last executing test programs:

9m57.939622282s ago: executing program 3 (id=4):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$pppl2tp(0x18, 0x1, 0x1)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000780)={0xffffffffffffffff, 0xe0, &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000580)=[0x0], ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0x5, 0x0, &(0x7f0000000600)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x0, 0x45, 0x0, 0x0, 0x10, &(0x7f00000006c0), 0x0, 0x0, 0x89, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000005c0)=ANY=[@ANYRES16=r1], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', r2, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x62, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0)
syz_io_uring_setup(0x10d, 0x0, 0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)

9m52.518454618s ago: executing program 4 (id=5):
syz_open_dev$sndctrl(&(0x7f0000000380), 0x1ff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_procfs(0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x15)
writev(r3, &(0x7f0000000280)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025", 0x1d}, {&(0x7f0000000580)="fa21bd2b5c40cc420740358ffc7f9f4b6e68fc8d1aa2597e7b484f301f11e35f22", 0x21}], 0x2)
r4 = socket$rxrpc(0x21, 0x2, 0xa)
setsockopt$RXRPC_SECURITY_KEY(r4, 0x110, 0x1, &(0x7f0000000300)='GPL\x00', 0x4)
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe3e64c6be2492c0f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="740000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="2b030040000000004c0012800b00010067656e65766500003c0002800800050001000000140007000000000000000005000000000000000108000f"], 0x74}}, 0x0)
bind$rxrpc(r4, &(0x7f0000000000)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e20, 0x3, @empty, 0xd}}, 0x24)

9m42.906171233s ago: executing program 1 (id=21):
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0xc0046209, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000280)=ANY=[@ANYRESHEX=r2], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x31, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x0, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="2800000010000108000000000400000000000000", @ANYRES32=0x0, @ANYBLOB="0040000080a0365d08001b0000000000"], 0x28}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002040)={0x18, 0x3, &(0x7f0000000300)=ANY=[@ANYRESHEX=0x0], 0x0, 0x0, 0x0, 0x0, 0x41000, 0xf, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', <r7=>0x0})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x3, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r7, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f00000000c0)={0x100000011, @multicast2, 0x4e21, 0x2000, 'lblc\x00', 0x10}, 0x2c)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f00000000c0)=0xfd)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
open(&(0x7f0000000180)='./file0\x00', 0x64842, 0x100)

9m41.074519868s ago: executing program 32 (id=4):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$pppl2tp(0x18, 0x1, 0x1)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000780)={0xffffffffffffffff, 0xe0, &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000580)=[0x0], ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0x5, 0x0, &(0x7f0000000600)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x0, 0x45, 0x0, 0x0, 0x10, &(0x7f00000006c0), 0x0, 0x0, 0x89, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000005c0)=ANY=[@ANYRES16=r1], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', r2, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x62, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0)
syz_io_uring_setup(0x10d, 0x0, 0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)

9m40.984719691s ago: executing program 1 (id=24):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000e80)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x4000000)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x2, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0)
ftruncate(r1, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{0x0}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2}}], 0x1, 0x700, 0x0)
sendfile(r2, r1, 0x0, 0x578410eb)
socket$kcm(0x10, 0x2, 0x0)
r4 = getpid()
process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
mknodat$null(0xffffffffffffff9c, 0x0, 0x0, 0x103)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
acct(&(0x7f00000001c0)='./file0\x00')
acct(0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
splice(r5, 0x0, 0xffffffffffffffff, 0x0, 0x8, 0x2)

9m36.967632612s ago: executing program 33 (id=5):
syz_open_dev$sndctrl(&(0x7f0000000380), 0x1ff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_procfs(0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x15)
writev(r3, &(0x7f0000000280)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025", 0x1d}, {&(0x7f0000000580)="fa21bd2b5c40cc420740358ffc7f9f4b6e68fc8d1aa2597e7b484f301f11e35f22", 0x21}], 0x2)
r4 = socket$rxrpc(0x21, 0x2, 0xa)
setsockopt$RXRPC_SECURITY_KEY(r4, 0x110, 0x1, &(0x7f0000000300)='GPL\x00', 0x4)
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe3e64c6be2492c0f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="740000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="2b030040000000004c0012800b00010067656e65766500003c0002800800050001000000140007000000000000000005000000000000000108000f"], 0x74}}, 0x0)
bind$rxrpc(r4, &(0x7f0000000000)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e20, 0x3, @empty, 0xd}}, 0x24)

9m36.215880258s ago: executing program 1 (id=31):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000e80)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x4000000)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x2, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0)
ftruncate(r1, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{0x0}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2}}], 0x1, 0x700, 0x0)
sendfile(r2, r1, 0x0, 0x578410eb)
socket$kcm(0x10, 0x2, 0x0)
r4 = getpid()
process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, 0x0, 0x0, 0x0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
acct(&(0x7f00000001c0)='./file0\x00')
acct(0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff})
splice(r5, 0x0, 0xffffffffffffffff, 0x0, 0x8, 0x2)

9m33.796630178s ago: executing program 1 (id=35):
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000012c0), 0xfe, 0x244, &(0x7f0000000400)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoJNbBQCEoKIoEJExEZJhJhgl1jZWGitksomiJ3RUtIEG0WwipoiNoIGC4OFFiu7k0hMVqNu3Dkynw9MZibz3vzesPN9u83sBmisq0mmk7SSTCbpJCmON7i7Wq4e7q5PbM8nvd4TPxWDdtV+5ajflSRrSR5KslUWeamdrGw+s/fLzmP3vbncuff9zacnxnqRh/b3dh8/eG/2jY9mHlz54qsfZotMp/un6zp/xZD/tYvklv+j2HWiaNc9Av6Judc+/Lqf+1uT3DPIfydlqhfvraUbtjp54N2/6vv2j1/ePs6xAuev1+v03wPXekDjlEm6KcqpJNV2WU5NVZ/hv2ldLl9eXHp18sXF5YUX6p6pgPPSTXYf/eTSx1dO5P/7VpV/4OLq5//JuY1v+9sHrbpHA4zFHdWqn//J51bvj/xD48g/NJf8Q3PJPzSX/ENzyT80l/zDBdb5+8PyD80l/9Bc8g/NdTz/AECz9C7V/QQyUJe65x8AAAAAAAAAAAAAAAAAAOC09Ynt+aNlXDU/eyfZfyRJe1j91uD3iJMbB38v/1z0m/2hqLqN5Nm7RjzBiD6o+enrm76rt/7nd9Zbf3UhWXs9ybV2+/T9Vxzef//dzWcc7zw/YoF/qTix//BT461/0m8b9daf2Uk+7c8/14bNP2VuG6yHzz/ds79i+Uyv/DriCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABib3wMAAP//+kBtTA==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101842, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000005c0))
r1 = open(&(0x7f00000001c0)='./file1\x00', 0x14927e, 0x20)
copy_file_range(r1, 0x0, r1, &(0x7f00000000c0)=0xc615, 0xb51, 0x0)
ioctl$EXT4_IOC_MIGRATE(r0, 0x6609)

9m30.312035284s ago: executing program 1 (id=39):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r3, 0x0, 0xb8)
syz_emit_ethernet(0x11, &(0x7f0000000e00)={@broadcast, @remote, @void, {@llc={0x4, {@llc={0x80, 0x0, "e0"}}}}}, 0x0)
getgid()
dup3(0xffffffffffffffff, r3, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000001c0)={'veth1_to_hsr\x00', <r5=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000feffffff0000000092c900009500000000000001752f4e36a3c94f4ce3aaa644e77929"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r5, @sched_cls=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000f00)={0x14, 0x0, 0x300, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x24000000}, 0x80)
clock_gettime(0x0, &(0x7f0000005340))

9m28.290675979s ago: executing program 1 (id=40):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010028bd7000fddbdf250700000008000300", @ANYRES32=r3, @ANYBLOB="0c009900ff070000700000001400040073797a6b616c6c65723000000000000008"], 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24044884)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r4)
socket$inet_sctp(0x2, 0x1, 0x84)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r5 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x11}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x26, 0x0, &(0x7f0000000640)="b9ff03076844268cb89e14f088a847e0ffff00124000631177fbac141416e000030a94029f03", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r8=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="2000000010000100760100000475000000000000", @ANYRES32=r8, @ANYBLOB="9a"], 0x20}}, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.events\x00', 0x26e1, 0x0)
close(r9)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r9, 0x8b06, &(0x7f0000000000)={'wlan1\x00', @random="060000000010"})
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001000010000003a194618d96d6d2e8553", @ANYRES32=0x0, @ANYBLOB, @ANYBLOB='\b\x00'], 0x30}}, 0x0)
r10 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r10, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0)
write$rfkill(r5, &(0x7f0000000080)={0xff, 0x1, 0x3, 0x1, 0x4}, 0x8)

9m13.089921314s ago: executing program 34 (id=40):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010028bd7000fddbdf250700000008000300", @ANYRES32=r3, @ANYBLOB="0c009900ff070000700000001400040073797a6b616c6c65723000000000000008"], 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24044884)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r4)
socket$inet_sctp(0x2, 0x1, 0x84)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r5 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x11}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x26, 0x0, &(0x7f0000000640)="b9ff03076844268cb89e14f088a847e0ffff00124000631177fbac141416e000030a94029f03", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r8=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="2000000010000100760100000475000000000000", @ANYRES32=r8, @ANYBLOB="9a"], 0x20}}, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.events\x00', 0x26e1, 0x0)
close(r9)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r9, 0x8b06, &(0x7f0000000000)={'wlan1\x00', @random="060000000010"})
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001000010000003a194618d96d6d2e8553", @ANYRES32=0x0, @ANYBLOB, @ANYBLOB='\b\x00'], 0x30}}, 0x0)
r10 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r10, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0)
write$rfkill(r5, &(0x7f0000000080)={0xff, 0x1, 0x3, 0x1, 0x4}, 0x8)

18.816212832s ago: executing program 0 (id=684):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000680)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6e6f757365725f78617474722c636f686572656e63793d66756c6c2c646174613d77726974656261636b2c6c6f63616c616c6c6f633d30303030303030303030303030303030303030312c61636c2c6e6f61636c2c6c6f63616c616c6c6f633d30303030303030303030303030303030303030302c00a89f6b8d5800aa954e6c8735dcd52921ce08462fb4ce7c1600883251443ac332f4d17b77d29867e4321610936dbc5963e9fb59a032c92e32ebffc3b739951e866d52bff6bd63136a656222062a8eea0cf97480bc8ac6c0e8a2aa38ffa8fa758cd54b9ef39a7f536d7b85173a83c34d78e210ecf4d040817bbe989e9eb015acb84bb90577b8b405a48292eeca69f5275cb7b7027d4bf643bd69b034c0221a30"], 0x1, 0x442d, &(0x7f0000004480)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3fGeefeYw+8SJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAsh9HX+7wUAAAAAAAAAAAAAAAAAAIC/o833/3PRiSbv/48lx5EW9dff6vwY6ZyJt6+OXRgcSvZ/j7blv54k/XKuK/Q32fc9u//7uUz95vu/b+9ntxrja/TbF6J4IHUexwMDIXyTbPx+KjoSl8pLlVdvlZcXZvdsGM+sdPzru/enopNs6N9u/Ecz7Xd+////bruaquc39+4Se66l49/Vsty3n0Ztxf98pt5+xJ/dS8e/u5bWu7XASH0CqMb/8+6d4z+Wab9T8T8eQshF1bHmUjNAdQ1TTW+1XiEtHf9DtbTU1Jn8I1vd/79n4n8h0/5Bzf8r2Q8imkrH/1+1tJ5Uic37vz/e+f6/mGn/IOJfHf+Kz/+2pON/uJ7YnSpS+0+2O/+PZ9rvVPyvx8k4j0epK2A1qqe3+r460tLx79mWv/n8F7e1/ruUqb9fz3+NfhvPf43p/+Wo/vxHc+n497Ys1+79P5Gp1+n5f6S2/mO30vE/UktLr53rX8rZbvwnM+13Kv61VUlPI/6b88kfh+vpX1v/tSUd/3/XE+OtJVZqP2vrv2jn9f/lTPsHsf6rjn8l7myvz4t0/I+2LFeN/w9tfP5fydTrfPxDGLTW37V0/I+1LFe7/3t2jv9Upl6n4/9SJxsHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeAaMJse+EMUDqfM4HhgI4XxyfiociaYLs/npUnnmo6UQxpL0XDgR3S6Vpwul/NxCebaYL5RK5ZkQLiT5J0NPtFQqV/LzhbsXN9rqje4UC4uV6WKhEkIYT9L/H4412pqeq8wX7oYQLm3k/ScuL969U1jIz84tvjk4ODgYJjbG0B8VP6kUFyr13uu5IUxu1O2Ltgyuln15YyxHow/Ly4sLhVIt/cqWOqXyTKG0pc5UkvdF6I8qi8sLM4VKMV8q3270d5BGkuPYxLX3rl0Z2pZ/M6ofR/d3WAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8RY+G3/gyhNBdP4tDCCONX6Jm5R8+Lp7NP526vzZ8enL1wdqTVuUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgT3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwS8coDQRRGIDfjIXaeQyrZbezXVFEC1cET6DH8DB6FC/hHVKkSJsiBJJZCJtd2Capvq95MD8z78E8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJ6n9+7jrW4iUlxtLiP+vv4Xh/lLqT/34/cvzjAjp/P82j081k3593SU35WjZZt36Xr1/Rkjtfc72JPhPu31fa4n55rat6n5+r43kXIVEW3Jb1POVTXvLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAtO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdiBYwEAAAAAYf7WUfRtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPwKAAD//+UFHyA=")
syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', &(0x7f00000000c0)=ANY=[], &(0x7f0000000000), 0x0)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x0)

15.260004684s ago: executing program 0 (id=691):
write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x58)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xf8}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
sysinfo(&(0x7f0000000000)=""/196)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x15)
ioctl$TCSETS(r1, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x1, 0x400000, 0x12, "3eccd8fd0000000000000010000000040100"})

12.479558708s ago: executing program 0 (id=694):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'sit0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3ce4c34fb706d197276832381100000030003904ffffffff0000000000000000f77108cce359b66adc3b4f1a744a044dba154538546e420fdd0c56fb51c30a297756a24d2bc442effb22fdd748dfaeb67d784acf887c688fd4f178a4f6a7", @ANYRES32=r1, @ANYBLOB="00000000000000001c0012800b00010062726964676500000c0002800800150001000000"], 0x3c}}, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0)
ioctl$int_in(r2, 0x5452, &(0x7f0000000040)=0x2)
mknod(&(0x7f0000000280)='./file0\x00', 0x1ffa, 0xfffffffc)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000002080)=[@in={0x2, 0x4e23, @empty}], 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r5, 0x0, 0x0, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
syz_open_dev$tty1(0xc, 0x4, 0x1)
socket$can_bcm(0x1d, 0x2, 0x2)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001040)={0xf, {"a2e3ad21ed0d1bf91b4d090955f70e06d038e7ff7fc6e5539b0d3f0e8b089b3f35076e090890e0878f0e1ac6e7049b3346959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07580936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x96d)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9)
syz_open_dev$tty1(0xc, 0x4, 0x2)

12.002711567s ago: executing program 5 (id=696):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0x8, &(0x7f0000000980)=ANY=[@ANYBLOB="34c056f94d70f022380eb7af64ee00000000ac90d16d3cb03f67ff949076f4da9a599b4f8f75626dcb99158d1bdd2368893a8f335bf37c0e915789e42c44cceec22c624414d6e300000000000000000000000000000000000000000000000000000093bb3f099b060353df3ccce873579b40fb07a3c4d4192486d4c609d02d1e4bcaa09790355b400c96ce76d5360f544f3057490cc8bdf5587dc802cfc7f2befa19a1ac0d39cb068027dd369fe3e1f73b4f1489190c24ce6cc378f1b80905f1cce4d74d8498b10ca97075eeeee4de4d", @ANYRESHEX, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000085100000ffffffffbce3f8ff7a080000"], &(0x7f0000000180)='GPL\x00', 0x2000003, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
ioctl$UI_DEV_SETUP(r4, 0x405c5503, &(0x7f0000000280)={{0x5}, 'syz1\x00', 0x10})
ioctl$UI_DEV_CREATE(r4, 0x5501)
ioctl$UI_DEV_DESTROY(r4, 0x5502)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_BATCH(r5, 0x0, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000400)=ANY=[@ANYBLOB], 0x0)
lseek(r2, 0x9, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f00000042c0)='stack\x00')
pread64(r6, &(0x7f0000002240)=""/237, 0xed, 0x4eb)
mkdir(0x0, 0x1a0)

11.493479363s ago: executing program 2 (id=698):
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
syz_usb_connect$hid(0x1, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x35, 0x1, 0x4, 0x0, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, 0x0)
lseek(r1, 0x10000000005, 0x0)
r2 = socket$netlink(0x10, 0x3, 0xa)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r3 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r4, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r5, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000400)={0x34, r3, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x2}]}, 0x34}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000b08000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f00001e4000/0x2000)=nil)
remap_file_pages(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0)
sendmsg$nl_route(r2, 0x0, 0x0)

11.217463339s ago: executing program 0 (id=699):
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x1, @mcast1={0xff, 0x7}, 0x2}}, {{0xa, 0x4e20, 0x0, @mcast1, 0x9}}}, 0x108)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2f, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x4ee8671, @mcast1={0xff, 0x7}, 0x2}}, {{0xa, 0x4e21, 0xb27, @loopback, 0x1}}}, 0x108)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x7)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x6})
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x47, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
r3 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=@newqdisc={0x38, 0x24, 0xd0f, 0x470bd2d, 0xfffffffd, {0x60, 0x0, 0x0, r5, {0x0, 0xfff2}, {0xfff1, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0xcb}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x44080)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x18, 0x1e, &(0x7f0000000880)=ANY=[@ANYBLOB="18000000810000000000000002000000c20a000004000000185b00000f000000000000a100000000b7080000000000007b8af8ff00000000b7080000c0ffffff7b8af0ff00000000bfa100000000000007030000f8ffffffbfa400000000000007040000f0ffffffb702000008000000182300004b8758065424ae89c8ed5fd275f2a9a5ce563af519b77cdfc13106b9b6ecac6e1ec4964d", @ANYBLOB], 0x0, 0x8, 0xe5, &(0x7f0000000600)=""/229, 0x40f00, 0x0, '\x00', r5, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x0, 0x5}, 0x8, 0x10, &(0x7f0000000440)={0x3, 0x4, 0x1000, 0xfffffffc}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000480)=[{0x1, 0x5, 0x3, 0x4}], 0x10, 0x1, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
clock_nanosleep(0x9, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x200000a, 0x5d031, 0xffffffffffffffff, 0x0)
r6 = userfaultfd(0x801)
socket$igmp6(0xa, 0x3, 0x2)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r6, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000})

9.930542221s ago: executing program 2 (id=700):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000680)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6e6f757365725f78617474722c636f686572656e63793d66756c6c2c646174613d77726974656261636b2c6c6f63616c616c6c6f633d30303030303030303030303030303030303030312c61636c2c6e6f61636c2c6c6f63616c616c6c6f633d30303030303030303030303030303030303030302c00a89f6b8d5800aa954e6c8735dcd52921ce08462fb4ce7c1600883251443ac332f4d17b77d29867e4321610936dbc5963e9fb59a032c92e32ebffc3b739951e866d52bff6bd63136a656222062a8eea0cf97480bc8ac6c0e8a2aa38ffa8fa758cd54b9ef39a7f536d7b85173a83c34d78e210ecf4d040817bbe989e9eb015acb84bb90577b8b405a48292eeca69f5275cb7b7027d4bf643bd69b034c0221a30"], 0x1, 0x442d, &(0x7f0000004480)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3fGeefeYw+8SJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAsh9HX+7wUAAAAAAAAAAAAAAAAAAIC/o833/3PRiSbv/48lx5EW9dff6vwY6ZyJt6+OXRgcSvZ/j7blv54k/XKuK/Q32fc9u//7uUz95vu/b+9ntxrja/TbF6J4IHUexwMDIXyTbPx+KjoSl8pLlVdvlZcXZvdsGM+sdPzru/enopNs6N9u/Ecz7Xd+////bruaquc39+4Se66l49/Vsty3n0Ztxf98pt5+xJ/dS8e/u5bWu7XASH0CqMb/8+6d4z+Wab9T8T8eQshF1bHmUjNAdQ1TTW+1XiEtHf9DtbTU1Jn8I1vd/79n4n8h0/5Bzf8r2Q8imkrH/1+1tJ5Uic37vz/e+f6/mGn/IOJfHf+Kz/+2pON/uJ7YnSpS+0+2O/+PZ9rvVPyvx8k4j0epK2A1qqe3+r460tLx79mWv/n8F7e1/ruUqb9fz3+NfhvPf43p/+Wo/vxHc+n497Ys1+79P5Gp1+n5f6S2/mO30vE/UktLr53rX8rZbvwnM+13Kv61VUlPI/6b88kfh+vpX1v/tSUd/3/XE+OtJVZqP2vrv2jn9f/lTPsHsf6rjn8l7myvz4t0/I+2LFeN/w9tfP5fydTrfPxDGLTW37V0/I+1LFe7/3t2jv9Upl6n4/9SJxsHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeAaMJse+EMUDqfM4HhgI4XxyfiociaYLs/npUnnmo6UQxpL0XDgR3S6Vpwul/NxCebaYL5RK5ZkQLiT5J0NPtFQqV/LzhbsXN9rqje4UC4uV6WKhEkIYT9L/H4412pqeq8wX7oYQLm3k/ScuL969U1jIz84tvjk4ODgYJjbG0B8VP6kUFyr13uu5IUxu1O2Ltgyuln15YyxHow/Ly4sLhVIt/cqWOqXyTKG0pc5UkvdF6I8qi8sLM4VKMV8q3270d5BGkuPYxLX3rl0Z2pZ/M6ofR/d3WAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8RY+G3/gyhNBdP4tDCCONX6Jm5R8+Lp7NP526vzZ8enL1wdqTVuUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgT3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwS8coDQRRGIDfjIXaeQyrZbezXVFEC1cET6DH8DB6FC/hHVKkSJsiBJJZCJtd2Capvq95MD8z78E8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJ6n9+7jrW4iUlxtLiP+vv4Xh/lLqT/34/cvzjAjp/P82j081k3593SU35WjZZt36Xr1/Rkjtfc72JPhPu31fa4n55rat6n5+r43kXIVEW3Jb1POVTXvLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAtO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdiBYwEAAAAAYf7WUfRtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPwKAAD//+UFHyA=")
name_to_handle_at(0xffffffffffffff9c, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], 0x0, 0x0)
open_by_handle_at(0xffffffffffffff9c, 0x0, 0x0)

8.747694016s ago: executing program 0 (id=701):
syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
open(&(0x7f0000000080)='./bus\x00', 0x143c62, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x25dfdbfd, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e61e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x1}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x4)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r3)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$SNDCTL_DSP_GETTRIGGER(0xffffffffffffffff, 0x80045010, &(0x7f0000000380))
getsockopt$bt_hci(r4, 0x0, 0x3, &(0x7f0000001140)=""/4086, &(0x7f0000000180)=0xff6)

8.612697293s ago: executing program 5 (id=702):
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8a40)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x200}, 0x1c)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102376, 0x18fe8)
r2 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8)
mkdir(&(0x7f0000000140)='./control\x00', 0x5)
close(r2)
r3 = inotify_init1(0x800)
inotify_add_watch(r3, &(0x7f0000000180)='./control\x00', 0xa4000960)
rmdir(&(0x7f0000000100)='./control\x00')

8.44359312s ago: executing program 2 (id=703):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
add_key$keyring(0x0, &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x1ff, 0x0)
socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r4, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r4, &(0x7f0000001d00)={&(0x7f00000017c0)={0x2, 0x0, @private=0x8a010101}, 0x10, 0x0, 0x0, &(0x7f0000000240)}, 0x0)
open(0x0, 0x2000, 0xc9)
syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00')
syz_open_procfs(0xffffffffffffffff, 0x0)
ioctl$EVIOCGKEY(r0, 0x80404518, 0x0)

6.715782109s ago: executing program 5 (id=704):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
openat$random(0xffffffffffffff9c, 0x0, 0x20000, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x3801}, {0x2c}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r1}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

5.935297847s ago: executing program 2 (id=705):
r0 = syz_usbip_server_init(0x5)
syz_usbip_server_init(0x4)
syz_emit_ethernet(0x4a, &(0x7f0000000380)={@broadcast, @dev, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "72b2af", 0x4, 0x2f, 0x0, @dev, @mcast2, {[], {0x0, 0x883e, 0x10, 0x0, @gue={{0x2}}}}}}}}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
mq_timedreceive(0xffffffffffffffff, 0x0, 0x0, 0x400000000000, 0x0)
write$usbip_server(r0, &(0x7f000000a100)=@ret_unlink={{0x4, 0x7, 0x0, 0x0, 0x80e}, {0x905}}, 0x30)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000000)={0x0, 0x80000})
r1 = syz_open_dev$sg(&(0x7f0000000380), 0x100000, 0x119180)
ioctl$SG_IO(r1, 0x2285, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
chdir(0x0)
r3 = open(&(0x7f0000000040)='./file0\x00', 0x80242, 0x1df2a23c5997fa7b)
write$FUSE_CREATE_OPEN(r3, &(0x7f0000000500)={0xa0, 0x0, 0x0, {{0x80000000, 0x3, 0xfffffffffffffffb, 0xfffffffffeffff83, 0x3, 0x1, {0xffffffffffffffff, 0x3ff, 0x20ff, 0x7ff, 0xf7c, 0x800000000000d615, 0x3fb, 0x7fffffff, 0x6, 0x1000, 0x8, 0x0, 0x0, 0x3ff, 0x8ea2}}, {0x0, 0x12}}}, 0xa0)
sendfile(r3, r3, &(0x7f0000000080), 0x7f04)

5.200989804s ago: executing program 5 (id=706):
r0 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r0, 0x8)
r1 = accept4(r0, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, 0x0, 0x0)

4.997954485s ago: executing program 5 (id=707):
syz_mount_image$xfs(&(0x7f00000000c0), &(0x7f0000000100)='./file1\x00', 0x4800802, &(0x7f0000000000), 0x4, 0x982a, &(0x7f0000009b80)="$eJzs3QW8ZXWhuP0zMMDQoQgWICUmKSGKdCiipCAtLSkgAkqHEiooAioooCAi3d0tDdLd3Z3vZ5gBYXxA7v+99+LleZ4Pc3ats8/av+/6Lc4+65y9l55/8bkHBsYbGNYbp//s3D1vX2GJsRfe8LjdB1+37y6LPDT86lGHnYw/5/DTuYafzj0wMDBo+P0MGnbd4DmOPW6kgcEDQ//7Z2ONPsZIYw0MjDH84vD7GZhl2MmYB72x3GsjxCs62dAvt/Owf6839tA7GXpmuZVeWW9gYGDIWz5/6HpN9y8PVNrScy32zX9avek20vCbB/3zttdPBw/7N+YBAwNj7jfwztvH0GVHecvn/m829GuON8XAkre/D1/7/1xLz7XAQiP4D52LIw+/bpahc3zEOWhsxO18l8XXfmD4EA4aPnCD3zJf3o/t/v+ppeeaf+GBd57HA4vMt8X9r72+3xw878DA4PkGBgbPPzAweIH326P+e3pfN76qqqp6X5pr7hmHPmcfaYTvB4a88X0tfV944cvT3z0wMHiRYc8TB6/0xnPBqqqqqqqqqvrPbK65Z5wHnv+P927P/yc7Zfvxe/5fVVVVVVVV9X+nheaae8ahz/VHeP4/8bs9/3/8wcMOHPa7/3POMuyzXn1/H0RVVVVVVVVVvWvzL4TP/yd7t+f/Fx872WU9/6+qqqqqqqr6v9NiM84/z8BbXmdv+NXTvHE7Pf8/7b5bl3+/1reqqqqqqqqq/uu9+sjJp//zNd8nGRjh9d5fb/jPBQYdeeYVV7xvK/qf0aB//XnI1u/3Ov3/bajzkEMmGxhYb8n3e1Xqfej/zGvV1/9I+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/uHc4/v/m6/+fdvQqb7wX/KenmvH6k//5ma+/9//gRRZ6ZJv3adXfjz6ox/8H1ho0MDDcd7y1BgYGFplrsSWmGRgYOPn6GaeacuDN22YdetvsE4z8+hvEv/FnIvONz3e89eTDToduKAMffvM+jnz9/hd6bf+RB42wEm9p/OMPPHDNpZ+bacTTqd/5cYz05rmxj3vwjb9lGWmEhYa8wye/cf9vPJYRnYev+zRD133ajdfdYNqNNtv8C2utu/Iaq62x2nqzzTDz9DPNNtvMM0+7+lrrrDbdsI/vNGaTvf5xnvcyZmONOGaPzPXWMRvxsb3TmE327mP2+j3ucdGQr70xZoP/i2M2z7uP2WRrDf9C4885ysBKr4/NoIGB8ecdZWDToRemH21gYPz5hi878dBlvzLBSAMDu/3zgQ49N9qb2+CgrYcus/T8i889bDc1MPDP03/2Du9nP+rwNZ9z+Olcw0/nHvZlxhv456Y4eI5jjxtp6Fi8bTjGGn2MkcYaGBhj+MXh9zMw27CTMU55Y7l3eJ/1EVb09ZdZ2XnYv9cbe2BgYMyhZyZZ+bQdhg79/8L7tP8//f//X7xmHfTm9jho+L/hywzzmmuBhf75tV4fhqFjN/Lw62YZavLf/Nb2b+tf1neyIQOTvcv6vsvr4rwebV/rnDzhtv9dr4tD6zvxu6zvu7yO7zuu71J37/3AsLv6b1vfEfZ1C7/+cc73sq8bePd93ch0B6td+skR93XfeOdVfNvu8o0xGm2Ehd5pXzfxPpNuPfT+53z3fd3CQ9d9lLft60YaGBh/njf2dUN3fPOPMrDb0AszDL2wwCgDBw+9MOPrF0YfOHPohS+usv46qw69YsF/3Q6mGfS2X9CEeTb/CPNs0Fse+6ARfr9z8LDTMQ944z2c3mG/OWj4w/q3+wrabsd7l/V9l/efwnEeet2qRw2Z8L/r/adofYe8+/q+0/tlv+P67vrsabf/N6/vm/NslLcM14LvZZ5N9vZ5NvQhjvyWmfFevw9bFZYfdn7iN+9tky0ffPN7ilFGuN9/9z3Fgu8+z8Zba4TP22m/gUHvNjYLvJex+cS/7IO2eevYvNfvt6aZYtjtI7/L2Iw22wpTvzE2o/4Xx2aB/+rYzDkw8tvHZvDAfAMDA1MO3z/M/17GZuJ3H5v3ut2MAcsPO7/am1fNu8sh578xNiOOxb8bm/n/q2Mz2ZvbzZSv3zb5SAOjjjqw6cobb7zh9MM+vnFxhmEf330OzvtexnK8/56x/NjgdxrLf26qY9192QH/Zg7+yz79jfuf9786lgNvjuXAWiNOlvpPrZ//ucvfXf7u8neXv7v83eUv7h2O/7/5+v97jTf77sN/uDHKZZNOtOP7vb7vcx/o4//Dfd92/H/HiSa9bKSBN2971+Ozw5b5jzw+O8uwkzEPemO5EY8P8oq+8/HZ/WabZfv/peOz/0+9MVffw8/h2v+7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v8xb3D8f/p3vg9gPumX/TJ4QdCR3lou2UXfb/X933uA338f7jv247/L7rsdg+NNPDmbe96/H/YMo7j/3e+NP+u/8nH/9+Yqx3/r39T/u7Qf8TXAKkPbM1/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8tf3Dsc/5/zjd8DOOywvTd/4/cBrhl/55Pf7/V9n/ugHv/v/f+9tf93l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5i3v9+P+wvxF+618Kf7vtAoPj//+3G/77HwMj+C+aP2bxXyx/aqSBAYf/4vljlvm/RP6YxX/J/DGL/1L5Yxb/7+SPWfyXzh+z+C+TP2bx/27+mMV/2fwxi/9y+WMW/+Xzxyz+K+SPWfxXzB+z+K+UP2bxXzl/zOL/vfwxi/8q+WMW/1Xzxyz+q+WPWfxXzx+z+K+RP2bxXzN/zOK/Vv6Yxf/7+WMW/7Xzxyz+6+SPWfzXzR+z+K+XP2bxXz9/zOK/Qf6Yxf8H+WMW/w3zxyz+G+WPWfw3zh+z+P8wf8ziv0n+mMX/R/ljFv9N88cs/pvlj1n8N88fs/j/OH/M4v+T/DGL/xb5Yxb/LfPHLP5b5Y9Z/LfOH7P4b5M/ZvHfNn/M4r9d/pjFf/v8MYv/DvljFv8d88cs/j/NH7P4/yx/zOK/U/6YxX/n/DGL/y75Yxb/XfPHLP4/zx+z+P8if8zi/8v8MYv/bvljFv/d88cs/r/KH7P4/zp/zOK/R/6Yxf83+WMW/z3zxyz+e+WPWfz3zh+z+P82f8zi/7v8MYv/7/PHLP775I9Z/PfNH7P4/yF/zOL/x/wxi/9++WMW//3zxyz+B+SPWfz/lD9m8f9z/pjF/8D8MYv/QfljFv+/5I9Z/A/OH7P4/zV/zOJ/SP6Yxf9v+WMW/0Pzxyz+h+WPWfwPzx+z+B+RP2bxPzJ/zOJ/VP6Yxf/o/DGL/zH5Yxb/Y/PHLP7H5Y9Z/I/PH7P4n5A/ZvE/MX/M4n9S/pjF/+T8MYv/KfljFv9T88cs/qflj1n8T88fs/ifkT9m8T8zf8zif1b+mMX/7Pwxi/85+WMW/3Pzxyz+5+WPWfzPzx+z+F+QP2bxvzB/zOJ/Uf6Yxf/i/DGL/9/zxyz+l+SPWfwvzR+z+F+WP2bxvzx/zOJ/Rf6Yxf/K/DGL/1X5Yxb/q/PHLP7X5I9Z/P+RP2bxvzZ/zOJ/Xf6Yxf/6/DGL/w35Yxb/G/PHLP435Y9Z/G/OH7P435I/ZvG/NX/M4n9b/pjF//b8MYv/HfljFv8788cs/nflj1n8784fs/jfkz9m8b83f8zif1/+mMX//vwxi/8D+WMW/wfzxyz+D+WPWfwfzh+z+D+SP2bxfzR/zOL/WP6Yxf/x/DGL/xP5Yxb/J/PHLP5P5Y9Z/J/OH7P4P5M/ZvF/Nn/M4v9c/pjF//n8MYv/C/ljFv8X88cs/i/lj1n8X84fs/i/kj9m8X81f8zi/1r+mMR/0ED+mMV/UP6YxX+k/DGL/8j5Yxb/wfljFv9R8scs/qPmj1n8R8sfs/gPyR+z+I+eP2bxHyN/zOI/Zv6YxX+s/DGL/9j5Yxb/cfLHLP7j5o9Z/MfLH7P4j58/ZvGfIH/M4v+h/DGL/4fzxyz+E+aPWfw/kj9m8Z8of8ziP3H+mMX/o/ljFv+P5Y9Z/D+eP2bx/0T+mMX/k/ljFv9J8scs/pPmj1n8J8sfs/h/Kn/M4j95/pjFf4r8MYv/lPljFv+p8scs/lPnj1n8P50/ZvGfJn/M4v+Z/DGL/2fzxyz+n8sfs/h/Pn/M4v+F/DGL/xfzxyz+0+aPWfynyx+z+E+fP2bxnyF/zOI/Y/6YxX+m/DGL/5fyxyz+M+ePWfxnyR+z+M+aP2bxny1/zOL/5fwxi//s+WMW/6/kj1n8v5o/ZvGfI3/M4v+1/DGL/5z5Yxb/ufLHLP5z549Z/OfJH7P4z5s/ZvGfL3/M4j9//pjFf4H8MYv/gvljFv+F8scs/l/PH7P4fyN/zOK/cP6Yxf+b+WMW/0Xyxyz+38ofs/h/O3/M4r9o/pjFf7H8MYv/4vljFv8l8scs/kvmj1n8l8ofs/h/J3/M4r90/pjFf5n8MYv/d/PHLP7L5o9Z/JfLH7P4L58/ZvFfIX/M4r9i/pjFf6X8MYv/yvljFv/v5Y9Z/FfJH7P4r5o/ZvFfLX/M4r96/pjFf438MYv/mvljFv+18scs/t/PH7P4r50/ZvFfJ3/M4r+uzn/097SUxX89nf97y+K/fv6YxX+D/DGL/w/yxyz+G+aPWfw3yh+z+G+cP2bx/2H+mMV/k/wxi/+P8scs/pvmj1n8N8sfs/hvnj9m8f9x/pjF/yf5Yxb/LfLHLP5b5o9Z/LfKH7P4b50/ZvHfJn/M4r9t/pjFf7v8MYv/9vljFv8d8scs/jvmj1n8f5o/ZvH/Wf6YxX+n/DGL/875Yxb/XfLHLP675o9Z/H+eP2bx/0X+mMX/l/ljFv/d8scs/rvnj1n8f5U/ZvH/df6YxX+P/DGL/2/yxyz+e+aPWfz3yh+z+O+dP2bx/23+mMX/d/ljFv/f549Z/PfJH7P475s/ZvH/Q/6Yxf+P+WMW//3yxyz+++ePWfwPyB+z+P8pf8zi/+f8MYv/gfljFv+D8scs/n95u/+9/+vr9R+axf/g5j9m8f9r/pjF/5D8MYv/3/LHLP6H5o9Z/A/LH7P4H54/ZvE/In/M4n9k/pjF/6j8MYv/0fljFv9j8scs/sfmj1n8j8sfs/gfnz9m8T8hf8zif2L+mMX/pPwxi//J+WMW/1Pyxyz+p+aPWfxPyx+z+J+eP2bxPyN/zOJ/Zv6Yxf+s/DGL/9n5Yxb/c/LHLP7n5o9Z/M/LH7P4n58/ZvG/IH/M4n9h/pjF/6L8MYv/xfljEv/Xy/9fk/gPuiR/zOJ/af6Yxf+y/DGL/+X5Yxb/K/LHLP5X5o9Z/K/KH7P4X50/ZvG/Jn/M4v+P/DGL/7X5Yxb/6/LHLP7X549Z/G/IH7P435g/ZvG/Kf8RGjz81OF/c/6YZf7fkj9m8b81f8zif1v+mMX/9vwxi/8d+WMW/zvzxyz+d+WPWfzvzh+z+N+TP2bxvzd/zOJ/X/6Yxf/+/DGL/wP5Yxb/B/PHLP4P5Y9Z/B/OH7P4P5I/ZvF/NH/M4v9Y/pjF//H8MYv/E/ljFv8n88cs/k/lj1n8n84fs/g/kz9m8X82f8zi/1z+mMX/+fwxi/8L+WMW/xfzxyz+L+WPWfxfzh+z+L+SP2bxfzV/zOL/Wv6YxP/1s/n/axb/QfljFv+R8scs/iPnj1n8B+ePWfxHyR+z+I+aP2bxHy1/zOI/JH/M4j96/pjFf4z8MYv/mPljFv+x8scs/mPnj1n8x8kfs/iPmz9m8R8vf8ziP37+mMV/gvwxi/+H8scs/h/OH7P4T5g/ZvH/SP6YxX+i/DGL/8T5Yxb/j+aPWfw/lj9m8f94/pjF/xP5Yxb/T+aPWfwnyR+z+E+aP2bxnyx/zOL/qfwxi//k+WMW/ynyxyz+U+aPWfynyh+z+E+dP2bx/3T+mMV/mvwxi/9n8scs/p/NH7P4fy5/zOL/+fwxi/8X8scs/l/MH7P4T5s/ZvGfLn9s0Ll7jjIwMPCB958+f8wy/2fIH7P4z5g/ZvGfKX/M4v+l/DGL/8z5Yxb/WfLHLP6z5o9Z/GfLH7P4fzl/zOI/e/6Yxf8r+WMW/6/mj1n858gfs/h/LX/M4j9n/pjFf678MYv/3PljFv958scs/vPmj1n858sfs/jPnz9m8V8gf8ziv2D+mMV/ofwxi//X88cs/t/IH7P4L5w/ZvH/Zv6YxX+R/DGL/7fyxyz+384fs/gvmj9m8V8sf8ziv3j+mMV/ifwxi/+S+WMW/6Xyxyz+38kfs/gvnT9m8V8mf8zi/938MYv/svljFv/l8scs/svnj1n8V8gfs/ivmD9m8V8pf8ziv3L+mMX/e/ljFv9V8scs/qvmj1n8V8sfs/ivnj9m8V8jf8ziv2b+mMV/rfwxi//388cs/mvnj1n818kfs/ivmz9m8V8vf8ziv37+mMV/g/wxi/8P8scs/hvmj1n8N8ofs/hvnD9m8f9h/pjFf5P8MYv/j/LHLP6b5o9Z/DfLH7P4b54/ZvH/cf6Yxf8n+WMW/y3yxyz+W+aPWfy3yh+z+G+dP2bx3yZ/zOK/bf6YxX+7/DGL//b5Yxb/HfLHLP475o9Z/H+aP2bx/1n+mMV/p/wxi//O+WMW/13yxyz+u+aPWfx/nj9m8f9F/pjF/5f5Yxb/3fLHLP67549Z/H+VP2bx/3X+mMV/j/wxi/9v8scs/nvmj1n898ofs/jvnT9m8f9t/pjF/3f5Yxb/3+ePWfz3yR+z+O+bP2bx/0P+mMX/j/ljFv/98scs/vvnj1n8D8gfs/j/KX/M4v/n/DGL/4H5Yxb/g/LHLP5/yR+z+B+cP2bx/2v+mMX/kPwxi//f8scs/ofmj1n8D8sfs/gfnj9m8T8if8zif2T+mMX/qPwxi//R+WMW/2Pyxyz+x+aPWfyPyx+z+B+fP2bxPyF/zOJ/Yv6Yxf+k/DGL/8n5Yxb/U/LHLP6n5o9Z/E/LH7P4n54/ZvE/I3/M4n9m/pjF/6z8MYv/2fljFv9z8scs/ufmj1n8z8sfs/ifnz9m8b8gf8zif2H+mMX/ovwxi//F+WMW/7/nj1n8L8kfs/hfmj9m8b8sf8zif3n+mMX/ivwxi/+V+WMW/6vyxyz+V+ePWfyvyR+z+P8jf8zif23+mMX/uvwxi//1+WMW/xvyxyz+N+aPWfxvyh+z+N+cP2bxvyV/zOJ/a/6Yxf+2/DGL/+35Yxb/O/LHLP535o9Z/O/KH7P4350/ZvG/J3/M4n9v/pjF/778MYv//fljFv8H8scs/g/mj1n8H8ofs/g/nD9m8X8kf8zi/2j+mMX/sfwxi//j+WMW/yfyxyz+T+aPWfyfyh+z+D+dP2bxfyZ/zOL/bP6Yxf+5/DGL//P5Yxb/F/LHLP4v5o9Z/F/KH7P4v5w/ZvF/JX/M4v9q/pjF/7X8MYn/yAP5Yxb/QfljFv+R8scs/iPnj1n8B+ePWfxHyR+z+I+aP2bxHy1/zOI/JH/M4j96/pjFf4z8MYv/mPljFv+x8scs/mPnj1n8x8kfs/iPmz9m8R8vf8ziP37+mMV/gvwxi/+H8scs/h/OH7P4T5g/ZvH/SP6YxX+i/DGL/8T5Yxb/j+aPWfw/lj9m8f94/pjF/xP5Yxb/T+aPWfwnyR+z+E+aP2bxnyx/zOL/qfwxi//k+WMW/ynyxyz+U+aPWfynyh+z+E+dP2bx/3T+mMV/mvwxi/9n8scs/p/NH7P4fy5/zOL/+fwxi/8X8scs/l/MH7P4T5s/ZvGfLn/M4j99/pjFf4b8MYv/jPljFv+Z8scs/l96d//R/sfX6z80i//MzX/M4j9L/pjFf9b8MYv/bPljFv8v549Z/GfPH7P4fyV/zOL/1fwxi/8c+WMW/6/lj1n858wfs/jPlT9m8Z87f8ziP0/+mMV/3vwxi/98+WMW//nzxyz+C+SPWfwXzB+z+C+UP2bx/3r+mMX/G/ljFv+F88cs/t/MH7P4L5I/ZvH/Vv6Yxf/b+WMW/0Xzxyz+i+WPWfwXzx+z+C+RP2bxXzJ/zOK/VP6Yxf87+WMW/6Xzxyz+y+SPWfy/mz9m8V82f8ziv1z+mMV/+fwxi/8K+WMW/xXzxyz+K+WPWfxXzh+z+H8vf8ziv0r+mMV/1fwxi/9q+WMW/9Xzxyz+a+SPWfzXzB+z+K+VP2bx/37+mMV/7fwxi/86+WMW/3Xzxyz+6+WPWfzXzx+z+G+QP2bx/0H+mMV/w/wxi/9G+WMW/43zxyz+P8wfs/hvkj9m8f9R/pjFf9P8MYv/ZvljFv/N88cs/j/OH7P4/yR/zOK/Rf6YxX/L/DGL/1b5Yxb/rfPHLP7b5I9Z/LfNH7P4b5c/ZvHfPn/M4r9D/pjFf8f8MYv/T/PHLP4/yx+z+O+UP2bx3zl/zOK/S/6YxX/X/DGL/8/zxyz+v8gfs/j/Mn/M4r9b/pjFf/f8MYv/r/LHLP6/zh+z+O+RP2bx/03+mMV/z/wxi/9e+WMW/73zxyz+v80fs/j/Ln/M4v/7/DGL/z75Yxb/ffPHLP5/yB+z+P8xf8ziv1/+mMV///wxi/8B+WMW/z/lj1n8/5w/ZvE/MH/M4n9Q/pjF/y/5Yxb/g/PHLP5/zR+z+B+SP2bx/1v+mMX/0Pwxi/9h+WMW/8Pzxz7w/kNePzvyEfljH3j/YY18ZP6Yxf+o/DGL/9H5Yxb/Y/LHLP7H5o9Z/I/LH7P4H58/ZvE/IX/M4n9i/pjF/6T8MYv/yfljFv9T8scs/qfmj1n8T8sfs/ifnj9m8T8jf8zif2b+mMX/rPwxi//Z+WMW/3Pyxyz+5+aPWfzPyx+z+J+fP2bxvyB/zOJ/Yf6Yxf+i/DGL/8X5Yxb/v+ePWfwvyR+z+F+aP2bxvyx/zOJ/ef6Yxf+K/DGL/5X5Yxb/q/LHLP5X549Z/K/JH7P4/yN/zOJ/bf6Yxf+6/DGL//X5Yxb/G/LHLP435o9Z/G/KH7P435w/ZvG/JX/M4n9r/pjF/7b8MYv/7fljFv878scs/nfmj1n878ofs/jfnT9m8b8nf8zif2/+mMX/vvwxi//9+WMW/wfyxyz+D+aPWfwfyh+z+D+cP2bxfyR/zOL/aP6Yxf+x/DGL/+P5Yxb/J/LHLP5P5o9Z/J/KH7P4P50/ZvF/Jn/M4v9s/pjF/7n8MYv/8/ljFv8X8scs/i/mj1n8X8ofs/i/nD9m8X8lf8zi/2r+mMX/tfwxif/ggfwxi/+g/DGL/0j5Yxb/kfPHLP6D88cs/qPkj1n8R80fs/iPlj9m8R+SP2bxHz1/zOI/Rv6YxX/M/DGL/1j5Yxb/sfPHLP7j5I9Z/MfNH7P4j5c/ZvEfP3/M4j9B/pjF/0P5Yxb/D+ePWfwnzB+z+H8kf8ziP1H+mMV/4vwxi/9H88cs/h/LH7P4fzx/zOL/ifwxi/8n88cs/pPkj1n8J80fs/hPlj9m8f9U/pjFf/L8MYv/FPljFv8p88cs/lPlj1n8p84fs/h/On/M4j9N/pjF/zP5Yxb/z+aPWfw/lz9m8f98/pjF/wv5Yxb/L+aPWfynzR+z+E+XP2bxnz5/zOI/Q/6YxX/G/DGL/0z5Yxb/L+WPWfxnzh+z+M+SP2bxnzV/zOI/W/6Yxf/L+WMW/9nzxyz+X8kfs/h/NX/M4j9H/pjF/2v5Yxb/OfPHLP5z5Y9Z/OfOH7P4z5M/ZvGfN3/M4j9f/pjFf/78MYv/AvljFv8F88cs/gvlj1n8v54/ZvH/xrv4m7cLi//Ccud3yuL/zfwxi/8i+WMW/2/lj1n8v50/ZvFfNH/M4r9Y/pjFf/H8MYv/EvljFv8l88cs/kvlj1n8v5M/ZvFfOn/M4r9M/pjF/7v5Yxb/ZfPHLP7L5Y9Z/JfPH7P4r5A/ZvFfMX/M4r9S/pjFf+X8MYv/9/LHLP6r5I9Z/FfNH7P4r5Y/ZvFfPX/M4r9G/pjFf838MYv/WvljFv/v549Z/NfOH7P4r5M/ZvFfN3/M4r9e/pjFf/38MYv/BvljFv8f5I9Z/DfMH7P4b5Q/ZvHfOH/M4v/D/DGL/yb5Yxb/H+WPWfw3zR+z+G+WP2bx3zx/zOL/4/wxi/9P8scs/lvkj1n8t8wfs/hvlT9m8d86f8ziv03+mMV/2/wxi/92+WMW/+3zxyz+O+SPWfx3zB+z+P80f8zi/7P8MYv/TvljFv+d88cs/rvkj1n8d80fs/j/PH/M4v+L/DGL/y/zxyz+u+WPWfx3zx+z+P8qf8zi/+v8MYv/HvljFv/f5I9Z/PfMH7P475U/ZvHfO3/M4v/b/DGL/+/yxyz+v88fs/jvkz9m8d83f8zi/4f8MYv/H/PHLP775Y9Z/PfPH7P4H5A/ZvH/U/6Yxf/P+WMW/wPzxyz+B+WPWfz/kj9m8T84f8zi/9f8MYv/IfljFv+/5Y9Z/A/NH7P4H5Y/ZvE/PH/M4n9E/pjF/8j8MYv/UfljFv+j88cs/sfkj1n8j80fs/gflz9m8T8+f8zif0L+mMX/xPwxi/9J+WMW/5Pzxyz+p+SPWfxPzR+z+J+WP2bxPz1/zOJ/Rv6Yxf/M/DGL/1n5Yxb/s/PHLP7n5I9Z/M/NH7P4n5c/ZvE/P3/M4n9B/pjF/8L8MYv/RfljFv+L88cs/n/PH7P4X5I/ZvG/NH/M4n9Z/pjF//L8MYv/FfljFv8r88cs/lflj1n8r84fs/hfkz9m8f9H/pjF/9r8MYv/dfljFv/r88cs/jfkj1n8b8wfs/jflD9m8b85f8zif0v+mMX/1vwxi/9t+WMW/9vzxyz+d+SPWfzvzB+z+N+VP2bxvzt/zOJ/T/6Yxf/e/DGL/335Yxb/+/PHLP4P5I9Z/B/MH7P4P5Q/ZvF/OH/M4v9I/pjF/9H8MYv/Y/ljFv/H88cs/k/kj1n8n8wfs/g/lT9m8X86f8zi/0z+mMX/2fwxi/9z+WMW/+fzxyz+L+SPWfxfzB+z+L+UP2bxfzl/zOL/Sv6Yxf/V/DGL/2v5YxL/UQbyxyz+g/LHLP4j5Y9Z/EfOH7P4D84fs/iPkj9m8R81f8ziP1r+mMV/SP6YxX/0/DGL/xj5Yxb/MfPHLP5j5Y9Z/MfOH7P4j5M/ZvEfN3/M4j9e/pjFf/z8MYv/BPljFv8P5Y9Z/D+cP2bxnzB/zOL/kfwxi/9E+WMW/4nzxyz+H80fs/h/LH/M4v/x/DGL/yfyxyz+n8wfs/hPkj9m8Z80f8ziP1n+mMX/U/ljFv/J88cs/lPkj1n8p8wfs/hPlT9m8Z86f8zi/+n8MYv/NPljFv/P5I9Z/D+bP2bx/1z+mMX/8/ljFv8v5I9Z/L+YP2bxnzZ/zOI/Xf6YxX/6/DGL/wz5Yxb/GfPHLP4z5Y9Z/L+UP2bxnzl/zOI/S/6YxX/W/DGL/2z5Yxb/L+ePWfxnzx+z+H8lf8zi/9X8MYv/HPljFv+v5Y9Z/OfMH7P4z5U/ZvGfO3/M4j9P/pjFf978MYv/fPljFv/588cs/gvkj1n8F8wfs/gvlD9m8f96/pjF/xv5Yxb/hfPHLP7fzB+z+C+SP2bx/1b+mMX/2/ljFv9F88cs/ovlj1n8F88fs/gvkT9m8V8yf8ziv1T+mMX/O/ljFv+l88cs/svkj1n8v5s/ZvFfNn/M4r9c/pjFf/n8MYv/CvljFv8V88cs/ivlj1n8V84fs/h/L3/M4r9K/pjFf9X8MYv/avljFv/V88cs/mvkj1n818wfs/ivlT9m8f9+/pjFf+38MYv/OvljFv9188cs/uvlj1n8188fs/hvkD9m8f9B/pjFf8P8MYv/RvljFv+N88cs/j/MH7P4b5I/ZvH/Uf6YxX/T/DGL/2b5Yxb/zfPHLP4/zh+z+P8kf8ziv0X+mMV/y/wxi/9W+WMW/63zxyz+2+SPWfy3zR+z+G+XP2bx3z5/zOK/Q/6YxX/H/DGL/0/zxyz+P8sfs/jvlD9m8d85f8ziv0v+mMV/1/wxi//P88cs/r/IH7P4/zJ/zOK/W/6YxX/3/DGL/6/yxyz+v84fs/jvkT9m8f9N/pjFf8/8MYv/XvljFv+988cs/r/NH7P4/y5/zOL/+/wxi/8++WMW/33zxyz+f8gfs/j/MX/M4r9f/pjFf//8MYv/AfljFv8/5Y9Z/P+cP2bxPzB/zOJ/UP6Yxf8v+WMW/4Pzxyz+f80fs/gfkj9m8f9b/pjF/9D8MYv/YfljFv/D88cs/kfkj1n8j8wfs/gflT9m8T86f8zif0z+mMX/2Pwxi/9x+WMW/+Pzxyz+J+SPWfxPzB+z+J+UP2bxPzl/zOJ/Sv6Yxf/U/DGL/2n5Yxb/0/PHLP5n5I9Z/M/MH7P4n5U/ZvE/O3/M4n9O/pjF/9z8MYv/efljFv/z88cs/hfkj1n8L8wfs/hflD9m8b84f8zi//f8MYv/JfljFv9L88cs/pflj1n8L88fs/hfkT9m8b8yf8zif1X+mMX/6vwxi/81+WMW/3/kj1n8r80fs/hflz9m8b8+f8zif0P+mMX/xvwxi/9N+WMW/5vzxyz+t+SPWfxvzR+z+N+WP2bxvz1/zOJ/R/6Yxf/O/DGL/135Yxb/u/PHLP735I9Z/O/NH7P435c/ZvG/P3/M4v9A/pjF/8H8MYv/Q/ljFv+H88cs/o/kj1n8H80fs/g/lj9m8X88f8zi/0T+mMX/yfwxi/9T+WMW/6fzxyz+z+SPWfyfzR+z+D+XP2bxfz5/zOL/Qv6Yxf/F/DGL/0v5Yxb/l/PHLP6v5I9Z/F/NH7P4v5Y/JvEfdSB/zOI/KH/M4j9S/pjFf+T8MYv/4Pwxi/8o+WMW/1Hzxyz+o+WPWfyH5I9Z/EfPH7P4j5E/ZvEfM3/M4j9W/pjFf+z8MYv/OPljFv9x88cs/uPlj1n8x88fs/hPkD9m8f9Q/pjF/8P5Yxb/CfPHLP4fyR+z+E+UP2bxnzh/zOL/0ffgP/h/cr3+Q7P4f6z5j1n8P54/ZvH/RP6Yxf+T+WMW/0nyxyz+k+aPWfwnyx+z+H8qf8ziP3n+mMV/ivwxi/+U+WMW/6nyxyz+U+ePWfw/nT9m8Z8mf8zi/5n8MYv/Z/PHLP6fyx+z+H8+f8zi/4X8MYv/F/PHLP7T5o9Z/KfLH7P4T58/ZvGfIX/M4j9j/pjFf6b8MYv/l/LHLP4z549Z/GfJH7P4z5o/ZvGfLX/M4v/l/DGL/+z5Yxb/r+SPWfy/mj9m8Z8jf8zi/7X8MYv/nPljFv+58scs/nPnj1n858kfs/jPmz9m8Z8vf8ziP3/+mMV/gfwxi/+C+WMW/4Xyxyz+X88fs/h/I3/M4r9w/pjF/5v5Yxb/RfLHLP7fyh+z+H87f8ziv2j+mMV/sfwxi//i+WMW/yXyxyz+S+aPWfyXyh+z+H8nf8ziv3T+mMV/mfwxi/9388cs/svmj31A/QeNYD3qcvljH1D/13vr/F8+f8ziv0L+mMV/xfwxi/9K+WMW/5Xzxyz+38sfs/ivkj9m8V81f8ziv1r+mMV/9fwxi/8a+WMW/zXzxyz+a+WPWfy/nz9m8V87f8ziv07+mMV/3fwxi/96+WMW//Xzxyz+G+SPWfx/kD9m8d8wf8ziv1H+mMV/4/wxi/8P88cs/pvkj1n8f5Q/ZvHfNH/M4r9Z/pjFf/P8MYv/j/PHLP4/yR+z+G+RP2bx3zJ/zOK/Vf6YxX/r/DGL/zb5Yxb/bfPHLP7b5Y9Z/LfPH7P475A/ZvHfMX/M4v/T/DGL/8/yxyz+O+WPWfx3zh+z+O+SP2bx3zV/zOL/8/wxi/8v8scs/r/MH7P475Y/ZvHfPX/M4v+r/DGL/6/zxyz+e+SPWfx/kz9m8d8zf8ziv1f+mMV/7/wxi/9v88cs/r/LH7P4/z5/zOK/T/6YxX/f/DGL/x/yxyz+f8wfs/jvlz9m8d8/f8zif0D+mMX/T/ljFv8/549Z/A/MH7P4H5Q/ZvH/S/6Yxf/g/DGL/1/zxyz+h+SPWfz/lj9m8T80f8zif1j+mMX/8Pwxi/8R+WMW/yPzxyz+R+WPWfyPzh+z+B+TP2bxPzZ/zOJ/XP6Yxf/4/DGL/wn5Yxb/E33+W72XhSz+J/n831MW/5Pzxyz+p+SPWfxPdfo/9u8WsPif5vT/t1n8T88fs/ifkT9m8T8zf8zif1b+mMX/7Pwxi/85+WMW/3Pzxyz+5+WPWfzPzx+z+F+QP2bxvzB/zOJ/Uf6Yxf/i/DGL/9/zxyz+l+SPWfwvzR+z+F+WP2bxvzx/zOJ/Rf6Yxf/K/DGL/1X5Yxb/q/PHLP7X5I9Z/P+RP2bxvzZ/zOJ/Xf6Yxf/6/DGL/w35Yxb/G/PHLP435Y9Z/G/OH7P435I/ZvG/NX/M4n9b/pjF//b8MYv/HfljFv8788cs/nflj1n8784fs/jfkz9m8b83f8zif1/+mMX//vwxi/8D+WMW/wfzxyz+D+WPWfwfzh+z+D+SP2bxfzR/zOL/WP6Yxf/x/DGL/xP5Yxb/J/PHLP5P5Y+97j8w8IH3fzr/gdHhOsv8fyZ/zOL/bP6Yxf+5/DGL//P5Yxb/F/LHLP4v5o9Z/F/KH7P4v5w/ZvF/JX/M4v9q/pjF/7X8MYn/aAP5Yxb/QfljFv+R8scs/iPnj1n8B+ePWfxHyR+z+I+aP2bxHy1/zOI/JH/M4j96/pjFf4z8MYv/mPljFv+x8scs/mPnj1n8x8kfs/iPmz9m8R8vf8ziP37+wxvytksW/wnyxyz+H8ofs/h/OH/M4j9h/pjF/yP5Yxb/ifLHLP4T549Z/D+aP2bx/1j+mMX/4/ljFv9P5I9Z/D+ZP2bxnyR/zOI/af6YxX+y/DGL/6fyxyz+k+ePWfynyB+z+E+ZP2bxnyp/zOI/df6Yxf/T+WMW/2nyxyz+n8kfs/h/Nn/M4v+5/DGL/+fzxyz+X8gfs/h/MX/M4j9t/pjFf7r8MYv/9PljFv8Z8scs/jPmj1n8Z8ofs/h/KX/M4j9z/pjFf5b8MYv/rPljFv/Z8scs/l/OH7P4z54/ZvH/Sv6Yxf+r+WMW/znyxyz+X8sfs/jPmT9m8Z8rf8ziP3f+mMV/nvwxi/+8+WMW//nyxyz+8+ePWfwXyB+z+C+YP2bxXyh/zOL/9fwxi/838scs/gvnj1n8v5k/ZvFfJH/M4v+t/DGL/7fzxyz+i+aPWfwXyx+z+C+eP2bxXyJ/zOK/ZP6YxX+p/DGL/3fyxyz+S+ePWfyXyR+z+H83f8ziv2z+mMV/ufwxi//y+WMW/xXyxyz+K+aPWfxXyh+z+K+cP2bx/17+mMV/lfwxi/+q+WMW/9Xyxyz+q+ePWfzXyB+z+K+ZP2bxXyt/zOL//fwxi//a+WMW/3Xyxyz+6+aPWfzXyx+z+K+fP2bx3yB/zOL/g/wxi/+G+WMW/43yxyz+G+ePWfx/mD9m8d8kf8zi/6P8MYv/pvljFv/N8scs/pvnj1n8f5w/ZvH/Sf6YxX+L/DGL/5b5Yxb/rfLHLP5b549Z/LfJH7P4b5s/ZvHfLn/M4r99/pjFfwf0b4uw+O+YNmbx/2n+mMX/Z/ljFv+d8scs/jvnj1n8d8kfs/jvmj9m8f95/pjF/xf5Yxb/X+aPWfx3M/qP9u8XsfjvbvR/D1n8f5U/ZvH/df6YxX+P/DGL/2/yxyz+e+aPWfz3yh+z+O+dP2bx/23+mMX/d/ljFv/f549Z/PfJH7P475s/ZvH/Q/6Yxf+P+WMW//3yxyz+++ePWfwPyB+z+P8pf8zi/+f8MYv/gfljFv+D8scs/n/JH7P4H5w/ZvH/a/6Yxf+Q/DGL/9/yxyz+h+aPWfwPyx+z+B+eP2bxPyJ/zOJ/ZP6Yxf+o/DGL/9H5Yxb/Y/LHLP7H5o9Z/I/LH7P4H58/ZvE/IX/M4n9i/pjF/6T8MYv/yfljFv9T8scs/qfmj1n8T8sfs/ifnj9m8T8jf8zif2b+mMX/rPwxi//Z+WMW/3Pyxyz+5+aPWfzPyx+z+J+fP2bxvyB/zOJ/Yf6Yxf+i/DGL/8X5Yxb/v+ePWfwvyR+z+F+aP2bxvyx/zOJ/ef6Yxf+K/DGL/5X5Yxb/q/LHLP5X549Z/K/JH7P4/yN/zOJ/bf6Yxf+6/DGL//X5Yxb/G/LHLP435o9Z/G/KH7P435w/ZvG/JX/M4n9r/pjF/7b8MYv/7fljFv878scs/nfmj1n878ofs/jfnT9m8b8nf8zif2/+mMX/vvwxi//9+WMW/wfyxyz+D+aPWfwfyh+z+D+cP2bxfyR/zOL/aP6Yxf+x/DGL/+P5Yxb/J/LHLP5P5o9Z/J/KH7P4P50/ZvF/Jn/M4v9s/pjF/7n8MYv/8/ljFv8X8scs/i/mj1n8X8ofs/i/nD9m8X8lf8zi/2r+mMX/tfwxif+Qgfwxi/+g/DGL/0j5Yxb/kfPHLP6D88cs/qPkj1n8R80fs/iPlj9m8R+SP2bxHz1/zOI/Rv6YxX/M/DGL/1j5Yxb/sfPHLP7j5I9Z/MfNH7P4j5c/ZvEfP3/M4j9B/pjF/0P5Yxb/D+ePWfwnzB+z+H8kf8ziP1H+mMV/4vwxi/9H88cs/h/LH7P4fzx/zOL/ifwxi/8n88cs/pPkj1n8J80fs/hPlj9m8f9U/pjFf/L8MYv/FPljFv8p88cs/lPlj1n8p84fs/h/On/M4j9N/pjF/zP5Yxb/z+aPWfw/lz9m8f98/pjF/wv5Yxb/L+aPWfynzR+z+E+XP2bxnz5/zOI/Q/6YxX/G/DGL/0z5Yxb/L+WPWfxnzh+z+M+SP2bxnzV/zOI/W/6Yxf/L+WMW/9nzxyz+X8kfs/h/NX/M4j9H/pjF/2v5Yxb/OfPHLP5z5Y9Z/OfOH7P4z5M/ZvGfN3/M4j9f/pjFf/78MYv/AvljFv8F88cs/gvlj1n8v/5u/hO++tpr/wur9p+Yxf8bzX/M4r9w/pjF/5v5Yxb/RfLHLP7fyh+z+H87f8ziv2j+mMV/sfwxi//i+WMW/yXyxyz+S+aPWfyXyh+z+H8nf8ziv3T+mMV/mfwxi/9388cs/svmj1n8l8sfs/gvnz9m8V8hf8ziv2L+mMV/pfwxi//K+WMW/+/lj1n8V8kfs/ivmj9m8V8tf8ziv3r+mMV/jfwxi/+a+WMW/7Xyxyz+388fs/ivnT9m8V8nf8ziv27+mMV/vfwxi//6+WMW/w3yxyz+P8gfs/hvmD9m8d8of8ziv3H+mMX/h/ljFv9N8scs/j/KH7P4b5o/ZvHfLH/M4r95/pjF/8f5Yxb/n+SPWfy3yB+z+G+ZP2bx3yp/zOK/df6YxX+b/DGL/7b5Yxb/7fLHLP7b549Z/HfIH7P475g/ZvH/af6Yxf9n+WMW/53yxyz+O+ePWfx3yR+z+O+aP2bx/3n+mMX/F/ljFv9f5o9Z/HfLH7P4754/ZvH/Vf6Yxf/X+WMW/z3yxyz+v8kfs/jvmT9m8d8rf8ziv3f+mMX/t/ljFv/f5Y9Z/H+fP2bx3yd/zOK/b/6Yxf8P+WMW/z/mj1n898sfs/jvnz9m8T8gf8zi/6f8MYv/n/PHLP4H5o9Z/A/KH7P4/yV/zOJ/cP6Yxf+v+WMW/0Pyxyz+f8sfs/gfmj9m8T8sf8zif3j+mMX/iPwxi/+R+WMW/6Pyxyz+R+ePWfyPyR+z+B+bP2bxPy5/zOJ/fP6Yxf+E/DGL/4n5Yxb/k/LHLP4n549Z/E/JH7P4n5o/ZvE/LX/M4n96/pjF/4z8MYv/mfljFv+z8scs/mfnj1n8z8kfs/ifmz9m8T8vf8zif37+mMX/gvwxi/+F+WMW/4vyxyz+F+ePWfz/nj9m8b8kf8zif2n+mMX/svwxi//l+WMW/yvyxyz+V+aPWfyvyh+z+F+dP2bxvyZ/zOL/j/wxi/+1+WMW/+vyxyz+1+ePWfxvyB+z+N+YP2bxvyl/zOJ/c/6Yxf+W/DGL/635Yxb/2/LHLP63549Z/O/IH7P435k/ZvG/K3/M4n93/pjF/578MYv/vfljFv/78scs/vfnj1n8H8h/WEPeftHi/2D+mMX/ofwxi//D+WMW/0fyxyz+j+aPWfwfyx+z+D+eP2bxfyJ/zOL/ZP6Yxf+p/DGL/9P5Yxb/Z/LHLP7P5o9Z/J/LH7P4P58/ZvF/IX/M4v9i/pjF/6X8MYv/y/ljFv9X8scs/q/mj1n8X8sfk/iPPpA/ZvEflD9m8R8pf8ziP3L+mMV/cP6YxX+U/DGL/6j5Yxb/0fLHLP5D8scs/qPnj1n8x8gfs/iPmT9m8R8rf8ziP3b+mMV/nPwxi/+4+WMW//Hyxyz+4+ePWfwnyB+z+H8of8zi/+H8MYv/hPljFv+P5I9Z/CfKH7P4T5w/ZvH/aP6Yxf9j+WMW/4/nj1n8P5E/ZvH/ZP6YxX+S/DGL/6T5Yxb/yfLHLP6fyh+z+E+eP2bxnyJ/zOI/Zf6YxX+q/DGL/9T5Yxb/T+ePWfynyR+z+H8mf8zi/9n8MYv/5/LHLP6fzx+z+H8hf8zi/8X8MYv/tPljFv/p8scs/tPnj1n8Z8gfs/jPmD/2uv+kAwMDH3D/mfLHLPP/S/ljFv+Z88cs/rPkj1n8Z80fs/jPlj9m8f9y/pjFf/b8MYv/V/LHLP5fzR+z+M+RP2bx/1r+mMV/zvwxi/9c+WMW/7nzxyz+8+SPWfznzR+z+M+XP2bxnz9/zOK/QP6YxX/B/DGL/0L5Yxb/r+ePWfy/kT9m8V84f8zi/838MYv/IvljFv9v5Y9Z/L+dP2bxXzR/zOK/WP6YxX/x/DGL/xL5Yxb/JfPHLP5L5Y9Z/L+TP2bxXzp/zOK/TP6Yxf+7+WMW/2Xzxyz+y+WPWfyXzx+z+K+QP2bxXzF/zOK/Uv6YxX/l/DGL//fyxyz+q+SPWfxXzR+z+K+WP2bxXz1/zOK/Rv6YxX/N/DGL/1r5Yxb/7+ePWfzXzh+z+K+TP2bxXzd/zOI/av6YxX/9/DGL/wb5Yxb/H+SPWfw3zB+z+G+UP2bx3zh/zOL/w/wxi/8m+WMW/x/lj1n8N80fs/hvlj9m8d88f8zi/+P8MYv/T/LHLP5b5I9Z/LfMH7P4b5U/ZvHfOn/M4r9N/pjFf9v8MYv/dvljFv/t88cs/jvkj1n8d8wfs/j/NH/M4v+z/DGL/075Y4PO3fPZ4Wc/0P47549Z5v8u+WMW/13zxyz+P88fs/j/In/M4v/L/DGL/275Yxb/3fPHLP6/yh+z+P86f8ziv0f+mMX/N/ljFv8988cs/nvlj1n8984fs/j/Nn/M4v+7/DGL/+/zxyz+++SPWfz3zR+z+P8hf8zi/8f8MYv/fvljFv/988cs/gfkj1n8/5Q/ZvH/c/6Yxf/A/DGL/0H5Yxb/v+SPWfwPzh+z+P81f8zif0j+mMX/b/ljFv9D88cs/oflj1n8D88fs/gfkT9m8T8yf8zif1T+mMX/6Pwxi/8x+WMW/2Pzxyz+x+WPWfyPzx+z+J+QP2bxPzF/zOJ/Uv6Yxf/k/DGL/yn5Yxb/U/PHLP6n5Y9Z/E/PH7P4n5E/ZvE/M3/M4n9W/pjF/+z8MYv/OfljFv9z88cs/uflj1n8z88fs/hfkD9m8b8wf8zif1H+mMX/4vwxi//f88cs/pfkj1n8L80fs/hflj9m8b88f8zif0X+mMX/yvwxi/9V+WMW/6vzxyz+1+SPWfz/kT9m8b82f8zif13+mMX/+vwxi/8N+WMW/xvzxyz+N+WPWfxvzh+z+N+SP2bxvzV/zOJ/W/6Yxf/2/DGL/x35Yxb/O/PHLP535Y9Z/O/OH7P435M/ZvG/N3/M4n9f/pjF//78MYv/A/ljFv8H88cs/g/lj1n8H84fs/g/kj9m8X80f8zi/1j+mMX/8fwxi/8T+WMW/yfzxyz+T+WPWfyfzh+z+D+TP2bxfzZ/zOL/XP6Yxf/5/DGL/wv5Yxb/F/PHLP4v5Y9Z/F/OH7P4v5I/ZvF/NX/M4v9a/pjEf4yB/DGL/6D8MYv/SPljFv+R88cs/oPzxyz+o+SPWfxHzR+z+I+WP2bxH5I/ZvEfPX/M4j9G/pjFf8z8MYv/WPljFv+x88cs/uPkj1n8x80fs/iPlz9m8R8/f8ziP0H+mMX/Q/ljFv8P549Z/CfMH7P4fyR/zOI/Uf6YxX/i/DGL/0fzxyz+H8sfs/h/PH/M4v+J/DGL/yfzxyz+k+SPWfwnzR+z+E+WP2bx/1T+mMV/8vwxi/8U+WMW/ynzxyz+U+WPWfynzh+z+H86f8ziP03+mMX/M/ljFv/P5o9Z/D+XP2bx/3z+mMX/C/ljFv8v5o9Z/KfNH7P4T5c/ZvGfPn/M4j9D/pjFf8b8MYv/TPljFv8v5Y9Z/GfOH7P4z5I/ZvGfNX/M4j9b/pjF/8v5Yxb/2fPHLP5fyR+z+H81f8ziP0f+mMX/a/ljFv8588cs/nPlj1n8584fs/jPkz9m8Z83f8ziP1/+mMV//vwxi/8C+WMW/wXzxyz+C+WPWfy/nj9m8f9G/pjFf+H8MYv/N/PHLP6L5I9Z/L+VP2bx/3b+mMV/0fwxi/9i+WMW/8Xzxyz+S+SPWfyXzB+z+C+VP2bx/07+mMV/6fwxi/8y+WMW/+/mj1n8l80fs/gvlz9m8V8+f8ziv0L+mMV/xfwxi/9K+WMW/5Xzxyz+38sfs/ivkj9m8V81f8ziv1r+mMV/9fwxi/8a+WMW/zXzxyz+a+WPWfy/nz9m8V87f8ziv07+mMV/3fwxi/96+WMW//Xzxyz+G+SPWfx/kD9m8d8wf8ziv1H+mMV/4/wxi/8P88cs/pvkj1n8f5Q/ZvHfNH/M4r9Z/pjFf/P8MYv/j/PHLP4/yR+z+G+RP2bx3zJ/zOK/Vf6YxX/r/DGL/zb5Yxb/bfPHLP7b5Y9Z/LfPH7P475A/ZvHfMX/M4v/T/DGL/8/yxyz+O+WPWfx3zh+z+O+SP2bx3zV/zOL/8/wxi/8v8scs/r/MH7P475Y/ZvHfPX/M4v+r/DGL/6/zxyz+e+SPWfx/kz9m8d8zf8ziv1f+mMV/7/wxi/9v88cs/r/LH7P4/z5/zOK/T/6YxX/f/DGL/x/yxyz+f8wfs/jvlz9m8d8/f8zif0D+mMX/T/ljFv8/549Z/A/MH7P4H5Q/ZvH/S/6Yxf/g/DGL/1/zxyz+h+SPWfz/lj9m8T80f8zif1j+mMX/8Pwxi/8R+WMW/yPzxyz+R+WPWfyPzh+z+B+TP2bxPzZ/zOJ/XP6Yxf/4/DGL/wn5Yxb/E/PHLP4n5Y9Z/E/OH7P4n5I/ZvE/NX/M4n9a/pjF//T8MYv/GfljFv8z88cs/mflj1n8z84fs/ifkz9m8T83f8zif17+mMX//Pwxi/8F+WMW/wvzxyz+F+WPWfwvzh+z+P89f8zif0n+mMX/0vwxi/9l+WMW/8vzxyz+V+SPWfyvzB+z+F+VP2bxvzp/zOJ/Tf6Yxf8f+WMW/2vzxyz+1+WPWfyvzx+z+N+QP2bxvzF/zOJ/U/6Yxf/m/DGL/y35Yxb/W/PHLP635Y9Z/G/PH7P435E/ZvG/M3/M4n9X/pjF/+78BwZG/terLP735I9Z/O/NH7P435c/ZvG/P3/M4v9A/pjF/8H8MYv/Q/ljFv+H88cs/o/kj33Q/VccdnaMR/PHPuj+wxvjsfwxi//j+WMW/yfyxz7I/qP989oxnswf+yD7v3X+P5U/ZvF/On/M4v9M/pjF/9n8MYv/c/ljFv/n88cs/i/kj1n8X8wfs/i/lD9m8X85f8zi/0r+mMX/1fwxi/9r+WMS/zEH8scs/oPyxyz+I+WPWfxHzh+z+A/OH7P4j5I/ZvEfNX/M4j9a/pjFf0j+mMV/9Pwxi/8Y+WMW/zHzxyz+Y+WPWfzHzh+z+I+TP2bxHzd/zOI/Xv6YxX/8/DGL/wT5Yxb/D+WPWfw/nD9m8Z8wf8zi/5H8MYv/RPljFv+J88cs/h/NH7P4fyx/zOL/8fwxi/8n8scs/p/MH7P4T5I/ZvGfNH/M4j9Z/pjF/1P5Yxb/yfPHLP5T5I9Z/KfMH7P4T5U/ZvGfOn/M4v/p/DGL/zT5Yxb/z+SPWfw/mz9m8f9c/pjF//P5Yxb/L+SPWfy/mD9m8Z82f8ziP13+mMV/+vwxi/8M+WMW/xnzxyz+M+WPWfy/lD9m8Z85f8ziP0v+mMV/1vwxi/9s+WMW/y/nj1n8Z88fs/h/JX/M4v/V/DGL/xz5Yxb/r+WPWfznzB+z+M+VP2bxnzt/zOI/T/6YxX/e/DGL/3z5Yxb/+fPHLP4L5I9Z/BfMH7P4L5Q/ZvH/ev6Yxf8b+WMW/4Xzxyz+38wfs/gvkj9m8f9W/pjF/9v5Yxb/RfPHLP6L5Y9Z/BfPH7P4L5E/ZvFfMn/M4r9U/pjF/zv5Yxb/pfPHLP7L5I9Z/L+bP2bxXzZ/zOK/XP6YxX/5/DGL/wr5Yxb/FfPHLP4r5Y9Z/FfOH7P4fy9/zOK/Sv6YxX/V/DGL/2r5Yxb/1fPHLP5r5I9Z/NfMH7P4r5U/ZvH/fv6YxX/t/DGL/zr5Yxb/dfPHLP7r5Y9Z/NfPH7P4b5A/ZvH/Qf6YxX/D/DGL/0b5Yxb/jfPHLP4/zB+z+G+SP2bx/1H+mMV/0/wxi/9m+WMfXP+rX3ur/+b5Yx9c/7fP/x/nj1n8f5I/ZvHfIn/M4r9l/pjFf6v8MYv/1vljFv9t8scs/tvmj1n8t8sfs/hvnz9m8d8hf8ziv2P+mMX/p/ljFv+f5Y9Z/HfKH7P475w/ZvHfJX/M4r9r/pjF/+f5Yxb/X+SPWfx/mT9m8d8tf8ziv3v+mMX/V/ljFv9f549Z/PfIH7P4/yZ/zOK/Z/6YxX+v/DGL/975Yxb/3+aPWfx/lz9m8f99/pjFf5/8MYv/vvljFv8/5I9Z/P+YP2bx3y9/zOK/f/6Yxf+A/DGL/5/yxyz+f84fs/gfmD9m8T8of8zi/5f8MYv/wfljFv+/5o9Z/A/JH7P4/y1/zOJ/aP6Yxf+w/DGL/+H5Yxb/I/LHLP5H5o9Z/I/KH7P4H50/ZvE/Jn/M4n9s/pjF/7j8MYv/8fljFv8T8scs/ifmj1n8T8ofs/ifnD9m8T8lf+wN/4EhAwMfZP9T88cs8/+0/DGL/+n5Yxb/M/LHLP5n5o9Z/M/KH7P4n50/ZvE/J3/M4n9u/pjF/7z8MYv/+fljFv8L8scs/hfmj1n8L8ofs/hfnD9m8f97/pjF/5L8MYv/pfljFv/L8scs/pfnj1n8r8gfs/hfmT9m8b8qf8zif3X+mMX/mvwxi/8//tW/zUHkf23gmMX/uvwxi//1+WMW/xvyxyz+N+aPWfxvyh+z+N+cP2bxvyV/zOJ/a/6Yxf+2/DGL/+35Yxb/O/LHLP535o9Z/O/KHxvmPzAwsPUH2//u/DHL/L8nf8zif2/+mMX/vvwxi//9+WMW/wfyxyz+D+aPWfwfyh+z+D+cP2bxfyR/zOL/aP6Yxf+x/DGL/+P5Yxb/J/LHLP5P5o9Z/J/KH7P4P50/ZvF/Jn/M4v9s/pjF/7n8MYv/8/ljFv8X8scs/i/mj1n8X8ofs/i/nD9m8X8lf8zi/2r+mMX/tfwxif9YA/ljFv9B+WMW/5Hyxyz+I+ePWfwH549Z/Ed5B//rrh95xf+tVftPzOI/avMfs/iPlj9m8R+SP2bxHz1/zOI/Rv6YxX/M/DGL/1j5Yxb/sfP/l7YW+Y+TP2bxHzd/zOI/Xv6YxX/8/DGL/wT5Yxb/D+WPWfw/nD9m8Z8wf8zi/5H8MYv/RPljFv+J88cs/h/NH7P4fyx/zOL/8fwxi/8n8scs/p/MH7P4T5I/ZvGfNH/M4j9Z/pjF/1P5Yxb/yfPHLP5T5I9Z/KfMH7P4T5U/ZvGfOn/M4v/p/DGL/zT5Yxb/z+SPWfw/mz9m8f9c/pjF//P5Yxb/L+SPWfy/mD9m8Z82f8ziP13+mMV/+vwxi/8M+WMW/xnzxyz+M+WPWfy/lD9m8Z85f8ziP0v+mMV/1vwxi/9s+WMW/y/nj1n8Z88fs/h/JX/M4v/V/DGL/xz5Yx9M/2HSb/X/Wv7YB9N/WG/1nzN/zOI/V/6YxX/u/DGL/zz5Yxb/efPHLP7z5Y9Z/OfPH7P4L5A/ZvFfMH/M4r9Q/pjF/+v5Yxb/b+SPWfwXzh+z+H8zf8ziv0j+mMX/W/ljFv9v549Z/BfNH7P4L5Y/ZvFfPH/M4r9E/pjFf8n8MYv/UvljFv/v5I9Z/JfOH7P4L5M/ZvH/bv6YxX/Z/DGL/3L5Yxb/5fPHLP4r5I9Z/FfMH7P4r5Q/ZvFfOX/M4v+9/DGL/yr5Yxb/VY3+7+EBW/xXM/q/hyz+q+ePWfzXyB+z+K+ZP2bxXyt/zOL//fwxi//a+WMW/3Xyxyz+6+aPWfzXyx+z+K+fP2bx3yB/zOL/g/wxi/+G+WMW/43yxyz+G+ePWfx/mD9m8d8kf8zi/6P8MYv/pvljFv/N8scs/pvnj1n8f5w/ZvH/Sf6YxX+L/DGL/5b5Yxb/rfLHLP5b549Z/LfJH7P4b5s/ZvHfLn/M4r99/pjFf4f8MYv/jvljFv+f5o9Z/H+WP2bx3yl/zOK/c/6YxX+X/DGL/675Yxb/n+ePWfx/kT9m8f9l/pjFf7f8MYv/7vljFv9f5Y9Z/H+dP2bx3yN/zOL/m/wxi/+e+WMW/73yxyz+e+ePWfx/mz9m8f9d/pjF//f5Yxb/ffLHLP775o9Z/P+QP2bx/2P+mMV/v/wxi//++WMW/wPyxyz+f8ofs/j/OX/M4n9g/pjF/6D8MYv/X/LHLP4H549Z/P+aP2bxPyR/zOL/t/wxi/+h+WMW/8Pyxyz+h+ePWfyPyB+z+B+ZP2bxPyp/zOJ/dP6Yxf+Y/DGL/7H5Yxb/4/LHLP7H549Z/E/IH7P4n5g/ZvE/KX/M4n9y/pjF/5T8MYv/qfljFv/T8scs/qfnj1n8z8gfs/ifmT9m8T8rf8zif3b+2Aj+o7/f6/P/u3fwPyd/zDL/z80fs/iflz9m8T8/f8zif0H+mMX/wvwxi/9F+WMW/4vzxyz+f88fs/hfkj9m8b80f8zif1n+mMX/8vwxi/8V+WMW/yvzxyz+V+WPWfyvzh+z+F+TP2bx/0f+mMX/2vwxi/91+WMW/+vzxyz+N+SPWfxvzB+z+N+UP2bxvzl/zOJ/S/6Yxf/W/DGL/235Yxb/2/PHLP535I9Z/O/MH7P435U/ZvG/O3/M4n9P/pjF/978MYv/ffljFv/788cs/g/kj1n8H8wfs/g/lD9m8X84f8zi/0j+mMX/0fwxi/9j+WMW/8fzxyz+T+SPWfyfzB+z+D+VP2bxfzp/zOL/TP6Yxf/Z/DGL/3P5Yxb/5/PHLP4v5I9Z/F/MH7P4v5Q/ZvF/OX/M4v9K/pjF/9X8MYv/a/ljEv+xB/LHLP6D8scs/iPlj1n8R84fs/gPzh+z+I+SP2bxHzV/zOI/Wv6YxX9I/pjFf/T8MYv/GPljFv8x88cs/mPlj1n8x84fs/iPkz9m8R83f8ziP17+mMV//Pwxi/8E+WMW/w/lj1n8P5w/ZvGfMH/M4v+R/DGL/0T5Yxb/ifPHLP4fzR+z+H8sf8zi//H8MYv/J/LHLP6fzB+z+E+SP2bxnzR/zOI/Wf6Yxf9T+WMW/8nzxyz+U+SPWfynzB+z+E+VP2bxnzp/zOL/6fwxi/80+WMW/8/kj1n8P5s/ZvH/XP6Yxf/z+WMW/y/kj1n8v5g/ZvGfNn/M4j9d/pjFf/r8MYv/DPljFv8Z88cs/jPlj1n8v5Q/ZvGfOX/M4j9L/pjFf9b8MYv/bPljFv8v549Z/GfPH7P4fyV/zOL/1fwxi/8c+WMW/6/lj1n858wfs/jPlT9m8Z87f8ziP0/+mMV/3vwxi/98+WMW//nzxyz+C+SPWfwXzB+z+C+UP2bx/3r+mMX/G/ljFv+F88cs/t/MH7P4L5I/ZvH/Vv6Yxf/b+WMW/0Xzxyz+i+WPWfwXzx+z+C+RP2bxXzJ/zOK/VP6Yxf87+WMW/6Xzxyz+y+SPWfy/mz9m8V82f8ziv1z+mMV/+fwxi/8K+WMW/xXzxyz+K+WPWfxXzh+z+H8vf8ziv0r+mMV/1fwxi/9q+WMW/9Xzxyz+a+SPWfzXzB+z+K+VP2bx/37+mMV/7fwxi/86+WMW/3Xzxyz+6+WPWfzXzx+z+G+QP2bx/0H+mMV/w/wxi/9G+WMW/43zxyz+P8wfs/hvkj9m8f9R/pjFf9P8MYv/ZvljFv/Nrf5D3v1mi/+Prf7/Jov/T/LHLP5b5I9Z/LfMH7P4b5U/ZvHfOn/M4r9N/pjFf9v8MYv/dvljFv/t88cs/jvkj1n8d8wfs/j/NH/M4v+z/DGL/075Yxb/nfPHLP675I9Z/HfNH7P4/zx/zOL/i/wxi/8v88cs/rvlj1n8d88f+6D6DxnB/1f5Yx9U/4ER/H+dP2bx3yN/zOL/m/wxi/+e+WMW/73yxyz+e+ePWfx/mz9m8f9d/pjF//f5Yxb/ffLHLP775o9Z/P+QP2bx/2P+mMV/v/wxi//++WMW/wPyxyz+f8ofs/j/OX/M4n9g/pjF/6D8MYv/X/LHLP4H549Z/P+aP2bxPyR/zOL/t/wxi/+h+WMW/8Pyxyz+h+ePWfyPyB+z+B+ZP2bxPyp/zOJ/dP6Yxf+Y/DGL/7H5Yxb/4/LHLP7H549Z/E/IH7P4n5g/ZvE/KX/M4n9y/pjF/5T8MYv/qUr/If92CYv/aUr/f5/F//T8MYv/GfljFv8z88cs/mflj1n8z84fs/ifkz9m8T83f8zif17+mMX//Pwxi/8F+WMW/wvzxyz+F+WPWfwvzh+z+P89f8zif0n+mMX/0vwxi/9l+WMW/8vzxyz+V+SPWfyvzB+z+F+VP2bxvzp/zOJ/Tf6Yxf8f+WMW/2vzxyz+1+WPWfyvzx+z+N+QP2bxvzF/zOJ/U/6Yxf/m/DGL/y35Yxb/W/PHLP635Y9Z/G/PH7P435E/ZvG/M3/M4n9X/pjF/+78MYv/PfljFv9788cs/vflj1n8788fs/g/kD9m8X8w/9ebbITLFv+H8scs/g/nj1n8H8kfs/g/mj9m8X8sf8zi/3j+mMX/ifwxi/+T+WMW/6fyxyz+T+ePWfyfyR+z+D+bP2bxfy5/zOL/fP6Yxf+F/DGL/4v5Yxb/l/LHLP4v549Z/F/JH7P4v5o/ZvF/LX9M4j/OQP6YxX9Q/pjFf6T8MYv/yPljFv/B+WMW/1Hyxyz+o+aPWfxHyx+z+A/JH7P4j54/ZvEfI3/M4j9m/pjFf6z8MYv/2PljFv9x8scs/uPmj1n8x8sfs/iPnz9m8Z8gf8zi/6H8MYv/h/PHLP4T5o9Z/D+SP2bxnyh/zOI/cf6Yxf+j+WMW/4/lj1n8P54/ZvH/RP6Yxf+T+WMW/0nyxyz+k+aPWfwnyx+z+H8qf8ziP3n+mMV/ivwxi/+U+WMW/6nyxyz+U+ePWfw/nT9m8Z/m7f6vjfy/vmL/mVn8P9P8xyz+n80fs/h/Ln/M4v/5/DGL/xfyxyz+X8wfs/hPmz9m8Z8uf8ziP33+mMV/hvwxi/+M+WMW/5nyxyz+X8ofs/jPnD9m8Z8lf8ziP2v+mMV/tvwxi/+X88cs/rPnj1n8v/KGfxvB27L4fzV6zOI/R/6Yxf9r+WMW/znzxyz+c+WPWfznzh+z+M+TP2bxnzd/zOI/X/6YxX/+/DGL/wL5Yxb/BfPHLP4L5Y9Z/L+eP2bx/0b+mMV/4fwxi/8388cs/ovkj1n8v5U/ZvH/dv6YxX/R/DGL/2L5Yxb/xfPHLP5L5I9Z/JfMH7P4L5U/ZvH/Tv6YxX/p/DGL/zL5Yxb/7+aPWfyXzR+z+C+XP2bxXz5/zOK/Qv6YxX/F/DGL/0r5Yxb/lfPHLP7fyx+z+K+SP2bxXzV/zOK/Wv6YxX/1/LFB5+65zLjDzn6g/dfIH7PM/zXzxyz+a+WPWfy/nz9m8V87f8ziv07+mMV/3fwxi/96ev+t8FqL//p6f87iv0H+mMX/B/ljFv8N88cs/hvlj1n8N84fs/j/MH/M4r9J/pjF/0f5Yxb/TfPHLP6b5Y9Z/DfPH7P4/zh/zOL/k/wxi/8W+WMW/y3zxyz+W+WPWfy3zh+z+G+TP2bx3zZ/zOK/Xf6YxX/7/DGL/w75Yxb/HfPHLP4/zR+z+P8sf8ziv1P+mMV/5/wxi/8u+WMW/13zxyz+P88fs/j/In/M4v/L/DGL/275Yxb/3fPHLP6/yh+z+P86f8ziv0f+mMX/N/ljFv8988cs/nvlj1n8984fs/j/Nn/M4v+7/DGL/+/zxyz+++SPWfz3zR+z+P8hf8zi/8f8MYv/fvljFv/988cs/gfkj1n8/5Q/ZvH/c/6Yxf/A/DGL/0H5Yxb/v+SPWfwPzh+z+P81f8zif0j+mMX/b/ljFv9D88cs/oflj1n8D88fs/gfkT9m8T8yf8zif1T+mMX/6Pwxi/8x+WMW/2Pzxyz+x+WPWfyPzx+z+J+QP2bxPzF/zOJ/Uv6Yxf/k/DGL/yn5Yxb/U9X+o73jLRb/09T+75zF//T8MYv/GfljFv8z88cs/mflj1n8z84fs/ifkz9m8T83f8zif17+mMX//Pwxi/8F+WMW/wvzxyz+F+WPWfwvzh+z+P89f8zif0n+mMX/0vwxi/9l+WMW/8vzxyz+V+SPWfyvzB+z+F+VP2bxvzp/zOJ/Tf6YxH/QwMDW+UMS/3Gubf5jFv/r8scs/tfnj1n8b8gfs/jfmD9m8b8pf8zif3P+mMX/lvwxi/+t+WMW/9vyxyz+t+ePWfzvyB+z+N+ZP2bxvyt/zOJ/d/6Yxf+e/DGL/735Yxb/+/LHLP73549Z/B/IH7P4P5g/ZvF/KH/M4v9w/pjF/5H8MYv/o/ljFv/H8scs/o/nj1n8n8gfs/g/mT9m8X8qf8zi/3T+mMX/mfwxi/+z+WMW/+fyxyz+z+ePWfxfyB+z+L+YP2bxfyl/zOL/cv6Yxf+V/DGL/6v5Yxb/1/LHJP7jDuSPWfwH5Y9Z/EfKH7P4j5w/ZvEfnD9m8R8lf8ziP2r+mMV/tPwxi/+Q/DGL/+j5Yxb/MfLHLP5j5o9Z/MfKH7P4j50/ZvEfJ3/M4j9u/tj/x879h2td13ccv/lNltOPberShkNjrs1IZDRqISqKxx+nTDTzN+oRSBD5IQmm4kYrdWy61M2STSwcc7ZqicPN9WtFw7Jma8TWKqe4FsaYg4XmjF0HziHO2dtzdb7s+7V8Px5/wLnv4/sOeV4v75uL6ypL/331D2XpX/QPZem/n/6hLP1fqX8oS/+f1T+Upf/P6R/K0n9//UNZ+h+gfyhL/wP1D2Xp//P6h7L0f5X+oSz9D9I/lKX/wfqHsvR/tf6hLP1/Qf9Qlv4j9A9l6X+I/qEs/X9R/1CW/iP1D2Xpf6j+oSz9D9M/lKX/a/QPZek/Sv9Qlv6/pH8oS//D9Q9l6f/L+oey9H+t/qEs/X9F/1CW/r+qfyhL/yP0D2Xp/zr9Q1n6j9Y/lKX/6/UPZel/pP6hLP3H6B/K0v8o/UNZ+o/VP5Sl/6/pH8rSf5z+oSz936B/KEv/X9c/lKX/eP1DWfq/Uf9Qlv5v0j+Upf9v6B/K0v/N+oey9J+gfyhL/6P1D2XpP1H/UJb+x+gfytL/WP1DWfofp38oS/9J+oey9D9e/1CW/ifoH8rSf7L+oSz9T9Q/lKV/m/6hLP1P0j+Upf/J+oey9D9F/1CW/qfqH8rSv13/UJb+b9E/lKX/W/UPZel/mv6hLP3fpn8oS//T9Q9l6T9F/1CW/mfoH8rS/0z9Q1n6v13/UJb+Z+kfytL/HfqHsvQ/W/9Qlv7n6B/K0v9c/UNZ+p+nfyhL//P1D2Xpf4H+oSz9L9Q/lKX/VP1DWfpfpH8oS/+L9Q9l6X+J/qEs/Tv0D2Xpf6n+oSz9p+kfytJ/uv6hLP1n6B/K0v+d+oey9L9M/1CW/jP1D2XpP0v/UJb+l+sfytJ/tv6hLP2v0D+Upf8c/UNZ+s/VP5Sl/zz9Q1n6z9c/lKX/lfqHsvRfoH8oS/936R/K0v8q/UNZ+i/UP5Sl/yL9Q1n6X61/KEv/d+sfytL/Gv1DWfpfq38oS//r9A9l6b9Y/1CW/tfrH8rS/zf1D2Xp/1v6h7L0X6J/KEv/9+gfytL/t/UPZen/Xv1DWfq/T/9Qlv436B/K0v9G/UNZ+t+kfyhL/9/RP5Sl/1L9Q1n6/67+oSz9f0//UJb+N+sfytL/Fv1DWfr/vv6hLP3fr38oS/9b9Q9l6X+b/qEs/W/XP5Sl/x/oH8rS/w/1D2Xpf4f+oSz9P6B/KEv/D+ofytL/Tv1DWfov0z+Upf8f6R/K0v+P9Q9l6X+X/qEs/ZfrH8rS/279Q1n6f0j/UJb+H9Y/lKX/it79RzT86/oJlaX/PfYfytL/T/QPZem/Uv9Qlv5/qn8oS/979Q9l6f9n+oey9L9P/1CW/h/RP5Sl/5/rH8rS/6P6h7L0/5j+oSz9P65/KEv/v9A/lKX/J/QPZel/v/6hLP1X6R/K0v8B/UNZ+v+l/qEs/VfrH8rS/0H9Q1n6/5X+oSz9/1r/UJb+D+kfytL/b/QPZen/Sf1DWfp/Sv9Qlv6f1j+Upf9n9A9l6f9Z/UNZ+v+t/qEs/T+nfyhL/8/rH8rSf43+oSz9v6B/KEv/v9M/lKX/Wv1DWfo/rH8oS/8v6h/K0v9L+oey9H9E/1CW/l/WP5Sl/1f0D2Xp//f6h7L0f1T/UJb+X9U/lKX/P+gfytL/a/qHsvT/R/1DWfqv0z+Upf/X9Q9l6b9e/1CW/v+kfyhL/3/WP5Sl/zf0D2Xp/y/6h7L0/6b+oSz9v6V/KEv/b+sfytL/Mf1DWfr/q/6hLP0f1z+Upf8T+oey9N+gfyhL/yf1D2Xp/2/6h7L0/47+oSz9/13/UJb+39U/lKX/Rv1DWfo/pX8oS//v6R/K0n+T/qEs/f9D/1CW/pv1D2Xp/5/6h7L0f1r/UJb+/6V/KEv/LfqHsvTfqn8oS///1j+Upf/39Q9l6b9N/1CW/s/oH8rS/1n9Q1n6/0D/UJb+z+kfytL/f/QPZen/vP6hLP1/qH8oS//t+oeS9N+3pX8oS/8B+oey9B+ofyhL/0H6h7L0H6x/KEv/IfqHsvQfqn8oS/9h+oey9B+ufyhL/5fpH8rSfy/9Q1n6v1z/UJb+r9A/lKX/3vqHsvT/Gf1DWfrvo3/oJdcfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgJ828hYsumzpzZsdcX/jCF77Y9cWL/V8mAADg/9uPPvS/2L8SAAAAAAAAAAAAAAAAAAAAyKuJ/zuxF/vfEQAAAAAAAAAAAAAAftq1tR+zadCAHk8N2v3Bqx/p2PHz2G1nTV+x4oHS/XPXt08OXnLg7g+2b9++fdnTEyZ1PRzWarU6/9f27Xo8vPdx5+svHnHngTsflYmfu/2x86fsfcrcVbcM/vqym9qfGrLj2SGtCy+dMbPj9QNbrXLckNZVnQ+OHNBqlROGtG7ufDCm88HkIa2VnQ+O2vHgZa1Pdz543cWzZ17S+cSJlX/P4KWirX1xa1CPxbZ6/Ndg9/0vHvH49O6f+3jJ7lcb3Ora/8hVXzyg1/e6vcD+u1+/HNN7//3+FwReUP/2/+z67p/7eMn/8/7/obXbFkXfe+H9d79+Odb+oT7B5/8eG+39ub/X5/9DgpfcdX/08LW3du6/7Yx7D+56avCP8/n/R69fjuu9/4E9Pv93fo6f1P35f1irVY7fw98OSKWt/fpNfb3/973/wa/qdTNg9/3f/eUNr+jc/z3PtZZ0PTWkn/uf1Nf7/w29fq1A/7S1L9/e6/2/H/tvjQpectf+N67ae8fn/w33Xbz/bt/rz/6P773/0fNnXTF63sJFR8yYNXVax7SOy8ePGXfk2PHjx40bveMTwc4f9/A3BZLYs/f/1l69bga0Wh277tfce9Okzv1vfnDJh7ueGt7P/Z/Q5/v/Id7/ITRyYGvo0NZVU+fPn3vkzh+7H47Z+ePOfyzYfz/+/H/o4V3/WPffGQ5otQ7cdT/q/PHDOvd/9Zyyuuupof3c/+Q+9z+x599VAv2zh+//l/S66bH/ozdeu6Bz/4d9f78NXU/198//J/a5/7u8/8OeaGtv1fom2rn/o4Zdf1K169Lm7/+gPk3sf8SWm7dWuy4n2T/Up4n9T1n6pouqXZeT7R/q08T+H5h1wdJq1+UU+4f6NLH/51+59aBq1+VU+4f6NLH/R7/z5Ipq16Xd/qE+Tez/A3e0H1XturzF/qE+Tez/iCufmVDturzV/qE+Tez/0pefvrLadTnN/qE+Tez/pO3H7l/turzN/qE+Tex/wPXfXVztupxu/1CfJvb/xNSls6tdlyn2D/VpYv8rR4x6ttp1OcP+oT5N7H/JU2+YXO26nGn/UJ8m9v+V2+58tNp1ebv9Q32a2P/Hz93vzmrX5Sz7h/o0sf8fjHxwr2rX5R32D/VpYv/r1q28v9p1Odv+oT5N7H/ZykEjq12Xc+wf6tPE/q87cdoj1a7LufYP9Wli/2PHfemcatflPPuH+jSx/wM/+80nq12X8+0f6tPE/k9/aMG8atflAvuH+jSx/wUHfeyH1a7LhfYP9Wli/2/uOGh6tesy1f6hPk3sv9yy17pq1+Ui+4f6NLH/szcvn1jtulxs/1CfJva/ep/Pf7TadbnE/qE+Tex/y5zLx1e7Lh32D/VpYv/ffs917612XS61f6hPE/u/9bmvlWrXZZr9Q32a2P/GMWefW+26TLd/qE8T+19+ytMPV7suM+wf6tPE/peufmx+tevyTvuH+jSx/zVrTn682nW5zP6hPk3s/7BRo/fu+ewzP+Z1mWn/UJ8m9j/7rCUfrHZdZtk/1KeJ/R93322vqXZdLrd/qE8T+x/+1QmfqHZdZts/1KeJ/X9qwvs+We26XGH/UJ8m9r914qGHV7suc+wf6tPE/tffP+b2atdlrv1DfZrY//sfvqPidZln/1CfJvY/57XPb652XebbP9Snif2/ccqZC6tdlyvtH+rTxP73v2vyF6pdlwX2D/VpYv/nfet7p1W7Lu+yf6hPE/s/9ICLDq52Xa6yf6hPE/ufPmPtjdWuy0L7h/o0sf9Jy9aPrXZdFtk/1KeJ/e/zxLy7q12Xq+0f6tPE/jcNOuDUatfl3fYP9Wli//dc89A3ql2Xa+wf6tPE/m+84SMd1a7LtfYP9Wli/5/ZNnRLtetynf0DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/LDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rYPo3QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAoAAD//5Jm6oI=")
creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xec)
mkdirat(0xffffffffffffff9c, &(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
rename(&(0x7f0000000280)='./file1\x00', 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x20, 0x0, 0xfc, 0x0, &(0x7f00000000c0))
rmdir(&(0x7f00000000c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00')

3.753683333s ago: executing program 2 (id=708):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0x8, &(0x7f0000000980)=ANY=[@ANYBLOB="34c056f94d70f022380eb7af64ee00000000ac90d16d3cb03f67ff949076f4da9a599b4f8f75626dcb99158d1bdd2368893a8f335bf37c0e915789e42c44cceec22c624414d6e300000000000000000000000000000000000000000000000000000093bb3f099b060353df3ccce873579b40fb07a3c4d4192486d4c609d02d1e4bcaa09790355b400c96ce76d5360f544f3057490cc8bdf5587dc802cfc7f2befa19a1ac0d39cb068027dd369fe3e1f73b4f1489190c24ce6cc378f1b80905f1cce4d74d8498b10ca97075eeeee4de4d", @ANYRESHEX, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000085100000ffffffffbce3f8ff7a080000"], &(0x7f0000000180)='GPL\x00', 0x2000003, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
ioctl$UI_DEV_SETUP(r4, 0x405c5503, &(0x7f0000000280)={{0x5}, 'syz1\x00', 0x10})
ioctl$UI_DEV_CREATE(r4, 0x5501)
ioctl$UI_DEV_DESTROY(r4, 0x5502)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_BATCH(r5, 0x0, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000400)=ANY=[@ANYBLOB], 0x0)
lseek(r2, 0x9, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f00000042c0)='stack\x00')
pread64(r6, &(0x7f0000002240)=""/237, 0xed, 0x4eb)
mkdir(0x0, 0x1a0)

2.227458929s ago: executing program 5 (id=709):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f00000001c0)={[{@treelog}, {@nodatacow}, {@max_inline={'max_inline', 0x3d, [0x6d, 0x33, 0x78, 0x39, 0x65, 0x36]}}, {@space_cache}, {@nodatasum}, {@nobarrier}, {@flushoncommit}, {@noautodefrag}, {@ref_verify}, {@noenospc_debug}, {@clear_cache}, {@commit={'commit', 0x3d, 0x3}}, {@ssd}, {@nobarrier}, {@max_inline={'max_inline', 0x3d, [0x38, 0x36, 0x38, 0x35, 0x32, 0x25]}}]}, 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
pwritev2(r0, &(0x7f00000001c0)=[{&(0x7f0000000a40)='\b', 0x1}], 0x1, 0x3, 0xfffffffb, 0x0)
symlink(&(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000800)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x804051, 0x0, 0xff, 0x0, &(0x7f0000000d40))
rename(&(0x7f0000000000)='./file0/file1\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x2)

1.111119491s ago: executing program 0 (id=710):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0x8, &(0x7f0000000980)=ANY=[@ANYBLOB="34c056f94d70f022380eb7af64ee00000000ac90d16d3cb03f67ff949076f4da9a599b4f8f75626dcb99158d1bdd2368893a8f335bf37c0e915789e42c44cceec22c624414d6e300000000000000000000000000000000000000000000000000000093bb3f099b060353df3ccce873579b40fb07a3c4d4192486d4c609d02d1e4bcaa09790355b400c96ce76d5360f544f3057490cc8bdf5587dc802cfc7f2befa19a1ac0d39cb068027dd369fe3e1f73b4f1489190c24ce6cc378f1b80905f1cce4d74d8498b10ca97075eeeee4de4d", @ANYRESHEX, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000085100000ffffffffbce3f8ff7a080000"], &(0x7f0000000180)='GPL\x00', 0x2000003, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
ioctl$UI_DEV_SETUP(r4, 0x405c5503, &(0x7f0000000280)={{0x5}, 'syz1\x00', 0x10})
ioctl$UI_DEV_CREATE(r4, 0x5501)
ioctl$UI_DEV_DESTROY(r4, 0x5502)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_BATCH(r5, 0x0, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000400)=ANY=[], 0x0)
lseek(r2, 0x9, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f00000042c0)='stack\x00')
pread64(r6, &(0x7f0000002240)=""/237, 0xed, 0x4eb)
mkdir(0x0, 0x1a0)

0s ago: executing program 2 (id=711):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0)
ftruncate(r0, 0x81ff)
r1 = open(&(0x7f0000000080)='./file2\x00', 0x4e482, 0x154)
ioctl$FS_IOC_RESVSP(r1, 0xc0189436, &(0x7f0000000240)={0x0, 0x4, 0x8000, 0x4, 0x4})

kernel console output (not intermixed with test programs):

syz1 as /devices/virtual/input/input44
[  542.495607][ T5846] Bluetooth: hci3: command tx timeout
[  542.620653][   T36] team0 (unregistering): Port device team_slave_1 removed
[  542.705515][   T36] team0 (unregistering): Port device team_slave_0 removed
[  544.380736][ T9015] team0: Port device team_slave_0 added
[  544.576034][ T5846] Bluetooth: hci3: command tx timeout
[  544.737322][ T9015] team0: Port device team_slave_1 added
[  546.085538][ T9233] loop0: detected capacity change from 0 to 32768
[  547.674508][ T9233] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  547.674544][ T9233]   allowing incompatible features above 0.0: (unknown version)
[  547.674563][ T9233]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  547.806568][ T9015] batman_adv: batadv0: Adding interface: batadv_slave_0
[  547.806595][ T9015] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  547.806669][ T9015] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  547.809029][ T9015] batman_adv: batadv0: Adding interface: batadv_slave_1
[  547.809051][ T9015] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  547.809115][ T9015] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  548.084815][ T9233] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[  548.116710][ T9233] bcachefs (loop0): initializing new filesystem
[  548.168123][ T9233] warn_alloc: 1 callbacks suppressed
[  548.168152][ T9233] syz.0.484: vmalloc error: size 8388608, failed to allocated page array size 16384, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1
[  548.227841][ T9233] CPU: 1 UID: 0 PID: 9233 Comm: syz.0.484 Not tainted 6.16.0-rc2-syzkaller-00308-gf7301f856d35 #0 PREEMPT(full) 
[  548.227893][ T9233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  548.227916][ T9233] Call Trace:
[  548.227927][ T9233]  <TASK>
[  548.227941][ T9233]  dump_stack_lvl+0x16c/0x1f0
[  548.228016][ T9233]  warn_alloc+0x248/0x3a0
[  548.228060][ T9233]  ? __pfx_warn_alloc+0x10/0x10
[  548.228118][ T9233]  ? bch2_fs_journal_start+0x3b2/0x14a0
[  548.228153][ T9233]  ? srso_alias_return_thunk+0x5/0xfbef5
[  548.228198][ T9233]  ? __vmalloc_node_noprof+0xad/0xf0
[  548.228264][ T9233]  __vmalloc_node_range_noprof+0x101b/0x14b0
[  548.228339][ T9233]  ? bch2_fs_journal_start+0x3b2/0x14a0
[  548.228382][ T9233]  ? srso_alias_return_thunk+0x5/0xfbef5
[  548.228429][ T9233]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  548.228490][ T9233]  ? srso_alias_return_thunk+0x5/0xfbef5
[  548.228533][ T9233]  ? __alloc_pages_noprof+0xb/0x1b0
[  548.228573][ T9233]  ? ___kmalloc_large_node+0x84/0x1e0
[  548.228625][ T9233]  ? srso_alias_return_thunk+0x5/0xfbef5
[  548.228672][ T9233]  ? srso_alias_return_thunk+0x5/0xfbef5
[  548.228724][ T9233]  __kvmalloc_node_noprof+0x30a/0x620
[  548.228762][ T9233]  ? bch2_fs_journal_start+0x3b2/0x14a0
[  548.228795][ T9233]  ? __genradix_iter_peek_prev+0x28c/0x4c0
[  548.228857][ T9233]  ? rcu_is_watching+0x12/0xc0
[  548.228902][ T9233]  ? bch2_fs_journal_start+0x3b2/0x14a0
[  548.228946][ T9233]  ? bch2_fs_journal_start+0x3b2/0x14a0
[  548.228979][ T9233]  bch2_fs_journal_start+0x3b2/0x14a0
[  548.229021][ T9233]  ? bch2_trans_put+0x86c/0x10d0
[  548.229079][ T9233]  ? srso_alias_return_thunk+0x5/0xfbef5
[  548.229127][ T9233]  ? srso_alias_return_thunk+0x5/0xfbef5
[  548.229171][ T9233]  ? find_held_lock+0x2b/0x80
[  548.229213][ T9233]  ? __pfx_bch2_fs_journal_start+0x10/0x10
[  548.229250][ T9233]  ? enumerated_ref_put+0xc3/0x270
[  548.229288][ T9233]  ? srso_alias_return_thunk+0x5/0xfbef5
[  548.229332][ T9233]  ? bch2_fs_journal_alloc+0x3f6/0x5e0
[  548.229402][ T9233]  bch2_fs_initialize+0xd94/0x25b0
[  548.229458][ T9233]  ? __entry_text_end+0x1020b5/0x1020b9
[  548.229516][ T9233]  ? __pfx_bch2_fs_initialize+0x10/0x10
[  548.229565][ T9233]  ? srso_alias_return_thunk+0x5/0xfbef5
[  548.229612][ T9233]  ? srso_alias_return_thunk+0x5/0xfbef5
[  548.229655][ T9233]  ? rcu_is_watching+0x12/0xc0
[  548.229755][ T9233]  ? srso_alias_return_thunk+0x5/0xfbef5
[  548.229798][ T9233]  ? __lock_acquire+0xb8a/0x1c90
[  548.229920][ T9233]  ? srso_alias_return_thunk+0x5/0xfbef5
[  548.229965][ T9233]  ? srso_alias_return_thunk+0x5/0xfbef5
[  548.230018][ T9233]  ? srso_alias_return_thunk+0x5/0xfbef5
[  548.230072][ T9233]  ? bch2_fs_start+0xf50/0x1410
[  548.230105][ T9233]  ? srso_alias_return_thunk+0x5/0xfbef5
[  548.230148][ T9233]  bch2_fs_start+0xf50/0x1410
[  548.230199][ T9233]  bch2_fs_get_tree+0xdb4/0x1b20
[  548.230256][ T9233]  ? __pfx_bch2_fs_get_tree+0x10/0x10
[  548.230327][ T9233]  ? kfree+0x24f/0x4d0
[  548.230385][ T9233]  ? __pfx_aa_get_newest_label+0x10/0x10
[  548.230427][ T9233]  ? srso_alias_return_thunk+0x5/0xfbef5
[  548.230470][ T9233]  ? trace_cap_capable+0x18d/0x200
[  548.230536][ T9233]  ? srso_alias_return_thunk+0x5/0xfbef5
[  548.230579][ T9233]  ? apparmor_capable+0x114/0x1d0
[  548.230616][ T9233]  ? srso_alias_return_thunk+0x5/0xfbef5
[  548.230659][ T9233]  ? srso_alias_return_thunk+0x5/0xfbef5
[  548.230710][ T9233]  vfs_get_tree+0x8e/0x340
[  548.230768][ T9233]  path_mount+0x1414/0x2020
[  548.230821][ T9233]  ? srso_alias_return_thunk+0x5/0xfbef5
[  548.230864][ T9233]  ? kmem_cache_free+0x2d1/0x4d0
[  548.230902][ T9233]  ? __pfx_path_mount+0x10/0x10
[  548.230957][ T9233]  ? srso_alias_return_thunk+0x5/0xfbef5
[  548.231009][ T9233]  ? putname+0x154/0x1a0
[  548.231064][ T9233]  __x64_sys_mount+0x28d/0x310
[  548.231115][ T9233]  ? __pfx___x64_sys_mount+0x10/0x10
[  548.231163][ T9233]  ? srso_alias_return_thunk+0x5/0xfbef5
[  548.231220][ T9233]  do_syscall_64+0xcd/0x4c0
[  548.231257][ T9233]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  548.231294][ T9233] RIP: 0033:0x7f1d2b7900ca
[  548.231322][ T9233] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  548.231359][ T9233] RSP: 002b:00007f1d295f5e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  548.231392][ T9233] RAX: ffffffffffffffda RBX: 00007f1d295f5ef0 RCX: 00007f1d2b7900ca
[  548.231416][ T9233] RDX: 00002000000000c0 RSI: 00002000000003c0 RDI: 00007f1d295f5eb0
[  548.231441][ T9233] RBP: 00002000000000c0 R08: 00007f1d295f5ef0 R09: 0000000000000810
[  548.231464][ T9233] R10: 0000000000000810 R11: 0000000000000246 R12: 00002000000003c0
[  548.231487][ T9233] R13: 00007f1d295f5eb0 R14: 0000000000005a85 R15: 0000200000000040
[  548.231534][ T9233]  </TASK>
[  548.231546][ T9233] Mem-Info:
[  548.705849][ T9233] active_anon:14654 inactive_anon:0 isolated_anon:0
[  548.705849][ T9233]  active_file:1979 inactive_file:40153 isolated_file:0
[  548.705849][ T9233]  unevictable:768 dirty:258 writeback:0
[  548.705849][ T9233]  slab_reclaimable:10772 slab_unreclaimable:102081
[  548.705849][ T9233]  mapped:35228 shmem:8698 pagetables:1365
[  548.705849][ T9233]  sec_pagetables:0 bounce:0
[  548.705849][ T9233]  kernel_misc_reclaimable:0
[  548.705849][ T9233]  free:1299173 free_pcp:14372 free_cma:0
[  548.773516][ T9015] hsr_slave_0: entered promiscuous mode
[  548.798960][ T9248] loop5: detected capacity change from 0 to 32768
[  548.803287][ T9015] hsr_slave_1: entered promiscuous mode
[  548.807323][ T9248] btrfs: Deprecated parameter 'usebackuproot'
[  548.822719][ T9248] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  548.833614][ T9233] Node 0 active_anon:65316kB inactive_anon:0kB active_file:7916kB inactive_file:160416kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:140912kB dirty:1032kB writeback:0kB shmem:39956kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12384kB pagetables:5312kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  548.868590][ T9248] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.488 (9248)
[  548.883220][ T9233] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:196kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  548.924606][ T9233] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  548.966087][ T9248] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  548.978445][ T9248] BTRFS info (device loop5): using crc32c (crc32c-x86_64) checksum algorithm
[  549.011874][ T9248] BTRFS info (device loop5): using free-space-tree
[  549.025711][ T9233] lowmem_reserve[]: 0 2481 2482 2482 2482
[  549.056986][ T9233] Node 0 DMA32 free:1264484kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:70368kB inactive_anon:0kB active_file:7916kB inactive_file:159104kB unevictable:1536kB writepending:1032kB present:3129332kB managed:2540804kB mlocked:0kB bounce:0kB free_pcp:37592kB local_pcp:26600kB free_cma:0kB
[  549.136640][ T9233] lowmem_reserve[]: 0 0 1 1 1
[  549.141500][ T9233] Node 0 Normal free:20kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1312kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  549.231176][ T9248] BTRFS info (device loop5): rebuilding free space tree
[  549.235402][ T9233] lowmem_reserve[]: 0 0 0 0 0
[  549.253668][ T9233] Node 1 Normal free:3912792kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:196kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:11232kB local_pcp:3424kB free_cma:0kB
[  549.373062][ T9233] lowmem_reserve[]: 0 0 0 0 0
[  549.385388][ T9233] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  549.427040][ T9233] Node 0 DMA32: 91*4kB (U) 179*8kB (UE) 392*16kB (UME) 444*32kB (UME) 140*64kB (UME) 135*128kB (UM) 160*256kB (U) 77*512kB (UM) 31*1024kB (UME) 7*2048kB (UME) 265*4096kB (UM) = 1260420kB
[  549.475078][ T9250] loop2: detected capacity change from 0 to 32768
[  549.484676][ T9233] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB
[  549.514562][ T9233] Node 1 Normal: 178*4kB (UME) 46*8kB (UME) 32*16kB (UME) 207*32kB (UME) 57*64kB (UME) 10*128kB (UME) 5*256kB (UME) 4*512kB (UME) 3*1024kB (UME) 1*2048kB (E) 950*4096kB (M) = 3912792kB
[  549.559125][ T9233] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  549.569444][ T9233] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  549.579829][ T9233] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  549.622359][ T9233] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  549.639507][ T9233] 55921 total pagecache pages
[  549.644272][ T9233] 0 pages in swap cache
[  549.644562][ T5831] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  549.711544][ T9233] Free swap  = 124996kB
[  549.732500][ T9250] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  549.732534][ T9250]   allowing incompatible features above 0.0: (unknown version)
[  549.732551][ T9250]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  549.763292][ T9233] Total swap = 124996kB
[  549.763316][ T9233] 2097051 pages RAM
[  549.763328][ T9233] 0 pages HighMem/MovableOnly
[  549.763340][ T9233] 429872 pages reserved
[  549.763353][ T9233] 0 pages cma reserved
[  549.800151][ T9233] bcachefs (loop0): error reallocating journal fifo (32768 open entries)
[  549.800188][ T9233] bcachefs (loop0): bch2_fs_initialize(): error ENOMEM_journal_pin_fifo
[  549.800213][ T9233] bcachefs (loop0): bch2_fs_start(): error starting filesystem ENOMEM_journal_pin_fifo
[  549.800265][ T9233] bcachefs (loop0): shutting down
[  549.831825][   T36] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  549.885472][ T9250] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[  549.952347][ T9233] bcachefs (loop0): shutdown complete
[  549.972985][ T9250] bcachefs (loop2): initializing new filesystem
[  549.980744][ T9233] bcachefs: bch2_fs_get_tree() error: ENOMEM_journal_pin_fifo
[  550.003798][ T9250] bcachefs (loop2): going read-write
[  551.083910][ T9250] bcachefs (loop2): marking superblocks
[  551.217540][ T9250] bcachefs (loop2): initializing freespace
[  551.247391][ T9284] input: syz1 as /devices/virtual/input/input45
[  551.303436][ T9250] bcachefs (loop2): done initializing freespace
[  551.324334][   T36] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  551.371827][ T9250] bcachefs (loop2): reading snapshots table
[  551.393158][ T9250] bcachefs (loop2): reading snapshots done
[  551.837312][ T9250] bcachefs (loop2):  loop2: Superblock write was silently dropped! (seq 0 expected 42)
[  551.950362][   T36] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  552.161952][ T9250] bcachefs (loop2): done starting filesystem
[  552.211581][ T8943] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  552.327731][ T5833] bcachefs (loop2): shutting down
[  552.332825][ T5833] bcachefs (loop2): going read-only
[  552.345624][ T5833] bcachefs (loop2): finished waiting for writes to stop
[  552.363872][ T5833] bcachefs (loop2): flushing journal and stopping allocators, journal seq 2
[  552.516479][ T5833] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 3
[  552.561121][ T5833] bcachefs (loop2): clean shutdown complete, journal seq 4
[  552.575885][   T36] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  552.596697][ T5833] bcachefs (loop2): marking filesystem clean
[  552.639217][ T8943] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  553.519769][ T8943] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  553.527032][ T5833] bcachefs (loop2): shutdown complete
[  553.569254][ T9188] chnl_net:caif_netlink_parms(): no params data found
[  553.667331][ T8943] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  553.710047][ T9293] loop5: detected capacity change from 0 to 32768
[  553.733448][ T9293] btrfs: Deprecated parameter 'usebackuproot'
[  553.775717][ T9293] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  553.813285][ T9293] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.494 (9293)
[  553.915013][ T9293] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  553.946123][ T9293] BTRFS info (device loop5): using crc32c (crc32c-x86_64) checksum algorithm
[  553.956272][ T9293] BTRFS info (device loop5): using free-space-tree
[  554.188483][ T9293] BTRFS info (device loop5): rebuilding free space tree
[  554.433190][ T9188] bridge0: port 1(bridge_slave_0) entered blocking state
[  554.441532][ T9188] bridge0: port 1(bridge_slave_0) entered disabled state
[  554.449613][ T9188] bridge_slave_0: entered allmulticast mode
[  554.462882][ T9188] bridge_slave_0: entered promiscuous mode
[  554.482698][ T9188] bridge0: port 2(bridge_slave_1) entered blocking state
[  554.485525][   T30] kauditd_printk_skb: 10 callbacks suppressed
[  554.485548][   T30] audit: type=1800 audit(1750565767.777:51): pid=9293 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.494" name="file1" dev="loop5" ino=260 res=0 errno=0
[  554.501511][ T9188] bridge0: port 2(bridge_slave_1) entered disabled state
[  554.559638][ T9188] bridge_slave_1: entered allmulticast mode
[  554.595185][ T9188] bridge_slave_1: entered promiscuous mode
[  554.862093][ T5831] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  554.899752][ T9188] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  554.938789][ T9188] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  554.968105][   T36] bridge_slave_1: left allmulticast mode
[  554.986391][   T36] bridge_slave_1: left promiscuous mode
[  554.992274][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  555.066324][   T36] bridge_slave_0: left allmulticast mode
[  555.072043][   T36] bridge_slave_0: left promiscuous mode
[  555.097044][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  556.085616][ T9330] loop5: detected capacity change from 0 to 32768
[  556.117285][ T9330] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.497 (9330)
[  556.156065][ T9330] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  556.193815][ T9330] BTRFS info (device loop5): using sha256 (sha256-x86_64) checksum algorithm
[  556.245668][ T9330] BTRFS info (device loop5): using free-space-tree
[  556.707863][   T30] audit: type=1800 audit(1750565770.097:52): pid=9330 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.497" name="bus" dev="loop5" ino=263 res=0 errno=0
[  556.753570][   T30] audit: type=1800 audit(1750565770.127:53): pid=9330 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.497" name="file1" dev="loop5" ino=260 res=0 errno=0
[  556.776844][ T9351] loop6: detected capacity change from 0 to 524287999
[  556.838269][ T9352] netlink: 24 bytes leftover after parsing attributes in process `syz.2.495'.
[  556.932368][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  557.023145][ T5831] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  557.051702][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  557.078890][   T36] bond0 (unregistering): Released all slaves
[  557.498321][ T9335] loop0: detected capacity change from 0 to 32768
[  557.783736][ T9335] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode.
[  557.912788][ T9188] team0: Port device team_slave_0 added
[  557.969611][ T9188] team0: Port device team_slave_1 added
[  558.055741][ T9335] (syz.0.498,9335,1):ocfs2_check_set_options:1244 ERROR: Invalid heartbeat mount options
[  558.194983][ T5832] ocfs2: Unmounting device (7,0) on (node local)
[  558.262520][ T9015] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  558.447637][ T9188] batman_adv: batadv0: Adding interface: batadv_slave_0
[  558.454663][ T9188] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  558.525547][ T9188] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  558.546456][ T9188] batman_adv: batadv0: Adding interface: batadv_slave_1
[  558.553564][ T9188] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  558.615431][ T9188] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  558.644918][ T9015] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  558.666965][ T9356] loop5: detected capacity change from 0 to 32768
[  558.667851][ T9015] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  558.942043][ T9356] bcachefs (loop5): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  558.942084][ T9356]   allowing incompatible features above 0.0: (unknown version)
[  558.942107][ T9356]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  558.973452][   T36] hsr_slave_0: left promiscuous mode
[  558.976844][   T36] hsr_slave_1: left promiscuous mode
[  558.977963][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  558.978057][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  559.009892][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  559.009938][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  559.043532][   T36] veth1_macvtap: left promiscuous mode
[  559.043640][   T36] veth0_macvtap: left promiscuous mode
[  559.043865][   T36] veth1_vlan: left promiscuous mode
[  559.044032][   T36] veth0_vlan: left promiscuous mode
[  559.072170][ T9360] loop2: detected capacity change from 0 to 32768
[  559.129287][ T9360] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  559.256610][ T9356] bcachefs (loop5): Using encoding defined by superblock: utf8-12.1.0
[  559.264830][ T9356] bcachefs (loop5): initializing new filesystem
[  559.279428][ T9356] bcachefs (loop5): going read-write
[  559.280429][ T9360] XFS (loop2): Ending clean mount
[  559.376995][ T9356] bcachefs (loop5): marking superblocks
[  559.390033][ T9363] loop0: detected capacity change from 0 to 32768
[  559.431167][ T9363] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  559.471278][ T9356] bcachefs (loop5): initializing freespace
[  559.534818][ T9356] bcachefs (loop5): done initializing freespace
[  559.606519][ T9356] bcachefs (loop5): reading snapshots table
[  559.614663][ T9356] bcachefs (loop5): reading snapshots done
[  559.623638][ T5833] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  559.653447][ T9363] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  559.682074][ T9363] XFS (loop0): Starting recovery (logdev: internal)
[  559.742356][ T9363] XFS (loop0): Ending recovery (logdev: internal)
[  559.752131][ T9356] bcachefs (loop5):  loop5: Superblock write was silently dropped! (seq 0 expected 42)
[  559.796389][ T9356] bcachefs (loop5): done starting filesystem
[  560.052772][   T30] audit: type=1800 audit(1750565773.427:54): pid=9356 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.499" name="file1" dev="loop5" ino=4100 res=0 errno=0
[  560.147250][ T5832] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  560.204676][ T9389] bcachefs (loop5): requested incompat feature 1.16: reflink_p_may_update_opts currently not enabled, allowed up to 1.16: reflink_p_may_update_opts
[  560.204676][ T9389]   set version_upgrade=incompat to enable
[  560.684716][ T5831] bcachefs (loop5): shutting down
[  560.695400][ T5831] bcachefs (loop5): going read-only
[  560.700697][ T5831] bcachefs (loop5): finished waiting for writes to stop
[  560.745831][ T5831] bcachefs (loop5): flushing journal and stopping allocators, journal seq 21
[  560.869752][ T5831] bcachefs (loop5): flushing journal and stopping allocators complete, journal seq 22
[  560.924783][ T5831] bcachefs (loop5): clean shutdown complete, journal seq 23
[  560.944684][ T5831] bcachefs (loop5): marking filesystem clean
[  561.051317][ T9391] loop2: detected capacity change from 0 to 32768
[  561.061710][ T5831] bcachefs (loop5): shutdown complete
[  561.388558][ T5910] Process accounting resumed
[  561.680787][ T9391] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  561.802591][ T9391] XFS (loop2): Ending clean mount
[  561.821795][   T36] team0 (unregistering): Port device team_slave_1 removed
[  561.918948][   T36] team0 (unregistering): Port device team_slave_0 removed
[  562.139287][ T5833] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  564.042808][ T9015] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  564.537218][ T9188] hsr_slave_0: entered promiscuous mode
[  564.609069][ T9188] hsr_slave_1: entered promiscuous mode
[  564.677050][ T9188] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  564.684710][ T9188] Cannot create hsr debugfs directory
[  565.412197][ T9442] loop0: detected capacity change from 0 to 2048
[  565.583900][ T9446] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  565.638297][ T5847] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  565.655768][ T5847] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  565.673469][ T5847] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  565.684170][ T5847] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  565.693143][ T5847] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  565.759191][ T9442] overlayfs: missing 'lowerdir'
[  565.998667][ T9446] NILFS (loop0): vblocknr = 18 has abnormal lifetime: start cno (= 504403158265495554) > current cno (= 3)
[  566.063996][ T9446] NILFS error (device loop0): nilfs_bmap_propagate: broken bmap (inode number=2)
[  566.091175][ T9446] Remounting filesystem read-only
[  566.112469][ T5832] NILFS (loop0): disposed unprocessed dirty file(s) when stopping log writer
[  567.211650][ T9455] loop6: detected capacity change from 0 to 524287999
[  567.272449][ T9456] netlink: 24 bytes leftover after parsing attributes in process `syz.0.509'.
[  567.356058][ T9015] 8021q: adding VLAN 0 to HW filter on device bond0
[  567.785379][ T5846] Bluetooth: hci4: command tx timeout
[  568.294195][ T9015] 8021q: adding VLAN 0 to HW filter on device team0
[  569.245558][ T9469] netlink: 24 bytes leftover after parsing attributes in process `syz.2.512'.
[  569.480153][ T9472] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore
[  569.490036][ T9472] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  569.524405][ T8144] bridge0: port 1(bridge_slave_0) entered blocking state
[  569.531653][ T8144] bridge0: port 1(bridge_slave_0) entered forwarding state
[  569.855390][ T5846] Bluetooth: hci4: command tx timeout
[  569.972551][ T9477] netlink: 24 bytes leftover after parsing attributes in process `syz.0.513'.
[  570.881398][ T8235] Process accounting resumed
[  571.404441][ T5983] bridge0: port 2(bridge_slave_1) entered blocking state
[  571.411728][ T5983] bridge0: port 2(bridge_slave_1) entered forwarding state
[  571.754350][ T9445] chnl_net:caif_netlink_parms(): no params data found
[  571.831440][   T36] bridge_slave_1: left allmulticast mode
[  571.841418][   T36] bridge_slave_1: left promiscuous mode
[  571.849156][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  571.864768][   T36] bridge_slave_0: left allmulticast mode
[  571.874050][   T36] bridge_slave_0: left promiscuous mode
[  571.882687][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  571.936218][ T5846] Bluetooth: hci4: command tx timeout
[  572.087545][   T30] audit: type=1326 audit(1750565785.477:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9488 comm="syz.5.516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feed698e929 code=0x7ffc0000
[  572.170893][   T30] audit: type=1326 audit(1750565785.507:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9488 comm="syz.5.516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feed698e929 code=0x7ffc0000
[  572.201927][   T30] audit: type=1326 audit(1750565785.507:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9488 comm="syz.5.516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7feed698e929 code=0x7ffc0000
[  572.235886][   T30] audit: type=1326 audit(1750565785.507:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9488 comm="syz.5.516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feed698e929 code=0x7ffc0000
[  572.296937][   T30] audit: type=1326 audit(1750565785.507:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9488 comm="syz.5.516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feed698e929 code=0x7ffc0000
[  572.382301][   T30] audit: type=1326 audit(1750565785.507:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9488 comm="syz.5.516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7feed698e929 code=0x7ffc0000
[  572.466119][   T30] audit: type=1326 audit(1750565785.507:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9488 comm="syz.5.516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feed698e929 code=0x7ffc0000
[  572.593714][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[  572.611551][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  573.265803][ T9492] sctp: failed to load transform for md5: -2
[  573.369371][   T30] audit: type=1326 audit(1750565785.507:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9488 comm="syz.5.516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feed698e929 code=0x7ffc0000
[  573.392212][   T30] audit: type=1326 audit(1750565785.507:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9488 comm="syz.5.516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7feed698e929 code=0x7ffc0000
[  573.414909][   T30] audit: type=1326 audit(1750565785.507:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9488 comm="syz.5.516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feed698e929 code=0x7ffc0000
[  573.840350][ T5847] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  573.851246][ T5847] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  573.861482][ T5847] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  573.871219][ T5847] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  573.880450][ T5847] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  574.726023][ T5847] Bluetooth: hci4: command tx timeout
[  574.966410][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  574.996249][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  575.024038][   T36] bond0 (unregistering): Released all slaves
[  575.440582][ T9188] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  575.482730][ T9502] loop2: detected capacity change from 0 to 32768
[  575.614424][   T36] hsr_slave_0: left promiscuous mode
[  575.633646][ T9502] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  575.642615][   T36] hsr_slave_1: left promiscuous mode
[  575.650171][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  575.689360][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  575.936539][ T5847] Bluetooth: hci5: command tx timeout
[  575.990013][ T9502] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  576.091482][ T9502] XFS (loop2): Starting recovery (logdev: internal)
[  576.120948][ T9502] XFS (loop2): Ending recovery (logdev: internal)
[  576.307619][ T5833] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  577.324089][ T5847] Bluetooth: hci0: SCO packet for unknown connection handle 200
[  578.045687][ T5847] Bluetooth: hci5: command tx timeout
[  578.560744][   T36] team0 (unregistering): Port device team_slave_1 removed
[  578.699176][   T36] team0 (unregistering): Port device team_slave_0 removed
[  580.107312][ T5847] Bluetooth: hci5: command tx timeout
[  581.521497][ T9188] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  581.731437][   T30] kauditd_printk_skb: 22 callbacks suppressed
[  581.731463][   T30] audit: type=1326 audit(1750565795.117:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9554 comm="syz.5.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feed698e929 code=0x7ffc0000
[  581.762057][ T9188] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  581.770332][   T30] audit: type=1326 audit(1750565795.117:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9554 comm="syz.5.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feed698e929 code=0x7ffc0000
[  581.835585][   T30] audit: type=1326 audit(1750565795.157:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9554 comm="syz.5.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7feed698e929 code=0x7ffc0000
[  581.913242][   T30] audit: type=1326 audit(1750565795.157:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9554 comm="syz.5.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feed698e929 code=0x7ffc0000
[  581.999860][   T30] audit: type=1326 audit(1750565795.157:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9554 comm="syz.5.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feed698e929 code=0x7ffc0000
[  582.061699][ T9551] loop0: detected capacity change from 0 to 32768
[  582.074019][ T9188] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  582.098460][   T30] audit: type=1326 audit(1750565795.267:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9554 comm="syz.5.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7feed698e929 code=0x7ffc0000
[  582.176483][ T5847] Bluetooth: hci5: command tx timeout
[  582.238366][ T9551] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  582.291076][   T30] audit: type=1326 audit(1750565795.267:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9554 comm="syz.5.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feed698e929 code=0x7ffc0000
[  582.356488][ T9445] bridge0: port 1(bridge_slave_0) entered blocking state
[  582.419832][ T9551] XFS (loop0): Ending clean mount
[  582.425153][ T9445] bridge0: port 1(bridge_slave_0) entered disabled state
[  582.453275][   T30] audit: type=1326 audit(1750565795.267:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9554 comm="syz.5.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7feed698e929 code=0x7ffc0000
[  582.475182][ T9551] XFS (loop0): Quotacheck needed: Please wait.
[  582.484342][ T9445] bridge_slave_0: entered allmulticast mode
[  582.522604][ T9445] bridge_slave_0: entered promiscuous mode
[  582.563613][ T9556] sctp: failed to load transform for md5: -2
[  582.605661][   T30] audit: type=1326 audit(1750565795.267:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9554 comm="syz.5.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feed698e929 code=0x7ffc0000
[  582.641661][   T30] audit: type=1326 audit(1750565795.267:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9554 comm="syz.5.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7feed698e929 code=0x7ffc0000
[  582.663751][    C1] vkms_vblank_simulate: vblank timer overrun
[  582.693238][ T9551] XFS (loop0): Quotacheck: Done.
[  582.779073][ T9445] bridge0: port 2(bridge_slave_1) entered blocking state
[  582.795549][ T9445] bridge0: port 2(bridge_slave_1) entered disabled state
[  582.811939][ T9445] bridge_slave_1: entered allmulticast mode
[  582.852140][ T9445] bridge_slave_1: entered promiscuous mode
[  582.980065][ T5832] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  583.103044][ T9445] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  583.254560][ T9445] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  583.429810][ T9580] loop2: detected capacity change from 0 to 32768
[  583.454302][ T9580] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.532 (9580)
[  583.542115][ T9580] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  583.588578][ T9580] BTRFS info (device loop2): using sha256 (sha256-x86_64) checksum algorithm
[  583.625665][ T9580] BTRFS info (device loop2): disk space caching is enabled
[  583.629489][ T9445] team0: Port device team_slave_0 added
[  583.653406][ T9580] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  583.720181][ T9445] team0: Port device team_slave_1 added
[  584.250122][ T9580] BTRFS info (device loop2): rebuilding free space tree
[  584.279110][ T9445] batman_adv: batadv0: Adding interface: batadv_slave_0
[  584.878160][ T9580] BTRFS info (device loop2): disabling free space tree
[  584.909073][ T9582] loop5: detected capacity change from 0 to 32768
[  584.925565][ T9580] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  584.980757][ T9580] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  585.037328][ T9582] XFS (loop5): DAX unsupported by block device. Turning off DAX.
[  585.068440][ T9445] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  585.094704][ T9445] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  585.179261][ T9582] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  585.343465][ T5833] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  585.349320][ T9445] batman_adv: batadv0: Adding interface: batadv_slave_1
[  585.369604][ T9445] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  585.458022][ T9445] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  585.481537][ T9582] XFS (loop5): Ending clean mount
[  585.527363][ T9582] XFS (loop5): Quotacheck needed: Please wait.
[  585.710801][ T9582] XFS (loop5): Quotacheck: Done.
[  585.889489][ T9582] XFS (loop5): Metadata CRC error detected at xfs_refcountbt_read_verify+0x26/0xe0, xfs_refcountbt block 0x28 
[  585.942891][ T9582] XFS (loop5): Unmount and run xfs_repair
[  586.036183][ T9582] XFS (loop5): First 128 bytes of corrupted metadata buffer:
[  586.373784][ T9582] 00000000: 52 ff ff ff 7f 00 00 00 ff ff ff ff ff ff ff ff  R...............
[  586.596839][ T9582] 00000010: 00 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00  .......(........
[  586.635349][ T9582] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb  ...^T.Lr......N.
[  586.664651][ T9582] 00000030: 00 00 00 00 bd e7 de 5d 00 00 00 00 00 00 00 00  .......]........
[  586.712078][ T9582] 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  586.738482][ T9582] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  586.763336][ T9582] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  586.803851][ T9582] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  586.858819][ T9582] XFS (loop5): metadata I/O error in "xfs_btree_read_buf_block+0x23f/0x4f0" at daddr 0x28 len 8 error 74
[  586.899043][ T9445] hsr_slave_0: entered promiscuous mode
[  586.908277][ T9582] XFS (loop5): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x400/0x970 (fs/xfs/xfs_trans_buf.c:311).  Shutting down filesystem.
[  586.937383][ T9445] hsr_slave_1: entered promiscuous mode
[  586.943900][ T9445] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  586.964265][ T9582] XFS (loop5): Please unmount the filesystem and rectify the problem(s)
[  587.002942][ T9445] Cannot create hsr debugfs directory
[  587.132266][ T9505] chnl_net:caif_netlink_parms(): no params data found
[  587.247524][ T5831] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  587.316162][ T9623] loop0: detected capacity change from 0 to 32768
[  587.760398][ T9623] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  588.166937][ T9623] XFS (loop0): Ending clean mount
[  588.405867][ T5832] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  588.786638][ T9647] loop2: detected capacity change from 0 to 4096
[  591.277617][ T9188] 8021q: adding VLAN 0 to HW filter on device bond0
[  591.329929][ T9651] loop0: detected capacity change from 0 to 32768
[  591.391565][ T9651] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  591.539962][ T9505] bridge0: port 1(bridge_slave_0) entered blocking state
[  591.564204][ T9651] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  591.605506][ T9505] bridge0: port 1(bridge_slave_0) entered disabled state
[  591.612840][ T9505] bridge_slave_0: entered allmulticast mode
[  591.653869][ T9651] XFS (loop0): Starting recovery (logdev: internal)
[  591.685960][ T9505] bridge_slave_0: entered promiscuous mode
[  591.716962][ T9505] bridge0: port 2(bridge_slave_1) entered blocking state
[  591.724166][ T9505] bridge0: port 2(bridge_slave_1) entered disabled state
[  591.752718][ T9651] XFS (loop0): Ending recovery (logdev: internal)
[  591.765680][ T9505] bridge_slave_1: entered allmulticast mode
[  591.797247][ T9505] bridge_slave_1: entered promiscuous mode
[  591.821019][ T9661] loop2: detected capacity change from 0 to 40427
[  591.851310][ T9661] F2FS-fs (loop2): Invalid SB checksum offset: 0
[  591.885427][ T9661] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[  591.924695][ T9661] F2FS-fs (loop2): invalid crc value
[  591.940752][ T5832] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  592.099493][ T9505] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  592.159677][ T9505] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  592.208614][ T9188] 8021q: adding VLAN 0 to HW filter on device team0
[  592.454908][ T9661] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[  592.486334][ T9661] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  592.610415][ T9670] loop5: detected capacity change from 0 to 32768
[  592.661807][ T9670] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.543 (9670)
[  592.697986][ T9670] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  592.710660][ T5833] syz-executor: attempt to access beyond end of device
[  592.710660][ T5833] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  592.725777][ T9670] BTRFS info (device loop5): using crc32c (crc32c-x86_64) checksum algorithm
[  592.753886][ T9670] BTRFS info (device loop5): using free-space-tree
[  592.754717][ T5833] CPU: 0 UID: 0 PID: 5833 Comm: syz-executor Not tainted 6.16.0-rc2-syzkaller-00308-gf7301f856d35 #0 PREEMPT(full) 
[  592.754764][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  592.754786][ T5833] Call Trace:
[  592.754797][ T5833]  <TASK>
[  592.754810][ T5833]  dump_stack_lvl+0x16c/0x1f0
[  592.754874][ T5833]  f2fs_handle_critical_error+0x621/0x9f0
[  592.754921][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  592.754964][ T5833]  ? f2fs_build_fault_attr+0x53/0x1f0
[  592.755017][ T5833]  f2fs_write_end_io+0x785/0xc20
[  592.755068][ T5833]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  592.755121][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  592.755175][ T5833]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  592.755220][ T5833]  bio_endio+0x70d/0x850
[  592.755264][ T5833]  submit_bio_noacct+0x56d/0x1eb0
[  592.755322][ T5833]  __submit_merged_bio+0x33c/0x770
[  592.755375][ T5833]  __submit_merged_write_cond+0x319/0x3f0
[  592.755436][ T5833]  f2fs_write_cache_pages+0x2067/0x2570
[  592.755524][ T5833]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  592.755587][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  592.755628][ T5833]  ? __lock_acquire+0x622/0x1c90
[  592.755697][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  592.755833][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  592.755875][ T5833]  ? mod_memcg_lruvec_state+0x394/0x610
[  592.755935][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  592.755976][ T5833]  ? __mod_zone_page_state+0xcc/0x1a0
[  592.756038][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  592.756089][ T5833]  f2fs_write_data_pages+0x4ad/0xd90
[  592.756152][ T5833]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  592.756223][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  592.756265][ T5833]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  592.756322][ T5833]  do_writepages+0x27a/0x600
[  592.756385][ T5833]  ? __pfx_do_writepages+0x10/0x10
[  592.756437][ T5833]  ? do_raw_spin_unlock+0x172/0x230
[  592.756475][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  592.756518][ T5833]  ? _raw_spin_unlock+0x28/0x50
[  592.756573][ T5833]  filemap_fdatawrite_wbc+0x104/0x160
[  592.756635][ T5833]  __filemap_fdatawrite_range+0xb2/0xf0
[  592.756679][ T5833]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  592.756786][ T5833]  ? find_held_lock+0x2b/0x80
[  592.756831][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  592.756873][ T5833]  ? do_raw_spin_unlock+0x172/0x230
[  592.756912][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  592.756962][ T5833]  f2fs_sync_dirty_inodes+0x2a9/0x990
[  592.757046][ T5833]  block_operations+0x2a3/0xfd0
[  592.757107][ T5833]  ? __pfx___schedule+0x10/0x10
[  592.757162][ T5833]  ? __pfx_block_operations+0x10/0x10
[  592.757279][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  592.757320][ T5833]  ? down_write+0x14d/0x200
[  592.757356][ T5833]  ? __pfx_down_write+0x10/0x10
[  592.757396][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  592.757437][ T5833]  ? rcu_is_watching+0x12/0xc0
[  592.757488][ T5833]  f2fs_write_checkpoint+0x2b8/0x4c60
[  592.757553][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  592.757595][ T5833]  ? kfree+0x2b4/0x4d0
[  592.757646][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  592.757693][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  592.757734][ T5833]  ? rcu_is_watching+0x12/0xc0
[  592.757775][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  592.757816][ T5833]  ? kthread_stop+0x273/0x650
[  592.757877][ T5833]  kill_f2fs_super+0x3c2/0x470
[  592.757934][ T5833]  ? __pfx_kill_f2fs_super+0x10/0x10
[  592.757989][ T5833]  ? lockdep_hardirqs_on+0x7c/0x110
[  592.758073][ T5833]  deactivate_locked_super+0xc1/0x1a0
[  592.758112][ T5833]  deactivate_super+0xde/0x100
[  592.758151][ T5833]  cleanup_mnt+0x225/0x450
[  592.758194][ T5833]  task_work_run+0x150/0x240
[  592.758233][ T5833]  ? __pfx_task_work_run+0x10/0x10
[  592.758266][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  592.758311][ T5833]  ? __pfx___x64_sys_umount+0x10/0x10
[  592.758366][ T5833]  exit_to_user_mode_loop+0xeb/0x110
[  592.758408][ T5833]  do_syscall_64+0x3f6/0x4c0
[  592.758447][ T5833]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  592.758482][ T5833] RIP: 0033:0x7fd399d8fc57
[  592.758510][ T5833] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  592.758545][ T5833] RSP: 002b:00007ffc2f035fb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  592.758578][ T5833] RAX: 0000000000000000 RBX: 00007fd399e10925 RCX: 00007fd399d8fc57
[  592.758601][ T5833] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc2f036070
[  592.758623][ T5833] RBP: 00007ffc2f036070 R08: 0000000000000000 R09: 0000000000000000
[  592.758645][ T5833] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc2f037100
[  592.758667][ T5833] R13: 00007fd399e10925 R14: 0000000000090ad6 R15: 00007ffc2f037140
[  592.758719][ T5833]  </TASK>
[  592.781294][ T5833] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  594.245135][ T9670] BTRFS info (device loop5): rebuilding free space tree
[  594.392328][ T9505] team0: Port device team_slave_0 added
[  594.471288][ T9505] team0: Port device team_slave_1 added
[  594.530795][ T5831] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  596.652420][ T9505] batman_adv: batadv0: Adding interface: batadv_slave_0
[  596.914626][ T9505] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  596.941930][ T9505] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  596.958141][ T9505] batman_adv: batadv0: Adding interface: batadv_slave_1
[  596.965147][ T9505] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  596.992507][ T9505] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  597.981183][   T36] bridge_slave_1: left allmulticast mode
[  597.996059][   T36] bridge_slave_1: left promiscuous mode
[  598.033439][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  598.125149][   T36] bridge_slave_0: left allmulticast mode
[  598.152795][ T5846] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  598.166212][   T36] bridge_slave_0: left promiscuous mode
[  598.173332][ T5846] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  598.187902][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  598.195913][ T5846] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  598.209460][ T5846] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  598.223086][ T5846] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  600.262293][ T5847] Bluetooth: hci3: command tx timeout
[  601.474739][ T9758] netlink: 8 bytes leftover after parsing attributes in process `syz.2.552'.
[  601.483944][ T9758] netlink: 'syz.2.552': attribute type 5 has an invalid length.
[  601.491660][ T9758] netlink: 20 bytes leftover after parsing attributes in process `syz.2.552'.
[  601.511401][ T9762] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.554'.
[  601.860149][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  601.880362][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  601.898531][   T36] bond0 (unregistering): Released all slaves
[  602.190437][ T9765] loop5: detected capacity change from 0 to 32768
[  602.336134][ T5847] Bluetooth: hci3: command tx timeout
[  602.344674][ T9765] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  602.539227][   T36] hsr_slave_0: left promiscuous mode
[  602.576187][   T36] hsr_slave_1: left promiscuous mode
[  602.582437][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  602.617208][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  602.636940][ T9765] XFS (loop5): Ending clean mount
[  602.852285][ T5831] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  603.170053][ T9773] loop2: detected capacity change from 0 to 32768
[  603.377137][ T9773] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode.
[  603.459669][ T9773] (syz.2.555,9773,0):ocfs2_check_set_options:1244 ERROR: Invalid heartbeat mount options
[  603.502617][ T9792] overlayfs: missing 'workdir'
[  603.622939][ T5833] ocfs2: Unmounting device (7,2) on (node local)
[  603.840494][ T9796] binder: 9794:9796 ioctl c0046209 0 returned -22
[  603.995070][ T9778] loop0: detected capacity change from 0 to 32768
[  604.098906][   T36] team0 (unregistering): Port device team_slave_1 removed
[  604.415594][ T5847] Bluetooth: hci3: command tx timeout
[  604.915791][ T9778] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  605.065215][   T36] team0 (unregistering): Port device team_slave_0 removed
[  605.147648][ T9778] XFS (loop0): Ending clean mount
[  605.511795][ T5832] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  605.840834][ T9816] 9pnet_virtio: no channels available for device syz
[  606.346416][ T9812] loop2: detected capacity change from 0 to 32768
[  606.381008][ T9812] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.560 (9812)
[  606.444312][ T9812] BTRFS info (device loop2): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  606.485426][ T9812] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[  606.496845][ T5847] Bluetooth: hci3: command tx timeout
[  606.515982][ T9812] BTRFS info (device loop2): using free-space-tree
[  606.871064][ T9815] loop0: detected capacity change from 0 to 32768
[  606.873900][   T30] kauditd_printk_skb: 19 callbacks suppressed
[  606.873923][   T30] audit: type=1804 audit(1750565820.257:116): pid=9812 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.560" name="/newroot/190/bus/bus" dev="loop2" ino=263 res=1 errno=0
[  606.920655][ T9815] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.561 (9815)
[  606.980582][ T9505] hsr_slave_0: entered promiscuous mode
[  607.000923][ T9815] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  607.026803][ T9505] hsr_slave_1: entered promiscuous mode
[  607.071834][ T9815] BTRFS info (device loop0): using crc32c (crc32c-x86_64) checksum algorithm
[  607.100906][ T9815] BTRFS info (device loop0): using free-space-tree
[  607.499166][ T5833] BTRFS info (device loop2): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  607.611496][ T9815] BTRFS info (device loop0): rebuilding free space tree
[  607.935765][   T30] audit: type=1800 audit(1750565821.317:117): pid=9815 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.561" name="bus" dev="loop0" ino=263 res=0 errno=0
[  609.101096][ T5832] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  609.256217][ T9445] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  609.375441][ T9445] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  609.682974][ T9882] netlink: 400 bytes leftover after parsing attributes in process `syz.2.567'.
[  609.711651][ T9445] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  609.859020][ T9445] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  610.269370][ T9875] loop5: detected capacity change from 0 to 32768
[  610.285524][ T9875] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.565 (9875)
[  611.281992][ T9875] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  611.349454][ T9875] BTRFS info (device loop5): using crc32c (crc32c-x86_64) checksum algorithm
[  611.358832][ T9875] BTRFS info (device loop5): disk space caching is enabled
[  611.366434][ T9875] BTRFS warning (device loop5): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  611.531179][ T9880] loop0: detected capacity change from 0 to 32768
[  611.933695][ T9880] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode.
[  611.983161][ T9875] BTRFS info (device loop5): rebuilding free space tree
[  612.125410][ T8235] Process accounting resumed
[  612.221849][ T9875] BTRFS info (device loop5): disabling free space tree
[  612.238379][ T9875] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  612.381823][ T9875] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  612.400538][ T9880] (syz.0.564,9880,1):ocfs2_check_set_options:1244 ERROR: Invalid heartbeat mount options
[  612.676696][ T5831] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  612.727322][ T5832] ocfs2: Unmounting device (7,0) on (node local)
[  613.057698][ T9739] chnl_net:caif_netlink_parms(): no params data found
[  614.241307][ T9927] loop0: detected capacity change from 0 to 32768
[  614.338387][ T9927] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  614.384065][ T9925] loop2: detected capacity change from 0 to 32768
[  614.481810][ T9739] bridge0: port 1(bridge_slave_0) entered blocking state
[  614.503345][ T9929] loop5: detected capacity change from 0 to 32768
[  614.536306][ T9739] bridge0: port 1(bridge_slave_0) entered disabled state
[  614.543663][ T9739] bridge_slave_0: entered allmulticast mode
[  614.565431][ T9927] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  614.611739][ T9739] bridge_slave_0: entered promiscuous mode
[  614.648670][ T9739] bridge0: port 2(bridge_slave_1) entered blocking state
[  614.671914][ T9929] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  614.676167][ T9927] XFS (loop0): Starting recovery (logdev: internal)
[  614.682710][ T9739] bridge0: port 2(bridge_slave_1) entered disabled state
[  614.696153][ T9739] bridge_slave_1: entered allmulticast mode
[  614.719734][ T9739] bridge_slave_1: entered promiscuous mode
[  614.734179][ T9925] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  614.734220][ T9925]   allowing incompatible features above 0.0: (unknown version)
[  614.734242][ T9925]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  614.808226][ T9927] XFS (loop0): Ending recovery (logdev: internal)
[  614.871332][ T9929] XFS (loop5): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  614.882171][ T9929] XFS (loop5): Starting recovery (logdev: internal)
[  614.924683][ T9929] XFS (loop5): Ending recovery (logdev: internal)
[  615.011195][ T9739] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  615.063663][ T9925] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[  615.125717][ T9925] bcachefs (loop2): initializing new filesystem
[  615.150338][ T5832] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  615.202252][ T9925] bcachefs (loop2): going read-write
[  615.202588][ T5831] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  615.223074][ T9739] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  615.351436][ T9739] team0: Port device team_slave_0 added
[  615.478060][ T9739] team0: Port device team_slave_1 added
[  615.537524][ T9925] bcachefs (loop2): marking superblocks
[  615.823903][ T9505] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  615.850040][ T9925] bcachefs (loop2): initializing freespace
[  615.907934][ T9925] bcachefs (loop2): done initializing freespace
[  615.966797][ T9925] bcachefs (loop2): reading snapshots table
[  615.972845][ T9925] bcachefs (loop2): reading snapshots done
[  616.163170][ T9925] bcachefs (loop2):  loop2: Superblock write was silently dropped! (seq 0 expected 42)
[  616.163347][ T9505] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  616.183004][ T9925] bcachefs (loop2): done starting filesystem
[  616.250011][ T9505] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  616.328483][ T5833] bcachefs (loop2): shutting down
[  616.337542][ T9739] batman_adv: batadv0: Adding interface: batadv_slave_0
[  616.344566][ T9739] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  616.370567][ T5833] bcachefs (loop2): going read-only
[  616.370616][ T5833] bcachefs (loop2): finished waiting for writes to stop
[  616.385244][ T9739] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  616.398842][ T5833] bcachefs (loop2): flushing journal and stopping allocators, journal seq 2
[  616.402763][ T9739] batman_adv: batadv0: Adding interface: batadv_slave_1
[  616.415119][ T9739] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  616.481695][ T9992] binder: 9991:9992 ioctl c0046209 0 returned -22
[  616.523877][ T9739] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  616.538969][ T5833] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 3
[  616.559998][ T5833] bcachefs (loop2): clean shutdown complete, journal seq 4
[  616.575967][ T9505] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  616.584020][ T5833] bcachefs (loop2): marking filesystem clean
[  617.031921][ T9999] 9pnet_virtio: no channels available for device syz
[  617.686031][ T5833] bcachefs (loop2): shutdown complete
[  617.745951][   T36] bridge_slave_1: left allmulticast mode
[  617.751755][   T36] bridge_slave_1: left promiscuous mode
[  617.794484][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  617.829541][   T36] bridge_slave_0: left allmulticast mode
[  617.873113][   T36] bridge_slave_0: left promiscuous mode
[  617.905728][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  619.884062][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  619.898886][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  619.911380][   T36] bond0 (unregistering): Released all slaves
[  620.229911][ T9445] 8021q: adding VLAN 0 to HW filter on device bond0
[  620.495668][   T36] hsr_slave_0: left promiscuous mode
[  620.554981][   T36] hsr_slave_1: left promiscuous mode
[  620.584733][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  621.092184][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  621.733244][T10042] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  622.197658][   T36] team0 (unregistering): Port device team_slave_1 removed
[  622.318154][   T36] team0 (unregistering): Port device team_slave_0 removed
[  622.805945][T10053] loop2: detected capacity change from 0 to 32768
[  622.885397][T10053] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  623.022839][T10053] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  623.069084][T10053] XFS (loop2): Starting recovery (logdev: internal)
[  623.111922][T10053] XFS (loop2): Ending recovery (logdev: internal)
[  623.277359][ T9739] hsr_slave_0: entered promiscuous mode
[  623.283939][ T9739] hsr_slave_1: entered promiscuous mode
[  623.307376][ T5833] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  623.312604][ T9739] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  623.334116][ T9739] Cannot create hsr debugfs directory
[  623.928946][ T9445] 8021q: adding VLAN 0 to HW filter on device team0
[  624.066223][ T2999] bridge0: port 1(bridge_slave_0) entered blocking state
[  624.073496][ T2999] bridge0: port 1(bridge_slave_0) entered forwarding state
[  624.674992][T10066] loop0: detected capacity change from 0 to 32768
[  624.712928][ T5983] bridge0: port 2(bridge_slave_1) entered blocking state
[  624.720206][ T5983] bridge0: port 2(bridge_slave_1) entered forwarding state
[  624.823119][T10066] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  624.823158][T10066]   allowing incompatible features above 0.0: (unknown version)
[  624.823183][T10066]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  624.888995][T10066] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[  624.897369][T10066] bcachefs (loop0): initializing new filesystem
[  624.915756][T10066] bcachefs (loop0): going read-write
[  624.994562][T10081] netlink: 8 bytes leftover after parsing attributes in process `syz.2.583'.
[  625.011646][T10081] netlink: 'syz.2.583': attribute type 5 has an invalid length.
[  625.060110][T10081] netlink: 20 bytes leftover after parsing attributes in process `syz.2.583'.
[  625.147494][T10066] bcachefs (loop0): marking superblocks
[  625.330638][T10066] bcachefs (loop0): initializing freespace
[  625.389406][T10066] bcachefs (loop0): done initializing freespace
[  625.488863][T10066] bcachefs (loop0): reading snapshots table
[  625.513011][T10066] bcachefs (loop0): reading snapshots done
[  625.607201][T10066] bcachefs (loop0):  loop0: Superblock write was silently dropped! (seq 0 expected 42)
[  625.705208][T10066] bcachefs (loop0): done starting filesystem
[  625.874080][ T9505] 8021q: adding VLAN 0 to HW filter on device bond0
[  625.929672][   T30] audit: type=1800 audit(1750565839.267:118): pid=10066 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.582" name="file1" dev="loop0" ino=4099 res=0 errno=0
[  626.273823][ T9505] 8021q: adding VLAN 0 to HW filter on device team0
[  626.308375][ T5847] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  626.345631][ T5847] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  626.359307][ T5847] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  626.380208][ T5847] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  626.395830][ T5847] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  626.588067][ T5832] bcachefs (loop0): shutting down
[  626.593172][ T5832] bcachefs (loop0): going read-only
[  626.639303][ T5832] bcachefs (loop0): finished waiting for writes to stop
[  626.705875][ T5832] bcachefs (loop0): flushing journal and stopping allocators, journal seq 9
[  626.808890][ T8144] bridge0: port 1(bridge_slave_0) entered blocking state
[  626.816154][ T8144] bridge0: port 1(bridge_slave_0) entered forwarding state
[  626.844911][ T8144] bridge0: port 2(bridge_slave_1) entered blocking state
[  626.852277][ T8144] bridge0: port 2(bridge_slave_1) entered forwarding state
[  626.910518][ T5832] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 9
[  626.996520][ T5832] bcachefs (loop0): clean shutdown complete, journal seq 10
[  627.029278][ T5832] bcachefs (loop0): marking filesystem clean
[  627.290642][ T5832] bcachefs (loop0): shutdown complete
[  628.188342][T10107] loop5: detected capacity change from 0 to 32768
[  628.577075][ T5846] Bluetooth: hci6: command tx timeout
[  628.884531][ T9739] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  628.946764][ T9739] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  628.972795][ T9739] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  629.190887][ T9739] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  630.655742][ T5846] Bluetooth: hci6: command tx timeout
[  630.679025][   T36] bridge_slave_1: left allmulticast mode
[  630.684769][   T36] bridge_slave_1: left promiscuous mode
[  630.730975][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  630.777147][   T36] bridge_slave_0: left allmulticast mode
[  630.782885][   T36] bridge_slave_0: left promiscuous mode
[  630.819292][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  630.819973][T10152] netlink: 400 bytes leftover after parsing attributes in process `syz.2.588'.
[  631.036973][T10107] bcachefs (loop5): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  631.037047][T10107]   allowing incompatible features above 0.0: (unknown version)
[  631.037069][T10107]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  631.177780][T10107] bcachefs (loop5): Using encoding defined by superblock: utf8-12.1.0
[  631.195787][T10107] bcachefs (loop5): initializing new filesystem
[  631.255615][T10107] warn_alloc: 1 callbacks suppressed
[  631.255641][T10107] syz.5.584: vmalloc error: size 8388608, failed to allocated page array size 16384, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1
[  631.305400][T10107] CPU: 1 UID: 0 PID: 10107 Comm: syz.5.584 Not tainted 6.16.0-rc2-syzkaller-00308-gf7301f856d35 #0 PREEMPT(full) 
[  631.305449][T10107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  631.305469][T10107] Call Trace:
[  631.305480][T10107]  <TASK>
[  631.305493][T10107]  dump_stack_lvl+0x16c/0x1f0
[  631.305551][T10107]  warn_alloc+0x248/0x3a0
[  631.305591][T10107]  ? __pfx_warn_alloc+0x10/0x10
[  631.305642][T10107]  ? bch2_fs_journal_start+0x3b2/0x14a0
[  631.305672][T10107]  ? srso_alias_return_thunk+0x5/0xfbef5
[  631.305712][T10107]  ? __vmalloc_node_noprof+0xad/0xf0
[  631.305771][T10107]  __vmalloc_node_range_noprof+0x101b/0x14b0
[  631.305840][T10107]  ? bch2_fs_journal_start+0x3b2/0x14a0
[  631.305879][T10107]  ? srso_alias_return_thunk+0x5/0xfbef5
[  631.305921][T10107]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  631.305976][T10107]  ? srso_alias_return_thunk+0x5/0xfbef5
[  631.306014][T10107]  ? __alloc_pages_noprof+0xb/0x1b0
[  631.306055][T10107]  ? ___kmalloc_large_node+0x84/0x1e0
[  631.306102][T10107]  ? srso_alias_return_thunk+0x5/0xfbef5
[  631.306145][T10107]  ? srso_alias_return_thunk+0x5/0xfbef5
[  631.306190][T10107]  __kvmalloc_node_noprof+0x30a/0x620
[  631.306225][T10107]  ? bch2_fs_journal_start+0x3b2/0x14a0
[  631.306256][T10107]  ? __genradix_iter_peek_prev+0x28c/0x4c0
[  631.306311][T10107]  ? rcu_is_watching+0x12/0xc0
[  631.306352][T10107]  ? bch2_fs_journal_start+0x3b2/0x14a0
[  631.306392][T10107]  ? bch2_fs_journal_start+0x3b2/0x14a0
[  631.306422][T10107]  bch2_fs_journal_start+0x3b2/0x14a0
[  631.306454][T10107]  ? bch2_trans_put+0x86c/0x10d0
[  631.306509][T10107]  ? srso_alias_return_thunk+0x5/0xfbef5
[  631.306553][T10107]  ? srso_alias_return_thunk+0x5/0xfbef5
[  631.306591][T10107]  ? find_held_lock+0x2b/0x80
[  631.306632][T10107]  ? __pfx_bch2_fs_journal_start+0x10/0x10
[  631.306666][T10107]  ? enumerated_ref_put+0xc3/0x270
[  631.306702][T10107]  ? srso_alias_return_thunk+0x5/0xfbef5
[  631.306743][T10107]  ? bch2_fs_journal_alloc+0x3f6/0x5e0
[  631.306807][T10107]  bch2_fs_initialize+0xd94/0x25b0
[  631.306860][T10107]  ? __entry_text_end+0x1020b5/0x1020b9
[  631.306911][T10107]  ? __pfx_bch2_fs_initialize+0x10/0x10
[  631.306955][T10107]  ? srso_alias_return_thunk+0x5/0xfbef5
[  631.306996][T10107]  ? srso_alias_return_thunk+0x5/0xfbef5
[  631.307042][T10107]  ? rcu_is_watching+0x12/0xc0
[  631.307108][T10107]  ? srso_alias_return_thunk+0x5/0xfbef5
[  631.307173][T10107]  ? srso_alias_return_thunk+0x5/0xfbef5
[  631.307212][T10107]  ? __lock_acquire+0xb8a/0x1c90
[  631.307326][T10107]  ? srso_alias_return_thunk+0x5/0xfbef5
[  631.307365][T10107]  ? srso_alias_return_thunk+0x5/0xfbef5
[  631.307407][T10107]  ? srso_alias_return_thunk+0x5/0xfbef5
[  631.307457][T10107]  ? bch2_fs_start+0xf50/0x1410
[  631.307487][T10107]  ? srso_alias_return_thunk+0x5/0xfbef5
[  631.307526][T10107]  bch2_fs_start+0xf50/0x1410
[  631.307571][T10107]  bch2_fs_get_tree+0xdb4/0x1b20
[  631.307623][T10107]  ? __pfx_bch2_fs_get_tree+0x10/0x10
[  631.307712][T10107]  ? kfree+0x24f/0x4d0
[  631.307764][T10107]  ? __pfx_aa_get_newest_label+0x10/0x10
[  631.307802][T10107]  ? srso_alias_return_thunk+0x5/0xfbef5
[  631.307841][T10107]  ? trace_cap_capable+0x18d/0x200
[  631.307900][T10107]  ? srso_alias_return_thunk+0x5/0xfbef5
[  631.307939][T10107]  ? apparmor_capable+0x114/0x1d0
[  631.307973][T10107]  ? srso_alias_return_thunk+0x5/0xfbef5
[  631.308013][T10107]  ? srso_alias_return_thunk+0x5/0xfbef5
[  631.308066][T10107]  vfs_get_tree+0x8e/0x340
[  631.308120][T10107]  path_mount+0x1414/0x2020
[  631.308167][T10107]  ? srso_alias_return_thunk+0x5/0xfbef5
[  631.308207][T10107]  ? kmem_cache_free+0x2d1/0x4d0
[  631.308241][T10107]  ? __pfx_path_mount+0x10/0x10
[  631.308292][T10107]  ? srso_alias_return_thunk+0x5/0xfbef5
[  631.308330][T10107]  ? putname+0x154/0x1a0
[  631.308381][T10107]  __x64_sys_mount+0x28d/0x310
[  631.308428][T10107]  ? __pfx___x64_sys_mount+0x10/0x10
[  631.308471][T10107]  ? srso_alias_return_thunk+0x5/0xfbef5
[  631.308524][T10107]  do_syscall_64+0xcd/0x4c0
[  631.308561][T10107]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  631.308594][T10107] RIP: 0033:0x7feed69900ca
[  631.308621][T10107] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  631.308653][T10107] RSP: 002b:00007feed7771e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  631.308684][T10107] RAX: ffffffffffffffda RBX: 00007feed7771ef0 RCX: 00007feed69900ca
[  631.308706][T10107] RDX: 00002000000000c0 RSI: 00002000000003c0 RDI: 00007feed7771eb0
[  631.308726][T10107] RBP: 00002000000000c0 R08: 00007feed7771ef0 R09: 0000000000000810
[  631.308745][T10107] R10: 0000000000000810 R11: 0000000000000246 R12: 00002000000003c0
[  631.308765][T10107] R13: 00007feed7771eb0 R14: 0000000000005a85 R15: 0000200000000040
[  631.308805][T10107]  </TASK>
[  631.308817][T10107] Mem-Info:
[  631.784454][T10107] active_anon:11973 inactive_anon:0 isolated_anon:0
[  631.784454][T10107]  active_file:1996 inactive_file:40191 isolated_file:0
[  631.784454][T10107]  unevictable:768 dirty:249 writeback:0
[  631.784454][T10107]  slab_reclaimable:10920 slab_unreclaimable:100915
[  631.784454][T10107]  mapped:35244 shmem:5507 pagetables:1499
[  631.784454][T10107]  sec_pagetables:0 bounce:0
[  631.784454][T10107]  kernel_misc_reclaimable:0
[  631.784454][T10107]  free:1301019 free_pcp:17242 free_cma:0
[  631.832162][T10107] Node 0 active_anon:47892kB inactive_anon:0kB active_file:7984kB inactive_file:160568kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:140976kB dirty:992kB writeback:0kB shmem:20492kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13148kB pagetables:5948kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  631.873069][T10107] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:196kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  631.910807][T10107] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  631.945422][T10107] lowmem_reserve[]: 0 2481 2482 2482 2482
[  631.953509][T10107] Node 0 DMA32 free:1274880kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:47844kB inactive_anon:0kB active_file:7984kB inactive_file:159256kB unevictable:1536kB writepending:988kB present:3129332kB managed:2540804kB mlocked:0kB bounce:0kB free_pcp:58152kB local_pcp:20940kB free_cma:0kB
[  631.990314][T10107] lowmem_reserve[]: 0 0 1 1 1
[  631.995159][T10107] Node 0 Normal free:20kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1312kB unevictable:0kB writepending:4kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[  632.063683][T10107] lowmem_reserve[]: 0 0 0 0 0
[  632.071485][T10107] Node 1 Normal free:3913816kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:196kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:10208kB local_pcp:2656kB free_cma:0kB
[  632.111592][T10107] lowmem_reserve[]: 0 0 0 0 0
[  632.125479][T10107] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  632.149238][T10107] Node 0 DMA32: 1153*4kB (UME) 163*8kB (UME) 68*16kB (UME) 667*32kB (UME) 454*64kB (UME) 282*128kB (UME) 239*256kB (UME) 112*512kB (UME) 42*1024kB (UM) 4*2048kB (UME) 247*4096kB (M) = 1274940kB
[  632.184633][T10107] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB
[  632.202094][T10107] Node 1 Normal: 178*4kB (UME) 46*8kB (UME) 32*16kB (UME) 219*32kB (UME) 63*64kB (UME) 12*128kB (UME) 5*256kB (UME) 4*512kB (UME) 3*1024kB (UME) 1*2048kB (E) 950*4096kB (M) = 3913816kB
[  632.221338][T10107] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  632.232437][T10107] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  632.242209][T10107] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  632.267695][T10107] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  632.287761][T10107] 48010 total pagecache pages
[  632.292507][T10107] 0 pages in swap cache
[  632.299386][T10107] Free swap  = 124996kB
[  632.303577][T10107] Total swap = 124996kB
[  632.319138][T10107] 2097051 pages RAM
[  632.334532][T10107] 0 pages HighMem/MovableOnly
[  632.341136][T10107] 429872 pages reserved
[  632.347162][T10107] 0 pages cma reserved
[  632.360998][T10107] bcachefs (loop5): error reallocating journal fifo (32768 open entries)
[  632.381263][T10107] bcachefs (loop5): bch2_fs_initialize(): error ENOMEM_journal_pin_fifo
[  632.389872][T10107] bcachefs (loop5): bch2_fs_start(): error starting filesystem ENOMEM_journal_pin_fifo
[  632.411040][T10107] bcachefs (loop5): shutting down
[  632.458452][T10107] bcachefs (loop5): shutdown complete
[  632.553642][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  632.578985][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  632.597846][   T36] bond0 (unregistering): Released all slaves
[  632.613980][T10161] loop0: detected capacity change from 0 to 32768
[  632.670551][T10099] chnl_net:caif_netlink_parms(): no params data found
[  632.715952][T10161] XFS (loop0): DAX unsupported by block device. Turning off DAX.
[  632.734645][T10161] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  632.744074][ T5846] Bluetooth: hci6: command tx timeout
[  632.969535][T10161] XFS (loop0): Ending clean mount
[  633.068930][T10161] XFS (loop0): Quotacheck needed: Please wait.
[  633.161313][   T36] hsr_slave_0: left promiscuous mode
[  633.198764][T10161] XFS (loop0): Quotacheck: Done.
[  633.221214][   T36] hsr_slave_1: left promiscuous mode
[  633.227561][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  633.265582][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  633.353921][   T30] audit: type=1800 audit(1750565846.737:119): pid=10161 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.589" name="file2" dev="loop0" ino=4423 res=0 errno=0
[  633.516752][T10161] XFS (loop0): Metadata CRC error detected at xfs_refcountbt_read_verify+0x26/0xe0, xfs_refcountbt block 0x28 
[  633.544267][T10161] XFS (loop0): Unmount and run xfs_repair
[  633.560883][T10161] XFS (loop0): First 128 bytes of corrupted metadata buffer:
[  633.579203][T10161] 00000000: 52 ff ff ff 7f 00 00 00 ff ff ff ff ff ff ff ff  R...............
[  633.617366][T10161] 00000010: 00 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00  .......(........
[  633.637152][T10161] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb  ...^T.Lr......N.
[  633.655490][T10161] 00000030: 00 00 00 00 bd e7 de 5d 00 00 00 00 00 00 00 00  .......]........
[  633.700220][T10161] 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  633.728722][T10161] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  633.745802][T10161] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  633.765038][T10161] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  633.795460][T10161] XFS (loop0): metadata I/O error in "xfs_btree_read_buf_block+0x23f/0x4f0" at daddr 0x28 len 8 error 74
[  633.821302][T10161] XFS (loop0): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x400/0x970 (fs/xfs/xfs_trans_buf.c:311).  Shutting down filesystem.
[  633.855696][T10161] XFS (loop0): Please unmount the filesystem and rectify the problem(s)
[  634.041448][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[  634.047977][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  634.276400][ T5832] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  634.816532][ T5846] Bluetooth: hci6: command tx timeout
[  634.876063][ T5847] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  634.892203][ T5847] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  634.902433][ T5847] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  634.929703][ T5847] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  634.940412][ T5847] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  635.094847][   T36] team0 (unregistering): Port device team_slave_1 removed
[  635.306119][   T36] team0 (unregistering): Port device team_slave_0 removed
[  635.442864][T10192] loop2: detected capacity change from 0 to 32768
[  635.545513][T10198] netlink: 24 bytes leftover after parsing attributes in process `syz.0.592'.
[  636.197289][T10192] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  636.243051][T10107] bcachefs: bch2_fs_get_tree() error: ENOMEM_journal_pin_fifo
[  636.385405][T10192] XFS (loop2): Ending clean mount
[  636.655134][ T5833] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  637.056916][ T5847] Bluetooth: hci4: command tx timeout
[  639.136281][ T5847] Bluetooth: hci4: command tx timeout
[  639.401650][ T9739] 8021q: adding VLAN 0 to HW filter on device bond0
[  639.515532][T10226] binder: 10224:10226 ioctl c0046209 0 returned -22
[  639.878119][T10099] bridge0: port 1(bridge_slave_0) entered blocking state
[  639.921596][T10099] bridge0: port 1(bridge_slave_0) entered disabled state
[  639.969796][T10099] bridge_slave_0: entered allmulticast mode
[  640.011673][T10099] bridge_slave_0: entered promiscuous mode
[  640.062786][T10099] bridge0: port 2(bridge_slave_1) entered blocking state
[  640.096824][T10099] bridge0: port 2(bridge_slave_1) entered disabled state
[  640.140074][T10099] bridge_slave_1: entered allmulticast mode
[  640.188468][T10099] bridge_slave_1: entered promiscuous mode
[  640.406557][T10232] 9pnet_virtio: no channels available for device syz
[  640.530896][ T9739] 8021q: adding VLAN 0 to HW filter on device team0
[  640.619831][T10099] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  640.684509][T10099] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  640.890509][ T2963] bridge0: port 1(bridge_slave_0) entered blocking state
[  640.897767][ T2963] bridge0: port 1(bridge_slave_0) entered forwarding state
[  641.108813][T10099] team0: Port device team_slave_0 added
[  641.172932][T10099] team0: Port device team_slave_1 added
[  641.180340][T10230] loop0: detected capacity change from 0 to 32768
[  641.216796][ T5847] Bluetooth: hci4: command tx timeout
[  641.227502][T10230] XFS (loop0): DAX unsupported by block device. Turning off DAX.
[  641.260322][T10230] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  641.443164][T10230] XFS (loop0): Ending clean mount
[  641.462964][T10230] XFS (loop0): Quotacheck needed: Please wait.
[  641.553359][T10099] batman_adv: batadv0: Adding interface: batadv_slave_0
[  641.566268][T10099] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  641.602272][T10099] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  641.642842][ T6167] bridge0: port 2(bridge_slave_1) entered blocking state
[  641.650269][ T6167] bridge0: port 2(bridge_slave_1) entered forwarding state
[  641.660421][T10230] XFS (loop0): Quotacheck: Done.
[  641.684283][   T30] audit: type=1800 audit(1750565855.067:120): pid=10230 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.598" name="file2" dev="loop0" ino=4423 res=0 errno=0
[  641.766251][T10099] batman_adv: batadv0: Adding interface: batadv_slave_1
[  641.786404][T10099] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  641.790603][ T5832] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  641.812375][    C1] vkms_vblank_simulate: vblank timer overrun
[  641.853190][T10099] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  642.271709][T10099] hsr_slave_0: entered promiscuous mode
[  642.280489][T10254] loop2: detected capacity change from 0 to 32768
[  642.307130][T10254] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.600 (10254)
[  642.317365][T10099] hsr_slave_1: entered promiscuous mode
[  642.360661][T10099] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  642.364745][T10254] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  642.384368][T10099] Cannot create hsr debugfs directory
[  642.444561][T10254] BTRFS info (device loop2): using crc32c (crc32c-x86_64) checksum algorithm
[  642.474142][T10254] BTRFS info (device loop2): using free-space-tree
[  642.593257][T10254] BTRFS info (device loop2): rebuilding free space tree
[  643.308923][ T5847] Bluetooth: hci4: command tx timeout
[  643.802102][   T30] audit: type=1800 audit(1750565857.187:121): pid=10254 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.600" name="bus" dev="loop2" ino=263 res=0 errno=0
[  644.024348][ T5833] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  645.241106][T10300] binder: 10299:10300 ioctl c0046209 0 returned -22
[  645.820510][T10308] 9pnet_virtio: no channels available for device syz
[  646.706399][T10193] chnl_net:caif_netlink_parms(): no params data found
[  647.761261][T10305] loop2: detected capacity change from 0 to 32768
[  647.794845][T10323] netlink: 8 bytes leftover after parsing attributes in process `syz.0.606'.
[  647.806230][T10323] netlink: 'syz.0.606': attribute type 5 has an invalid length.
[  647.814129][T10323] netlink: 20 bytes leftover after parsing attributes in process `syz.0.606'.
[  647.898365][T10305] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  648.359943][T10305] XFS (loop2): Ending clean mount
[  648.400985][T10305] XFS (loop2): Quotacheck needed: Please wait.
[  648.620222][T10305] XFS (loop2): Quotacheck: Done.
[  648.774757][T10193] bridge0: port 1(bridge_slave_0) entered blocking state
[  648.793509][ T5833] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  648.811125][T10193] bridge0: port 1(bridge_slave_0) entered disabled state
[  648.863015][T10193] bridge_slave_0: entered allmulticast mode
[  648.895890][T10193] bridge_slave_0: entered promiscuous mode
[  648.981690][T10193] bridge0: port 2(bridge_slave_1) entered blocking state
[  649.025185][T10193] bridge0: port 2(bridge_slave_1) entered disabled state
[  649.105030][T10193] bridge_slave_1: entered allmulticast mode
[  649.188676][T10193] bridge_slave_1: entered promiscuous mode
[  649.850543][T10193] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  649.898718][T10193] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  650.012867][   T36] bridge_slave_1: left allmulticast mode
[  650.035333][   T36] bridge_slave_1: left promiscuous mode
[  650.065698][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  650.166582][   T36] bridge_slave_0: left allmulticast mode
[  650.172300][   T36] bridge_slave_0: left promiscuous mode
[  650.237883][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  651.203554][T10347] loop2: detected capacity change from 0 to 32768
[  651.292039][T10347] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode.
[  651.444581][T10347] (syz.2.608,10347,0):ocfs2_check_set_options:1244 ERROR: Invalid heartbeat mount options
[  651.654122][ T5833] ocfs2: Unmounting device (7,2) on (node local)
[  652.386134][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  652.412970][T10365] loop0: detected capacity change from 0 to 32768
[  652.446832][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  652.462055][   T36] bond0 (unregistering): Released all slaves
[  652.489553][T10365] XFS (loop0): DAX unsupported by block device. Turning off DAX.
[  652.499103][T10365] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  652.503773][ T9739] 8021q: adding VLAN 0 to HW filter on device batadv0
[  652.571031][T10369] loop5: detected capacity change from 0 to 32768
[  652.610833][T10365] XFS (loop0): Ending clean mount
[  652.621155][T10365] XFS (loop0): Quotacheck needed: Please wait.
[  652.692151][T10369] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  652.772786][T10365] XFS (loop0): Quotacheck: Done.
[  652.795065][T10193] team0: Port device team_slave_0 added
[  652.816858][T10371] loop2: detected capacity change from 0 to 32768
[  652.856984][   T30] audit: type=1800 audit(1750565866.237:122): pid=10365 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.610" name="file2" dev="loop0" ino=4423 res=0 errno=0
[  652.931228][T10369] XFS (loop5): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  652.991451][T10369] XFS (loop5): Starting recovery (logdev: internal)
[  653.065467][   T36] hsr_slave_0: left promiscuous mode
[  653.090432][T10369] XFS (loop5): Ending recovery (logdev: internal)
[  653.096776][   T36] hsr_slave_1: left promiscuous mode
[  653.103149][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  653.120257][ T5832] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  653.130662][T10371] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  653.130707][T10371]   allowing incompatible features above 0.0: (unknown version)
[  653.130728][T10371]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  653.170291][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  653.194332][T10371] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[  653.275387][T10371] bcachefs (loop2): initializing new filesystem
[  653.294004][T10371] bcachefs (loop2): going read-write
[  653.378545][ T5831] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  653.786845][T10371] bcachefs (loop2): marking superblocks
[  653.864735][T10371] bcachefs (loop2): initializing freespace
[  653.991629][T10371] bcachefs (loop2): done initializing freespace
[  654.110657][T10371] bcachefs (loop2): reading snapshots table
[  654.155772][T10371] bcachefs (loop2): reading snapshots done
[  654.344372][T10371] bcachefs (loop2):  loop2: Superblock write was silently dropped! (seq 0 expected 42)
[  654.391380][T10371] bcachefs (loop2): done starting filesystem
[  654.728240][   T30] audit: type=1800 audit(1750565868.107:123): pid=10371 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.612" name="file1" dev="loop2" ino=4100 res=0 errno=0
[  654.938782][T10414] bcachefs (loop2): requested incompat feature 1.16: reflink_p_may_update_opts currently not enabled, allowed up to 1.16: reflink_p_may_update_opts
[  654.938782][T10414]   set version_upgrade=incompat to enable
[  655.323847][ T5833] bcachefs (loop2): shutting down
[  655.335437][ T5833] bcachefs (loop2): going read-only
[  655.340698][ T5833] bcachefs (loop2): finished waiting for writes to stop
[  656.116160][ T5833] bcachefs (loop2): flushing journal and stopping allocators, journal seq 6
[  656.318450][ T5833] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 6
[  656.364257][   T36] team0 (unregistering): Port device team_slave_1 removed
[  656.387727][ T5833] bcachefs (loop2): clean shutdown complete, journal seq 7
[  656.422504][ T5833] bcachefs (loop2): marking filesystem clean
[  656.557486][ T5833] bcachefs (loop2): shutdown complete
[  656.691745][   T36] team0 (unregistering): Port device team_slave_0 removed
[  657.208611][T10427] loop0: detected capacity change from 0 to 32768
[  657.872627][ T5847] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  657.882802][ T5847] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  657.892809][ T5847] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  657.901546][ T5847] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  657.909780][ T5847] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  657.955662][T10427] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  658.045453][T10427] XFS (loop0): Ending clean mount
[  658.335624][ T5832] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  658.482173][T10193] team0: Port device team_slave_1 added
[  658.923380][T10193] batman_adv: batadv0: Adding interface: batadv_slave_0
[  658.965375][T10193] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  659.020145][T10193] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  659.138290][T10193] batman_adv: batadv0: Adding interface: batadv_slave_1
[  659.195370][T10193] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  659.269037][T10193] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  659.935810][ T5847] Bluetooth: hci5: command tx timeout
[  659.965920][T10193] hsr_slave_0: entered promiscuous mode
[  660.036753][T10193] hsr_slave_1: entered promiscuous mode
[  660.177500][T10099] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  660.479695][T10099] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  660.530576][T10099] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  660.566663][T10099] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  660.747634][T10458] loop0: detected capacity change from 0 to 32768
[  660.826018][T10458] XFS (loop0): DAX unsupported by block device. Turning off DAX.
[  660.864266][T10458] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  661.039128][T10458] XFS (loop0): Ending clean mount
[  661.061283][T10458] XFS (loop0): Quotacheck needed: Please wait.
[  661.144618][T10458] XFS (loop0): Quotacheck: Done.
[  661.450536][ T5832] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  661.774283][T10466] loop5: detected capacity change from 0 to 32768
[  661.841513][T10466] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.624 (10466)
[  662.025516][ T5847] Bluetooth: hci5: command tx timeout
[  662.185813][T10466] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  662.247373][T10466] BTRFS info (device loop5): using crc32c (crc32c-x86_64) checksum algorithm
[  663.035484][T10466] BTRFS info (device loop5): using free-space-tree
[  663.301389][T10466] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[  663.301805][T10466] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[  663.332437][T10466] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  663.356593][T10466] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  663.421229][T10466] BTRFS error (device loop5): open_ctree failed: -12
[  664.147160][T10547] netlink: 24 bytes leftover after parsing attributes in process `syz.0.631'.
[  664.252578][ T5847] Bluetooth: hci5: command tx timeout
[  665.204422][T10555] netlink: 24 bytes leftover after parsing attributes in process `syz.5.632'.
[  666.142472][T10443] chnl_net:caif_netlink_parms(): no params data found
[  666.335484][ T5847] Bluetooth: hci5: command tx timeout
[  666.609046][T10563] input: syz1 as /devices/virtual/input/input46
[  666.837036][T10099] 8021q: adding VLAN 0 to HW filter on device bond0
[  667.472604][T10099] 8021q: adding VLAN 0 to HW filter on device team0
[  667.526282][T10562] loop5: detected capacity change from 0 to 32768
[  667.657007][ T2963] bridge0: port 1(bridge_slave_0) entered blocking state
[  667.664190][ T2963] bridge0: port 1(bridge_slave_0) entered forwarding state
[  667.696804][T10562] XFS (loop5): DAX unsupported by block device. Turning off DAX.
[  667.751581][T10562] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  667.939600][T10443] bridge0: port 1(bridge_slave_0) entered blocking state
[  667.980342][T10562] XFS (loop5): Ending clean mount
[  667.999525][T10562] XFS (loop5): Quotacheck needed: Please wait.
[  668.007692][T10443] bridge0: port 1(bridge_slave_0) entered disabled state
[  668.015020][T10443] bridge_slave_0: entered allmulticast mode
[  668.061136][T10443] bridge_slave_0: entered promiscuous mode
[  668.136911][T10562] XFS (loop5): Quotacheck: Done.
[  668.252855][T10443] bridge0: port 2(bridge_slave_1) entered blocking state
[  668.316875][T10443] bridge0: port 2(bridge_slave_1) entered disabled state
[  668.384646][T10443] bridge_slave_1: entered allmulticast mode
[  668.447413][T10443] bridge_slave_1: entered promiscuous mode
[  668.525681][ T5831] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  668.806306][ T2963] bridge0: port 2(bridge_slave_1) entered blocking state
[  668.813539][ T2963] bridge0: port 2(bridge_slave_1) entered forwarding state
[  669.012755][T10443] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  669.062587][T10443] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  669.418246][T10580] loop0: detected capacity change from 0 to 32768
[  669.429365][   T36] bridge_slave_1: left allmulticast mode
[  669.457021][T10580] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.637 (10580)
[  669.465335][   T36] bridge_slave_1: left promiscuous mode
[  669.505735][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  669.530169][T10580] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  669.558521][   T36] bridge_slave_0: left allmulticast mode
[  669.604083][   T36] bridge_slave_0: left promiscuous mode
[  669.615495][T10580] BTRFS info (device loop0): using crc32c (crc32c-x86_64) checksum algorithm
[  669.624347][T10580] BTRFS info (device loop0): disk space caching is enabled
[  669.634672][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  669.685113][T10580] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  670.050785][T10580] BTRFS info (device loop0): rebuilding free space tree
[  670.087939][T10580] BTRFS info (device loop0): disabling free space tree
[  670.095069][T10580] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  670.146291][T10580] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  670.277414][T10602] binder: 10601:10602 ioctl c0046209 0 returned -22
[  670.392086][T10584] loop5: detected capacity change from 0 to 32768
[  670.852183][T10606] 9pnet_virtio: no channels available for device syz
[  670.920518][T10102] IPVS: starting estimator thread 0...
[  671.363080][ T5832] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  671.373917][T10607] IPVS: using max 22 ests per chain, 52800 per kthread
[  671.501375][T10584] bcachefs (loop5): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  671.501415][T10584]   allowing incompatible features above 0.0: (unknown version)
[  671.501437][T10584]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  671.625501][T10584] bcachefs (loop5): Using encoding defined by superblock: utf8-12.1.0
[  671.634136][T10584] bcachefs (loop5): initializing new filesystem
[  671.675150][T10584] bcachefs (loop5): going read-write
[  671.869976][T10584] bcachefs (loop5): marking superblocks
[  671.943435][T10584] bcachefs (loop5): initializing freespace
[  672.003356][T10584] bcachefs (loop5): done initializing freespace
[  672.029472][T10584] bcachefs (loop5): reading snapshots table
[  672.043935][T10584] bcachefs (loop5): reading snapshots done
[  672.132563][T10584] bcachefs (loop5):  loop5: Superblock write was silently dropped! (seq 0 expected 42)
[  672.148296][T10584] bcachefs (loop5): done starting filesystem
[  672.196823][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  672.239699][ T5831] bcachefs (loop5): shutting down
[  672.249389][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  672.250421][ T5831] bcachefs (loop5): going read-only
[  672.286246][   T36] bond0 (unregistering): Released all slaves
[  672.295498][ T5831] bcachefs (loop5): finished waiting for writes to stop
[  672.326510][ T5831] bcachefs (loop5): flushing journal and stopping allocators, journal seq 3
[  672.445294][ T5831] bcachefs (loop5): flushing journal and stopping allocators complete, journal seq 3
[  672.460163][T10443] team0: Port device team_slave_0 added
[  672.483286][ T5831] bcachefs (loop5): clean shutdown complete, journal seq 4
[  672.524704][ T5831] bcachefs (loop5): marking filesystem clean
[  672.570643][   T36] hsr_slave_0: left promiscuous mode
[  672.586271][   T36] hsr_slave_1: left promiscuous mode
[  672.593884][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  672.610059][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  672.829528][T10610] loop0: detected capacity change from 0 to 32768
[  673.066970][ T5831] bcachefs (loop5): shutdown complete
[  673.207773][T10610] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  673.207870][T10610]   allowing incompatible features above 0.0: (unknown version)
[  673.207921][T10610]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  673.273487][T10610] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[  673.335128][T10610] bcachefs (loop0): initializing new filesystem
[  673.787121][T10610] bcachefs (loop0): going read-write
[  674.233130][T10610] bcachefs (loop0): marking superblocks
[  674.556628][T10610] bcachefs (loop0): initializing freespace
[  674.656071][T10610] bcachefs (loop0): done initializing freespace
[  674.672079][T10610] bcachefs (loop0): reading snapshots table
[  674.678583][T10610] bcachefs (loop0): reading snapshots done
[  674.738052][T10639] input: syz1 as /devices/virtual/input/input47
[  674.833931][T10610] bcachefs (loop0):  loop0: Superblock write was silently dropped! (seq 0 expected 42)
[  674.856559][T10610] bcachefs (loop0): done starting filesystem
[  675.025772][ T5832] bcachefs (loop0): shutting down
[  675.036643][ T5832] bcachefs (loop0): going read-only
[  675.056481][ T5832] bcachefs (loop0): finished waiting for writes to stop
[  675.077601][ T5832] bcachefs (loop0): flushing journal and stopping allocators, journal seq 3
[  675.130020][   T36] team0 (unregistering): Port device team_slave_1 removed
[  675.248550][ T5832] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 3
[  675.284451][ T5832] bcachefs (loop0): clean shutdown complete, journal seq 4
[  675.300930][ T5832] bcachefs (loop0): marking filesystem clean
[  675.360098][ T5832] bcachefs (loop0): shutdown complete
[  675.577128][   T36] team0 (unregistering): Port device team_slave_0 removed
[  677.049783][T10646] loop5: detected capacity change from 0 to 32768
[  677.226309][T10646] XFS (loop5): DAX unsupported by block device. Turning off DAX.
[  677.263859][T10646] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  677.981529][T10193] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  678.013126][T10443] team0: Port device team_slave_1 added
[  678.171686][T10646] XFS (loop5): Ending clean mount
[  678.174138][T10443] batman_adv: batadv0: Adding interface: batadv_slave_0
[  678.184433][T10443] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  678.209125][T10646] XFS (loop5): Quotacheck needed: Please wait.
[  678.218729][T10443] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  678.348752][T10193] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  678.884313][T10443] batman_adv: batadv0: Adding interface: batadv_slave_1
[  678.915405][T10646] XFS (loop5): Quotacheck: Done.
[  678.938704][T10443] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  679.065448][T10443] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  679.182856][ T5831] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  679.206112][T10099] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  679.311214][T10193] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  679.374144][T10193] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  679.881533][T10443] hsr_slave_0: entered promiscuous mode
[  679.927877][T10443] hsr_slave_1: entered promiscuous mode
[  679.934270][T10443] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  680.022023][T10443] Cannot create hsr debugfs directory
[  681.745613][T10099] 8021q: adding VLAN 0 to HW filter on device batadv0
[  682.272168][T10706] netlink: 24 bytes leftover after parsing attributes in process `syz.2.657'.
[  683.144165][T10691] loop5: detected capacity change from 0 to 32768
[  683.203907][T10193] 8021q: adding VLAN 0 to HW filter on device bond0
[  683.307788][T10710] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  683.311661][T10691] ocfs2: Mounting device (7,5) on (node local, slot 0) with writeback data mode.
[  683.314635][T10710] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  683.360595][T10712] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  683.367222][T10712] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  683.385021][T10193] 8021q: adding VLAN 0 to HW filter on device team0
[  683.465729][T10710] vhci_hcd vhci_hcd.0: Device attached
[  683.503394][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  683.510667][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  683.535761][T10712] vhci_hcd vhci_hcd.0: Device attached
[  683.570289][T10713] vhci_hcd: cannot find the pending unlink 7
[  683.628909][   T55] vhci_hcd: vhci_device speed not set
[  683.697134][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  683.704389][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  683.777796][   T55] usb 37-1: new full-speed USB device number 2 using vhci_hcd
[  684.190034][ T5831] ocfs2: Unmounting device (7,5) on (node local)
[  684.319309][T10715] vhci_hcd: connection reset by peer
[  684.330868][T10713] vhci_hcd: connection closed
[  684.343880][   T36] vhci_hcd: stop threads
[  684.368974][   T36] vhci_hcd: release socket
[  684.386900][   T36] vhci_hcd: disconnect device
[  684.418794][   T36] vhci_hcd: stop threads
[  684.436249][   T36] vhci_hcd: release socket
[  684.464253][   T36] vhci_hcd: disconnect device
[  684.549907][T10723] loop6: detected capacity change from 0 to 524287999
[  684.623542][T10726] netlink: 24 bytes leftover after parsing attributes in process `syz.0.658'.
[  685.127178][T10099] veth0_vlan: entered promiscuous mode
[  685.174490][T10443] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  685.542436][T10099] veth1_vlan: entered promiscuous mode
[  685.664745][T10443] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  685.743675][T10443] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  685.808304][T10443] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  685.939817][T10193] 8021q: adding VLAN 0 to HW filter on device batadv0
[  686.212346][T10443] 8021q: adding VLAN 0 to HW filter on device bond0
[  686.290155][T10443] 8021q: adding VLAN 0 to HW filter on device team0
[  686.337332][ T2999] bridge0: port 1(bridge_slave_0) entered blocking state
[  686.344554][ T2999] bridge0: port 1(bridge_slave_0) entered forwarding state
[  686.395157][ T2999] bridge0: port 2(bridge_slave_1) entered blocking state
[  686.402390][ T2999] bridge0: port 2(bridge_slave_1) entered forwarding state
[  686.510122][T10733] loop2: detected capacity change from 0 to 32768
[  686.610107][T10733] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  686.758093][T10443] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  687.019857][T10733] XFS (loop2): Ending clean mount
[  687.085942][T10733] XFS (loop2): Quotacheck needed: Please wait.
[  688.029494][T10733] XFS (loop2): Quotacheck: Done.
[  688.692288][ T5833] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  688.992520][   T55] vhci_hcd: vhci_device speed not set
[  689.297735][ T5847] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  689.361260][ T5847] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  689.420017][ T5847] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  689.735412][ T5847] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  689.832769][ T5847] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  690.251168][T10443] 8021q: adding VLAN 0 to HW filter on device batadv0
[  690.582184][ T5924] usb usb38-port1: attempt power cycle
[  690.747141][T10193] veth0_vlan: entered promiscuous mode
[  691.193149][ T5924] usb usb38-port1: unable to enumerate USB device
[  691.372676][T10193] veth1_vlan: entered promiscuous mode
[  691.463496][T10773] loop5: detected capacity change from 0 to 32768
[  691.930797][T10786] loop2: detected capacity change from 0 to 32768
[  691.945521][ T5847] Bluetooth: hci3: command tx timeout
[  691.974130][T10193] veth0_macvtap: entered promiscuous mode
[  692.062375][T10786] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode.
[  692.230420][T10193] veth1_macvtap: entered promiscuous mode
[  692.386690][   T63] bridge_slave_1: left allmulticast mode
[  692.395329][   T63] bridge_slave_1: left promiscuous mode
[  692.401175][   T63] bridge0: port 2(bridge_slave_1) entered disabled state
[  692.446442][ T5833] ocfs2: Unmounting device (7,2) on (node local)
[  694.065469][ T5847] Bluetooth: hci3: command tx timeout
[  694.159919][   T63] bridge_slave_0: left allmulticast mode
[  694.165869][   T63] bridge_slave_0: left promiscuous mode
[  694.171687][   T63] bridge0: port 1(bridge_slave_0) entered disabled state
[  694.823380][T10811] netlink: 8 bytes leftover after parsing attributes in process `syz.0.674'.
[  694.833479][T10811] netlink: 'syz.0.674': attribute type 5 has an invalid length.
[  694.841844][T10811] netlink: 20 bytes leftover after parsing attributes in process `syz.0.674'.
[  695.333499][   T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  695.551038][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[  695.557740][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  695.564674][   T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  695.938568][T10818] netlink: 8 bytes leftover after parsing attributes in process `syz.5.677'.
[  695.947438][T10818] netlink: 'syz.5.677': attribute type 5 has an invalid length.
[  695.955078][T10818] netlink: 20 bytes leftover after parsing attributes in process `syz.5.677'.
[  695.971551][   T63] bond0 (unregistering): Released all slaves
[  696.013238][T10193] batman_adv: batadv0: Interface activated: batadv_slave_0
[  696.097526][ T5847] Bluetooth: hci3: command tx timeout
[  696.160738][   T63] hsr_slave_0: left promiscuous mode
[  696.224109][   T63] hsr_slave_1: left promiscuous mode
[  696.238326][   T63] batman_adv: batadv0: Removing interface: batadv_slave_0
[  696.286843][   T63] batman_adv: batadv0: Removing interface: batadv_slave_1
[  696.341544][   T63] veth1_vlan: left promiscuous mode
[  696.365915][   T63] veth0_vlan: left promiscuous mode
[  696.720734][ T5847] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  696.730098][ T5847] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  696.740228][ T5847] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  696.755035][ T5847] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  696.763479][ T5847] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  697.032360][   T63] team0 (unregistering): Port device team_slave_1 removed
[  697.079064][   T63] team0 (unregistering): Port device team_slave_0 removed
[  697.801394][T10776] chnl_net:caif_netlink_parms(): no params data found
[  698.017978][ T5925] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  698.106194][ T8236] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  698.191130][ T5840] Bluetooth: hci3: command tx timeout
[  698.204742][ T5925] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  698.225400][ T5925] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  698.283050][ T8236] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  698.301541][ T5925] usb 6-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  698.339811][ T8236] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  698.357300][ T8236] usb 3-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  698.376227][ T8236] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.c0
[  698.386193][ T8236] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  698.389545][ T5925] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.c0
[  698.394617][ T8236] usb 3-1: Product: syz
[  698.408005][ T8236] usb 3-1: Manufacturer: syz
[  698.412631][ T8236] usb 3-1: SerialNumber: syz
[  698.424104][ T5925] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  698.444218][ T5925] usb 6-1: Product: syz
[  698.450395][ T5925] usb 6-1: Manufacturer: syz
[  698.455034][ T5925] usb 6-1: SerialNumber: syz
[  698.489234][ T5925] cdc_ncm 6-1:1.0: skipping garbage
[  698.520251][T10443] veth0_vlan: entered promiscuous mode
[  698.564130][T10776] bridge0: port 1(bridge_slave_0) entered blocking state
[  698.582756][T10776] bridge0: port 1(bridge_slave_0) entered disabled state
[  698.593635][T10776] bridge_slave_0: entered allmulticast mode
[  698.608897][T10776] bridge_slave_0: entered promiscuous mode
[  698.628970][T10776] bridge0: port 2(bridge_slave_1) entered blocking state
[  698.649497][T10776] bridge0: port 2(bridge_slave_1) entered disabled state
[  698.674501][T10776] bridge_slave_1: entered allmulticast mode
[  698.696672][ T8236] cdc_ncm 3-1:1.0: skipping garbage
[  698.730233][T10776] bridge_slave_1: entered promiscuous mode
[  698.817175][ T5840] Bluetooth: hci6: command tx timeout
[  699.600608][T10776] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  699.627931][T10443] veth1_vlan: entered promiscuous mode
[  699.664430][T10776] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  699.757977][ T8236] cdc_ncm 3-1:1.0: bind() failure
[  699.788890][ T8236] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  699.796674][ T8236] cdc_ncm 3-1:1.1: bind() failure
[  699.815702][ T8236] usb 3-1: USB disconnect, device number 2
[  699.893634][ T5925] cdc_ncm 6-1:1.0: bind() failure
[  699.935160][ T5925] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found
[  699.999929][T10776] team0: Port device team_slave_0 added
[  700.017815][ T5925] cdc_ncm 6-1:1.1: bind() failure
[  700.190222][ T5925] usb 6-1: USB disconnect, device number 3
[  700.807013][T10443] veth0_macvtap: entered promiscuous mode
[  700.820714][T10776] team0: Port device team_slave_1 added
[  701.055467][ T5840] Bluetooth: hci6: command tx timeout
[  701.113852][T10443] veth1_macvtap: entered promiscuous mode
[  702.827142][T10776] batman_adv: batadv0: Adding interface: batadv_slave_0
[  702.834147][T10776] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  702.977956][T10776] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  703.017321][T10776] batman_adv: batadv0: Adding interface: batadv_slave_1
[  703.030953][T10776] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  703.165505][ T5840] Bluetooth: hci6: command tx timeout
[  703.325437][T10776] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  704.624717][T10820] chnl_net:caif_netlink_parms(): no params data found
[  705.250445][ T5840] Bluetooth: hci6: command tx timeout
[  705.670296][T10776] hsr_slave_0: entered promiscuous mode
[  705.708670][T10776] hsr_slave_1: entered promiscuous mode
[  705.744783][T10776] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  705.783905][T10776] Cannot create hsr debugfs directory
[  705.836311][T10443] batman_adv: batadv0: Interface activated: batadv_slave_0
[  705.850734][T10859] loop5: detected capacity change from 0 to 32768
[  705.932015][T10859] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  705.997637][T10443] batman_adv: batadv0: Interface activated: batadv_slave_1
[  706.119600][T10859] XFS (loop5): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  706.164082][T10859] XFS (loop5): Starting recovery (logdev: internal)
[  706.290636][T10859] XFS (loop5): Ending recovery (logdev: internal)
[  706.651650][ T5831] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  706.816460][T10443] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  706.827842][T10878] mmap: syz.2.692 (10878) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  706.908733][T10443] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  706.918517][T10443] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  706.937141][T10443] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  707.548406][T10820] bridge0: port 1(bridge_slave_0) entered blocking state
[  707.569696][T10820] bridge0: port 1(bridge_slave_0) entered disabled state
[  707.595651][T10820] bridge_slave_0: entered allmulticast mode
[  707.722356][T10820] bridge_slave_0: entered promiscuous mode
[  707.873057][T10820] bridge0: port 2(bridge_slave_1) entered blocking state
[  708.090564][T10820] bridge0: port 2(bridge_slave_1) entered disabled state
[  708.110429][T10820] bridge_slave_1: entered allmulticast mode
[  708.145446][T10820] bridge_slave_1: entered promiscuous mode
[  708.364323][T10897] input: syz1 as /devices/virtual/input/input48
[  708.726341][   T63] bridge_slave_1: left allmulticast mode
[  708.732048][   T63] bridge_slave_1: left promiscuous mode
[  708.863964][   T63] bridge0: port 2(bridge_slave_1) entered disabled state
[  708.966055][   T63] bridge_slave_0: left allmulticast mode
[  708.978796][   T63] bridge_slave_0: left promiscuous mode
[  708.984578][   T63] bridge0: port 1(bridge_slave_0) entered disabled state
[  710.462308][   T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  710.495890][   T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  710.528118][   T63] bond0 (unregistering): Released all slaves
[  710.756178][T10820] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  710.833474][T10909] loop2: detected capacity change from 0 to 32768
[  710.951070][T10820] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  711.045956][T10909] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode.
[  712.305419][ T5833] ocfs2: Unmounting device (7,2) on (node local)
[  713.032570][   T63] hsr_slave_0: left promiscuous mode
[  713.200537][   T63] hsr_slave_1: left promiscuous mode
[  713.362869][   T63] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  713.519502][   T63] batman_adv: batadv0: Removing interface: batadv_slave_0
[  713.686201][   T63] batman_adv: batadv0: Removing interface: batadv_slave_1
[  713.776320][   T63] veth1_macvtap: left promiscuous mode
[  713.781957][   T63] veth0_macvtap: left promiscuous mode
[  713.903516][   T63] veth1_vlan: left promiscuous mode
[  713.918341][   T63] veth0_vlan: left promiscuous mode
[  714.495502][T10928] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  714.502065][T10928] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  714.545522][T10931] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  714.552102][T10931] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  714.601402][T10928] vhci_hcd vhci_hcd.0: Device attached
[  714.614185][T10931] vhci_hcd vhci_hcd.0: Device attached
[  714.704629][T10929] vhci_hcd: cannot find the pending unlink 7
[  714.797281][   T55] vhci_hcd: vhci_device speed not set
[  714.865754][   T55] usb 37-1: new full-speed USB device number 3 using vhci_hcd
[  715.315388][T10932] vhci_hcd: connection reset by peer
[  715.382085][T10929] vhci_hcd: connection closed
[  715.382098][   T49] vhci_hcd: stop threads
[  715.394914][   T49] vhci_hcd: release socket
[  715.402426][   T49] vhci_hcd: disconnect device
[  715.420468][   T49] vhci_hcd: stop threads
[  715.424878][   T49] vhci_hcd: release socket
[  715.431387][   T49] vhci_hcd: disconnect device
[  715.882659][T10938] loop5: detected capacity change from 0 to 32768
[  715.947267][T10938] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  715.994554][   T63] team0 (unregistering): Port device team_slave_1 removed
[  716.037681][T10938] XFS (loop5): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  716.060033][T10938] XFS (loop5): Starting recovery (logdev: internal)
[  716.103140][T10938] XFS (loop5): Ending recovery (logdev: internal)
[  716.407477][   T63] team0 (unregistering): Port device team_slave_0 removed
[  716.508899][ T5831] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  716.553569][T10950] input: syz1 as /devices/virtual/input/input49
[  718.168566][ T5847] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  718.196250][ T5847] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  718.215203][ T5847] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  718.253871][ T5847] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  718.273663][ T5847] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  718.714708][T10820] team0: Port device team_slave_0 added
[  719.127681][T10954] loop5: detected capacity change from 0 to 32768
[  719.129452][T10820] team0: Port device team_slave_1 added
[  719.136433][T10954] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.709 (10954)
[  719.223570][T10954] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  719.296270][T10954] BTRFS info (device loop5): using crc32c (crc32c-x86_64) checksum algorithm
[  719.359921][T10954] BTRFS info (device loop5): disk space caching is enabled
[  719.410894][T10954] BTRFS warning (device loop5): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  719.540411][T10960] input: syz1 as /devices/virtual/input/input50
[  719.707107][T10820] batman_adv: batadv0: Adding interface: batadv_slave_0
[  719.745949][T10820] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  719.872477][T10820] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  719.983453][T10960] ==================================================================
[  719.991572][T10960] BUG: KASAN: stack-out-of-bounds in unwind_next_frame+0xb47/0x20a0
[  719.999611][T10960] Read of size 2 at addr ffffc90003c4fde0 by task syz.0.710/10960
[  720.007467][T10960] 
[  720.009806][T10960] CPU: 1 UID: 0 PID: 10960 Comm: syz.0.710 Not tainted 6.16.0-rc2-syzkaller-00308-gf7301f856d35 #0 PREEMPT(full) 
[  720.009855][T10960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  720.009879][T10960] Call Trace:
[  720.009894][T10960]  <TASK>
[  720.009908][T10960]  dump_stack_lvl+0x116/0x1f0
[  720.009978][T10960]  print_report+0xcd/0x680
[  720.010022][T10960]  ? srso_alias_return_thunk+0x5/0xfbef5
[  720.010067][T10960]  ? __virt_addr_valid+0x81/0x610
[  720.010113][T10960]  ? unwind_next_frame+0xb47/0x20a0
[  720.010172][T10960]  kasan_report+0xe0/0x110
[  720.010217][T10960]  ? unwind_next_frame+0xb47/0x20a0
[  720.010282][T10960]  unwind_next_frame+0xb47/0x20a0
[  720.010340][T10960]  ? ktime_get+0xad/0x310
[  720.010391][T10960]  ? in_sched_functions+0xf/0x40
[  720.010430][T10960]  ? __pfx_stack_trace_consume_entry_nosched+0x10/0x10
[  720.010487][T10960]  arch_stack_walk+0x94/0x100
[  720.010526][T10960]  ? ktime_get+0xad/0x310
[  720.010580][T10960]  stack_trace_save_tsk+0x165/0x1f0
[  720.010630][T10960]  ? __pfx_stack_trace_save_tsk+0x10/0x10
[  720.010680][T10960]  ? srso_alias_return_thunk+0x5/0xfbef5
[  720.010724][T10960]  ? find_held_lock+0x2b/0x80
[  720.010772][T10960]  ? srso_alias_return_thunk+0x5/0xfbef5
[  720.010817][T10960]  ? do_raw_spin_unlock+0x172/0x230
[  720.010856][T10960]  ? srso_alias_return_thunk+0x5/0xfbef5
[  720.010904][T10960]  proc_pid_stack+0x16e/0x2b0
[  720.010970][T10960]  proc_single_show+0x124/0x220
[  720.011007][T10960]  traverse.part.0.constprop.0+0x107/0x640
[  720.011056][T10960]  seq_read_iter+0x932/0x12c0
[  720.011094][T10960]  ? srso_alias_return_thunk+0x5/0xfbef5
[  720.011144][T10960]  ? srso_alias_return_thunk+0x5/0xfbef5
[  720.011192][T10960]  seq_read+0x39e/0x4e0
[  720.011226][T10960]  ? lockdep_hardirqs_on+0x7c/0x110
[  720.011284][T10960]  ? __pfx_seq_read+0x10/0x10
[  720.011334][T10960]  ? srso_alias_return_thunk+0x5/0xfbef5
[  720.011378][T10960]  ? rw_verify_area+0xcf/0x680
[  720.011436][T10960]  ? __pfx_seq_read+0x10/0x10
[  720.011474][T10960]  vfs_read+0x1e4/0xc60
[  720.011511][T10960]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  720.011566][T10960]  ? srso_alias_return_thunk+0x5/0xfbef5
[  720.011611][T10960]  ? rcu_preempt_deferred_qs_irqrestore+0x4f5/0xbc0
[  720.011676][T10960]  ? __pfx_vfs_read+0x10/0x10
[  720.011711][T10960]  ? srso_alias_return_thunk+0x5/0xfbef5
[  720.011759][T10960]  ? srso_alias_return_thunk+0x5/0xfbef5
[  720.011803][T10960]  ? __rcu_read_unlock+0x2b4/0x580
[  720.011862][T10960]  ? srso_alias_return_thunk+0x5/0xfbef5
[  720.011906][T10960]  ? __fget_files+0x20e/0x3c0
[  720.011960][T10960]  __x64_sys_pread64+0x1eb/0x250
[  720.012002][T10960]  ? __pfx___x64_sys_pread64+0x10/0x10
[  720.012045][T10960]  ? srso_alias_return_thunk+0x5/0xfbef5
[  720.012095][T10960]  do_syscall_64+0xcd/0x4c0
[  720.012131][T10960]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  720.012168][T10960] RIP: 0033:0x7f1d2b78e929
[  720.012197][T10960] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  720.012234][T10960] RSP: 002b:00007f1d295b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011
[  720.012269][T10960] RAX: ffffffffffffffda RBX: 00007f1d2b9b6160 RCX: 00007f1d2b78e929
[  720.012295][T10960] RDX: 00000000000000ed RSI: 0000200000002240 RDI: 0000000000000008
[  720.012319][T10960] RBP: 00007f1d2b810b39 R08: 0000000000000000 R09: 0000000000000000
[  720.012343][T10960] R10: 00000000000004eb R11: 0000000000000246 R12: 0000000000000000
[  720.012366][T10960] R13: 0000000000000000 R14: 00007f1d2b9b6160 R15: 00007ffe1f6f6078
[  720.012402][T10960]  </TASK>
[  720.012414][T10960] 
[  720.360422][T10960] The buggy address belongs to the virtual mapping at
[  720.360422][T10960]  [ffffc90003c48000, ffffc90003c51000) created by:
[  720.360422][T10960]  kernel_clone+0xfc/0x960
[  720.377899][T10960] 
[  720.380219][T10960] The buggy address belongs to the physical page:
[  720.386626][T10960] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7a08a
[  720.395389][T10960] memcg:ffff888030708182
[  720.399623][T10960] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  720.406745][T10960] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  720.415341][T10960] raw: 0000000000000000 0000000000000000 00000001ffffffff ffff888030708182
[  720.423930][T10960] page dumped because: kasan: bad access detected
[  720.430369][T10960] page_owner tracks the page as allocated
[  720.436082][T10960] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 10955, tgid 10955 (syz-executor), ts 718165221630, free_ts 659282899784
[  720.455642][T10960]  post_alloc_hook+0x1c0/0x230
[  720.460513][T10960]  get_page_from_freelist+0x1321/0x3890
[  720.466073][T10960]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  720.471977][T10960]  alloc_pages_mpol+0x1fb/0x550
[  720.476845][T10960]  alloc_pages_noprof+0x131/0x390
[  720.481882][T10960]  __vmalloc_node_range_noprof+0x72f/0x14b0
[  720.487796][T10960]  __vmalloc_node_noprof+0xad/0xf0
[  720.492929][T10960]  copy_process+0x2c70/0x76a0
[  720.497648][T10960]  kernel_clone+0xfc/0x960
[  720.502093][T10960]  __do_sys_clone3+0x212/0x290
[  720.506869][T10960]  do_syscall_64+0xcd/0x4c0
[  720.511377][T10960]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  720.517322][T10960] page last free pid 55 tgid 55 stack trace:
[  720.523300][T10960]  __free_frozen_pages+0x7fe/0x1180
[  720.528542][T10960]  kasan_depopulate_vmalloc_pte+0x5f/0x80
[  720.534274][T10960]  __apply_to_page_range+0xa92/0x1350
[  720.539670][T10960]  kasan_release_vmalloc+0xd1/0xe0
[  720.544791][T10960]  purge_vmap_node+0x1c4/0xa30
[  720.549574][T10960]  __purge_vmap_area_lazy+0xa06/0xc60
[  720.554970][T10960]  drain_vmap_area_work+0x27/0x40
[  720.560009][T10960]  process_one_work+0x9cf/0x1b70
[  720.564950][T10960]  worker_thread+0x6c8/0xf10
[  720.569544][T10960]  kthread+0x3c5/0x780
[  720.573615][T10960]  ret_from_fork+0x5d7/0x6f0
[  720.578223][T10960]  ret_from_fork_asm+0x1a/0x30
[  720.582999][T10960] 
[  720.585321][T10960] Memory state around the buggy address:
[  720.590959][T10960]  ffffc90003c4fc80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 00 00 00
[  720.599033][T10960]  ffffc90003c4fd00: 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00
[  720.607099][T10960] >ffffc90003c4fd80: 00 00 00 00 00 f1 f1 f1 f1 04 f3 f3 f3 00 00 00
[  720.615159][T10960]                                                        ^
[  720.622370][T10960]  ffffc90003c4fe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
[  720.630464][T10960]  ffffc90003c4fe80: f1 f1 00 f2 f2 f2 00 00 f3 f3 00 00 00 00 00 00
[  720.638531][T10960] ==================================================================
[  720.677705][T10954] BTRFS info (device loop5): rebuilding free space tree
[  720.685417][ T5840] Bluetooth: hci4: command tx timeout
[  720.695567][   T55] vhci_hcd: vhci_device speed not set
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  720.773843][T10954] BTRFS info (device loop5): disabling free space tree
[  720.781022][T10960] Disabling lock debugging due to kernel taint
[  720.808157][T10820] batman_adv: batadv0: Adding interface: batadv_slave_1
[  720.814344][T10954] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  720.815152][T10820] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  720.887336][T10954] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  721.111753][T10820] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  721.300124][T10954] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  722.016152][ T5977] usb usb38-port1: attempt power cycle
[  722.291335][   T63] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  722.309128][   T63] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  722.375077][   T63] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  722.388145][   T63] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  722.449143][   T63] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  722.468180][   T63] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  722.530720][   T63] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  722.557281][   T63] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  722.596135][ T5977] usb usb38-port1: unable to enumerate USB device
[  722.721469][   T63] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  722.735608][ T5840] Bluetooth: hci4: command tx timeout
[  722.749497][   T63] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  722.841988][   T63] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  722.855439][   T63] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  722.904085][   T63] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  722.921116][   T63] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  722.982570][   T63] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  722.997536][   T63] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  723.126827][   T63] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  723.181978][   T63] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  723.227145][   T63] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  723.292638][   T63] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  723.418503][   T63] bridge_slave_1: left allmulticast mode
[  723.424221][   T63] bridge_slave_1: left promiscuous mode
[  723.434415][   T63] bridge0: port 2(bridge_slave_1) entered disabled state
[  723.443532][   T63] bridge_slave_0: left allmulticast mode
[  723.449429][   T63] bridge_slave_0: left promiscuous mode
[  723.455167][   T63] bridge0: port 1(bridge_slave_0) entered disabled state
[  723.466010][   T63] bridge_slave_1: left allmulticast mode
[  723.471698][   T63] bridge_slave_1: left promiscuous mode
[  723.477831][   T63] bridge0: port 2(bridge_slave_1) entered disabled state
[  723.489054][   T63] bridge_slave_0: left allmulticast mode
[  723.494733][   T63] bridge_slave_0: left promiscuous mode
[  723.501490][   T63] bridge0: port 1(bridge_slave_0) entered disabled state
[  723.513871][   T63] bridge_slave_1: left allmulticast mode
[  723.520342][   T63] bridge_slave_1: left promiscuous mode
[  723.528492][   T63] bridge0: port 2(bridge_slave_1) entered disabled state
[  723.537872][   T63] bridge_slave_0: left allmulticast mode
[  723.543645][   T63] bridge_slave_0: left promiscuous mode
[  723.552721][   T63] bridge0: port 1(bridge_slave_0) entered disabled state
[  723.731993][   T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  723.742433][   T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  723.754102][   T63] bond0 (unregistering): Released all slaves
[  723.867323][   T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  723.877624][   T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  723.888610][   T63] bond0 (unregistering): Released all slaves
[  723.963788][   T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  723.974301][   T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  723.985991][   T63] bond0 (unregistering): Released all slaves
[  724.638160][   T63] hsr_slave_0: left promiscuous mode
[  724.644209][   T63] hsr_slave_1: left promiscuous mode
[  724.652904][   T63] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  724.661874][   T63] batman_adv: batadv0: Removing interface: batadv_slave_0
[  724.670822][   T63] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  724.681515][   T63] batman_adv: batadv0: Removing interface: batadv_slave_1
[  724.693201][   T63] hsr_slave_0: left promiscuous mode
[  724.699897][   T63] hsr_slave_1: left promiscuous mode
[  724.706048][   T63] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  724.713510][   T63] batman_adv: batadv0: Removing interface: batadv_slave_0
[  724.721480][   T63] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  724.729483][   T63] batman_adv: batadv0: Removing interface: batadv_slave_1
[  724.740125][   T63] hsr_slave_0: left promiscuous mode
[  724.746674][   T63] hsr_slave_1: left promiscuous mode
[  724.752421][   T63] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  724.759871][   T63] batman_adv: batadv0: Removing interface: batadv_slave_0
[  724.767824][   T63] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  724.775235][   T63] batman_adv: batadv0: Removing interface: batadv_slave_1
[  724.793529][   T63] veth1_macvtap: left promiscuous mode
[  724.799221][   T63] veth0_macvtap: left promiscuous mode
[  724.804786][   T63] veth1_vlan: left promiscuous mode
[  724.810133][   T63] veth0_vlan: left promiscuous mode
[  724.819962][   T63] veth1_macvtap: left promiscuous mode
[  724.826107][   T63] veth0_macvtap: left promiscuous mode
[  724.831782][   T63] veth1_vlan: left promiscuous mode
[  724.837360][   T63] veth0_vlan: left promiscuous mode
[  724.843443][   T63] veth1_macvtap: left promiscuous mode
[  724.849020][   T63] veth0_macvtap: left promiscuous mode
[  724.854730][   T63] veth1_vlan: left promiscuous mode
[  724.860268][   T63] veth0_vlan: left promiscuous mode
[  725.136604][   T63] team0 (unregistering): Port device team_slave_1 removed
[  725.158611][   T63] team0 (unregistering): Port device team_slave_0 removed
[  725.399799][   T63] team0 (unregistering): Port device team_slave_1 removed
[  725.420103][   T63] team0 (unregistering): Port device team_slave_0 removed
[  725.613635][   T63] team0 (unregistering): Port device team_slave_1 removed
[  725.630708][   T63] team0 (unregistering): Port device team_slave_0 removed
[  726.367638][   T63] IPVS: stop unused estimator thread 0...
[  726.376284][   T63] IPVS: stop unused estimator thread 0...
[  726.449232][   T63] bridge_slave_1: left allmulticast mode
[  726.454957][   T63] bridge_slave_1: left promiscuous mode
[  726.465549][   T63] bridge0: port 2(bridge_slave_1) entered disabled state
[  726.473911][   T63] bridge_slave_0: left allmulticast mode
[  726.482226][   T63] bridge_slave_0: left promiscuous mode
[  726.488004][   T63] bridge0: port 1(bridge_slave_0) entered disabled state
[  726.500327][   T63] bridge_slave_1: left allmulticast mode
[  726.506510][   T63] bridge_slave_1: left promiscuous mode
[  726.512207][   T63] bridge0: port 2(bridge_slave_1) entered disabled state
[  726.520789][   T63] bridge_slave_0: left allmulticast mode
[  726.527283][   T63] bridge_slave_0: left promiscuous mode
[  726.533050][   T63] bridge0: port 1(bridge_slave_0) entered disabled state
[  726.643955][   T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  726.654345][   T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  726.664329][   T63] bond0 (unregistering): Released all slaves
[  726.750543][   T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  726.760682][   T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  726.770796][   T63] bond0 (unregistering): Released all slaves
[  726.860092][   T63] hsr_slave_0: left promiscuous mode
[  726.869626][   T63] hsr_slave_1: left promiscuous mode
[  726.876976][   T63] batman_adv: batadv0: Removing interface: batadv_slave_0
[  726.884641][   T63] batman_adv: batadv0: Removing interface: batadv_slave_1
[  726.894841][   T63] batman_adv: batadv0: Removing interface: batadv_slave_0
[  726.909379][   T63] batman_adv: batadv0: Removing interface: batadv_slave_1
[  727.041185][   T63] team0 (unregistering): Port device team_slave_1 removed
[  727.079330][   T63] team0 (unregistering): Port device team_slave_0 removed
[  727.202862][   T63] team0 (unregistering): Port device team_slave_1 removed
[  727.217563][   T63] team0 (unregistering): Port device team_slave_0 removed