last executing test programs: 5.446503617s ago: executing program 5 (id=5664): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x403, 0x6030, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x2}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000240)={0x0, 0x22, 0x2, {[@main=@item_012={0x1, 0x0, 0x0, '3'}]}}, 0x0}, 0x0) 3.422632075s ago: executing program 2 (id=5684): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000b80)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000080)='tlb_flush\x00', r0}, 0x10) syz_clone(0x62008000, 0x0, 0x0, 0x0, 0x0, 0x0) 2.728769298s ago: executing program 2 (id=5691): syz_mount_image$jfs(&(0x7f0000000400), &(0x7f00000000c0)='./file2\x00', 0x1c802, &(0x7f0000000ec0)=ANY=[], 0x1, 0x5ea7, &(0x7f00000085c0)="$eJzs3U9vHGcdB/Df/vH6T2kaVagKEYc0hdJSmv8JlH9NOXCAA0goZxK5bhVIASUB0SoirnJAXICXAJdeOPSN9DUgXgCRbE49UAaN/TzJeLzOOk28s+vn85Gcmd88O95n8vV4dj0z+wQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAED/64c/O9iLi6u/SgqMRX4hBRD9iua5PRD1zOT9+GBHHYqs5XoiIwWJEvf7WP89FXIiIT45EbGzeWa0Xn9tnPy6euX3zsx//4J9//Mu9Y794++cftdt/+sXzH//pbsTRn7zx8Wd3n862AwAAQCmqqqp66W3+8fT+vt91pwCAqcjH/yrJy9VqtVr9VOs/92erP+pC66ZqvLvNIiLWm+vUrxmcjgeAObMen3bdBTok/6INI+KZrjsBzLRe1x3gQGxs3lntpXx7zePBie32/HfKHfmv9x7c37HXdJL2NSbT+vm6F4N4fo/+LE+pD7Mk599v5391u32UHnfQ+U/LXvn3tm99Kk7Of9DOv2VH/n+NiLnNvz82/1Ll/IePk//6YI73f/kDAAAAAHD45b//H+34/O/ik2/Kvjzq/O+JKfUBAAAAAAAAAJ62Jx3/7wHj/wEAAMDMqt+r1/525OGyvT6LrV5+pRfxbOvxQGHSzTIrXfcDAAAAAAAAAAAAAEoy3L6G90ovYiEinl1Zqaqq/mpq14/rSdefd6VvP5Ss61/yAACw7ZMjrXv5exFLEXElfdbfwsrKSlUtLa9UK9XyYn49O1pcqpYb72vztF62ONrHC+LhqKq/2VJjvaZJ75cntbe/X/1co2qwj45NR4eBA0BEbB+NNhyRDpmqei66fpXDfLD/Hz72f/aj659TAAAA4OBVVVX10sd5H0/n/PtddwoAmIalfPxvnxdQq9VqtVp9+Oqmary7zSIi1pvr1K8ZDMcPAHNmPT7tugt0SP5FG0bEsa47Acy0Xtcd4EBsbN5Z7aV8e83jQRrfPV8LsiP/9d7Wenn9cdNJ2teYTOvn614M4vk9+vPClPowS3L+/Xb+V7fbR+lxB53/tOyVf72dRzvoT9dy/oN2/i2HJ//+2PxLlfMfPlb+A/kDAAAAAMAMy3//P+r8b95kAAAAAAAAAJg7G5t3VvN9r/n8/5fHPK7XnHP/56GR8+/tO3/3/x4mOf9+O//WBTmDxvz9tx7m/5/NO6sf3f73l/J05vNfGIzq517o9QfDdM1PtfBOXI8bsRZndj1+uKP97K72hR3t5ya0n9/VPqrbl3P7qViNX8eNePtB++KEC6OWJrRXE9pz/gP7f5Fy/sPGV53/Smrvtaa1+x/2d+33zem457n8j/++vHvvmr57MXiwbU319p3soD9b/yfPjOK3t9Zunvr9tdu3b56NNNmx9FykyVOW819IXzn/V17abs+/95v76/0PR4+d/6y4F8M983+pMV9v76tT7lsXcv6j9JXzz0eg8fv/POe/9/7/Wgf9AQAAAAAAAAAAAAAAgEepqmrrFtHLEXEp3f/T1b2ZAMB05eN/leTlarVarVarD1/dVI33ZrOIpZ3r1K8Z/jDumwEAs+x/EfGvrjtBZ+RfsPx5f/X0K113BpiqW+9/8MtrN26s3bzVdU8AAAAAAAAAgM8rj/95ojH+89Z1QK1xo3eM//pWnJjb8T/7o8HWWOdpg16MR4//fTIePf73cMLzLUxoH01oX5zQvjShfeyNHg05/xdTxjn/42nDShr/9ZUO+tO1nP/JNNZzzv9rrcc186/+Ps/593fkf/r2e785fev9D16//t61d9feXfvV2TOXLpy/eOH8xYun37l+Y+3M9r8d9vhg5fzz2NeuAy1Lzj9nLv+y5Py/mmr5lyXn/3Kq5V+WnH9+vSf/suT883sf+Zcl5/9qquVflpz/11Mt/7Lk/F9LtfzLkvP/RqrlX5ac/+upln9Zcv6nUi3/suT8T6da/mXJ+eczXPIvS84/X9kg/7Lk/M+lWv5lyfmfT7X8y5Lzv5Bq+Zcl538x1fIvS87/UqrlX5ac/zdTLf+y5Py/lWr5lyXn/0aq5V+WnP+3Uy3/suT8v5Nq+Zcl5//dVMu/LDn/76Va/mXJ+X8/1fIvS87/zVTLvywPP//fjBkzZvJM17+ZAAAAAAAAAAAAAIC2aVxO3PU2AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwf3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhb27i5GrvM8AfvbLXhsS3EAIIU6wjSEGFnbXX+AQg0lCSkmbUhLSpiU1jr02TvxV75oAQmUptCUKUpHaC3rRNInSKFJbgaJITSUaITVSe1euEnETtRIXlgqVg5JKqQJbnTnv+3pmdnbO+mPsmXN+P4T/3pkzM++cOTO7z1rPDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANBs/cdn/nwoy7L8/8Yfa7Ls0vzvq7Jd+Zfz2y/2CgEAAIBz9Xbjz3+4LJ2waxkXatrm3z70H99fWFhYyL741sl3/nJhIZ2xLstGVmZZ47zo33/5i4XmbYKns/Gh4aavh0tufqTk/NGS88dKzl9Rcv7KkvPHS85ftAMWWVX8PqZxZRsbf11T7NLsimyscd7GDpd6emjl8HD8XU7DUOMyC2P7s4PZoWwmm1p0maHGf1n28vr8tu7J4m0NN93W2izLTv3sib1xDUNhH2/MWm6sofmxe/OubN1bP3ti73fm3nh/p1m6GxatNMs2bcjX+UyWnf51VTaUrUz7JK5zuGmdazusc6RlnUONy+V/b1/nqWWuM97v8bDOV7usc2047dFrsyybz5bcpt3T2XC2uu1W0/4eL46I/Dryh/I92egZHSfrl3Gc5Jd5/drW46T9mIz7f33YJ6NLrKH54XjzqRWL9vvZHif5ve6HYzW/7vvyGx0fb/7Vasuxmm/zxHVLHwMdH7sOx0A6lpuOgQ1lx8DwipHGMTB8es0bWo6B6UWXGc6GGrd18rrux8Dk3OFjk7OPPX7zwcN7DswcmDkyPbV965ZtW7ds2za5/+ChmanizzPbpQNkdTacjsEN4bUmHoMfbtu2+ZBc+Ob5ex6M98nzIL/vn70+X9Clw9kSx3i+zTObzv15kL7vNz0PRpueBx1fUzs8D0aX8TzItzm1aXnfM0eb/u+0hl69Fq5pOgYu5vfD/DYfvGHp18K1YV3P3nim3w9HFh0D8W4Nhedefkr6eW/8trBfFh8XV+dnXLIiOzE7c/yWR/fMzR2fzsK4IC5veqzaj5fVTfcpW3S8DJ/x8bLr7391/dUdTl8T9tX4Td0fq3ybrRPdH6vGq3vr/lyRFfuz5dTNWRjn2YXen52+m+X7M2WJLvsz3+aZm8/9Z8GUS5pe/8bKXv9GxkaL17+RtDfGWl7/Fj80I42VZdmpm5f3+jcW/r/Qr39X9MnrX76vHryl+zGQb/Ps5JkeA6NdX/+uDXMorOeGkBjGm3L/O43z54vDtOmxLD1uRkfHwnEzGm+x9bjZsugy+bXlt71p6uyOm03Xtj5WLT+3VPC4yffVX011P27ybV6ZPvfXjlXxr02vHSvKjoGxkRX5esfSQVC83i2sisfALdne7Gh2KNuXLpM/yvltTWxe3jGwIvx/oV87ruqTYyDfVy9s7n4M5Nv8aMv5/dlpUzglbdP0s1P77xeWyvxXj56+vvbddr4zf77OT/z40+m0Thki3+aNrWeaM7rvp5vCKZd02E/tz5+ljul92YXZT1eFdR7a1v13U/k2V2xf5vG0K8uy16Zfa/y+K/x+93snfvz9lt/7dvqd8mvTr907ef9PzmT9AACcvXcaf86vKH7WbPoX6+X8+z8AAAAwEGLuHw4zkf8BAACgMmLuHwkzkf8BAACgMmLuHw0zqUn+f/i2HS++/WSW3g1wIYjnx91w3x3FdrHjPR++XrdwWn76x7499uJXn1zebQ9nWfarez/QcfuH74jrKhyL6/xI6+mLXHXNsm7/oQdOb9f8/gmndhTXH+/Pcg+D2FV+eXJz43rXPTbdmK/cmzXm/fPPPl1cf/F13P7klmL7vwlvWrJr/1DL5TeF9WwMc114T5n7dp3eD/mMl3tx7Yf+9fLPnb69eLmhDe9u3M0X/ri43vgeUc9fXmwf7/dS6/+Xr333xXz7R6/rvP4nhzuv/2S43tfD/OXOYvvmff7VpvX/aVh/vL14uVu+9cOO63/pfcX2L4Xj4hthtq//rr/44NudHq94O7tuLy4Xb3/qf7c2LhevL15/+/rHn5xu2R/t1//KW8X17Hzk5yPN28fT4+1ED93eenwPhce3pUeeZdl3/yxr2c/ZR4vL/XPb+uP1Hbu98/pvalvnsaFrGpc/fX/WtNyvr//d5o73N65n1z+uabk/z98d9t9bkz/Kr/fk/eF4DOf/36vF9bW/l+lLd7e+3sTtv7GmeN7G65tsW//zbeufvybfd+Xrv+etYv0v3bmyZf27PhmOp3uKWbb+A397Wcvlv/md4vE4/pWJI0dnTxzc17RXm5/HK8dXrb7k0ne9+7LwWtr+9e6jcw/PHF83tW4qy9YN4FsG9nr93wrzf4oxf/5vofCTnxfH3XOfKr5vffgXxdfPh9MfCo9n/P749b8eazle2x/3+TuLea7rvzGsY7ne97X/umZZG578wssn/ulP3mj/uSDen2PvHW/cvxfWX9k4b+iV4vz216sy//ne1uf1T0enGvMHYb8uhHdm3nBlcXvt1x/fm+S5zxTP3/iTXLx81vZ+ImtGWu/Hua7/p+HnmB9e1fr6F4+PHzzZ9m7Oa7KhfAnz4fUhmy/Oj1vF/f3cqSs73l58H55s/v1nsswlzT42O3no4JETj07OzczOTc4+9vjuw0dPHJnb3Xjv0t1fKrv86ef36sbze9/M9q1Z49l+tBg9drHXf+yBvftunbp+38z+PSf2zz1wbOb4gb2zs3tn9s1ev2f//pmvlF3+4L6d05t3bLl188SBg/t23rZjx5YdEwePHM2XUSyqxPapL08cOb67cZHZnVt3TG/btnVq4vDRfTM7b52amjhRdvnG96aJ/NKPTByfObRn7uDhmYnZg4/P7JzesX375tJ3fzx8bP/susnjJ45MnpidOT5Z3Jd1c42T8+99ZZenHmaPhte7NkPhp/PP37Q9vT9u7ttPLXlVxSatP55mb4b3gorf38q+jrl/LMykJvkfAAAA6iDm/vDG/6fPkP8BAACgMmLuXxlmIv8DAABAZcTcXyT/8fTx73XJ/+er//+U/n+D/r/+f6b/n+j/6/9n+v/6/yX0//X/B3n9+v/6/5Trt/5/yP3Zqizz7/8AAABQUTH3rw4zkf8BAACgMmLuvyTMRP4HAACAyoi5/9Iwk5rkf5//r/+v/9+t/x+31f/P9P/7of+/8b/1/xfR/9f/z/T/z9rF7s8P+vr7sP+/Sv+fftNv/f+Y+98VZlKT/A8AAAB1EHP/u8NM5H8AAACojJj7Lwszkf8BAACgMmLuXxNmUpP8r/+v/6//7/P/9f8Hpv/v8/870P/X/8/0/8/axe7PD/r6+7D/7/P/6Tv91v+Puf/Xwkxqkv8BAACgDmLuf0+YifwPAAAAlRFz/+VhJvI/AAAAVEbM/VeEmdQk/9ez//96lmX6/5n+v/5/2zr1//X/e0H/X/+/G/1//f9BXr/+v/4/5fqt/x9z/3vDTGqS/wEAAKAOYu6/MsxE/gcAAIDKiLn/fWEm8j8AAABURsz9V4WZ1CT/17P/7/P/9f8L+v+t69T/1//vBf1//f9u9P/1/wd5/fr/+v+U67f+f8z97w8zqUn+BwAAgDqIuf/qMBP5HwAAACoj5v4PhJnI/wAAAFAZMfevDTOpSf7X/9f/1//X/9f/1//vpcHq/w8veY7+f0H/v9X56//Pn16A/v/ArF//X/+fcv3W/4+5/4NhJjXJ/wAAAFAHMfd/KMxE/gcAAIDKiLn/mjAT+R8AAAAqI+b+dWEmNcn/+v/6//r/+v/6//r/vTRY/f+l6f8X9P9b+fx//X/9f/1/uuu3/n/M/evDTGqS/wEAAKAOYu7fEGYi/wMAAEBlxNx/bZiJ/A8AAACVEXP/xjCTmuR//X/9f/1//X/9f/3/XtL/1//vRv9f/3+Q16//r/9PuX7r/8fcf12YSU3yPwAAANRBzP3Xh5nI/wAAAFAZMfd/OMxE/gcAAIDKiLl/U5hJTfK//r/+v/7/APf/R/T/M/3/vqf/r//fjf6//v8gr1//X/+fcv3W/4+5/4Ywk5rkfwAAAKiDmPtvDDOR/wEAAKAyYu6/KcxE/gcAAIDKiLl/IsykJvlf/1//X/9/gPv/Pv+/Zf36//1J/1//vxv9f/3/QV6//r/+P+X6rf8fc//NYSY1yf8AAABQBzH33xJmIv8DAABAZcTcPxlmIv8DAABAZcTcPxVmUpP8r/+v/6//r/+v/6//30v6//r/3ej/6/8P8vr1//X/Kddv/f+Y+6fDTGqS/wEAAKAOYu7fHGYi/wMAAEBlxNy/JcxE/gcAAIDKiLl/a5hJTfK//r/+v/6//r/+v/5/L+n/6/93o/+v/z/I69f/1/+n1XCH0/qt/x9z/7Ywk5rkfwAAAKiDmPu3h5nI/wAAAFAZMfffGmYi/wMAAEBlxNx/W5hJTfK//r/+v/6//r/+v/5/L+n/6/93o/+v/z/I69f/1/+nXL/1/2Pu3xFmUpP8DwAAAHUQc/9HwkzkfwAAAKiMmPtvDzOR/wEAAGCgdPocwijm/o+GmdQk/+v/V73/v7BS/1//X/+/+/r1/3tL/1//vxv9f/3/QV6//r/+P+X6rf8fc//OMJOa5H8AAACog5j77wgzkf8BAACgMmLuvzPMRP4HAACAyoi5f1eYSU3yv/5/1fv/Pv9f/1//v2z9+v+9pf+v/9+N/v9g9v/Djy36/33U/8+PIf1/+lG/9f9j7r8rzKQm+R8AAADqIOb+j4WZyP8AAABQGTH3fzzMRP4HAACAyoi5/xNhJjXJ//r/+v/6//r/+v/6/72k/9+z/n/jpVD/v6D/f3Yudn9+0NffT/1/n/9Pv+q3/n/M/XeHmdQk/wMAAEAdxNz/yTAT+R8AAAAqI+b+Xw8zkf8BAACgMmLuvyfMpCb5X/9f/1//X/9f/1//v5f0/33+fzf6//r/g7x+/X/9f8r1W/8/5v7fCDOpSf4HAACAOoi5/94wE/kfAAAAKiPm/k+Fmcj/AAAAMGBWLHlOzP2/GWZSk/yv/39h+v/D6fr1//X/9f/1//X/zyf9f/3/TP//rF3s/vygr1//X/+fcv3W/4+5/7fCTGqS/wEAAKAOYu7/dJiJ/A8AAACVEXP/b4eZyP8AAABQGTH33xdmUpP8f777/+2X76ZO/X+f/6//n+n/6/837VX9//NH/1//P9P/P2sXuz8/6OvX/9f/p1y/9f9j7v+dMJOa5H8AAACog5j77w8zkf8BAACgMmLu/0yYifwPAAAAlRFz/2fDTGqS/33+v/6//r/+v/6//n8v6f/r/3ej/6//P8jr1//X/6dcv/X/Y+5/IMykJvkfAAAA6iDm/s+Fmcj/AAAAUBkx9/9umIn8DwAAAJURc//vhZnUJP/r/+v/6//r/+v/6//3kv7/4v5//hqm/1/Q/9f/H+T16//r/1Ou3/r/Mfd/PsykJvkfAAAA6iDm/t8PM5H/AQAAoDJi7v+DMBP5HwAAACoj5v4Hw0xqkv/1//X/9f/1//X/9f97Sf/f5/93o/+v/z/I69f/1/+nXL/1/2Pu/0KYSU3yPwAAANRBzP1/GGYi/wMAAEBlxNy/O8xE/gcAAIDKiLn/oTCTmuR//X/9f/1//X/9f/3/XtL/1//vRv9f/3+Q16//r/9PuX7r/8fcvyfMZFfrzQAAAACDK+b+L4aZ1OTf/wEAAKAOYu7fG2Yi/wMAAEBlxNy/L8ykJvlf/1//X/9f/1//X/+/l/T/9f+70f/X/x/k9ev/6/9Trt/6/zH3z4SZ1CT/AwAAQB3E3L8/zET+BwAAgMqIuf9AmIn8DwAAAJURc//DYSY1yf/6//r/+v+17f+/+r22der/6//3gv6//n83+v/6/4O8fv1//X/K9Vv/P+b+g2EmNcn/AAAAUAcx938pzET+BwAAgMqIuf/LYSbyPwAAAFRGzP2Hwkxqkv/1//X/9f9r2//3+f+B/n9v6f/r/3ej/6//P8jr1//X/6dcv/X/Y+4/HGZSk/wPAAAAdRBz/5EwE/kfAAAAKiPm/qNhJvI/AAAAVEbM/cfCTGqS//X/z6z/P7REN1D/v/P69f/1//X/9f/1//X/u9H/1/8f5PXr/+v/U67f+v8x9/9RmElN8j8AAADUQcz9x8NM5H8AAACojJj7Z8NM5H8AAACojJj758JMapL/9f99/r/+v/6//r/+fy/p/+v/d6P/r/8/yOvX/9f/p1y/9f9j7j8RZlKT/A8AAAB1EHP/I2Em8j8AAAD8P3v3lSvIWfRx+Hy2Rh8SYg9sgRWwBNaAxB7IYJNNBpNzMjmZDCbnnHPO2WBylEAwVWVhzeme1D7dVc9zU/IZS35H45u/Rj91G7n77xu32P8AAADQRu7++8UtQ/a//l//r//X/+v/9f9b0v/r/5fo//X/R36//l//z7q99f+5++8ftwzZ/wAAADBB7v4HxC32PwAAALSRu/+BcYv9DwAAAG3k7n9Q3DJk/+v/9f/6f/2//l//vyX9v/5/if5f/3/k9+v/9f+s21v/n7v/wXHLkP0PAAAAE+Tuf0jcYv8DAABAG7n7Hxq32P8AAADQRu7+6+KWIftf/6//1//r//X/+v8t6f/1/0v0//r/I79f/6//Z93e+v/c/dfHLUP2PwAAAEyQu/9hcYv9DwAAAG3k7n943GL/AwAAQBu5+x8RtwzZ//p//b/+X/+v/9f/b0n/r/9fov/X/x/5/fp//T/r9tb/5+5/ZNwyZP8DAADABLn7HxW32P8AAADQRu7+R8ct9j8AAAC0kbv/MXHLkP2v/9f/6//1//p//f+W9P/6/yX6f/3/kd+v/9f/s27z/v9eN/z3Xmz/n7v/hrhlyP4HAACACXL3PzZusf8BAACgjdz9j4tb7H8AAABoI3f/4+OWIftf/6//v73//9f/6f/1//r/23+u/7869P/6/yX6f/3/kd+v/9f/s27z/n+l97/jP+fuf0LcMmT/AwAAwAS5+58Yt9j/AAAA0Ebu/ifFLfY/AAAAtJG7/8lxy5D9r//X//v+v/5f/6//35L+X/+/RP+v/z/y+5f6/3texPv1/0ywt/4/d/9T4pYh+x8AAAAmyN3/1LjF/gcAAIA2cvffGLfY/wAAANBG7v6nxS1D9r/+X/+v/9f//2//f83I/v8/P9P/b0P/r/9fov/X/x/5/b7/r/9n3d76/9z9T49bhux/AAAAmCB3/zPiFvsfAAAA2sjd/8y4xf4HAACANnL3PytuGbL/9f/6f/2//v+Kvv9/bY/+3/f/t6P/1/8v0f/r/4/8fv2//p91e+v/c/c/O24Zsv8BAABggtz9z4lb7H8AAABoI3f/c+MW+x8AAADayN3/vLhlyP7X/+v/9f/6/yvq/5t8/1//vx39v/5/ycX2/yf6//q96P/38379v/6fdXvr/3P3Pz9uGbL/AQAAYILc/S+IW+x/AAAAaCN3/wvjFvsfAAAA2sjd/6K4Zcj+1//r//X/+n/9v/5/S/p//f8S3//X/x/5/fp//T/r9tb/5+5/cdwyZP8DAADABLn7XxK32P8AAADQRu7+l8Yt9j8AAAC0kbv/ZXHLkP2v/9f/6//1//p//f+W9P/6/yX6/wv3/3c55b+n/9/X+/X/+n/W7a3/z91/U9wyZP8DAADABLn7Xx632P8AAADQRu7+V8Qt9j8AAAC0kbv/lXHLkP1/Wv9/213P/7r+/+Lo/y/8fv2//l//r//X/+v/l+j/ff//yO/X/+v/Wbe3/j93/6viliH7HwAAACbI3f/quMX+BwAAgDZy978mbrH/AQAAoI3c/a+NW4bs/6v//f+76//1//r/uPp//b/+X/+v/1+m/9f/H/n9+n/9P+v21v/n7n9d3DJk/wMAAMAEuftfH7fY/wAAANBG7v43xC32PwAAALSRu/+NccuQ/X/1+3/f/9f/X2L/f43+P+n/489V/6//vwT6f/3/if7/sp11P3/09+v/9f+s21v/n7v/5rhlyP4HAACACXL3vylusf8BAACgjdz9b45b7H8AAABoI3f/W+KWIftf/6//P/P+3/f/i/4//lz1//r/S6D/1/+f6P8v21n380d/v/5f/8+6vfX/ufvfGrcM2f8AAAAwQe7+t8Ut9j8AAAC0kbv/7XGL/Q8AAABt5O5/R9wyZP/r//X/+v/d9/833/H/N/2//v9I9P/6/yX6f/3/kd+/n/4/fnCd/p/92Vv/n7v/nXHLkP0PAAAAE+Tuf1fcYv8DAABAG7n7b4lb7H8AAABoI3f/u+OWIftf/3/0/v/et8YL9P99+3/f/4+r/9f/X4j+X/9/ov+/bGfdzx/9/fvp/33/n/3aW/+fu/89ccuQ/Q8AAAAT5O5/b9xi/wMAAEAbufvfF7fY/wAAANBG7v73xy1D9r/+/+j9v+//6//1//r/fdP/6/+X6P/1/0d+v/5f/8+6vfX/ufs/ELcM2f8AAAAwQe7+D8Yt9j8AAAC0kbv/Q3GL/Q8AAABt5O7/cNwyZP/r//X/+n/9/xX3/9fr/0/0/6fS/+v/l+j/9f9Hfr/+X//Pur31/7n7PxK3DNn/AAAAMEHu/o/GLfY/AAAAtJG7/2Nxi/0PAAAAbeTu/3jccI+7nd2Trq5zp/w8enP9v/5f/6//9/1//f+W9P/6/yX6f/3/kd+v/9f/s25v/X/u/k/ELf7+HwAAANrI3f/JuMX+BwAAgDZy938qbrH/AQAAoI3c/Z+OW4bsf/2//l//r//X/+v/t6T/1/8v0f/r/4/8fv2//p91e+v/c/d/Jm4Zsv8BAABggtz9n41b7H8AAABoI3f/5+IW+x8AAADayN3/+bhlyP7X/+v/9f/6f/2//n9L+n/9/xL9v/7/yO/X/+v/Wbe3/j93/xfiliH7HwAAACbI3f/FuMX+BwAAgDZy938pbrH/AQAAoI3c/V+OW4bsf/2//l//r//X/+v/t6T/1/8v0f/r/4/8fv2//p91e+v/c/d/JW4Zsv8BAABggtz9X41b7H8AAABoI3f/1+IW+x8AAADayN3/9bhlyP7v3P8v/Wv6//P0//r/E/2//n9j+n/9/xL9v/7/yO/X/+v/Wbe3/j93/zfiliH7HwAAACbI3f/NuMX+BwAAgDZy938rbrH/AQAAoI3c/d+OW4bs/879/xL9/3n6f/3/if5f/78x/b/+f4n+X/9/5Pfr//X/rDuj/v/cySn9f+7+78QtQ/Y/AAAATJC7/7txi/0PAAAAbeTu/17cYv8DAABAG7n7vx+39Nn/97ll4Rf1//p//b/+X/+v/9+S/l//v0T/r/8/8vv1//p/1u3t+/+5+38Qt/TZ/wAAADBe7v4fxi32PwAAALSRu/9HcYv9DwAAAG3k7v9x3DJk/+v/9f/6/1H9/7Un+n/9/51M/6//X6L/1/8f+f36f/0/6/bW/+fu/0ncMmT/AwAAwAS5+38at9j/AAAA0Ebu/p/FLfY/AAAAtJG7/+dxy5D9r//X/+v/R/X/vv+v/7/T6f/1/0v0//r/I79f/6//Z93e+v/c/b+IW4bsfwAAAJggd/8v4xb7HwAAANrI3f+ruMX+BwAAgDZy9/86bhmy//X/+n/9v/5f/6//35L+X/+/RP+v/z/y+/X/+n/W7a3/z91/a9wyZP8DAADABLn7fxO32P8AAADQRu7+38Yt9j8AAAC0kbv/trhlyP7X/+v/W/b//6//1//r//dC/6//X6L/1/8f+f36f/0/6/bW/+fu/13cMmT/AwAAwAS5+38ft9j/AAAA0Ebu/j/ELfY/AAAAtJG7/49xy5D9r//X/196/3+uft+77f99/1//r//fDf2//n/J9P7/xpvO/1j/f8z36//1/6zbW/+fu/9PccuQ/Q8AAAAT5O7/c9xi/wMAAEAbufv/ErfY/wAAANBG7v6/xi1D9r/+X//f8vv/+n/9v/5/N/T/+v8l0/t/3/8/9vv1//p/1u2t/8/d/7e4Zcj+BwAAgAly9/89brH/AQAAoI3c/f+IW+x/AAAAaCN3/z/jliH7X/+v/9f/6//1//r/Len/9f9L9P/6/yO/X/+v/2fd3vr/3P3/DgAA//+70zwU") creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) 2.651175072s ago: executing program 0 (id=5692): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x0, 0xffffffffffffffff) 2.43319622s ago: executing program 0 (id=5695): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)={0x2003}) 2.18778598s ago: executing program 1 (id=5698): r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_int(r0, 0x0, 0x33, &(0x7f0000000580)=0x6, 0x4) sendmmsg$inet_sctp(r0, &(0x7f00000016c0)=[{&(0x7f0000000e00)=@in={0x2, 0x4e24, @remote}, 0x10, &(0x7f00000011c0)=[{&(0x7f0000000e40)="f481", 0x2}], 0x1, 0x0, 0x0, 0x4000000}], 0x1, 0x20000000) 2.049729606s ago: executing program 0 (id=5701): r0 = fanotify_init(0x200, 0x0) r1 = dup(r0) write$FUSE_NOTIFY_INVAL_INODE(r1, 0x0, 0x0) 1.846586139s ago: executing program 0 (id=5703): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xe) ioctl$TIOCSSOFTCAR(r0, 0x5434, 0x0) 1.818478241s ago: executing program 1 (id=5705): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', 0x0}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000140)=@framed={{0x18, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x5}}, &(0x7f0000000040)='GPL\x00', 0x5, 0x19, &(0x7f0000000080)=""/25, 0x0, 0x0, '\x00', r1, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000, @void, @value}, 0x90) 1.769635235s ago: executing program 5 (id=5706): r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0xb, &(0x7f0000000040)=0x1c, 0x4) sendmsg$netlink(r0, &(0x7f0000002b40)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)={0x20, 0x1e, 0x723, 0x0, 0x0, "", [@nested={0x10, 0xa9, 0x0, 0x1, [@typed={0x8, 0x126, 0x0, 0x0, @ipv4=@rand_addr=0x64010102}, @typed={0x4, 0xf}]}]}, 0x20}], 0x1, 0x0, 0x0, 0x24008015}, 0x0) 1.690461682s ago: executing program 0 (id=5707): syz_mount_image$btrfs(&(0x7f0000000080), &(0x7f0000000040)='./file1\x00', 0x1c005, &(0x7f00000002c0)={[{@nobarrier}, {@thread_pool={'thread_pool', 0x3d, 0x200006}}, {@autodefrag}, {@nossd}, {@nossd_spread}, {@noflushoncommit}, {@nodiscard}, {@compress_force}, {@thread_pool={'thread_pool', 0x3d, 0x3}}, {@datacow}, {@ssd_spread}]}, 0x9, 0x559d, &(0x7f000000ac40)="$eJzs3X1sVWcdB/BzeynlJaFlyjLUhfkPThCpmFiEoEVgAoPRgSbDwCgO2BAGhQRhY9OOOZ0jk4Y5xoovDKQCxq6+rJiYIbqIcU4mi8OGEXnJIuICK4yoJNOZ3nufy73n0vYO5zq3z4e05z73d57nPPfk/HG/lz7nRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBF0cHlC/627gfLv/nQdSenbLz/zAMnap57fNP4u+fsHnX4gVVXtp1uaip99fmzNyy67+GqoSf2zD8URYlUv0Sm/7xPTZ65aNa86X3CgLU3prcVFZ0dMt31WLrRO+/Jjn75P/OjKCqNDZDMbCf1z2kn4geIVhYO2KXtVWNWDdw4cdrmssmDFibrGgtfOh369PQEekrmunrx4rVUnfpdEtsj28659BJ5l2i6f/yCe1NeBADwulTWpDbZt6OZt7jZdn28HmtXx9oNsXZ4h9CQ27gc6XF7dzbPa+L1HppndToqlHU6z1g9c/6z7Zp4/1g7FjVexzzzd81Emj6dzbMuVu+peQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8ldx9/JanSzb96H1L149MHh887BdfbdryvUnt5VO+tm9D2+9bn3tPU1Ppq8+fvWHRfQ9XDT2xZ/6hKKpI9Uukuyfm7mjd8LMVU1b/fM6jzefee8euZGbcsO2Vs3PUFh58vDyKPp9TeTEMe2pAFNXkF1LN6NHCwuLUgymhAAAAwNvJ4NTvkmw7HQdL89qJVJpMpP4F6bC4vWrMqoEbJ07bXDZ50MJkXePlj1fTyXjVlxwv2664+JPICcYh/sbHu1gPu64sGKdr8RHjeX7U0AuHj3x9+Ya1jf1P7u87MDnpV1+uHXzFnNGvXDt2zG1/fWRHQf6v6Dr/hzMn/wMAAPDfkP/j43Stu/w/7Mj9Z+469dN1tZ/ZNvf4+G/UDnhX5Zo/NX/4c+uHTZ3Y69iVWwry/zV5hyzI/2HGIf+XRJeX/wEAAOCt7H+d/6sLxulad/l/2ZoRf592YdbEJ8Zd+OGZO4f88uCRaG/9iC+03P6B/bP7DWj4SUH+rywu//fKnXZ48pkw4SXlUVRZ/EkFAAAA8oT/d7/40ULI6+lPDuJ5fc75g5NuLn3w7EdmXzt029Ehu9rP/2PJ8k0XRjfPGF716acrNhTk/+ri8n/pm/NyAQAAgCI8tfgTN+2Mpk/6UPU9h/cv2P5I/bK1K5c2liWm/ntl2/X/au5dkP9risv/ZT3zcgAAAIBLOPSlbbtfm7msdXhz2fmtf3jtz49fPXz1gabKoyt/O7B0RWvt4oL8X1tc/u+X2WZWPqQ77Q9/hfBQeRT16XhQly78Jmr4ZLYAAAAAvEFCTv/nsbaRO68r+/VT339586zvfHvQ3m/NONj43Qn9b5n44IEZB56sLcj/dV3f/z/c6SCs/8+7/1/B+v+cQvquf2PdGAAAAIB3osL1/OH2+OlvLujs+/eLXf9/4xdbXzp++/yvtL97yE3LXr7tils/Nv7UH6ffmdw57q6SqVNfOl2Q/+uLy//J3O0b+f1/AAAAcBn+377/b3bBOF3r7v7/Mx+752j7X14YN2Jm49pFJ8dv/PG8Lc88trvq6nMLbu77wWeX7i3I/w3F5f+w7Z/78vaF83NveRRd1fEgczfBXWG6S2KFltKcQvrEx3rMCj0yhZaynEJKXazHqPIoen/Hg/pYYWAoNMQK7QMyha2xwrOhkLkesoXmWGFfuNI2DchMN17YEwqZBRYtYQVF/+ySiFiPVzrr0VG4ZI8XsgcHAAB4RwnhOZNlS/ObUTzKtiS626FfdzuUdLdDsrsdesV2iO/Y2fNRbX4hPH9+zRO/q/xoyWcP3XrHhOEjF667t2HsgeTcCdc/uaPvuRWnR68uyP9bi8v/4VT0Tm86W/8fhfX/me81zK7/rw2FilihJRRq4ncMqAnHSIfd9eEYFTWZHu1XZQsAAADwthY+F0j28DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgP+zde5xU1Z0g8NNNP2homhbjK2JsdW1Fh6ZBUT/BB2omGmBNo+zMuPhohEaRVhBhIq5RULObxMEoKlFnRmEVRlZx8AVkNQE1ooloNI5mRh1DMGrcjR/FiH6yxrif7lunqLrVZRcCSjvf7x9dp+p3nrceXefeW+cCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/Max/9MYj/umiJ0eP2jBvwPJXDv/vH9YfumzRO//rT89ed9ve8763ftWSJZV/en7jSZO/c8PhjRtWTnghhJbOcmVJ8bLTF6/4waoLvvGtB0+76e5395y9tCpTbyYe+nb8Kc/cuTK2+tt+IawsC6EiHRhcmwQqM/drY30Da0PYKWwOZEu09UlKpBsOj9WEsDBsDmSr+lFNCLU5gXG/fGT1vI7E9TUh7B9CqE638e/VSRs16UBjVRLokw5Mq0gCH3ycyAZWlScB2GrxzZB90S9vyc9Q33W5Iq+/ym3Wsc9Xeni9YqK+eL63jt3OncpRlX6gZauetoLq2C4K3h5rvNt6wLutYDtf42nL/SKV+Yby8eZQdSif1DZ5wqz2mfGR8tDU1KtYTdvpeX5x4yUTtyTdY16HsQP12+R1+Pj5A+9c0Dhm15sf3jD59apnF2xtN4tt3u2tOmRecz3meYxG+jzpAW+/gm9JDb50hRBuP37T2799aez//dWDTw9+75tDzxrywitD627+7rR+f332/6m8ZerGgvl//SfP/+PLOd6W5+WOrX5Yl8zN4yO1MfF2XTI3BwAAgB6jJ+w1fWPEQW/Xrmt4eN+vr5h83qJ5r51+7p+rftp3wkEnnjL0+3fcOPW0gvl/Q2nH/+Mh/9rc0a4JYWRn4or+Ieze+XgSWBq7c1b/EPbpTLXkB45NBdaEsEdnYlC2qlSJ3rFEQyrwRl0mMDIVWBsDLanA4hi4JhW4MgaWpwITY2BNKnBcDIQp+eM4qC4zjpIDNTHQmmzE5fEshD/UxdZS2+qlbFUAAADbSGZ2WJl/N+dch63NEKeXy2u6yxDPwC6aoTpVQ3oGm51WFa2horsayrurITvuOZ88/IKay7qrueA0jLL8DO8deN/c1Q/8249vnHDYUwd92HrGy+tXPTp6U6+/e2fMjy8dN3/Y+IL5f/Mnz/+ru+hIWcHx/xDGdv6NucszkfZsvLUlLwMAAACwFSpeW3ryL+Z+VLbkZ+ds3P8vTxt3de8V++47YO3B9/2/hjcHHL9q/4L5/8jSzv+P+0R65WQO6+JuiKn9Q2jODyTVjigMJEe9+2YCAAAA0BNkj8dnj4VPydwmp2in59OF+Vu2MH888D+yy/yDx129rnn17adMGXHomjWbztj15WUbntpl/3deOPDk00+4f2rDPQXz/5bSzv/vk3+bdGJt7MV1/UPonRN4PPayI9CpIQbWH5MfyIx/bdwAV8WqMicmZKu6KpZojYHmVGBhsRLPZEvsnh/IPFnZxq/IjmNKpkROAAAAAD5zcXdAPC4fz/9/+tx+j/7jslsueXDJutD37OW/uOzo4QPnD+791rRnDnnkb989eWrB/L91y87/75wHF5ze3943hCEVIfRK/zBgXZ9kYcAYqC3LJH7cJ6mrV7qqy/uEMKJjYOmqNmTW/69IrzH4XE1SVQzsvu8dGxs7ErfXhDAkN/DC+EXDOxKzUoFs439VE8LeHaNNN76id9J4ZbrxG3uH8JWcQLaqib1D6GisKl3Vo9WZ6xikq1peHcLOOYFsVYdXhzA7ANBTxf+lk3IfvHD2xVMntLe3zdiOibgTvyZMntLe1jRxWvuk6iJ9mpTqc946RnMLx1TqpW9ezqxRdNeopv6lpLM/FGzObSuzI7/gzMHM/fhlqLJznMMq8+4ekh7ygfsVNhFyvkoVG3L5dh5yn9xKNj+JBfXH/FWhb+g968K2GU0XTZg5c8bQ5G+p2Yclf+NxpmRbDU1vqz5d9a2El0fR5bJSPu22asytZMjM86YPuXD2xYOnnDfh7Laz284/bPhhRxwx7NBDhw/pGFRz8rebkTZ2VXNqpB8vKnFY23CkX67IqeSz+NCQkJDoaYlVv9vj5aN3Wfq9FbcsnvHz9qPafv71nXces6Tqmy9suvSy/Z/+Hx8UzP+nf/L8P37qxA/+zPoMxY7/18fD/Mnjmw/zt8bAwlKP/9cXO5qfPTGgIRWYEwNzHOYHAADgiyHujox7M+NO6Ufm7/Yvd467b8z89Qc/ue65svV9Dv77D39fXnnZuP9yzAMNt333bwrm/3NK+/3/Nlr/P7t0/ahiy/wPiiWai63/n17mP7v+/5xi6/+nl/nPrv+/8HNY/39WNpDaJH+w/j8AAPBF8Nmt/9/t8v7pCwQUZOh2ef/0BQIKMnS7jH+pFwjY4vX/H2k4aORPVn/nN43LLpj2zn8bct/oAXs2/O6Rva6cNHXk6NEjBv9Lwfz/mtLm/xbuBwAAgB3HAROPfWrjpL2Pvfp/3rbTHj9p/fauh+3y/WVHts3ftH7i39z27jl/XTD/X1ja/P+zX/8vFDv/v6FYoKXYwoDW/wMAAKCHKrb+39Abv3X5q4uPu/+ey6eNam0dP/uKq/dbfUD1qeGl0fMb/mLGvR8VzP+Xlzb/j6ddlOfljr35sC5Z0y6k17R7uy77kwEAAADoGcpDU1NliXnzFkY99tO3+WJmKdBPSud68sH9nn/gqyNOnL+46urXynYb9vFT1888+Piv/fDVjXtdcse55+1XMP9fU9r8P+93GY+fP/DOBY1jdv3w5oc3TH696tkFm4//AwAAANtPqfslAAAAAAAAAAAAAACAz98JD//k6rcnLvnanIW/3PWnvcY+u3zDrDlNs2uvf/WH1/7qiDsfHlfw+/8wtrNcsd//x+v+xd8XfCkvd2y1+/X/MvfHjb57dueShevqQtgvNzD18qk7hcy1+Q/IDaw+fdBuHYnL0yUeeuW41zoSZ6YDJw4e8H5H4shUoDUukrhHOhCvqvh+v1QgLq/4XDoQt8fydKAqE/hev2QcZelt9WZtsq3K0tvqxdoQ+ucEsttqZW3SRll6gNenAtkBXpAOxAGelAmUp3t1d9+kVzFQG4ve2jfpFQAAO6z4LbAyTJ7S3tYcv8LH2y9X5N9GeUuWzS2stqzE5l/OLE1216im/qWke6W/i26+1nhlqO4YwtCCr6u5Wco6R7ltaulm032pyJC7W+2tvEi5tC3ddFXFR1STjKhp4rT2SZXdDvyQ7rMMq+g2y9CCyU5ulvLOTVpCLSX0pYQRlbhtSuhyvF8empp6pXJ9NQbrQ57uXhGl/l4/d52/Yq+C3DxPvtn+1BP//PzKfR7/89Nnf/BXk7596byzznj3yHOq/+E/lz39XwfuXDD/ry9t/l+dO673MxcDmBOvrDeifwitJY4IAAAAvvjOOf+V+d999No31rc0vjZtyLWr/3X2jRdX1C298i9ffOhvN42/+sytjb/58zv2eXjyhGe+dO4hy054fZ+DL2s88637/mLeuAev6nvLD+ff8YOC+X9DafP/uAcrcyg42duxJl7//4r+IXReWr8+CSyNwz2rfwj7dKZaYonkgvqjYonmJLA07jAZFEu0tuRX1TsGlqcCb9RlAmtSgbUxkNlLcUfI7Mq5ti6E4Z2psfklpscS9anAN2OgIRVoioHmVKBfDIxMBX7fLxNoSQWejIEwJX9b3dcvs60AAAC2RGaeVZl/N6TnecsrustQ1l2GPt1lKO8uQ3V3GYqNIt6/N2aoTJ28UpaTqTJda02qloIM8WL4W9yvggzhmfyc6YIFTcfzD7LnG5TlZ3jg5K/ec9WCyYPKf/XR2qWt790/ccWts49eec5Df/fEpH0X3XX93gXz/+bS5v998m+T1tfG+f/m6/8lgcdj966Lp443xMD6Y/IDmR0Da+Nk96psVS2ZEplJ+1WxxMgYaEgFpsfAyFSgdWwmsHC3/EBmpp1t/Ips41MyJXICAAAA8JmLOwjibpo4///jsmePeqxi0V3/+ur4u+6d89Y99/70nntuvXf07Zu+/twVF7970UcF8/+Rpc3/Y3t9cxu7Mvbmt/1CWFm2uTfZwODaJBD3Y9TGn8cPrA1hp5wdHNkSbX2SElWphsNjNckv1KvSVf2oJlljIN4f98tHVs/rSFxfE8L+OXtfsm38e3XSRk060FiVBPqkA9MqkkDc85MNrCpPArDVsnsF4wsqc6pLVn3X5Yq8/r4o1wRND69gH2gX+br6zdX2Up1+ILNPNWvLnraC6tguCt4ea7zbeuK7rd67LfeLVOYbysebQ9WhfFLb5Amz2mfGR3J/yVpgOz3Pub9SLSW9DV6Hcz59b7tXne5Ac+rjo7nrcl2/DstidY+fP/DOBY1jdr354Q2TX696dkHJ3Sgi/lD4maoB9bmbd3urDpnXXI/7PGnxedIT/w00eNpCCBsuPeG6kVXTr1g5+pAj93rttFOqZ7437+/vf+mBd/f9xxUTh31tQMH8v6W0+X9F6rbTH+PGvLB/CAfmbNx1cfMf3z/5HMwJJJ+SOxcGkkPur9YV/eQEAACAbS27uyO7v2BK5jY5ITw9Ty7M37KF+eP+ipFd5i+13z8adMpe9+9297hrTz3qpn/+zdh+G8e/uOSYFa1HNS49+mf/6cyaeQXz/9ZPnv/3TnXT8X/H/9lOHP/v0o6+K7p3+oE5W7UruqA6tgvH/7u0o7/bHP/vkuP/jv93xfH/bjj+36Ud/Wkr+JY03ZeuEMKwMWcMrr1r8BPvD1z96yeemvJvc1sn3PONq27Z8+Nv1y9eUL9r34L5//TS5v/W/+t60b7s+n+txdb/m15s/b851v8DAAC2qyILzaXneQWr9xVkSK/eV5Ch2wUCu11i0Pp/W7z+32NHHTl++ejFv16z95gDLus7d+6puzx504stM9+vue2D93f7xYGjCub/c0qb/8eXQ9/c1nvK+n8NY4tUdU0MTLcwIAAAADuiYjsIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HztfsN1449prj7pN8dfWjP6+w+tO6D6mldOvXTZhFsnfeX28wfNWrFkSeWfnt940uTv3HB444aVE14IYUpnubKkeNnpi1f8YNUF3/jWg6fddPe7e85eWp2ptzJzu2de7tjqh3UhLMx5pDYm3q7ruLM5MG703bMrOhLr6kLYLzcw9fKpO3UkFteFcEBuYPXpg3brSFyeLvHQK8e91pE4Mx04cfCA9zsSR2YCZenu/kO/pLtl6e7O6xdC/5xAtrvn9suvKtvGCZlAebqNf6pN2oiB2lj0xtqkjRhojyWm9A5hSEUIvdJV/aw6qapXuqr/XZ1U1Std1WXVIYwIIVSkq/p1VVJVRXrkz1QlVcXA7vvesbGxI7GoKoQhuYEXxi8a3pGYkQpkGz+lKoS9O14y6cbvq0war0w3fkNlCF8JIVSlS2yqSEpUpUtsqAhh55zA5o1YEcLswBdD/PSZlPvghbMvnjqhvb1txnZMVGXaqgmTp7S3NU2c1j6pOtWnYspy0h/P/fRjf3njJRM7bu8a1dS/lHRFplxlZ5eHVebdPWRH733sV5/cSjY/HwX1x/xVoW/oPevCthlNF02YOXPG0ORvqdmHJX97ZaLJthraU7ZVY24lQ2aeN33IhbMvHjzlvAlnt53ddv5hww874ohhhx46fEjHoJqTv9tipIs++5F+uSKnks/i/S8hIdHTEuV5n27NO/rneMEX/c0drQzVnR/QBdOK3CxlnaPcFoM+9lOO+NN8Tel2REMLJg4FWYZ1n+WQgsnE5iw1SZbOr3UFk8Pcmso7N2m8Xx6amnoV2w71+XdzN+9bW7F5X8xsulLTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD/ZwcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IFjAQAAAABh/tZh9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwKAAD//y85Ijg=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$BTRFS_IOC_QGROUP_CREATE(r0, 0xc400941b, &(0x7f0000000000)={0x1}) 1.545625523s ago: executing program 3 (id=5709): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10) sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x18, 0x16, 0x1, 0x0, 0x0, {0xa}, [@nested={0x4}]}, 0x18}}, 0x0) 1.511388064s ago: executing program 2 (id=5710): r0 = syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2) mremap(&(0x7f000016c000/0x4000)=nil, 0x4000, 0x40000000, 0x3, &(0x7f000063c000/0x3000)=nil) mmap(&(0x7f00008b2000/0x4000)=nil, 0x4000, 0x1, 0x13, r0, 0x0) 1.483111952s ago: executing program 5 (id=5711): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000b98bc2c900000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000340)={r0, 0x0, 0x0}, 0x10) 1.458672454s ago: executing program 3 (id=5712): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) ioctl$TUNSETSNDBUF(r0, 0x400454d4, 0x0) 1.409601049s ago: executing program 1 (id=5713): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000001c6a000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_XFRM_DIR={0x5}, @NFTA_XFRM_DREG={0x8}, @NFTA_XFRM_SPNUM={0x8}, @NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}]}], {0x14}}, 0x8c}}, 0x0) 1.211191303s ago: executing program 1 (id=5714): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vxcan1\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newqdisc={0x24, 0x24, 0x1, 0x200, 0x25dfdbff, {0x0, 0x0, 0x0, r1, {0x0, 0xa}, {}, {0xfff3}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 1.117054102s ago: executing program 5 (id=5715): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002c00), 0xffffffffffffffff) sendmsg$NL80211_CMD_REQ_SET_REG(r0, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000002c40)={0x20, r1, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x2}]}, 0x20}}, 0x0) 1.113375378s ago: executing program 2 (id=5716): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) flock(r0, 0xc) 937.596134ms ago: executing program 3 (id=5717): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2, 0x0, 0x1}, [@NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x74}}, 0x0) 912.8114ms ago: executing program 5 (id=5718): capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAPCLR(r0, 0x4b68, 0x0) 885.172453ms ago: executing program 4 (id=5719): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x3, {0x41}}, 0x10) bind$tipc(r0, 0x0, 0x0) 864.919413ms ago: executing program 1 (id=5720): iopl(0x3) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x200000005c831, 0xffffffffffffffff, 0x0) signalfd(0xffffffffffffffff, &(0x7f0000000140), 0x8) 799.328998ms ago: executing program 2 (id=5721): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000005000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a40)={r1, 0xfca804a0, 0x0, 0x0, 0x0, 0x0, 0x5ee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x9}, 0x50) 729.789604ms ago: executing program 3 (id=5722): r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_PORT_GET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)={0x64, r0, 0x1, 0x0, 0x0, {0x39}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x73}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0xffffffff}}}]}, 0x64}}, 0x0) 703.794409ms ago: executing program 1 (id=5723): syz_mount_image$udf(&(0x7f0000000f00), &(0x7f00000000c0)='./file1\x00', 0x210008, &(0x7f0000001040)=ANY=[@ANYBLOB='uid=', @ANYRESDEC=0x0, @ANYBLOB="2c756e64656c6574652c6e6f7672732c6164696e6963622c766f6c756d653d30303030303030303030303030303030303030322c7569643d666f726765742c6769643d666f726765742c6e6f7374726963742c6e6f7672732c0085f95733019d784ca386da1fd41ffabd4b47acca2b8d488be702157dd8711c31732d"], 0xff, 0xc2d, &(0x7f00000001c0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir") unlink(&(0x7f0000000000)='./file1\x00') rename(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file1\x00') 609.650887ms ago: executing program 4 (id=5724): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pipe(&(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x989680}) 559.83936ms ago: executing program 4 (id=5725): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000000040)=@fragment, 0x8) getsockopt$inet6_opts(r0, 0x29, 0x36, 0xfffffffffffffffe, &(0x7f0000000840)) 495.963308ms ago: executing program 4 (id=5726): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000004c0)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 421.510842ms ago: executing program 2 (id=5727): unshare(0x2a020400) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='cgroup.stat\x00', 0x275a, 0x0) statx(r0, 0x0, 0x1000, 0x0, 0x0) 421.094195ms ago: executing program 4 (id=5728): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000580)={0x4c, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_COALESCE_USE_ADAPTIVE_TX={0x5, 0xc, 0x1}, @ETHTOOL_A_COALESCE_RX_USECS_IRQ={0x8, 0x4, 0x6}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES_IRQ={0x8, 0x5, 0x8}, @ETHTOOL_A_COALESCE_TX_USECS={0x8, 0x6, 0x100}]}, 0x4c}, 0x1, 0x0, 0x0, 0x2400c000}, 0x0) 394.156712ms ago: executing program 5 (id=5729): syz_mount_image$ocfs2(&(0x7f0000004480), &(0x7f00000044c0)='./file1\x00', 0x2800400, &(0x7f00000000c0)=ANY=[@ANYBLOB="6c6f63616c616c6c6f633d31383434363734343037333730393535313630382c726573765f6c6576656c3d30303030303030303030303030303030303030322c6865617274626561743d6e6f6e652c636f686572656e63793d62756666657265642c6572726f72733d636f6e74696e75652c6e6f696e74722c636f686572656e63793d66756c6c2c6e6f61636c2c636f686572656e63793d66756c6c2c646174613d6f7264657265642c00a6bbbf4f1c4504306b696ca03fb375edc4c5f0f579bf2195c3cc88165b8c279abaa84a848971253cb6e898fee96fa6"], 0x28, 0x4470, &(0x7f0000008c00)="$eJzs281vFOcdB/DfrN1iU6B+4x2kVXuo1VbWmlNbDqXgtkKqSu2+qOoBa/0CuF17LXtdcahUqt6RIuUQ5ZwLKP8AnPgXcgjXHDmQHHKJkksc7e6svTPrDRvktYPz+UgwnmfmeZG/ntnn0WMXUrV7K5vFlc1iea1YXbyzeaX472pla3U5CgfksPunN/3ISfaH59aN3/35b1ci7n849oPt7e3tqBuJPU23ff3Zp/9ZbD+2FHJ16u3u3dp++UdETETEUOTHMxARfx+MSCJiNC0bS4/DEXEimtf+//6juaF9Gs3Ai8ezj2ZnHj55ufp8+MbtYtcbk4h3K+d/fnf14x8PXP3op/vUPQAAfK3fz936659K0/EsiVNPBzvn62fTY7f58TY9+XX/owQAAICudtf/I0kh6Vz/T6THLluCYWH7Zrv5x1szvy1Np/u/Scf1X6RFn/xmoLGHmt/3ze//jubq773/29nP62qNr9XvSCSFqcx5oTA1FTF9vXl+LjleqFQ3az+7U91aW9q3Ybyxsvk3d+8z6aQb+r3mP5Zrv//7/+MdP0318+L+/Ygdadn8B7re997/kp7yH8/VO4j8eX3Z/AcbZT9qv6HYfAHU839r8NX5T+Ta71f+p+rv9qQ+1qHMG6A+h6mXd5uvkJXN/3uNssyrM/1Gdnv+v8jlfzrX/mG9/yev97fXoyKb//cbZdlfWtt9/kcLr37+z+TaP4z86+Of9Pnfk2z+x5qF2Zdn4zvZ6/v/bK79PuX/IN1WjTiVxHjbb50+HWx+OLT2qxtLmvrl9T6M4gjI5t+5y7+7/iv0NP87l6t/UOu/Vr+t9V9rHTKZNNd/7C2b/3DX+3p9/s/n6vX9/Z8MpSuA7f/2tZ8jKpv/8WbhHhPAXvO/kGu/X/k33vhDrfx3B/zlsWZ5yfyvJ9n806gyHwMPGv835n9JZ+6f5/K/mGu/Lf/8n4bsk875X338k33q7ajJ5n+i6331/D/o4fP/Uq5e/+f/ESVz/deWzf9k1/saz//Qq/O/nKvX7/x/0s/GAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC+A8bS40gkhanMeaEwNRUxnp6fi+PJQnlpfqFSXfzXZsREWl6MseRupbpQrsyvrFWXlufLlUp1MeJ0en0ihpLNSrU2v1peP7PT1nByb7m8UVtYLtci4mxafilOttpaWKmtltcb97au/bBQ3Vi/V16bX1rZ+FWpVCrF+Z0xjCbL92vLa7Vm782rERd26o4kbYNrXL64M5YTyT+rWxtr5Uqj/FJbnUp1sVxpq3M5vfZ2jCa1ja21xXJteb5SvdvqryXZp2y+iWvpcebm3F/m/jDdcb2YDmrsYIcFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwLfMs6u/fCciBptnhYi41voiSf9lDLx4PPtodubhk5erz4dv3C7udQ8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfMUOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVdulYpWEoCgPwuVdBwUUdfQKnkGyuiiIuRgSfwJfo0NfsY3To2KUU2hsISQNdWjp833JIfu49B+4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAux+dv+/dTNxEpbjc3EbPF410/fyq1fjt8/uoMM3I6X9/t+0fdlHdPo/yl/Fq+5l26Xs3/o9Tr3nenGezJcJ/2xn2GpvZtar6u732kXEXEQ8mfU85VddxdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCWvTk0ARAM4jh6J5hsFtfQKYyK4B5Gx3MJ59EkGAzCV99LB8ePPwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAP+MyrXM/xJFRXZmxn23z/nfPsX33WTZfl+UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwswMHMgAAAADC/K3zaD8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHBQAA//+c9MxP") r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x141842, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0x4020940d, &(0x7f0000000280)={0x4}) 333.655269ms ago: executing program 3 (id=5730): r0 = syz_open_dev$loop(&(0x7f0000000100), 0x8000000000000, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x18, 0x0, 0x0, 0x0, 0x0, 0x24, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) 251.093001ms ago: executing program 4 (id=5731): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000000), 0x10) connect$can_bcm(r0, &(0x7f00000009c0), 0x10) 114.442629ms ago: executing program 3 (id=5732): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=@ipv6_newnexthop={0x38, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x8}, @NHA_ENCAP={0x10, 0x8, 0x0, 0x1, @RPL_IPTUNNEL_SRH={0xc, 0x1, {0x0, 0x8}}}, @NHA_OIF={0x8, 0x5, r1}]}, 0x38}}, 0x0) 0s ago: executing program 0 (id=5733): syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000005600)='./file0\x00', 0x0, &(0x7f00000000c0)={[{@compress_algo={'compress', 0x3d, 'lzo'}}]}, 0x1, 0x559a, &(0x7f0000005680)="$eJzs3X2QVWUdB/Bzd1lYZGI3BMGBFShfQEIhpVRS7kBBuDJtkjU2GQtioaAwzBI1ii04WLgam1kz5QxCiwjDUmszGmXlygyQk9PWjIPIgjLThjG9SMXEFjU2e+99Lveey+5eyVxfPh9m99zn/s7znOeeOX/c72WfcyMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIoujgjtr/rB1ZV75+06hFt199cPSq0RNWVDWdHHWg+rzdl/absWjovuntdw6b0bH6SPX65tsu6IyiRKpfItN/3vSPX/+FufPmlIcBaz+Z3lZWdnfIdNfD6Ub/vCe7+uX/zI+iqCw2QGlmu7s0p52IHyBaXjhgj8pmbVsycEGyduvmp+ouX7J1XOFLp0t5X0+gr2Suq45T11Iy9bsktke2nXPpJfIu0XT/+AX3prwIAOB1mVST2mTfjmbe4mbb9fF6rJ2MtRtj7fAOoTG3cSbS4/bvbp5j4vU+mmcyHRUGdDvPWD1z/rPtmnj/WDsWNV7HPPN3zUSa8u7muSxW76t5AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALyVvFa3Ys34z714sOyX549bvfLk4WvLL3zoq/8uWXrzS68dqlnzl7ah+6a33zlsRsfqI9Xrm2+7oDOKKlP9EunuiWknXr1kYvWcUeuf+N7ETc+OP16aGTds++XsHO0PD66siKIFOZWOMOzRwVFUk19INaPvFhZuTT2YHQoAAAC8k5yb+l2SbafjYFleO5FKk4nUvyAdFstmbVsycEGyduvmp+ouX7J13JmPV9PNeMnTjpdtV576SeQE4xB/4+OdqoddlxeM07P4iPE8P+X5l1+oGHHtT5+pOu+mlde/NPKax9tmfnP48UX7K+8YtGrc2CsK8n9lz/k/nDn5HwAAgP+F/B8fp2e95f/PzK+75Y5HvnJszD2HVw66+8H9G4eVH7nplsn7/jj8hosvvqz2xoL8PybvkAX5P8w45P+S6MzyPwAAALyV/b/zf7JgnJ71lv/bhzff/MB7Di2sbOt4evtlK/b0X3j1RUMOPHTR3In3XjdozPkNBfl/UnH5v1/utMOTz4UJL66IoknFn1QAAAAgT/h/91MfLYS8nv7kIJ7XW+dtGd3y6swvTxj78KH6P1Vtnvj5jUMe37lh5jd2PXf3/RPbzi7I/8ni8n/Zm/NyAQAAgCI0HTpnxNBPJ38e3X/01vnf/+yuR+9b+sWrLtnbOWvC2l9UP72jviD/1xSX/wf0zcsBAAAATuPE+GsW/mPnkd9e1/yJ+5qO/v5Lq0p/NaNp9/62hqZ/bh81e/XkgvxfW1z+Pyuzzax8SHfaE/4K4VsVUVTe9WBZurA3apyWLQAAAABvkJDT75ryfMm9A6edu2Xub06Me+KFPZ/aN3vxhnPWTGp69n2tiz9y4WMF+X9Zz/f/D3c6COv/8+7/V7D+P6eQvuvfVDcGAAAA4N2ocD1/uD1++psLuvv+/WLX///w6xv+mqiqf/ID8342q/P9zT/Z2zr1wZNVf5hz/OGW5MgnL32xIP/XF5f/S3O3b+T3/wEAAMAZeLt9/9+NBeP0rLf7/7c980j1o1d+6GtXza2buuN3H77iz68Mn9qwPXpl+UfbFx342K5fF+T/xuLyf9gOyn15reH83FMRRSO6HmTuJrgtTHdxrNBSllNIn/hYj7mhR6bQMiCnkLIs1uODFVE0tutBfazw3lBojBWODc4UNsYKbaGQuR6yhR/ECq3hSvvO4Mx044Ufh0JmgUVLWEExKLskItbj79316Cqctkd79uAAAADvKiE8Z7JsWX4zikfZlkRvO5zV2w4lve1Q2tsO/WI7xHfs7vmoNr8Qnv/Rt294ecBdD2yom7Jl04KqhrPX/euxyZNuX7Z2Z93SziF/W7euIP9vLC7/h1PRP73pbv1/FNb/Z77XMLv+vzYUKmOFllCoid8xoCYcIx12G8IxKmsyPY6NyBYAAADgHS18LlDax/MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/7J373FW1nXiwL8zzIUZhplRMS+RISaKwTCMKYaZID/TnwQOq6WFJgSDjgxCXEzQTUTd1VzB2+ZtE0jdtIwoNbVUeGnekspLsKl5SfHSK41lS5Js133NnPM9nPOcOc5BQBn3/f5jzvecz/f6nMuc7/M85/sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/N2z85GVfeHmfj/xg3cKBi1eP+krfI4cMn3DMNTceu/jhb0/e777f//8+aw575sydR60955XRi245de+3QmjuKFeSKl5y6F/XNQwePabvotuvGbz0kYF/qUjXm46HXu1/StN3zoutru0dwh0lIZQlA4NrUoHy9P2aWF/fmhB2CJsCmRIt1akSyYbDA1UhLAmbApmq7qoKoSYrcOwT9624uD1xRVUIe4cQKpNtPFuZaqMqGRhQkQpUJwPTy1KBv76TkgncWZoKwBaLb4bMi355c26G+s7LFXj9lW+1jn2wksPrERP1hfO9MXIbdypLRfKB5i162vKqY5vIe3us9G7rBu+2vO18iact+4tU+hvKO5tClaF0csuUiXPaZsdHSkNDQ49CNW2j5/np9WdN2px0t3kdxg7Ub5XX4aoLe49d/OhRw2+tG35Dn0ELN25pNwtt3m2tMqRfc93meYxG+DzpBm+/vG9J/XzpCiHsf9v42798wcs3L7h87K4HPbHTsDc+u/vdLT+75YTxxx++fsVXf//jvPl//bvP/+PLOd6W5uSOrb5dm5qbx0dqYmJdbWpuDgAAAN1Gd9hr+srq/5722X3HDX185OrqW2+659SL7/v8tT9r3a/t4bE77fj8vvN+lDf/71fc8f94yL8me7QrQxjRkTi3LoRdOx5PBW6O3flqXQh7dqSacwMjE4GVIezWkRiYqSpRomcs0S8ReLU2HRiRCDwYA82JwI0xcEkicF4MLE8EJsXAykTgsBgIrbnj2K82PY6iA1UxMCG1EZfHsxD+XBtbS2yrZzJVAQAAbCXp2WF57t2scx22NEOcXi6v6ipDPAO7YIbKRA3JGWxmWlWwhrKuaijtqobMuOe/+/Dzai7pqua80zBKcjNcWXXLpT8aNumNu2e8tOG0Iz7x2quP1S/96afXXfPGU9Mr79/j8ofz5v+N7z7/r+ykIyV5x/9DGNfxN+YuTUfaMvEJzTkZAAAAgC3w1sADvvydsq/NfeH3jwz75K+vfez1lQ9/dO8zb1v7/Bk/+NZ3au4fnTf/H1Hc+f9xn0iPrMxhVdwNMbUuhMbcQKrag/MDqaPevdIBAAAA6A4yx+Mzx8Jb07epU7ST8+n8/M2bmT8e+B/Raf7131p2/Y6feGT2Q7W3zXhqw+NfWTl64bEz3xh05dmP7HvoQU+N/Gze/L+5uPP/q3NvU514MPbi8roQemYFHoq9bA906BcDLxyaG0iP/8G4AS6KVaVPTMhUdVEsMSEGGhOBJYVKPJYpsWtuIP1kZRo/NzOO1nSJrAAAAAC87+LugHhcPp7/v2LBXZf9x41/umzVgUtnnzz98de+V1H5zknL7zyxzwX39li008hJefP/CZt3/n/HPDjv9P62XiEMKQuhR/KHAauqUwsDxkBNSTpxT3Wqrh7JqhZUh3Bw+8CSVb2YXv+/LLnG4JNVqapiYNf+N60f0J64oSqEIdmBNeOXHtCemJMIZBr/YlUIH28fbbLxn/RMNV6ebPyqniHskRXIVDWpZwjtjVUkq7q/Mn0dg2RVyytD2CkrkKlqWGUIcwMA3VX8Xzo5+8FZc+dNndjW1jJzGybiTvyqMKW1raVh0vS2yZUF+jQ50eecdYzOyR9TsZe++V16jaLVx0ytKyad+aFgY3Zb6R35eWcOpu/HL0PlHeNsKs+5u39yyPvuld9EyPoqVWjIpdt4yNXZlWx6EvPqj/krQq/Qc86slpkNZ0ycPXvm0NTfYrM3pf7G40ypbTU0ua2qO+tbES+PgstlJbzXbTUgu5Ihs6fNGDJr7rzBrdMmntxycstpwz7VNKxp6P5NjUPaB5X+28VIB3RWc2Kk7ywtclhbcaS7l2VV8n58aEhISHS3xE2Xj39m0UcXV3538UmXPHH++WefcvrOt1057ft9p48fdOXnlkz9et78f8a7z//jp0784E+vz1Do+H99PMyfenzTYf4JMbCk2OP/9YWO5mdODOiXCMyPgfkO8wMAAPDhEHdHxr2Zcad07SvfOP1/Tjii9NA/HP2LpqGDdrnw1qkDbnx94+kf23vekmvLKvKv/ze/uN//b6X1/zNL1x9VaJn/gbFEY6H1/5PL/GfW/59faP3/5DL/mfX/l3wA6//PyQQSm+TP1v8HAAA+DN6/9f+7XN4/eYGAvAxdLu+fvEBAXoYul/Ev9gIBm73+/89/XrbDx47YrW/ZF56YuNedB/7mpGkP7vKjUVev+3RT/TfPWPPzZXnz/0uKm/9buB8AAAC2Hyfs+6UBC14a8vVzpj/ww8Ezdn7purOfH3HPL4/75MYxfddVr+v76bz5/5Li5v/v//p/odD5//0KBZoLLQxo/T8AAAC6qULr//3t42d987p+O24Y1O/M29+6emrJ8L2fO/XXbRc9NOrwj435xyWTrs2b/y8vbv4fT7sozckde/N2bWpNu5Bc025dbeYnAwAAANA9lIaGhvIi8+YsjDryvbf5dHop0HdLZ9vtE6vWnHvvdX8fcvP5C9Ydf3rtQUf+oeyQOydf99KCU/boX/Pc2rz5/8ri5v85v8tYdWHvsYsfPWr427fWDb+hz6CFGzcd/wcAAAC2nWL3SwAAAAAAAAAAAAAAAB+8Y1b95Kz/+uWY4+4cNu/qR3d+/OT//PqsM1on/aLtiHUHPLv0hk/tk/f7/zCuo1yh3//H6/7F3xf0yckdW+16/b/0/WNHL5vbsWThqtoQ9soOTF0wdYeQvjb/PtmBFScO3KU9sSBZ4u7nDnu5PXFSMnDk4B03tCc+kwhMiIsk7pYMxKsqbuidCMTlFZ9MBuL2WJ4MVKQDF/ZOjaMkua3+UJPaViXJbfV0TQh1WYHMtrqjJtVGSXKAVyQCmQF+LRmIAxybDpQme7WsV6pXMVATiy7uleoVAADbrfgtsDxMaW1raYxf4ePt7mW5t1HOkmXn5FdbUmTzv0svTbb6mKl1xaR7JL+LbrrWeHmobB/C0Lyvq9lZSjpGuXVq6WLT9Skw5K5WeystUC5pczddReERVaVG1DBpetvk8i4Hvn/XWZrKuswyNG+yk52ltGOTFlFLEX0pYkRFbpsiuhzvl4aGhh6JXMNjsD7k6OoVUezv9bPX+Sv0KsjOs3zUQQOOW/bcgRMWPXnQtKnhI5e9M2Li5FmHXPHiU0vnjxw0oUfe/L++uPl/Zfa4NqQvBjA/Xlnv4LoQJhQ5IgAAAPjwO+W05y674P5LX32hecDL04dcuuK3c6+aV1Z783mHP3336W+OX3jSlsYHDHtj6Kl3/ebcjU2jHrqy99X3X7PTkXU//H/Vvea+tWLQmy/cvVfe/L9fcfP/uAcrfSg4tbdjZbz+/7l1IXRcWr8+Fbg5DverdSHs2ZFqjiVSF9Q/KpZoTAVujjtMBsYSE5pzq+oZA8sTgVdr04GVicCDMZDeS3FTSO/KubQ2hAM6UuNyS8yIJeoTgaNjoF8i0BADjYlA7xgYkQi83jsdaE4EHo2B0Jq7rW7tnd5WAAAAmyM9zyrPvRuS87zlZV1lKOkqQ3VXGUq7ylDZVYZCo4j3fxwzlCdOXinJylSerLUqUUtehngx/M3uV16G8FhuzmTBvKbj+QeZ8w1KcjNccWbF9Dc/33/R8UPGrB/ftPhzc38a/uHtOW9d8OYvz6977pqNJXnz/8bi5v/Vubep1h+M8/9N1/9LBR6K3bs8njreLwZeODQ3kN4x8GCc7F6Uqao5XSI9ab8olhgRA/0SgRkxMCIRmDAuHViyS24gPdPONH5upvHWdImsAAAAALzv4g6CuJsmzv+fXTv+iWnjf3vQZX1nLzx/+VFffvrXx736i3t73v3d/osebitZuzpv/j+iuPl/bK9XdmPnxd6s7R3CHSWbepMJDK5JBeJ+jJr48/i+NSHskLWDI1OipTpVoiLRcHigKvUL9YpkVXdVpdYYiPePfeK+FRe3J66oCmHvrL0vmTaerUy1UZUMDKhIBaqTgellqUDc85MJ3FmaCsAWy+wVjC+o9KkuGfWdlyvw+vuwXBM0Oby8faCd5OvsN1fbSmXygfQ+1YzNe9ryqmObyHt7rPRu647vtnrvtuwvUulvKO9sClWG0sktUybOaZsdH8n+JWuebfQ8Z/9KtZj0Vngdzn/vve1aZbIDjYmPj8bOy3X+OiyJ1a26sPfYxY8eNfzWuuE39Bm0cGPR3Sgg/lB45rCr6rM377ZWGdKvuW73edLs86Q7/hvo52kLIYy7d+xFjYfcuHDSiP7X73xH7fDLvzT4lkMbnx1XM2eXw8e89sV5efP/5uLm/2WJ2w4b48acVRfCvlkbd1Xc/KPqUp+DWYHUp+RO+YHUIfeXagt+cgIAAMDWltndkdlf0Jq+TZ0Qnpwn5+dv3sz8cX/FiE7zF9vv/lecsnL0hAN/23f8XoccvM9Zdy04er+/Tbz+tT9Wj5z0wPd+tfr6vPn/hHef//dMdNPxf8f/2UYc/+/U9r4rumfygflbtCs6rzq2Ccf/O7W9v9sc/++U4/+O/3fG8f8uOP7fqe39acv7ljTDl64Qwr9f/vm/vX3Pbv02LC393pQH5vU//rLvL1r2k52f+efH/mn69H33/FXe/H9GcfN/6/91vmhfZv2/CYXW/5tRaP2/+db/AwAAtqkCC80l53l5q/flZUiu3peXocsFArtcYtD6f5u9/t+L/3Lpgr2mjv3GiWc9dnDvR+tHrRkz6O8nvbrnmuuevHLoIyf8/dt58//5xc3/48uhV3br3WX9v37jClR1SQzMsDAgAAAA26NCOwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4YJ31xynnjVjw+J+ap39l/fLx32nd8fGHprzefMQPRy87es0pu5xyb581hz1z5s6j1p7zyuhFt5y691shtHaUK0kVLzn0r+saBo8e03fR7dcMXvrIwL9UpustT99+NCd3bPXt2hCWZD1SExPratvvbAocO3rZ3LL2xKraEPbKDkxdMHWH9sSNtSHskx1YceLAXdoTC5Il7n7usJfbEyclA0cO3nFDe+Iz6UBJsrv/1jvV3ZJkdy/uHUJdViDT3VN751aVaeOIdKA02cZ3a1JtxEBNLHpVTaqNGGiLJVp7hjCkLIQeyaoeqUxV1SNZ1U8rU1X1SFZ1dmUIB4cQypJVPV+RqqosOfLHKlJVxcCu/W9aP6A9sbQihCHZgTXjlx7QnpiZCGQaP6YihI+3v2SSjd9anmq8PNn4v5aHsEcIoSJZ4s2yVImKZIkXy0LYKSuwaSOWhTA38OEQP30mZz84a+68qRPb2lpmbsNERbqtqjClta2lYdL0tsmViT4VUpKVfuec9z72360/a1L77epjptYVky5Llyvv6HJTec7d/bf33sd+VWdXsun5yKs/5q8IvULPObNaZjacMXH27JlDU3+Lzd6U+tsjHU1tq6HdZVsNyK5kyOxpM4bMmjtvcOu0iSe3nNxy2rBPNQ1rGrp/U+OQ9kGl/26NkS59/0e6e1lWJe/H+19CQqK7JUpzPt0at/fP8bwv+ps6Wh4qOz6g86YV2VlKOka5NQY98j2O+L18TelyREPzJg55WZq6zrJ/3mRiU5aqVJaOr3V5k8Psmko7Nmm8XxoaGnoU2g71uXezN+8bW7B5n05vumLTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwv+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwLAAAAAAgzN86jJ4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAD//+GI8JI=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x17f) ioctl$BTRFS_IOC_DEFRAG_RANGE(r0, 0x40309410, &(0x7f0000000000)={0x7, 0x7, 0x1, 0x3, 0x2, [0x64, 0x400, 0x5, 0x40]}) kernel console output (not intermixed with test programs): op2): Directory bread(block 71) failed [ 536.541451][T17796] FAT-fs (loop2): Directory bread(block 72) failed [ 536.547994][T17796] FAT-fs (loop2): Directory bread(block 73) failed [ 536.615567][ T5225] ocfs2: Unmounting device (7,0) on (node local) [ 536.630061][T17228] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 537.398215][T17805] loop3: detected capacity change from 0 to 32768 [ 537.405135][ T205] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 537.421811][T17805] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.4533 (17805) [ 537.500448][T17805] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 537.540581][T17805] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 537.555366][T17805] BTRFS info (device loop3): disk space caching is enabled [ 537.620689][T17805] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 537.818174][T17837] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4547'. [ 538.059506][T17846] loop0: detected capacity change from 0 to 128 [ 538.083522][T17805] BTRFS info (device loop3): rebuilding free space tree [ 538.126720][T17846] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 538.169899][T17805] BTRFS info (device loop3): disabling free space tree [ 538.229882][T17805] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 538.239709][T17805] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 538.296366][T17865] loop1: detected capacity change from 0 to 256 [ 538.410705][T17867] loop5: detected capacity change from 0 to 512 [ 538.414193][T17865] FAT-fs (loop1): Directory bread(block 64) failed [ 538.423118][T17867] EXT4-fs: Ignoring removed oldalloc option [ 538.489956][T17865] FAT-fs (loop1): Directory bread(block 65) failed [ 538.502415][T17865] FAT-fs (loop1): Directory bread(block 66) failed [ 538.508967][T17865] FAT-fs (loop1): Directory bread(block 67) failed [ 538.559094][T16024] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 538.586447][T17867] EXT4-fs error (device loop5): ext4_xattr_inode_iget:436: comm syz.5.4556: Parent and EA inode have the same ino 15 [ 538.602580][T17867] EXT4-fs error (device loop5): ext4_xattr_inode_iget:436: comm syz.5.4556: Parent and EA inode have the same ino 15 [ 538.618587][T17867] EXT4-fs (loop5): 1 orphan inode deleted [ 538.625655][T17867] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 538.687778][T17865] FAT-fs (loop1): Directory bread(block 68) failed [ 538.696660][T17865] FAT-fs (loop1): Directory bread(block 69) failed [ 538.704422][T17865] FAT-fs (loop1): Directory bread(block 70) failed [ 538.712294][T17865] FAT-fs (loop1): Directory bread(block 71) failed [ 538.719002][T17865] FAT-fs (loop1): Directory bread(block 72) failed [ 538.725732][T17865] FAT-fs (loop1): Directory bread(block 73) failed [ 538.758460][T17033] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 539.343229][ T64] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 539.361400][T17890] netlink: 110 bytes leftover after parsing attributes in process `syz.3.4558'. [ 539.634140][T17896] loop3: detected capacity change from 0 to 8 [ 539.651281][T17896] squashfs: Unknown parameter 'dΐš' [ 539.916504][T17900] loop2: detected capacity change from 0 to 1024 [ 540.036482][T17900] EXT4-fs: Ignoring removed nomblk_io_submit option [ 540.056594][T17882] loop4: detected capacity change from 0 to 40427 [ 540.120656][T17882] F2FS-fs (loop4): heap/no_heap options were deprecated [ 540.218494][T17882] F2FS-fs (loop4): invalid crc value [ 540.373005][T17879] loop0: detected capacity change from 0 to 40427 [ 540.385845][T17879] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 540.393541][T17879] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 540.403623][T17882] F2FS-fs (loop4): Found nat_bits in checkpoint [ 540.410541][T17879] F2FS-fs (loop0): heap/no_heap options were deprecated [ 540.505261][T17882] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 540.517428][ T29] audit: type=1326 audit(1728261724.488:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17912 comm="syz.5.4576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc36dd7dff9 code=0x7ffc0000 [ 540.535952][T17871] Bluetooth: hci8: command 0x0405 tx timeout [ 540.539819][ C1] vkms_vblank_simulate: vblank timer overrun [ 540.551985][ T29] audit: type=1326 audit(1728261724.488:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17912 comm="syz.5.4576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc36dd7dff9 code=0x7ffc0000 [ 540.574327][ C1] vkms_vblank_simulate: vblank timer overrun [ 540.581472][ T29] audit: type=1326 audit(1728261724.548:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17912 comm="syz.5.4576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc36dd7dff9 code=0x7ffc0000 [ 540.603813][ C1] vkms_vblank_simulate: vblank timer overrun [ 540.611186][ T29] audit: type=1326 audit(1728261724.548:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17912 comm="syz.5.4576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc36dd7dff9 code=0x7ffc0000 [ 540.633916][ T29] audit: type=1326 audit(1728261724.548:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17912 comm="syz.5.4576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc36dd7dff9 code=0x7ffc0000 [ 540.656257][ C1] vkms_vblank_simulate: vblank timer overrun [ 540.700444][T17879] F2FS-fs (loop0): invalid crc value [ 540.705941][ T29] audit: type=1326 audit(1728261724.688:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17912 comm="syz.5.4576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=8 compat=0 ip=0x7fc36dd7dff9 code=0x7ffc0000 [ 540.728248][ T29] audit: type=1326 audit(1728261724.688:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17912 comm="syz.5.4576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc36dd7dff9 code=0x7ffc0000 [ 540.750874][ T29] audit: type=1326 audit(1728261724.688:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17912 comm="syz.5.4576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc36dd7dff9 code=0x7ffc0000 [ 540.773327][ C1] vkms_vblank_simulate: vblank timer overrun [ 540.857479][T17879] F2FS-fs (loop0): Found nat_bits in checkpoint [ 540.883323][T17927] loop1: detected capacity change from 0 to 64 [ 540.891748][T17228] syz-executor: attempt to access beyond end of device [ 540.891748][T17228] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 540.905948][T17228] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 540.961230][T17929] loop5: detected capacity change from 0 to 1024 [ 541.250896][T17879] F2FS-fs (loop0): Start checkpoint disabled! [ 541.275613][ T35] hfsplus: b-tree write err: -5, ino 4 [ 541.304326][T17918] loop2: detected capacity change from 0 to 40427 [ 541.337765][T17918] F2FS-fs (loop2): invalid crc value [ 541.351818][T17879] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 541.360311][T17879] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 541.401442][T17918] F2FS-fs (loop2): Found nat_bits in checkpoint [ 541.586292][T17879] F2FS-fs (loop0): disabling checkpoint not compatible with read-only [ 541.683028][T17918] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 541.702123][T17942] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4585'. [ 542.335851][T17957] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4593'. [ 542.365483][T17949] loop3: detected capacity change from 0 to 4096 [ 542.400081][T17949] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 542.401944][T17957] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4593'. [ 542.662766][T17949] ntfs3: loop3: ino=1e, "file1" attr_set_size [ 542.669340][T17949] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 542.745067][T17949] ntfs3: loop3: ino=3, ntfs_set_state failed, -22. [ 542.753080][T17968] loop2: detected capacity change from 0 to 64 [ 542.921996][ T205] ntfs3: loop3: ino=3, ntfs3_write_inode failed, -22. [ 543.173080][T17981] netlink: 'syz.5.4602': attribute type 27 has an invalid length. [ 543.183181][T14358] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 543.255595][T17983] loop5: detected capacity change from 0 to 1024 [ 543.352454][T17986] loop0: detected capacity change from 0 to 164 [ 543.434224][T17988] loop3: detected capacity change from 0 to 256 [ 543.480200][T17986] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 543.511469][T17988] FAT-fs (loop3): Directory bread(block 64) failed [ 543.545547][T14358] hfsplus: b-tree write err: -5, ino 4 [ 543.556113][T17988] FAT-fs (loop3): Directory bread(block 65) failed [ 543.617905][T17988] FAT-fs (loop3): Directory bread(block 66) failed [ 543.628243][T17988] FAT-fs (loop3): Directory bread(block 67) failed [ 543.662262][T17988] FAT-fs (loop3): Directory bread(block 68) failed [ 543.668882][T17988] FAT-fs (loop3): Directory bread(block 69) failed [ 543.681414][T17988] FAT-fs (loop3): Directory bread(block 70) failed [ 543.712014][T17988] FAT-fs (loop3): Directory bread(block 71) failed [ 543.718648][T17988] FAT-fs (loop3): Directory bread(block 72) failed [ 543.820631][T17988] FAT-fs (loop3): Directory bread(block 73) failed [ 544.111825][T18004] loop5: detected capacity change from 0 to 64 [ 544.411703][T17985] loop1: detected capacity change from 0 to 40427 [ 544.486332][T17985] F2FS-fs (loop1): invalid crc value [ 544.531165][T17985] F2FS-fs (loop1): Found nat_bits in checkpoint [ 544.816525][T18022] netlink: 'syz.3.4621': attribute type 3 has an invalid length. [ 544.829146][T18022] netlink: 'syz.3.4621': attribute type 1 has an invalid length. [ 544.839050][T18022] netlink: 191384 bytes leftover after parsing attributes in process `syz.3.4621'. [ 544.870810][T17985] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 545.081052][T14358] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 545.108099][T18010] loop0: detected capacity change from 0 to 32768 [ 545.141765][T18027] loop3: detected capacity change from 0 to 256 [ 545.188973][T18010] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.4616 (18010) [ 545.214382][T18027] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x99a53fd9, utbl_chksum : 0xe619d30d) [ 545.236095][T18010] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 545.277330][T18010] BTRFS info (device loop0): using sha256 (sha256-ni) checksum algorithm [ 545.305278][T18010] BTRFS info (device loop0): using free-space-tree [ 545.463832][ T5405] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 545.551772][ T5225] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 545.831353][ T5405] usb 3-1: Using ep0 maxpacket: 8 [ 545.839353][ T5405] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 223, changing to 11 [ 545.860454][ T5405] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 545.870303][ T5405] usb 3-1: New USB device found, idVendor=044e, idProduct=1215, bcdDevice= 0.00 [ 545.879450][ T5405] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 545.901919][ T5405] usb 3-1: config 0 descriptor?? [ 546.377493][ T5405] hid-alps 0003:044E:1215.0068: hidraw0: USB HID v40.00 Device [HID 044e:1215] on usb-dummy_hcd.2-1/input0 [ 546.707805][ T5288] usb 3-1: USB disconnect, device number 45 [ 546.890530][T18067] loop3: detected capacity change from 0 to 1024 [ 546.942650][T18067] hfsplus: bad catalog entry type [ 547.162174][ T205] hfsplus: b-tree write err: -5, ino 4 [ 547.425839][T18081] loop4: detected capacity change from 0 to 256 [ 547.464661][T18085] loop1: detected capacity change from 0 to 128 [ 547.489345][T18081] exfat: Deprecated parameter 'utf8' [ 547.581838][T18085] VFS: Found a Xenix FS (block size = 512) on device loop1 [ 547.627475][T18081] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xba7df490, utbl_chksum : 0xe619d30d) [ 547.857447][ T5227] sysv_free_block: trying to free block not in datazone [ 547.877041][ T5227] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 548.131917][T18080] loop3: detected capacity change from 0 to 40427 [ 548.345458][T18107] netlink: 'syz.4.4652': attribute type 3 has an invalid length. [ 548.346014][T18080] F2FS-fs (loop3): Found nat_bits in checkpoint [ 548.362224][ T2576] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 548.387584][T18109] loop2: detected capacity change from 0 to 512 [ 548.543610][T18109] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 548.590230][T18080] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 548.621133][T18109] ext4 filesystem being mounted at /258/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 548.703938][T16024] syz-executor: attempt to access beyond end of device [ 548.703938][T16024] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 548.750501][T16024] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 548.785117][T13243] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 549.053337][ T9] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 549.220444][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 549.239427][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 549.286601][ T5288] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 549.302637][ T9] usb 2-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 549.324329][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 549.333003][ T9] usb 2-1: SerialNumber: syz [ 549.341740][ T9] usb 2-1: config 0 descriptor?? [ 549.358937][ T9] usb 2-1: Found UVC 0.00 device (05ac:8501) [ 549.366093][ T9] usb 2-1: No valid video chain found. [ 549.441401][T18134] openvswitch: netlink: Actions may not be safe on all matching packets [ 549.494635][ T5288] usb 3-1: Using ep0 maxpacket: 32 [ 549.503910][ T5288] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 549.530645][ T5288] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 549.547035][ T5288] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 549.630849][ T9] usb 2-1: USB disconnect, device number 39 [ 549.647349][ T5288] usb 3-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 549.657539][ T5288] usb 3-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 549.666051][ T5288] usb 3-1: Product: syz [ 549.670225][ T5288] usb 3-1: Manufacturer: syz [ 549.674921][ T5288] usb 3-1: SerialNumber: syz [ 549.683308][T18126] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 549.698741][ T5288] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input48 [ 549.981773][T18143] loop3: detected capacity change from 0 to 128 [ 550.031196][ T9] usb 3-1: USB disconnect, device number 46 [ 550.064342][T18148] loop0: detected capacity change from 0 to 256 [ 550.073601][T18143] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 550.086180][T18143] ext4 filesystem being mounted at /147/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 550.104690][T18148] exfat: Deprecated parameter 'utf8' [ 550.157474][ T9] appletouch 3-1:1.0: input: appletouch disconnected [ 550.202025][T14358] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 550.226888][T16024] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 550.280835][T18148] exfat: Deprecated parameter 'namecase' [ 550.332506][T18148] exfat: Deprecated parameter 'namecase' [ 550.356855][T18148] exfat: Deprecated parameter 'utf8' [ 550.446727][T18148] exFAT-fs (loop0): failed to load upcase table (idx : 0x00012153, chksum : 0xc3dffc2e, utbl_chksum : 0xe619d30d) [ 550.537844][T18156] loop1: detected capacity change from 0 to 2048 [ 550.574784][T18156] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 550.792828][T18167] loop2: detected capacity change from 0 to 16 [ 550.870650][T18167] erofs: (device loop2): mounted with root inode @ nid 36. [ 550.900677][T18167] erofs: (device loop2): erofs_read_inode: bogus i_mode (0) @ nid 0 [ 550.950655][ T29] audit: type=1800 audit(1728261734.928:168): pid=18171 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.4672" name="file1" dev="loop1" ino=1346 res=0 errno=0 [ 550.988162][T18175] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 552.008240][T18202] netlink: 'syz.4.4692': attribute type 1 has an invalid length. [ 552.030695][T18202] netlink: 191384 bytes leftover after parsing attributes in process `syz.4.4692'. [ 552.348769][T18212] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.4699'. [ 552.360166][T18212] openvswitch: netlink: Multiple metadata blocks provided [ 552.723427][T18228] loop4: detected capacity change from 0 to 1024 [ 552.790826][T18228] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 552.833455][T18228] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 552.856508][T18228] EXT4-fs error (device loop4): ext4_expand_extra_isize_ea:2793: inode #2: comm syz.4.4706: corrupted in-inode xattr: bad e_name length [ 552.880256][T18228] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #2: comm syz.4.4706: corrupted in-inode xattr: bad e_name length [ 553.008020][T18234] loop5: detected capacity change from 0 to 1024 [ 553.015708][T17228] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 553.087503][T18234] EXT4-fs: Ignoring removed orlov option [ 553.188284][T18234] EXT4-fs: Ignoring removed nomblk_io_submit option [ 553.232874][T18215] loop2: detected capacity change from 0 to 32768 [ 553.301688][T18234] EXT4-fs (loop5): Test dummy encryption mode enabled [ 553.434972][T18215] find_entry called with index >= next_index [ 553.446905][T18201] loop1: detected capacity change from 0 to 40427 [ 553.455197][T18201] F2FS-fs (loop1): Corrupted extension count (64 + 1 > 64) [ 553.458424][T18234] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 553.480946][T18201] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 553.510247][T18215] find_entry called with index >= next_index [ 553.516849][T18215] find_entry called with index >= next_index [ 553.619769][T18201] F2FS-fs (loop1): Found nat_bits in checkpoint [ 553.917480][T18201] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 553.946130][T17033] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 553.972942][T18201] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 554.077721][ T2576] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 554.081848][T18245] f2fs_ckpt-7:1: attempt to access beyond end of device [ 554.081848][T18245] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 554.106159][T18245] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 554.259419][T18261] nbd: must specify an index to disconnect [ 554.451545][T18269] loop3: detected capacity change from 0 to 512 [ 554.540532][T18269] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 554.591107][T18269] EXT4-fs (loop3): 1 truncate cleaned up [ 554.597772][T18269] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 554.772640][T16024] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 555.100538][T14690] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 555.175293][ T5292] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 555.246663][ T2576] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 555.317192][T14690] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 555.354057][T14690] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 555.364561][T14690] usb 3-1: New USB device found, idVendor=0543, idProduct=e621, bcdDevice= 0.00 [ 555.374189][T14690] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 555.387488][T14690] usb 3-1: config 0 descriptor?? [ 555.418495][ T5292] usb 4-1: config 0 has an invalid interface number: 117 but max is 0 [ 555.433974][ T5292] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 555.445657][ T5292] usb 4-1: config 0 has no interface number 0 [ 555.455229][ T5292] usb 4-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 555.467242][ T5292] usb 4-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 555.484700][ T5292] usb 4-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 555.494085][ T5292] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 555.512989][ T5292] usb 4-1: Product: syz [ 555.517368][ T5292] usb 4-1: Manufacturer: syz [ 555.525391][ T5292] usb 4-1: SerialNumber: syz [ 555.549029][ T5292] usb 4-1: config 0 descriptor?? [ 555.819770][T14690] viewsonic 0003:0543:E621.0069: hidraw0: USB HID v0.00 Device [HID 0543:e621] on usb-dummy_hcd.2-1/input0 [ 556.013236][ T9] usb 3-1: USB disconnect, device number 47 [ 556.184708][ T5292] usbtouchscreen 4-1:0.117: probe with driver usbtouchscreen failed with error -71 [ 556.209843][ T5232] Bluetooth: hci8: command 0x0405 tx timeout [ 556.213558][ T5292] usb 4-1: USB disconnect, device number 38 [ 556.361740][T18298] loop4: detected capacity change from 0 to 32768 [ 556.373592][T18298] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.4737 (18298) [ 556.393207][T18298] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 556.403548][T18298] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 556.412332][T18298] BTRFS info (device loop4): disk space caching is enabled [ 556.419732][T18298] BTRFS warning (device loop4): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 556.477296][T18313] loop1: detected capacity change from 0 to 16 [ 556.493139][T18313] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 556.538528][T18298] BTRFS info (device loop4): rebuilding free space tree [ 556.695633][T18298] BTRFS info (device loop4): disabling free space tree [ 556.716489][T18324] loop2: detected capacity change from 0 to 1024 [ 556.718727][T18298] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 556.770566][T18298] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 556.897974][T18328] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4743'. [ 556.910982][T18328] tipc: Enabling of bearer rejected, failed to enable media [ 556.920328][ T205] hfsplus: b-tree write err: -5, ino 4 [ 556.950336][T18329] netlink: 'syz.1.4742': attribute type 29 has an invalid length. [ 556.974623][T18326] netlink: 'syz.1.4742': attribute type 29 has an invalid length. [ 557.174564][T17228] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 557.973850][T18338] loop2: detected capacity change from 0 to 32768 [ 557.981950][T18338] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.4749 (18338) [ 558.044839][T18338] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 558.059488][T18338] BTRFS info (device loop2): using sha256 (sha256-ni) checksum algorithm [ 558.140543][T18338] BTRFS info (device loop2): using free-space-tree [ 558.197254][T18350] loop3: detected capacity change from 0 to 8192 [ 558.333536][T18370] devtmpfs: Cannot retroactively limit inodes [ 558.647545][T13243] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 558.827119][T18382] netlink: 'syz.5.4761': attribute type 29 has an invalid length. [ 558.922771][T18382] netlink: 'syz.5.4761': attribute type 29 has an invalid length. [ 559.242762][ T52] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 559.510312][T18392] loop0: detected capacity change from 0 to 512 [ 559.620952][T18392] EXT4-fs error (device loop0): __ext4_iget:4952: inode #11: block 16: comm syz.0.4766: invalid block [ 559.675819][T18392] EXT4-fs error (device loop0): ext4_orphan_get:1393: comm syz.0.4766: couldn't read orphan inode 11 (err -117) [ 559.688422][T18392] EXT4-fs (loop0): 1 truncate cleaned up [ 559.791647][T18392] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 559.826833][T18379] loop1: detected capacity change from 0 to 32768 [ 559.964862][T18392] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz.0.4766: bg 0: block 16: invalid block bitmap [ 560.044098][T18379] XFS (loop1): DAX unsupported by block device. Turning off DAX. [ 560.086471][T18416] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4771'. [ 560.101967][T18379] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 560.176944][T18379] XFS (loop1): Ending clean mount [ 560.211691][ T5225] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 560.228542][T18379] XFS (loop1): Quotacheck needed: Please wait. [ 560.420478][T18379] XFS (loop1): Quotacheck: Done. [ 560.519783][ T5227] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 560.573836][T18429] loop5: detected capacity change from 0 to 2048 [ 560.632015][T18429] NILFS (loop5): invalid segment: Checksum error in segment payload [ 560.660442][T18429] NILFS (loop5): trying rollback from an earlier position [ 560.668757][T18433] loop3: detected capacity change from 0 to 512 [ 560.719082][T18433] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 560.768743][T18429] NILFS (loop5): recovery complete [ 560.769854][T18433] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 560.789223][T18433] ext4 filesystem being mounted at /169/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 560.811229][T18438] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 560.902281][T16024] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 561.080862][ T205] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 561.620067][T18464] loop5: detected capacity change from 0 to 256 [ 561.769009][T18464] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 562.035018][ T29] audit: type=1800 audit(1728261746.018:169): pid=18464 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.4791" name="bus" dev="loop5" ino=1048916 res=0 errno=0 [ 562.118987][T18473] loop3: detected capacity change from 0 to 1024 [ 562.165101][T18477] loop2: detected capacity change from 0 to 64 [ 562.208299][T18473] hfsplus: bad catalog entry type [ 562.370340][ T1262] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.495716][ T2576] hfsplus: b-tree write err: -5, ino 4 [ 562.585237][T18488] pim6reg: entered allmulticast mode [ 562.646746][T18488] pim6reg: left allmulticast mode [ 563.082810][T18480] loop4: detected capacity change from 0 to 32768 [ 563.117911][T18492] loop1: detected capacity change from 0 to 4096 [ 563.205051][T18492] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 563.477295][T18501] UBIFS error (pid: 18501): cannot open "u?kfsσ", error -22 [ 563.625018][T18492] ntfs3: loop1: ino=1b, "file0" attr_set_size [ 563.639173][T18492] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 563.778809][T18496] loop3: detected capacity change from 0 to 32768 [ 563.891270][T18496] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 564.166760][T18526] loop2: detected capacity change from 0 to 128 [ 564.363480][T18526] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 564.429409][T18526] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 564.448034][T18496] XFS (loop3): Ending clean mount [ 564.468142][T18496] XFS (loop3): Quotacheck needed: Please wait. [ 564.607118][T18496] XFS (loop3): Quotacheck: Done. [ 564.921151][ T2576] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 564.966447][T18547] loop1: detected capacity change from 0 to 1024 [ 564.974285][T16024] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 564.998879][T18549] loop2: detected capacity change from 0 to 256 [ 565.028127][T18547] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 565.415331][ T5227] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 566.005816][T18524] loop5: detected capacity change from 0 to 32768 [ 566.434217][T18584] loop1: detected capacity change from 0 to 256 [ 566.449068][T18585] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 566.455606][T18585] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 566.490505][T18584] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 566.516596][T18585] vhci_hcd vhci_hcd.0: Device attached [ 566.710525][ T935] vhci_hcd: vhci_device speed not set [ 566.841678][ T935] usb 9-1: new full-speed USB device number 2 using vhci_hcd [ 566.856125][ T64] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 567.203854][ T29] audit: type=1326 audit(1728261751.188:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18602 comm="syz.4.4850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e7137dff9 code=0x7ffc0000 [ 567.250810][ T5292] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 567.271326][ T29] audit: type=1326 audit(1728261751.258:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18602 comm="syz.4.4850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e7137dff9 code=0x7ffc0000 [ 567.312646][T18604] loop4: detected capacity change from 0 to 256 [ 567.343789][T18604] exfat: Bad value for 'uid' [ 567.348451][T18604] exfat: Bad value for 'uid' [ 567.353565][ T29] audit: type=1326 audit(1728261751.278:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18602 comm="syz.4.4850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f4e7137dff9 code=0x7ffc0000 [ 567.378826][ T29] audit: type=1326 audit(1728261751.278:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18602 comm="syz.4.4850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f4e7137e033 code=0x7ffc0000 [ 567.402018][ T29] audit: type=1326 audit(1728261751.288:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18602 comm="syz.4.4850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f4e7137cadf code=0x7ffc0000 [ 567.425778][ T29] audit: type=1326 audit(1728261751.298:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18602 comm="syz.4.4850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f4e7137e087 code=0x7ffc0000 [ 567.450729][ T29] audit: type=1326 audit(1728261751.298:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18602 comm="syz.4.4850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4e7137c990 code=0x7ffc0000 [ 567.455842][ T5292] usb 3-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 567.473796][ T29] audit: type=1326 audit(1728261751.298:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18602 comm="syz.4.4850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f4e7137dbfb code=0x7ffc0000 [ 567.508964][ T29] audit: type=1326 audit(1728261751.328:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18602 comm="syz.4.4850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f4e7137cc8a code=0x7ffc0000 [ 567.532497][ T29] audit: type=1326 audit(1728261751.328:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18602 comm="syz.4.4850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f4e7137cc8a code=0x7ffc0000 [ 567.645879][ T5292] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 567.723279][ T5292] usb 3-1: Product: syz [ 567.768109][ T5292] usb 3-1: Manufacturer: syz [ 567.802410][ T5292] usb 3-1: SerialNumber: syz [ 567.912644][ T5292] usb 3-1: config 0 descriptor?? [ 568.306067][ T5405] usb 3-1: USB disconnect, device number 48 [ 568.339966][ T5245] udevd[5245]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 569.053236][T18638] loop3: detected capacity change from 0 to 32768 [ 569.080636][T18638] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.4865 (18638) [ 569.123792][T18648] loop2: detected capacity change from 0 to 8 [ 569.165356][T18638] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 569.210034][T18638] BTRFS info (device loop3): using sha256 (sha256-ni) checksum algorithm [ 569.240546][T18638] BTRFS info (device loop3): using free-space-tree [ 569.483972][T18586] vhci_hcd: connection reset by peer [ 569.493080][ T2576] vhci_hcd: stop threads [ 569.517587][ T2576] vhci_hcd: release socket [ 569.540741][ T2576] vhci_hcd: disconnect device [ 569.696017][T18673] nbd: socks must be embedded in a SOCK_ITEM attr [ 569.921977][T18638] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 570.042054][ T52] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 570.123016][T18690] loop2: detected capacity change from 0 to 64 [ 570.308174][T18692] netlink: 'syz.5.4881': attribute type 29 has an invalid length. [ 570.492293][T18692] netlink: 'syz.5.4881': attribute type 29 has an invalid length. [ 570.739641][T18700] loop2: detected capacity change from 0 to 2048 [ 570.771059][T18702] loop1: detected capacity change from 0 to 8192 [ 570.882079][T18708] loop5: detected capacity change from 0 to 512 [ 570.890072][T18708] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 571.008875][T18708] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.4887: invalid indirect mapped block 4294967295 (level 1) [ 571.009326][T18709] loop3: detected capacity change from 0 to 2048 [ 571.033970][T18700] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 571.048354][T18700] ext4 filesystem being mounted at /302/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 571.060622][T18708] EXT4-fs (loop5): Remounting filesystem read-only [ 571.123027][T18709] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 571.131162][T18708] EXT4-fs (loop5): 2 truncates cleaned up [ 571.150253][T18708] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 571.208121][T18713] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 571.390592][T13243] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 571.485127][T18678] loop4: detected capacity change from 0 to 32768 [ 571.529963][T18678] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.4877 (18678) [ 571.626449][T17033] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 571.642616][T18678] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 571.654641][T18678] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 571.671755][T18678] BTRFS info (device loop4): using free-space-tree [ 571.950631][ T935] vhci_hcd: vhci_device speed not set [ 571.982212][ T64] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 572.153780][T18747] loop2: detected capacity change from 0 to 64 [ 572.283525][T17228] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 572.295469][T18749] devtmpfs: Cannot retroactively limit inodes [ 572.407134][T18754] loop3: detected capacity change from 0 to 1024 [ 572.432286][T18754] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 572.636580][T18754] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 572.723513][T18754] EXT4-fs (loop3): changing journal_checksum during remount not supported; ignoring [ 572.738388][T18754] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback. [ 573.074146][T16024] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 573.169956][T18772] loop5: detected capacity change from 0 to 256 [ 573.199479][T18772] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x1aabf3fb, utbl_chksum : 0xe619d30d) [ 573.613412][T18787] loop3: detected capacity change from 0 to 1024 [ 573.945346][ T205] hfsplus: b-tree write err: -5, ino 4 [ 574.329893][T18801] loop3: detected capacity change from 0 to 1024 [ 574.815208][T18782] loop2: detected capacity change from 0 to 32768 [ 574.860679][T18782] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.4913 (18782) [ 574.880502][ T5371] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 574.926952][T18782] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 574.960816][T18782] BTRFS info (device loop2): using sha256 (sha256-ni) checksum algorithm [ 574.969954][T18782] BTRFS info (device loop2): using free-space-tree [ 575.139465][ T5371] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 575.151469][ T5371] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 575.161875][ T5371] usb 2-1: New USB device found, idVendor=28bd, idProduct=0935, bcdDevice= 0.00 [ 575.171360][ T5371] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 575.185376][ T5371] usb 2-1: config 0 descriptor?? [ 575.346573][T18782] BTRFS error (device loop2): balance: invalid convert metadata profile raid1 [ 575.438538][T13243] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 575.454904][T18837] futex_wake_op: syz.0.4932 tries to shift op by 144; fix this program [ 575.629010][ T5371] input: HID 28bd:0935 Mouse as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:28BD:0935.006A/input/input50 [ 575.677041][ T5371] uclogic 0003:28BD:0935.006A: input,hidraw0: USB HID v0.00 Mouse [HID 28bd:0935] on usb-dummy_hcd.1-1/input0 [ 575.805394][ T205] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 575.895297][T14690] usb 2-1: USB disconnect, device number 40 [ 576.398636][T18854] loop3: detected capacity change from 0 to 256 [ 577.354556][T18878] loop1: detected capacity change from 0 to 2048 [ 577.448247][T18880] loop2: detected capacity change from 0 to 512 [ 577.457726][T18880] EXT4-fs (loop2): external journal device major/minor numbers have changed [ 577.636561][T18880] EXT4-fs (loop2): failed to open journal device unknown-block(4,137) -6 [ 577.722535][T14358] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 578.036255][T18868] loop3: detected capacity change from 0 to 32768 [ 578.082915][T18868] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.4947 (18868) [ 578.109370][T18878] hpfs: filesystem error: improperly stopped; already mounted read-only [ 578.198313][T18878] hpfs: filesystem error: sector(s) 'dir_band_bitmap' badly placed at 7b318cc4 [ 578.248209][T18904] loop5: detected capacity change from 0 to 512 [ 578.258533][T18904] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 578.258529][T18868] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 578.258597][T18868] BTRFS info (device loop3): using sha256 (sha256-ni) checksum algorithm [ 578.371593][T18868] BTRFS info (device loop3): using free-space-tree [ 578.402500][ T4677] udevd[4677]: worker [5245] terminated by signal 33 (Unknown signal 33) [ 578.416514][T18904] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 578.462724][ T4677] udevd[4677]: worker [5245] failed while handling '/devices/virtual/block/loop3' [ 578.500982][T18904] ext4 filesystem being mounted at /109/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 578.719260][T17033] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 578.856883][T18940] loop0: detected capacity change from 0 to 256 [ 578.955636][T18942] loop4: detected capacity change from 0 to 256 [ 579.020821][ T5405] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 579.026226][ T35] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 579.180547][ T5405] usb 2-1: Using ep0 maxpacket: 16 [ 579.181877][T16024] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 579.211546][ T5405] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 579.220319][ T5405] usb 2-1: config 0 has no interface number 0 [ 579.228156][ T5405] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 579.239123][ T5405] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 579.249020][ T5405] usb 2-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 579.258881][ T5405] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 579.311728][ T5405] usb 2-1: config 0 descriptor?? [ 579.481869][T18952] loop4: detected capacity change from 0 to 512 [ 579.581380][T18952] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 579.661717][T18952] EXT4-fs (loop4): 1 truncate cleaned up [ 579.717718][T18952] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 579.881956][T18952] EXT4-fs error (device loop4): ext4_generic_delete_entry:2680: inode #2: block 13: comm syz.4.4979: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 579.981769][T18952] EXT4-fs (loop4): Remounting filesystem read-only [ 579.993640][ T5405] uclogic 0003:28BD:0071.006B: failed retrieving string descriptor #100: -71 [ 580.007342][ T5405] uclogic 0003:28BD:0071.006B: failed retrieving pen parameters: -71 [ 580.022457][ T5405] uclogic 0003:28BD:0071.006B: pen probing failed: -71 [ 580.029529][ T5405] uclogic 0003:28BD:0071.006B: failed probing parameters: -71 [ 580.037805][ T5405] uclogic 0003:28BD:0071.006B: probe with driver uclogic failed with error -71 [ 580.076744][ T5405] usb 2-1: USB disconnect, device number 41 [ 580.128213][T17228] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 580.315600][T18953] loop0: detected capacity change from 0 to 32768 [ 580.338299][T18953] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.4977 (18953) [ 580.382882][T18953] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 580.462981][T18953] BTRFS info (device loop0): using sha256 (sha256-ni) checksum algorithm [ 580.548817][T18962] 9pnet_fd: Insufficient options for proto=fd [ 580.700987][T18953] BTRFS info (device loop0): rebuilding free space tree [ 580.809007][ T29] kauditd_printk_skb: 11 callbacks suppressed [ 580.809031][ T29] audit: type=1326 audit(1728261764.788:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18986 comm="syz.2.4985" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5889d7dff9 code=0x0 [ 580.840069][T18953] BTRFS info (device loop0): disabling free space tree [ 580.871031][T18953] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 580.889273][T18953] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 580.927611][ T2536] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 581.035080][T18992] loop4: detected capacity change from 0 to 1024 [ 581.093901][T18996] loop3: detected capacity change from 0 to 64 [ 581.218340][T18992] hfsplus: inconsistency in B*Tree (1,0,1,0,1) [ 581.235004][T18992] hfsplus: inconsistency in B*Tree (1,0,1,0,1) [ 581.332046][ T2536] hfsplus: b-tree write err: -5, ino 4 [ 581.920341][T19006] loop3: detected capacity change from 0 to 512 [ 581.985458][T18994] loop1: detected capacity change from 0 to 32768 [ 581.999546][T19006] EXT4-fs: Ignoring removed i_version option [ 582.075558][T19006] EXT4-fs error (device loop3): __ext4_iget:4952: inode #11: block 1: comm syz.3.4995: invalid block [ 582.130856][T19006] EXT4-fs error (device loop3): ext4_orphan_get:1393: comm syz.3.4995: couldn't read orphan inode 11 (err -117) [ 582.150864][T18994] XFS (loop1): Mounting V5 Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415 [ 582.182097][T19006] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 582.242172][T18953] BTRFS info (device loop0 state M): setting nodatasum [ 582.249484][T18953] BTRFS info (device loop0 state M): allowing degraded mounts [ 582.258100][T18953] BTRFS info (device loop0 state M): setting nodatasum [ 582.266006][T18953] BTRFS info (device loop0 state M): turning on flush-on-commit [ 582.273744][T18953] BTRFS info (device loop0 state M): turning on sync discard [ 582.281596][T18953] BTRFS info (device loop0 state M): force clearing of disk cache [ 582.289505][T18953] BTRFS info (device loop0 state M): not using ssd optimizations [ 582.346756][T18994] XFS (loop1): Ending clean mount [ 582.374359][T19006] EXT4-fs error (device loop3): ext4_add_entry:2437: inode #2: comm syz.3.4995: Directory hole found for htree leaf block 0 [ 582.401569][ T5225] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 582.574283][ T5227] XFS (loop1): Unmounting Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415 [ 582.609436][T16024] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 582.657043][T19028] loop5: detected capacity change from 0 to 2048 [ 582.701220][T19024] loop2: detected capacity change from 0 to 4096 [ 582.719413][T19024] ntfs3: loop2: Different NTFS sector size (1024) and media sector size (512). [ 582.854679][T19034] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 583.375944][T19048] netlink: 165 bytes leftover after parsing attributes in process `syz.3.5011'. [ 583.590914][ T35] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 583.984874][T19068] loop4: detected capacity change from 0 to 2048 [ 584.009454][T19070] loop0: detected capacity change from 0 to 1024 [ 584.040695][T19070] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 584.096931][T19070] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869) [ 584.134934][T19072] loop1: detected capacity change from 0 to 256 [ 584.157881][T19070] EXT4-fs (loop0): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 584.193156][T19075] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 584.246116][T19070] EXT4-fs error (device loop0): ext4_get_journal_inode:5762: inode #5: comm syz.0.5016: unexpected bad inode w/o EXT4_IGET_BAD [ 584.266550][T19072] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 584.301694][T19070] EXT4-fs (loop0): no journal found [ 584.308856][T19070] EXT4-fs (loop0): can't get journal size [ 584.322537][T19070] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 584.405967][T19081] netlink: 'syz.2.5024': attribute type 1 has an invalid length. [ 584.430555][T19070] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.5016: bg 0: block 32: padding at end of block bitmap is not set [ 584.650697][ T5225] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 584.720525][T19086] sp0: Synchronizing with TNC [ 585.020456][ T5292] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 585.201055][ T5292] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 585.264614][ T5292] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 585.290489][ T5292] usb 3-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 585.304698][T19100] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5032'. [ 585.310526][ T5292] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 585.370686][T19100] netlink: 'syz.4.5032': attribute type 3 has an invalid length. [ 585.382506][ T5292] usb 3-1: config 0 descriptor?? [ 585.820962][ T5292] hid-multitouch 0003:1FD2:6007.006C: bogus close delimiter [ 585.861603][ T5292] hid-multitouch 0003:1FD2:6007.006C: item 0 1 2 10 parsing failed [ 585.908300][ T5292] hid-multitouch 0003:1FD2:6007.006C: probe with driver hid-multitouch failed with error -22 [ 586.110464][ T5292] usb 3-1: USB disconnect, device number 49 [ 586.392965][T19082] loop5: detected capacity change from 0 to 40427 [ 586.452058][T19082] F2FS-fs (loop5): build fault injection attr: rate: 0, type: 0x7 [ 586.469448][T19112] loop3: detected capacity change from 0 to 40427 [ 586.501679][T19112] F2FS-fs (loop3): invalid crc value [ 586.515201][T19112] F2FS-fs (loop3): Found nat_bits in checkpoint [ 586.537633][T19082] F2FS-fs (loop5): invalid crc value [ 586.553980][T19104] loop0: detected capacity change from 0 to 40427 [ 586.587171][T19104] F2FS-fs (loop0): heap/no_heap options were deprecated [ 586.617868][T19082] F2FS-fs (loop5): Found nat_bits in checkpoint [ 586.629044][T19104] F2FS-fs (loop0): invalid crc value [ 586.648913][T19112] F2FS-fs (loop3): Start checkpoint disabled! [ 586.656676][T19104] F2FS-fs (loop0): Found nat_bits in checkpoint [ 586.656742][T19112] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 586.821988][T19104] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 586.873339][T19112] syz.3.5040: attempt to access beyond end of device [ 586.873339][T19112] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 586.904985][T19082] F2FS-fs (loop5): Start checkpoint disabled! [ 586.928250][ T29] audit: type=1326 audit(1728261770.908:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19127 comm="syz.2.5044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5889d74fa7 code=0x7ffc0000 [ 587.006978][T19082] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6 [ 587.064776][ T5225] syz-executor: attempt to access beyond end of device [ 587.064776][ T5225] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 587.080871][ T29] audit: type=1326 audit(1728261770.948:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19127 comm="syz.2.5044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5889d19959 code=0x7ffc0000 [ 587.107324][T19082] F2FS-fs (loop5): Checkpoint should be enabled. [ 587.138868][ T29] audit: type=1326 audit(1728261770.948:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19127 comm="syz.2.5044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5889d74fa7 code=0x7ffc0000 [ 587.161646][ T5225] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 587.241769][ T29] audit: type=1326 audit(1728261770.948:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19127 comm="syz.2.5044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5889d19959 code=0x7ffc0000 [ 587.328959][ T29] audit: type=1326 audit(1728261770.948:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19127 comm="syz.2.5044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5889d74fa7 code=0x7ffc0000 [ 587.363911][ T2576] kworker/u8:7: attempt to access beyond end of device [ 587.363911][ T2576] loop3: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 587.381114][T14690] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 587.431132][ T2576] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 587.438371][ T2576] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 587.448382][ T29] audit: type=1326 audit(1728261770.948:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19127 comm="syz.2.5044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5889d19959 code=0x7ffc0000 [ 587.470683][ C0] vkms_vblank_simulate: vblank timer overrun [ 587.488554][ T64] kworker/u8:4: attempt to access beyond end of device [ 587.488554][ T64] loop5: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 587.509665][ T2576] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 587.534305][ T64] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 587.543278][ T29] audit: type=1326 audit(1728261770.948:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19127 comm="syz.2.5044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5889d74fa7 code=0x7ffc0000 [ 587.567016][ T64] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 587.570880][T14690] usb 2-1: Using ep0 maxpacket: 32 [ 587.577305][ T29] audit: type=1326 audit(1728261770.948:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19127 comm="syz.2.5044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5889d19959 code=0x7ffc0000 [ 587.605807][ T29] audit: type=1326 audit(1728261770.948:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19127 comm="syz.2.5044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5889d74fa7 code=0x7ffc0000 [ 587.619611][T14690] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 587.630512][ T29] audit: type=1326 audit(1728261770.968:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19127 comm="syz.2.5044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5889d19959 code=0x7ffc0000 [ 587.682909][T14690] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 587.696566][T14690] usb 2-1: New USB device found, idVendor=060b, idProduct=0001, bcdDevice= 0.00 [ 587.705684][T14690] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 587.717908][T14690] usb 2-1: config 0 descriptor?? [ 588.154183][T14690] macally 0003:060B:0001.006D: item fetching failed at offset 2/5 [ 588.163106][T14690] macally 0003:060B:0001.006D: probe with driver macally failed with error -22 [ 588.411527][ T935] usb 2-1: USB disconnect, device number 42 [ 588.600997][ T9] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 588.770472][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 588.780913][ T9] usb 3-1: config 0 has an invalid interface number: 219 but max is 0 [ 588.810116][ T9] usb 3-1: config 0 has no interface number 0 [ 588.841166][ T9] usb 3-1: config 0 interface 219 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 588.872675][ T9] usb 3-1: config 0 interface 219 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 588.909515][ T9] usb 3-1: config 0 interface 219 altsetting 0 endpoint 0x8B has invalid maxpacket 28739, setting to 1024 [ 588.935083][ T9] usb 3-1: config 0 interface 219 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 588.967243][T19157] Dead loop on virtual device ip6_vti0, fix it urgently! [ 589.001767][ T9] usb 3-1: config 0 interface 219 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1023 [ 589.014246][ T9] usb 3-1: config 0 interface 219 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 589.042297][ T9] usb 3-1: New USB device found, idVendor=108c, idProduct=0169, bcdDevice=75.b9 [ 589.052445][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 589.060566][ T9] usb 3-1: Product: syz [ 589.069512][ T9] usb 3-1: Manufacturer: syz [ 589.075399][ T9] usb 3-1: SerialNumber: syz [ 589.087159][ T9] usb 3-1: config 0 descriptor?? [ 589.098322][T19143] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 589.108653][T19143] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 589.218070][T19163] nbd: illegal input index 1966080 [ 589.233894][T19161] sp0: Synchronizing with TNC [ 589.243490][ T2576] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 589.317778][T19160] [U] θ [ 589.334987][ T9] etas_es58x 3-1:0.219: Starting syz syz (Serial Number syz) [ 589.535383][ T9] etas_es58x 3-1:0.219: could not parse product info: 'δ‘Έ' [ 589.893066][ T9] usb 3-1: USB disconnect, device number 50 [ 589.917366][ T9] etas_es58x 3-1:0.219: Disconnecting syz syz [ 590.097946][T19184] Bluetooth: hci6: command 0x0405 tx timeout [ 590.122168][T19168] loop3: detected capacity change from 0 to 32768 [ 590.129421][T19168] XFS: noikeep mount option is deprecated. [ 590.237966][ T935] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 590.239296][T19168] XFS (loop3): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 590.344340][T19168] XFS (loop3): Ending clean mount [ 590.358574][T19168] XFS (loop3): Quotacheck needed: Please wait. [ 590.452023][ T935] usb 2-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 590.470474][ T935] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 590.493586][ T935] usb 2-1: config 0 descriptor?? [ 590.503600][ T935] gspca_main: spca508-2.14.0 probing 8086:0110 [ 590.527206][ T64] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 590.632854][T19168] XFS (loop3): Quotacheck: Done. [ 590.702616][T19168] XFS (loop3): syz.3.5063 should use fallocate; XFS_IOC_{ALLOC,FREE}SP ioctl unsupported [ 590.716307][ T935] gspca_spca508: reg_read err -32 [ 590.924612][ T935] gspca_spca508: reg_read err -71 [ 590.930094][ T935] gspca_spca508: reg_read err -71 [ 590.937417][ T935] gspca_spca508: reg_read err -71 [ 590.943694][ T935] gspca_spca508: reg write: error -71 [ 590.949610][ T935] spca508 2-1:0.0: probe with driver spca508 failed with error -71 [ 591.027519][ T935] usb 2-1: USB disconnect, device number 43 [ 591.108317][T16024] XFS (loop3): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 591.878342][T19223] loop4: detected capacity change from 0 to 32768 [ 591.940291][T19223] XFS (loop4): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 592.182948][T19217] loop2: detected capacity change from 0 to 32768 [ 592.235777][T19217] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.5077 (19217) [ 592.245836][T19223] XFS (loop4): Ending clean mount [ 592.372827][T17228] XFS (loop4): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 592.521713][T19217] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 592.525247][T19246] loop0: detected capacity change from 0 to 4096 [ 592.547816][T19246] NILFS (loop0): invalid segment: Checksum error in segment payload [ 592.556062][T19246] NILFS (loop0): trying rollback from an earlier position [ 592.579652][T19246] NILFS (loop0): recovery complete [ 592.596791][T19252] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 592.609764][T19217] BTRFS info (device loop2): using sha256 (sha256-ni) checksum algorithm [ 592.632528][T19217] BTRFS info (device loop2): using free-space-tree [ 592.908833][ T29] kauditd_printk_skb: 6 callbacks suppressed [ 592.908865][ T29] audit: type=1326 audit(1728261776.778:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19230 comm="syz.5.5081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc36dd7dff9 code=0x7fc00000 [ 592.939532][ T29] audit: type=1326 audit(1728261776.778:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19230 comm="syz.5.5081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc36dd7dff9 code=0x7fc00000 [ 592.971677][ T29] audit: type=1326 audit(1728261776.778:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19230 comm="syz.5.5081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc36dd7dff9 code=0x7fc00000 [ 593.020193][ T29] audit: type=1326 audit(1728261776.788:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19230 comm="syz.5.5081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc36dd7dff9 code=0x7fc00000 [ 593.471002][T13243] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 593.718405][T19293] loop5: detected capacity change from 0 to 1024 [ 593.730063][T19293] EXT4-fs: Ignoring removed nomblk_io_submit option [ 593.867637][T19293] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 594.212935][T19309] loop2: detected capacity change from 0 to 1024 [ 594.271348][T19309] hfsplus: bad catalog entry type [ 594.389748][T19313] loop3: detected capacity change from 0 to 1024 [ 594.421648][T17033] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 594.521033][T19313] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 594.693116][ T29] audit: type=1326 audit(1728261778.678:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19316 comm="syz.0.5103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd8557dff9 code=0x7ffc0000 [ 594.714131][ T52] hfsplus: b-tree write err: -5, ino 4 [ 594.718797][T19313] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 594.818484][ T29] audit: type=1326 audit(1728261778.698:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19316 comm="syz.0.5103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=451 compat=0 ip=0x7efd8557dff9 code=0x7ffc0000 [ 594.969399][T19313] EXT4-fs error (device loop3): ext4_expand_extra_isize_ea:2793: inode #2: comm syz.3.5101: corrupted in-inode xattr: bad e_name length [ 594.992425][ T29] audit: type=1326 audit(1728261778.698:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19316 comm="syz.0.5103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd8557dff9 code=0x7ffc0000 [ 595.001072][T19313] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #2: comm syz.3.5101: corrupted in-inode xattr: bad e_name length [ 595.038949][T14358] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 595.130729][ T29] audit: type=1326 audit(1728261778.698:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19316 comm="syz.0.5103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd8557dff9 code=0x7ffc0000 [ 595.182528][T19329] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5106'. [ 595.256320][T19335] loop2: detected capacity change from 0 to 256 [ 595.277507][T16024] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 595.778573][T19349] loop1: detected capacity change from 0 to 1024 [ 595.788512][T19348] loop2: detected capacity change from 0 to 2048 [ 595.844674][T19348] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 595.957163][T19348] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 595.992438][T19349] hfsplus: bad catalog entry type [ 596.017915][T19348] udf: Unexpected value for 'utf8' [ 596.206827][T19357] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5120'. [ 596.236137][ T52] hfsplus: b-tree write err: -5, ino 4 [ 596.294033][ T9125] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 596.353190][T19351] loop3: detected capacity change from 0 to 32768 [ 596.360607][T19351] XFS: noikeep mount option is deprecated. [ 596.464197][T19351] XFS (loop3): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 596.638554][T19351] XFS (loop3): Ending clean mount [ 596.686973][T19351] XFS (loop3): Quotacheck needed: Please wait. [ 596.735261][T19377] loop4: detected capacity change from 0 to 256 [ 596.838707][T19351] XFS (loop3): Quotacheck: Done. [ 596.976196][T19377] FAT-fs (loop4): Directory bread(block 64) failed [ 597.002028][T19377] FAT-fs (loop4): Directory bread(block 65) failed [ 597.055616][T19377] FAT-fs (loop4): Directory bread(block 66) failed [ 597.093152][T19377] FAT-fs (loop4): Directory bread(block 67) failed [ 597.125731][T16024] XFS (loop3): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 597.128044][T19377] FAT-fs (loop4): Directory bread(block 68) failed [ 597.144187][T19377] FAT-fs (loop4): Directory bread(block 69) failed [ 597.152140][T19377] FAT-fs (loop4): Directory bread(block 70) failed [ 597.158891][T19377] FAT-fs (loop4): Directory bread(block 71) failed [ 597.166293][T19377] FAT-fs (loop4): Directory bread(block 72) failed [ 597.176085][T19377] FAT-fs (loop4): Directory bread(block 73) failed [ 598.471201][ T9] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 598.714043][T19415] random: crng reseeded on system resumption [ 598.763408][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 598.772922][T19401] loop2: detected capacity change from 0 to 32768 [ 598.825500][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 598.875241][T19401] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.5139 (19401) [ 598.886633][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 598.914495][T19401] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 598.920903][ T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 598.932773][T19401] BTRFS info (device loop2): using sha256 (sha256-ni) checksum algorithm [ 598.946028][T19401] BTRFS info (device loop2): using free-space-tree [ 599.011828][ T9] usb 2-1: New USB device found, idVendor=046d, idProduct=c287, bcdDevice= 0.00 [ 599.032425][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 599.068720][ T9] usb 2-1: config 0 descriptor?? [ 599.079102][T19428] loop0: detected capacity change from 0 to 16 [ 599.102007][T19428] erofs: (device loop0): erofs_read_inode: negative i_size @ nid 36 [ 599.381054][T13243] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 599.521977][ T9] logitech 0003:046D:C287.006E: unknown main item tag 0x0 [ 599.565476][ T9] logitech 0003:046D:C287.006E: hidraw0: USB HID v0.00 Device [HID 046d:c287] on usb-dummy_hcd.1-1/input0 [ 599.635972][ T9] logitech 0003:046D:C287.006E: no inputs found [ 599.748890][ T9] usb 2-1: USB disconnect, device number 44 [ 600.068248][T19450] loop5: detected capacity change from 0 to 1024 [ 600.169311][ T2576] hfsplus: b-tree write err: -5, ino 4 [ 600.260465][ T5371] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 600.450623][ T5371] usb 3-1: Using ep0 maxpacket: 16 [ 600.468140][ T5371] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 600.480086][ T5371] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 600.492769][ T5371] usb 3-1: New USB device found, idVendor=0c70, idProduct=f0b6, bcdDevice= 0.00 [ 600.504319][ T5371] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 600.516520][ T5371] usb 3-1: config 0 descriptor?? [ 600.979277][T19446] loop0: detected capacity change from 0 to 32768 [ 600.987787][T19446] XFS: ikeep mount option is deprecated. [ 600.995480][T19446] XFS: ikeep mount option is deprecated. [ 601.021289][ T5371] aquacomputer_d5next 0003:0C70:F0B6.006F: hidraw0: USB HID v0.00 Device [HID 0c70:f0b6] on usb-dummy_hcd.2-1/input0 [ 601.049411][T19446] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 601.215292][ T5405] usb 3-1: USB disconnect, device number 51 [ 601.354812][T19446] XFS (loop0): Ending clean mount [ 601.399949][T19446] XFS (loop0): Quotacheck needed: Please wait. [ 601.443591][T19460] loop3: detected capacity change from 0 to 40427 [ 601.482565][T19460] F2FS-fs (loop3): Corrupted extension count (64 + 1 > 64) [ 601.500085][T19460] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 601.556075][T19446] XFS (loop0): Quotacheck: Done. [ 601.617396][T19460] F2FS-fs (loop3): Found nat_bits in checkpoint [ 601.634152][T19479] loop4: detected capacity change from 0 to 1024 [ 601.761832][ T5225] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 601.835705][T19460] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 601.863465][T19460] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 601.883261][T19486] loop1: detected capacity change from 0 to 4096 [ 601.900716][T19486] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 602.033985][T19489] loop4: detected capacity change from 0 to 256 [ 602.053794][ T205] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 602.121678][T19489] FAT-fs (loop4): Directory bread(block 64) failed [ 602.153176][T19489] FAT-fs (loop4): Directory bread(block 65) failed [ 602.181306][T19489] FAT-fs (loop4): Directory bread(block 66) failed [ 602.202240][T19489] FAT-fs (loop4): Directory bread(block 67) failed [ 602.269248][T19489] FAT-fs (loop4): Directory bread(block 68) failed [ 602.330847][T19489] FAT-fs (loop4): Directory bread(block 69) failed [ 602.337852][T19489] FAT-fs (loop4): Directory bread(block 70) failed [ 602.361261][T19489] FAT-fs (loop4): Directory bread(block 71) failed [ 602.368183][T19489] FAT-fs (loop4): Directory bread(block 72) failed [ 602.375374][T19489] FAT-fs (loop4): Directory bread(block 73) failed [ 602.478157][T19486] ntfs3: loop1: ino=1b, "file0" failed to parse mft record [ 602.561385][T19486] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 602.627049][T19486] ntfs3: loop1: ino=1b, "file0" attr_set_size [ 602.640638][ T5405] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 602.830583][ T5405] usb 3-1: Using ep0 maxpacket: 16 [ 602.850629][ T5405] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 602.916162][ T5405] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 602.944916][ T5405] usb 3-1: New USB device found, idVendor=07b5, idProduct=0312, bcdDevice= 0.00 [ 602.954163][ T5405] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 602.985800][ T5405] usb 3-1: config 0 descriptor?? [ 603.268144][T19498] IPVS: Unknown mcast interface: vlan0 [ 603.461192][ T5405] megaworld 0003:07B5:0312.0070: hidraw0: USB HID v0.00 Device [HID 07b5:0312] on usb-dummy_hcd.2-1/input0 [ 603.518493][T19500] loop4: detected capacity change from 0 to 40427 [ 603.527486][T19500] F2FS-fs (loop4): Small segment_count (9 < 1 * 24) [ 603.550750][ T5405] megaworld 0003:07B5:0312.0070: no inputs found [ 603.565758][T19500] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 603.636319][ T5405] usb 3-1: USB disconnect, device number 52 [ 603.671215][T19500] F2FS-fs (loop4): Found nat_bits in checkpoint [ 603.809139][T19494] loop0: detected capacity change from 0 to 32768 [ 604.121079][T19500] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 604.141465][T19500] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 604.283818][T19515] loop3: detected capacity change from 0 to 32768 [ 604.291308][T19515] XFS: ikeep mount option is deprecated. [ 604.296984][T19515] XFS: ikeep mount option is deprecated. [ 604.551621][T19515] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 604.737513][T19515] XFS (loop3): Ending clean mount [ 604.842378][T19515] XFS (loop3): Quotacheck needed: Please wait. [ 605.035470][T19515] XFS (loop3): Quotacheck: Done. [ 605.043040][T19513] loop1: detected capacity change from 0 to 32768 [ 605.460303][T16024] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 605.482672][T19541] loop2: detected capacity change from 0 to 2048 [ 605.575432][T19541] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 606.125022][T19557] netlink: 60 bytes leftover after parsing attributes in process `syz.0.5194'. [ 606.204767][T19557] Κό: entered promiscuous mode [ 606.242416][T19559] kernel profiling enabled (shift: 41) [ 606.248474][T19559] profiling shift: 41 too large [ 606.304129][T19561] loop4: detected capacity change from 0 to 512 [ 606.463750][T19561] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 606.560104][T19561] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 606.650754][T19561] ext4 filesystem being mounted at /126/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 606.683861][T19549] loop2: detected capacity change from 0 to 32768 [ 606.787742][T19549] JBD2: Ignoring recovery information on journal [ 606.796244][T19574] program syz.3.5201 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 606.926668][T19549] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 606.950633][T14690] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 607.009364][T17228] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 607.129597][T14690] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 607.202922][T13243] ocfs2: Unmounting device (7,2) on (node local) [ 607.210941][T14690] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 607.238787][T19585] loop5: detected capacity change from 0 to 2048 [ 607.247422][T14690] usb 2-1: New USB device found, idVendor=2179, idProduct=0053, bcdDevice= 0.00 [ 607.277106][T14690] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 607.289433][T14690] usb 2-1: config 0 descriptor?? [ 607.408628][T19589] team0: Port device syz_tun added [ 607.588361][T19585] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 607.757959][T14690] uclogic 0003:2179:0053.0071: interface is invalid, ignoring [ 607.828988][ T9125] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 607.944898][ T5288] usb 2-1: USB disconnect, device number 45 [ 608.021013][T19606] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5214'. [ 608.040709][T19606] netlink: 48 bytes leftover after parsing attributes in process `syz.2.5214'. [ 608.436582][T19618] loop5: detected capacity change from 0 to 256 [ 608.593125][T19623] netlink: 184 bytes leftover after parsing attributes in process `syz.3.5225'. [ 608.609585][T19623] netlink: 'syz.3.5225': attribute type 1 has an invalid length. [ 608.690984][T19618] FAT-fs (loop5): Directory bread(block 64) failed [ 608.697604][T19618] FAT-fs (loop5): Directory bread(block 65) failed [ 608.729959][T19618] FAT-fs (loop5): Directory bread(block 66) failed [ 608.748648][T19618] FAT-fs (loop5): Directory bread(block 67) failed [ 608.761801][T19618] FAT-fs (loop5): Directory bread(block 68) failed [ 608.769646][T19618] FAT-fs (loop5): Directory bread(block 69) failed [ 608.777298][T19618] FAT-fs (loop5): Directory bread(block 70) failed [ 608.785474][T19618] FAT-fs (loop5): Directory bread(block 71) failed [ 608.794212][T19618] FAT-fs (loop5): Directory bread(block 72) failed [ 608.801222][T19618] FAT-fs (loop5): Directory bread(block 73) failed [ 609.230707][ T5405] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 609.325776][T19646] loop3: detected capacity change from 0 to 128 [ 609.405301][ T5405] usb 2-1: Using ep0 maxpacket: 16 [ 609.427334][ T5405] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 609.438470][ T5405] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 609.448526][ T5405] usb 2-1: New USB device found, idVendor=17ef, idProduct=6085, bcdDevice= 0.00 [ 609.457811][ T5405] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 609.477972][ T5405] usb 2-1: config 0 descriptor?? [ 609.640337][T19654] netlink: 'syz.3.5239': attribute type 1 has an invalid length. [ 609.680657][T19654] netlink: 130160 bytes leftover after parsing attributes in process `syz.3.5239'. [ 609.928966][T19660] netlink: 'syz.4.5242': attribute type 1 has an invalid length. [ 609.955135][ T5405] hid-rmi 0003:17EF:6085.0072: item 0 1 0 9 parsing failed [ 609.964545][ T5405] hid-rmi 0003:17EF:6085.0072: parse failed [ 609.967982][T19660] netlink: 9364 bytes leftover after parsing attributes in process `syz.4.5242'. [ 609.987259][ T5405] hid-rmi 0003:17EF:6085.0072: probe with driver hid-rmi failed with error -22 [ 610.023664][T19660] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5242'. [ 610.050491][T14690] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 610.169778][ T935] usb 2-1: USB disconnect, device number 46 [ 610.231734][T14690] usb 3-1: Using ep0 maxpacket: 32 [ 610.266622][T14690] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 610.350777][T14690] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 610.430429][T14690] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2c2e, bcdDevice= 0.00 [ 610.439093][T19673] loop3: detected capacity change from 0 to 4096 [ 610.470185][T14690] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 610.482559][T14690] usb 3-1: config 0 descriptor?? [ 610.503082][T19681] loop4: detected capacity change from 0 to 256 [ 610.510669][T19682] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 610.533843][T19681] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x2fab2b20, utbl_chksum : 0xe619d30d) [ 610.909409][T14690] lua 0003:1E7D:2C2E.0073: global environment stack underflow [ 610.918057][T19690] loop4: detected capacity change from 0 to 256 [ 610.975952][T14690] lua 0003:1E7D:2C2E.0073: item 0 0 1 11 parsing failed [ 610.996757][T14690] lua 0003:1E7D:2C2E.0073: parse failed [ 611.004942][T14690] lua 0003:1E7D:2C2E.0073: probe with driver lua failed with error -22 [ 611.021888][T19690] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 611.129454][ T5307] usb 3-1: USB disconnect, device number 53 [ 611.177470][T19696] loop3: detected capacity change from 0 to 2048 [ 611.193654][T19690] exFAT-fs (loop4): hint_cluster is invalid (1), rewind to the first cluster [ 611.266463][T19690] exFAT-fs (loop4): error, invalid access to exfat cache (entry 0x00000000) [ 611.327760][T19690] exFAT-fs (loop4): Filesystem has been set read-only [ 611.368265][T19696] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 611.388322][T19690] exFAT-fs (loop4): error, failed to bmap (inode : ffff8880604aa188 iblock : 0, err : -5) [ 611.728603][T16024] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 611.785882][T19716] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5266'. [ 612.077877][T19687] loop5: detected capacity change from 0 to 32768 [ 612.086186][T19687] XFS: ikeep mount option is deprecated. [ 612.092306][T19687] XFS: attr2 mount option is deprecated. [ 612.098012][T19687] XFS: ikeep mount option is deprecated. [ 612.103828][T19687] XFS: noikeep mount option is deprecated. [ 612.249451][T19687] XFS (loop5): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 612.518925][T19687] XFS (loop5): Ending clean mount [ 612.541145][T19687] XFS (loop5): Quotacheck needed: Please wait. [ 612.677339][T19687] XFS (loop5): Quotacheck: Done. [ 612.737320][T19755] loop1: detected capacity change from 0 to 256 [ 612.952134][ T35] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 613.013779][T19755] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x99a53fd9, utbl_chksum : 0xe619d30d) [ 613.048743][T19763] loop3: detected capacity change from 0 to 4096 [ 613.120611][T17033] XFS (loop5): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 613.409442][T19775] loop1: detected capacity change from 0 to 1024 [ 613.497093][T19781] loop4: detected capacity change from 0 to 64 [ 613.555540][T19783] loop2: detected capacity change from 0 to 128 [ 613.944805][T19790] loop1: detected capacity change from 0 to 512 [ 614.058756][T19794] loop2: detected capacity change from 0 to 1024 [ 614.072795][T19790] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 614.107028][T19790] ext4 filesystem being mounted at /927/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 614.169329][T19800] loop4: detected capacity change from 0 to 8 [ 614.203823][ T2536] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 614.204949][T19794] hfsplus: bad catalog entry type [ 614.358842][T19805] loop3: detected capacity change from 0 to 128 [ 614.383322][ T5227] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 614.445960][ T2536] hfsplus: b-tree write err: -5, ino 4 [ 614.462533][T19808] FAT-fs (loop3): FAT read failed (blocknr 234) [ 614.592790][T19807] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5303'. [ 614.612356][T19807] tipc: Invalid UDP bearer configuration [ 614.612402][T19807] tipc: Enabling of bearer rejected, failed to enable media [ 614.880324][T19810] loop4: detected capacity change from 0 to 32768 [ 614.891030][T19810] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.5302 (19810) [ 614.911659][T19810] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 614.936909][T19810] BTRFS info (device loop4): using sha256 (sha256-ni) checksum algorithm [ 614.961697][T19810] BTRFS info (device loop4): using free-space-tree [ 615.533813][T14358] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [ 615.544813][T17228] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 615.712400][ T5371] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 615.930721][T19846] loop2: detected capacity change from 0 to 4096 [ 615.974196][ T5371] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 615.985222][T19846] ntfs3: loop2: Different NTFS sector size (1024) and media sector size (512). [ 615.985372][ T5371] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 616.004282][ T5371] usb 2-1: New USB device found, idVendor=056a, idProduct=0016, bcdDevice= 0.00 [ 616.014510][ T5371] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 616.025216][ T5371] usb 2-1: config 0 descriptor?? [ 616.122387][T19814] loop5: detected capacity change from 0 to 32768 [ 616.170601][T19814] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.5308 (19814) [ 616.329626][T19814] BTRFS info (device loop5): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 616.390604][T19814] BTRFS info (device loop5): using blake2b (blake2b-256-generic) checksum algorithm [ 616.400174][T19814] BTRFS info (device loop5): using free-space-tree [ 616.613786][ T5371] wacom 0003:056A:0016.0074: Unknown device_type for 'HID 056a:0016'. Assuming pen. [ 616.689473][ T5371] wacom 0003:056A:0016.0074: hidraw0: USB HID v0.00 Device [HID 056a:0016] on usb-dummy_hcd.1-1/input0 [ 616.702607][ T5371] input: Wacom Graphire4 6x8 Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:056A:0016.0074/input/input51 [ 616.851427][ T29] audit: type=1800 audit(1728261800.808:216): pid=19814 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.5308" name="file1" dev="loop5" ino=260 res=0 errno=0 [ 616.873693][ T5405] usb 2-1: USB disconnect, device number 47 [ 617.145315][T17033] BTRFS info (device loop5): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 617.172635][T19835] loop3: detected capacity change from 0 to 32768 [ 617.303040][T19835] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 617.314445][T19835] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 617.353868][T19835] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms [ 617.392875][ T5405] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 617.402578][ T5405] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 617.477429][ T5292] usb 3-1: new high-speed USB device number 54 using dummy_hcd [ 617.654535][ T5405] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 251ms [ 617.662246][ T5405] gfs2: fsid=syz:syz.0: jid=0: Done [ 617.670918][T19835] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 617.672726][ T5292] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 617.765231][ T5292] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 617.776947][ T5292] usb 3-1: New USB device found, idVendor=28bd, idProduct=0074, bcdDevice= 0.00 [ 617.786568][ T5292] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 617.808510][ T5292] usb 3-1: config 0 descriptor?? [ 618.281867][ T5292] uclogic 0003:28BD:0074.0075: interface is invalid, ignoring [ 618.297310][T19894] loop3: detected capacity change from 0 to 1024 [ 618.478236][ T5292] usb 3-1: USB disconnect, device number 54 [ 618.581552][ T35] hfsplus: b-tree write err: -5, ino 4 [ 618.685589][ T52] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 619.240918][ T35] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 619.421165][T19911] loop2: detected capacity change from 0 to 4096 [ 619.475171][T19911] NILFS (loop2): invalid segment: Checksum error in segment payload [ 619.483407][T19911] NILFS (loop2): trying rollback from an earlier position [ 619.563680][T19911] NILFS (loop2): recovery complete [ 619.610437][T19919] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 619.949581][T19905] loop3: detected capacity change from 0 to 40427 [ 620.000680][T19905] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504) [ 620.030753][T19905] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 620.061012][T19928] loop2: detected capacity change from 0 to 256 [ 620.074050][T19905] F2FS-fs (loop3): inline encryption not supported [ 620.081925][T19905] F2FS-fs (loop3): invalid crc value [ 620.090413][T19905] F2FS-fs (loop3): Found nat_bits in checkpoint [ 620.115420][T19928] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x72684843, utbl_chksum : 0xe619d30d) [ 620.513110][T19905] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 620.513147][T19905] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 620.685219][T19947] netlink: 76 bytes leftover after parsing attributes in process `syz.0.5347'. [ 620.748649][T19952] loop2: detected capacity change from 0 to 128 [ 620.986733][T19952] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 621.007338][T19958] loop5: detected capacity change from 0 to 64 [ 621.029936][T16024] syz-executor: attempt to access beyond end of device [ 621.029936][T16024] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 621.049626][T19951] loop4: detected capacity change from 0 to 32768 [ 621.080570][T19952] ext4 filesystem being mounted at /380/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 621.092999][T16024] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 621.111417][T19954] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5354'. [ 621.129525][T19954] netlink: 44 bytes leftover after parsing attributes in process `syz.0.5354'. [ 621.202258][T19951] JBD2: Ignoring recovery information on journal [ 621.310307][T19951] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 621.432121][T17228] ocfs2: Unmounting device (7,4) on (node local) [ 621.449759][T13243] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 621.653431][T19970] loop2: detected capacity change from 0 to 64 [ 621.687291][T19968] loop5: detected capacity change from 0 to 512 [ 621.842885][T19968] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 621.903870][T19968] ext4 filesystem being mounted at /162/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 622.302464][T19985] loop4: detected capacity change from 0 to 512 [ 622.318669][T19985] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 622.376801][T19985] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 622.600585][T19985] EXT4-fs (loop4): 1 truncate cleaned up [ 622.608724][T19985] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 622.722158][T19987] loop3: detected capacity change from 0 to 32768 [ 622.729607][T19987] XFS: ikeep mount option is deprecated. [ 622.757061][T17033] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 622.906752][T17228] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 622.971005][T19987] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 623.246421][T19987] XFS (loop3): Ending clean mount [ 623.299293][T19987] XFS (loop3): Quotacheck needed: Please wait. [ 623.378408][T20023] netlink: 'syz.2.5378': attribute type 1 has an invalid length. [ 623.386698][T20023] netlink: 'syz.2.5378': attribute type 2 has an invalid length. [ 623.440588][ T5288] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 623.501209][T19987] XFS (loop3): Quotacheck: Done. [ 623.586513][T16024] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 623.714564][ T5288] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 623.770585][ T5288] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 623.790689][ T5288] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 623.799790][ T5288] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 623.821988][ T1262] ieee802154 phy0 wpan0: encryption failed: -22 [ 623.828781][ T5288] usb 2-1: config 0 descriptor?? [ 624.336219][ T5288] cp2112 0003:10C4:EA90.0076: unknown main item tag 0x0 [ 624.348649][ T5288] cp2112 0003:10C4:EA90.0076: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.1-1/input0 [ 624.374929][T20048] mkiss: ax0: crc mode is auto. [ 624.447613][ T2576] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 624.462164][ T2576] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 624.476814][T20050] loop3: detected capacity change from 0 to 512 [ 624.489562][T20050] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 624.537814][ T5288] cp2112 0003:10C4:EA90.0076: error requesting version [ 624.547269][ T5288] cp2112 0003:10C4:EA90.0076: probe with driver cp2112 failed with error -71 [ 624.562532][ T5288] usb 2-1: USB disconnect, device number 48 [ 624.569565][T20050] EXT4-fs (loop3): 1 truncate cleaned up [ 624.611644][T20050] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 624.728954][T16024] EXT4-fs error (device loop3): mb_free_blocks:1948: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [ 624.757448][T16024] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 624.898381][T20060] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5394'. [ 624.940029][T20064] loop5: detected capacity change from 0 to 256 [ 625.110754][T20064] FAT-fs (loop5): Directory bread(block 64) failed [ 625.117328][T20064] FAT-fs (loop5): Directory bread(block 65) failed [ 625.179735][T20070] smb3: Bad value for 'gid' [ 625.193517][T20064] FAT-fs (loop5): Directory bread(block 66) failed [ 625.200068][T20064] FAT-fs (loop5): Directory bread(block 67) failed [ 625.230927][T20070] smb3: Bad value for 'gid' [ 625.261734][T20064] FAT-fs (loop5): Directory bread(block 68) failed [ 625.272945][T20064] FAT-fs (loop5): Directory bread(block 69) failed [ 625.279647][T20064] FAT-fs (loop5): Directory bread(block 70) failed [ 625.286538][T20064] FAT-fs (loop5): Directory bread(block 71) failed [ 625.347243][T20064] FAT-fs (loop5): Directory bread(block 72) failed [ 625.396879][T20064] FAT-fs (loop5): Directory bread(block 73) failed [ 625.885946][T17871] Bluetooth: hci7: command 0x0406 tx timeout [ 625.920471][ T5292] usb 3-1: new high-speed USB device number 55 using dummy_hcd [ 625.929889][T20101] netlink: 56 bytes leftover after parsing attributes in process `syz.1.5416'. [ 626.099231][ T5292] usb 3-1: config 0 has an invalid interface number: 117 but max is 0 [ 626.108542][ T5292] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 626.122147][ T5292] usb 3-1: config 0 has no interface number 0 [ 626.128351][ T5292] usb 3-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 626.139291][ T5292] usb 3-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 626.167859][ T5292] usb 3-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 626.231225][ T5292] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 626.250641][ T5292] usb 3-1: Product: syz [ 626.254896][ T5292] usb 3-1: Manufacturer: syz [ 626.259503][ T5292] usb 3-1: SerialNumber: syz [ 626.269263][ T5292] usb 3-1: config 0 descriptor?? [ 626.486115][T20116] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5423'. [ 626.900608][ T5292] usb 3-1: USB disconnect, device number 55 [ 627.273891][T20112] loop5: detected capacity change from 0 to 32768 [ 627.335979][T20112] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 627.371282][T20135] loop4: detected capacity change from 0 to 512 [ 627.442628][T20135] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 627.456940][T20135] ext4 filesystem being mounted at /167/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 627.483234][T20135] EXT4-fs error (device loop4): ext4_readdir:261: inode #2: block 3: comm syz.4.5431: path /167/file0: bad entry in directory: rec_len % 4 != 0 - offset=12, inode=2197815810, rec_len=21, size=2048 fake=0 [ 627.551242][T20135] EXT4-fs error (device loop4): ext4_readdir:261: inode #2: block 12: comm syz.4.5431: path /167/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 627.682393][T20135] EXT4-fs error (device loop4): ext4_readdir:261: inode #2: block 13: comm syz.4.5431: path /167/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 627.729194][T17033] ocfs2: Unmounting device (7,5) on (node local) [ 627.754271][T20135] EXT4-fs error (device loop4): ext4_readdir:261: inode #2: block 14: comm syz.4.5431: path /167/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 627.895856][T20135] EXT4-fs error (device loop4): ext4_readdir:261: inode #2: block 15: comm syz.4.5431: path /167/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 627.934360][T20135] EXT4-fs error (device loop4): ext4_readdir:261: inode #2: block 16: comm syz.4.5431: path /167/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0 [ 628.079861][T20135] EXT4-fs error (device loop4): ext4_readdir:261: inode #2: block 17: comm syz.4.5431: path /167/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 628.102754][T20135] EXT4-fs error (device loop4): ext4_map_blocks:671: inode #2: block 18: comm syz.4.5431: lblock 23 mapped to illegal pblock 18 (length 1) [ 628.117626][T20135] EXT4-fs error (device loop4): ext4_readdir:261: inode #2: block 19: comm syz.4.5431: path /167/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 628.158452][T20135] EXT4-fs error (device loop4): ext4_readdir:261: inode #2: block 20: comm syz.4.5431: path /167/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=2048 fake=0 [ 628.313266][T20148] mkiss: ax0: crc mode is auto. [ 628.332230][T17228] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 628.608421][T20155] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5441'. [ 628.985902][T20162] loop5: detected capacity change from 0 to 1024 [ 629.079858][T20167] openvswitch: netlink: Unknown nsh attribute 0 [ 629.283167][T20162] hfsplus: bad catalog entry type [ 629.561013][ T205] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 629.578410][ T2576] hfsplus: b-tree write err: -5, ino 4 [ 629.659137][T20181] netlink: 'syz.5.5451': attribute type 10 has an invalid length. [ 629.714126][T20180] macvlan2: entered promiscuous mode [ 629.820512][T20180] macvlan2: entered allmulticast mode [ 629.919910][T20185] netlink: 'syz.2.5456': attribute type 1 has an invalid length. [ 630.227458][ T2576] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 630.230810][T20166] loop3: detected capacity change from 0 to 32768 [ 630.250769][T20166] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.5446 (20166) [ 630.303225][T20166] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 630.340732][T20166] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 630.352428][T20166] BTRFS info (device loop3): using free-space-tree [ 630.667754][T20207] netlink: 16 bytes leftover after parsing attributes in process `syz.5.5460'. [ 630.745557][T20166] BTRFS info (device loop3): checking UUID tree [ 630.748089][T20207] netlink: 32 bytes leftover after parsing attributes in process `syz.5.5460'. [ 630.887133][T20230] tipc: Started in network mode [ 630.920782][T20230] tipc: Node identity 00000000000000000000000000004001, cluster identity 4711 [ 630.997821][T20230] tipc: Enabling of bearer rejected, failed to enable media [ 631.090678][T16024] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 631.657695][T20234] loop1: detected capacity change from 0 to 32768 [ 631.666888][T20234] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.5470 (20234) [ 631.684345][T20234] BTRFS info (device loop1 state S): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 631.696153][T20234] BTRFS info (device loop1 state S): using blake2b (blake2b-256-generic) checksum algorithm [ 631.707408][T20234] BTRFS info (device loop1 state S): using free-space-tree [ 631.840994][T20232] loop4: detected capacity change from 0 to 32768 [ 631.920968][T20232] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.5469 (20232) [ 631.956129][T20261] loop3: detected capacity change from 0 to 128 [ 631.978333][T20261] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 631.993928][T20261] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 632.008651][T20232] BTRFS info (device loop4): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 632.078216][T20232] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 632.120886][T20232] BTRFS info (device loop4): using free-space-tree [ 632.190826][ T9] usb 3-1: new high-speed USB device number 56 using dummy_hcd [ 632.454550][ T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 632.469218][ T9] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 632.515179][ T9] usb 3-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00 [ 632.582871][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 632.603012][ T9] usb 3-1: config 0 descriptor?? [ 632.615382][ T29] audit: type=1800 audit(1728261816.598:217): pid=20232 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.5469" name="bus" dev="loop4" ino=263 res=0 errno=0 [ 632.629767][ T5227] BTRFS info (device loop1 state CS): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 633.174973][T20297] loop1: detected capacity change from 0 to 4096 [ 633.184483][T17228] BTRFS info (device loop4): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 633.395893][ T9] Bluetooth: Can't get version to change to load ram patch err [ 633.410498][ T9] Bluetooth: Loading sysconfig file failed [ 633.430023][ T9] ath3k 3-1:0.0: probe with driver ath3k failed with error -71 [ 633.479244][ T9] usb 3-1: USB disconnect, device number 56 [ 633.621836][T20297] ntfs3: loop1: failed to convert "0080" to cp1255 [ 633.691430][T20297] ntfs3: loop1: failed to convert name for inode 1e. [ 633.902476][T20294] loop3: detected capacity change from 0 to 32768 [ 633.928217][T20294] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.5481 (20294) [ 634.109812][T20303] loop5: detected capacity change from 0 to 32768 [ 634.125033][T20294] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 634.136496][T20303] (syz.5.5487,20303,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 634.162570][T20294] BTRFS info (device loop3): using sha256 (sha256-ni) checksum algorithm [ 634.179592][T20303] (syz.5.5487,20303,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 634.261891][T20294] BTRFS info (device loop3): using free-space-tree [ 634.402395][T20303] JBD2: Ignoring recovery information on journal [ 634.624116][ T5288] usb 3-1: new high-speed USB device number 57 using dummy_hcd [ 634.635022][T20339] loop1: detected capacity change from 0 to 1024 [ 634.807096][ T5288] usb 3-1: Using ep0 maxpacket: 16 [ 634.816480][T20303] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 634.867650][ T2576] hfsplus: b-tree write err: -5, ino 4 [ 634.875302][T16024] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 634.888560][ T5288] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 634.980492][ T5288] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 635.030504][ T5288] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 635.040339][ T5288] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 635.069130][ T5288] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 635.112025][ T5288] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 635.121233][ T5288] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 635.129236][ T5288] usb 3-1: Manufacturer: syz [ 635.141142][ T5288] usb 3-1: config 0 descriptor?? [ 635.149881][ T5288] usbhid 3-1:0.0: can't add hid device: -22 [ 635.156922][ T5288] usbhid 3-1:0.0: probe with driver usbhid failed with error -22 [ 635.254129][T20334] loop4: detected capacity change from 0 to 40427 [ 635.273741][T20334] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 635.281980][T20334] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 635.326552][ T2576] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 635.368641][T20334] F2FS-fs (loop4): invalid crc value [ 635.387459][ T5292] usb 3-1: USB disconnect, device number 57 [ 635.402256][ T2576] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 635.445020][T20334] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669) [ 635.530479][T20334] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 635.724840][T20352] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5501'. [ 635.799998][T20334] F2FS-fs (loop4): Try to recover 1th superblock, ret: -30 [ 635.807705][T20334] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 635.993401][T17033] ocfs2: Unmounting device (7,5) on (node local) [ 636.284280][T20365] support for cryptoloop has been removed. Use dm-crypt instead. [ 636.846604][T20386] loop2: detected capacity change from 0 to 512 [ 636.890129][T20386] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 636.966959][T20386] EXT4-fs warning (device loop2): dx_probe:881: Enable large directory feature to access it [ 636.977529][T20386] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.5516: Corrupt directory, running e2fsck is recommended [ 637.050747][T20386] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 637.210451][T20386] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.5516: corrupted in-inode xattr: invalid ea_ino [ 637.257100][T20394] xt_CT: No such helper "netbios-ns" [ 637.330591][T20386] EXT4-fs (loop2): Remounting filesystem read-only [ 637.351912][T20386] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 637.401118][ T29] audit: type=1326 audit(1728261821.338:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20408 comm="syz.3.5523" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fec5d77dff9 code=0x0 [ 637.933935][T13243] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 638.057368][T20413] loop4: detected capacity change from 0 to 32768 [ 638.517129][T20447] netlink: 'syz.2.5537': attribute type 1 has an invalid length. [ 638.530569][T20447] netlink: 9352 bytes leftover after parsing attributes in process `syz.2.5537'. [ 638.549451][T20447] netlink: 'syz.2.5537': attribute type 1 has an invalid length. [ 638.557582][T20447] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5537'. [ 639.150748][T20464] dvmrp5: entered allmulticast mode [ 639.158823][T20464] dvmrp5: left allmulticast mode [ 639.721348][T20494] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5551'. [ 639.881732][T20499] loop2: detected capacity change from 0 to 1024 [ 639.890768][T20498] netlink: 60 bytes leftover after parsing attributes in process `syz.3.5553'. [ 639.984940][T20498] Κό: entered promiscuous mode [ 640.104815][T20499] hfsplus: bad catalog entry type [ 640.179718][T20508] loop1: detected capacity change from 0 to 512 [ 640.202276][ T2536] hfsplus: b-tree write err: -5, ino 4 [ 640.296559][T20508] EXT4-fs: Ignoring removed orlov option [ 640.343921][T20508] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 640.372419][T14358] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 640.400710][ T5292] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 640.486732][T20508] EXT4-fs (loop1): 1 truncate cleaned up [ 640.493652][T20508] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 640.614133][ T5292] usb 4-1: Using ep0 maxpacket: 8 [ 640.622988][ T5292] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 640.635546][ T5292] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 640.645400][ T5292] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 640.655153][ T5292] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 30 [ 640.665612][ T5292] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 640.675969][ T5292] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 640.688187][ T5292] usb 4-1: config 0 descriptor?? [ 640.694367][T20505] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 640.778611][ T5227] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 640.995676][ T5307] usb 4-1: USB disconnect, device number 39 [ 641.038446][ T5232] Bluetooth: hci9: Opcode 0x0c03 failed: -71 [ 641.081149][ T52] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 641.230704][ T5292] usb 3-1: new high-speed USB device number 58 using dummy_hcd [ 641.440741][ T5292] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 641.455220][ T5292] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 641.455274][ T5292] usb 3-1: New USB device found, idVendor=046d, idProduct=c294, bcdDevice= 0.00 [ 641.455307][ T5292] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 641.459065][ T5292] usb 3-1: config 0 descriptor?? [ 641.643353][T20535] loop1: detected capacity change from 0 to 32768 [ 641.838016][T20529] loop5: detected capacity change from 0 to 32768 [ 641.883686][T20535] XFS (loop1): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 641.891618][T20529] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 641.903467][ T5292] logitech 0003:046D:C294.0077: unbalanced collection at end of report description [ 641.921671][ T5292] logitech 0003:046D:C294.0077: parse failed [ 641.927736][ T5292] logitech 0003:046D:C294.0077: probe with driver logitech failed with error -22 [ 641.953610][T20529] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 642.017729][T20535] XFS (loop1): Ending clean mount [ 642.051505][T20529] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms [ 642.117115][T14690] usb 3-1: USB disconnect, device number 58 [ 642.140923][ T5227] XFS (loop1): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 642.180788][ T5288] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 642.197849][ T5288] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 642.315736][ T5288] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 117ms [ 642.363540][ T5288] gfs2: fsid=syz:syz.0: jid=0: Done [ 642.407743][T20529] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 643.180684][T14690] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 643.380630][T14690] usb 2-1: Using ep0 maxpacket: 16 [ 643.407536][T14690] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 643.481263][T14690] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 643.528872][T14690] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 643.538628][T14690] usb 2-1: New USB device strings: Mfr=236, Product=255, SerialNumber=0 [ 643.557821][T14690] usb 2-1: Product: syz [ 643.562766][T14690] usb 2-1: Manufacturer: syz [ 643.573603][T14690] usb 2-1: config 0 descriptor?? [ 644.023367][T14690] kovaplus 0003:1E7D:2D50.0078: unknown main item tag 0xd [ 644.032331][T14690] kovaplus 0003:1E7D:2D50.0078: hidraw0: USB HID v0.07 Device [syz syz] on usb-dummy_hcd.1-1/input0 [ 644.343371][T14690] kovaplus 0003:1E7D:2D50.0078: couldn't init struct kovaplus_device [ 644.352526][T14690] kovaplus 0003:1E7D:2D50.0078: couldn't install mouse [ 644.371828][T14690] kovaplus 0003:1E7D:2D50.0078: probe with driver kovaplus failed with error -71 [ 644.388075][T14690] usb 2-1: USB disconnect, device number 49 [ 644.479567][T20600] loop2: detected capacity change from 0 to 32768 [ 644.529207][T20600] JBD2: Ignoring recovery information on journal [ 644.774819][T20600] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 645.164150][T13243] ocfs2: Unmounting device (7,2) on (node local) [ 645.268686][T20630] loop4: detected capacity change from 0 to 32768 [ 645.385135][T20630] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.5605 (20630) [ 645.458073][T20645] loop1: detected capacity change from 0 to 8 [ 645.490998][ T2576] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 645.594533][T20630] BTRFS info (device loop4): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 645.608956][T20630] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 645.655998][T20630] BTRFS info (device loop4): using free-space-tree [ 646.201460][ T52] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 646.248045][T20666] loop1: detected capacity change from 0 to 4096 [ 646.932631][T20671] loop5: detected capacity change from 0 to 32768 [ 646.944612][T20671] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.5620 (20671) [ 647.013802][T17228] BTRFS info (device loop4): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 647.109625][T20671] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 647.119928][T20671] BTRFS info (device loop5): using sha256 (sha256-ni) checksum algorithm [ 647.128470][T20671] BTRFS info (device loop5): using free-space-tree [ 647.197728][T20693] loop3: detected capacity change from 0 to 4096 [ 647.225555][T20693] ntfs3: loop3: Different NTFS sector size (2048) and media sector size (512). [ 647.270459][ T5405] usb 3-1: new high-speed USB device number 59 using dummy_hcd [ 647.531169][ T5405] usb 3-1: Using ep0 maxpacket: 32 [ 647.553319][ T5405] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 647.580609][ T5405] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 647.595275][ T5405] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 647.605389][ T5405] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 647.617021][ T5405] usb 3-1: config 0 descriptor?? [ 647.624431][ T5405] hub 3-1:0.0: USB hub found [ 647.808336][T20717] IPVS: sh: UDP 0.0.0.0:0 - no destination available [ 647.815288][ T5307] IPVS: starting estimator thread 0... [ 647.840640][ T5405] hub 3-1:0.0: 1 port detected [ 647.911719][T20718] IPVS: using max 16 ests per chain, 38400 per kthread [ 648.045393][ T5405] hub 3-1:0.0: hub_hub_status failed (err = -71) [ 648.073800][ T5405] hub 3-1:0.0: config failed, can't get hub status (err -71) [ 648.092496][ T5405] usbhid 3-1:0.0: can't add hid device: -71 [ 648.105486][ T5405] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 648.135048][ T5405] usb 3-1: USB disconnect, device number 59 [ 648.314539][T17033] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 648.531024][ T5307] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 648.535097][T20706] loop1: detected capacity change from 0 to 32768 [ 648.652638][T20706] XFS (loop1): Mounting V5 Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6 [ 648.753302][ T5307] usb 4-1: Using ep0 maxpacket: 16 [ 648.863299][T20706] XFS (loop1): Ending clean mount [ 648.868539][ T5307] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 648.900559][ T5307] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 648.940483][ T5307] usb 4-1: New USB device found, idVendor=0419, idProduct=0001, bcdDevice= 0.00 [ 648.949706][ T5307] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 648.982508][ T5307] usb 4-1: config 0 descriptor?? [ 649.038187][T20747] loop2: detected capacity change from 0 to 2048 [ 649.060326][T20749] netlink: 16 bytes leftover after parsing attributes in process `syz.5.5643'. [ 649.158237][T20747] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 649.192901][ T935] kernel write not supported for file 418/task/419/clear_refs (pid: 935 comm: kworker/1:2) [ 649.225360][ T5227] XFS (loop1): Unmounting Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6 [ 649.481521][ T5307] samsung 0003:0419:0001.0079: unknown main item tag 0x0 [ 649.488634][ T5307] samsung 0003:0419:0001.0079: unknown main item tag 0x0 [ 649.495904][ T5307] samsung 0003:0419:0001.0079: unknown main item tag 0x0 [ 649.503088][ T5307] samsung 0003:0419:0001.0079: unknown main item tag 0x0 [ 649.524639][ T5307] samsung 0003:0419:0001.0079: unknown main item tag 0x0 [ 649.537910][ T5307] samsung 0003:0419:0001.0079: hidraw0: USB HID v0.00 Device [HID 0419:0001] on usb-dummy_hcd.3-1/input0 [ 649.713596][ T5405] usb 4-1: USB disconnect, device number 40 [ 649.779693][T20761] loop5: detected capacity change from 0 to 1024 [ 649.866016][T20761] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 649.925938][T20761] EXT4-fs error (device loop5): ext4_ext_check_inode:524: inode #11: comm syz.5.5649: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 650.011868][T20761] EXT4-fs error (device loop5): ext4_orphan_get:1393: comm syz.5.5649: couldn't read orphan inode 11 (err -117) [ 650.029143][T20761] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 650.117070][T20761] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:483: comm syz.5.5649: Invalid block bitmap block 0 in block_group 0 [ 650.166697][T20761] Quota error (device loop5): write_blk: dquota write failed [ 650.176184][T20761] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota [ 650.186689][T20761] EXT4-fs error (device loop5): ext4_acquire_dquot:6879: comm syz.5.5649: Failed to acquire dquot type 0 [ 650.190580][ T9] usb 3-1: new high-speed USB device number 60 using dummy_hcd [ 650.289928][T17033] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 650.325991][ T9125] Quota error (device loop5): do_check_range: Getting block 0 out of range 1-8 [ 650.380624][ T9125] EXT4-fs error (device loop5): ext4_release_dquot:6902: comm kworker/u8:8: Failed to release dquot type 0 [ 650.460002][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 650.506012][ T9] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 650.506054][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 650.506085][ T9] usb 3-1: Product: syz [ 650.506107][ T9] usb 3-1: Manufacturer: syz [ 650.506130][ T9] usb 3-1: SerialNumber: syz [ 650.564175][T20787] netlink: 'syz.5.5656': attribute type 27 has an invalid length. [ 650.835821][ T9] r8152-cfgselector 3-1: Unknown version 0x0000 [ 650.835865][ T9] r8152-cfgselector 3-1: config 0 descriptor?? [ 651.317691][ T5405] r8152-cfgselector 3-1: USB disconnect, device number 60 [ 651.325798][T14358] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 651.658633][T20802] loop3: detected capacity change from 0 to 128 [ 651.721190][T20802] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 651.836162][T20802] ext4 filesystem being mounted at /320/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 651.913781][T20802] EXT4-fs warning (device loop3): verify_group_input:137: Cannot add at group 3 (only 1 groups) [ 651.970801][ T205] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 651.998738][T20799] loop4: detected capacity change from 0 to 32768 [ 652.009908][T20799] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.5666 (20799) [ 652.028728][T20812] loop1: detected capacity change from 0 to 512 [ 652.047443][T20812] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 652.053624][T16024] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 652.138306][T20799] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 652.159375][T20812] EXT4-fs (loop1): 1 truncate cleaned up [ 652.166540][T20812] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 652.207544][T20812] EXT4-fs: can't change dax mount option while remounting [ 652.232160][ T5227] EXT4-fs error (device loop1): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=16, rec_len=0, size=1024 fake=0 [ 652.259601][ T5227] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 652.267060][T20799] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 652.267105][T20799] BTRFS info (device loop4): using free-space-tree [ 652.394070][ T5227] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 652.497910][T20836] "syz.2.5676" (20836) uses obsolete ecb(arc4) skcipher [ 652.559332][ T5292] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 652.705802][T17228] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 652.788145][ T5292] usb 4-1: Using ep0 maxpacket: 32 [ 652.864252][ T5292] usb 4-1: config 4 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 652.915991][ T5292] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 27, changing to 8 [ 653.020467][ T5292] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 16698, setting to 1024 [ 653.060435][ T5292] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 653.069573][ T5292] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 653.138491][ T5292] hub 4-1:4.0: USB hub found [ 653.347237][T20864] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_bridge, syncid = 0, id = 0 [ 653.347397][ T5292] hub 4-1:4.0: 2 ports detected [ 653.387026][ T5292] usb 4-1: selecting invalid altsetting 1 [ 653.387056][ T5292] hub 4-1:4.0: Using single TT (err -22) [ 653.564135][ T5292] hub 4-1:4.0: hub_hub_status failed (err = -71) [ 653.564220][ T5292] hub 4-1:4.0: config failed, can't get hub status (err -71) [ 653.591333][T20871] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0xd [ 653.594597][ T5292] usb 4-1: USB disconnect, device number 41 [ 654.582002][T20878] loop2: detected capacity change from 0 to 32768 [ 654.806808][T20878] read_mapping_page failed! [ 654.830532][T20878] jfs_create: dtInsert returned -EIO [ 654.854335][T20878] ERROR: (device loop2): jfs_create: [ 654.854335][T20878] [ 654.895542][T20878] ERROR: (device loop2): remounting filesystem as read-only [ 654.924347][T20913] netlink: 'syz.5.5706': attribute type 15 has an invalid length. [ 656.094734][T20949] loop1: detected capacity change from 0 to 2048 [ 656.521656][ T9125] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 656.545969][ T30] INFO: task syz.4.4249:17002 blocked for more than 143 seconds. [ 656.558751][T20949] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 656.571045][ T30] Not tainted 6.12.0-rc2-syzkaller #0 [ 656.597152][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 656.840663][ T30] task:syz.4.4249 state:D stack:24864 pid:17002 tgid:17000 ppid:14176 flags:0x00000004 [ 656.851484][ T30] Call Trace: [ 656.854785][ T30] [ 656.857732][ T30] __schedule+0x1895/0x4b30 [ 656.862403][ T30] ? __pfx___schedule+0x10/0x10 [ 656.867294][ T30] ? __pfx_lock_release+0x10/0x10 [ 656.872417][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 656.878442][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 656.884891][ T30] ? _raw_spin_lock_irq+0xdf/0x120 [ 656.890046][ T30] ? schedule+0x90/0x320 [ 656.894508][ T30] schedule+0x14b/0x320 [ 656.898714][ T30] schedule_preempt_disabled+0x13/0x30 [ 656.904390][ T30] rwsem_down_write_slowpath+0xeee/0x13b0 [ 656.911136][ T30] ? rwsem_down_write_slowpath+0xa09/0x13b0 [ 656.917086][ T30] ? __pfx_rwsem_down_write_slowpath+0x10/0x10 [ 656.924164][ T30] ? __pfx_lock_acquire+0x10/0x10 [ 656.929250][ T30] ? __might_fault+0xaa/0x120 [ 656.934169][ T30] ? __pfx_lock_release+0x10/0x10 [ 656.939244][ T30] down_write+0x1d7/0x220 [ 656.943692][ T30] ? __pfx_down_write+0x10/0x10 [ 656.948574][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 656.954322][ T30] ? __might_fault+0xc6/0x120 [ 656.959034][ T30] blkdev_common_ioctl+0x150b/0x2480 [ 656.964499][ T30] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 656.970179][ T30] ? tomoyo_path_number_perm+0x208/0x880 [ 656.975899][ T30] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 656.982191][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 656.987890][ T30] ? file_to_blk_mode+0xcc/0x140 [ 656.992962][ T30] blkdev_ioctl+0x4ca/0x6a0 [ 656.997514][ T30] ? __pfx_blkdev_ioctl+0x10/0x10 [ 657.010448][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 657.016121][ T30] ? __pfx_blkdev_ioctl+0x10/0x10 [ 657.016391][T20962] loop5: detected capacity change from 0 to 32768 [ 657.021418][ T30] __se_sys_ioctl+0xfb/0x170 [ 657.032384][ T30] do_syscall_64+0xf3/0x230 [ 657.036924][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 657.045051][ T30] RIP: 0033:0x7f7955f7dff9 [ 657.049499][ T30] RSP: 002b:00007f7956d92038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 657.058032][ T30] RAX: ffffffffffffffda RBX: 00007f7956135f80 RCX: 00007f7955f7dff9 [ 657.066142][ T30] RDX: 0000000020000100 RSI: 000000000000127f RDI: 0000000000000003 [ 657.074230][ T30] RBP: 00007f7955ff0296 R08: 0000000000000000 R09: 0000000000000000 [ 657.081242][T20962] ocfs2: Slot 0 on device (7,5) was already allocated to this node! [ 657.084486][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 657.098830][ T30] R13: 0000000000000000 R14: 00007f7956135f80 R15: 00007ffcbd49a708 [ 657.106958][ T30] [ 657.110938][ T30] [ 657.110938][ T30] Showing all locks held in the system: [ 657.124430][ T30] 1 lock held by khungtaskd/30: [ 657.131746][ T30] #0: ffffffff8e937de0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 657.141779][ T30] 4 locks held by kworker/u8:3/52: [ 657.146960][ T30] 2 locks held by kworker/u8:6/2536: [ 657.152305][ T30] #0: ffff88801ac81148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 657.164355][ T30] #1: ffffc90008ff7d00 ((reaper_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 657.175242][ T30] 2 locks held by getty/4980: [ 657.179962][ T30] #0: ffff8880327920a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 657.190167][ T30] #1: ffffc900031332f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a6/0x1e00 [ 657.200629][ T30] 1 lock held by syz-executor/5227: [ 657.207440][ T30] 1 lock held by udevd/9010: [ 657.212295][ T30] 2 locks held by kworker/u8:8/9125: [ 657.220567][ T30] 1 lock held by syz.5.4160/16786: [ 657.225698][ T30] #0: ffff888148c942c0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x20e/0x490 [ 657.236676][ T30] 1 lock held by syz.4.4249/17002: [ 657.237179][T20962] JBD2: Ignoring recovery information on journal [ 657.242138][ T30] #0: ffff888148c942c0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_common_ioctl+0x150b/0x2480 [ 657.259606][ T30] 1 lock held by syz.5.5729/20962: [ 657.264840][ T30] [ 657.267191][ T30] ============================================= [ 657.267191][ T30] [ 657.275694][ T30] NMI backtrace for cpu 1 [ 657.280041][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc2-syzkaller #0 [ 657.288826][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 657.298994][ T30] Call Trace: [ 657.302286][ T30] [ 657.305320][ T30] dump_stack_lvl+0x241/0x360 [ 657.310030][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 657.315260][ T30] ? __pfx__printk+0x10/0x10 [ 657.319910][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 657.324895][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 657.330385][ T30] ? _printk+0xd5/0x120 [ 657.334582][ T30] ? __pfx__printk+0x10/0x10 [ 657.339214][ T30] ? __wake_up_klogd+0xcc/0x110 [ 657.344100][ T30] ? __pfx__printk+0x10/0x10 [ 657.348820][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 657.354479][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 657.354793][T20962] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 657.359520][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 657.374449][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 657.380463][ T30] watchdog+0xff4/0x1040 [ 657.384744][ T30] ? watchdog+0x1ea/0x1040 [ 657.389200][ T30] ? __pfx_watchdog+0x10/0x10 [ 657.393899][ T30] kthread+0x2f2/0x390 [ 657.397975][ T30] ? __pfx_watchdog+0x10/0x10 [ 657.402671][ T30] ? __pfx_kthread+0x10/0x10 [ 657.407268][ T30] ret_from_fork+0x4d/0x80 [ 657.411704][ T30] ? __pfx_kthread+0x10/0x10 [ 657.416301][ T30] ret_from_fork_asm+0x1a/0x30 [ 657.421100][ T30] [ 657.424144][ C1] vkms_vblank_simulate: vblank timer overrun [ 657.431336][ T30] Sending NMI from CPU 1 to CPUs 0: [ 657.436564][ C0] NMI backtrace for cpu 0 [ 657.436579][ C0] CPU: 0 UID: 0 PID: 20961 Comm: syz.5.5729 Not tainted 6.12.0-rc2-syzkaller #0 [ 657.436605][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 657.436624][ C0] RIP: 0033:0x7fc36dc55784 [ 657.436645][ C0] Code: 0f 82 b9 00 00 00 48 39 f2 72 6e 41 0f 11 0c 24 48 8b 77 f8 48 89 f8 48 89 eb eb 12 66 2e 0f 1f 84 00 00 00 00 00 48 8b 4b 08 <48> 83 c3 08 48 39 d1 72 f3 48 83 e8 08 48 39 f2 73 17 66 2e 0f 1f [ 657.436666][ C0] RSP: 002b:00007ffe7969ed30 EFLAGS: 00000287 [ 657.436687][ C0] RAX: 00007fc36d5b5208 RBX: 00007fc36d5b4a80 RCX: ffffffff849bc201 [ 657.436706][ C0] RDX: ffffffff849bc04a RSI: ffffffff849bbfef RDI: 00007fc36d5b5880 [ 657.436724][ C0] RBP: 00007fc36d5b4300 R08: 00007fc36d5b4db8 R09: 00007fc36df22000 [ 657.436742][ C0] R10: 0000000084a4e0ab R11: 0000000000000000 R12: 00007fc36d5b42f8 [ 657.436759][ C0] R13: 0000000000000019 R14: 00007fc36d401008 R15: 00000000000a03a4 [ 657.436775][ C0] FS: 0000555561827500 GS: 0000000000000000 [ 657.437569][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 657.543740][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc2-syzkaller #0 [ 657.552508][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 657.562566][ T30] Call Trace: [ 657.565842][ T30] [ 657.568775][ T30] dump_stack_lvl+0x241/0x360 [ 657.573473][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 657.578683][ T30] ? __pfx__printk+0x10/0x10 [ 657.583290][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 657.589297][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 657.594935][ T30] ? vscnprintf+0x5d/0x90 [ 657.599272][ T30] panic+0x349/0x880 [ 657.603184][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 657.608826][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 657.614992][ T30] ? __pfx_panic+0x10/0x10 [ 657.619426][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 657.625246][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 657.631148][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 657.636541][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 657.642708][ T30] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 657.648876][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 657.654515][ T30] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 657.660686][ T30] watchdog+0x1033/0x1040 [ 657.665039][ T30] ? watchdog+0x1ea/0x1040 [ 657.669477][ T30] ? __pfx_watchdog+0x10/0x10 [ 657.674170][ T30] kthread+0x2f2/0x390 [ 657.678244][ T30] ? __pfx_watchdog+0x10/0x10 [ 657.682935][ T30] ? __pfx_kthread+0x10/0x10 [ 657.687537][ T30] ret_from_fork+0x4d/0x80 [ 657.691970][ T30] ? __pfx_kthread+0x10/0x10 [ 657.696565][ T30] ret_from_fork_asm+0x1a/0x30 [ 657.701365][ T30] [ 657.704684][ T30] Kernel Offset: disabled [ 657.709000][ T30] Rebooting in 86400 seconds..