8kyNVMppF+85tT7/uhzn95We/zArZuHOkn35OV65xZ5Q2/D041n+9LH5RooVjL/fpTqj/n7wmBYcdXe6T3jn9q6b9+e9dnfTrNvyP5259FsXa1fLutqdbGSdfuu3L1u7/6r185cufWK6SumP77+7RsmLpzYOPGOC9fVejWR/V2Mrt506l0dOMWunt9TqORMbAAkJCSWW6KrYes2cbZvyEs/9OcXtDdU5zbQpWFFMUtlrpeL0elNp9jjU/md0rZH60sDh1KWDQtkuaYxy8bSYGK+lv4sy9zvutLgsNhY19wqjc+7wvh4d7P1MNr4tLh6f3Yaq/fhfNV1mgYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/9iBAwEAAAAAIP/XRqiqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrCDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgWAAAAABAmL91GD0bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwKQAA//91qClF")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})

1m22.238787488s ago: executing program 1 (id=16598):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000011c0), 0x502, 0x0)
ioctl$TIOCGPKT(r0, 0x80045438, &(0x7f0000000000))

1m20.780167175s ago: executing program 1 (id=16605):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=@newlink={0x100, 0x10, 0xffffffffffffffff, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x2017, 0x2021}, [@IFLA_LINKINFO={0xcc, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xbc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MACADDR_MODE={0x67, 0x3, 0x2}, @IFLA_MACVLAN_BC_QUEUE_LEN={0x8, 0x7, 0xfffffffe}, @IFLA_MACVLAN_MACADDR_DATA={0x70, 0x5, 0x0, 0x1, [{0xa}, {0xffffffffffffff38, 0x4, @remote}, {0xa, 0x4, @random="cd69ae8a7d9a"}, {0xa}, {0xa, 0x4, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x38}}, {0xa, 0x4, @local}, {0xa, 0x4, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, {0xa}, {0xa, 0x4, @multicast}]}, @IFLA_MACVLAN_MACADDR={0xa}, @IFLA_MACVLAN_FLAGS={0x0, 0x2, 0x1}, @IFLA_MACVLAN_MODE={0x8}, @IFLA_MACVLAN_MACADDR={0xa, 0x4, @local}, @IFLA_MACVLAN_MACADDR={0xa, 0x4, @broadcast}]}}}, @IFLA_LINK={0x8}, @IFLA_ADDRESS={0xa, 0x1, @remote}]}, 0x100}, 0x1, 0x0, 0x0, 0x1}, 0x8004042)

1m19.832768936s ago: executing program 36 (id=16605):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=@newlink={0x100, 0x10, 0xffffffffffffffff, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x2017, 0x2021}, [@IFLA_LINKINFO={0xcc, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xbc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MACADDR_MODE={0x67, 0x3, 0x2}, @IFLA_MACVLAN_BC_QUEUE_LEN={0x8, 0x7, 0xfffffffe}, @IFLA_MACVLAN_MACADDR_DATA={0x70, 0x5, 0x0, 0x1, [{0xa}, {0xffffffffffffff38, 0x4, @remote}, {0xa, 0x4, @random="cd69ae8a7d9a"}, {0xa}, {0xa, 0x4, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x38}}, {0xa, 0x4, @local}, {0xa, 0x4, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, {0xa}, {0xa, 0x4, @multicast}]}, @IFLA_MACVLAN_MACADDR={0xa}, @IFLA_MACVLAN_FLAGS={0x0, 0x2, 0x1}, @IFLA_MACVLAN_MODE={0x8}, @IFLA_MACVLAN_MACADDR={0xa, 0x4, @local}, @IFLA_MACVLAN_MACADDR={0xa, 0x4, @broadcast}]}}}, @IFLA_LINK={0x8}, @IFLA_ADDRESS={0xa, 0x1, @remote}]}, 0x100}, 0x1, 0x0, 0x0, 0x1}, 0x8004042)

1m2.744237796s ago: executing program 5 (id=16718):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x8, &(0x7f0000000580), 0x5, 0x4f3, &(0x7f00000005c0)="$eJzs3d1rW+cZAPBHku3YibN8bIwkgyWQQfZBLH8wYm+DsattF4GxwG42yDxb8TLLkbHkLDa5cLa7XOxibLRQetH7/gW9aa4aAqXXLb3tVUloUxfakoKKjiTHH5KjtraU+Px+cKJzzqvoeV/Zz+uj97xHJ4DUOlf7JxMxHBHvRMSx+ubWJ5yrP6w/vj1TWzJRrV75KJM8r7bdfGrz/x2JiLWIGIyIP/424m+ZnXHLK6vz08ViYamxna8sLObLK6sXry9MzxXmCjfGJi9NTU2OToxP7Vlb7/7nH3cvv/H7gdc/+/fD+/99681atYYbZZvbsZfqTe+PE5v29UXEr/YjWA/kGu0Z6nVF+EZqP7/vRsT5JP+PRS75aXbmyb7WDNhv1Wq1+mX1ULvitSpwYGWTY+BMdiQi6uvZ7MhI/Rj+e3E4WyyVKz+7Vlq+MVs/Vj4e/dlr14uF0cZnhePRn6ltjyXrT7fHt21PRCTHwP/LDSXbIzOl4mx3uzpgmyPb8v/TXD3/gZTo/CM/cNDIf0gv+Q/pJf8hveQ/pJf8h/SS/5Be8h/SS/5DerXK/6M9qAfQfbv9/R/oYj2ArvrD5cu1pdq8/n325sryfOnmxdlCeX5kYXlmZKa0tDgyVyrNJdfsLDzr9Yql0uLYz2P5Vr5SKFfy5ZXVqwul5RuVq8l1/VcL/V1pFdCJE2fvvZeJiLVfDCVLbPqTL1fhYKtWM9Hra5CB3sj1ugMCesapP0ivr/EZv+2XhAEvthZf0bth8Ejbol/H4r5UB+iC7G6FTx50ryJA11047fwfpJXxf0gv4/+QXo7xgd3G/6NxL7+WjP/DC2vX8X/gQBtuc/+vo5vu3TUaEd+JiHdz/Yea9/oCDoLsh5nG8f+FYz8a3l46kPk8OUUwEBH/fOXKS7emK5Wlsdr+jzf2V15u7B/vRf2B9raO8DXztJnHAEB6rT++PdNcuhn30W/qkxB2xu9rjE0OJkcwh9czW+YqZPZo7sLanYg41Sp+pnG/8/qZj8PruR3xTzYeM/WXSOrbl9w3vTvxT2+K/8NN8c9863cF0uFerf8ZbZV/2SSnYyP/tvY/w3s0d6LZ/zXnXG+O3+z/cm36v7Mdxvj7q/9qdXo3mez96E7EmZb9bzPeYBJre/xa3S50GP/hX/70/XZl1dfqr9MqflNtLV9ZWMyXV1YvXm/WYvLS1NTk6MT4VD4Zo843R6p3+uWpt++3i19rf0Ob9r+/o/1DjTr9pMP2f/GDB38+t0v8H59v/ft3Mnnc9v5Xqxt1+GmH8T8Z/+Cv7cpq8WfbvP/ZVvGjWRox0WH88v9/59phAHiOlFdW56eLxcKSFStWnu+Vvuhi0Gf1HGvd6aCAffM06XtdEwAAAAAAAAAAAKBT7Wb/3tvD6cS9biMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwEHwVQAAAP//QUvQlg==")
setxattr$system_posix_acl(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='system.posix_acl_access\x00', &(0x7f0000000300)={{}, {0x1, 0x4}, [], {}, [], {0x10, 0x6}}, 0x24, 0x0)
listxattr(&(0x7f0000000440)='./file0\x00', &(0x7f0000000480)=""/20, 0x18)

1m1.641679444s ago: executing program 5 (id=16723):
r0 = getpid()
r1 = open(&(0x7f0000000400)='./file0\x00', 0x101040, 0x142)
kcmp$KCMP_EPOLL_TFD(r0, r0, 0x7, r1, &(0x7f0000004340)={r1, 0xffffffffffffffff, 0x531})

1m1.10843768s ago: executing program 5 (id=16729):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000040)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x74, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x48, 0x4, 0x0, 0x1, [{0x44, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_MATCH_NAME={0x9, 0x1, 'time\x00'}, @NFTA_MATCH_INFO={0x1c, 0x3, "07682c020b7b37f29f057acc54d4077549f4e34e86f469eb"}, @NFTA_MATCH_REV={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x9c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

1m0.662294486s ago: executing program 5 (id=16731):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000040)='./file1\x00', 0xa08813, &(0x7f0000000380)={[{@discard_sync}, {@notreelog}, {@compress_force}, {@compress}, {@flushoncommit}, {@rescue={'rescue', 0x3d, 'imetacsums'}}, {@user_subvol_rm}, {@nodiscard}]}, 0xfb, 0x5142, &(0x7f0000005140)="$eJzs3U+IVVUcB/Dz5s0/FZyXENgqi0CqhYObiIieMkFF0SsXgxE4tQjShZMg0UIQW/Rv4SspaiG5klokszCC2riQwgjchoa5cKMYSC7aacy797x579x5972ZZhrRz0dm7j33d8+55z3u4n2fc+8NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEEJ48Y/Pj7VWhhevn7s1deHSdH3vkR3T1w9NbTofQqW1vZLX9+x87tW3du15aTx2mHklW9ZqvQ6Zdb2cNUa7Ns736/55I4QwkgxQzZfPbiiM2rl6oDhgqdtX95/cdrC+9fTxZvXmtYtniy+deeNrPYG1kp9XVxbOpXrr91CyR7vdcepVuk7RrH96wv0vLwIAWJLJRmvR/jiaf8Rttw+n9aRdT9rNpB0/ITQ7G8uRjTvaa55b0voazbOeRYWxnvNM6vn732430v5JO4kaS5hn9655pBnvNc/ZpL5W8wQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4kzz6zvDDZfVzt6YuXJqu7z2yY/r6oalN50OotbZXsnJl/QfH639/t/PUkZ+2f336yguPV/N+cTncsXP4Pa48ORHCmx2VK3HYqxtDaHQXWs3wVbHwdmvl+VgAAADgbvJA6/dQu53FwZGudqWVJiutf1EWFm9f3X9y28H61tPHm9Wb1y6eXf54jR7jrVt0vHa7tvBT6QjGMf6m4y3U464HCuOUS0dM8/wTlyf/KetfyP+18vwf3zn5HwAAgGUbXc38X1nSeL3yf33R+d25+f/71//8tKx/If9v6TpkIf/HGcf8PxSWl/8BAADgTrba+b9eGKdcv/w/9vLIN2X9C/l/crD8P9w57bjxtzjhfRMhTPabOgAAANBD/H/3ha8WYl7PvjlI8/rTjx29VDZeIf/XB8v/Iyv6qgAAAID/4sSXux8pqxfyf2Ow/D+2qrMGAAAAluLdj8Y/LKsX8v/MYPl/fb7Mr3zIOv0c/wrh2EQI4/Mrs1nhl9B8pl0AAAAAVkjM6X99tvfHsv0K+X+2/P7/8U4H8fr/rvv/Fa7/7yhkd/17yo0BAAAAuBcVr+ePt8fPnlzQ6/n7g17//+C6o6+VHb+Q/w8Plv+rncuVfP4fAAAALMNKP/9/te//v7swTrl+9/+//+P3fi3rX8j/zcHyf1xu6Hx5ZyqV7P15fyKEzfMr+d0Ev42H25cU5kY6Ci2NpMeu2CMvzI11FFpmkx7bJ0J4aH7lcFK4LxaaSeHGxrxwIimcj4X8fGgXTiWFM/FM+2JjPt208EMs5BdYzMUrKDa0L4lIetzs1WO+sGiPi+2DAwAA3FNieM6z7Eh3M6RRdq7Sb4f1/XYY6rdDtd8Ow8kO6Y69toeZ7kLc3rywdWnP/z8xWP6Pb8Votuh1/X+I1//nzzVsX/8/Ewu1pDAXC430jgGNeIws7H4Sj1Fr5D1ubG4XAAAA4K4WvxeorvE8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+Ze9eY+S66gOAn9nXeB/e3QQqQopggTrGgNdrOzzUpmKdpioKpaxLSlQhio29Dos32NhOwREgxwalKIKmJRJ8KIojhGo+JLVIENAkihsJo6h5oFSNSKJEpHWCiELTAAqFVKSavffM3jl352F71/Gmv5/knTPzP4977sxcz7mPcwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4/+HY5z/5N63i9/z2kkcev3zyYwc3Xf7MZy4594EQpuZer2ThysC1X5v8+c0X33Lw9g033nbi0rf05eXyeBis/enKn3wu1npiZQjfqYTQkwbWDmWB3vz5UKzvNUMhnBPmA/US0wNZibTh8P3+EA6H+UC9qu/1hzBUCFz24N13fbGWuKE/hFUhhGraxmPVrI3+NHBBXxYYSAO7erLAr17M1APf7coCcNril6H+oT861ZhhdOFyTT5/vYu2YC+ttHvdMTHaPN/PNi3xQhX0pS9MndbbVqqOJVH6ehzzbWv1bRv+3+z/vgXynclvW2k9X+9tK/6Qyn+hvDgfqoau7dM7tl41uy++0hXGx7ub1bREW9WHn/v0tpNJn+1b/dJ/1qOL8jn80v2rbu5e8977blu76qkjbz309Oku5o8Kq7SYXmrVkH/mls37GE3anqTde/PZ97aVfiWN+dEVQtjx0d97X6t4afw/2nr8Hz/O8bGrIXes9YXhbGweXxmKiWeHs7E5AAAALBvLYa/prvE731koPlJN6iuN/8c6O/4fD/nng/mst8dCmJxLHBoJ4by517PAN2NzHxkJ4fVzqanGwKYkcCyEV88l1tSrSkqsiCXGksBPhvPAZBI4HgNTSeAbMXB9EvhcDBxNAtti4FgSuDgGwkxjP948nPej40B/DGzJVuLReBbCL4Zja8m6erReFQAAwCLJR4e9jU8L5zqcboY4vDza3y5DPAO7aYZqUkM6gq0Pq5rW0NOqhq4Qjna1q6He7wOtu19atkq7mkunYVQaM3ztl3/9/tBCafw/0Xr8X11gQSql4/8hbJ77G3N35ZHZenzLVEMGAAAA4DQM/s8TX28VL43/Jzs7/z/uE+kuZA73xt0QO0dCmGgMZNX+QTmQHfUezAMAAACwHNSPx9ePhc/kj9kp2ul4upx/6iTzxwP/kwvm7zt2x5ZWy1sa/091dv7/QONjthDH41J8eSSEFYXAD+JS1gJzxmLgx+9qDOT9Px5XwHWxqvzEhHpV18USW2JgIgkcblbih/US5zUG8jer3vihej9m8hKFAAAAAJxxcXdAPC4fz/9/w282fLJVudL4f8vJnf8/Nw4und4/OxjCup4QutMLA+4dyCYGjIGhSp64cyCrqzut6pqBEC6qdSyt6ol8/v+edI7BB/uzqmLgvDccee6CWuLr/SGsKwYe+uBNb6sl9iWBeuN/0R/C62q9TRv/9oqs8d608a+sCOG1hUC9qo+sCKHWWF9a1d3V/D4GaVX/VA3hFYVAvaq3V0PYHwBYpuJ/pduLL+7df/XOrbOz03uWMBH34feHHTOz0+Pbds1urzZZpu3JMjdMY3RNuU+d3vnm0XyKog/cunmok3T9OsGJYlv5fvzSiYP58/hbqHeunxt6G55uTLv8pjeWmwiFX1LNuty1xF0eKFYy/yaW6o/5+8JgWHHV3uk945/aum/fnvXZ306zb8j+xsNM2bpan66rgYWWrYOPR9PZshKnuq5WFytZt+/K3ev27r967cyVW6+YvmL64+vfvmHiwomNE++4cF2tVxPZ3zZdXb1Q1UlXX7ypw34tYlfP7ylUcia2GhISEsstsWtwdcv/k0vj/92tx/9xqxO3/Pn8DM2O/4/Gw/zZ6/OH+bfEwOFOj/+PNjuaXz8xYCwJHIiBAw7zAwAA8PIQB/lxb2bcK/3TNd9+qlW50vj/QGfX/y/S/P/1qesvbTbN/5pYYqLZ/P/pNP/1+f8PNJv///rYx7yX9fn/D78E8/9fVQ8kq+QX5v8HAABeDs7c/P9tp/dPbxBQytB2ev/0BgGlDG2n8e/0BgEnPf//Y//xl/8VWiiN/6/vbPxv4n4AAAA4e3z2Tz/5O63ipfH/4c7G/2d+/r/Q7Pz/sWaBqWYTA5r/DwAAgGWq2fx/o9cOfLhVudL4/2hn4/942kVXQ+5Y6wvD2Zx2IZ3T7tnh+iUDAAAAsDx0hfHx3g7zNsyMuunU23w4nwq0VbroiT8+cXLn/x/rbPzfcF3Gl+5fdXP3mvfe98Jta1c9deSth56eP/4PAAAALJ1O90sAAAAAAAAAAAAAAAAvvSf+/eDGVvHS9f9h89zrza7/j/f9i9cXvLIhd6y1/fx/+fPL3nPL/rkpC+8dDuGNxcDOgzvPCfm9+VcXA3d9aM2raomDaYk7Hr/4yVriw2ng3WvPfb6WuCgJbImTJL46DcS7Kj6/MgnE6RX/LQ3E9XE0DfTlgS+szPpRSdfVT4eydVVJ19UjQyGMFAL1dfWdoayNStrBG5JAvYOfSAOxg3+WB7ryQP22jrcMZksVA0Ox6I2D2VIBAHDWir8Ce8OOmdnpifgbLz6e39P4GDVMWXZNudpKh80/mk9N9oFbNw91ku5OfyHP32u8N1RrXVjf1SpLZa6Xi1NLm1X3yiZdbjfbW1eTcqmTXXV9zXvUn/VofNuu2e29bTu+sX2WDT1ts6wvDXaKWbrmVmkHtXSwLB30qMN108Eix+ddYXy8O8n1+zE4Ghq0+0R0er1+cZ6/Zp+CYp6Pnzj0q1b1lcb/o52N/6vFfj2f3wzgQLyz3t+OmOYfAAAAltYXNv36q/Hf+6+956FWeUvj/7HOxv9xD1Z+KDjb23Es3v//0EgIc7fWH80C34zNfWQkhNfPpaZiieyG+pfGEhNZ4Jtxh8maWGLLVGNVK2LgaBL4yXAeOJYEjsdAvpfiSMh35fzdcAhvm0ttbiyxO5YYTQLvi4GxJDAeAxOhca/PyhiYTEo8szIPTCWBf42BMNO4rm5dma8rAACAk5EPUXobn4Z0nHe0p12GSrsMA+0ydLXLUG2XoVkv4vNvxQy9yckrlUKm3rTW/qSWUoZ4M/yTXq5ShvDDxpxpwVLT8fyD+vkGlcYMt7+zpxpaKI3/Jzob/w80PmatH4/j//n7/2WBH8TF+3I8dXwsBn78rsZAvmPgeBzsXlevaiovkQ/ar4slJmNgLAnsjoHJJLBlcx44/KrGQD7Srjd+qN74TF6iEAAAAIDF13IUH8fr8/fcj+P/G/d+frBVudL4f7Kz8X/cITFYbOxzsdYTK0P4TiWEnjSwdigLxP0YQ/Hy+NcMhXBOYQdHvcT0QFaiL2k4fL8/u0K9L63qe/3ZxQfx+WUP3n3XF2uJG/pDWFVYlfU2HqtmbfSngQv6ssBAGtjVkwXinp964LtdWQBOW32vYPxA5ae61I0uXK7J5+/lck/QtHulfaAL5FvomqulUtpU5/tU607ubWuz5WeRlL4ex3zbluO3bdS3rfhDKv+F8uJ8qBq6tk/v2HrV7L74SvFK1pIlep+LV6l2kl6Ez+GBU1/a9qrpAkwkm4+Jhcst/DmsxOq+dP+qm7vXvPe+29aueurIWw893fFiNBEvFL77M/8y9KPC6l1q1ZB/5pbd9mTK9mRZ/DeQfLvHvG0hhM3PfOW6VvHS+H+qs/F/T/I459dxZe4dCeFNhZV7b1z9fzSSbQcLgWwr+YpyIDvk/p/DTbecAAAAsNjquzvq+wtm8sfshPB0nFzOP3WS+eP+iskF8zdbznS/xcBffWhVq36Vxv9bWo//VySL6fi/4/8sEcf/F3S274pekb5w4LR2RZeqa88G6BQ4/r+gs/3b1tHx/wW+Qy/zAz+O/zv+vxDH/9tw/H9BZ/vbVtrC7z7TP7rOSk/94Z2PtIqXxv+7Oxv/m/9v4Un76vP/bUkC9fn/djeb/++A+f8AAIAl1WSiuXScV5q9r5Qhnb2vlKHtBIFtpxhMDz6fyfn/KvO7D5fT/H9Pnv/Yb0ILpfH/gc7G//HjMFhsfbnM/ze2uUlV18fAbhMDAgAAcDZqtoMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAl9btf//f21vF7/ntJY88fvnkxw5uuvyZz1xy7gMhzMy9XsnClYFrvzb585svvuXg7RtuvO3EpW+p5uV688ffbcgda31hOITDhVeGYuLZ4dqT+cBl77llf08tce9wCG8sBnYe3HlOLfGN4RBWFwN3fWjNq2qJg2mJOx6/+Mla4sNp4N1rz32+lrgoD1TSxf2HldniVtLF/eLKEEYKgfrifmxlY1X1Nv4kD3SlbfzjUNZGDAzFol8dytqIgdlYYmZFCOt6QuhOq7qnmlXVnVb1z9Wsqu60qs9WQ7gohNCTVvV4X1ZVT9rzB/qyqmLgvDccee6CWuJwXwjrioGHPnjT22qJTySBeuN/3hfC62ofmbTxb/Vmjfemjd/QG8JrQwh9aYlf9mQl+tIST/SE8IpCoN74R3tC2B94WYgbn4Yt2t79V+/cOjs7vWcJE315W/1hx8zs9Pi2XbPbq8kyNVMppF+85tT7/uhzn95We/zArZuHOkn35OV65xZ5Q2/D041n+9LH5RooVjL/fpTqj/n7wmBYcdXe6T3jn9q6b9+e9dnfTrNvyP5259FsXa1fLutqdbGSdfuu3L1u7/6r185cufWK6SumP77+7RsmLpzYOPGOC9fVejWR/V2Mrt506l0dOMWunt9TqORMbAAkJCSWW6KrYes2cbZvyEs/9OcXtDdU5zbQpWFFMUtlrpeL0elNp9jjU/md0rZH60sDh1KWDQtkuaYxy8bSYGK+lv4sy9zvutLgsNhY19wqjc+7wvh4d7P1MNr4tLh6f3Yaq/fhfNV1mgYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/9iBAwEAAAAAIP/XRqiqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrCDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgWAAAAABAmL91GD0bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwKQAA//91qClF")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})

57.450348174s ago: executing program 5 (id=16745):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100009e173610ef171e7206de0102030109021200010000000009040000000206"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000006840)={0x44, &(0x7f0000006580)={0x20, 0x13, 0x4, "195c044c"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

56.350956125s ago: executing program 5 (id=16752):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x6, 0xd, &(0x7f0000000380)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfefffffc}, [@call={0x85, 0x0, 0x0, 0x41}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x3}}]}, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)

55.367721354s ago: executing program 37 (id=16752):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x6, 0xd, &(0x7f0000000380)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfefffffc}, [@call={0x85, 0x0, 0x0, 0x41}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x3}}]}, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)

5.860583958s ago: executing program 8 (id=17109):
syz_mount_image$udf(&(0x7f0000000000), &(0x7f00000094c0)='./file1\x00', 0x0, &(0x7f0000001940)=ANY=[], 0x1, 0xc25, &(0x7f0000002580)="$eJzs3V9oXNl9B/DfmStZY22aaLOJN2mz6UBKYpTa+F9sBZcgZxW1AccbIit0n6LRHzvDyiMjyY03bYPakhb6ErovpS9FNF1ayEPpQ7ePVZotJJRCCXlIHwqCJss+9EEPgdKWjcK9c0Ya2fJau15ZsvfzMePvnTu/OzrnntGdO6AzNwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAiM9+7tKp0+mgWwEAPExXJr506myKgYNuBwDw8Fz1+R8AAAAAAAAAAAAAAA67FEUcixSDr2ykqep+R/1yq33r9uTY+O6bHU2RohZFVV/e6qfPnD33qfMXRrr55tu/0z4cz01cvdR4duHGzcW5paW52cZkuzWzMDu352d40O3vNFztgMaNF27NXru21Dhz8uyOh28PvTbwxLGhixdOnB/p1k6OjY9P9NT09b/tn36Xe83wOBJFNCPFG0Ovp2ZE1OLB98V9Xjv77WjVieGqE5Nj41VH5lvN9nL5YKrlqlpEo2ej0e4+eghj8UBGI1bK5pcNHi67N3Gzudicnp9rfLG5uNxabi20U63T2rI/jajFSIpYjYj1XSb59kcRH40UL53aSNMRUXT3wyericH3b09tH/q4B2U7G/0Rq7VHYMwOsYEo4kqk+Nmrx2Om3Gf5Fh+P+EKZr0S8XOZnIlL5wjgX8VOTxR8bfVHEv0WKhbSRZqvjQfe4cvnLjc+3ry301HaPK4/8+8PDdMiPTfUoYro64m+kt3+yAwAAAAAAAAAAAAAAAMA77WgU8e1I8UfP/E41rziqeenvuzjynud/s3fO+NP3eZ6y9mRErNT2Nie3P08dTrXy3z50jD2pRxHfyPP//uCgGwMAAAAAAAAAAAAAAAAAAPCuVsTzkeIrJ46n1aiu/XskqmuKt9rXG1eb0/Odq8J2r/3bvWb65ubmZiN1cjTnVM6VnKs513Ku54xa3j7naM6pnCs5V3Ou5VzPGUXePudozqmcKzlXc67lXM8ZfXn7nKM5p3Ku5FzNuZZzPWcckmv3AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8TmpRxM8jxbe+tpEiRcRoxFR0cm3goFsHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJTqqYiTkWLt+Xp1f7UWcTUifr65udm9RcRGmQ/qoPsKAAAAAAAAAAAAAAAAAAAAh1Yq4mOR4qn/20iNiLg99NrAE8eGLl44cX6kiCJSWdJb/9zE1UuNZxdu3FycW1qam21MtlszC7Nze/1x9cut9q3bk2Pj+9KZ+zq6z+0/Wn924eaLi63rX13e9fHB+qXppeXF5szuD8fRqEVM9a4Zrho8OTZeNXq+1WxXm6baPRpYixjda2cAAAAAAAAAAAAAAAAAAAA4NAZTEZ+LFD/5z3OpO2+8rzPn/5c694qt2pd/b/u7AObvyK7e7w/Yy3Laa0OHq4n3jcmx8fGJntV9/XeXlm1KqYinI8UnXvpQNR8+xeCuc+PLuveWdTfO5bqhXynrVnZU1Ycnx8YbVxbaJy7Nzy/MNJeb0/NzjYmbzZn8xQEre+0GAAAAAAAAAAAAAAAAAAAA7GYwFfGjSPHff/vvqXvd+Tz/v69zr2f+/29UU+gr9bQzt1Rz+99bze3vLL/v4sjgR5+51/r9mP9ftimlIr4ZKc7+6EPV9fS78/+n7qgt6/4kUrz+zEdyXe1IWdfsdqfzjNda83Onytq/jBS/+ka3Nqra67n2qe3a02Xt0Ujx5xs7a7+aaz+wXXumrD0eKb73X7vXfnC79mxZ+5NI8Y9/0+jWDpa1v5trj23XnpxZmJ+9324tx/87keKvr/xW6vb5nuPf8/0PK3fklrvG/M2X36nxH+pZt5LH9Y/z+DfvM/7nI8V36h/JdZ19P50ff7L6f3v8PxEp/uNfd9Zey7Xv3649vdduHbRy/L8dKb77Fz/e6nMe//74+/+N7RHfOf6/3Lczt14lBzT+T/asG8rtmnnru+NdZ+nFr7/QnJ+fW7RgwYKFrYWDPjLxMJTv/38aKf7/WJG65zH5/f89nXvb53//843t9/+Ld+SWA3r/f3/Puov5rKW/L6K+fONm/9MR9aUXv36idaN5fe76XPvM6VOf/vT506dOn+8/0j25217a8757HJTj/4NI8cO/++HW55it87/K7uf/g3fklgMa/6d6+7TjvGbPu+JdqRz/v4oUT372x1ufN3eO/87z/+7n/+Mf25lbv38HNP4f6Fk3lNvVeov7AgAAAAAAAAAA4FEymIr4s0jx23/466k7h2gvf/83e0duOaC//zrWs272Ic1r2PNOBgA4RMrzvw9Gin/a/P7WXO6d53/xa93a3vO/ezkM1/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBHXYoifj9SDL6ykdYGyvsd9cut9q3bk2Pju292NEWKWhRVfXmrnz5z9tynzl8Y6eabb/9O+3A8N3H1UuPZhRs3F+eWluZmG5Pt1szC7Nyen+FBt7/TcLUDGjdeuDV77dpS48zJszsevj302sATx4YuXjhxfqRTO9CYHBsfn+ip6et/2z/9Luke649EEd+PFG8MvZ6+OxBRiwffF/d57ey3o1UnhqtOTI6NVx2ZbzXby+WDqZarahGNno1Gu/soj9t+jsUDGY1YKZtfNni47N7EzeZic3p+rvHF5uJya7m10E61TmvL/jSiFiMpYjUi1gfufrr+KOKbkeKlUxvpnwciiu5++OSViS+dOnv/9tT2oY97ULaz0R+xWnsExuwQG4gi/iFS/OzV4/G9gYi+6Nzi4xFfKPOViJfL/ExEKl8Y5yJ+usvriEdTXxRxLlIspI306kB5POgeVy5/ufH59rWFntruceWRf394mA75sakeRfygOuJvpH/xew0AAAAAAAAAAAAAAABwiBSxGim+cuJ4quYHb80pbrWvN642p+c70/q6c/+6c6Y3Nzc3G6mTozmncq7kXM25lnM9Z9Ty9jlHc07lXMm5mnMt53rOKPL2OUdzTuVcybmacy3nes7oy9vnHM05lXMl52rOtZzrOeOQzN0DAAAAAAAAAAAAAAAAAAAeL7Uoqqu4f+trG2lzoHN96ano5JrrgT72fhEAAP//gMd2Mw==")
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200)

5.254401519s ago: executing program 8 (id=17116):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0285629, &(0x7f0000000080)={0x3, @win={{0x2}, 0x7, 0x0, 0x0, 0x0, 0x0}})

4.179865557s ago: executing program 9 (id=17130):
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ff8000/0x3000)=nil, 0x0}, 0x68)
r0 = socket(0x2, 0x80805, 0x0)
getsockopt$bt_hci(r0, 0x84, 0x1f, &(0x7f0000000080)=""/4041, &(0x7f0000000000)=0xfc9)

3.824774363s ago: executing program 9 (id=17133):
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000000000)='./file0\x00', 0x2000898, &(0x7f00000003c0), 0x1, 0x55ae, &(0x7f0000005600)="$eJzs3X9snHUdB/DnruvaFdeWMOuArGwDJFtEOjdNCCR2bNNpYTnphE3I+gNH0DmtY8NVCCtinIERijWMwQoLbn9MEYqucyiJBewqul8IJtNFBbPFNWOkOBExYTG9u+d299zaHhMpwuu1tM/zvc/z/d73njx/3PvW73MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEHwx+N3TL/t3roJ26+ru++8a85e+2D3kuMX3rq1avND20v2dTz31aNVq1qPLF1w0/2JpkfW93d3BkEs2S+W7t9w2fwrr69vuKI0HLDxc6ltZeVQT5nq+mKqMTbnwcF+uT9NQRAURwYoSm/npXfiOQNkdlfkDzisayf1tE4dP69x28qujc8uu3xL/ktnUOloT2C0pK+rgyeupdrk73jkiEw769KL5Vyiqf7RC+4deREAwFtSk0huMm9H029xM+22aD3Sro202yPt8B1Ce3bjVKTGHTvUPCdH66M0z9pUVCgZcp6Revr8Z9qJaP9IOxI13sI8cw9NR5rSoebZEqmP1jwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k0uuH5m/d49D7/8ldbf/u7h17/16sePrGq8ZaC7/qJ1ix/v2PG9vx2tWtV6ZOmCm+5PND2yvr+7Mwgqk/1iqe6xZ6ri8ZkDddseu6e3puFDC9cUpccNt2OyDg72hzsXVwRBc1blYDhsf3kQJHILyWawIb/wpeTOZ8ICAAAA7yVnJn/HM+1UHCzOaceSaTKW/BdKhcVrJ/W0Th0/r3Hbyq6Nzy67fMupj5cYYrzak46XaVee+IllBeMw/kbHO1EPD12RN87woiNG8/zpx/qnNdfdUHrl7gsWzphdv+XS4CfTD3csX3TfhBfHL9nXXpOX/yuHz//hmZP/AQAA+G/I/9FxhjdS/m+uqZh0cOp3ix67rur44fkP/Lyz7/kn4w8VD3Q//dLYcbf9cnVe/p+c85R5+T+ccZj/48Gp5X8AAAB4N/tf5//avHGGN1L+/8X+zZ//98pvTDk84187Xnj69xdvnVI+/7WyGTe8+cSCVxp2tf0pL//XFJb/x2RPO3xwVzjhZRVBUFP4SQUAAAByhP/vfuKjhTCvpz45iOb1y+4qe3LXG+tvjJ/V8o8zFvfPqv7i7tVf37ApNrChc92O5XNX5OX/2sLyf/E783IBAACAAvxm+y13V395ydYtew7N2XFnYvPYS+a+uuennVf1vXwsUfT8zX15+T9RWP4vGZ2XAwAAAJzEU+MmPnfo0UNfm7177YS9q9rmPD5t3+qFD/xz9t+veOnPxzddWJ6X/xsLy/9l6W165UOq087wrxA6KoKgdHCnJVXoC9o/mSkAAAAAb5Mwpzc1revduX7MrNfOPvzDNSuW/2rvpd++a2P1zQd+XXX7ucf2996Yl/9bhr//f3ing3D9f879//LW/2cVUnf9u8SNAQAAAHg/yl/PH94eP/XNBUN9/36h6/8/euaBko7m8ysnx7dVz3rig31Xra1+fVHHRZ/YfusbH46V//VTefm/rbD8X5S9fTu//w8AAABOwf/b9/8tzhtneCPd/79v3DPnrPnsPT+o/WbZU+e+eXfzd9oPTj9v87QzPlJ0fvecmX/4fl7+by8s/4fb07JfXk94fm6vCIKJgzvpuwluDae7LFLoKs4qpE58pEd92CNd6CrJKiS1RHp8rCIIpgzutEUKp4eF9khhoDxd2BQp7A0L6eshU3g0UugJr7R7y9PTjRZ+FhbSCyy6whUUp2WWRER6HBuqx2DhpD0OZJ4cAADgfSUMz+ksW5zbDKJRtis20gFlIx0QH+mAopEOGBM5IHrgUI8HjbmF8PEfz+1e+so1D9b1Xt1w9KzZe5bc0faBnkW9O7/wo55z/nL1Cws/nZf/NxWW/8NTMTa1GWr9fxCu/09/r2Fm/X9jWKiMFLrCQiJ6x4BE+BypsHtn+ByViXSPgYmZAgAAALynhZ8LFI3yPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sHfvcVJVd4LATzf9oJum6YgBY4ygRkR3aZomGEQcUXRXo4tNJKtjhtAIjXZoAwq4YsyKr3GV6GLUmBjZwY+jJg6r+CDqRIXoiElGJfE5Kz4HnciqS9BR45gs++m+dYqqW112IaC0+/3+0XWqfud569F17r11LgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/P/hsiX3Nrw58H9965ffW/f697409TdTD9m8y19uqHt3yDlPbT5ocN0tbw1asPCNtklnXtsyffk1G1YuDaGlq1xZUrzsoUHl5aP/cMxdt13xcNO0wVPOrcrUm4mHfp1/yjN3Loytvto/hLvLQqhIB0bUJYHKzP26WN8edSF8LmwJZEu01SYl0g2Hh2tCWBa2BLJV3VsTQl1OYMoTD666rDNxVU0I+4YQqtNtvFCdtFGTDgyrSgK16cCciiTw/uZENnBPeRKArVHV3YPxzZB90a9oyc/Q0H1lRV5/lR+3czuZ9PD6xERD8XxvHbaDO5Wj4Lls2aanrduXBttdwdtjtXdbL3i3FWznJZ623C9SmW8om7eEqkP5zLZZ0xd0zI+PlIfGxj7FatpBz/O6TefM2Jp0r3kdxg40bJfX4QO1k+ove3viwStP/uPp+85fO3Vbu/lczibNTe9o1SHzmus1z2M04dP7PNm8LYW3r539aSv4ljTUl64QwvF/+nzZM3Ne2n3jB6+eOPH2Fy6+etrCa6ZMfHbQL8b+47W73D3t8oL5f8NHz//jyznelufljq1+WJ/MzeMjdTGxsT6ZmwMAAECv0Rv2mn519KsvnfrQ3YteXH5cxXfH/eqk3eorzv5+x/G7rhz/xUuvbH98l4L5/9DSjv/HQ/51uaNdHcKErsQFA0LYrevxJPCz2J2TB4SwV1eqJT9wWCqwOoQvdCX2z1aVKtE3lhiaCvy+PhOYkAqsiYGWVODGGFiSClwYAytSgRkxsDoVODwGQnv+OA6oz4yj5EBNDLQmG3FFPAvhnfrYWmpbrctWBQAAsJ1kZoeV+XdzznXY1gxxermipqcM8QzsohmqUzWkZ7DZaVXRGip6qqG8pxqy41700cMvqLmsp5oLTsMoy8/w4ZDvlA+YuPeP7rpxxE3NL0787rtjj//Kn998d/X+//Tf7zln/nUHFMz/mz56/l/dTUfKCo7/hzC562/MXZ6JdGTjrS15GQAAAIBtcNVjS5+84YCj/s99L99355euvaF89dVf/7+vbLxg71HHDS/r+3ffXlEw/59Q2vn/cZ9In5zM4dG4G2L2gBCa8gNJtQcXBpKj3v0yAQAAAOgNssfjs8fC2zO3ySna6fl0Yf6WrcwfD/xP6Db/5Zv++tkvX/vkiQuH7bPhiv925gdlnx/7u12OXTvy8bf2HPYPDX0Lz/9vKe38/9r826QTa2IvrhwQQt+cwCOxl52BLkNj4OVD8wOZ8a+JG2BxrCpzYkK2qsWxRGsMNKUCy4qV+G22xG75gcyTlW38guw42jMlcgIAAADwiYu7A+Jx+Xj+/z2TD/jS/oNeGvPinvcufG3C0hNOrf3hPrfs+vqAjkljDpxwyBHPFMz/W7fu/P+ueXDB6f0d/UIYWRFCn/QPAx6tTRYGjIG6skzi/tqkrj7pqs6rDWF858DSVb2SWf+/Ir3G4BM1SVUxsNveP900rDNxQ00II3MDz3zz+jGdifmpQLbxb9SEMKRztOnGV/ZNGq9MN35N3xD2zAlkqzq5bwidjVWlq3qwOnMdg3RVt1WHMDAnkK3qwOoQFgYAeqn4r3Rm7oPzFp49e3pHR9sZOzAR9+HXhFntHW2NM+Z0zKwu0qeZqT7nLWN0XuGYSr3yzfOZJYqmDrl9eCnp7O8Em3LbyuzHLzhxMHM/fheq7Bpnc2Xe3dHpIQ/fp7CJkPNNqtiQy3fwkGtzK9nyJBbUH/NXhX6h74J5bWc0njV9/vwzRiV/S83enPyNh5mSbTUqva1qu+tbCS+PoqtlpXzcbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/PQx1v+6qTg118/Uljms7DnX3ipxKPolPDQkJid6WmL6k7PwJ0359/7f2WHPaWSft8fd7zBxx0l9d/pu5JzYeMvlX1//l2oL5/9yPnv/HT534yZ9Zn6HY8f+GeJg/eXzLYf7WGFhW6vH/hmJH87MnBgxNBRbFwCKH+QEAAPhsiLsj497MuFf6urp/uvvImTMOef+XJ0y5+m/Hjjv1rPX7Nlx89bFL/sP6d5asOuLtgvn/otJ+/7+d1v/PLl3/tWLL/O8fSzQVW/8/vcx/dv3/RcXW/08v859d/3/Zp7D+/4JsILVJ3rH+PwAA8Fnwya3/3+Py/ukLBBRk6HF5//QFAgoy9LiMf6kXCNjq9f/ndPxF7aDL54w7dMTcHz+yau8lA2/70vMTf73P0oNG3LvylvdG3Vow/19S2vzfwv0AAACw83jol32/ffG7w+5/6pH3jyy79Lcbbzr+r9oOOOQPA5tPmXx0zfdv+reC+f+y0ub/n/z6f6HY+f9DiwVaii0MaP0/AAAAeqli6//dPPDloavnj7jxsZ+/ectLrb+YOf61f7fkB1+ZPqzp5jXrftMwY33B/H9FafP/eNpFeV7u2JsP65M17UJ6TbuN9dmfDAAAAEDvUB4aGytLzJu3MuphH7/NdZmlQD8qnevp+watWlD+0FVl1Rt/cMm0QxrPPfbMOUdetP77tU/+pHZqY/UZBfP/1aXN//N+l/FA7aT6y96eePCHK0/+4+n7zl87dcvxfwAAAGDHKXW/BAAAAAAAAAAAAAAA8Ol7qnXpQR+MOvqNmXuN+tM3jn3hB4u/+M1H/ubaP5/588Pv26t987ApBb//D5O7yhX7/X+87l/8fcGuebljqz2v/5e5P+WYWxd2LVn4aH0I++QGZp8/+3Mhc23+/XIDq6buP7gzcX66xH0vHv5aZ2JaOnDUiF3e60yMTwVa4yKJX0gH4lUV3+ufCsTlFZ9MB+L2WJEOVGUCl/RPxlGW3lYb6pJtVZbeVs/VhTAgJ5DdVnfXJW2UpQd4VSqQHeDp6UAc4KRMoDzdq1v7Jb2KgbpY9G/6Jb0CAGCnFb8FVoZZ7R1tTfErfLzdvSL/Nspbsuy8wmrLSmz++czSZFOH3D68lHSf9HfRLdcarwzVnUMYVfB1NTdLWdcot08tPWy6XYsMuafV3sqLlEvb2k1XVXxENcmIGmfM6ZhZ2ePAR/ecpbmixyyjCiY7uVnKuzZpCbWU0JcSRlTitimhy/F+eWhs7JPKNS4GG0Kenl4Rpf5eP3edv2Kvgtw8f1tz7aV9Bvd5/9/GX/TQgwMqO06d3HbR7o/988BRM3/8wwdbr/l9wfy/obT5f3XuuN7LXAxgUbyy3sEDQmgtcUQAAADw2fc/z11+x4lz1myYtbri2d/9bnb5cSdWbj7nrnPOvui5+xcfdcm/v3lb4yvKntp04hubzvrrN37ylesePuulw2ecddekdYesb6u+8bt/sfzUIQXz/6Glzf/jHqzMoeBkb8fqeP3/CwaE0HVp/YYk8LM43JMHhLBXV6ollkguqP+1WKIpCfws7jDZP5Zobcmvqm8MrEgFfl+fCaxOBdbEQGYvxU9DZlfOFfUhjOlKTc4vMTeWaEgFjouBoalAYww0pQL9Y2BCKvBm/0ygJRX4xxgI7fnb6s7+mW0FAACwNTLzrMr8uyE9z1tR0VOGsp4y1PaUobynDNU9ZSg2inj/jpihMnXySllOpsp0rTWpWgoyxIvhb3W/CjKE3+bnTBcsaDqef5A936AsP8O4H97RetDX5v1408U/evzIAy88csmVb196dL/BVz77v9vP7dd/U23B/L+ptPl/bf5t0vqaOP/fcv2/JPBI7N6V8dTxoTHw8qH5gcyOgTVxsrs4W1VLpkRm0r44lpgQA0NTgbkxMCEVaJ2cCSwbnB/IzLSzjV+Qbbw9UyInAAAAAJ+4uIMg7qaJ8/+V48I7exz5fvPuVw6cO+7xR847YnrNrtU1/zx+7dLxl1Y/tF/fgvn/hNLm/7G9frmNXRh782r/EO4u29KbbGBEXRKI+zHq4s/j96gL4XM5OziyJdpqkxJVqYbDwzXJL9Sr0lXdW5OsMRDvT3niwVWXdSauqglh35y9L9k2XqhO2qhJB4ZVJYHadGBORRKIe36ygXvKkwBss+xewfiCypzqktXQfbkir7/PyjVB08Mr2AfaTb7ufnO1o1SnH8jsU83auqetoDp2iIK3x2rvtt74bmvwbsv9IpX5hrJ5S6g6lM9smzV9Qcf8+EjuL1kL7KDnOfdXqqWkt8PrcNHH723PqtMdaEp9fDR1X67712FZrO6B2kn1l7098eCVJ//x9H3nr51acjeKiD8UPvjWuQc8l7N5d7TqkHnN9brPkxafJ73x38BQT1sIYfkFs5584l/ef75iffN/OXDs8tvefGz5Tw56YNaIL2y45Msb33r3qIL5f0tp8/+K1G2XD+LGnDcghOE5G/fRuPknDkg+B3MCyafkwMJAcsh9fX3RT04AAADY3rK7O7L7C9ozt8kJ4el5cmH+lq3MH/dXTOg2f6n9HjjmH7536FWvf+Pr63e//NGlT637T2++csS0Qx/Y9PSKla83H/v5pwvm/60fPf/vm+qm4/+O/7ODOP7frZ19V3Tf9AOLtmlXdEF17BCO/3drZ3+3Of7fLcf/Hf/vjuP/PXD8v1s7+9NW8C1pri9dIYTWATfc/ova6cP7XXHOt2as/fnT7zSNe6Hu3KPv/B+HLw7XnLfqzwXz/7mlzf+t/9f9on3Z9f9ai63/N7fY+n+LrP8HAADsUEUWmkvP8wpW7yvIkF69ryBDjwsE9rjEoPX/tnr9v9qTzj7plfq39rpm4u3/+c7pFz5/0onP7tvn+RNuP+GmkVcPf+nLGwrm/4tKm//Hl0O/3NZ7y/p/QycXqWpJDMy1MCAAAAA7o2I7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPh0rXhw8Rc3L97noJue/fxNh//rsjWz9v7VAZtHjzm5cfjigWVX/t2/vDVowcI32iadeW3L9OXXbFi5NIT2rnJlSfGyhwaVl4/+wzF33XbFw03TBk85tzpTb2Xm9ot5uWOrH9aHsCznkbqY2FjfeWdLYMoxty6s6Ew8Wh/CPrmB2efP/lxn4sb6EPbLDayauv/gzsT56RL3vXj4a52JaenAUSN2ea8zMT4TKEt397r+SXfL0t29rH8IA3IC2e5+u39+Vdk2/mMmUJ5u4+a6pI0YqItFf1SXtBEDHbFEe98QRlaE0Cdd1a+rk6r6pKv6++qkqj7pqv5rdQjjQwgV6aperEqqqkiPfG1VUlUM7Lb3TzcN60wsqwphZG7gmW9eP6YzcXoqkG3861UhDOl8yaQbv6Myabwy3fhVlSHsGUKoSpf414qkRFW6xCsVIQzMCWQbP7UihIWBz4T44TMz98F5C8+ePb2jo+2MHZioyrRVE2a1d7Q1zpjTMbM61adiynLSm8/7+GN/ftM5Mzpvpw65fXgp6YpMucquLjdX5t0dvbP3PvarNreSLc9HQf0xf1XoF/oumNd2RuNZ0+fPP2NU8rfU7M3J3z6ZaLKtRvWWbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/22Oo13/yQ929IqeST+IDQEJCorclyvM+3Zp29g/ygi/6WzpaGaq7PqALphW5Wcq6Rrk9Bn3Yxxzxx/me0uOIRhVMHAqyNPecZXTBZGJLlpokS9f3uoLJYW5N5V2bNN4vD42NfYpth4b8u7mb961t2LzrMpuu1DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD/2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBYAAAAAECYv3UYPRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlwIAAP//WKHPZA==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file3\x00', 0x0, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40806685, &(0x7f0000000200)={0x1, 0x1, 0x1000, 0x0, 0x0, 0x3f00, 0x0, &(0x7f0000000080)="c0"})

3.664948359s ago: executing program 8 (id=17137):
capset(&(0x7f0000a31000)={0x20080522}, &(0x7f0000000080))
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$PIO_UNIMAP(r0, 0x4bfb, 0x0)

3.381159788s ago: executing program 0 (id=17138):
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000001680)=ANY=[@ANYBLOB="580100001000030400"/20, @ANYRES32=0x0, @ANYBLOB="15020000000000003001128009000100766c616e000000002001028006000100000000001c0004800c00010032d10000ffff00000c000100ae0200009e000000700004800c00010009000000010000e29b5d2a0008000000010100000c000100f8ffffff080000000c00010006000000040000000c00010007000000010000800c00010005000000060000000c00010001000000000000000c000100910a00000d0000000c0001000e00000032000000880003800c002100060000000c0000000c00010003000000400000000c00010004000000ffffffff0c00010002000000110000000c00010001000000022000000c0001000b000000270000000c000100ffff00005f0200000c000100ffffffff030000000c00010001000000030000000c000100000000000180000031fa4a8a090000000900000008000500", @ANYRES8=r0], 0x158}, 0x1, 0xba01, 0x0, 0x4008881}, 0x24000040)

3.283191285s ago: executing program 8 (id=17141):
capset(&(0x7f0000000080)={0x19980330}, &(0x7f0000000100))
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x1ff)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x10)

3.09490242s ago: executing program 8 (id=17142):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870f500090582020002"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xa8, &(0x7f0000000080)=ANY=[@ANYBLOB="6b0ee0cba84af48a0840721cdf0eb3d41b1b", @ANYRES8=r0])

2.980451997s ago: executing program 6 (id=17146):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@RTM_NEWMDB={0x38, 0x54, 0x1, 0x170bd26, 0x0, {0x7, r1}, [@MDBA_SET_ENTRY={0x20, 0x1, {r1, 0x0, 0x0, 0x1002, {@ip4=@dev={0xac, 0x14, 0x14, 0x2d}, 0x86dd}}}]}, 0x38}}, 0xdbd2a08011d4c5a2)

2.836545832s ago: executing program 0 (id=17147):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x7, 0x7fc00002}]})
socket$packet(0x11, 0x3, 0x300)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f000000fa00))

2.724101291s ago: executing program 6 (id=17148):
r0 = socket(0xa, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000010c0)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
getsockopt$bt_hci(r0, 0x84, 0x6d, &(0x7f0000000000)=""/4102, &(0x7f0000001040)=0x1006)

2.462969517s ago: executing program 3 (id=17151):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000300000ad8000000060a010400000000000000000a0000010900010073797a3100000000ac00048020000180070001006374000014000280080002400000000d0800014000240009540001800a00010072656469720000084400028008f101400000001108000240000000170800034000000061080003400000000608000140000000000800024000000008080002400000000f08000340000000303400018011000100666c6f775f6f66666c6f616400ffff001c0002800900010057797a32000000000900010073797a31000000000900020073797a32"], 0x100}, 0x1, 0x0, 0x0, 0x8001}, 0x24000000)

2.462361799s ago: executing program 6 (id=17152):
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
acct(&(0x7f0000000080)='./file1\x00')
acct(&(0x7f00000002c0)='./file1\x00')

2.197246972s ago: executing program 4 (id=17154):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000280)=0x1)
ioctl$TCSETS(r0, 0x8910, &(0x7f0000000100)={0xfffffffc, 0x0, 0x0, 0x7ff, 0x0, "5dee0000005940000000000f00"})

1.989355663s ago: executing program 3 (id=17155):
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xf}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_ALPHA={0x8, 0x5, 0x3}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c)

1.941014871s ago: executing program 6 (id=17156):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000540), r0)
sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000ecffffffffff2000000005002000000000000c001f0070687930"], 0x28}}, 0x0)

1.783883642s ago: executing program 4 (id=17157):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000040)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x30, 0x0, 0x0, 0x8000}, {0x6}]}, 0x10)
sendmsg$nl_route_sched(r0, &(0x7f0000004b80)={0x0, 0x0, &(0x7f0000004b40)={0x0}, 0x1, 0x0, 0x0, 0x40000c0}, 0xc054)

1.780670647s ago: executing program 9 (id=17158):
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000001540)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xa}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x0, 0xb, 0x2}}}}]}, 0x40}}, 0x4080)

1.57143s ago: executing program 3 (id=17159):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f00000000c0)=[{0x20, 0x22, 0x0, 0xfffff024}, {0x20, 0x0, 0x0, 0xfdfff034}, {0x6, 0x3, 0x8, 0x4}]}, 0x10)
sendmmsg(r0, &(0x7f0000000180), 0x4000190, 0x0)

1.562816192s ago: executing program 0 (id=17171):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port1\x00', 0x72, 0x11cfa, 0x0, 0x8000007, 0x3, 0x4, 0x1, 0x0, 0x6})
close(r0)

1.427627159s ago: executing program 6 (id=17160):
syz_mount_image$ext4(&(0x7f0000000100)='ext3\x00', &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4000004, &(0x7f0000000c00)={[{@jqfmt_vfsold}, {@grpid}, {@debug}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x5}}, {@noauto_da_alloc}, {@commit={'commit', 0x3d, 0x5}}, {@init_itable_val={'init_itable', 0x3d, 0x9}}, {@debug}, {@usrjquota}, {@nolazytime}, {@norecovery}]}, 0xfe, 0x477, &(0x7f0000000780)="$eJzs3M1vFOUfAPDvTLctLz9+rYgvIEgVjcSXlpYXOXjRaMJBExM9YDzVtpDKQg2tiRCi1QMeDYl3439hPOnFqBdNvOrdkBDDBdTLmtmZKUvZLVu67QL7+STTPs/M0z7Pd2ae2Wfm2d0AetZI9iOJ+F9E/B4RQ3n25gIj+a/rVy9M/X31wlQStdpbfyX1cteuXpgqi5Z/tzXP1GpFfrBJvRffjZisVmfOFvmxhdMfjM2fO//C7OnJkzMnZ85MHD166OCegSMThzsSZxbXtV0fz+3eeeydS29MHb/03k9JJfK4Y1kcnTKS792mnu50ZV22rSFd37FL9v5yI93sTKCb+iIiO1z99f4/FH2xeWnbULz2WVcbB6yrWq1WW+GqvFgD7mNJdLsFQHcUtwD1+99y2cDhR9ddeTm/Acrivl4s+ZZKpHlib/+y+9tOGomI44v/fJUtsU7PIQAAGn2XjX+ebzb+S+PhPDGQ/fh/MYcyHBEPRMT2iHgwInZExEMR9bKPRMSjq6x/+QzJreOf9PIdB9eGbPz3UjG3dfP4Ly2LDPcVuW31+PuTE7PVmQPFPtkf/YMnZpOZ8RXq+P7V375ota1x/JctWf3lWLBox+XK4Kab/mZ6cmFyTUE3uPJpxK5Ks/iTKKdxkojYGRG77rCO2WcrLbfdPv4VtP63bat9HfFMfvwXY1n8paTl/OT4i0cmDo9tiurMgbHyrLjVz79efLNV/WuKvwOy47+l6fm/FP9wsili/tz5U/X52vnV13Hxj89b3tO0d/4vZY5tK87/geTt+oqBYsNHkwsLZ8cjBpLXb10/ceO/lfmyfBb//n3N+//2uLEnHouI3RGxJyIez24Ki7Y/ERFPRsS+FeL/8ZWn3l99/BszV5rFP3274x+Nx3/1ib5TP3x7+/iza1yr43+ontpfrGnn+tduA9ey7wAAAOBekdbfA5+ko0mlSKfp6Gj+Hv4dsSWtzs0vPHdi7sMz0/l75YejPy2fdA01PA8dL54Nl/mJZfmDxXPjL/s21/OjU3PV6W4HDz1ua9n/l64Fef/P/NnX7dYB664D82jAPUr/h96l/0NvSvR/6Gn6P/SuZv3/k5alR79Z18YAG8rrP/SuNvr/Yv6r9agAuDd5/Yfepf9DT2r52fh0TR/53/DEv8X3Gd4t7bn/E5HeFc24/xOVtr/MYhWJ2lDe/7M1g03LdPvKBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Bn/BQAA///T8uXN")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x80)
open_by_handle_at(r0, &(0x7f0000000240)=@reiserfs_2={0x8, 0x2, {0xb}}, 0x36d0c8ed)

1.377054588s ago: executing program 4 (id=17161):
r0 = socket(0x11, 0xa, 0x0)
write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000000)=@unlock_all, 0x7)
sendmsg$can_bcm(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0x10, &(0x7f0000000080)={0x0}, 0x8, 0x0, 0x0, 0x44080}, 0x20044084)

1.21393372s ago: executing program 0 (id=17162):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000001c0)={0x14000000})

867.895672ms ago: executing program 4 (id=17163):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000003b810000850000007d000000850000005000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000100)='sys_exit\x00', r0}, 0x10)
lsm_list_modules(0x0, 0x0, 0x2000000)

789.083861ms ago: executing program 9 (id=17164):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000001000), r0)
sendmsg$TIPC_NL_PEER_REMOVE(r0, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010027bd7000ffdbdf25140000001c0007800c00030002000000000000e40b0004"], 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x8004)

755.426391ms ago: executing program 0 (id=17165):
r0 = socket(0x2d, 0x2, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08060cdc030000007f03e3f7000000006ee2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec0012100001400d0c0c00bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b", 0x83}], 0x1}, 0x0)
connect$qrtr(r0, &(0x7f0000000300)={0x2d, 0x0, 0x4001}, 0xc)

680.812699ms ago: executing program 8 (id=17166):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f00000001c0)='./file1\x00', 0x0, &(0x7f0000000680)={[{@nodioread_nolock}, {@noload}, {@acl}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x1, 0x797, &(0x7f0000002040)="$eJzs3c9rHGUfAPDvbJKmSfu+yQsvvG89BQQNlG5Mja2Ch4oHESwU9GwbNttQs8mW7KY0IWCLCF4EFQ+CXnr2R7159cdV/wsP0lI1LVY8SGQ2s8022Y2bNrtbzOcDs/s8M7P7PN95Zmaf2XnYDWDfGksfchFHIuK9JGIkm59ExEAt1R9xamO9u2urhXRKYn391V+S2jp31lYL0fCa1KEs8/+I+PbtiKO57eVWllfmpkul4mKWn6jOX5yoLK8cuzA/PVucLS6cmJyaOn7ymZMn9i7W335YOXzz/Zee/OLUH2/97/q73yVxKg5nyxrj2CtjMZZtk4F0E97nxb0urMeSXleAB5Iemn0bR3kciZHoq6VaGOpmzQCATlkHAPahRB8AAPaZ+vcAd9ZWC/Wp2fcETW7h/SPceiEiDm7EX7+/ubGkP7tnd7B2H3T4TnLfnZEkIkb3oPyxiPjkq9c/S6fI2sG9NKAbrlyNiHOjY9vP/8m2MQu79dROC9cH08fBrbM7MQ4DaO7rtP/zbLP+X+5e/yea9H8G62PHHtLW99h+/Odu7EExLaX9v+cbxrbdbYg/M9qX5f5V6/MNJOcvlIrpue3fETEeA4NpfrK2avOe2/jtP2+3Kr+x//frB298mpafPm+ukbvRv+UsOTNdnX7YuOtuXY14rL9Z/Mm99k9a9H/PtFnGy8+983GrZWn8abz1aXv8nbV+LeKJpu2/2ZbJjuMTJ2q7w0R9p2jiyx8/Gm5VfmP7p1Nafv1aoBvS9h/eOf7RpHG8ZmX3ZXx/beSbVsv+Pv7m+/+B5LVa+kA27/J0tbo4GXEgeWX7/OObr63n6+un8Y8/3vz43yi2+f6fXhOeazP+/ps/f/7g8XdWGv/Mrtp/94nrd+f6WpXfXvtP1VLj2Zx2zn/tVvBhth0AAAAAAAAAAAAAAAAAAAAAAAAAtCsXEYcjyeXvpXO5fH7jP7z/G8O5UrlSPXq+vLQwE7X/yh6NgVz9py5HGn4PdTL7Pfx6/viW/NMR8Z+I+HBwqJbPF8qlmV4HDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACZQ03+/38gW/bTYI8rBwB0zsFeVwAA6Dqf/wCw/+zu83+oY/UAALrH9T8A7D9tf/6f62w9AIDucf0PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAh505fTqd1n9fWy2k+ZlLy0tz5UvHZoqVufz8UiFfKC9ezM+Wy7OlYr5Qnm/5Rlc2nkrl8sWpWFi6PFEtVqoTleWVs/PlpYXq2Qvz07PFs8WBrkUGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO2rLK/MTZdKxUWJHRNDj0Y1tiT6o1el98fmnDfj0dgaEnuZaDxLDPXuBAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwiPsrAAD///GKLI4=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x143142, 0x40)
pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000040)="33bb", 0x2}], 0x1, 0x45, 0x0, 0x4)

565.7051ms ago: executing program 3 (id=17167):
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0)
r0 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f911, 0x8000, '\x00', @string=&(0x7f00000000c0)}})

493.09295ms ago: executing program 4 (id=17168):
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000380)=0x200000000)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f00000001c0)=0x304008000)

440.429277ms ago: executing program 9 (id=17169):
r0 = memfd_create(&(0x7f0000000180)='\x02A\xbb\xcc\x96\x0e\x00\x00\x00\x00\x00\x00\xf4l\xed\x1c\xe4\xa0bi\xd9\xe9\xe6X\xa4@\xf8\xfcZH\x94\xd1\xb4\xbb\'\xfbM\x8a\a\x00\x00\x00h\x11\x1ft\xf1\xdc*T\xa7\xb3\xf2\x8cK\xa4y\x88\xe6\x92\x0f\xbdUS,2\xc5\xff\x83~\xa7\xb8\x9a\xa1\x9e\xf5\xbc_\x8b.\xb0\xd0\x82\xce1\xcd\xfe\b\xcf\t\xf7Jf,<.)F[\f%\x00\xca5\x06\x84J\x05\xcdo<\xcf\x98rK\xf6\x97Tk\x827Q\xb1\rnL\xd7\xb5/:\xab5\xf8\xc7\x13\xf7\xe6\xf1\xdd\xac\x93\xb0\x80\xe1\x92GUr>\x0f\x96\x83\xbd\xcf\xfe\xb3\xe2r\t*G.\xf5]\xdc\x9c\xd80\xd1\x1a\xedh\x1b\xfc\xd1\x9dQ0\x1c\xbd\x183\xe4\x00\xca\x19\xbd9h\x9b\xf1O\x03\xc8\xea\xe7@\x91&\xe6\xd9\xe9\x87@\xaby\xb8\xfc\xbbL~\x0e\xe7,\xa3\xe9\xb9\x8f@\x04\x981w?\xd8zx\x84)\r\xc4\xc2?o\'\xcag\xc7\x00\xfe\xff\xff\xff\xff\xff\xff\xb3\xe5\xb5\xc6\xae\x00\x00\x00', 0x3)
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3000006, 0x11, r0, 0x0)
fcntl$addseals(r0, 0x409, 0xa)

432.261791ms ago: executing program 6 (id=17182):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000001380)='./file1\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="636865636b706f696e743d64697361626c652c6261636b67726f756e645f67633d73796e632c61636c2c616c6c6f635f6d6f64653d72657573652c696e6c696e655f78617474722c6e6f666c7573685f6d657267652c6d6f64653d6c66732c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c6167655f657874656e745f63616368652c646973636172642c6e6f696e6c696e655f64656e7472792c008bfb3c1e4b1b12ae77c937da8858"], 0x1, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000000240)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {0x1, 0x2}, [], {0x4, 0x4}, [], {0x10, 0x4}, {0x20, 0x3}}, 0x24, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)

320.979904ms ago: executing program 0 (id=17170):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x19)
readv(r0, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0x940}], 0x1)

217.704214ms ago: executing program 3 (id=17172):
r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000000), 0x1)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)=@generic={0x0, 0x0, 0x18}, 0x18)
writev(r0, &(0x7f0000000200), 0x1)

210.72481ms ago: executing program 9 (id=17173):
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000f80)={'wlan1\x00', &(0x7f0000000f40)=@ethtool_stats={0x4b}})

89.125562ms ago: executing program 3 (id=17174):
r0 = syz_open_dev$sg(&(0x7f0000000280), 0x0, 0x22c43)
setreuid(0x0, 0xee00)
ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, 0x0)

0s ago: executing program 4 (id=17175):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f00000000c0)=[{0x20, 0x0, 0x81, 0xfffff038}, {0x20, 0x0, 0x0, 0xfffff034}, {0x6}]}, 0x10)
sendmmsg(r0, &(0x7f0000000180), 0x4000190, 0x0)

kernel console output (not intermixed with test programs):

67][T11717] FAT-fs (loop1): Directory bread(block 72) failed
[ 1718.287631][T11734] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1718.298825][T11717] FAT-fs (loop1): Directory bread(block 73) failed
[ 1718.510647][   T30] audit: type=1800 audit(2000000945.245:2301): pid=11717 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.16171" name="file1" dev="loop1" ino=1048857 res=0 errno=0
[ 1719.056639][T11754] loop4: detected capacity change from 0 to 8
[ 1719.536543][T11773] netlink: 7064 bytes leftover after parsing attributes in process `syz.5.16195'.
[ 1719.588718][T11773] openvswitch: netlink: Missing key (keys=40, expected=200000)
[ 1719.674212][T11777] net veth1_virt_wifi ������: renamed from virt_wifi0
[ 1719.898706][ T6199] usb 10-1: new high-speed USB device number 20 using dummy_hcd
[ 1720.105816][ T6199] usb 10-1: Using ep0 maxpacket: 16
[ 1720.117858][ T6199] usb 10-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5
[ 1720.138034][T11793] loop6: detected capacity change from 0 to 136
[ 1720.157598][ T6199] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1720.183062][ T6199] usb 10-1: Product: syz
[ 1720.211477][ T6199] usb 10-1: Manufacturer: syz
[ 1720.216218][ T6199] usb 10-1: SerialNumber: syz
[ 1720.242580][T11793] Attempt to read inode for relocated directory
[ 1720.369146][ T6199] usb 10-1: config 0 descriptor??
[ 1720.393037][ T6199] visor 10-1:0.0: Sony Clie 3.5 converter detected
[ 1720.529812][T11801] netlink: 8 bytes leftover after parsing attributes in process `syz.1.16207'.
[ 1720.659274][T11807] netlink: 'syz.5.16211': attribute type 23 has an invalid length.
[ 1720.846260][ T6199] usb 10-1: clie_3_5_startup: get interface number failed: -71
[ 1720.885885][ T6199] visor 10-1:0.0: probe with driver visor failed with error -71
[ 1720.904779][T11813] loop1: detected capacity change from 0 to 136
[ 1720.948298][ T6199] usb 10-1: USB disconnect, device number 20
[ 1720.969167][T11813] Attempt to read inode for relocated directory
[ 1721.459019][T11829] xt_CONNSECMARK: invalid mode: 66
[ 1721.711571][T11834] loop9: detected capacity change from 0 to 128
[ 1721.750654][T11835] loop8: detected capacity change from 0 to 512
[ 1721.770585][ T6248] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[ 1721.794116][T11834] EXT4-fs (loop9): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[ 1721.869946][T11835] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1721.906164][T11834] ext4 filesystem being mounted at /825/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[ 1721.953147][T11835] ext4 filesystem being mounted at /1197/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1721.990637][ T6248] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1722.020140][ T6248] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1722.044083][ T6248] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1722.111140][T32149] EXT4-fs (loop9): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 1722.139649][T11831] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1722.186127][T11824] loop5: detected capacity change from 0 to 32768
[ 1722.200780][ T6248] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[ 1722.233893][T26577] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1722.245283][T11847] netlink: 256 bytes leftover after parsing attributes in process `syz.1.16227'.
[ 1722.299455][T11824] JBD2: Ignoring recovery information on journal
[ 1722.577100][T11824] ocfs2: Mounting device (7,5) on (node local, slot 0) with writeback data mode.
[ 1722.703261][T32670] usb 5-1: USB disconnect, device number 10
[ 1723.065370][ T6101] ocfs2: Unmounting device (7,5) on (node local)
[ 1723.492182][   T24] usb 7-1: new high-speed USB device number 52 using dummy_hcd
[ 1723.702716][   T24] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE8, changing to 0x88
[ 1723.752928][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7
[ 1723.796814][   T24] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x6D, changing to 0xD
[ 1723.852117][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7
[ 1723.895093][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[ 1723.925802][   T24] usb 7-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49
[ 1723.952104][   T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1723.987285][   T24] usb 7-1: Product: syz
[ 1723.991528][   T24] usb 7-1: Manufacturer: syz
[ 1724.014867][   T24] usb 7-1: SerialNumber: syz
[ 1724.032516][   T24] usb 7-1: config 0 descriptor??
[ 1724.077527][   T24] iguanair 7-1:0.0: failed to get version
[ 1724.116761][   T24] iguanair 7-1:0.0: probe with driver iguanair failed with error -90
[ 1724.357652][T11894] netlink: 8 bytes leftover after parsing attributes in process `syz.4.16250'.
[ 1724.382448][   T24] usb 7-1: USB disconnect, device number 52
[ 1724.414505][T11865] loop1: detected capacity change from 0 to 32768
[ 1724.457705][T11865] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.16235 (11865)
[ 1724.589409][T11899] loop9: detected capacity change from 0 to 16
[ 1724.619286][T11865] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1724.630421][T11899] erofs (device loop9): mounted with root inode @ nid 36.
[ 1724.654563][T11865] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm
[ 1724.878004][T11865] BTRFS info (device loop1): setting nodatasum
[ 1724.893323][T11865] BTRFS info (device loop1): turning off barriers
[ 1724.899832][T11865] BTRFS info (device loop1): turning on async discard
[ 1724.956318][T11865] BTRFS info (device loop1): enabling free space tree
[ 1725.000170][T11865] BTRFS info (device loop1): enabling auto defrag
[ 1725.006801][T11865] BTRFS info (device loop1): use zlib compression, level 3
[ 1725.139676][T11927] netdevsim netdevsim8: Firmware load for '..' refused, path contains '..' component
[ 1725.245564][T11933] netlink: 8 bytes leftover after parsing attributes in process `syz.6.16261'.
[ 1725.396655][ T6199] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[ 1725.481097][ T6107] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1725.592974][ T6199] usb 5-1: Using ep0 maxpacket: 8
[ 1725.632458][ T6199] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[ 1725.640773][ T6199] usb 5-1: config 179 has no interface number 0
[ 1725.661533][ T6199] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[ 1725.723768][ T6199] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[ 1725.802338][ T6199] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1725.856044][ T6199] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1725.924601][ T6199] usb 5-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1725.937269][T11946] netlink: 28 bytes leftover after parsing attributes in process `syz.9.16268'.
[ 1725.966297][T11946] netlink: 28 bytes leftover after parsing attributes in process `syz.9.16268'.
[ 1725.998072][ T6199] usb 5-1: config 179 interface 65 has no altsetting 0
[ 1726.005039][ T6199] usb 5-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[ 1726.057850][ T6199] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1726.196443][ T6199] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input107
[ 1726.362649][T11958] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1726.451770][ T6199] usb 5-1: USB disconnect, device number 11
[ 1726.831759][   T30] audit: type=1326 audit(2000000953.025:2302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11967 comm="syz.8.16279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fc798f6c9 code=0x7ffc0000
[ 1726.919435][   T30] audit: type=1326 audit(2000000953.043:2303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11967 comm="syz.8.16279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=239 compat=0 ip=0x7f7fc798f6c9 code=0x7ffc0000
[ 1727.070748][   T30] audit: type=1326 audit(2000000953.053:2304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11967 comm="syz.8.16279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fc798f6c9 code=0x7ffc0000
[ 1727.235764][   T30] audit: type=1326 audit(2000000953.053:2305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11967 comm="syz.8.16279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fc798f6c9 code=0x7ffc0000
[ 1727.376866][T11985] netlink: 1164 bytes leftover after parsing attributes in process `syz.5.16286'.
[ 1728.135443][T12009] loop5: detected capacity change from 0 to 8
[ 1728.178798][T12009] SQUASHFS error: Failed to read block 0x4de: -5
[ 1728.204007][T12009] SQUASHFS error: Failed to read block 0x4de: -5
[ 1728.242991][T12009] SQUASHFS error: Failed to read block 0x4de: -5
[ 1728.262069][T12009] SQUASHFS error: Failed to read block 0x4de: -5
[ 1728.273148][T12012] netlink: 'syz.9.16299': attribute type 3 has an invalid length.
[ 1728.297124][T12009] SQUASHFS error: Failed to read block 0x4de: -5
[ 1728.310979][   T30] audit: type=1800 audit(2000000954.399:2306): pid=12009 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.16297" name="file1" dev="loop5" ino=5 res=0 errno=0
[ 1728.556539][T12019] loop9: detected capacity change from 0 to 128
[ 1728.597086][T12019] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=256, location=256
[ 1728.641532][T12019] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1728.713265][T12026] loop8: detected capacity change from 0 to 512
[ 1728.721037][T12026] EXT4-fs: Ignoring removed bh option
[ 1728.774498][T12026] EXT4-fs: Mount option(s) incompatible with ext2
[ 1728.916245][T12029] loop6: detected capacity change from 0 to 512
[ 1728.950334][T12029] EXT4-fs (loop6): orphan cleanup on readonly fs
[ 1728.956932][T12029] EXT4-fs (loop6): Cannot turn on journaled quota: type 0: error -13
[ 1728.969156][T12031] netlink: 52 bytes leftover after parsing attributes in process `syz.1.16309'.
[ 1729.004025][T11995] loop4: detected capacity change from 0 to 32768
[ 1729.033627][T12029] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1286: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[ 1729.121722][T12029] EXT4-fs error (device loop6): ext4_clear_blocks:874: inode #13: comm syz.6.16308: attempt to clear invalid blocks 2 len 1
[ 1729.137442][   T30] audit: type=1800 audit(2000000955.156:2307): pid=11995 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.16291" name="bus" dev="loop4" ino=7 res=0 errno=0
[ 1729.139272][ T6199] usb 9-1: new high-speed USB device number 32 using dummy_hcd
[ 1729.181040][T12029] EXT4-fs error (device loop6): ext4_free_branches:1020: inode #13: comm syz.6.16308: invalid indirect mapped block 1819239214 (level 0)
[ 1729.224990][T12029] EXT4-fs error (device loop6): ext4_free_branches:1020: inode #13: comm syz.6.16308: invalid indirect mapped block 1819239214 (level 1)
[ 1729.330597][T12029] EXT4-fs (loop6): 1 truncate cleaned up
[ 1729.370896][T12029] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[ 1729.417331][ T6199] usb 9-1: Using ep0 maxpacket: 32
[ 1729.452850][ T6199] usb 9-1: config 4 has an invalid interface number: 228 but max is 0
[ 1729.462439][ T6199] usb 9-1: config 4 has no interface number 0
[ 1729.468879][ T6199] usb 9-1: config 4 interface 228 altsetting 68 has an endpoint descriptor with address 0xAC, changing to 0x8C
[ 1729.494106][T12029] EXT4-fs error (device loop6): ext4_lookup:1783: inode #2: comm syz.6.16308: 'file1' linked to parent dir
[ 1729.546755][ T6199] usb 9-1: config 4 interface 228 altsetting 68 endpoint 0x8C has an invalid bInterval 94, changing to 10
[ 1729.586471][ T6199] usb 9-1: config 4 interface 228 altsetting 68 endpoint 0x8C has invalid maxpacket 42958, setting to 1024
[ 1729.634213][ T6199] usb 9-1: config 4 interface 228 has no altsetting 0
[ 1729.660365][T12046] netlink: 7064 bytes leftover after parsing attributes in process `syz.5.16317'.
[ 1729.670531][T12042] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[ 1729.684820][ T6199] usb 9-1: New USB device found, idVendor=0499, idProduct=a9a2, bcdDevice=c4.e8
[ 1729.703641][T12046] openvswitch: netlink: Missing key (keys=40, expected=2000)
[ 1729.714482][ T6199] usb 9-1: New USB device strings: Mfr=1, Product=25, SerialNumber=3
[ 1729.756433][ T6199] usb 9-1: Product: syz
[ 1729.809756][ T6199] usb 9-1: Manufacturer: syz
[ 1729.834392][ T6199] usb 9-1: SerialNumber: syz
[ 1729.843526][T21590] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1729.911187][T12026] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[ 1730.158682][T12054] netlink: 'syz.6.16319': attribute type 1 has an invalid length.
[ 1730.211480][ T6199] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[ 1730.219694][T12054] netlink: 4 bytes leftover after parsing attributes in process `syz.6.16319'.
[ 1730.339602][ T6199] usb 9-1: USB disconnect, device number 32
[ 1730.635277][ T6074] udevd[6074]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:4.228/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1730.899133][T12075] loop6: detected capacity change from 0 to 256
[ 1731.002000][T12075] MINIX-fs: mounting file system with errors, running fsck is recommended
[ 1731.103732][T12075] MINIX-fs warning: remounting fs with errors, running fsck is recommended
[ 1731.338770][T12088] geneve2: entered promiscuous mode
[ 1731.368549][T12088] geneve2: entered allmulticast mode
[ 1731.392288][ T4578] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 20000 - 0
[ 1731.438748][ T4578] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 20000 - 0
[ 1731.480263][ T4578] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 20000 - 0
[ 1731.517102][ T4578] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 20000 - 0
[ 1731.529023][T12094] netlink: 4 bytes leftover after parsing attributes in process `syz.6.16339'.
[ 1732.046967][T12111] loop6: detected capacity change from 0 to 2048
[ 1732.118769][T12119] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1732.138747][T12111] syz.6.16348: attempt to access beyond end of device
[ 1732.138747][T12111] loop6: rw=0, sector=281474976710722, nr_sectors = 2 limit=2048
[ 1732.300476][T12111] NILFS (loop6): I/O error reading b-tree node block (ino=16, blocknr=15)
[ 1732.377259][T12111] NILFS (loop6): bad btree node (ino=16, blocknr=12): level = 0, flags = 0x0, nchildren = 0
[ 1732.423437][T12111] NILFS error (device loop6): nilfs_bmap_last_key: broken bmap (inode number=16)
[ 1732.509852][T12111] Remounting filesystem read-only
[ 1732.518963][T12111] NILFS (loop6): error -5 truncating bmap (ino=16)
[ 1732.529983][   T30] audit: type=1400 audit(2000000958.335:2308): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=":(%#{//(@\)//&@},['%%&\#*" pid=12126 comm="syz.9.16356"
[ 1732.647776][T21590] NILFS (loop6): disposed unprocessed dirty file(s) when detaching log writer
[ 1732.744090][T12131] loop4: detected capacity change from 0 to 1024
[ 1732.937691][ T4578] hfsplus: b-tree write err: -5, ino 4
[ 1733.168338][T12149] loop4: detected capacity change from 0 to 1024
[ 1733.227708][T12149] EXT4-fs: Ignoring removed bh option
[ 1733.235982][T12151] loop9: detected capacity change from 0 to 512
[ 1733.342903][T12151] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1733.373714][T12149] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1733.447577][T12149] /dev/loop4: Can't open blockdev
[ 1733.449433][T12151] ext4 filesystem being mounted at /853/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1733.563907][T12164] loop6: detected capacity change from 0 to 8192
[ 1733.604909][T12164] FAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[ 1733.639995][ T6109] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1733.685512][T12164] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[ 1733.739538][T12164] FAT-fs (loop6): Filesystem has been set read-only
[ 1733.785725][T12164] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[ 1733.787741][   T30] audit: type=1326 audit(2000000959.532:2309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12169 comm="syz.1.16374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f779758f6c9 code=0x7ffc0000
[ 1733.821047][T32149] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1733.837242][T12164] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[ 1733.908216][   T30] audit: type=1326 audit(2000000959.532:2310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12169 comm="syz.1.16374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f779758f6c9 code=0x7ffc0000
[ 1733.920180][T12164] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[ 1733.936368][   T30] audit: type=1326 audit(2000000959.560:2311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12169 comm="syz.1.16374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=239 compat=0 ip=0x7f779758f6c9 code=0x7ffc0000
[ 1734.079433][T12164] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[ 1734.126820][   T30] audit: type=1326 audit(2000000959.560:2312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12169 comm="syz.1.16374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f779758f6c9 code=0x7ffc0000
[ 1734.137524][T12164] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[ 1734.235981][T12164] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[ 1734.271804][   T30] audit: type=1326 audit(2000000959.560:2313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12169 comm="syz.1.16374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f779758f6c9 code=0x7ffc0000
[ 1734.289054][T12164] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[ 1734.341415][T12164] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[ 1734.433154][T12164] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[ 1734.443167][   T30] audit: type=1800 audit(2000000960.140:2314): pid=12164 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.16372" name="file2" dev="loop6" ino=1048858 res=0 errno=0
[ 1735.260273][T12166] loop8: detected capacity change from 0 to 32768
[ 1735.298808][T12166] jfs_strtoUCS: char2uni returned -22.
[ 1735.308124][T12166] charset = cp1255, char = 0xfc
[ 1735.491058][T12212] loop9: detected capacity change from 0 to 1024
[ 1735.492901][T12209] netlink: 512 bytes leftover after parsing attributes in process `syz.6.16392'.
[ 1735.916594][T12221] netlink: 'syz.4.16399': attribute type 1 has an invalid length.
[ 1735.941395][T12221] netlink: 244 bytes leftover after parsing attributes in process `syz.4.16399'.
[ 1735.950924][T12221] NCSI netlink: No device for ifindex 0
[ 1735.961342][ T1024] hfsplus: b-tree write err: -5, ino 4
[ 1736.886218][T12257] netlink: 'syz.1.16416': attribute type 21 has an invalid length.
[ 1736.914797][T12257] netlink: 132 bytes leftover after parsing attributes in process `syz.1.16416'.
[ 1737.075131][T11335] usb 10-1: new high-speed USB device number 21 using dummy_hcd
[ 1737.286873][T11335] usb 10-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1737.319880][T11335] usb 10-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1737.349346][T11335] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1737.389230][T12250] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[ 1737.429561][T11335] usb 10-1: Quirk or no altset; falling back to MIDI 1.0
[ 1737.892823][T11335] usb 10-1: USB disconnect, device number 21
[ 1738.008431][T12290] loop1: detected capacity change from 0 to 47
[ 1738.522031][T12308] netlink: 'syz.6.16441': attribute type 1 has an invalid length.
[ 1739.630009][T12303] loop8: detected capacity change from 0 to 32768
[ 1739.684786][T12303] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.16440 (12303)
[ 1739.754176][T12303] BTRFS info (device loop8): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1739.806701][T12303] BTRFS info (device loop8): using crc32c (crc32c-lib) checksum algorithm
[ 1739.861001][T12338] loop4: detected capacity change from 0 to 64
[ 1739.876963][T12337] loop1: detected capacity change from 0 to 512
[ 1740.035115][T12337] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1740.078184][T12312] loop5: detected capacity change from 0 to 32768
[ 1740.104032][T12337] ext4 filesystem being mounted at /2797/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1740.231183][T12312] JBD2: Ignoring recovery information on journal
[ 1740.269859][T12360] netlink: 'syz.6.16456': attribute type 12 has an invalid length.
[ 1740.327539][T12303] BTRFS info (device loop8): setting nodatasum
[ 1740.337367][T12312] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[ 1740.382756][T12303] BTRFS info (device loop8): turning off barriers
[ 1740.389346][T12303] BTRFS info (device loop8): turning on async discard
[ 1740.412450][T12303] BTRFS info (device loop8): enabling free space tree
[ 1740.419451][T12303] BTRFS info (device loop8): enabling auto defrag
[ 1740.476633][ T6107] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1740.492704][T12303] BTRFS info (device loop8): use zlib compression, level 3
[ 1740.732662][ T6101] ocfs2: Unmounting device (7,5) on (node local)
[ 1740.828724][T12371] loop6: detected capacity change from 0 to 256
[ 1740.869584][T12370] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1740.980544][T12371] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d)
[ 1741.234719][T26577] BTRFS info (device loop8): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1741.550158][   T24] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[ 1741.614845][T12388] trusted_key: encrypted_key: master key parameter is missing
[ 1741.748859][   T24] usb 2-1: Using ep0 maxpacket: 32
[ 1741.795498][   T24] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1741.830579][   T24] usb 2-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[ 1741.889769][   T24] usb 2-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb
[ 1741.945003][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1741.993660][   T24] usb 2-1: Product: syz
[ 1742.004686][   T24] usb 2-1: Manufacturer: syz
[ 1742.029935][   T24] usb 2-1: SerialNumber: syz
[ 1742.294564][   T24] usb 2-1: Cannot retrieve CPort count: 0
[ 1742.311648][   T24] usb 2-1: Cannot retrieve CPort count: -5
[ 1742.349925][   T24] es2_ap_driver 2-1:7.0: probe with driver es2_ap_driver failed with error -5
[ 1742.566163][   T24] usb 2-1: USB disconnect, device number 49
[ 1742.623682][T12404] loop6: detected capacity change from 0 to 4096
[ 1742.709552][T12404] ntfs3(loop6): Different NTFS sector size (4096) and media sector size (512).
[ 1742.854419][T12404] ntfs3(loop6): Failed to initialize $Extend/$Reparse.
[ 1742.863922][T12418] CIFS: iocharset name too long
[ 1743.779786][T12445] netlink: 7 bytes leftover after parsing attributes in process `syz.9.16498'.
[ 1743.842236][T12445] netlink: 8 bytes leftover after parsing attributes in process `syz.9.16498'.
[ 1744.452934][T12470] netlink: 44 bytes leftover after parsing attributes in process `syz.8.16510'.
[ 1744.716635][T12478] usb usb8: usbfs: process 12478 (syz.1.16514) did not claim interface 0 before use
[ 1745.083455][T32670] usb 9-1: new high-speed USB device number 33 using dummy_hcd
[ 1745.171880][T12486] loop5: detected capacity change from 0 to 8192
[ 1745.214473][T12486] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[ 1745.260030][T12486] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[ 1745.286063][T12496] warn_alloc: 1 callbacks suppressed
[ 1745.286091][T12496] syz.9.16522: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null)
[ 1745.295453][T32670] usb 9-1: New USB device found, idVendor=04dd, idProduct=9032, bcdDevice=fd.0b
[ 1745.299699][T12486] FAT-fs (loop5): Filesystem has been set read-only
[ 1745.328888][T12496] ,cpuset=/,mems_allowed=0-1
[ 1745.340517][T12496] CPU: 1 UID: 0 PID: 12496 Comm: syz.9.16522 Not tainted syzkaller #0 PREEMPT(full) 
[ 1745.340566][T12496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1745.340589][T12496] Call Trace:
[ 1745.340601][T12496]  <TASK>
[ 1745.340616][T12496]  dump_stack_lvl+0x16c/0x1f0
[ 1745.340670][T12496]  warn_alloc+0x248/0x3a0
[ 1745.340725][T12496]  ? __pfx_warn_alloc+0x10/0x10
[ 1745.340768][T12496]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1745.340816][T12496]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1745.340878][T12496]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1745.340922][T12496]  ? kasan_save_stack+0x42/0x60
[ 1745.340977][T12496]  ? kasan_save_stack+0x33/0x60
[ 1745.341043][T12496]  ? kasan_save_track+0x14/0x30
[ 1745.341099][T12496]  ? xskq_create+0x52/0x1d0
[ 1745.341133][T12496]  ? xsk_setsockopt+0x74e/0x9a0
[ 1745.341190][T12496]  ? do_sock_setsockopt+0xf3/0x1d0
[ 1745.341238][T12496]  ? xskq_create+0xfb/0x1d0
[ 1745.341276][T12496]  __vmalloc_node_range_noprof+0xfbc/0x1480
[ 1745.341335][T12496]  ? xskq_create+0xfb/0x1d0
[ 1745.341385][T12496]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1745.341444][T12496]  ? xskq_create+0xfb/0x1d0
[ 1745.341481][T12496]  vmalloc_user_noprof+0x9e/0xe0
[ 1745.341522][T12496]  ? xskq_create+0xfb/0x1d0
[ 1745.341560][T12496]  xskq_create+0xfb/0x1d0
[ 1745.341600][T12496]  xsk_setsockopt+0x74e/0x9a0
[ 1745.341657][T12496]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1745.341698][T12496]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1745.341756][T12496]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1745.341802][T12496]  ? find_held_lock+0x2b/0x80
[ 1745.341854][T12496]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1745.341899][T12496]  ? aa_sock_opt_perm+0xfd/0x1c0
[ 1745.341953][T12496]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1745.342017][T12496]  do_sock_setsockopt+0xf3/0x1d0
[ 1745.342075][T12496]  __sys_setsockopt+0x1a0/0x230
[ 1745.342148][T12496]  __x64_sys_setsockopt+0xbd/0x160
[ 1745.342207][T12496]  ? do_syscall_64+0x91/0xfa0
[ 1745.342251][T12496]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1745.342295][T12496]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1745.342342][T12496]  do_syscall_64+0xcd/0xfa0
[ 1745.342392][T12496]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1745.342429][T12496] RIP: 0033:0x7fdca598f6c9
[ 1745.342457][T12496] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1745.342495][T12496] RSP: 002b:00007fdca6797038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1745.342530][T12496] RAX: ffffffffffffffda RBX: 00007fdca5be5fa0 RCX: 00007fdca598f6c9
[ 1745.342555][T12496] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003
[ 1745.342579][T12496] RBP: 00007fdca5a11f91 R08: 0000000000000004 R09: 0000000000000000
[ 1745.342602][T12496] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1745.342626][T12496] R13: 00007fdca5be6038 R14: 00007fdca5be5fa0 R15: 00007fff39aad408
[ 1745.342678][T12496]  </TASK>
[ 1745.353968][T32670] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1745.399928][T12486] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[ 1745.399978][T12486] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[ 1745.400019][T12486] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[ 1745.400066][T12486] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[ 1745.400104][T12486] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[ 1745.400145][T12486] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[ 1745.400185][T12486] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[ 1745.400226][T12486] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[ 1745.400471][T12486] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[ 1745.415356][T12496] Mem-Info:
[ 1745.538033][   T30] audit: type=1800 audit(2000000007.545:2315): pid=12486 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.16518" name="file2" dev="loop5" ino=1048859 res=0 errno=0
[ 1745.684657][T12496] active_anon:15889 inactive_anon:0 isolated_anon:0
[ 1745.684657][T12496]  active_file:20081 inactive_file:41219 isolated_file:0
[ 1745.684657][T12496]  unevictable:768 dirty:649 writeback:0
[ 1745.684657][T12496]  slab_reclaimable:10387 slab_unreclaimable:112069
[ 1745.684657][T12496]  mapped:36909 shmem:6737 pagetables:2085
[ 1745.684657][T12496]  sec_pagetables:0 bounce:0
[ 1745.684657][T12496]  kernel_misc_reclaimable:0
[ 1745.684657][T12496]  free:1253363 free_pcp:11792 free_cma:0
[ 1745.694383][T32670] usb 9-1: config 0 descriptor??
[ 1745.802748][T12461] loop4: detected capacity change from 0 to 32768
[ 1745.810731][T12496] Node 0 active_anon:61756kB inactive_anon:0kB active_file:80324kB inactive_file:164672kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:147636kB dirty:2596kB writeback:0kB shmem:25412kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:14168kB pagetables:8172kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1745.850166][T12496] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:168kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1745.889784][T32670] usb 9-1: unsupported MDLM descriptors
[ 1745.903562][T12496] Node 0 DMA free:15356kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1745.944880][T12496] lowmem_reserve[]: 0 2485 2487 2487 2487
[ 1745.953856][T12496] Node 0 DMA32 free:1120368kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB free_highatomic:0KB active_anon:61456kB inactive_anon:0kB active_file:80324kB inactive_file:164672kB unevictable:1536kB writepending:2596kB zspages:0kB present:3129332kB managed:2544996kB mlocked:0kB bounce:0kB free_pcp:33668kB local_pcp:17808kB free_cma:0kB
[ 1745.988739][T12496] lowmem_reserve[]: 0 0 1 1 1
[ 1745.993692][T12496] Node 0 Normal free:0kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1746.024067][T12496] lowmem_reserve[]: 0 0 0 0 0
[ 1746.046145][T12496] Node 1 Normal free:3877484kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:20108kB local_pcp:13204kB free_cma:0kB
[ 1746.146827][T12496] lowmem_reserve[]: 0 0 0 0 0
[ 1746.151668][T12496] Node 0 DMA: 1*4kB (U) 1*8kB (U) 1*16kB (U) 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 1*2048kB (M) 3*4096kB (M) = 15356kB
[ 1746.167320][T12496] Node 0 DMA32: 655*4kB (UE) 349*8kB (UME) 367*16kB (UM) 560*32kB (UME) 253*64kB (UME) 610*128kB (UME) 535*256kB (UME) 347*512kB (UME) 186*1024kB (UME) 6*2048kB (UME) 117*4096kB (UM) = 1120084kB
[ 1746.175248][T12461] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1746.220766][T12511] netlink: 36 bytes leftover after parsing attributes in process `syz.6.16528'.
[ 1746.241508][T11335] usb 9-1: USB disconnect, device number 33
[ 1746.255185][T12496] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1746.279718][T12511] netlink: 16 bytes leftover after parsing attributes in process `syz.6.16528'.
[ 1746.295064][T12496] Node 1 Normal: 25*4kB (UME) 15*8kB (UME) 17*16kB (UME) 16*32kB (UME) 46*64kB (UME) 46*128kB (UME) 14*256kB (UM) 7*512kB (UM) 6*1024kB (UME) 4*2048kB (UE) 939*4096kB (UM) = 3877484kB
[ 1746.314638][T12496] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1746.361503][T12496] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1746.371528][T12496] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1746.381195][T12496] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1746.390872][T12496] 66723 total pagecache pages
[ 1746.395572][T12496] 0 pages in swap cache
[ 1746.399821][T12496] Free swap  = 124996kB
[ 1746.404581][T12496] Total swap = 124996kB
[ 1746.408859][T12496] 2097051 pages RAM
[ 1746.412906][T12496] 0 pages HighMem/MovableOnly
[ 1746.417684][T12496] 428712 pages reserved
[ 1746.423361][T12496] 0 pages cma reserved
[ 1746.445442][T12461] XFS (loop4): Ending clean mount
[ 1746.689009][ T6109] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1747.417643][T32670] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[ 1747.433867][T12543] loop4: detected capacity change from 0 to 64
[ 1747.461083][T12547] tmpfs: Bad value for 'mpol'
[ 1747.636459][T32670] usb 2-1: config 2 has an invalid descriptor of length 146, skipping remainder of the config
[ 1747.679506][T32670] usb 2-1: config 2 interface 0 altsetting 178 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1747.757912][T32670] usb 2-1: config 2 interface 0 has no altsetting 0
[ 1747.797697][T32670] usb 2-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=da.47
[ 1747.847919][T32670] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1747.888256][T32670] usb 2-1: Product: syz
[ 1747.892490][T32670] usb 2-1: Manufacturer: syz
[ 1747.923957][T32670] usb 2-1: SerialNumber: syz
[ 1748.202915][T32670] ims_pcu 2-1:2.0: probe with driver ims_pcu failed with error -22
[ 1748.280831][T32670] usb 2-1: USB disconnect, device number 50
[ 1748.423064][T12569] loop8: detected capacity change from 0 to 2048
[ 1748.451364][T12569] NILFS (loop8): invalid segment: Inconsistency found
[ 1748.465447][T12569] NILFS (loop8): trying rollback from an earlier position
[ 1748.540851][T12569] NILFS (loop8): recovery complete
[ 1748.848315][T12583] loop4: detected capacity change from 0 to 128
[ 1748.938486][T12583] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[ 1748.985355][T12585] loop8: detected capacity change from 0 to 1024
[ 1748.999047][T12583] ext4 filesystem being mounted at /2727/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[ 1749.155147][T12591] binder: 12590:12591 ioctl c018620c 200000000000 returned -1
[ 1749.191282][T12593] loop1: detected capacity change from 0 to 512
[ 1749.204510][ T6109] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 1749.329933][T12593] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0007-000000000000 r/w without journal. Quota mode: writeback.
[ 1749.400589][T23932] hfsplus: b-tree write err: -5, ino 8
[ 1749.408162][T12593] ext4 filesystem being mounted at /2811/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1749.572707][T12593] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 2 index 0
[ 1749.620909][T12602] netlink: 'syz.5.16567': attribute type 10 has an invalid length.
[ 1749.630154][T12593] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0
[ 1749.659019][T12593] EXT4-fs error (device loop1): ext4_acquire_dquot:6943: comm syz.1.16562: Failed to acquire dquot type 0
[ 1749.723869][T12602] bond0: (slave team0): Releasing backup interface
[ 1749.760688][T12602] team0: Cannot enslave team device to itself
[ 1749.832154][T12577] loop6: detected capacity change from 0 to 32768
[ 1749.906487][ T6107] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0007-000000000000.
[ 1750.585148][T12627] netlink: 'syz.9.16579': attribute type 11 has an invalid length.
[ 1750.893270][T12634] netlink: 830 bytes leftover after parsing attributes in process `syz.5.16583'.
[ 1751.371726][T12645] loop5: detected capacity change from 0 to 1024
[ 1751.470456][T12648] usb usb3: usbfs: process 12648 (syz.6.16589) did not claim interface 0 before use
[ 1751.505293][T12645] syz.5.16588: attempt to access beyond end of device
[ 1751.505293][T12645] loop5: rw=0, sector=201326592, nr_sectors = 2 limit=1024
[ 1751.560749][T12645] Buffer I/O error on dev loop5, logical block 100663296, async page read
[ 1751.578145][T12645] hfsplus: unable to mark blocks free: error -5
[ 1751.595745][T12645] hfsplus: can't free extent: start 0, count 1
[ 1752.088695][T12637] loop1: detected capacity change from 0 to 32768
[ 1752.127871][T12637] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.16585 (12637)
[ 1752.216302][T12637] BTRFS info (device loop1 state S): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1752.275128][T12659] loop5: detected capacity change from 0 to 512
[ 1752.283371][T12637] BTRFS info (device loop1 state S): using crc32c (crc32c-lib) checksum algorithm
[ 1752.317250][T12659] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 1752.366530][T12659] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a843e01c, mo2=0002]
[ 1752.412081][T12659] System zones: 1-12
[ 1752.449958][T12659] EXT4-fs error (device loop5): ext4_validate_block_bitmap:440: comm syz.5.16595: bg 0: block 328: padding at end of block bitmap is not set
[ 1752.533877][ T1583] BTRFS warning (device loop1 state S): checksum verify failed on logical 1052672 mirror 1 wanted 0x37e030f7 found 0x4e035593 level 0, ignored
[ 1752.603008][T12659] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6667: Corrupt filesystem
[ 1752.612470][T12655] loop9: detected capacity change from 0 to 32768
[ 1752.626105][T23932] BTRFS warning (device loop1 state S): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0xbeadaddc level 0, ignored
[ 1752.669396][T12659] EXT4-fs error (device loop5): ext4_free_branches:1020: inode #13: comm syz.5.16595: invalid indirect mapped block 65280 (level 0)
[ 1752.687382][ T7469] BTRFS warning (device loop1 state S): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0x48746f3c level 0, ignored
[ 1752.726442][T12655] read_mapping_page failed!
[ 1752.731394][T12655] ERROR: (device loop9): txAbort: 
[ 1752.731394][T12655] 
[ 1752.742346][T12659] EXT4-fs error (device loop5): ext4_clear_blocks:874: inode #13: comm syz.5.16595: attempt to clear invalid blocks 33619980 len 1
[ 1752.760037][ T7469] BTRFS warning (device loop1 state S): checksum verify failed on logical 5328896 mirror 1 wanted 0x51ec978b found 0x49206b5e level 0, ignored
[ 1752.801799][T12659] EXT4-fs error (device loop5): ext4_free_branches:1020: inode #13: comm syz.5.16595: invalid indirect mapped block 1819239214 (level 0)
[ 1752.849969][T12637] BTRFS info (device loop1 state S): bdev /dev/loop1 errs: wr 0, rd 0, flush 0, corrupt 7, gen 0
[ 1752.868196][T12641] loop4: detected capacity change from 0 to 40427
[ 1752.888728][T12659] EXT4-fs error (device loop5): ext4_free_branches:1020: inode #13: comm syz.5.16595: invalid indirect mapped block 1819239214 (level 1)
[ 1752.917805][T23932] read_mapping_page failed!
[ 1752.922362][T23932] ERROR: (device loop9): txAbort: 
[ 1752.922362][T23932] 
[ 1752.941702][T12637] BTRFS info (device loop1 state S): enabling ssd optimizations
[ 1752.968422][T23932] jfs_write_inode: jfs_commit_inode failed!
[ 1752.976567][T12637] BTRFS info (device loop1 state S): disabling tree log
[ 1752.990427][T12641] F2FS-fs (loop4): invalid crc value
[ 1753.015433][T12637] BTRFS info (device loop1 state S): turning on flush-on-commit
[ 1753.053787][T12659] EXT4-fs (loop5): 1 orphan inode deleted
[ 1753.075113][T12637] BTRFS info (device loop1 state S): enabling free space tree
[ 1753.083090][T12637] BTRFS info (device loop1 state S): ignoring meta csums
[ 1753.101672][T12659] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1753.161872][T12637] BTRFS info (device loop1 state S): use zlib compression, level 3
[ 1753.197266][ T1583] BTRFS warning (device loop1 state S): checksum verify failed on logical 5308416 mirror 1 wanted 0xe1d58233 found 0x9b2456e4 level 0, ignored
[ 1753.264574][T12653] loop6: detected capacity change from 0 to 32768
[ 1753.346324][T12653] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.16592 (12653)
[ 1753.392174][T12641] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[ 1753.430706][T12653] BTRFS info (device loop6): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 1753.446110][ T6101] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1753.463497][T12641] F2FS-fs (loop4): Start checkpoint disabled!
[ 1753.483787][T12641] F2FS-fs (loop4): f2fs_disable_checkpoint() finish, err:0
[ 1753.496596][T12653] BTRFS info (device loop6): using sha256 (sha256-lib) checksum algorithm
[ 1753.539031][T12641] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[ 1753.555358][T12651] loop8: detected capacity change from 0 to 32768
[ 1753.753968][T12651] XFS (loop8): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1753.910675][T12653] BTRFS info (device loop6): enabling ssd optimizations
[ 1753.968648][T12653] BTRFS info (device loop6): turning on async discard
[ 1754.011060][T12653] BTRFS info (device loop6): enabling free space tree
[ 1754.125825][T12651] XFS (loop8): Ending clean mount
[ 1754.183798][T12651] XFS (loop8): Quotacheck needed: Please wait.
[ 1754.351738][T12651] XFS (loop8): Quotacheck: Done.
[ 1754.439001][T21590] BTRFS info (device loop6): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 1754.570288][ T6107] BTRFS info (device loop1 state S): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1754.623581][T26577] XFS (loop8): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1755.398757][ T1024] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1755.647635][T12712] loop9: detected capacity change from 0 to 32768
[ 1755.767168][T12712] XFS (loop9): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1756.027790][T12712] XFS (loop9): Ending clean mount
[ 1756.050702][T12712] XFS (loop9): Quotacheck needed: Please wait.
[ 1756.087225][ T1024] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1756.193053][T12712] XFS (loop9): Quotacheck: Done.
[ 1756.195074][T12735] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1756.541461][ T6326] usb 9-1: new high-speed USB device number 34 using dummy_hcd
[ 1756.581680][T32149] XFS (loop9): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1756.690541][T12743] netlink: 8 bytes leftover after parsing attributes in process `syz.6.16612'.
[ 1756.756763][ T1024] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1756.801919][ T6326] usb 9-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1756.844006][ T6326] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1756.852951][ T6326] usb 9-1: Product: syz
[ 1756.857324][ T6326] usb 9-1: Manufacturer: syz
[ 1756.863420][ T6326] usb 9-1: SerialNumber: syz
[ 1756.875511][ T6326] usb 9-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1756.912724][T32670] usb 9-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1757.107896][ T1024] bridge0: port 4(netdevsim0) entered disabled state
[ 1757.313405][ T1024] bridge0: port 4(netdevsim0) entered disabled state
[ 1757.437009][ T1024] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1757.441311][   T24] usb 9-1: USB disconnect, device number 34
[ 1757.522978][T11839] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1757.555799][T11839] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1757.567373][T11839] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1757.581647][T11839] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1757.598828][T11839] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1757.613775][T12756] netlink: 65039 bytes leftover after parsing attributes in process `syz.6.16621'.
[ 1757.616370][T12760] UHID_CREATE from different security context by process 5509 (syz.4.16620), this is not allowed.
[ 1757.702708][T26579] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1757.710318][T26579] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1757.718256][T26579] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1757.726678][T26579] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1757.734749][T26579] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1757.752694][T12762] loop9: detected capacity change from 0 to 16
[ 1757.936616][T12754] lo speed is unknown, defaulting to 1000
[ 1758.065097][T12762] erofs (device loop9): bogus i_mode (0) @ nid 58320
[ 1758.137507][T32670] ath9k_htc 9-1:1.0: ath9k_htc: Target is unresponsive
[ 1758.170995][T32670] ath9k_htc: Failed to initialize the device
[ 1758.200440][   T24] usb 9-1: ath9k_htc: USB layer deinitialized
[ 1758.664888][T12781] loop8: detected capacity change from 0 to 128
[ 1758.806106][T12786] loop5: detected capacity change from 0 to 512
[ 1758.847257][T12786] EXT4-fs: inline encryption not supported
[ 1758.865592][T12786] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[ 1758.978785][T12786] EXT4-fs (loop5): 1 truncate cleaned up
[ 1758.981012][T12786] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1759.349843][ T6101] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1760.000126][T11839] Bluetooth: hci2: command tx timeout
[ 1760.483005][T12813] loop9: detected capacity change from 0 to 128
[ 1760.511185][T12813] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=256, location=256
[ 1760.548501][T12813] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1760.878411][T12817] [U] 
[ 1760.882201][T12817] [U] 
[ 1760.885053][T12817] [U] 
[ 1760.888012][T12817] [U] 
[ 1760.890772][T12817] [U] 
[ 1760.893535][T12817] [U] 
[ 1760.896436][T12817] [U] 
[ 1760.901144][T12817] [U] 
[ 1760.918468][T12817] [U] 
[ 1760.921654][T12817] [U] 
[ 1760.924379][T12817] [U] 
[ 1760.963336][T12816] [U] 
[ 1761.106928][T12819] loop9: detected capacity change from 0 to 512
[ 1761.198626][T12819] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1761.211670][T12819] ext4 filesystem being mounted at /899/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1761.291374][T32149] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1761.935781][ T1024] team0: Port device geneve0 removed
[ 1762.230884][T11839] Bluetooth: hci2: command tx timeout
[ 1762.291683][ T1024] bond0 (unregistering): Released all slaves
[ 1762.555185][ T1024] bond1 (unregistering): Released all slaves
[ 1762.572103][ T1024] bond2 (unregistering): Released all slaves
[ 1762.591037][ T1024] bond3 (unregistering): Released all slaves
[ 1762.762012][ T1024] bond4 (unregistering): Released all slaves
[ 1762.907663][T12823] pimreg: entered allmulticast mode
[ 1762.940607][T12824] pimreg: left allmulticast mode
[ 1763.665805][T12843] netlink: 8 bytes leftover after parsing attributes in process `syz.6.16657'.
[ 1763.913981][T12754] chnl_net:caif_netlink_parms(): no params data found
[ 1763.964474][T12854] tmpfs: Cannot change global quota limit on remount
[ 1764.038401][T12856] netlink: 8 bytes leftover after parsing attributes in process `syz.5.16660'.
[ 1764.447574][T11839] Bluetooth: hci2: command tx timeout
[ 1765.041938][T12754] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1765.107503][T12754] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1765.114867][T12754] bridge_slave_0: entered allmulticast mode
[ 1765.178110][T12754] bridge_slave_0: entered promiscuous mode
[ 1765.211679][T12754] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1765.230422][T12754] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1765.262030][T12754] bridge_slave_1: entered allmulticast mode
[ 1765.295118][T12754] bridge_slave_1: entered promiscuous mode
[ 1765.323490][T12894] loop9: detected capacity change from 0 to 1764
[ 1765.386086][   T24] usb 6-1: new full-speed USB device number 52 using dummy_hcd
[ 1765.398315][T12898] loop6: detected capacity change from 0 to 128
[ 1765.496820][T12898] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[ 1765.562835][T12898] ext4 filesystem being mounted at /1629/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[ 1765.612154][   T24] usb 6-1: config 150 has an invalid interface number: 204 but max is 2
[ 1765.621346][   T24] usb 6-1: config 150 has an invalid descriptor of length 0, skipping remainder of the config
[ 1765.631793][   T24] usb 6-1: config 150 has 1 interface, different from the descriptor's value: 3
[ 1765.640874][   T24] usb 6-1: config 150 has no interface number 0
[ 1765.673996][   T24] usb 6-1: config 150 interface 204 has no altsetting 0
[ 1765.685987][   T24] usb 6-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb
[ 1765.695090][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1765.728000][   T24] usb 6-1: Product: syz
[ 1765.732258][   T24] usb 6-1: Manufacturer: syz
[ 1765.736963][   T24] usb 6-1: SerialNumber: syz
[ 1765.787697][T12754] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1765.944327][T12904] loop4: detected capacity change from 0 to 1024
[ 1766.028848][T21590] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 1766.042270][T12903] loop8: detected capacity change from 0 to 4096
[ 1766.084796][T12903] ntfs3(loop8): Different NTFS sector size (2048) and media sector size (512).
[ 1766.096170][   T24] usb 6-1: USB disconnect, device number 52
[ 1766.181112][T12754] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1766.309826][T12903] ntfs3(loop8): Failed to initialize $Extend/$ObjId.
[ 1766.358091][T12903] ntfs3(loop8): ino=1e, mi_enum_attr
[ 1766.441196][T12911] netlink: 8 bytes leftover after parsing attributes in process `syz.9.16679'.
[ 1766.565667][T12754] team0: Port device team_slave_0 added
[ 1766.671992][T11839] Bluetooth: hci2: command tx timeout
[ 1766.748868][T12754] team0: Port device team_slave_1 added
[ 1766.882943][ T6248] usb 7-1: new full-speed USB device number 53 using dummy_hcd
[ 1767.075771][ T6248] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1767.098320][T12924] program syz.9.16686 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1767.111675][ T6248] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[ 1767.125907][ T6248] usb 7-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00
[ 1767.138299][T12754] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1767.169899][T12754] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1767.196715][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1767.204810][ T6248] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1767.222459][ T6248] usb 7-1: config 0 descriptor??
[ 1767.293306][T12754] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1767.365475][T12754] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1767.383895][T12754] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1767.519466][T12754] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1767.595970][T12935] tipc: Started in network mode
[ 1767.609635][T12935] tipc: Node identity ac14140f, cluster identity 4711
[ 1767.618037][T12935] tipc: New replicast peer: 255.255.255.255
[ 1767.647875][T12935] tipc: Enabled bearer <udp:syz2>, priority 10
[ 1767.669262][T12939] loop5: detected capacity change from 0 to 64
[ 1767.703872][ T6248] holtek 0003:1241:5015.0002: item fetching failed at offset 2/5
[ 1767.739113][ T6248] holtek 0003:1241:5015.0002: parse failed
[ 1767.774582][ T6248] holtek 0003:1241:5015.0002: probe with driver holtek failed with error -22
[ 1767.952828][   T24] usb 7-1: USB disconnect, device number 53
[ 1768.054078][ T1024] hsr_slave_0: left promiscuous mode
[ 1768.084657][ T1024] hsr_slave_1: left promiscuous mode
[ 1768.121031][T11335] IPVS: starting estimator thread 0...
[ 1768.219156][ T1024] veth0_vlan: left promiscuous mode
[ 1768.229742][T12947] IPVS: using max 26 ests per chain, 62400 per kthread
[ 1768.424895][T11335] usb 10-1: new high-speed USB device number 22 using dummy_hcd
[ 1768.474172][T12955] loop8: detected capacity change from 0 to 4096
[ 1768.605165][T11335] usb 10-1: Using ep0 maxpacket: 16
[ 1768.638736][T11335] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1768.690527][T11335] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1768.731971][T11335] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1768.808591][T11335] usb 10-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[ 1768.841951][   T24] tipc: Node number set to 2886997007
[ 1768.871873][T11335] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1768.873398][T12966] loop4: detected capacity change from 0 to 512
[ 1768.909975][T11335] usb 10-1: config 0 descriptor??
[ 1768.946010][T12966] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[ 1769.041616][T12966] EXT4-fs (loop4): 1 truncate cleaned up
[ 1769.093564][T12966] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1769.156867][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[ 1769.337101][ T1024] pim6reg (unregistering): left allmulticast mode
[ 1769.383581][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1769.402085][ T6109] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1769.473217][T11335] shield 0003:0955:7214.0003: item fetching failed at offset 4/5
[ 1769.497408][T11335] shield 0003:0955:7214.0003: Parse failed
[ 1769.547792][T11335] shield 0003:0955:7214.0003: probe with driver shield failed with error -22
[ 1769.606143][T12983] loop4: detected capacity change from 0 to 128
[ 1769.672411][T12983] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[ 1769.698690][T11335] usb 10-1: USB disconnect, device number 22
[ 1769.724373][T12983] ext4 filesystem being mounted at /2753/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[ 1770.012951][ T6109] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 1770.201734][T12981] loop6: detected capacity change from 0 to 32768
[ 1770.257216][T12981] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[ 1770.534772][T21590] ocfs2: Unmounting device (7,6) on (node local)
[ 1770.696572][T32670] IPVS: starting estimator thread 0...
[ 1770.796990][T12997] IPVS: using max 25 ests per chain, 60000 per kthread
[ 1770.925391][ T6248] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[ 1771.148706][ T6248] usb 5-1: Using ep0 maxpacket: 8
[ 1771.157405][ T6248] usb 5-1: config 2 has an invalid interface number: 31 but max is 0
[ 1771.166672][ T6248] usb 5-1: config 2 has no interface number 0
[ 1771.173377][ T6248] usb 5-1: config 2 interface 31 has no altsetting 0
[ 1771.206342][ T6248] usb 5-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f
[ 1771.216882][ T6248] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1771.226307][ T6248] usb 5-1: Product: syz
[ 1771.230139][T12992] loop9: detected capacity change from 0 to 32768
[ 1771.236685][ T6248] usb 5-1: Manufacturer: syz
[ 1771.242821][ T6248] usb 5-1: SerialNumber: syz
[ 1771.314168][T12992] XFS (loop9): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1771.414016][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1771.530759][T12992] XFS (loop9): Ending clean mount
[ 1771.637669][T32149] XFS (loop9): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1771.986891][ T6248] ch9200 5-1:2.31: probe with driver ch9200 failed with error -22
[ 1772.007696][ T6248] usb 5-1: USB disconnect, device number 12
[ 1772.534065][T12754] hsr_slave_0: entered promiscuous mode
[ 1772.541493][T12754] hsr_slave_1: entered promiscuous mode
[ 1772.548357][T12754] debugfs: 'hsr0' already exists in 'hsr'
[ 1772.554587][T12754] Cannot create hsr debugfs directory
[ 1772.561413][T12968] tipc: MTU too low for tipc bearer
[ 1772.851839][T13019] nbd: must specify an index to disconnect
[ 1773.008599][T11335] libceph: connect (1)[c::]:6789 error -101
[ 1773.033427][T11335] libceph: mon0 (1)[c::]:6789 connect error
[ 1773.043149][T13026] loop6: detected capacity change from 0 to 512
[ 1773.064699][T13026] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[ 1773.089502][T11335] libceph: connect (1)[c::]:6789 error -101
[ 1773.096067][T11335] libceph: mon0 (1)[c::]:6789 connect error
[ 1773.162733][T13026] EXT4-fs (loop6): 1 truncate cleaned up
[ 1773.200760][T13026] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1773.389632][T13036] loop5: detected capacity change from 0 to 512
[ 1773.403359][T11335] libceph: connect (1)[c::]:6789 error -101
[ 1773.409864][T11335] libceph: mon0 (1)[c::]:6789 connect error
[ 1773.521593][T13036] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1773.575801][T21590] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1773.597859][T13036] ext4 filesystem being mounted at /2863/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1773.804524][T13022] ceph: No mds server is up or the cluster is laggy
[ 1774.128294][ T6101] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1774.194004][T13047] loop8: detected capacity change from 0 to 2048
[ 1774.246200][T13047] NILFS (loop8): broken superblock, retrying with spare superblock (blocksize = 1024)
[ 1774.329074][ T6072] udevd[6072]: incorrect nilfs2 checksum on /dev/loop8
[ 1774.362987][T13055] NILFS (loop8): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1774.682923][T13060] netlink: 8 bytes leftover after parsing attributes in process `syz.4.16724'.
[ 1774.754656][T13060] netlink: 4 bytes leftover after parsing attributes in process `syz.4.16724'.
[ 1774.798644][T13060] netlink: 'syz.4.16724': attribute type 11 has an invalid length.
[ 1774.848555][T13060] netlink: 'syz.4.16724': attribute type 12 has an invalid length.
[ 1774.891257][T13065] xt_time: invalid argument - start or stop time greater than 23:59:59
[ 1774.923513][T13069] loop8: detected capacity change from 0 to 256
[ 1774.984153][T13069] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0x987a2e96, utbl_chksum : 0xe619d30d)
[ 1775.093843][T13069] exFAT-fs (loop8): start_clu is invalid cluster(0x0)
[ 1775.149579][   T30] audit: type=1800 audit(2000000035.230:2316): pid=13069 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.16726" name="file1" dev="loop8" ino=1048874 res=0 errno=0
[ 1775.827672][T13083] tipc: Started in network mode
[ 1775.832785][T13083] tipc: Node identity ac14140f, cluster identity 4711
[ 1775.863691][T13083] tipc: New replicast peer: 255.255.255.255
[ 1775.900354][T13083] tipc: Enabled bearer <udp:syz2>, priority 10
[ 1776.025765][T13086] loop9: detected capacity change from 0 to 1024
[ 1776.330946][   T50] hfsplus: b-tree write err: -5, ino 4
[ 1776.598782][T13077] loop5: detected capacity change from 0 to 32768
[ 1776.640292][T13077] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.16731 (13077)
[ 1776.701646][T12754] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1776.724608][T13077] BTRFS info (device loop5 state S): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1776.771650][T13077] BTRFS info (device loop5 state S): using crc32c (crc32c-lib) checksum algorithm
[ 1776.787535][T12754] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1776.857181][T12754] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1776.858925][T13078] loop4: detected capacity change from 0 to 32768
[ 1776.928242][T13078] (syz.4.16732,13078,1):ocfs2_block_check_validate:400 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[ 1776.999326][T23932] BTRFS warning (device loop5 state S): checksum verify failed on logical 1052672 mirror 1 wanted 0x37e030f7 found 0x4e035593 level 0, ignored
[ 1777.018700][T12754] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1777.065008][T13078] (syz.4.16732,13078,0):ocfs2_block_check_validate:400 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[ 1777.080860][ T4578] BTRFS warning (device loop5 state S): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0xbeadaddc level 0, ignored
[ 1777.109250][T32670] tipc: Node number set to 2886997007
[ 1777.271605][T13078] JBD2: Ignoring recovery information on journal
[ 1777.289338][ T4578] BTRFS warning (device loop5 state S): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0x48746f3c level 0, ignored
[ 1777.394272][T12754] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1777.467746][T23929] BTRFS warning (device loop5 state S): checksum verify failed on logical 5328896 mirror 1 wanted 0x51ec978b found 0x49206b5e level 0, ignored
[ 1777.528559][T12754] 8021q: adding VLAN 0 to HW filter on device team0
[ 1777.585823][T13077] BTRFS info (device loop5 state S): bdev /dev/loop5 errs: wr 0, rd 0, flush 0, corrupt 7, gen 0
[ 1777.597364][T13078] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[ 1777.616929][   T50] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1777.624226][   T50] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1777.717248][T13077] BTRFS info (device loop5 state S): enabling ssd optimizations
[ 1777.766808][ T4578] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1777.774385][ T4578] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1777.783151][T13077] BTRFS info (device loop5 state S): disabling tree log
[ 1777.806604][T13077] BTRFS info (device loop5 state S): turning on flush-on-commit
[ 1777.855836][T13077] BTRFS info (device loop5 state S): enabling free space tree
[ 1777.909478][T13077] BTRFS info (device loop5 state S): ignoring meta csums
[ 1777.952929][T13077] BTRFS info (device loop5 state S): use zlib compression, level 3
[ 1777.963874][T23929] BTRFS warning (device loop5 state S): checksum verify failed on logical 5308416 mirror 1 wanted 0xe1d58233 found 0x9b2456e4 level 0, ignored
[ 1778.042194][T12754] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1778.057620][T13088] loop8: detected capacity change from 0 to 32768
[ 1778.081321][T13078] (syz.4.16732,13078,0):ocfs2_check_set_options:1244 ERROR: Invalid heartbeat mount options
[ 1778.128805][T13088] XFS (loop8): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[ 1778.233571][T13088] XFS (loop8): Ending clean mount
[ 1778.249598][T13088] XFS (loop8): Quotacheck needed: Please wait.
[ 1778.494860][T13088] XFS (loop8): Quotacheck: Done.
[ 1778.501922][ T6109] ocfs2: Unmounting device (7,4) on (node local)
[ 1778.562043][T13151] netlink: 8 bytes leftover after parsing attributes in process `syz.9.16746'.
[ 1778.617593][T13151] netlink: 20 bytes leftover after parsing attributes in process `syz.9.16746'.
[ 1778.897150][T26577] XFS (loop8): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[ 1779.170144][T12754] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1779.194026][ T6101] BTRFS info (device loop5 state S): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1779.539048][ T1024] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[ 1780.187530][T11335] usb 9-1: new high-speed USB device number 35 using dummy_hcd
[ 1780.203491][ T1024] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[ 1780.307308][T12754] veth0_vlan: entered promiscuous mode
[ 1780.352003][T11335] usb 9-1: Using ep0 maxpacket: 16
[ 1780.413651][T11335] usb 9-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5
[ 1780.426934][T11335] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1780.438761][ T1024] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[ 1780.451934][T11335] usb 9-1: Product: syz
[ 1780.456502][T11335] usb 9-1: Manufacturer: syz
[ 1780.465834][T11335] usb 9-1: SerialNumber: syz
[ 1780.509279][T11335] usb 9-1: config 0 descriptor??
[ 1780.532387][T11335] visor 9-1:0.0: Sony Clie 3.5 converter detected
[ 1780.604506][T12754] veth1_vlan: entered promiscuous mode
[ 1780.796238][ T1024] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[ 1780.997682][T12754] veth0_macvtap: entered promiscuous mode
[ 1781.011638][T11335] usb 9-1: Sony Clie 3.5 converter now attached to ttyUSB0
[ 1781.061440][T12754] veth1_macvtap: entered promiscuous mode
[ 1781.164810][T12754] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1781.227378][T12754] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1781.263934][   T43] usb 9-1: USB disconnect, device number 35
[ 1781.360327][   T43] clie_3.5 ttyUSB0: Sony Clie 3.5 converter now disconnected from ttyUSB0
[ 1781.396873][   T43] visor 9-1:0.0: device disconnected
[ 1781.409357][ T4578] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1781.449517][ T4578] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1781.480780][ T4578] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1781.561961][ T4578] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1781.638782][T13200] loop4: detected capacity change from 0 to 256
[ 1781.790833][T13200] FAT-fs (loop4): Directory bread(block 64) failed
[ 1781.847715][T13200] FAT-fs (loop4): Directory bread(block 65) failed
[ 1781.898804][T13200] FAT-fs (loop4): Directory bread(block 66) failed
[ 1781.920813][T13200] FAT-fs (loop4): Directory bread(block 67) failed
[ 1781.943532][T13200] FAT-fs (loop4): Directory bread(block 68) failed
[ 1781.950743][T13200] FAT-fs (loop4): Directory bread(block 69) failed
[ 1781.989316][ T1024] bridge0: port 3(batadv0) entered disabled state
[ 1782.016418][T13200] FAT-fs (loop4): Directory bread(block 70) failed
[ 1782.039017][ T1024] bridge_slave_1: left allmulticast mode
[ 1782.044832][ T1024] bridge_slave_1: left promiscuous mode
[ 1782.053451][T26579] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1782.075250][T26579] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1782.080769][T13200] FAT-fs (loop4): Directory bread(block 71) failed
[ 1782.089994][T26579] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1782.105155][ T1024] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1782.118862][T26579] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1782.129774][T26579] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1782.137937][T13200] FAT-fs (loop4): Directory bread(block 72) failed
[ 1782.223543][T13200] FAT-fs (loop4): Directory bread(block 73) failed
[ 1782.233316][ T1024] bridge_slave_0: left allmulticast mode
[ 1782.251582][ T1024] bridge_slave_0: left promiscuous mode
[ 1782.257451][ T1024] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1782.291104][T13212] loop8: detected capacity change from 0 to 1024
[ 1782.382890][T13212] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1782.652547][T26577] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1782.826410][T13197] loop9: detected capacity change from 0 to 32768
[ 1783.546058][T13238] Bluetooth: MGMT ver 1.23
[ 1783.761374][T32670] libceph: connect (1)[c::]:6789 error -101
[ 1783.773302][T32670] libceph: mon0 (1)[c::]:6789 connect error
[ 1784.061848][T32670] libceph: connect (1)[c::]:6789 error -101
[ 1784.076485][T32670] libceph: mon0 (1)[c::]:6789 connect error
[ 1784.146700][T13255] loop4: detected capacity change from 0 to 512
[ 1784.217745][T13254] loop9: detected capacity change from 0 to 4096
[ 1784.228312][T13255] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1784.241425][T13255] ext4 filesystem being mounted at /2769/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1784.270415][T13255] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #2: comm syz.4.16775: corrupted inode contents
[ 1784.293465][T13255] EXT4-fs error (device loop4): ext4_dirty_inode:6517: inode #2: comm syz.4.16775: mark_inode_dirty error
[ 1784.307737][T13254] ntfs3(loop9): Different NTFS sector size (4096) and media sector size (512).
[ 1784.327383][T13255] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #2: comm syz.4.16775: corrupted inode contents
[ 1784.340405][T13259] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #2: comm syz.4.16775: corrupted inode contents
[ 1784.399815][T11839] Bluetooth: hci0: command tx timeout
[ 1784.412505][T13259] EXT4-fs error (device loop4): ext4_dirty_inode:6517: inode #2: comm syz.4.16775: mark_inode_dirty error
[ 1784.464536][T13259] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #2: comm syz.4.16775: corrupted inode contents
[ 1784.600671][T13242] ceph: No mds server is up or the cluster is laggy
[ 1784.637254][T32670] libceph: connect (1)[c::]:6789 error -101
[ 1784.643583][T32670] libceph: mon0 (1)[c::]:6789 connect error
[ 1784.760514][ T6109] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1785.295311][T13276] loop9: detected capacity change from 0 to 64
[ 1785.332879][   T43] usb 9-1: new high-speed USB device number 36 using dummy_hcd
[ 1785.422064][T13278] loop4: detected capacity change from 0 to 256
[ 1785.441539][T13278] exfat: Deprecated parameter 'namecase'
[ 1785.479044][T13278] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xf4419509, utbl_chksum : 0xe619d30d)
[ 1785.527752][   T43] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1785.545716][   T43] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1785.609971][   T43] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1785.631626][   T43] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1785.664266][   T43] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1785.714992][   T43] usb 9-1: config 0 descriptor??
[ 1785.921816][ T6326] usb 10-1: new high-speed USB device number 23 using dummy_hcd
[ 1786.147101][ T6326] usb 10-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1786.176624][ T6326] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1786.189474][ T6326] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1786.202944][ T6326] usb 10-1: New USB device found, idVendor=1044, idProduct=7a4d, bcdDevice= 0.00
[ 1786.213514][ T6326] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1786.324180][ T6326] usb 10-1: config 0 descriptor??
[ 1786.377365][   T43] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0
[ 1786.412764][   T43] usb 9-1: USB disconnect, device number 36
[ 1786.616199][T11839] Bluetooth: hci0: command tx timeout
[ 1786.630735][T13283] fido_id[13283]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.8/usb9/report_descriptor': No such file or directory
[ 1786.793767][ T6326] waterforce 0003:1044:7A4D.0005: unexpected long global item
[ 1786.811146][ T6326] waterforce 0003:1044:7A4D.0005: hid parse failed with -22
[ 1786.819257][ T6326] waterforce 0003:1044:7A4D.0005: probe with driver waterforce failed with error -22
[ 1786.823904][T13282] loop4: detected capacity change from 0 to 40427
[ 1786.882317][T13282] F2FS-fs (loop4): invalid crc value
[ 1787.055357][T26663] usb 10-1: USB disconnect, device number 23
[ 1787.094161][T13282] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[ 1787.142136][T13282] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[ 1788.045730][ T1024] dvmrp0 (unregistering): left allmulticast mode
[ 1788.191042][T13290] loop9: detected capacity change from 0 to 32768
[ 1788.234015][T13290] ocfs2: Mounting device (7,9) on (node local, slot 0) with ordered data mode.
[ 1788.294258][ T6326] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[ 1788.386600][T32149] ocfs2: Unmounting device (7,9) on (node local)
[ 1788.465436][ T6326] usb 5-1: Using ep0 maxpacket: 16
[ 1788.480370][ T6326] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1788.494979][ T6326] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1788.505286][ T6326] usb 5-1: New USB device found, idVendor=0853, idProduct=0148, bcdDevice= 0.00
[ 1788.516298][ T6326] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1788.538416][ T6326] usb 5-1: config 0 descriptor??
[ 1788.663070][T13296] loop9: detected capacity change from 0 to 64
[ 1788.859040][T11839] Bluetooth: hci0: command tx timeout
[ 1788.905816][ T1024] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1788.929772][ T1024] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1788.946213][ T1024] bond0 (unregistering): (slave dummy0): Releasing backup interface
[ 1788.964326][ T1024] bond0 (unregistering): (slave batadv_slave_0): Releasing backup interface
[ 1788.977141][ T1024] bond0 (unregistering): Released all slaves
[ 1789.002459][ T6326] hid_parser_main: 33 callbacks suppressed
[ 1789.002492][ T6326] topre 0003:0853:0148.0006: unknown main item tag 0x1
[ 1789.017042][ T6326] topre 0003:0853:0148.0006: item fetching failed at offset 8/164
[ 1789.026590][ T6326] topre 0003:0853:0148.0006: probe with driver topre failed with error -22
[ 1789.029639][ T1024] bond1 (unregistering): Released all slaves
[ 1789.218511][T32670] usb 5-1: USB disconnect, device number 13
[ 1789.252469][ T1024] bond2 (unregistering): Released all slaves
[ 1789.283852][ T1024] bond3 (unregistering): Released all slaves
[ 1789.315119][T13298] loop9: detected capacity change from 0 to 32768
[ 1789.398617][T13298] XFS (loop9): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[ 1789.473142][T13298] XFS (loop9): Ending clean mount
[ 1789.509229][T13298] XFS (loop9): Quotacheck needed: Please wait.
[ 1789.636235][T13298] XFS (loop9): Quotacheck: Done.
[ 1789.723373][ T1024] bond4 (unregistering): Released all slaves
[ 1789.745874][ T1024] bond5 (unregistering): Released all slaves
[ 1789.764173][T32149] XFS (loop9): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[ 1789.766299][ T1024] bond6 (unregistering): Released all slaves
[ 1789.870942][T23932] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1789.900722][T23932] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1790.288784][ T4578] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1790.288864][ T4578] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1790.290472][T13203] lo speed is unknown, defaulting to 1000
[ 1790.896803][T13321] loop8: detected capacity change from 0 to 2048
[ 1790.917326][T13321] UDF-fs: error (device loop8): udf_read_tagged: read failed, block=18576, location=18576
[ 1790.950702][T13321] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1791.075000][T11839] Bluetooth: hci0: command tx timeout
[ 1792.198718][ T6326] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[ 1792.311450][T13352] loop9: detected capacity change from 0 to 1024
[ 1792.384947][ T6326] usb 1-1: Using ep0 maxpacket: 32
[ 1792.405441][ T6326] usb 1-1: New USB device found, idVendor=0fe9, idProduct=d501, bcdDevice=23.50
[ 1792.405491][ T6326] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1792.405528][ T6326] usb 1-1: Product: syz
[ 1792.405555][ T6326] usb 1-1: Manufacturer: syz
[ 1792.405584][ T6326] usb 1-1: SerialNumber: syz
[ 1792.409276][ T6326] usb 1-1: config 0 descriptor??
[ 1792.414199][ T6326] dvb-usb: found a 'DViCO FusionHDTV5 USB Gold' in warm state.
[ 1792.414259][ T6326] dvb-usb: bulk message failed: -22 (2/0)
[ 1792.420154][ T6326] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1792.488121][ T6326] dvbdev: DVB: registering new adapter (DViCO FusionHDTV5 USB Gold)
[ 1792.488220][ T6326] usb 1-1: media controller created
[ 1792.572422][ T6326] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1792.614372][ T1159] hfsplus: b-tree write err: -5, ino 4
[ 1792.639138][T13348] dvb-usb: bulk message failed: -22 (3/0)
[ 1792.669211][T13355] loop6: detected capacity change from 0 to 4096
[ 1792.687640][T13355] ntfs3(loop6): Different NTFS sector size (4096) and media sector size (512).
[ 1792.778718][ T6326] usb 1-1: selecting invalid altsetting 7
[ 1792.778751][ T6326] cxusb: set interface failed
[ 1792.778770][ T6326] dvb-usb: bulk message failed: -22 (1/0)
[ 1792.843794][T13361] netlink: 8 bytes leftover after parsing attributes in process `syz.9.16807'.
[ 1792.843840][T13361] netlink: 4 bytes leftover after parsing attributes in process `syz.9.16807'.
[ 1792.843883][T13361] netlink: 'syz.9.16807': attribute type 19 has an invalid length.
[ 1792.843910][T13361] netlink: 'syz.9.16807': attribute type 20 has an invalid length.
[ 1793.046363][ T6326] DVB: Unable to find symbol lgdt330x_attach()
[ 1793.046389][ T6326] dvb-usb: no frontend was attached by 'DViCO FusionHDTV5 USB Gold'
[ 1793.171462][ T1024] hsr_slave_0: left promiscuous mode
[ 1793.191958][ T1024] hsr_slave_1: left promiscuous mode
[ 1793.193623][ T1024] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1793.283285][ T1024] veth1_vlan: left allmulticast mode
[ 1793.354614][ T6326] rc_core: IR keymap rc-dvico-portable not found
[ 1793.354643][ T6326] Registered IR keymap rc-empty
[ 1793.356077][ T6326] rc rc0: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0
[ 1793.358526][ T6326] input: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0/input111
[ 1793.439215][ T6326] dvb-usb: schedule remote query interval to 100 msecs.
[ 1793.439249][ T6326] dvb-usb: DViCO FusionHDTV5 USB Gold successfully initialized and connected.
[ 1793.459017][ T6326] usb 1-1: USB disconnect, device number 9
[ 1793.573842][ T5192] udevd[5192]: worker [6072] terminated by signal 33 (Unknown signal 33)
[ 1793.573907][ T5192] udevd[5192]: worker [6072] failed while handling '/devices/virtual/block/loop6'
[ 1793.586071][T13373] netlink: 8 bytes leftover after parsing attributes in process `syz.0.16811'.
[ 1793.586108][T13373] netlink: 4 bytes leftover after parsing attributes in process `syz.0.16811'.
[ 1793.586148][T13373] netlink: 'syz.0.16811': attribute type 14 has an invalid length.
[ 1793.784767][ T6326] dvb-usb: DViCO FusionHDTV5 USB Gold successfully deinitialized and disconnected.
[ 1794.169207][ T1024] team0 (unregistering): Port device macvlan1 removed
[ 1794.267885][T13387] loop4: detected capacity change from 0 to 1024
[ 1794.282837][T13387] EXT4-fs: Ignoring removed nobh option
[ 1794.300673][T13387] EXT4-fs: Ignoring removed bh option
[ 1794.420048][T13387] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1794.521758][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1794.634079][ T6109] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1795.106424][T13406] loop4: detected capacity change from 0 to 64
[ 1795.443100][ T1024] team0 (unregistering): Port device team_slave_1 removed
[ 1795.521659][ T1024] team0 (unregistering): Port device team_slave_0 removed
[ 1796.762642][T13203] chnl_net:caif_netlink_parms(): no params data found
[ 1796.830873][   T24] usb 9-1: new high-speed USB device number 37 using dummy_hcd
[ 1797.010907][   T24] usb 9-1: Using ep0 maxpacket: 32
[ 1797.038216][   T24] usb 9-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[ 1797.053185][   T24] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1797.104251][   T24] usb 9-1: config 0 descriptor??
[ 1797.226622][   T24] gspca_main: nw80x-2.14.0 probing 055f:d001
[ 1797.694697][T13203] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1797.727861][T13203] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1797.752061][T13203] bridge_slave_0: entered allmulticast mode
[ 1797.783948][T13203] bridge_slave_0: entered promiscuous mode
[ 1797.843345][T13203] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1797.856589][T13203] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1797.876387][   T30] audit: type=1326 audit(2000000056.483:2317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13455 comm="syz.4.16834" exe="/root/syz-executor" sig=31 arch=c000003e syscall=39 compat=0 ip=0x7f69d6586567 code=0x0
[ 1797.906505][   T24] gspca_nw80x: reg_w err -71
[ 1797.912869][T13203] bridge_slave_1: entered allmulticast mode
[ 1797.935003][   T24] nw80x 9-1:0.0: probe with driver nw80x failed with error -71
[ 1797.972214][T13203] bridge_slave_1: entered promiscuous mode
[ 1797.987860][   T24] usb 9-1: USB disconnect, device number 37
[ 1798.173079][T13203] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1798.203199][ T1024] IPVS: stop unused estimator thread 0...
[ 1798.223393][T13203] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1798.802155][T13203] team0: Port device team_slave_0 added
[ 1798.844349][T13203] team0: Port device team_slave_1 added
[ 1799.209038][T13203] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1799.242053][T13203] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1799.326262][T13203] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1799.340083][T13203] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1799.347262][T13203] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1799.375066][T13203] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1799.405401][T13479] loop0: detected capacity change from 0 to 1024
[ 1799.448697][T13451] loop6: detected capacity change from 0 to 40427
[ 1799.482009][T13451] F2FS-fs (loop6): Small segment_count (9 < 1 * 24)
[ 1799.488717][T13451] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[ 1799.546075][T13479] hfsplus: bad catalog entry type
[ 1799.652700][T11335] usb 9-1: new full-speed USB device number 38 using dummy_hcd
[ 1799.688408][T13203] hsr_slave_0: entered promiscuous mode
[ 1799.713498][T13203] hsr_slave_1: entered promiscuous mode
[ 1799.721604][T23929] hfsplus: b-tree write err: -5, ino 4
[ 1799.730568][T13203] debugfs: 'hsr0' already exists in 'hsr'
[ 1799.736342][T13203] Cannot create hsr debugfs directory
[ 1799.850203][T11335] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1799.887991][T11335] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1799.945133][T13451] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[ 1799.947100][T11335] usb 9-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[ 1799.982115][T13451] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[ 1800.006574][T13451] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[ 1800.011133][T11335] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1800.049868][T11335] usb 9-1: config 0 descriptor??
[ 1800.142591][   T30] audit: type=1800 audit(2000000058.605:2318): pid=13451 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.16831" name="bus" dev="loop6" ino=10 res=0 errno=0
[ 1800.182692][T13492] netlink: 4 bytes leftover after parsing attributes in process `syz.0.16848'.
[ 1800.192028][ T6326] usb 10-1: new high-speed USB device number 24 using dummy_hcd
[ 1800.253644][T21590] syz-executor: attempt to access beyond end of device
[ 1800.253644][T21590] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1800.281841][T21590] CPU: 1 UID: 0 PID: 21590 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[ 1800.281896][T21590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1800.281919][T21590] Call Trace:
[ 1800.281932][T21590]  <TASK>
[ 1800.281947][T21590]  dump_stack_lvl+0x16c/0x1f0
[ 1800.282001][T21590]  f2fs_handle_critical_error+0x624/0x9f0
[ 1800.282045][T21590]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1800.282091][T21590]  ? f2fs_build_fault_attr+0x53/0x1f0
[ 1800.282162][T21590]  f2fs_write_end_io+0x958/0xcf0
[ 1800.282211][T21590]  ? __pfx_f2fs_write_end_io+0x10/0x10
[ 1800.282262][T21590]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1800.282325][T21590]  ? __pfx_f2fs_write_end_io+0x10/0x10
[ 1800.282368][T21590]  bio_endio+0x713/0x860
[ 1800.282423][T21590]  submit_bio_noacct+0x306/0x1f60
[ 1800.282475][T21590]  __submit_merged_bio+0x33c/0x770
[ 1800.282526][T21590]  __submit_merged_write_cond+0x319/0x3f0
[ 1800.282583][T21590]  f2fs_write_cache_pages+0x2067/0x2570
[ 1800.282664][T21590]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[ 1800.282722][T21590]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1800.282781][T21590]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1800.282823][T21590]  ? __lock_acquire+0x622/0x1c90
[ 1800.282922][T21590]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1800.282964][T21590]  ? find_held_lock+0x2b/0x80
[ 1800.283043][T21590]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1800.283085][T21590]  ? mod_memcg_lruvec_state+0x389/0x5f0
[ 1800.283135][T21590]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1800.283179][T21590]  ? __mod_zone_page_state+0xcc/0x1a0
[ 1800.283224][T21590]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1800.283276][T21590]  f2fs_write_data_pages+0x4ad/0xd90
[ 1800.283341][T21590]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1800.283407][T21590]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1800.283453][T21590]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1800.283504][T21590]  do_writepages+0x27a/0x600
[ 1800.283548][T21590]  ? __pfx_do_writepages+0x10/0x10
[ 1800.283583][T21590]  ? do_raw_spin_unlock+0x172/0x230
[ 1800.283627][T21590]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1800.283671][T21590]  ? _raw_spin_unlock+0x28/0x50
[ 1800.283716][T21590]  filemap_fdatawrite_wbc+0x104/0x160
[ 1800.283759][T21590]  __filemap_fdatawrite_range+0xb9/0x100
[ 1800.283810][T21590]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[ 1800.283919][T21590]  ? find_held_lock+0x2b/0x80
[ 1800.283967][T21590]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1800.284012][T21590]  ? do_raw_spin_unlock+0x172/0x230
[ 1800.284055][T21590]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1800.284106][T21590]  f2fs_sync_dirty_inodes+0x2a2/0x980
[ 1800.284182][T21590]  block_operations+0x2b0/0xfe0
[ 1800.284233][T21590]  ? bpf_ksym_find+0x124/0x1c0
[ 1800.284297][T21590]  ? __pfx_block_operations+0x10/0x10
[ 1800.284351][T21590]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1800.284395][T21590]  ? __kernel_text_address+0xd/0x40
[ 1800.284491][T21590]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1800.284539][T21590]  ? ktime_get+0x200/0x310
[ 1800.284592][T21590]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1800.284635][T21590]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1800.284682][T21590]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1800.284726][T21590]  ? rcu_is_watching+0x12/0xc0
[ 1800.284782][T21590]  f2fs_write_checkpoint+0x32b/0x5300
[ 1800.284867][T21590]  kill_f2fs_super+0x3d6/0x490
[ 1800.284922][T21590]  ? __pfx_kill_f2fs_super+0x10/0x10
[ 1800.284994][T21590]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1800.285054][T21590]  deactivate_locked_super+0xc1/0x1a0
[ 1800.285110][T21590]  deactivate_super+0xde/0x100
[ 1800.285164][T21590]  cleanup_mnt+0x225/0x450
[ 1800.285220][T21590]  task_work_run+0x150/0x240
[ 1800.285263][T21590]  ? __pfx_task_work_run+0x10/0x10
[ 1800.285307][T21590]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1800.285355][T21590]  ? __pfx___x64_sys_umount+0x10/0x10
[ 1800.285424][T21590]  exit_to_user_mode_loop+0xec/0x130
[ 1800.285467][T21590]  do_syscall_64+0x426/0xfa0
[ 1800.285518][T21590]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1800.285555][T21590] RIP: 0033:0x7f5267b909f7
[ 1800.285585][T21590] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 1800.285623][T21590] RSP: 002b:00007ffc26f26758 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 1800.285657][T21590] RAX: 0000000000000000 RBX: 00007f5267c11d7d RCX: 00007f5267b909f7
[ 1800.285682][T21590] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc26f26810
[ 1800.285706][T21590] RBP: 00007ffc26f26810 R08: 0000000000000000 R09: 0000000000000000
[ 1800.285729][T21590] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc26f278a0
[ 1800.285754][T21590] R13: 00007f5267c11d7d R14: 00000000001a0dc8 R15: 00007ffc26f278e0
[ 1800.285806][T21590]  </TASK>
[ 1800.759509][T13482] loop4: detected capacity change from 0 to 32768
[ 1800.773916][ T6326] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1800.801186][ T6326] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1800.802077][T21590] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[ 1800.823635][ T6326] usb 10-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1800.835072][T11335] isku 0003:1E7D:319C.0007: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.8-1/input0
[ 1800.858808][T13482] ERROR: (device loop4): dbAlloc: the hint is outside the map
[ 1800.858808][T13482] 
[ 1800.877755][T13482] ERROR: (device loop4): remounting filesystem as read-only
[ 1800.885609][T13482] ialloc: diAlloc returned -5!
[ 1800.926057][ T6326] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1800.934333][ T6326] usb 10-1: SerialNumber: syz
[ 1801.011541][T11335] isku 0003:1E7D:319C.0007: couldn't init struct isku_device
[ 1801.019447][T11335] isku 0003:1E7D:319C.0007: couldn't install keyboard
[ 1801.039916][T11335] isku 0003:1E7D:319C.0007: probe with driver isku failed with error -71
[ 1801.052713][T11335] usb 9-1: USB disconnect, device number 38
[ 1801.088388][   T24] libceph: connect (1)[c::]:6789 error -101
[ 1801.094658][   T24] libceph: mon0 (1)[c::]:6789 connect error
[ 1801.167528][T13498] fido_id[13498]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.8/usb9/report_descriptor': No such file or directory
[ 1801.323572][ T6326] usb 10-1: 0:2 : does not exist
[ 1801.352217][ T6326] usb 10-1: USB disconnect, device number 24
[ 1801.377886][T11335] libceph: connect (1)[c::]:6789 error -101
[ 1801.385722][T11335] libceph: mon0 (1)[c::]:6789 connect error
[ 1801.546833][ T6415] udevd[6415]: error opening ATTR{/sys/devices/platform/dummy_hcd.9/usb10/10-1/10-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1801.796789][T13495] ceph: No mds server is up or the cluster is laggy
[ 1802.317185][T13509] loop9: detected capacity change from 0 to 4096
[ 1802.413884][T13509] ntfs3(loop9): Mark volume as dirty due to NTFS errors
[ 1802.494375][T13509] ntfs3(loop9): Failed to load $Extend (-22).
[ 1802.531529][T13509] ntfs3(loop9): Failed to initialize $Extend.
[ 1802.929632][T13523] loop8: detected capacity change from 0 to 256
[ 1802.996279][T13203] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1803.058287][T13203] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1803.122525][T13523] FAT-fs (loop8): Directory bread(block 64) failed
[ 1803.152700][T13203] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1803.159625][T13523] FAT-fs (loop8): Directory bread(block 65) failed
[ 1803.179892][T13523] FAT-fs (loop8): Directory bread(block 66) failed
[ 1803.241980][T13523] FAT-fs (loop8): Directory bread(block 67) failed
[ 1803.266751][T13203] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1803.290619][T13523] FAT-fs (loop8): Directory bread(block 68) failed
[ 1803.297785][T13523] FAT-fs (loop8): Directory bread(block 69) failed
[ 1803.353440][T13523] FAT-fs (loop8): Directory bread(block 70) failed
[ 1803.360032][T13523] FAT-fs (loop8): Directory bread(block 71) failed
[ 1803.394244][T13532] loop6: detected capacity change from 0 to 1024
[ 1803.416889][T13523] FAT-fs (loop8): Directory bread(block 72) failed
[ 1803.436224][T13523] FAT-fs (loop8): Directory bread(block 73) failed
[ 1803.538142][T13542] loop4: detected capacity change from 0 to 1024
[ 1803.731110][   T50] hfsplus: b-tree write err: -5, ino 4
[ 1803.812601][T13203] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1803.901478][T13203] 8021q: adding VLAN 0 to HW filter on device team0
[ 1803.924151][T13515] loop0: detected capacity change from 0 to 32768
[ 1804.001491][ T4578] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1804.008755][ T4578] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1804.055537][T13515] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1804.083462][   T50] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1804.090685][   T50] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1804.186390][T13555] loop8: detected capacity change from 0 to 512
[ 1804.342457][T13515] XFS (loop0): Ending clean mount
[ 1804.379533][T13515] XFS (loop0): Quotacheck needed: Please wait.
[ 1804.413751][T13555] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1804.479318][T13555] ext4 filesystem being mounted at /1299/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[ 1804.561969][T13515] XFS (loop0): Quotacheck: Done.
[ 1804.637264][T13555] EXT4-fs error (device loop8): ext4_ext_check_inode:523: inode #2: comm syz.8.16870: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[ 1804.689265][   T30] audit: type=1800 audit(2000000062.850:2319): pid=13515 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.16857" name="bus" dev="loop0" ino=9290 res=0 errno=0
[ 1804.754929][T13555] EXT4-fs (loop8): Remounting filesystem read-only
[ 1804.803367][T12754] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1804.909075][T26577] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1805.252989][T13203] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1805.527816][T13203] veth0_vlan: entered promiscuous mode
[ 1805.598020][T13203] veth1_vlan: entered promiscuous mode
[ 1805.736864][T13203] veth0_macvtap: entered promiscuous mode
[ 1805.804139][T13203] veth1_macvtap: entered promiscuous mode
[ 1805.891633][T13203] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1805.929477][T13203] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1806.039887][T13598] loop9: detected capacity change from 0 to 256
[ 1806.051121][ T1159] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1806.081177][T23929] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1806.092147][ T1024] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1806.103136][ T4578] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1806.142456][T13601] xt_l2tp: wrong L2TP version: 1
[ 1806.161364][T13598] exFAT-fs (loop9): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d)
[ 1806.529672][T23932] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1806.537547][T23932] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1806.659492][T13606] loop6: detected capacity change from 0 to 164
[ 1806.730448][T23932] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1806.768406][T23932] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1807.503765][T13620] mkiss: ax0: crc mode is auto.
[ 1807.660813][T13599] loop0: detected capacity change from 0 to 32768
[ 1807.733935][T13628] loop8: detected capacity change from 0 to 1024
[ 1807.792030][T13599] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[ 1807.945799][T13638] loop6: detected capacity change from 0 to 1024
[ 1807.959483][T23932] hfsplus: b-tree write err: -5, ino 4
[ 1807.986682][T13599] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[ 1808.074956][T13638] hfsplus: Filesystem is marked locked, mounting read-only.
[ 1808.164919][T13599] XFS (loop0): Starting recovery (logdev: internal)
[ 1808.313656][T13599] XFS (loop0): Ending recovery (logdev: internal)
[ 1808.587642][T12754] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[ 1808.679883][T13638] hfsplus: filesystem is marked locked, leaving read-only.
[ 1809.391611][T13665] mkiss: ax0: crc mode is auto.
[ 1809.645951][T13675] loop6: detected capacity change from 0 to 256
[ 1809.656459][T13674] loop3: detected capacity change from 0 to 2048
[ 1809.693375][T13674] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[ 1809.762704][T13679] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1809.904802][T13675] FAT-fs (loop6): Directory bread(block 64) failed
[ 1809.970478][T13675] FAT-fs (loop6): Directory bread(block 65) failed
[ 1810.011556][T13675] FAT-fs (loop6): Directory bread(block 66) failed
[ 1810.050779][T13675] FAT-fs (loop6): Directory bread(block 67) failed
[ 1810.080210][T13675] FAT-fs (loop6): Directory bread(block 68) failed
[ 1810.089398][T13675] FAT-fs (loop6): Directory bread(block 69) failed
[ 1810.146095][T13675] FAT-fs (loop6): Directory bread(block 70) failed
[ 1810.185468][T13675] FAT-fs (loop6): Directory bread(block 71) failed
[ 1810.208876][T13675] FAT-fs (loop6): Directory bread(block 72) failed
[ 1810.238508][T13675] FAT-fs (loop6): Directory bread(block 73) failed
[ 1811.102133][T13702] netlink: 8 bytes leftover after parsing attributes in process `syz.8.16927'.
[ 1811.624646][T13716] loop3: detected capacity change from 0 to 64
[ 1811.865008][T13718] xt_time: unknown flags 0xf4
[ 1812.133832][ T6248] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[ 1812.180635][T13733] syz.8.16941: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1812.235958][T13733] CPU: 0 UID: 0 PID: 13733 Comm: syz.8.16941 Not tainted syzkaller #0 PREEMPT(full) 
[ 1812.236011][T13733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1812.236034][T13733] Call Trace:
[ 1812.236047][T13733]  <TASK>
[ 1812.236062][T13733]  dump_stack_lvl+0x16c/0x1f0
[ 1812.236115][T13733]  warn_alloc+0x248/0x3a0
[ 1812.236169][T13733]  ? __pfx_warn_alloc+0x10/0x10
[ 1812.236217][T13733]  ? __pfx_stack_trace_save+0x10/0x10
[ 1812.236286][T13733]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1812.236339][T13733]  ? kasan_save_stack+0x42/0x60
[ 1812.236395][T13733]  ? kasan_save_stack+0x33/0x60
[ 1812.236449][T13733]  ? kasan_save_track+0x14/0x30
[ 1812.236506][T13733]  ? xskq_create+0x52/0x1d0
[ 1812.236540][T13733]  ? xsk_setsockopt+0x74e/0x9a0
[ 1812.236598][T13733]  ? do_sock_setsockopt+0xf3/0x1d0
[ 1812.236647][T13733]  ? xskq_create+0xfb/0x1d0
[ 1812.236684][T13733]  __vmalloc_node_range_noprof+0xfbc/0x1480
[ 1812.236745][T13733]  ? xskq_create+0xfb/0x1d0
[ 1812.236798][T13733]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1812.236857][T13733]  ? xskq_create+0xfb/0x1d0
[ 1812.236894][T13733]  vmalloc_user_noprof+0x9e/0xe0
[ 1812.236936][T13733]  ? xskq_create+0xfb/0x1d0
[ 1812.236974][T13733]  xskq_create+0xfb/0x1d0
[ 1812.237015][T13733]  xsk_setsockopt+0x74e/0x9a0
[ 1812.237072][T13733]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1812.237113][T13733]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1812.237172][T13733]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1812.237218][T13733]  ? find_held_lock+0x2b/0x80
[ 1812.237271][T13733]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1812.237321][T13733]  ? aa_sock_opt_perm+0xfd/0x1c0
[ 1812.237376][T13733]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1812.237440][T13733]  do_sock_setsockopt+0xf3/0x1d0
[ 1812.237492][T13733]  __sys_setsockopt+0x1a0/0x230
[ 1812.237562][T13733]  __x64_sys_setsockopt+0xbd/0x160
[ 1812.237621][T13733]  ? do_syscall_64+0x91/0xfa0
[ 1812.237666][T13733]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1812.237711][T13733]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1812.237757][T13733]  do_syscall_64+0xcd/0xfa0
[ 1812.237808][T13733]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1812.237846][T13733] RIP: 0033:0x7f7fc798f6c9
[ 1812.237876][T13733] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1812.237914][T13733] RSP: 002b:00007f7fc876e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1812.237950][T13733] RAX: ffffffffffffffda RBX: 00007f7fc7be5fa0 RCX: 00007f7fc798f6c9
[ 1812.237976][T13733] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003
[ 1812.238000][T13733] RBP: 00007f7fc7a11f91 R08: 0000000000000004 R09: 0000000000000000
[ 1812.238025][T13733] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1812.238049][T13733] R13: 00007f7fc7be6038 R14: 00007f7fc7be5fa0 R15: 00007ffd2389b818
[ 1812.238102][T13733]  </TASK>
[ 1812.238116][T13733] Mem-Info:
[ 1812.544933][T13733] active_anon:15548 inactive_anon:0 isolated_anon:0
[ 1812.544933][T13733]  active_file:20210 inactive_file:41253 isolated_file:0
[ 1812.544933][T13733]  unevictable:768 dirty:652 writeback:0
[ 1812.544933][T13733]  slab_reclaimable:10397 slab_unreclaimable:110492
[ 1812.544933][T13733]  mapped:36804 shmem:9646 pagetables:1584
[ 1812.544933][T13733]  sec_pagetables:0 bounce:0
[ 1812.544933][T13733]  kernel_misc_reclaimable:0
[ 1812.544933][T13733]  free:1257065 free_pcp:12571 free_cma:0
[ 1812.593204][ T6248] usb 5-1: Using ep0 maxpacket: 8
[ 1812.604299][T13733] Node 0 active_anon:62292kB inactive_anon:0kB active_file:80840kB inactive_file:164800kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:147216kB dirty:2604kB writeback:0kB shmem:37048kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12644kB pagetables:6268kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1812.606687][ T6248] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1812.650232][T13733] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:212kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:168kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1812.694003][T13733] Node 0 DMA free:15356kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1812.700900][ T6248] usb 5-1: config 4 interface 0 has no altsetting 0
[ 1812.745939][T13733] lowmem_reserve[]: 0 2485 2487 2487 2487
[ 1812.751966][T13733] Node 0 DMA32 free:1125392kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB free_highatomic:0KB active_anon:62292kB inactive_anon:0kB active_file:80840kB inactive_file:164800kB unevictable:1536kB writepending:2604kB zspages:0kB present:3129332kB managed:2544996kB mlocked:0kB bounce:0kB free_pcp:40452kB local_pcp:16928kB free_cma:0kB
[ 1812.819192][T13733] lowmem_reserve[]: 0 0 1 1 1
[ 1812.825153][ T6248] usb 5-1: string descriptor 0 read error: -22
[ 1812.831998][T13733] Node 0 Normal free:0kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1812.863780][ T6248] usb 5-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[ 1812.873850][ T6248] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1812.894033][T21987] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[ 1812.908135][ T6248] usb 5-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[ 1812.938251][T13733] lowmem_reserve[]: 0 0 0 0 0
[ 1812.943354][T13733] Node 1 Normal free:3887564kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:212kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:10056kB local_pcp:7944kB free_cma:0kB
[ 1812.986056][ T6248] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1813.007907][ T6248] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[ 1813.017296][ T6248] usb 5-1: media controller created
[ 1813.043564][T13733] lowmem_reserve[]: 0 0 0 0 0
[ 1813.048410][T13733] Node 0 DMA: 1*4kB (U) 1*8kB (U) 1*16kB (U) 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 1*2048kB (M) 3*4096kB (M) = 15356kB
[ 1813.106935][ T6248] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1813.139378][T13733] Node 0 DMA32: 2238*4kB (UME) 577*8kB (UM) 332*16kB (UM) 257*32kB (UME) 128*64kB (UME) 445*128kB (UME) 584*256kB (UME) 392*512kB (UME) 197*1024kB (UME) 5*2048kB (UME) 115*4096kB (UM) = 1125472kB
[ 1813.142482][T21987] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1813.173662][T13724] usb 5-1: dvb_usb_au6610: wlen=0, aborting
[ 1813.232226][T21987] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1813.244162][T13733] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1813.262541][ T6248] zl10353_read_register: readreg error (reg=127, ret==0)
[ 1813.288309][T21987] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[ 1813.331763][T21987] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1813.342744][T13733] Node 1 Normal: 25*4kB (UE) 13*8kB (UE) 18*16kB (UE) 37*32kB (UE) 117*64kB (UE) 44*128kB (UE) 14*256kB (UM) 5*512kB (UM) 6*1024kB (UME) 5*2048kB (UE) 940*4096kB (UM) = 3887564kB
[ 1813.399538][T21987] usb 4-1: config 0 descriptor??
[ 1813.415990][T13733] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1813.496644][T13733] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1813.509107][T13733] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1813.521404][T13733] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1813.545883][ T6248] usb 5-1: USB disconnect, device number 14
[ 1813.572962][T13733] 70777 total pagecache pages
[ 1813.578204][T13733] 0 pages in swap cache
[ 1813.641811][T13733] Free swap  = 124996kB
[ 1813.646319][T13733] Total swap = 124996kB
[ 1813.650688][T13733] 2097051 pages RAM
[ 1813.680082][T13745] team_slave_0: entered promiscuous mode
[ 1813.686742][T13745] team_slave_1: entered promiscuous mode
[ 1813.702305][T13733] 0 pages HighMem/MovableOnly
[ 1813.720074][T13733] 428712 pages reserved
[ 1813.724340][T13733] 0 pages cma reserved
[ 1813.735829][T13745] team0: Device vlan2 is already an upper device of the team interface
[ 1813.749510][T13745] team_slave_0: left promiscuous mode
[ 1813.755071][T13745] team_slave_1: left promiscuous mode
[ 1813.851446][T21987] cp2112 0003:10C4:EA90.0008: unknown main item tag 0x0
[ 1813.910262][T21987] cp2112 0003:10C4:EA90.0008: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0
[ 1814.063439][T21987] cp2112 0003:10C4:EA90.0008: error requesting version
[ 1814.118682][T21987] cp2112 0003:10C4:EA90.0008: probe with driver cp2112 failed with error -71
[ 1814.149870][T21987] usb 4-1: USB disconnect, device number 33
[ 1814.208897][T13758] fido_id[13758]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory
[ 1814.842302][T13777] loop0: detected capacity change from 0 to 64
[ 1815.069363][T13784] loop3: detected capacity change from 0 to 512
[ 1815.118149][T13786] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[ 1815.155385][T13784] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1815.203447][T13784] ext4 filesystem being mounted at /11/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1815.691415][T13784] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[ 1815.823782][T13798] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[ 1816.001801][T13203] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1816.670683][T13795] loop0: detected capacity change from 0 to 32768
[ 1816.698440][T13795] ocfs2: Slot 0 on device (7,0) was already allocated to this node!
[ 1816.747913][T13795] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[ 1817.106771][T12754] ocfs2: Unmounting device (7,0) on (node local)
[ 1817.532619][T13822] loop4: detected capacity change from 0 to 32768
[ 1817.601344][T13822] read_mapping_page failed!
[ 1817.601438][T13822] ERROR: (device loop4): txAbort: 
[ 1817.601438][T13822] 
[ 1817.858149][   T50] read_mapping_page failed!
[ 1817.858237][   T50] ERROR: (device loop4): txAbort: 
[ 1817.858237][   T50] 
[ 1817.858287][   T50] jfs_write_inode: jfs_commit_inode failed!
[ 1818.124654][T13853] loop9: detected capacity change from 0 to 512
[ 1818.525780][T13860] netlink: 'syz.4.16992': attribute type 8 has an invalid length.
[ 1819.002291][T13849] loop8: detected capacity change from 0 to 32768
[ 1819.047010][T13845] loop0: detected capacity change from 0 to 32768
[ 1819.159875][T13845] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1819.348063][T13845] XFS (loop0): Ending clean mount
[ 1819.492160][T11335] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[ 1819.550618][T12754] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1819.673931][T11335] usb 5-1: Using ep0 maxpacket: 16
[ 1819.690396][T11335] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1819.714024][T11335] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1819.776334][T11335] usb 5-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[ 1819.822658][T11335] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1819.846754][T13887] sg_write: data in/out 209152/1 bytes for SCSI command 0xf2-- guessing data in;
[ 1819.846754][T13887]    program syz.3.17003 not setting count and/or reply_len properly
[ 1819.915662][T11335] usb 5-1: config 0 descriptor??
[ 1820.415395][T11335] uclogic 0003:28BD:0071.0009: interface is invalid, ignoring
[ 1820.635494][T13902] loop0: detected capacity change from 0 to 8192
[ 1820.644131][T11335] usb 5-1: USB disconnect, device number 15
[ 1820.730157][T13910] netlink: 284 bytes leftover after parsing attributes in process `syz.9.17010'.
[ 1821.121636][T13918] xt_l2tp: missing protocol rule (udp|l2tpip)
[ 1821.316293][T32670] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[ 1821.496187][T32670] usb 1-1: Using ep0 maxpacket: 16
[ 1821.525778][T32670] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00
[ 1821.556687][T32670] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1821.616435][T32670] usb 1-1: config 0 descriptor??
[ 1821.668521][T32670] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected
[ 1821.688565][T13931] loop6: detected capacity change from 0 to 512
[ 1821.719629][T13931] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[ 1821.796706][T13931] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ee018, mo2=0002]
[ 1821.844010][T13931] System zones: 1-12
[ 1821.902700][T13931] EXT4-fs (loop6): 1 truncate cleaned up
[ 1821.927571][T32670] usb 1-1: Detected FT232B
[ 1821.959963][T13931] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1822.038677][T13944] loop9: detected capacity change from 0 to 1024
[ 1822.207261][T13944] hfsplus: inconsistency in B*Tree (1,0,1,0,1)
[ 1822.248454][T13944] hfsplus: inconsistency in B*Tree (1,0,1,0,1)
[ 1822.363820][T32670] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[ 1822.386156][T32670] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0
[ 1822.402729][T13949] can0: slcan on ptm0.
[ 1822.452993][ T1159] hfsplus: b-tree write err: -5, ino 4
[ 1822.472889][T21590] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1822.568703][T32670] usb 1-1: USB disconnect, device number 10
[ 1822.630265][T32670] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[ 1822.669251][T32670] ftdi_sio 1-1:0.0: device disconnected
[ 1822.704168][T13947] can0 (unregistered): slcan off ptm0.
[ 1822.758800][T13957] netlink: 32 bytes leftover after parsing attributes in process `syz.6.17030'.
[ 1822.910823][T13955] loop9: detected capacity change from 0 to 4096
[ 1823.174387][T13964] Bluetooth: MGMT ver 1.23
[ 1824.507317][T13990] loop9: detected capacity change from 0 to 4096
[ 1824.628239][T13990] ntfs3(loop9): failed to convert "0080" to maciceland
[ 1824.629568][T13990] ntfs3(loop9): failed to convert name for inode 1e.
[ 1824.631284][T13990] ntfs3(loop9): ino=1f, mi_enum_attr
[ 1824.631365][T13990] ntfs3(loop9): Mark volume as dirty due to NTFS errors
[ 1824.779735][T13972] loop6: detected capacity change from 0 to 32768
[ 1824.836082][T13972] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1825.030209][T13972] XFS (loop6): Ending clean mount
[ 1825.033205][T13972] XFS (loop6): Quotacheck needed: Please wait.
[ 1825.145241][T13972] XFS (loop6): Quotacheck: Done.
[ 1825.255260][   T30] audit: type=1800 audit(2000000082.083:2320): pid=13972 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.17039" name="bus" dev="loop6" ino=9290 res=0 errno=0
[ 1825.431027][T21590] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1826.428511][T14034] netlink: 28 bytes leftover after parsing attributes in process `syz.6.17061'.
[ 1826.448448][T14037] loop4: detected capacity change from 0 to 64
[ 1826.554082][T14037] hfs: hfs: Invalid key length: 94
[ 1827.099461][T14051] ptrace attach of "./syz-executor exec"[13203] was attempted by "                                                                                _g;�LP�Z��'�M�z\x0aX��Ǩ����QE(�j%�\x5cK`4C��۬<�0ă�Vm,��}\x09u3��:
R�_��a�#&\x0c���_كS�ō�Yއ��R�q�7p*[��z�������]�=+��9��!ǺE�}�x�Ӕz\x0c��UF�K4)��\x0bU�ҩ���V��!N�ni�`Ή���cʡD��j��QT�)r�8�
��9�뿍�v����ԇKr=��/K�f�7�|b��'I�qU�K��蟢Axb&*`Gs�����h���z*���Qoq�\x07?ܕ�Z�<A�C!��9�����U���鏌������初��Hn����dE��\x07L�[�]a�aZ嗌�M�G#���[%�賥+\x0bN�0|�A�B��\x0a4=�\x0be��&sG�mљ��V��T�r�B1%��D�����\x0b�|GP\x0b�X<�e)������`, zB%����������ӝ9�m6O\x0c:�B-o�`&ķ�G�����uX�P^��W\x1b���\x0bNJ�!�J��T������S��pEg�ZߡR9��*��G
�&z��LF�^z��q��oe�a&C&��-�(����s�q�
X>P�_�,���Ll�$\x0aI
,Ҏ��� ��3޵���s#�.���l��=�?73ݲ�h�H�KD���?�\x0a}��0�'��x��Tӂ|��U�[��WP��oQ��U,K)��7yq`�1p���
[λ^���T;L0&��\x1b���������d��e����4a֧{��c��\x0d����ԃ��cQc�0�P9r����,^����9�\x0b�)���*.�jH��}��ޤ�>̥�����
[ 1827.403592][T14062] netlink: 16 bytes leftover after parsing attributes in process `syz.9.17074'.
[ 1827.740500][T14040] loop8: detected capacity change from 0 to 32768
[ 1827.808987][T14040] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode.
[ 1827.862086][T14071] loop4: detected capacity change from 0 to 512
[ 1828.170732][T14076] loop9: detected capacity change from 0 to 1024
[ 1828.287339][T26577] ocfs2: Unmounting device (7,8) on (node local)
[ 1828.299808][T14076] hfsplus: bad catalog entry type
[ 1828.522129][ T1024] hfsplus: b-tree write err: -5, ino 4
[ 1829.303225][T14110] loop0: detected capacity change from 0 to 64
[ 1829.412899][T14113] loop8: detected capacity change from 0 to 512
[ 1829.453981][T14110] overlayfs: upper fs needs to support d_type.
[ 1829.531336][T14113] EXT4-fs error (device loop8): ext4_orphan_get:1392: inode #15: comm syz.8.17100: inode has both inline data and extents flags
[ 1829.593565][T14110] overlayfs: upper fs does not support RENAME_WHITEOUT.
[ 1829.603563][T14113] EXT4-fs error (device loop8): ext4_orphan_get:1395: comm syz.8.17100: couldn't read orphan inode 15 (err -117)
[ 1829.622536][T14110] overlayfs: failed to set xattr on upper
[ 1829.628402][T14110] overlayfs: ...falling back to redirect_dir=nofollow.
[ 1829.638351][T14113] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1829.655500][T14110] overlayfs: ...falling back to index=off.
[ 1829.661431][T14110] overlayfs: ...falling back to uuid=null.
[ 1829.959529][T26577] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1830.222496][T14131] loop8: detected capacity change from 0 to 2048
[ 1830.249496][T14137] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[ 1830.249496][T14137] The task syz.3.17111 (14137) triggered the difference, watch for misbehavior.
[ 1830.291845][T14131] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1831.102837][T11839] Bluetooth: hci0: command 0x0405 tx timeout
[ 1831.438150][T14169] netlink: 8 bytes leftover after parsing attributes in process `syz.6.17125'.
[ 1831.505408][T14169] gretap0: entered promiscuous mode
[ 1831.530153][T14169] macvlan2: entered promiscuous mode
[ 1831.539514][T14174] netlink: 4 bytes leftover after parsing attributes in process `syz.0.17127'.
[ 1831.559392][T14169] macvlan2: entered allmulticast mode
[ 1831.565187][T14169] gretap0: entered allmulticast mode
[ 1831.880340][T14176] IPVS: persistence engine module ip_vs_pe_t not found
[ 1832.026602][T14185] loop3: detected capacity change from 0 to 512
[ 1832.080811][T14185] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[ 1832.169355][T14185] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ee018, mo2=0002]
[ 1832.211600][T14185] System zones: 1-12
[ 1832.244514][T14185] EXT4-fs (loop3): 1 truncate cleaned up
[ 1832.284548][T14185] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1832.317545][   T30] audit: type=1326 audit(2000000088.694:2321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14192 comm="syz.4.17135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69d658f6c9 code=0x7ffc0000
[ 1832.416832][   T30] audit: type=1326 audit(2000000088.694:2322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14192 comm="syz.4.17135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69d658f6c9 code=0x7ffc0000
[ 1832.502084][   T30] audit: type=1326 audit(2000000088.694:2323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14192 comm="syz.4.17135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7f69d658f6c9 code=0x7ffc0000
[ 1832.613361][T14200] netlink: 96 bytes leftover after parsing attributes in process `syz.0.17138'.
[ 1832.617269][   T30] audit: type=1326 audit(2000000317.701:2324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14192 comm="syz.4.17135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69d658f6c9 code=0x7ffc0000
[ 1832.665030][T14200] netlink: 12 bytes leftover after parsing attributes in process `syz.0.17138'.
[ 1832.718268][T14200] vlan2: entered allmulticast mode
[ 1832.727852][T13203] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1832.743517][T14200] gretap0: entered allmulticast mode
[ 1832.933394][T14209] netlink: 32 bytes leftover after parsing attributes in process `syz.4.17145'.
[ 1833.150358][ T6326] usb 9-1: new high-speed USB device number 39 using dummy_hcd
[ 1833.253230][T14187] loop9: detected capacity change from 0 to 32768
[ 1833.280087][T14187] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop9 (7:9) scanned by syz.9.17133 (14187)
[ 1833.316573][T14187] BTRFS info (device loop9): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[ 1833.331669][ T6326] usb 9-1: Using ep0 maxpacket: 32
[ 1833.339624][T14187] BTRFS info (device loop9): using sha256 (sha256-lib) checksum algorithm
[ 1833.366923][ T6326] usb 9-1: config 0 has an invalid interface number: 51 but max is 0
[ 1833.384925][ T6326] usb 9-1: config 0 has no interface number 0
[ 1833.408467][ T6326] usb 9-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1833.437942][ T6326] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1833.506313][ T6326] usb 9-1: Product: syz
[ 1833.528100][T14187] BTRFS info (device loop9): enabling ssd optimizations
[ 1833.542774][ T6326] usb 9-1: Manufacturer: syz
[ 1833.573914][ T6326] usb 9-1: SerialNumber: syz
[ 1833.596259][T32670] Process accounting resumed
[ 1833.605659][T14187] BTRFS info (device loop9): turning on async discard
[ 1833.614198][T14238] netlink: 64 bytes leftover after parsing attributes in process `syz.3.17151'.
[ 1833.652300][ T6326] usb 9-1: config 0 descriptor??
[ 1833.658971][T14187] BTRFS info (device loop9): enabling free space tree
[ 1833.679897][ T6326] quatech2 9-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1833.803696][T14241] Process accounting resumed
[ 1833.915892][ T6326] usb 9-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 1833.950570][ T6326] usb 9-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 1834.084661][T32149] BTRFS info (device loop9): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[ 1834.379864][    C0] usb 9-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 1834.388314][ T6326] usb 9-1: USB disconnect, device number 39
[ 1834.420852][ T6326] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[ 1834.495037][ T6326] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[ 1834.568837][T14259] loop6: detected capacity change from 0 to 512
[ 1834.586838][ T6326] quatech2 9-1:0.51: device disconnected
[ 1834.623800][T14259] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem
[ 1834.715642][T14259] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a043c11c, mo2=0002]
[ 1834.742903][T14259] System zones: 1-12
[ 1834.799941][T14259] EXT4-fs error (device loop6): ext4_iget_extra_inode:5074: inode #15: comm syz.6.17160: corrupted in-inode xattr: e_value size too large
[ 1834.870174][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[ 1834.943858][T14259] EXT4-fs error (device loop6): ext4_orphan_get:1395: comm syz.6.17160: couldn't read orphan inode 15 (err -117)
[ 1835.022572][T14259] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1835.137860][T14271] netlink: 'syz.9.17164': attribute type 4 has an invalid length.
[ 1835.396811][T21590] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1835.410439][T14275] loop8: detected capacity change from 0 to 2048
[ 1835.508963][T14275] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1835.712644][T14291] program syz.3.17174 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1835.813946][T14275] 
[ 1835.816407][T14275] ======================================================
[ 1835.823436][T14275] WARNING: possible circular locking dependency detected
[ 1835.830498][T14275] syzkaller #0 Not tainted
[ 1835.835039][T14275] ------------------------------------------------------
[ 1835.842092][T14275] syz.8.17166/14275 is trying to acquire lock:
[ 1835.848510][T14275] ffff888078308a58 (&ei->xattr_sem){++++}-{4:4}, at: ext4_destroy_inline_data+0x2d/0xe0
[ 1835.858677][T14275] 
[ 1835.858677][T14275] but task is already holding lock:
[ 1835.866196][T14275] ffff88807d52cb98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: do_writepages+0x27a/0x600
[ 1835.876194][T14275] 
[ 1835.876194][T14275] which lock already depends on the new lock.
[ 1835.876194][T14275] 
[ 1835.886712][T14275] 
[ 1835.886712][T14275] the existing dependency chain (in reverse order) is:
[ 1835.895822][T14275] 
[ 1835.895822][T14275] -> #1 (&sbi->s_writepages_rwsem){++++}-{0:0}:
[ 1835.904318][T14275]        ext4_writepages+0x224/0x7d0
[ 1835.909637][T14275]        do_writepages+0x27a/0x600
[ 1835.914771][T14275]        __writeback_single_inode+0x160/0xfb0
[ 1835.921149][T14275]        writeback_single_inode+0x2bc/0x550
[ 1835.927077][T14275]        write_inode_now+0x170/0x1e0
[ 1835.932557][T14275]        iput.part.0+0x487/0xb00
[ 1835.937523][T14275]        iput+0x35/0x40
[ 1835.941875][T14275]        ext4_xattr_block_set+0x67c/0x3650
[ 1835.947900][T14275]        ext4_expand_extra_isize_ea+0x1442/0x1ab0
[ 1835.954366][T14275]        __ext4_expand_extra_isize+0x346/0x480
[ 1835.960652][T14275]        __ext4_mark_inode_dirty+0x544/0x870
[ 1835.966670][T14275]        ext4_evict_inode+0x74e/0x18e0
[ 1835.972160][T14275]        evict+0x3e6/0x920
[ 1835.976812][T14275]        iput.part.0+0x6a9/0xb00
[ 1835.981866][T14275]        iput+0x35/0x40
[ 1835.986065][T14275]        ext4_orphan_cleanup+0x731/0x11e0
[ 1835.992039][T14275]        ext4_fill_super+0x8db7/0xaf70
[ 1835.997626][T14275]        get_tree_bdev_flags+0x38c/0x620
[ 1836.003375][T14275]        vfs_get_tree+0x8e/0x340
[ 1836.008386][T14275]        path_mount+0x7b9/0x23a0
[ 1836.013769][T14275]        __x64_sys_mount+0x293/0x310
[ 1836.019245][T14275]        do_syscall_64+0xcd/0xfa0
[ 1836.024286][T14275]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1836.030711][T14275] 
[ 1836.030711][T14275] -> #0 (&ei->xattr_sem){++++}-{4:4}:
[ 1836.038296][T14275]        __lock_acquire+0x126f/0x1c90
[ 1836.043711][T14275]        lock_acquire+0x179/0x350
[ 1836.048864][T14275]        down_write+0x92/0x200
[ 1836.053652][T14275]        ext4_destroy_inline_data+0x2d/0xe0
[ 1836.059682][T14275]        ext4_do_writepages+0x1154/0x3cf0
[ 1836.065599][T14275]        ext4_writepages+0x37a/0x7d0
[ 1836.070900][T14275]        do_writepages+0x27a/0x600
[ 1836.076218][T14275]        filemap_fdatawrite_wbc+0x104/0x160
[ 1836.082367][T14275]        __filemap_fdatawrite_range+0xb9/0x100
[ 1836.088632][T14275]        file_write_and_wait_range+0xca/0x140
[ 1836.094721][T14275]        generic_buffers_fsync_noflush+0x76/0x310
[ 1836.101162][T14275]        ext4_sync_file+0x896/0xf10
[ 1836.106658][T14275]        vfs_fsync_range+0x139/0x220
[ 1836.112156][T14275]        ext4_buffered_write_iter+0x2e0/0x440
[ 1836.118456][T14275]        ext4_file_write_iter+0xa4c/0x1d10
[ 1836.124518][T14275]        do_iter_readv_writev+0x662/0x9e0
[ 1836.130353][T14275]        vfs_writev+0x35f/0xde0
[ 1836.135232][T14275]        do_pwritev+0x1a6/0x270
[ 1836.140197][T14275]        __x64_sys_pwritev2+0xef/0x160
[ 1836.145781][T14275]        do_syscall_64+0xcd/0xfa0
[ 1836.150925][T14275]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1836.157532][T14275] 
[ 1836.157532][T14275] other info that might help us debug this:
[ 1836.157532][T14275] 
[ 1836.167933][T14275]  Possible unsafe locking scenario:
[ 1836.167933][T14275] 
[ 1836.175933][T14275]        CPU0                    CPU1
[ 1836.182255][T14275]        ----                    ----
[ 1836.188140][T14275]   rlock(&sbi->s_writepages_rwsem);
[ 1836.193636][T14275]                                lock(&ei->xattr_sem);
[ 1836.200853][T14275]                                lock(&sbi->s_writepages_rwsem);
[ 1836.208847][T14275]   lock(&ei->xattr_sem);
[ 1836.213185][T14275] 
[ 1836.213185][T14275]  *** DEADLOCK ***
[ 1836.213185][T14275] 
[ 1836.221588][T14275] 2 locks held by syz.8.17166/14275:
[ 1836.226876][T14275]  #0: ffff88807d52a420 (sb_writers#4){.+.+}-{0:0}, at: do_pwritev+0x1a6/0x270
[ 1836.236107][T14275]  #1: ffff88807d52cb98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: do_writepages+0x27a/0x600
[ 1836.246583][T14275] 
[ 1836.246583][T14275] stack backtrace:
[ 1836.252570][T14275] CPU: 1 UID: 0 PID: 14275 Comm: syz.8.17166 Not tainted syzkaller #0 PREEMPT(full) 
[ 1836.252617][T14275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1836.252640][T14275] Call Trace:
[ 1836.252652][T14275]  <TASK>
[ 1836.252665][T14275]  dump_stack_lvl+0x116/0x1f0
[ 1836.252716][T14275]  print_circular_bug+0x275/0x350
[ 1836.252778][T14275]  check_noncircular+0x14c/0x170
[ 1836.252842][T14275]  __lock_acquire+0x126f/0x1c90
[ 1836.252910][T14275]  lock_acquire+0x179/0x350
[ 1836.252942][T14275]  ? ext4_destroy_inline_data+0x2d/0xe0
[ 1836.253000][T14275]  ? __pfx___might_resched+0x10/0x10
[ 1836.253047][T14275]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1836.253093][T14275]  down_write+0x92/0x200
[ 1836.253140][T14275]  ? ext4_destroy_inline_data+0x2d/0xe0
[ 1836.253189][T14275]  ? __pfx_down_write+0x10/0x10
[ 1836.253237][T14275]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1836.253277][T14275]  ? ext4_journal_check_start+0x22b/0x340
[ 1836.253320][T14275]  ext4_destroy_inline_data+0x2d/0xe0
[ 1836.253371][T14275]  ext4_do_writepages+0x1154/0x3cf0
[ 1836.253428][T14275]  ? check_path.constprop.0+0x24/0x50
[ 1836.253477][T14275]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1836.253517][T14275]  ? save_trace+0x4e/0x380
[ 1836.253561][T14275]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1836.253601][T14275]  ? add_lock_to_list+0x9d/0x130
[ 1836.253649][T14275]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1836.253690][T14275]  ? __lock_acquire+0x1053/0x1c90
[ 1836.253748][T14275]  ? __pfx_ext4_do_writepages+0x10/0x10
[ 1836.253794][T14275]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1836.253836][T14275]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1836.253880][T14275]  ? ext4_writepages+0x37a/0x7d0
[ 1836.253920][T14275]  ext4_writepages+0x37a/0x7d0
[ 1836.253962][T14275]  ? __pfx_ext4_writepages+0x10/0x10
[ 1836.254012][T14275]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1836.254055][T14275]  ? __pfx_ext4_writepages+0x10/0x10
[ 1836.254099][T14275]  do_writepages+0x27a/0x600
[ 1836.254135][T14275]  ? __pfx_do_writepages+0x10/0x10
[ 1836.254167][T14275]  ? do_raw_spin_unlock+0x172/0x230
[ 1836.254205][T14275]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1836.254249][T14275]  ? _raw_spin_unlock+0x28/0x50
[ 1836.254286][T14275]  filemap_fdatawrite_wbc+0x104/0x160
[ 1836.254323][T14275]  __filemap_fdatawrite_range+0xb9/0x100
[ 1836.254369][T14275]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[ 1836.254420][T14275]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1836.254460][T14275]  ? ext4_reserve_inode_write+0x278/0x340
[ 1836.254526][T14275]  ? __pfx___might_resched+0x10/0x10
[ 1836.254574][T14275]  file_write_and_wait_range+0xca/0x140
[ 1836.254623][T14275]  generic_buffers_fsync_noflush+0x76/0x310
[ 1836.254670][T14275]  ext4_sync_file+0x896/0xf10
[ 1836.254710][T14275]  ? __pfx_ext4_sync_file+0x10/0x10
[ 1836.254746][T14275]  vfs_fsync_range+0x139/0x220
[ 1836.254804][T14275]  ext4_buffered_write_iter+0x2e0/0x440
[ 1836.254840][T14275]  ext4_file_write_iter+0xa4c/0x1d10
[ 1836.254874][T14275]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1836.254919][T14275]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1836.254959][T14275]  ? rcu_is_watching+0x12/0xc0
[ 1836.255006][T14275]  ? __pfx_ext4_file_write_iter+0x10/0x10
[ 1836.255041][T14275]  ? __resched_curr+0x316/0x3b0
[ 1836.255081][T14275]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1836.255120][T14275]  ? __lock_acquire+0xb8a/0x1c90
[ 1836.255176][T14275]  do_iter_readv_writev+0x662/0x9e0
[ 1836.255224][T14275]  ? __pfx_do_iter_readv_writev+0x10/0x10
[ 1836.255268][T14275]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1836.255313][T14275]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1836.255358][T14275]  vfs_writev+0x35f/0xde0
[ 1836.255409][T14275]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1836.255452][T14275]  ? __pfx_vfs_writev+0x10/0x10
[ 1836.255502][T14275]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1836.255552][T14275]  ? __fget_files+0x20e/0x3c0
[ 1836.255609][T14275]  ? do_pwritev+0x1a6/0x270
[ 1836.255652][T14275]  do_pwritev+0x1a6/0x270
[ 1836.255697][T14275]  ? __pfx_do_pwritev+0x10/0x10
[ 1836.255745][T14275]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1836.255786][T14275]  ? xfd_validate_state+0x61/0x180
[ 1836.255842][T14275]  __x64_sys_pwritev2+0xef/0x160
[ 1836.255897][T14275]  do_syscall_64+0xcd/0xfa0
[ 1836.255962][T14275]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1836.255996][T14275] RIP: 0033:0x7f7fc798f6c9
[ 1836.256023][T14275] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1836.256057][T14275] RSP: 002b:00007f7fc876e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 1836.256088][T14275] RAX: ffffffffffffffda RBX: 00007f7fc7be5fa0 RCX: 00007f7fc798f6c9
[ 1836.256111][T14275] RDX: 0000000000000001 RSI: 0000200000000100 RDI: 0000000000000004
[ 1836.256132][T14275] RBP: 00007f7fc7a11f91 R08: 0000000000000000 R09: 0000000000000004
[ 1836.256153][T14275] R10: 0000000000000045 R11: 0000000000000246 R12: 0000000000000000
[ 1836.256175][T14275] R13: 00007f7fc7be6038 R14: 00007f7fc7be5fa0 R15: 00007ffd2389b818
[ 1836.256212][T14275]  </TASK>
[ 1836.754908][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1836.893553][T14275] EXT4-fs error (device loop8): ext4_mb_generate_buddy:1286: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[ 1836.983252][T14275] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[ 1836.991197][T14285] loop6: detected capacity change from 0 to 40427
[ 1836.997878][T14275] EXT4-fs (loop8): This should not happen!! Data will be lost
[ 1836.997878][T14275] 
[ 1837.073792][T14285] F2FS-fs (loop6): invalid crc value
[ 1837.114728][T14275] EXT4-fs (loop8): Total free blocks count 0
[ 1837.122005][T14275] EXT4-fs (loop8): Free/Dirty block details
[ 1837.127954][T14275] EXT4-fs (loop8): free_blocks=2415919504
[ 1837.133876][T14275] EXT4-fs (loop8): dirty_blocks=16
[ 1837.139192][T14275] EXT4-fs (loop8): Block reservation details
[ 1837.145307][T14275] EXT4-fs (loop8): i_reserved_data_blocks=1
[ 1837.207605][T26577] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1837.288368][T14285] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[ 1837.301537][T14285] F2FS-fs (loop6): Start checkpoint disabled!
[ 1837.308706][T14285] F2FS-fs (loop6): f2fs_disable_checkpoint() finish, err:0
[ 1837.316941][T14285] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[ 1837.370206][   T50] kworker/u8:3: attempt to access beyond end of device
[ 1837.370206][   T50] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1837.384633][   T50] CPU: 0 UID: 0 PID: 50 Comm: kworker/u8:3 Not tainted syzkaller #0 PREEMPT(full) 
[ 1837.384679][   T50] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1837.384699][   T50] Workqueue: writeback wb_workfn (flush-7:6)
[ 1837.384745][   T50] Call Trace:
[ 1837.384754][   T50]  <TASK>
[ 1837.384765][   T50]  dump_stack_lvl+0x16c/0x1f0
[ 1837.384802][   T50]  f2fs_handle_critical_error+0x624/0x9f0
[ 1837.384834][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1837.384868][   T50]  ? f2fs_build_fault_attr+0x53/0x1f0
[ 1837.384915][   T50]  f2fs_write_end_io+0x958/0xcf0
[ 1837.384948][   T50]  ? __pfx_f2fs_write_end_io+0x10/0x10
[ 1837.384977][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1837.385013][   T50]  ? rcu_is_watching+0x12/0xc0
[ 1837.385068][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1837.385154][   T50]  ? lock_release+0x201/0x2f0
[ 1837.385201][   T50]  ? __pfx_f2fs_write_end_io+0x10/0x10
[ 1837.385231][   T50]  bio_endio+0x713/0x860
[ 1837.385269][   T50]  submit_bio_noacct+0x306/0x1f60
[ 1837.385303][   T50]  __submit_merged_bio+0x33c/0x770
[ 1837.385338][   T50]  __submit_merged_write_cond+0x319/0x3f0
[ 1837.385375][   T50]  f2fs_write_cache_pages+0x2067/0x2570
[ 1837.385425][   T50]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[ 1837.385461][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1837.385497][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1837.385532][   T50]  ? rcu_is_watching+0x12/0xc0
[ 1837.385580][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1837.385629][   T50]  ? lock_release+0x201/0x2f0
[ 1837.385674][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1837.385713][   T50]  ? do_raw_spin_unlock+0x172/0x230
[ 1837.385751][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1837.385784][   T50]  ? f2fs_available_free_memory+0x279/0xa30
[ 1837.385836][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1837.385869][   T50]  ? do_raw_spin_unlock+0x172/0x230
[ 1837.385916][   T50]  ? unwind_next_frame+0x3fe/0x20a0
[ 1837.385948][   T50]  ? ret_from_fork_asm+0x1a/0x30
[ 1837.385990][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1837.386027][   T50]  f2fs_write_data_pages+0x4ad/0xd90
[ 1837.386068][   T50]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1837.386110][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1837.386148][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1837.386181][   T50]  ? stack_depot_save_flags+0x3de/0x9c0
[ 1837.386228][   T50]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1837.386267][   T50]  do_writepages+0x27a/0x600
[ 1837.386297][   T50]  ? __pfx_do_writepages+0x10/0x10
[ 1837.386324][   T50]  ? wb_workfn+0x158/0xbe0
[ 1837.386360][   T50]  ? process_one_work+0x9cf/0x1b70
[ 1837.386389][   T50]  ? worker_thread+0x6c8/0xf10
[ 1837.386417][   T50]  ? kthread+0x3c5/0x780
[ 1837.386441][   T50]  ? ret_from_fork+0x675/0x7d0
[ 1837.386487][   T50]  __writeback_single_inode+0x160/0xfb0
[ 1837.386523][   T50]  ? lock_release+0x201/0x2f0
[ 1837.386565][   T50]  ? __pfx___writeback_single_inode+0x10/0x10
[ 1837.386600][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1837.386632][   T50]  ? do_raw_spin_unlock+0x172/0x230
[ 1837.386671][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1837.386709][   T50]  writeback_sb_inodes+0x60d/0xfa0
[ 1837.386769][   T50]  ? __pfx_writeback_sb_inodes+0x10/0x10
[ 1837.386815][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1837.386847][   T50]  ? rcu_is_watching+0x12/0xc0
[ 1837.386882][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1837.386915][   T50]  ? trace_irq_enable.constprop.0+0xd4/0x120
[ 1837.386980][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1837.387013][   T50]  ? rcu_is_watching+0x12/0xc0
[ 1837.387048][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1837.387085][   T50]  ? queue_io+0x3f6/0x520
[ 1837.387116][   T50]  wb_writeback+0x419/0xb70
[ 1837.387159][   T50]  ? __pfx_wb_writeback+0x10/0x10
[ 1837.387196][   T50]  ? rcu_is_watching+0x12/0xc0
[ 1837.387232][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1837.387264][   T50]  ? rcu_is_watching+0x12/0xc0
[ 1837.387302][   T50]  wb_workfn+0x14d/0xbe0
[ 1837.387340][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1837.387372][   T50]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 1837.387407][   T50]  ? __pfx_wb_workfn+0x10/0x10
[ 1837.387441][   T50]  ? __pfx_debug_object_deactivate+0x10/0x10
[ 1837.387475][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1837.387508][   T50]  ? trace_sched_exit_tp+0xd1/0x120
[ 1837.387539][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1837.387572][   T50]  ? rcu_is_watching+0x12/0xc0
[ 1837.387607][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1837.387640][   T50]  ? lock_acquire+0x2cd/0x350
[ 1837.387662][   T50]  ? rcu_is_watching+0x12/0xc0
[ 1837.387698][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1837.387731][   T50]  ? rcu_is_watching+0x12/0xc0
[ 1837.387769][   T50]  process_one_work+0x9cf/0x1b70
[ 1837.387805][   T50]  ? __pfx_nsim_dev_trap_report_work+0x10/0x10
[ 1837.387860][   T50]  ? __pfx_process_one_work+0x10/0x10
[ 1837.387895][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1837.387947][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1837.387991][   T50]  ? assign_work+0x1a0/0x250
[ 1837.388019][   T50]  worker_thread+0x6c8/0xf10
[ 1837.388059][   T50]  ? __pfx_worker_thread+0x10/0x10
[ 1837.388094][   T50]  kthread+0x3c5/0x780
[ 1837.388121][   T50]  ? __pfx_kthread+0x10/0x10
[ 1837.388148][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1837.388180][   T50]  ? rcu_is_watching+0x12/0xc0
[ 1837.388216][   T50]  ? __pfx_kthread+0x10/0x10
[ 1837.388243][   T50]  ret_from_fork+0x675/0x7d0
[ 1837.388286][   T50]  ? __pfx_kthread+0x10/0x10
[ 1837.388313][   T50]  ret_from_fork_asm+0x1a/0x30
[ 1837.388365][   T50]  </TASK>
[ 1837.927347][   T50] F2FS-fs (loop6): Stopped filesystem due to reason: 3