last executing test programs:

1m16.192525993s ago: executing program 2 (id=206):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000940)=@newtfilter={0x180, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x150, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x8, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x4}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x14, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x5}]}, @TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x0, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x0, 0x2, 0x49}]}]}, @TCA_FLOWER_KEY_CT_ZONE={0x6, 0x5d, 0x5}, @TCA_FLOWER_KEY_ENC_OPTS_MASK={0x10c, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x3c, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x3000000}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xc00}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xff}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x2}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x5ac}]}, @TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x2c, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0xfffffffffffffdac, 0x1, 0x86}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x6}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x1}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x6}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x8}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x34, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x19d}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x3}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x6}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0xe7}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x2c, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x5}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x46}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x1}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x34, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x3}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x6}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x11a8}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x81}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0xc, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0xb5}]}]}, @TCA_FLOWER_KEY_ARP_THA={0xa, 0x41, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x37}}, @TCA_FLOWER_KEY_TCP_SRC={0x6}, @TCA_FLOWER_KEY_ICMPV6_CODE={0x5}]}}]}, 0x180}, 0x1, 0x0, 0x0, 0x80}, 0x800)

1m15.134935349s ago: executing program 2 (id=210):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fchown(r0, 0x0, 0xee01)
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffed3)
mkdir(&(0x7f0000000000)='./file0\x00', 0x18a)
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c})
removexattr(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000240)=@known='system.posix_acl_access\x00')

1m14.870008133s ago: executing program 2 (id=213):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_buf(r0, 0x0, 0x8008000000010, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x141800, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r2, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0x5})
ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f0000000100)=ANY=[@ANYBLOB="01000000000000000000000002"])
close_range(r0, 0xffffffffffffffff, 0x0)

1m14.420280739s ago: executing program 2 (id=216):
syz_mount_image$udf(&(0x7f0000000c40), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='noadinicb,nostrict,mode=00000000000000000000004,uid=forget,noadinicb,umask=00000000000000040002000,lastblock=00000000000000000013,undelete,partition=00000000000000000005,\x00', @ANYRES32], 0x47, 0xc11, &(0x7f0000000d00)="$eJzs3V1oXOl5B/DnnSOtRto00WYTb9Jm04GUxCi18VdsBZcgZxW1AccbIit0r6LRh51h5ZGR5MabtkFtSQu9Cd2b0psimi4t5KJX3V5WabaQUAol5CK9KAiaLHvRC10ECi0bhXPmHWlky7ayXlvS7u+3zP7PnHnO+P0YnzkCvzoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAER89nOXTp1OB90KAOBxujL5pVNnff8DwLvKVT//AwAAAAAAAAAAAADAYZeiiGORYujVzTRdPe+oX261b92eGp/Y+7DBFClqUVT15aN++szZc586f2G0m/c//u324Xh+8uqlxnOLN24uzS8vz881ptqt2cW5+X2/w8Mef6eRagAaN168NXft2nLjzMmzu16+Pfz6wJPHhi9eOHF+tFs7NT4xMdlT09f/lv/0u9xrhccTUUQzUrw5/EZqRkQtHn4sHvDZedQGq06MVJ2YGp+oOrLQarZXyhdTLVfVIho9B411x+gxzMVDGYtYLZtfNnik7N7kzeZSc2ZhvvHF5tJKa6W12E61TmvL/jSiFqMpYi0iNgbufrv+KOKjkeLlU5tpJiKK7jh8sloY/OD21B5BH/ehbGejP2KtdgTm7BAbiCKuRIqfvXY8Zssxy4/4eMQXynw14pUyPxORyg/GuYif7vE54mjqiyL+PVIsps00V50PuueVy19ufL59bbGntnteOfLfD4/TIT831aOImeqMv5ne+sUOAAAAAAAAAAAAAAAAAG+3wSji25HiT579vWpdcVTr0t93cfQ9L/x275rxZx7wPmXtyYhYre1vTW5/XjqcauV/j6Bj7Es9ivhGXv/3RwfdGAAAAAAAAAAAAAAAAAAAgHe1Il6IFF85cTytRe89xVvt642rzZmFzl1hu/f+7d4zfWtra6uROjmWczrnas61nOs5N3JGLR+fcyzndM7VnGs513Nu5IwiH59zLOd0ztWcaznXc27kjL58fM6xnNM5V3Ou5VzPuZEzDsm9ewEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3klqUcTPI8W3vraZIkXEWMR0dHJ94KBbBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACU6qmIk5Fi/YV69XytFnE1In6+tbXVfUTEZpkP66D7CgAAAAAAAAAAAAAAAAAAAIdWKuJjkeLp/9tMjYi4Pfz6wJPHhi9eOHF+tIgiUlnSW//85NVLjecWb9xcml9enp9rTLVbs4tz8/v94+qXW+1bt6fGJx5JZx5o8BG3f7D+3OLNl5Za17+6sufrQ/VLM8srS83ZvV+OwahFTPfuGakaPDU+UTV6odVsV4em2j0aWIsY229nAAAAAAAAAAAAAAAAAAAAODSGUhGfixQ/+a9zqbtuvK+z5v9XOs+K7dpX/mDndwEs3JFdvb8/YD/bab8NHakW3jemxicmJnt29/XfXVq2KaUinokUn3j5Q9V6+BRDe66NL+veW9bdOJfrhn+trFvdVVUfmRqfaFxZbJ+4tLCwONtcac4szDcmbzZn9/2LAwAAAAAAAAAAAAAAAAAAAOA+hlIRP4oU//P3/5G6953P6//7Os961v//VrWEvlJPu3Nbtbb/vdXa/s72+y6ODn302XvtfxTr/8s2pVTENyPF2R99qLqffnf9//QdtWXdn0WKN579SK6rPVHWNbvd6bzjtdbC/Kmy9q8jxa+/2a2NqvZ6rn16p/Z0WTsYKf5yc3ftV3PtB3Zqz5S1xyPF9/5779oP7tSeLWt/Ein+6e8a3dqhsvb3c+2xndqTs4sLcw8a1nL+vxMp/vbK76Run+85/z2//2H1jtx215zff/vtmv/hnn2reV7/NM9/8wHzfz5SfKf+kVzXGfuZ/PpT1f935v8TkeI//2137bVc+/6d2tP77dZBK+f/25Hiu3/14+0+5/nPI7szQ73z/6t9u3P7U3JA8/9Uz77h3K7ZX3Is3o2WX/r6i82FhfklGzZs2NjeOOgzE49D+f3/55Hi/48VqXsdk7//39N5tnP997/f2Pn+v3hHbjug7//39+y7mK9a+vsi6is3bvY/E1FffunrJ1o3mtfnr8+3z5w+9elPnz996vT5/ie6F3c7W/seu3eCcv5/ECl++A8/3P45Zvf1397X/0N35LYDmv+ne/u067pm30PxrlTO/99Eiqc+++Ptnzfvd/3f/fn/+Md25/bfvwOa/w/07BvO7Wr9kmMBAAAAAAAAAABwlAylIv4iUvzuH/9m6q4h2s+//5u7I7cd0L//Otazb+4xrWvY9yADABwi5fXfByPFP299f3st9+7rv/iNbm3v9d+9HIb7/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFGXoog/jBRDr26m9YHyeUf9cqt96/bU+MTehw2mSFGLoqovH/XTZ86e+9T5C6PdvP/xb7cPx/OTVy81nlu8cXNpfnl5fq4x1W7NLs7N7/sdHvb4O41UA9C48eKtuWvXlhtnTp7d9fLt4dcHnjw2fPHCifOj3dqp8YmJyZ6avv63/KffJd1j/xNRxPcjxZvDb6TvDkTU4uHH4gGfnUdtsOrESNWJqfGJqiMLrWZ7pXwx1XJVLaLRc9BYd4wew1w8lLGI1bL5ZYNHyu5N3mwuNWcW5htfbC6ttFZai+1U67S27E8jajGaItYiYmPg7rfrjyK+GSlePrWZ/mUgouiOwyevTH7p1NkHt6f2CPq4D2U7G/0Ra7UjMGeH2EAU8Y+R4mevHY/vDUT0RecRH4/4QpmvRrxS5mciUvnBOBfx0z0+RxxNfVHEuUixmDbTawPl+aB7Xrn85cbn29cWe2q755Uj//3wOB3yc1M9ivhBdcbfTP/q7zUAAAAAAAAAAAAAAADAIVLEWqT4yonjqVofvL2muNW+3rjanFnoLOvrrv3rrpne2traaqROjuWczrmacy3nes6NnFHLx+ccyzmdczXnWs71nBs5o8jH5xzLOZ1zNedazvWcGzmjLx+fcyzndM7VnGs513Nu5IxDsnYPAAAAAAAAAAAAAAAAAAB4Z6lFUd3F/Vtf20xbA537S09HJ9fdD/Qd7xcBAAD//0kCdPc=")
syz_open_procfs(0x0, 0x0)
creat(&(0x7f0000000300)='./bus\x00', 0x0)
mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x400, 0x0, 0x0, 0x1, 0x0, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000000000000c00002000", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00", [0x4]})
creat(&(0x7f0000000000)='./file0\x00', 0x0)

1m13.796022759s ago: executing program 2 (id=220):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='contention_begin\x00', r0}, 0x18)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)={0x14, 0x0, 0x4}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r1)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000fc0), r1)
sendmsg$NL802154_CMD_SET_TX_POWER(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001040)={&(0x7f00000001c0)={0x24, r2, 0x926fdb2c68a18847, 0x70bd29, 0x2, {0x6}, [@NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x40040)

1m13.218906978s ago: executing program 2 (id=224):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
r1 = socket$netlink(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000240)={'team0\x00', <r3=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="d0000000", @ANYRES16=r2, @ANYBLOB="01002abd7000fcdbdf250100000008000100", @ANYRES32=r3, @ANYBLOB="b400028038000100240001006d636173745f72656a6f696e5f696e74657276616c00000000000000000000000500030003000000080004000101000038000100240001006e6f746966795f70656572735f696e74657276616c0000000000000000000000050003000300000008000400"], 0xd0}, 0x1, 0x0, 0x0, 0x24004000}, 0x24044880)

1m12.726882935s ago: executing program 32 (id=224):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
r1 = socket$netlink(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000240)={'team0\x00', <r3=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="d0000000", @ANYRES16=r2, @ANYBLOB="01002abd7000fcdbdf250100000008000100", @ANYRES32=r3, @ANYBLOB="b400028038000100240001006d636173745f72656a6f696e5f696e74657276616c00000000000000000000000500030003000000080004000101000038000100240001006e6f746966795f70656572735f696e74657276616c0000000000000000000000050003000300000008000400"], 0xd0}, 0x1, 0x0, 0x0, 0x24004000}, 0x24044880)

26.751723544s ago: executing program 1 (id=476):
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x3, &(0x7f0000000140), 0x1, 0x25f, &(0x7f0000000b00)="$eJzs3U1oHGUYB/Bn9oOYZJGoF0FQQUQkEOJN8BIvCgEJ4kFQISLiRUkETfC268mLF88iOXkJpbemPZZeQi8thZ7SNof00tKGHhoK/YAp+xXSdttsupuZNvP7wWZmknfmeQfm/74T2GECKKyJiJiJiHJETEZENSKSvQ3ebX8mOpsro+vzEWn61a2k1a693dbdbzwiGhHxcUScKSXxcyViee3brTsbn3/w91L1/f/XvhnN9CQ7trc2v9j5b+6vE7MfLZ+/eGMuiZmoPXJew5f0+F0liXj9MIq9IJJK3j2gH1/+cfxSM/dvRMR7rfzfTdsiHuyu9ZLW/7l54a2s+wsMV5pWm3NgIwUKpxQRtc5Nams9SqWpqfY9/OXyWOmXxd9+n/xpcWnhx7xHKmBYahGbn50aOTneWk9KU538Xyu38w8cVfXOcvVK8+dOOd/eAMO0f6Cb8//k9/UPQ/6hcA6U/1ey6ROQjU7+W8l+LP/X8+oTkI0Dzf9P+xoA8FLy/z8U1zPzX82nT0A2zP9QXPIPxSX/UFzyD8W1N/8AQLGkI30+KNzo7gAcFTkPPwAAAAAAAAAAAAAAAAAAQA8ro+vz3U9WNc/+G7H9aURUetUvt95H3H352NjtpNlsV9LebSDfvTPgAQZ0LOenr1+9mm/9c2/nW7++ENH4MyKmK5Unr7+kc/09v9f2+Xv1hwELDOiTrw/ryLW+Wt1fPaz6/ZndiDjdHH+me40/pXiztew9/tSG8JqEX+8NeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAy8zAAAP//JS12Fg==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents64(r0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xa, 0x0, 0x0)
getdents64(0xffffffffffffffff, 0x0, 0x0)
creat(0x0, 0x37)

26.470647808s ago: executing program 1 (id=480):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x3, 0x2, 0x3000, 0x1000, &(0x7f0000feb000/0x1000)=nil})
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000480)=[@text32={0x20, &(0x7f0000000180)="0f4bba0000000066baf80cb8fcd70783ef66bafc0cb80b000000efc4e151f64100660fae7c1c6366b816010f00d80fba65b050260f01c80f01d8b9dd0b00000f32c4c239b731", 0x46}], 0x1, 0x80, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

25.776318988s ago: executing program 1 (id=483):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x20d00, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0xffffffff, 0x0, 0x7, "ff00"})
r1 = syz_open_pts(r0, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0x13)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f00000000c0))
ioctl$TCSETSW2(r1, 0x402c542c, &(0x7f00000002c0)={0xfffffeff, 0x2, 0x1e1, 0x7, 0x6, "123fe465f33c7ce401fe4f7bdf7564db6600", 0x2, 0x1ff})
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000080)=0x1)

25.606971021s ago: executing program 1 (id=484):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000640)='./file1\x00', 0x3000010, &(0x7f0000000000), 0x3c, 0x527, &(0x7f0000000f80)="$eJzs3d9rZFcdAPDvvcnsZndTJ1WRWrAWW9ktujObxrZBROuLPhXU+r7GZDaEzGRCZlI3odgU/wMRFHzyyRfBP0CQPvQPkEJBX8QHUVFEt/ogVHvl3rlDs5OZJG3TmWzm84Gzc8799T3nDjlzf5y9N4Cp9XhEPB8RMxHxVERUy+lpmW7nhYPecm/de3k1T0lk2Yv/SCIpp/W3lZdnI+Jab5WYi4hvfT3iu8nRuJ29/c2VZrOxU5br3dZ2vbO3f3OjtbLeWG9sLS0tPrv83PIzy7ey0gdq50I/8/OvffnXn//eH2//7cb382p96RNRiYF2nKVe0yvFvujL99HOhxFsAmbK9lQmXREAAE4lP8b/aER8pjj+r8ZMcTQ3YGYSNQMAAADOSvaV+fhvEpEBAAAAF1YaEfORpLVyLMB8pOml8trAx+Nq2mx3up+7097dWsvnRSxEJb2z0WzcKscKL0QlycuL5RjbfvnpgfJSRDwcET+qXinKtdV2c23C1z4AAABgWlwbOP//dzUt8icb8v8EAAAAgPNrYWQBAAAAuCic8gMAAMDFN3j+73n/AAAAcKF844UX8pT133+99tLe7mb7pZtrjc5mrbW7Wltt72zX1tvt9eKZfa2Tttdst7e/EFu7d+vdRqdb7+zt3261d7e6tzfuewU2AAAAMEYPf/q13yURcfDFK0WK8jmAAPf586QrAJwlQ/1genmKN0yvyqQrAExccsJ8g3cAAODBd/2TR+//99//79oAXGzG+gDA9HH/H6ZX5f2OAExOumMInHez5TWAj/SKl0ctN/L+/29OGynLIt6oHp7i+iIAAIzXfJGStFaeB8xHmtZqEQ9FpAtRSe5sNBu3yvOD31Yrl/PyYrFmcuKYYQAAAAAAAAAAAAAAAAAAAAAAAACgJ8uSyAAAAIALLSL9a1I8zT/ievXJ+cHrA5eS/1TjL2Xhpy/++O5Kt7uzmE//Z/Eur0sR0f1JOf3pka8PAwAAAM5acjByVu88vfxcHGutAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgCb917ebWfxhn371+NiIVh8Wdjrvici0pEXP1XErOH1ksiYuYM4h+8GhGPDIufxDtZ9kqUtRgW/8pZx3/97YhD8ReKXTM8fhoR184gPkyz1/L+5/lhf/9pPF58Dv/7my3TBzW6/0vLyI8U/dyw/uehI1trDY3x6Ju/rPdylaPxX414dHZ4/9fvf5MR8Z84srW3syw7Gv87397fH9X+7GcR14f+/iT3xap3W9v1zt7+zY3WynpjvbG1tLT47PJzy88s36rf2Wg2yn+Hxvjhp371zqj4efuvDon/h9/3+t/j2v/kqI0O+N+bd+99rJc98gXk8W88MfT3dy5GxE/L377Plvl8/vV+/qCXP+yxX7zx2HHtXxux/0/6/m+csv1PffMHfzrlogDAGHT29jdXms3GzjGZuVMs8yBmXp87F9V4j5nsld43d17q834z+dHqu1P6rToHFTuUycYS63JxPH/atS6Nqe0T7ZYAAIAPwbsH/ZOuCQAAAAAAAAAAAAAAAAAAAEyvcTxKbTDmwWSaCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwrP8HAAD//8xi22s=")
mknod(&(0x7f00000000c0)='./bus\x00', 0x8000, 0x77f8)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14113e, 0x6ceac77f206eabb9)
write$binfmt_script(r0, &(0x7f0000000080), 0x208e24b)
r1 = open(&(0x7f0000000480)='.\x00', 0x0, 0x2a)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000a00)=ANY=[@ANYBLOB="000000004c900200000000000300010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff"])

24.638983726s ago: executing program 1 (id=492):
mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfec9}, &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x19, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x200}})
io_uring_enter(r0, 0xdb4, 0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, &(0x7f0000000000)={0x6, r0, 0x31, {0x4, 0x10001}, 0x6}, 0x1)

22.933212351s ago: executing program 1 (id=497):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000600)=ANY=[@ANYBLOB="18020000f2ffffff0000000000000000850000002c00000095000000000000003d789ade838a5ad00c21f97a9d6f55528c474cb385573d9f5ec0798d497a5d0ab93dbb637fd8de14970b4f76b599911df77098a8cd51e5ee070239f048bff4c9d6d337c8759d1737b62deae7412f1b5c334ef76307b8139d8f019360bea59a74b86ce453bc8964c32f955d410083f7567775a2ca15dbbf01550310a78644e80171753107cee23ecb376879ae14b9e1ab987023c7db41925c55b0a4141ae3c08d264831d0f6365469c3562185000000000000004f78cd03163b2d00101e000000000000000000000000000000001a18f6de00bb8c95f8bdc2a5effe88e5bc3a969a35af8033d11474cfa5d73d92c9bd2b72c3ce63d47075ae7c59d82cea124301000000000000000cb56281877934e99919c82bfdffaedc4df6f74e8f286454fcd2967415b826a6300d100e7eb8717c8528e445fbefe6a3139191529f22e4c0435e5c53e469f70c08bdff633307bbf119ffdb2e1d717eb268ee7fee0486fa294b41c1d4dc44a9801c34ada4ed759f4312dd000000000000000000000000f4ad23f3df7cdc65edcb81f103ef861a5d12eb4e1f33f6b43b6661b680850fc55aa8465b0500000000000000a17b60f43b4b2a2afc8730a587525ba1fd296b7aa4cc8936da97ff62885b8586b67e3e9b5b8d4f18df39f65ef75a42bb84587a838b828024ece8f64d74a1502d74f7e42d103e469920ae8c58f7418e67918676abfe37c9a619c27ff1a82d78431843ae38f5ba8207978a16ec9c1fc0dc752684576c8830e8e4e480b4b1649717078100000000000000001900000000ecdc068efc4f590529f07f581874420767f696a260fde832f3bbd50b84d2f0e03d75459da25aee1d3e99d41da9938eb84dfb58dbca8d9d4f1a23e6ce8b6e7e95034e6c1c"], &(0x7f0000000240)='syzkaller\x00', 0x4, 0xff0, &(0x7f000062b000)=""/4080, 0x0, 0x0, '\x00', 0x0, @xdp}, 0x3d)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000100)="71a9", 0x2}, 0x50)
prlimit64(0x0, 0x0, &(0x7f0000000640)={0x5, 0x4b52}, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000050000106a05310300000000000109022400010000800009040002090300010009210000000122000509058103"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, &(0x7f0000000500)={0x14, &(0x7f00000003c0)={0x40, 0x9, 0x16, {0x16, 0x5, "f245a2191fd0540a7722757b502bf5561d4d5a4d"}}, 0x0}, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)

22.555412858s ago: executing program 33 (id=497):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000600)=ANY=[@ANYBLOB="18020000f2ffffff0000000000000000850000002c00000095000000000000003d789ade838a5ad00c21f97a9d6f55528c474cb385573d9f5ec0798d497a5d0ab93dbb637fd8de14970b4f76b599911df77098a8cd51e5ee070239f048bff4c9d6d337c8759d1737b62deae7412f1b5c334ef76307b8139d8f019360bea59a74b86ce453bc8964c32f955d410083f7567775a2ca15dbbf01550310a78644e80171753107cee23ecb376879ae14b9e1ab987023c7db41925c55b0a4141ae3c08d264831d0f6365469c3562185000000000000004f78cd03163b2d00101e000000000000000000000000000000001a18f6de00bb8c95f8bdc2a5effe88e5bc3a969a35af8033d11474cfa5d73d92c9bd2b72c3ce63d47075ae7c59d82cea124301000000000000000cb56281877934e99919c82bfdffaedc4df6f74e8f286454fcd2967415b826a6300d100e7eb8717c8528e445fbefe6a3139191529f22e4c0435e5c53e469f70c08bdff633307bbf119ffdb2e1d717eb268ee7fee0486fa294b41c1d4dc44a9801c34ada4ed759f4312dd000000000000000000000000f4ad23f3df7cdc65edcb81f103ef861a5d12eb4e1f33f6b43b6661b680850fc55aa8465b0500000000000000a17b60f43b4b2a2afc8730a587525ba1fd296b7aa4cc8936da97ff62885b8586b67e3e9b5b8d4f18df39f65ef75a42bb84587a838b828024ece8f64d74a1502d74f7e42d103e469920ae8c58f7418e67918676abfe37c9a619c27ff1a82d78431843ae38f5ba8207978a16ec9c1fc0dc752684576c8830e8e4e480b4b1649717078100000000000000001900000000ecdc068efc4f590529f07f581874420767f696a260fde832f3bbd50b84d2f0e03d75459da25aee1d3e99d41da9938eb84dfb58dbca8d9d4f1a23e6ce8b6e7e95034e6c1c"], &(0x7f0000000240)='syzkaller\x00', 0x4, 0xff0, &(0x7f000062b000)=""/4080, 0x0, 0x0, '\x00', 0x0, @xdp}, 0x3d)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000100)="71a9", 0x2}, 0x50)
prlimit64(0x0, 0x0, &(0x7f0000000640)={0x5, 0x4b52}, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000050000106a05310300000000000109022400010000800009040002090300010009210000000122000509058103"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, &(0x7f0000000500)={0x14, &(0x7f00000003c0)={0x40, 0x9, 0x16, {0x16, 0x5, "f245a2191fd0540a7722757b502bf5561d4d5a4d"}}, 0x0}, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)

6.906056415s ago: executing program 3 (id=565):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000180)="440f20c03505000000440f22c0f26df20f38f17a64b805000000b9e10d00000f01d9d8dd0f01728eb8010000000f01d94c0fc31d000000003ef245dbed410fc7f7", 0x41}], 0x1, 0x72, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x9, 0x0, 0xff, 0xff, 0x0, '\x00', 0x6e})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

5.990121509s ago: executing program 3 (id=570):
r0 = socket(0x40000000015, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x400, @private0={0xfc, 0x0, '\x00', 0x1}, 0x3f096d47}, 0x1c)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x40)
r1 = socket(0x15, 0x5, 0x0)
getsockopt(r1, 0x200000000114, 0x2713, 0x0, &(0x7f0000000000))

5.964997709s ago: executing program 4 (id=571):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$int_in(r0, 0x5421, 0x0)
connect$vsock_stream(r0, &(0x7f0000000440)={0x28, 0x0, 0x0, @local}, 0x10)
shutdown(r0, 0x1)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000400)={0x10000000})

5.738705943s ago: executing program 3 (id=573):
syz_emit_vhci(&(0x7f0000001fc0)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x6, 0xc9}}}, 0x7)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_mount_image$btrfs(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x800000, &(0x7f0000001600), 0x0, 0x559e, &(0x7f0000005680)="$eJzs3X9sVeX9B/BzWwoN+C39jhUYfxAgBoMkyJYtjqB4MQa24eKlgsKcCEQlBivYRDcYqUWSZcaghU4EF5GQaDJjscM/FMywy7CMZfzY5hZjs4JSaZZsAzVrHDG69N77XO49l9tembNOXy/SnvPcz3me+9yT88d9X/qcGwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAURUcSc9+d0f3i0ZE1X77/Hz+e+OjGn4zfvX/roVvu23T/gjMjbto5a1nf+mlN8zdsbDjS/PS+ObdGUSLdL5Htf9u136q/88bbvlsdBly+MLOtrS31lJmuJzON4QUP9vcr/FkRRVFVbIDK7PbV7E5FwQC53cbiAQf0Tuui6O7J8ya1dT01bklyYU/xS6df9VBPYKhkr6ue89dSMv27InZErp136SUKLtFM//gF96m8CADgY5mZSm9yb0ezb3Fz7eZ4PdZOxtotsXZ4h9CS37gYmXGHl5rnpHh9iOaZzESFESXnGatnz3+unYr3j7VjUeNjzLPw0GykqS41z7Wx+lDNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCzZOzxo2tWtD2y575fdtQceff9OVc+8KWOw22LT4y8eunKHWum/HTWsr7105rmb9jYcKT56X1zbo2i2nS/RKZ74kTL5b9NjZ3fvXfcG427n6vpq8yOG7bD8g6OXg87s0ZH0cq8Sk8Y9q81UZQqLKSb0Y7iwl3pnW+HAgAAAJ8nX0n/rsi1M3GwqqCdSKfJRPpfkAmL77Quiu6ePG9SW9dT45YkF/Zc/HipEuMlLzherl17/ieRF4xD/I2Pd74eDm0sGmdg8RHjef7SMWPefmty/eSvT5v7xA3PjOru+r8nZ2xJ/bGu5oUrru+tf/a6ovxfO3D+D2dO/gcAAOA/If/HxxnYYPn/jqVTt7z+i2Grft3a8MTB+h1/bv3OMzsXneq54Ud9L09N3v7o1UX5f1LBUxbl/zDjkP8roovL/wAAAPBZ9t/O/8micQY2WP5vONM3+wcHX6vr+PucxXt+9dAVi8+e/tv8U7t3DV9zR8v6uoeuLMr/M8vL/8Pypx0e/F2Y8OrRUTSz/JMKAAAAFAj/737+o4WQ1zOfHMTz+rX/vKp5380ffPMbD97zpzff/s2xA7MnrdteN/PgyzfVf1j5ve3dRfk/WV7+r/p0Xi4AAABQhuePrpw773jPucfPvtB18vDu3pMznjyzrqnvdOslLatXbTr2WlH+T5WX/0cMzcsBAAAALuDeO59bsfnVl/oe2H/X2Ck9FVc1XpK4ZduOqU0TPuq8tPfy7VuL8v/y8vL/yOw2u/Ih06kz/BVC6+goqu7fWZspHIparskVAAAAgE9IyOlbP1ixbOzOsb3jj59+rObQG4dn/2Vt55yN13RXdW/uXNZ4WdH9AkJiL3X//3Cng7D+v+D+f0Xr//MKmbv+zXZjAAAAAL6Iitfzh9vjZ765oNT375e7/n9J3cQTiba33lv11XMHzo1ZsP/7129aV9/be8+El37/wz9M/6i6KP83l5f/K/O3n+T3/wEAAMBF+F/7/r+lReMMbLD7/zdV9DWsWrd3+uota7csTCw7UH3qwdV731+w5l9Tb36+qea6A0X5v6W8/B+2o/JfXkc4P5tGR9H4/p3s3QR/Hqa7OlZor8orZE58rMeNoUe20D4ir5C2Ntbja6OjaHL/TnOs8P+h0BIrnK3JFnbFCsdCIXs95Ap7YoWOcKVtq8lON154MRSyCyzawwqKUbklEbEe75Xq0V+4YI+u3JMDAAB8oYTwnM2yVYXNKB5l2xODHTBysAMqBjugcrADhsUOiB9Y6vFoeWEhPH575yMbNjVMSb7y8NzHfvbms40T9j1+WV3v5g9f2XbvxJ3TW6YW5f9d5eX/cCqGZzal1v9HYf1/9nsNc+v/l4dCbazQHgqp+B0DUuE5MmH34fActalsj7PjcwUAAAD4XAufC1QO8TwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/s3evcdJVd0JAj/d9INumqaNE9GMk3TUgGakaWwNw+AoaoxGRZpZddxkNBBoEGmE8FgFURtQZxziZ3ztrJnoCAoiu+qHGFeDwUhcxIw6iWLiA/Cxjq7r+h6VGM2E/XTfOkXVrS67EFDa+X7/6DpVv/O89eg69946FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/xjuPfjlk4YunP0PHzace8nqqqmL/kfH6Mv+cNW3vvjUPy5b9G9h/i9GnLll3kEXHjd/wbR/6Vi++ogzQmjtKleWFC977oqvPtS613HP3jFw48wbb63fUpWpNxMP/Tr/lGfuXBxbfbF/CHeXhVCRDgypSwKVmft1sb5960LYI2wLZEu01SYl0g2HB2pCWBK2BbJVra4JoS4ncMqG+++7vDNxTU0IXwkhVKfbeKY6aaMmHRhUlQRq04HpFUngt1sT2cBPypMA7LD4Zsi+6Fe15mdo6L5ckddf5U7r2KcrPbw+MdFQPN/rR+3iTuWoSj/QukNPW0F17BIFb4+13m294N1WsJ2v8LTlfpHKfEPZui1UHcontk0aP6d9dnykPDQ19SlW0y56np9+e/6E7Un3mtdh7EDDTnkdXvrYiun9lo2+9OrNvxqz4ayaA3a0m0/lbNLc9K5WHTKvuV7zPEajfJ70grdfwbekRl+6Qghbzz17xtfnTDz7iD63PLnu1QcfrNty9pwFvzhz4nmLLj55w7/Pf6lg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MvFmfzM0BAACg1+gNe01Xnv/6X73+/bWtMxed/u23Dj73w71afz3i/gFVB7yxrqn1/I2ff6Vg/t9Y2vH/eMi/Lne0a0MY1ZVYNCCEvbseTwIrY3e+OyCEL3elWvMDR6UCa0PYpytxULaqVIm+sURjKvByfSYwKhVYHwOtqcDyGLgiFbg4BlalAhNiYG0qcHQMhCn54/hqfWYcJQdqYmBcshFXxbMQ3qmPraW21aZsVQAAADtJZnZYmX8351yHHc0Qp5eranrKEM/ALpqhOlVDegabnVYVraGipxrKe6ohO+6Ojx5+Qc1lPdVccBpGWX6GG9f85X2LXjzsC2P3mvj5xUMvmPKz8eGst++uerx5yYtv7XvEzesK5v/NHz3/r+6mI2UFx/9DGNv1N+Yuz0Tas/FxrXkZAAAAgB1w0R//xR61Lw85oGHT+2X3zl/7xKMrfrl5j1NOf3/c8a//8PCaxnsL5v+jSjv/P+4T6ZOTOTwSd0NMHRBCc34gqXZkYSA56t0vEwAAAIDeIHs8PnssfErmNjlFOz2fLszfup3544H/Ud3m//09/7P2jq3/+mLZBd89d0TNgKX/9GrHhBNOPvqW47/1zj4VB/yyvGD+31ra+f+1+bdJJ9bHXlw9IIS+OYEHYy87A10aY+D5I/MDmfGvjxtgcawqc2JCtqrFscS4GGhOBZYUK/FotsTe+YHMk5VtfFF2HFMyJXICAAAA8ImLuwPicfl4/n/LGSNO++vvzfrbha88eN7qCy75q+Ed80eedP/THzbMvXJp2PTmEQXz/3Hbd/5/1zy44PT+9n4hDK0IoU/6hwGP1CYLA8ZAXVkmcW9tUlefdFULa0MY2TmwdFUvZNb/r0ivMfh4TVJVDOy93y1vD+pMLKsJYWhu4IlvLz2sMzEnFcg2flpNCF/qHG268bv6Jo1Xphu/tm8IX8wJZKua0DeEzsaq0lX9r+rMdQzSVa2qDmHPnEC2quHVIcwNAPRW8X/pxNwHZ82dN3V8e3vbzF2YiDvxa8KkKe1tTROmt0+sLtKniak+561jtKBwTKVe+mZTZo2ixSsnV5aSzv5QsDm3rcyO/IIzBzP345ehyq5xHlKZd7clPeQD9y9sIuR8lSo25PJdPOTa3Eq2PYkF9cf8VaFf6DtnVtvMpvPGz549c1jyt9TshyR/43GmZFsNS2+r2u76VsLLo+hyWSkfd1sNyq1k6OxpM4bOmjtvyJRp4ye3TW47p+XQP2sZMXz410YM7RxUc/K3h5EO6q7m1Ei3Li1xWDtxpF+oyKnkk/jQkJCQ6G2J/f7L5odH77n+nOt/9tqPz+/3zdPu3fvImT889KqpD1Xve/ji24ccWDD/n/HR8//4qRM/+DPrMxQ7/t8QD/Mnj287zD8uBpaUevy/odjR/OyJAY2pQEcMdDjMDwAAwGdD3B0Z92bGndKbb1m/buOSlrk/aHin5dY17Utvuum+U39y58ATvjQ47LXhuhM+VzD/7yjt9/87af3/7NL1JxRb5v+gWKK52Pr/6WX+s+v/dxRb/z+9zH92/f8ln8L6/3OygdQmecf6/wAAwGfBJ7f+f4/L+6cvEFCQocfl/dMXCCjI0OMy/qVeIGC71/9f8+Bff6Wq35g7/qTlN/WXvPZ39xzWeuS6zTP/5Etb10+877qxt6wpmP9fUdr838L9AAAAsPv4z5ddU3H02Xff0bJu6sZxbw5+98m3lgzq80HF0Q+3j3xh4Bu3nlcw/19S2vz/k1//LxQ7/7+xWKC12MKA1v8DAACglyq2/t89Q1sa/zCm/x+eHvab5Q/ePPqnj/z898v3+/mJPyvfZ8Gxz8+8bFLB/H9VafP/eNpFeV7u2JsP65M17UJ6Tbs367M/GQAAAIDeoTw0NVWWmDdvYdSjPn6bT2eWAv2odK7vvXLt2ZtfmH7c46ev+7uaEwbvOWHaBasa/2b4gXd+ftQley7ddGrB/H9tafP/vN9lXPrYiun9lo2+9MOrN/9qzIazag7YdvwfAAAA2HVK3S8BAAAAAAAAAAAAAAB8+s7tWHzhI8uOfe+bt//F/kcseXXwbXcd+Lsh/V664qoHJq1648zJXy/4/X8Y21Wu2O//43X/4u8L/igvd2y15/X/MvdPOfH2uV1LFj5SH8L+uYGpC6fuETLX5h+cG7jvjIMGdiYWpkusefbolzoT30kHjh/yuS2dicNTgXFxkcR90oF4VcUt/VOBuLzi4+lA3B6r0oGqTOCy/sk4ytLb6pW6ZFuVpbfVxroQBuQEstvq7rqkjbL0AK9JBbID/F46EAd4ciZQnu7V7f2SXsVAXSx6Q7+kVwAA7Lbit8DKMGlKe1tz/Aofb79QkX8b5S1ZtqCw2rISm9+UWZps8crJlaWk+6S/i2671nhlqO4cwrCCr6u5Wcq6Rrlzaulh0/1RkSH3tNpbeZFyadu76aqKj6gmGVHThOntEyt7HHhLz1kOqegxy7CCyU5ulvKuTVpCLSX0pYQRlbhtSuhyvF8empr6pHL9eQw2hDw9vSJK/b1+7jp/xV4FuXluO/TKt758zE+f++CfP/9E/2+cVnP7rO+/e+KvX7//wEOOuG5C05otBfP/htLm/9W549qSuRhAR7yy3sgBIYwrcUQAAADw2XfbRbfecfr09a9MWlvx5GOPTS0fc3rl1vl3zp93ycZ7Fx9/2cErdjR+2Fm//f5vBu//b89e9dJPR+7zwA03/58nD3v8z3//8I8eeqduZZ+x7xXM/xtLm//HPViZQ8HJ3o618fr/iwaE0HVp/YYksDIO97sDQvhyV6o1lkguqH9CLNGcBFbGHSYHxRLjWvOr6hsDq1KBl+szgbWpwPoYyOyluCVkduVcWR/CYV2psfklZsQSDanAmBhoTAWaYqA5FegfA6NSgdf6ZwKtqcDDMRCm5G+rH/fPbCsAAIDtkZlnVebfDel53qqKnjKU9ZShtqcM5T1lqO4pQ7FRxPt3xAyVqZNXynIyVaZrrUnVUpAhXgx/u/tVkCE8mp8zXbCg6Xj+QfZ8g7L8DFf+4NlT1w+e/tDqzcd8beBt/zhkz4Obp9e9t+CGp3475pzrnv/TQQXz/+bS5v+1+bdJ6+vj/H/b9f+SwIOxe1fHU8cbY+D5I/MDmR0D6+Nkd3G2qtZMicykfXEsMSoGGlOBGTEwKhUYNzYTWDIwP5CZaWcbX5RtfEqmRE4AAAAAPnFxB0HcTRPn/zce9YOr3x8wccuyeTPvH9vyxMmjv3H1XT+6d/9ld767YvCAce99p2D+P6q0+X9sr19uYxfH3rzYP4S7y7b1JhsYUpcE4n6Muvjz+H3rQtgjZwdHtkRbbVKiKtVweKAm+YV6Vbqq1TXJGgPx/ikb7r/v8s7ENTUhfCVn70u2jWeqkzZq0oFBVUmgNh2YXpEE4p6fbOAn5UkAdlh2r2B8QWVOdclq6L5ckdffZ+WaoOnhFewD7SZfd7+52lWq0w9k9qlmbd/TVlAdu0TB22Otd1tvfLc1eLflfpHKfEPZui1UHcontk0aP6d9dnwk95esBXbR85z7K9VS0jvhddjx8Xvbs+p0B5pTHx/N3Zfr/nVYFqu79LEV0/stG33p1Zt/NWbDWTUHlNyNIuIPhX+05X9XPpWzeXe16pB5zfW6z5NWnye98d9Ao6cthHDZ9cfsu+TdX+/33A3Pnbqu7Maxr/7lrHs2Lf+bysNHrXv/yaGjLy+Y/7eWNv+vSN12+V3cmLMGhHBgzsZ9JG7+YwYkn4M5geRTcs/CQHLI/V/ri35yAgAAwM6W3d2R3V8wJXObnBCenicX5m/dzvxxf8WobvOX2u9j121cedLQN6474G8vOPGNv7/28Kceuv6ysnXL//vYD1avuXzxe08UzP/HffT8v2+qm47/O/7PLuL4f7d2913RfdMPdOzQruiC6tglHP/v1u7+bnP8v1uO/zv+3x3H/3vg+H+3dvenreBb0gxfujonwdff+fPfTbzpg7mN+x180lPPHDrxun+6quXuu0555b+de9601761uWD+P6O0+b/1/7pftC+7/t+4Yuv/zSi2/l+H9f8AAIBdqshCc+l5XsHqfQUZ0qv3FWTocYHAHpcYtP7fdq//t3Dkv1904Q+fb7n2nTvHXb5m07Fnvvr0utXPzFpx3Lnnv9V6112tBfP/jtLm//Hl0C+39d6y/l/j2CJVXREDMywMCAAAwO6o2A4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPl2HnvbO+5d8/R/aBv1ixc1/f+v/+7/P1q594JvfuGn4L6f86RllazZcM+LMLfMOuvC4+Qum/UvH8tVHnBHClK5yZUnxsueu+OpDrXsd9+wdAzfOvPHW+i3VmXorM7d/nJc7tvphfQhLch6pi4k36zvvbAuccuLtcys6E4/Uh7B/bmDqwql7dCaW14cwODdw3xkHDexMLEyXWPPs0S91Jr6TDhw/5HNbOhOHZwJl6e5e1z/pblm6u5f3D2FATiDb3bP751eVbeO4TKA83caKuqSNGKiLRa+tS9qIgfZYYkrfEIZWhNAnXdU/VydV9UlXdU91UlWfdFUXVYcwMoRQka7quaqkqor0yB+tSqqKgb33u+XtQZ2JpVUhDM0NPPHtpYd1JmamAtnG/1NVCF/qfMmkG/9xZdJ4Zbrx/1oZwhdDCFXpEu9VJCWq0iVeqAhhz5zAto1YEcLcwGdD/PSZmPvgrLnzpo5vb2+buQsTVZm2asKkKe1tTROmt0+sTvWpmLKc9NYFH3/sm96eP6HzdvHKyZWlpCsy5Sq7unxIZd7dlt2997FftbmVbHs+CuqP+atCv9B3zqy2mU3njZ89e+aw5G+p2Q9J/vbJRJNtNay3bKtBuZUMnT1txtBZc+cNmTJt/OS2yW3ntBz6Zy0jhg//2oihnYNqTv7ujJEu/eRH+oWKnEo+ife/hIREb0uU5326Ne/un+MFX/S3dbQyVHd9QBdMK3KzlHWNcmcM+qiPOeKP8zWlxxENK5g4FGQ5pOcsLQWTiW1ZapIsXV/rCiaHuTWVd23SeL88NDX1KbYdGvLv5m7e13dg8z6d2XSlpgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAA//8fSxmR")
openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_emit_vhci(&(0x7f0000000300)=ANY=[], 0x7)

4.58130775s ago: executing program 4 (id=579):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e21, @local}], 0x10)
sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000040)='N', 0x1}], 0x1, 0x0, 0x0, 0x2800c075}, 0x1)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000200)={0x1, &(0x7f0000000140)=[{0x6, 0x9, 0x8, 0xa}]}, 0x10)
r1 = dup(r0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x111, 0x4}}, 0x20)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f00000000c0)={0x0, 0xba2f, 0x4, 0xc4b1, 0x8, 0x3}, &(0x7f0000000180)=0x14)

3.883044761s ago: executing program 5 (id=581):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CAP_X86_DISABLE_EXITS(r1, 0x4068aea3, &(0x7f00000001c0)={0x8f, 0x0, 0x2})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="65660fc736b9230200000f320fc5b0040000000f0f10970fe8fa640f01cfc4e21d4501c744240000000000c74424021c320000c744240600000000c4e17de69222ad2eec0e476e04b8200fae82ef66bafc0c66b8004066ef66b8296c", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3.552622726s ago: executing program 4 (id=582):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/netstat\x00')
r1 = fanotify_init(0x0, 0x40000)
r2 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x50)
setrlimit(0x7, &(0x7f00000000c0)={0x0, 0x3})
readv(r1, &(0x7f0000000100)=[{&(0x7f0000000040)=""/175, 0xaf}], 0x1)
fanotify_mark(r1, 0x1, 0x40001019, r2, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

3.29215969s ago: executing program 5 (id=583):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0)
r0 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000600)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000000c0)=@newtfilter={0x48, 0x2c, 0x52f, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r1, {}, {}, {0x2, 0xe}}, [@filter_kind_options=@f_flower={{0xb}, {0x18, 0x2, [@TCA_FLOWER_KEY_IPV6_DST={0x14, 0x10, @private0}]}}]}, 0x48}}, 0x20000000)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

3.107075493s ago: executing program 4 (id=584):
r0 = socket$igmp(0x2, 0x3, 0x2)
prlimit64(0x0, 0x9, &(0x7f0000000000)={0xfffffffffffffffb, 0xfffffffffffffffb}, 0x0)
r1 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC_PROXY(r1, 0x0, 0xd2, &(0x7f0000000040)={@remote, @empty, 0x1, "4ef7289910e0843a8f13f2fe244b73fb24e0fe49951c925bca907f6a609d8f49"}, 0x3c)
setsockopt$MRT_FLUSH(r1, 0x0, 0xd4, &(0x7f0000000000)=0x5, 0x4)
setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, &(0x7f0000000280)={@private, @multicast1, 0x0, "aaa517d60f2811d48c8a2cc60c4380bc23bd0f4eb500"}, 0x3c)
setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, &(0x7f0000000040)={@remote, @empty, 0x0, "005c2beeb0801bd73c676461644cf36dfc15ea56886fff778a41757aa3ae714d"}, 0x3c)

2.898790766s ago: executing program 5 (id=586):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={<r2=>0xffffffffffffffff}, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x8, @mcast2}, {0xa, 0x0, 0x7, @remote}, r2}}, 0x48)
write$RDMA_USER_CM_CMD_MIGRATE_ID(r1, &(0x7f0000000080)={0x12, 0x10, 0xfa00, {0x0, r2, r1}}, 0x18)
close_range(r0, 0xffffffffffffffff, 0x400000000000000)

2.835858347s ago: executing program 4 (id=587):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x8004, &(0x7f0000000080)={[{@discard}, {@bh}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x1, 0x7b9, &(0x7f00000007c0)="$eJzs3d9rHNUeAPDvbJLmR3tvcuFy7+1b4EJvoHRzU2Or4EPFBxEsFPTZNmy2oWaTLdlNaULAFhF8EVR8EPSlz/6ob776A3zS/8IHaamaFis+SGR2Z5M02c2vJtloPh+YzDkzsznnO+fMzNmdYTeAQ2sw/ZOLOB4RbycR/dnyJCK6aqnOiHP17R4uLvRERCGJpaWXfkpq2zxYXCjEqtekjmaZ/0TEV29EnMytL7cyNz85VioVZ7L8cHXq6nBlbv7UlamxieJEcfrMyOjo6bNPnj2ze7H+8t38sbvvPP+/T8/99vq/b7/1dRLn4li2bnUcu2UwBrN90pXuwkc8t9uFtVnS7gqwI+mh2VE/yuN49EdHLdVC737WDADYK69FxBIAcMgkrv8AcMg0Pgd4sLhQaEzt/URif917NiJ66vE/zKb6ms7snl1P7T5o34PkkTsjSUQM7EL5gxHx4eevnOjI8mk93EsD9sONmxFxaWBw/fk/WffMwnb9f6OVS9212eCaxYft+gPt9EU6/nmq2fgvtzz+iSbjn+76sfuvxy1/8+M/d+dxy9hIOv57pv5s25rx3/JDawMdWe5vtTFfV3L5SqmYntv+HhFD0dWd5kdqmzYfuQ3d//1+q/Kz8d/H6fTzu69+lJafzle2yN3p7H70NeNj1c5vHjfwzL2b0Zcl18SfLLd/0mL8e2GLZbzw9JsftFqXxp/G25jWx7+3lm5FnGja/ittmWz4fOJwrTsMNzpFE599/35fq/JXt386peWn892PtLl7N6PWAZJkZR/U1yzHP5Csfl6zsv0yvr3V/2WrdZvH37T/jx1JXq6lj2TLro9VqzMjEUeSF9cvP73y2ka+sX0a/9B/mx//9WKb9//0PeGlLcbfeffHT3Ye/95K4x/fuP+vaf+ebPHKks0Stx9OdrQqf2vtP1pLDWVL0vbfLK6t1GtnvRkAAAAAAAAAAAAAAAAAAAAAAAAAti8XEcciyeWX07lcPl//De9/Rl+uVK5UT14uz06PR+23sgeiK9f4qsv+Vd+HOpJ9H34jf3pN/omI+EdEvNfdW8vnC+XSeLuDBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDM0Ra//5/6obvdtQMA9kxPuysAAOw7138AOHy2d/3v3bN6AAD7x/t/ADh8tnz9v7S39QAA9o/3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyxC+fPp9PSr4sLhTQ/fm1udrJ87dR4sTKZn5ot5Avlmav5iXJ5olTMF8pTLf/RjfqsVC5fHY3p2evD1WKlOlyZm784VZ6drl68MjU2UbxY7Nq3yAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6ypz85NjpVJx5i+RuLES2C7/5962xtV3MHbvqkRnHIhqHOhEdxyIauwwsfos0duGMxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAn8MfAQAA//94WBdi")
r0 = open(&(0x7f0000000140)='./file1\x00', 0x64842, 0x21)
pwritev2(r0, &(0x7f0000000240)=[{&(0x7f00000004c0)="81", 0x1}], 0x1, 0x100, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r1, 0x0)
pwritev2(r0, &(0x7f0000000600)=[{0x0}], 0x1, 0x9, 0x2, 0x0)
ioctl$EXT4_IOC_SWAP_BOOT(r1, 0x6611)

2.483864032s ago: executing program 5 (id=588):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fchown(r0, 0x0, 0xee01)
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffed3)
mkdir(&(0x7f0000000000)='./file0\x00', 0x18a)
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c})
removexattr(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000240)=@known='system.posix_acl_access\x00')

2.210227366s ago: executing program 3 (id=589):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_MAX_THREADS(r0, 0x40046205, &(0x7f0000000000)=0x1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001a80)={0x4, 0x0, &(0x7f0000001900)=[@enter_looper], 0x1, 0x0, &(0x7f0000000040)="a1"})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.io_merged\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x28011, r1, 0x0)
ftruncate(r1, 0xc17a)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

2.026962079s ago: executing program 5 (id=591):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_buf(r0, 0x0, 0x8008000000010, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x141800, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r2, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0x5})
ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f0000000100)=ANY=[@ANYBLOB="01000000000000000000000002"])
close_range(r0, 0xffffffffffffffff, 0x0)

1.908745111s ago: executing program 0 (id=592):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000002100)=@newtfilter={0x44, 0x2c, 0xd27, 0x70b526, 0x8000, {0x0, 0x0, 0x0, r3, {0x8, 0x7}, {}, {0xa, 0xfff3}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x14, 0x2, [@TCA_CGROUP_EMATCHES={0x10, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x89f}}, @TCA_EMATCH_TREE_LIST={0x4}]}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x22044028}, 0x0)

1.016473505s ago: executing program 3 (id=593):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0)
write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "0040001e1d113c812e5d6000"})
r1 = syz_open_pts(r0, 0x0)
dup3(r1, r0, 0x0)
ppoll(&(0x7f0000000140)=[{r0}], 0x1, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x3)

1.011612185s ago: executing program 0 (id=601):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r2}, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000640)=ANY=[@ANYBLOB="18080000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000000000085000000a500000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000000c0)=r3, 0x4)
sendmsg$inet(r1, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x44000)

1.011065985s ago: executing program 5 (id=594):
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000000000)='./bus\x00', 0x0, &(0x7f00000001c0)={[{@nodatacow}, {@fatal_errors_bug}, {@datacow}, {@nossd_spread}, {@autodefrag}, {@nossd_spread}]}, 0x3, 0x55a3, &(0x7f000000e0c0)="$eJzs3X9snHUdB/DnruvaFdeWMOuArGwDJFtEOjdNCCR2bNNpYTnphE3I+gNH0DmtY8NVCCtinIERijWMwQoLbn9MEYqucyiJBewqul8IJtNFBbPFNWOkOBExYTG9u+d299zaHhMpwuu1tM/zvc/z/d73njx/3PvW73MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEHwx+N3TL/t3roJ26+ru++8a85e+2D3kuMX3rq1avND20v2dTz31aNVq1qPLF1w0/2JpkfW93d3BkEs2S+W7t9w2fwrr69vuKI0HLDxc6ltZeVQT5nq+mKqMTbnwcF+uT9NQRAURwYoSm/npXfiOQNkdlfkDzisayf1tE4dP69x28qujc8uu3xL/ktnUOloT2C0pK+rgyeupdrk73jkiEw769KL5Vyiqf7RC+4deREAwFtSk0huMm9H029xM+22aD3Sro202yPt8B1Ce3bjVKTGHTvUPCdH66M0z9pUVCgZcp6Revr8Z9qJaP9IOxI13sI8cw9NR5rSoebZEqmP1jwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k0uuH5m/d49D7/8ldbf/u7h17/16sePrGq8ZaC7/qJ1ix/v2PG9vx2tWtV6ZOmCm+5PND2yvr+7Mwgqk/1iqe6xZ6ri8ZkDddseu6e3puFDC9cUpccNt2OyDg72hzsXVwRBc1blYDhsf3kQJHILyWawIb/wpeTOZ8ICAAAA7yVnJn/HM+1UHCzOaceSaTKW/BdKhcVrJ/W0Th0/r3Hbyq6Nzy67fMupj5cYYrzak46XaVee+IllBeMw/kbHO1EPD12RN87woiNG8/zpx/qnNdfdUHrl7gsWzphdv+XS4CfTD3csX3TfhBfHL9nXXpOX/yuHz//hmZP/AQAA+G/I/9FxhjdS/m+uqZh0cOp3ix67rur44fkP/Lyz7/kn4w8VD3Q//dLYcbf9cnVe/p+c85R5+T+ccZj/48Gp5X8AAAB4N/tf5//avHGGN1L+/8X+zZ//98pvTDk84187Xnj69xdvnVI+/7WyGTe8+cSCVxp2tf0pL//XFJb/x2RPO3xwVzjhZRVBUFP4SQUAAAByhP/vfuKjhTCvpz45iOb1y+4qe3LXG+tvjJ/V8o8zFvfPqv7i7tVf37ApNrChc92O5XNX5OX/2sLyf/E783IBAACAAvxm+y13V395ydYtew7N2XFnYvPYS+a+uuennVf1vXwsUfT8zX15+T9RWP4vGZ2XAwAAAJzEU+MmPnfo0UNfm7177YS9q9rmPD5t3+qFD/xz9t+veOnPxzddWJ6X/xsLy/9l6W165UOq087wrxA6KoKgdHCnJVXoC9o/mSkAAAAAb5Mwpzc1revduX7MrNfOPvzDNSuW/2rvpd++a2P1zQd+XXX7ucf2996Yl/9bhr//f3ing3D9f879//LW/2cVUnf9u8SNAQAAAHg/yl/PH94eP/XNBUN9/36h6/8/euaBko7m8ysnx7dVz3rig31Xra1+fVHHRZ/YfusbH46V//VTefm/rbD8X5S9fTu//w8AAABOwf/b9/8tzhtneCPd/79v3DPnrPnsPT+o/WbZU+e+eXfzd9oPTj9v87QzPlJ0fvecmX/4fl7+by8s/4fb07JfXk94fm6vCIKJgzvpuwluDae7LFLoKs4qpE58pEd92CNd6CrJKiS1RHp8rCIIpgzutEUKp4eF9khhoDxd2BQp7A0L6eshU3g0UugJr7R7y9PTjRZ+FhbSCyy6whUUp2WWRER6HBuqx2DhpD0OZJ4cAADgfSUMz+ksW5zbDKJRtis20gFlIx0QH+mAopEOGBM5IHrgUI8HjbmF8PEfz+1e+so1D9b1Xt1w9KzZe5bc0faBnkW9O7/wo55z/nL1Cws/nZf/NxWW/8NTMTa1GWr9fxCu/09/r2Fm/X9jWKiMFLrCQiJ6x4BE+BypsHtn+ByViXSPgYmZAgAAALynhZ8LFI3yPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sHfvcVJVd4LATzf9oJum6YgBY4ygRkR3aZomGEQcUXRXo4tNJKtjhtAIjXZoAwq4YsyKr3GV6GLUmBjZwY+jJg6r+CDqRIXoiElGJfE5Kz4HnciqS9BR45gs++m+dYqqW112IaC0+/3+0XWqfud569F17r11LgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/P/hsiX3Nrw58H9965ffW/f697409TdTD9m8y19uqHt3yDlPbT5ocN0tbw1asPCNtklnXtsyffk1G1YuDaGlq1xZUrzsoUHl5aP/cMxdt13xcNO0wVPOrcrUm4mHfp1/yjN3Loytvto/hLvLQqhIB0bUJYHKzP26WN8edSF8LmwJZEu01SYl0g2Hh2tCWBa2BLJV3VsTQl1OYMoTD666rDNxVU0I+4YQqtNtvFCdtFGTDgyrSgK16cCciiTw/uZENnBPeRKAbRbfDNkX/YqW/AwN3Zcr8vqr3G4d+3Slh9cnJhqK53vrsB3cqRxV6QdatulpK6iOHaLg7bHau60XvNsKtvMST1vuF6nMN5TNW0LVoXxm26zpCzrmx0fKQ2Njn2I17aDned2mc2ZsTbrXvA5jBxq2y+vwgdpJ9Ze9PfHglSf/8fR956+duq3dfC5nk+amd7TqkHnN9ZrnMZrg86QXvP0KviUN9aUrhHD8nz5f9sycl3bf+MGrJ068/YWLr5628JopE58d9Iux/3jtLndPu7xg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MbKxP5uYAAADQa/SGvaZfHf3qS6c+dPeiF5cfV/Hdcb86abf6irO/33H8rivHf/HSK9sf36Vg/j+0tOP/8ZB/Xe5oV4cwoStxwYAQdut6PAn8LHbn5AEh7NWVaskPHJYKrA7hC12J/bNVpUr0jSWGpgK/r88EJqQCa2KgJRW4MQaWpAIXxsCKVGBGDKxOBQ6PgdCeP44D6jPjKDlQEwOtyUZcEc9CeKc+tpbaVuuyVQEAAGwnmdlhZf7dnHMdtjVDnF6uqOkpQzwDu2iG6lQN6RlsdlpVtIaKnmoo76mG7LgXffTwC2ou66nmgtMwyvIzfDjkO+UDJu79o7tuHHFT84sTv/vu2OO/8uc33129/z/993vOmX/dAQXz/6aPnv9Xd9ORsoLj/yFM7vobc5dnIh3ZeGtLXgYAAABgG1z12NInbzjgqP9z38v33fmla28oX3311//vKxsv2HvUccPL+v7dt1cUzP8nlHb+f9wn0icnc3g07oaYPSCEpvxAUu3BhYHkqHe/TAAAAAB6g+zx+Oyx8PbMbXKKdno+XZi/ZSvzxwP/E7rNf/mmv372y9c+eeLCYftsuOK/nflB2efH/m6XY9eOfPytPYf9Q0PfwvP/W0o7/782/zbpxJrYiysHhNA3J/BI7GVnoMvQGHj50PxAZvxr4gZYHKvKnJiQrWpxLNEaA02pwLJiJX6bLbFbfiDzZGUbvyA7jvZMiZwAAAAAfOLi7oB4XD6e/3/P5AO+tP+gl8a8uOe9C1+bsPSEU2t/uM8tu74+oGPSmAMnHHLEMwXz/9atO/+/ax5ccHp/R78QRlaE0Cf9w4BHa5OFAWOgriyTuL82qatPuqrzakMY3zmwdFWvZNb/r0ivMfhETVJVDOy29083DetM3FATwsjcwDPfvH5MZ2J+KpBt/Bs1IQzpHG268ZV9k8Yr041f0zeEPXMC2apO7htCZ2NV6aoerM5cxyBd1W3VIQzMCWSrOrA6hIUBgF4q/iudmfvgvIVnz57e0dF2xg5MxH34NWFWe0db44w5HTOri/RpZqrPecsYnVc4plKvfPN8ZomiqUNuH15KOvs7wabctjL78QtOHMzcj9+FKrvG2VyZd3d0esjD9ylsIuR8kyo25PIdPOTa3Eq2PIkF9cf8VaFf6LtgXtsZjWdNnz//jFHJ31KzNyd/42GmZFuNSm+r2u76VsLLo+hqWSkfd1vtl1vJyPmnzR05b+HZI9pPm35K2ylt32keO6q5ecxXx45pHtk5qqbkbw9D3a+7qlND3Xx9iePajkPdvSKnkk/iU0NCQqK3JaYvKTt/wrRf3/+tPdacdtZJe/z9HjNHnPRXl/9m7omNh0z+1fV/ubZg/j/3o+f/8VMnfvJn1mcodvy/IR7mTx7fcpi/NQaWlXr8v6HY0fzsiQFDU4FFMbDIYX4AAAA+G+LuyLg3M+6Vvq7un+4+cuaMQ97/5QlTrv7bseNOPWv9vg0XX33skv+w/p0lq454u2D+v6i03/9vp/X/s0vXf63YMv/7xxJNxdb/Ty/zn13/f1Gx9f/Ty/xn1/9f9ims/78gG0htknes/w8AAHwWfHLr//e4vH/6AgEFGXpc3j99gYCCDD0u41/qBQK2ev3/OR1/UTvo8jnjDh0x98ePrNp7ycDbvvT8xF/vs/SgEfeuvOW9UbcWzP+XlDb/t3A/AAAA7Dwe+mXfb1/87rD7n3rk/SPLLv3txpuO/6u2Aw75w8DmUyYfXfP9m/6tYP6/rLT5/ye//l8odv7/0GKBlmILA1r/DwAAgF6q2Pp/Nw98eejq+SNufOznb97yUusvZo5/7d8t+cFXpg9runnNut80zFhfMP9fUdr8P552UZ6XO/bmw/pkTbuQXtNuY332JwMAAADQO5SHxsbKEvPmrYx62Mdvc11mKdCPSud6+r5BqxaUP3RVWfXGH1wy7ZDGc489c86RF63/fu2TP6md2lh9RsH8f3Vp8/+832U8UDup/rK3Jx784cqT/3j6vvPXTt1y/B8AAADYcUrdLwEAAAAAAAAAAAAAAHz6nmpdetAHo45+Y+Zeo/70jWNf+MHiL37zkb+59s9n/vzw+/Zq3zxsSsHv/8PkrnLFfv8fr/sXf1+wa17u2GrP6/9l7k855taFXUsWPlofwj65gdnnz/5cyFybf7/cwKqp+w/uTJyfLnHfi4e/1pmYlg4cNWKX9zoT41OB1rhI4hfSgXhVxff6pwJxecUn04G4PVakA1WZwCX9k3GUpbfVhrpkW5Wlt9VzdSEMyAlkt9XddUkbZekBXpUKZAd4ejoQBzgpEyhP9+rWfkmvYqAuFv2bfkmvAADYacVvgZVhVntHW1P8Ch9vd6/Iv43yliw7r7DashKbfz6zNNnUIbcPLyXdJ/1ddMu1xitDdecQRhV8Xc3NUtY1yu1TSw+bbtciQ+5ptbfyIuXStnbTVRUfUU0yosYZczpmVvY48NE9Z2mu6DHLqILJTm6W8q5NWkItJfSlhBGVuG1K6HK8Xx4aG/ukco2LwYaQp6dXRKm/189d56/YqyA3z9/WXHtpn8F93v+38Rc99OCAyo5TJ7ddtPtj/zxw1Mwf//DB1mt+XzD/byht/l+dO673MhcDWBSvrHfwgBBaSxwRAAAAfPb9z3OX33HinDUbZq2uePZ3v5tdftyJlZvPueucsy967v7FR13y72/e1viKsqc2nfjGprP++o2ffOW6h8966fAZZ901ad0h69uqb/zuXyw/dUjB/H9oafP/uAcrcyg42duxOl7//4IBIXRdWr8hCfwsDvfkASHs1ZVqiSWSC+p/LZZoSgI/iztM9o8lWlvyq+obAytSgd/XZwKrU4E1MZDZS/HTkNmVc0V9CGO6UpPzS8yNJRpSgeNiYGgq0BgDTalA/xiYkAq82T8TaEkF/jEGQnv+trqzf2ZbAQAAbI3MPKsy/25Iz/NWVPSUoaynDLU9ZSjvKUN1TxmKjSLevyNmqEydvFKWk6kyXWtNqpaCDPFi+Fvdr4IM4bf5OdMFC5qO5x9kzzcoy88w7od3tB70tXk/3nTxjx4/8sALj1xy5duXHt1v8JXP/u/2c/v131RbMP9vKm3+X5t/m7S+Js7/t1z/Lwk8Ert3ZTx1fGgMvHxofiCzY2BNnOwuzlbVkimRmbQvjiUmxMDQVGBuDExIBVonZwLLBucHMjPtbOMXZBtvz5TICQAAAMAnLu4giLtp4vx/5bjwzh5Hvt+8+5UD5457/JHzjphes2t1zT+PX7t0/KXVD+3Xt2D+P6G0+X9sr19uYxfG3rzaP4S7y7b0JhsYUZcE4n6Muvjz+D3qQvhczg6ObIm22qREVarh8HBN8gv1qnRV99YkawzE+1OeeHDVZZ2Jq2pC2Ddn70u2jReqkzZq0oFhVUmgNh2YU5EE4p6fbOCe8iQA2yy7VzC+oDKnumQ1dF+uyOvvs3JN0PTwCvaBdpOvu99c7SjV6Qcy+1Sztu5pK6iOHaLg7bHau603vtsavNtyv0hlvqFs3hKqDuUz22ZNX9AxPz6S+0vWAjvoec79lWop6e3wOlz08Xvbs+p0B5pSHx9N3Zfr/nVYFqt7oHZS/WVvTzx45cl/PH3f+WunltyNIuIPhQ++de4Bz+Vs3h2tOmRec73u86TF50lv/Dcw1NMWQlh+wawnn/iX95+vWN/8Xw4cu/y2Nx9b/pODHpg14gsbLvnyxrfePapg/t9S2vy/InXb5YO4MecNCGF4zsZ9NG7+iQOSz8GcQPIpObAwkBxyX19f9JMTAAAAtrfs7o7s/oL2zG1yQnh6nlyYv2Ur88f9FRO6zV9qvweO+YfvHXrV69/4+vrdL3906VPr/tObrxwx7dAHNj29YuXrzcd+/umC+X/rR8//+6a66fi/4//sII7/d2tn3xXdN/3Aom3aFV1QHTuE4//d2tnfbY7/d8vxf8f/u+P4fw8c/+/Wzv60FXxLmutLVwihdcANt/+idvrwflec860Za3/+9DtN416oO/foO//H4YvDNeet+nPB/H9uafN/6/91v2hfdv2/1mLr/80ttv7fIuv/AQAAO1SRhebS87yC1fsKMqRX7yvI0OMCgT0uMWj9v61e/6/2pLNPeqX+rb2umXj7f75z+oXPn3Tis/v2ef6E20+4aeTVw1/68oaC+f+i0ub/8eXQL7f13rL+39DJRapaEgNzLQwIAADAzqjYDgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+XSseXPzFzYv3OeimZz9/0+H/umzNrL1/dcDm0WNObhy+eGDZlX/3L28NWrDwjbZJZ17bMn35NRtWLg2hvatcWVK87KFB5eWj/3DMXbdd8XDTtMFTzq3O1FuZuf1iXu7Y6of1ISzLeaQuJjbWd97ZEphyzK0LKzoTj9aHsE9uYPb5sz/XmbixPoT9cgOrpu4/uDNxfrrEfS8e/lpnYlo6cNSIXd7rTIzPBMrS3b2uf9LdsnR3L+sfwoCcQLa73+6fX1W2jf+YCZSn27i5LmkjBupi0R/VJW3EQEcs0d43hJEVIfRJV/Xr6qSqPumq/r46qapPuqr/Wh3C+BBCRbqqF6uSqirSI19blVQVA7vt/dNNwzoTy6pCGJkbeOab14/pTJyeCmQb/3pVCEM6XzLpxu+oTBqvTDd+VWUIe4YQqtIl/rUiKVGVLvFKRQgDcwLZxk+tCGFh4DMhfvjMzH1w3sKzZ0/v6Gg7YwcmqjJt1YRZ7R1tjTPmdMysTvWpmLKc9ObzPv7Yn990zozO26lDbh9eSroiU66yq8vNlXl3R+/svY/9qs2tZMvzUVB/zF8V+oW+C+a1ndF41vT5888YlfwtNXtz8rdPJppsq1G9ZVvtl1vJyPmnzR05b+HZI9pPm35K2ylt32keO6q5ecxXx45pHtk5qqbk7/YY6vWf/FB3r8ip5JP4AJCQkOhtifK8T7emnf2DvOCL/paOVobqrg/ogmlFbpayrlFuj0Ef9jFH/HG+p/Q4olEFE4eCLM09ZxldMJnYkqUmydL1va5gcphbU3nXJo33y0NjY59i26Eh/27u5n1rGzbvusymKzUNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/D924EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsAMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYUdOBYAAAAAEOZvHUbPBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKUAAAD//5twzl8=")
open(0x0, 0x14d27e, 0x0)
r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x40942, 0x0)
r2 = open(&(0x7f0000000180)='./bus\x00', 0x8042, 0x1a4)
pwrite64(r2, &(0x7f00000000c0)='a', 0x1, 0x9000)
copy_file_range(r1, 0x0, r0, 0x0, 0xfffffbffa003e458, 0x700000000000000)

1.010184185s ago: executing program 4 (id=595):
syz_mount_image$jfs(&(0x7f0000000380), &(0x7f00000006c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2208088, &(0x7f000000bcc0)=ANY=[@ANYBLOB="009c1b06223d15055c6d39aecad6836294e3e1fc38b80cd5eb20b39d203f802b4368850fdef916202a989ea54a4e800c324c19bad386d9a72fc1de2fa7f100eae8a434158d0ed0d6a9061d60971bcf895342571bae0ea58240ebdd0f6f3dd42fa0f9754224a9c2045d2e098e01000000943549e2c2e191b7da91b8645dfdb324ceaf445cdc974884e2d5ac6dbf8b92da3a8a65176db66ca798dce71880c5e6837b5a99b6696d5003a06f62bbfb0b9ba0a6ffbfc2dd37662e077430379386d8e3abf802401b0e8382824a68cf51cde62ac99470edf8c757396564c8079d89017df3182005ec9fe433b122f1c02ca72eb68e41fc7ff69975649149ff4be64bd665e56a5fe9ef4d6ee02ff30ad838a9744100d520765c83c0178534e09d2f578bd10d3bfc68d1e75d6965613448d1045b6a0298d0804f82bc984e271c346d1e30886f81feb02b8320d47dc752b2dd23b4d8e20f2bda7ff84c57d63da96f044f8daaac7cb7132ef6000000000000", @ANYRES8, @ANYRES8, @ANYRES16, @ANYRES64], 0x1, 0x5e97, &(0x7f0000005e00)="$eJzs3UuPFNfZB/CnL9Nz4TWMLL2WhbIYY+dCMDBcDLnb3iRSVpEiNlmBxmMLBScRkCi2UBhrFvkGUbJIlOyzyifIHj6EF1kGCZKNV6moZs6BmkoPzQDT1TPn95OaqqdOVfcp/n2druoTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAED88Ps/PteLiKu/SguWI/4vBhH9iMW6XomIxZXlvP4wIl6PreZ4rV59PqLefuufYxEXI+L+0YiHj+6s1YvPP2M//n3k/4/9868/OP37v/3u3sk/nnq73f6n9X/c+8nddFsAAADAnlRVVfXSx/zj6fN9v+tOAQBTkV//qyQvV6vVarVaffjqpmq8u80iIjaa29TvGe6OuzIAYHZtxBddd4EOyb9ow4g40nUngJnmuPvD6eGjO2u9lG+v+Xqwst2ejwXZkf9G7/H5HbtNJ2kfYzKt+9dmDOLVXfqzOKU+zJKcf7+d/9Xt9lFab7/zn5bd8h9tn/pUnJz/oJ1/y+HJvz82/1Ll/Id7yn8gfwAAAAAAmGH57//LU/v+t7fjerP5l7M7Ez3t+9+VKfUBAAAAAAAAAF62Fx3/7zHj/wEAAMDMqj+r1/589Mmy3T5j18uv9CJeaa0PFCadLLPUdT8AAAAAAAAAAAAAoCTD7WN4r/Qi5iLilaWlqqrqS1O73qsX3f6gK33/oWRdP8kDAMC2+0db5/L3IhYi4kr6rb+5paWlqlpYXKqWqsX5/H52NL9QLTY+1+ZpvWx+9AxviIejqr6yhcZ2TZM+L09qb19ffVujavAMHZuODgMHgIjYfjV66BXpkKmqY9H1uxwOBo//w8fjn2fR9f0UAAAA2H9VVVW99HPex9N3/v2uOwUATEV+/W9/L6BWq9Vqtfrw1U3VeHebRURsNLep3zPcHXdlAMDs2ogvuu4CHZJ/0YYR8XrXnQBmWq/rDrAvHj66s9ZL+faarwdpfPd8LMiO/Dd6W9vl7cdNJ2kfYzKt+9dmDOLVXfrz2pT6MEty/v12/le320dpvf3Of1p2y7/ez+UO+tO1nP+gnX/L4cm/Pzb/UuX8h3vKfyB/AAAAAACYYfnv/8u+/827DAAAAAAAAAAHzsNHd9byea/5+/8vjVnP+Z+HU86/J/8i5fz7rfy/1lpv0Jh/8P6T/P/16M7aj/7w+fE8fdb85/NML92zeuke0Uu31Bum6XPv2vy4hZtzg1F9S3O9/mCYjvmp5j6M63Ej1mN1x7r99P/xpP3cjva6p3Pprrzdfn5H+3C7vbH9hR3tc+l3B6rF3H4m1uLncSM+2Gqv2+Yn7P/ChPZqQnvOf+DxX6Sc/7BxqfNfSu291rT24LP+/zzum9Nxt/Peb+/dX93/3ZloMwaP962p3r8THfRn6//kyCh+eWv95plfX7t9++a5SJMdS89HmrxkOf+5dHn8/P/mdnt+3m8+Xh98Ntpz/rNiM4a75v9mY77e35NT7lsXcv6jdMn5f5Daxz/+D3L+uz/+T3XQHwAAAAAAAAAAAAAAAHiaqqq2ThF9LyIupfN/ujo3EwCYrvz6XyV5uVqtVqvV6sNXN1XjvdssIuLvzW3q9wy/GXdlAMAs+09EfN51J+iM/AuWf++vnr7VdWeAqbr1yac/vXbjxvrNW133BAAAAAAAAAB4Xnn8z5XG+M9vRcRya70d47++HysvOv7nMM88HmD0+Qf63ovN/mjQbww3/kY8ffzvE/H08b+HE25vbkL7aEL72EHMGxYmtI890aMh5/9GY7zzOv/jreHXSxj/tT3mfQly/ica9+c6/6+21mvmX/3lIOff35H/2dsf/+LsrU8+PX3942sfrX+0/rOLq6uXLlx+Z/Xy6tkPr99YT/922OP9lfPPY187DrQsOf+cufzLkvP/cqrlX5ac/1dSLf+y5Pzz+z35lyXnnz/7yL8sOf+TqZZ/WXL+X0+1/MuS8z+VavmXJef/dqrlX5ac/+lUy78sOf8zqZZ/WXL+Z1Mt/7Lk/PM3XPIvS84/H9kg/7Lk/M+nWv5lyflfSLX8y5Lzv5hq+Zcl5/9OquVflpz/pVTLvyw5/8upln9Zcv7fSLX8y5Lz/2aq5V+WnP+3Ui3/suT8v51q+Zcl5/+dVMu/LDn/76Za/mXJ+X8v1fIvS87/3VTLvyxPfv/fjBkzZvJM189MAAAAAAAAAAAAAEDbNA4n7nofAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+C87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsLevcbIdZZ3AD97c9YOly2E4IYAG8cEkyzZ9T2mNZhbSRPSUiC0pRfj2mtj8K1em1sjxSi0RGrURiof4EO5Fal8qYgAVVSlyJVagQQS+UQrtQ2pAlVEoTW0H6AibDUz7/PuzHivZzb2zDm/nxQ/9uyZmXfOvDO7/3X+awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoN1Nr5398FBRFI3/mr9MFMUzGr/fODnR+OPWV1ztFQIAAAC9eqr566Vn5wsOrOJKbcd89UXf/OL8/Px88dh3X/b8j8zP5w9MFsXENUXR/Fh48p6/3dp+TPJAMT403Pbn4RXufmSFj4+u8PGxFT6+YYWPX7PCx8dX+PhlJ+AyG1vfj2ne2Nbmbydap7S4rhhrfmzrItd6YOia4eH4Xk7TUPM682NHi+PFiWK2mOk4vnXsUPP4L9/UuK87i7iv4bb7urGxQ3543+FYw1A6x1s77mvhNsMPXl1M/uiH9x1+08cev2GxueJp6Li91jq3bWms80PpktZah4pr8jmJdQ63rfPGRZ6TkY51DjWv1/h99zovrXKdIwvLvKK6n/PxYrj5+0eb52m0/dt6+TzdmC778c1FUVxYWHb3MZfdVzFcbOq4ZHjh+Rlv7cjGbTS20nOK0TXt05tWsU8b88jWzn3a/ZqI5/+mdL3RJdbQ/jT94IMbLnve17pPQ+NRL/Va6d6D6/1a6Zc9GPvi0eaDfnDRPbg1Pf77bll6Dy66dxbZg/lxt+3BLSvtweENI8015ydhqHmdhT24veP4keY9DTXnk7csvwenz508Mz33/g+8/PjJQ8dmj82e2jUzs2fn3t0ze2emjx4/MZt+LXm2+9+mYji/BrakcxevgZd2Hdu+Vec/tX6vw/FlXocTXceu9+twtPvBDV2ZF+Tle7r12nhr46SPPzRcLPEaaz4/t/b+OsyPu+11ONr2Olz0c8oir8PRVbwOG8ecuXV1X7OMtv232Bqers8FE217sPvrke49uN5fj/TLHhxP++Jfb136c8GNab0PTq3165GRy/ZgfrjpvadxSf56f/yO5lhsX97Q+MC1G4rzc7Nnb3/foXPnzm4v0rgintu2V7r366a2x1Rctl+H17xfD3z469+4YZHLJ9K5Gn9545fxJZ+rxjG7bl/+uWp+dlv8fHZcuqNIY51d6fO52GfzxvnMWXKZ89k45kPTvX8tnnNp2/vv2BLvv5H7f9a8n635ph4YGRttvX5H8tkZ63g/7nyqRpvvXUPN+740vbr347H035V+P75umffjzV3Hrvf78Vj3g4v346GVvtvRm+7nczztkxMzy78fN47ZvGOte3J02ffjm9McSuf/ZSkp5FzUtneW2rf5vkZHx9LjGo176NynOzuOH0vZrHFfn91Rbp9uu7l1WyP50S24Uvt0suvY9d6n+f1qqX06tNJ338rpfj7H0764bufy+7RxzMVdvb93bozftr13blhpD46NbGiseSxvwtb7/fzG2IO3F4eL08WJ4kjzoxua+2moeV9Tu1e3Bzek/670e+XmZfbgtq5j13sP5s9jS+29odHLH/w66H4+x9O++Oju5fdg45jX7V3fr123pUvyMW1fu3Z/f22p73nd0HWans7veTXW+Q97l//ebOOYE3esNWcuf55uS5dcu8h56n79LvWaOlJcmfO0Oa3z+3csfZ4a62kc85F9q9xPB4qi+MLdB5rf701/v/L589/6YsffuxxofexL+xZu67KvOhb7e58v3H3g4j/f9ZO1PEYA+tvPmr9u3dT6XNf2N1Or+ft/AAAAYCBE7h9OM5P/AQAAoDIi98f/FZ7J/wAAAFAZkftH08xqkv8f/Lfnvfun9xe5mT+fxMfjNJx5onVcdFw/mf48Ob+gcflrPvOPX3/7/au77+GiKH56178sevyDT8S6Wh5O65z8dufll9n87VXd/zvuXTiuvQM4kW4/Hk/3Nvjyfz/RvN7kvta8eNfF5nzzhQcfaHz80r7Wn6M7+eT/tI7781TmPXD07zuuv+2x1v1tfWz5xxXX+9wbN979grct3F9cb2jLs5oP46OvbN1u/Nybh1/bOv5SOm6p9f/dH3/2c43j3/eSxdd///Di638y3e530vzJU63L289p489xvT9M64/7i+vd/umvLLr+R97QOv6R9Lx8Ms3u9b/6T1/4VPv5ivXH/Rx4vHW9uP+Zv/6P5vXi9uL2u9c//qonOs5H9+1f/Hzrdva/539H2o+Py+N+8r57vPN5btxO+34Ln/2jix3nufj31vX+pmv9cXtnHl98/bd1rfPM9k3N6y9VGf/47HcWfbyxngN/9WjH43nke+n8veae5u2O/zjtx/Tx/3u4dXvdPy3h0e91vp/E8Z+caL0u4/amu9b/cNf6L7y4ce5WXv+dP2qt/5FXfbXz+fjP1joO/KA1V1r/sU98s+P6n/pW6/k4+96pU6fnzh+PDvVE+tk/Z77bur1rxjduuvYZz3zWs9N7ZfefD54+987Zs5MzkzNFMTmAPxLv6V7/p9P8r9a4sN63f19RFO9t+7x26+tb+6940aU/efGdn3lnHPdPr2td/tDdrc9bL03HPZwuv5Ce77idj3+s9fmw1/XH/Sw183pX6fzXPrxnVQemx//Rm65vvsqGLrYu7n6/Kite548/r/N1/9hbW/NL6bzOp5/MvOX6rzWP677/+NkID72l9fqOr+Ti+r2u/y/T833Pd1q3H7eb15u+jvnK5s73x3h+vnR/108amGj9FI8L6f2juND6eBwVX1M9dOn6tSxzSXPvn5s+cfzU+fdNn5udOzc99/4PHDx5+vypcwebP5vz4LtWuv7C63tT8/V9ZHbPrqL5aj/dGk+zq73+M/cePrJ35pYjs0cPnT967t4zs2ePHZ6bOzx7ZO6WQ0ePzr53pesfP7J/+459O/fumDp2/Mj+O/bt27lv6vip041ltBa1gj0z7546dfZg8ypz+3ft2757966ZqZOnj8zu3zszM3V+pes3PzdNNa79nqmzsycOnTt+cnZq7vgHZvdv37dnz44Vf7rfyTNH5yanz54/NX1+bvbsdOuxTJ5rXtz43LfS9aFh7hMbF/08NZS+et9+257881kbPvPBJW+qdUjXDxD9fvpZNN/4iz/bvZo/R+4fSzOrSf4HAACAOojcvyHNTP4HAACAyojcf02amfwPAAAAlRG5fzzNrCb5X/9f/1//X/8/6P/r/5eh/6//X4b+v/7/IKxf/1//n971W/8/cv/Goqhl/gcAAIA6iNy/Kc1M/gcAAIDKiNx/bZqZ/A8AAACVEbn/GWlmNcn/+v/6//r/+v9B/1//vwz9f/3/MvT/9f8HYf36//r/9K7f+v+R+5+ZZlaT/A8AAAB1ELn/WWlm8j8AAABURuT+Z6eZyf8AAABQGZH7J9LMapL/9f/1//X/9f+D/r/+fxn6//r/Zej/6/8Pwvr1//X/6V2/9f8j9/9cmllN8j8AAADUQeT+56SZyf8AAABQGZH7n5tmJv8DAABAZUTuvy7NrCb5X/9f/79/+v8LtVj9f/1//f/Bof+v/1+G/r/+/yCsX/9f/5/e9Vv/P3L/89LMapL/AQAAoA4i91+fZib/AwAAQGVE7n9+mpn8DwAAAJURuX9zmllN8r/+v/5///T//fv/Qf9f/3+Q6P/r/5eh/6//Pwjr1//X/6d3/db/j9z/82lmNcn/AAAAUAeR+29IM5P/AQAAoDIi978gzUz+BwAAgMqI3H9jmllN8r/+v/6//r/+f9D/1/8vQ/9f/78M/X/9/0FYv/6//j+967f+f+T+F6aZ1ST/AwAAQB1E7n9Rmpn8DwAAAJURuf/FaWbyPwAAAFRG5P7JNLOa5H/9f/1//X/9/6D/r/9fhv6//n8Z+v/6/4Owfv1//X9612/9/8j9N6WZ1ST/AwAAQB1E7t+SZib/AwAAQGVE7r85zUz+BwAAgMqI3L81zawm+V//X/9f/1//P+j/6/+Xof+v/1+G/r/+/yCsX/9f/5/e9Vv/P3L/S9LMapL/AQAAoA4i99+SZib/AwAAQGVE7n9pmpn8DwAAAJURuX9bmllN8r/+v/6//r/+f9D/1/8vQ/9f/78M/X/9/0FYv/6//j+967f+f+T+l6WZ1ST/AwAAQB1E7r81zUz+BwAAgMqI3H9bmpn8DwAAAJURuX8qzawm+V//X/9f/1//P+j/6/+Xof+v/1+G/r/+/yCsX/9f/5/e9Vv/P3L/y9PMapL/AQAAoA4i99+eZib/AwAAQGVE7p9OM5P/AQAAoDIi98+kmdUk/+v/6//r/+v/B/1//f8y9P/1/8vQ/9f/H4T16//r/9O7fuv/R+7fnmZWk/wPAAAAdRC5f0eamfwPAAAAlRG5f2eamfwPAAAAlRG5f1eaWU3yv/6//r/+v/5/0P/X/y9D/1//vwz9f/3/QVi//r/+P73rt/5/5P7daWY1yf8AAABQB5H796SZyf8AAABQGZH796aZyf8AAABQGZH770gzq0n+1//X/9f/1/8P+v/6/2Xo/+v/l6H/r/8/COu/Iv3/B5b+MQD6/1RBv/X/I/fvSzOrSf4HAACAOojc/4o0M/kfAAAAKiNy/y+kmcn/AAAAUBmR+38xzawm+V//X/9f/1//P+j/6/+Xof+v/1+G/r/+/yCs37//r/9P7/qt/x+5f3+aWU3yPwAAANRB5P5XppnJ/wAAAFAZkftflWYm/wMAAEBlRO4/kGZWk/yv/6//r/+v/x/0/wek//8HqzjmCtL/1/8vQ/9f/38Q1q//r/9P7/qt/x+5/9VpZjXJ/wAAAFAHkftfk2Ym/wMAAEBlRO5/bZqZ/A8AAACVEbn/dWlmNcn/+v/6//r/+v9B/39A+v99Rv9f/78M/X/9/0FYv/6//j+967f+f+T+16eZ1ST/AwAAQB1E7v+lNDP5HwAAACojcv8b0szkfwAAAKiMyP13ppnVJP/r/+v/P139/w3pNvT/2/ad/n+T/r/+/1ro/+v/F2vp/w+lV7D+f9PV7s8P+vr1//X/6V2/9f8j9/9ymllN8j8AAADUQeT+u9LM5H8AAACojMj9d6eZyf8AAABQGZH735hmVpP83/f9/3SH+v9L9v+f2Zj92P8P+v9t+07/v0n/X/9/LfT/9f8L//5/aVe7Pz/o69f/1/+nd/3W/4/cf0+aWU3yPwAAANRB5P5fSTNrz/9L/WUZAAAAMBAi9/9qmpm//wcAAIDKiNz/pjSzmuT/vu//J/r/g/fv/wf9/7Z9p//fpP+v/78W+v/6/4X+f2lXuz8/6OvX/9f/p3f91v+P3P9raWY1yf8AAABQB5H735xmJv8DAABAZUTuf0uamfwPAAAAlRG5/61pZjXJ//r/+v/6//r/Qf9f/78M/X/9/zL0//X/B2H9+v/6//Su3/r/kfvvTTOrSf4HAACAOojc/7Y0M/kfAAAAKiNy/6+nmcn/AAAAUBmR+38jzawm+V//X/9f/1//P+j/6/+Xof+v/1+G/r/+/yCsX/9f/5/e9Vv/P3L/b6aZ1ST/AwAAQB1E7n97mpn8DwAAAJURuf+30szkfwAAAKiMyP2/nWZWk/yv/6//r/+v/x/0//X/y9D/1/8vQ/9f/38Q1q//r/9P7/qt/x+5/3fSzGqS/wEAAKAOIvf/bpqZ/A8AAACVEbn/YJqZ/A8AAACVEbn/HWlmNcn/+v/6//r/+v9B/1//vwz9f/3/MvT/9f8HYf36//r/9K7f+v+R+w+lmdUk/wMAAEAdRO7/vTQz+R8AAAAqI3L/4TQz+R8AAAAqI3L/kTSzmuR//X/9f/1//f+g/6//X4b+v/5/Gfr/+v9huSfkaq9/vfr/I4X+P/XVb/3/yP2zaWY1yf8AAABQB5H7j6aZyf8AAABQGZH7j6WZyf8AAABQGZH735lmVpP8r/+v/6//r/8f9P/1/8vQ/9f/L0P/X/9/ENbv3//X/6d3/db/j9x/PM2sJvkfAAAA6iBy/7vSzOR/AAAAqIzI/e9OM5P/AQAAoDIi959IM6tJ/tf/1//X/9f/D/r/+v9l6P/r/5eh/6//Pwjr1//X/6d3/db/j9x/Ms2sJvkfAAAA6iBy/6k0M/kfAAAAKiNy/+k0M/kfAAAAKiNy/5k0s5rkf/1//X/9f/3/oP+v/1+G/r/+fxn6//r/g7B+/X/9f3rXb/3/yP2/n2ZWk/wPAAAAdRC5/2yamfwPAAAAlRG5fy7NTP4HAACAyojcfy7NrCb5X/9f/1//X/8/6P/r/5eh////7N3Vi2DZEcfxJiTQT/lv4+7u7u6+cXd3d3d3z0NIuqpCspuEPXdm99yqz+eloBeWw9AP82P4cvX/K/T/+v8zvF//r//nuN36/9z9d4hbhux/AAAAmCB3/x3jFvsfAAAA2sjdf6e4xf4HAACANnL33zluGbL/9f/6f/2//j/p//X/K/T/+v8V+n/9/xner//X/3Pcbv1/7v67xC1D9j8AAABMkLv/rnGL/Q8AAABt5O6/W9xi/wMAAEAbufvvHrcM2f/6f/2//l//n/T/+v8V+n/9/wr9v/7/DO/X/+v/OW63/j93/z3iliH7HwAAACbI3X/PuMX+BwAAgDZy998rbrH/AQAAoI3c/feOW4bsf/2//l//r/9P+n/9/wr9v/5/hf5f/3+G9+v/9f8ct1v/n7v/PnHLkP0PAAAAE+Tuv2/cYv8DAABAG7n77xe32P8AAADQRu7++8ctQ/a//l//r//X/yf9v/5/hf5f/79C/6//P8P79f/6f47brf/P3f+AuGXI/gcAAIAJcvc/MG6x/wEAAKCN3P0PilvsfwAAAGgjd/+D45Yh+1//r//X/+v/k/5f/79C/6//X6H/1/+f4f36f/0/x+3W/+fuf0jcMmT/AwAAwAS5+x8at9j/AAAA0Ebu/ofFLfY/AAAAtJG7/+Fxy5D9r//X/+v/9f9J/6//X6H/1/+v0P/r/8/wfv2//p/jduv/c/c/Im4Zsv8BAABggtz9j4xb7H8AAABoI3f/o+KW/9z/l7fkqwAAAIBrKXf/o+OWIf/+r//X/+v/9f9J/6//X6H/1/+v0P/r/8/wfv2//p/jduv/c/c/Jm4Zsv8BAABggtz9j41b7H8AAABoI3f/4+IW+x8AAADayN3/+LhlyP7X/+v/9f/6/6T/1/+v0P/r/1fo//X/Z3i//l//z3G79f+5+58QtwzZ/wAAADBB7v4nxi32PwAAALSRu/9JcYv9DwAAAG3k7n9y3DJk/+v/9f/6f/1/0v/r/1fo//X/K/T/+v8zvF//r//nuN36/9z9T4lbhux/AAAAmCB3/1PjFvsfAAAA2sjd/7S4xf4HAACANnL3Pz1uGbL/9f/6f/2//j/p//X/K/T/+v8V+n/9/xner//X/3Pcbv1/7v5nxC1D9j8AAABMkLv/mXGL/Q8AAABt5O5/Vtxi/wMAAEAbufufHbcM2f/6f/2//l//n/T/+v8VDfv/q18B/b/+X/+v/9f/6/85bLf+P3f/c+KWIfsfAAAAJsjd/9y4xf4HAACANnL3Py9usf8BAACgjdz9z49bhux//b/+X/+v/0/6f/3/iob9v+//X1zr/v/yRj/R/+v/z/B+/b/+n+N26/9z978gbhmy/wEAAGCC3P0vjFvsfwAAAGgjd/+L4hb7HwAAANrI3f/iuGXI/tf/6//1//r/pP/X/6/Q/zft/29z4fv/+n/9v/5f/89hu/X/uftfErcM2f8AAAAwQe7+l8Yt9j8AAAC0kbv/ZXGL/Q8AAABt5O5/edwyZP/r//X/+n/9f9L/6/9X6P+b9v/X9Pv/N6b/1/+f4f36f/0/x+3W/+fuf0XcMmT/AwAAwGndjO2eu/+VcVf+HwAAAMDecve/Km6x/wEAAKCN3P2vjluG7H/9v/5/j/7/houber/+X/9/of/fnv5f/79C/6//P8P7r1P/n7+m+n9G2K3/z93/mrhlyP4HAACACXL33xC32P8AAADQRu7+18Yt9j8AAAC0kbv/dXHLkP2v/9f/79H/z/z+/6X+/9/+PPX/+v+bov/X/1/o/5fd2v382d/v+//6f47brf/P3f/6uGXI/gcAAIAJcve/IW6x/wEAAKCN3P1vjFvsfwAAAGgjd/+b4pYh+1//r//X//v+f9L/6/9X6P/1/yv0//r/M7xf/6//57jd+v/c/W+OW4bsfwAAAJggd/9b4hb7HwAAANrI3f/WuMX+BwAAgDZy978tbhmy//X/+n/9v/4/6f/1/yv0//r/Ffp//f8Z3q//1/9z3G79f+7+t8ctQ/Y/AAAATJC7/x1xi/0PAAAAbeTuf2fcYv8DAABAG7n73xW3DNn/+n/9v/5f/5/0//r/Ffp//f8K/b/+/wzv1//r/zlut/4/d/+745Yh+x8AAAAmyN3/nrjF/gcAAIA2cve/N26x/wEAAKCN3P3vi1uG7H/9v/5f/6//T/p//f8K/b/+f4X+X/9/hvfr//X/HLdb/5+7//1xy5D9DwAAABPk7v9A3GL/AwAAQBu5+z8Yt9j/AAAA0Ebu/g/FLUP2v/5f/6//1/8n/b/+f4X+X/+/Qv+v/z/D+/X/+n+O263/z93/4bhlyP4HAACACXL3fyRusf8BAACgjdz9H41b7H8AAABoI3f/x+KWIftf/6//1//r/5P+X/+/Qv+v/1+h/9f/n+H9+n/9P8ft1v/n7v943DJk/wMAAMAEufs/EbfY/wAAANBG7v5Pxi32PwAAALSRu/9T/7y3/dd/GLL/9f/6f/2//j/p//X/K/T/+v8V+n/9/xner//X/3Pcbv3/1e6/vPh03DJk/wMAAMAEufs/E7fY/wAAANBG7v7Pxi32PwAAALSRu/9zccuQ/a//1//r//X/Sf+v/1+h/9f/r9D/6//P8H79v/6f43br/3P3fz5uGbL/AQAAYILc/V+IW+x/AAAAaCN3/xfjFvsfAAAA2sjd/6W4Zcj+1//r/3v1/1cpnv7/iv7/iv7/+tL/6/9X6P/1/2d4v/5f/89xu/X/ufu/HLcM2f8AAAAwQe7+r8Qt9j8AAAC0kbv/q3GL/Q8AAABt5O7/WtwyZP/r//X/vfr/K/r/K/r/K/r/60v/r/9fof/X/5/h/fp//T/H7db/5+7/etwyZP8DAADABLn7vxG32P8AAADQRu7+b8Yt9j8AAAC0kbv/W3HLkP2v/9f/6//1/0n/r/9fof/X/6/Q/+v//5vbb/R+/b/+n+N26/9z9387bhmy/wEAAGCC3P3fiVvsfwAAAGgjd/934xb7HwAAANrI3f+9uGXI/tf/6//1//r/pP/X/6/Q/+v/V+j/9f9neL/+X//Pcbv1/7n7vx+3DNn/AAAAMEHu/h/ELfY/AAAAtJG7/4dxi/0PAAAAbeTu/1HcMmT/6//1//p//X/S/+v/V+j/9f8r9P/6/zO8X/+v/+e43fr/3P0/jluG7H8AAACYIHf/T+IW+x8AAADayN3/07jF/gcAAIA2cvf/LG4Zsv/1//p//b/+P+n/9f8r9P/6/xX6f/3/Gd6v/9f/c9z/6v/j7/y3aP+fu//nccuQ/Q8AAAAT5O7/Rdxi/wMAAEAbuft/GbfY/wAAANBG7v5fxS1D9r/+X/+v/9f/J/2//n+F/l//v0L/r/8/w/v1//p/jtvt+/+5+38dtwzZ/wAAADBB7v7fxC32PwAAALSRu/+3cYv9DwAAAG3k7v9d3DJk//+//v92cW/F/j+foP/X/+v/9f/6/w3p//X/K/T/+v8zvF//r//nuN36/9z9v49bhux/AAAAmCB3/x/iFvsfAAAA2sjd/8e4xf4HAACANnL3/yluGbL/ff9f/6//1/8n/b/+f4X+X/+/Ynz//48f6/+3f7/+X//Pcbv1/7n7/xy3DNn/AAAAMEHu/r/ELfY/AAAAtJG7/69xi/0PAAAAbeTu/1vcMmT/6//1//p//X/S/+v/V+j/9f8rxvf/vv9/ivfr//X/HLdb/5+7/+8BAAD//xKBZe0=")
creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x40)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
getdents64(r0, &(0x7f000000de80)=""/4105, 0x1009)
mount(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x2012024, 0x0)
openat$mixer(0xffffffffffffff9c, 0x0, 0x8aa01, 0x0)
creat(&(0x7f0000000d80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)

832.679227ms ago: executing program 0 (id=596):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x76, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_MPATH(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000540)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x20008400}, 0x20000000)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

426.904763ms ago: executing program 0 (id=597):
r0 = epoll_create1(0x0)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000080))
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x8, 0x7fff7ffc}]})
r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0)
write$vga_arbiter(r3, &(0x7f00000011c0)=ANY=[@ANYBLOB='lock io'], 0xc)
close_range(r2, 0xffffffffffffffff, 0x0)

426.672033ms ago: executing program 3 (id=598):
syz_usb_connect(0x3, 0x2d, &(0x7f0000000680)=ANY=[@ANYBLOB="12010000061c2f20c81403006c050102030109021b00010000000009040000018ea44300090585da09"], 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000c40))
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)

254.728306ms ago: executing program 0 (id=599):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
close(0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={<r2=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e24, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x28)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000a40)=0x84)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x84, &(0x7f00000006c0)={r2, @in6={{0xa, 0x4e24, 0x100, @empty, 0xc}}, 0xfffc, 0x86}, &(0x7f0000000500)=0x90)

0s ago: executing program 0 (id=600):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x400, 0x0)
close(r1)
socket$inet6(0xa, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
writev(r0, &(0x7f0000000480)=[{&(0x7f0000000100)="89e7ee2c78dad9b4b473fec90806fbe863cac50580cd", 0x16}, {&(0x7f0000000440)="9c74dfbf77572856c809ff86bb648daf351a32ad", 0x14}], 0x2)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.77' (ED25519) to the list of known hosts.
[   82.981801][ T5774] cgroup: Unknown subsys name 'net'
[   83.153338][ T5774] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   84.868678][ T5774] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   87.151048][ T5788] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   87.159997][ T5788] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   87.168279][ T5788] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   87.176673][ T5788] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   87.181723][ T5792] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   87.184894][ T5788] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   87.198557][ T5788] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   87.206010][ T5788] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   87.217180][ T5103] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   87.237810][ T5788] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   87.254284][ T5793] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   87.265402][ T5793] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   87.272687][ T5793] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   87.280603][ T5792] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   87.289634][   T50] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   87.301275][   T50] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   87.310551][   T50] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   87.322221][ T5788] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   87.330066][ T5793] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   87.339010][ T5793] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   87.349249][ T5788] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   87.360295][ T5793] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   87.379829][ T5793] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   87.392898][ T5793] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   88.059452][ T5796] chnl_net:caif_netlink_parms(): no params data found
[   88.084131][ T5784] chnl_net:caif_netlink_parms(): no params data found
[   88.186074][ T5786] chnl_net:caif_netlink_parms(): no params data found
[   88.248683][ T5797] chnl_net:caif_netlink_parms(): no params data found
[   88.343442][ T5796] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.350628][ T5796] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.359694][ T5796] bridge_slave_0: entered allmulticast mode
[   88.367663][ T5796] bridge_slave_0: entered promiscuous mode
[   88.383714][ T5784] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.391086][ T5784] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.400349][ T5784] bridge_slave_0: entered allmulticast mode
[   88.408090][ T5784] bridge_slave_0: entered promiscuous mode
[   88.437021][ T5796] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.444829][ T5796] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.452101][ T5796] bridge_slave_1: entered allmulticast mode
[   88.460172][ T5796] bridge_slave_1: entered promiscuous mode
[   88.473010][ T5784] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.480334][ T5784] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.488065][ T5784] bridge_slave_1: entered allmulticast mode
[   88.495376][ T5784] bridge_slave_1: entered promiscuous mode
[   88.591528][ T5796] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.617546][ T5784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.630368][ T5784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.674965][ T5796] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.697251][ T5786] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.704978][ T5786] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.712277][ T5786] bridge_slave_0: entered allmulticast mode
[   88.719695][ T5786] bridge_slave_0: entered promiscuous mode
[   88.741114][ T5797] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.748329][ T5797] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.755977][ T5797] bridge_slave_0: entered allmulticast mode
[   88.763008][ T5797] bridge_slave_0: entered promiscuous mode
[   88.788466][ T5796] team0: Port device team_slave_0 added
[   88.795269][ T5786] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.802503][ T5786] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.810433][ T5786] bridge_slave_1: entered allmulticast mode
[   88.818026][ T5786] bridge_slave_1: entered promiscuous mode
[   88.850371][ T5797] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.857725][ T5797] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.865418][ T5797] bridge_slave_1: entered allmulticast mode
[   88.872545][ T5797] bridge_slave_1: entered promiscuous mode
[   88.881122][ T5796] team0: Port device team_slave_1 added
[   88.915652][ T5784] team0: Port device team_slave_0 added
[   88.971424][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.978656][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.005975][ T5796] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   89.021551][ T5786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   89.032912][ T5784] team0: Port device team_slave_1 added
[   89.054837][ T5797] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   89.068353][ T5797] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   89.078458][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_1
[   89.085867][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.112308][ T5796] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   89.126410][ T5786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   89.199158][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_0
[   89.206459][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.232895][ T5784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   89.272381][ T5786] team0: Port device team_slave_0 added
[   89.279305][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_1
[   89.287371][ T5792] Bluetooth: hci0: command tx timeout
[   89.287416][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.319141][ T5784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   89.334289][ T5797] team0: Port device team_slave_0 added
[   89.353647][ T5786] team0: Port device team_slave_1 added
[   89.363610][ T5792] Bluetooth: hci1: command tx timeout
[   89.363948][ T5793] Bluetooth: hci2: command tx timeout
[   89.390606][ T5797] team0: Port device team_slave_1 added
[   89.400930][ T5796] hsr_slave_0: entered promiscuous mode
[   89.408425][ T5796] hsr_slave_1: entered promiscuous mode
[   89.443487][ T5793] Bluetooth: hci3: command tx timeout
[   89.495710][ T5784] hsr_slave_0: entered promiscuous mode
[   89.502903][ T5784] hsr_slave_1: entered promiscuous mode
[   89.509521][ T5784] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   89.518161][ T5784] Cannot create hsr debugfs directory
[   89.537658][ T5797] batman_adv: batadv0: Adding interface: batadv_slave_0
[   89.544966][ T5797] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.571059][ T5797] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   89.584358][ T5797] batman_adv: batadv0: Adding interface: batadv_slave_1
[   89.591362][ T5797] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.617689][ T5797] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   89.629481][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_0
[   89.636992][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.662985][ T5786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   89.676182][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_1
[   89.683646][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.710680][ T5786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   89.875544][ T5797] hsr_slave_0: entered promiscuous mode
[   89.884031][ T5797] hsr_slave_1: entered promiscuous mode
[   89.890707][ T5797] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   89.899258][ T5797] Cannot create hsr debugfs directory
[   89.909378][ T5786] hsr_slave_0: entered promiscuous mode
[   89.916219][ T5786] hsr_slave_1: entered promiscuous mode
[   89.922453][ T5786] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   89.930340][ T5786] Cannot create hsr debugfs directory
[   90.288669][ T5796] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   90.306432][ T5796] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   90.322134][ T5796] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   90.369110][ T5796] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   90.464946][ T5784] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   90.490629][ T5784] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   90.525740][ T5784] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   90.549213][ T5784] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   90.592798][ T5786] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   90.623711][ T5786] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   90.638654][ T5786] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   90.650789][ T5786] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   90.741002][ T5797] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   90.752126][ T5797] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   90.771919][ T5796] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.785627][ T5797] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   90.798841][ T5797] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   90.880779][ T5796] 8021q: adding VLAN 0 to HW filter on device team0
[   90.899657][ T4542] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.907283][ T4542] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.953082][ T4542] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.960491][ T4542] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.021348][ T5784] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.071997][ T5784] 8021q: adding VLAN 0 to HW filter on device team0
[   91.117974][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.130697][ T5796] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   91.151223][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.158436][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.182546][ T4542] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.189843][ T4542] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.244903][ T5786] 8021q: adding VLAN 0 to HW filter on device team0
[   91.308502][ T4542] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.315785][ T4542] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.327872][ T4542] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.335141][ T4542] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.370061][ T5793] Bluetooth: hci0: command tx timeout
[   91.395999][ T5797] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.443478][ T5793] Bluetooth: hci2: command tx timeout
[   91.444965][ T5792] Bluetooth: hci1: command tx timeout
[   91.471705][ T5797] 8021q: adding VLAN 0 to HW filter on device team0
[   91.517261][ T4542] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.524505][ T4542] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.532177][ T5792] Bluetooth: hci3: command tx timeout
[   91.579389][   T42] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.586595][   T42] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.639827][ T5786] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   91.758497][ T5796] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.881812][ T5796] veth0_vlan: entered promiscuous mode
[   91.948926][ T5796] veth1_vlan: entered promiscuous mode
[   91.990075][ T5784] 8021q: adding VLAN 0 to HW filter on device batadv0
[   92.056259][ T5796] veth0_macvtap: entered promiscuous mode
[   92.076691][ T5796] veth1_macvtap: entered promiscuous mode
[   92.131614][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.166660][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.191439][ T5784] veth0_vlan: entered promiscuous mode
[   92.221509][ T5796] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.230912][ T5796] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.241981][ T5796] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.252155][ T5796] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.265790][   T27] cfg80211: failed to load regulatory.db
[   92.286236][ T5784] veth1_vlan: entered promiscuous mode
[   92.437545][ T4542] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.448792][ T4542] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.456260][ T5786] 8021q: adding VLAN 0 to HW filter on device batadv0
[   92.495495][ T5797] 8021q: adding VLAN 0 to HW filter on device batadv0
[   92.525806][ T5784] veth0_macvtap: entered promiscuous mode
[   92.581639][   T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.595416][   T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.607532][ T5784] veth1_macvtap: entered promiscuous mode
[   92.620102][ T5786] veth0_vlan: entered promiscuous mode
[   92.648475][ T5786] veth1_vlan: entered promiscuous mode
[   92.687333][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   92.706277][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.722692][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.799075][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   92.815528][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.846119][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.859268][ T5784] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.870341][ T5784] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.879384][ T5784] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.889700][ T5784] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.932601][ T5797] veth0_vlan: entered promiscuous mode
[   92.985390][ T5786] veth0_macvtap: entered promiscuous mode
[   93.040347][ T5797] veth1_vlan: entered promiscuous mode
[   93.085113][ T5786] veth1_macvtap: entered promiscuous mode
[   93.205235][   T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.217477][   T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.304020][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   93.319524][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.332069][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   93.349254][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.362698][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.402826][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   93.414863][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.429018][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   93.439944][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.450156][ T5792] Bluetooth: hci0: command tx timeout
[   93.459725][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.480668][   T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.492950][ T5797] veth0_macvtap: entered promiscuous mode
[   93.514200][   T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.525569][ T5792] Bluetooth: hci1: command tx timeout
[   93.538064][ T5792] Bluetooth: hci2: command tx timeout
[   93.559511][ T5786] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.572012][ T5786] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.582299][ T5786] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.591794][ T5786] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.603542][ T5792] Bluetooth: hci3: command tx timeout
[   93.616246][ T5797] veth1_macvtap: entered promiscuous mode
[   93.756671][ T5797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   93.796210][ T5889] iommufd_mock iommufd_mock1: Adding to iommu group 0
[   93.804254][ T5797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.832192][ T5797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   93.853996][ T5797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.876046][ T5797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   93.910746][ T5797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.927406][ T5797] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.982528][ T5797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   93.995198][ T5797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.008859][ T5797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   94.021092][ T5797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.034436][ T5797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   94.045075][ T5797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.062463][ T5797] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.133819][   T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.141802][   T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.176764][ T5797] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.190071][ T5797] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.201579][ T5797] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.210679][ T5797] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.259598][ T5895] =======================================================
[   94.259598][ T5895] WARNING: The mand mount option has been deprecated and
[   94.259598][ T5895]          and is ignored by this kernel. Remove the mand
[   94.259598][ T5895]          option from the mount to silence this warning.
[   94.259598][ T5895] =======================================================
[   94.301315][   T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.312485][   T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.475298][   T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.501785][   T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.634861][   T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.658007][   T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.824556][ T5905] syz.0.14[5905]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[   94.909108][ T5905] loop0: detected capacity change from 0 to 1024
[   94.936961][ T5905] EXT4-fs: Ignoring removed oldalloc option
[   94.943040][ T5905] EXT4-fs: Ignoring removed bh option
[   95.000212][ T5905] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   95.071346][ T5905] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   95.292513][   T28] audit: type=1804 audit(1752774402.926:2): pid=5905 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.14" name="/newroot/8/file1/bus" dev="loop0" ino=18 res=1 errno=0
[   95.401707][ T5796] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   95.527567][ T5792] Bluetooth: hci0: command tx timeout
[   95.603380][ T5792] Bluetooth: hci2: command tx timeout
[   95.604017][ T5793] Bluetooth: hci1: command tx timeout
[   95.683302][ T5793] Bluetooth: hci3: command tx timeout
[   95.731430][ T5926] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   96.200086][ T5940] netlink: 8 bytes leftover after parsing attributes in process `syz.0.26'.
[   96.427082][ T5949] loop3: detected capacity change from 0 to 65
[   96.476285][ T5949] BFS-fs: bfs_fill_super(): NOTE: filesystem loop3 was created with 512 inodes, the real maximum is 511, mounting anyway
[   96.569487][ T5953] netlink: 'syz.1.31': attribute type 10 has an invalid length.
[   96.649155][ T5953] 8021q: adding VLAN 0 to HW filter on device team0
[   96.679976][ T5953] bond0: (slave team0): Enslaving as an active interface with an up link
[   96.852846][ T5955] loop0: detected capacity change from 0 to 1024
[   97.117619][ T5957] loop3: detected capacity change from 0 to 2048
[   97.197091][ T5957] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[   97.361769][   T28] audit: type=1800 audit(1752774404.996:3): pid=5957 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.33" name="file1" dev="loop3" ino=1346 res=0 errno=0
[   97.458999][   T28] audit: type=1800 audit(1752774405.036:4): pid=5957 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.33" name="file1" dev="loop3" ino=1346 res=0 errno=0
[   97.541710][ T5947] loop2: detected capacity change from 0 to 32768
[   97.595831][ T5947] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.28 (5947)
[   97.674899][ T5947] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   97.733519][ T5947] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[   97.742376][ T5947] BTRFS info (device loop2): using free space tree
[   97.931593][   T28] audit: type=1326 audit(1752774405.566:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5968 comm="syz.3.38" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f805c18e929 code=0x0
[   97.946656][ T5970] trusted_key: syz.1.40 sent an empty control message without MSG_MORE.
[   98.196986][ T5947] BTRFS info (device loop2): enabling ssd optimizations
[   98.219192][ T5947] BTRFS info (device loop2): auto enabling async discard
[   98.404003][ T5793] Bluetooth: hci1: command 0x0406 tx timeout
[   98.481851][ T5993] process 'syz.1.41' launched './file0' with NULL argv: empty string added
[   98.545706][ T5992] loop0: detected capacity change from 0 to 8192
[   98.586046][ T5992] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   98.600126][ T5992] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[   98.611151][ T5992] REISERFS (device loop0): using ordered data mode
[   98.618603][ T5992] reiserfs: using flush barriers
[   98.632242][ T5992] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   98.746636][ T5992] REISERFS (device loop0): checking transaction log (loop0)
[   98.999651][ T5992] REISERFS (device loop0): Using tea hash to sort names
[   99.030130][ T5992] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[   99.439526][ T5786] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   99.659494][ T6006] loop0: detected capacity change from 0 to 64
[  100.790377][ T6008] loop3: detected capacity change from 0 to 32768
[  100.859707][ T6008] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  101.017716][ T6010] loop1: detected capacity change from 0 to 40427
[  101.038646][ T6008] XFS (loop3): Ending clean mount
[  101.099909][ T6010] F2FS-fs (loop1): invalid crc value
[  101.121055][ T6008] XFS (loop3): Quotacheck needed: Please wait.
[  101.170226][ T6034] syz.2.53 uses obsolete (PF_INET,SOCK_PACKET)
[  101.198533][ T6010] F2FS-fs (loop1): Found nat_bits in checkpoint
[  101.324111][ T6008] XFS (loop3): Quotacheck: Done.
[  101.486837][ T6010] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  101.652433][   T28] audit: type=1804 audit(1752774409.276:6): pid=6008 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.47" name="/newroot/10/file0/bus" dev="loop3" ino=9290 res=1 errno=0
[  101.660040][ T6040] loop2: detected capacity change from 0 to 2048
[  101.792497][ T6040]  loop2: p1 < > p2 p3 p4 < p5 >
[  101.798827][ T5784] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  101.818946][ T6040] loop2: p2 size 458752 extends beyond EOD, truncated
[  101.835193][ T6040] loop2: p3 start 4284289 is beyond EOD, truncated
[  101.851063][ T6040] loop2: p5 size 458752 extends beyond EOD, truncated
[  101.871796][ T5797] syz-executor: attempt to access beyond end of device
[  101.871796][ T5797] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  101.910918][ T5797] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  102.173698][  T786] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  102.362384][ T6048] udevd[6048]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory
[  102.377913][ T5800] udevd[5800]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[  102.408159][ T5801] udevd[5801]: inotify_add_watch(7, /dev/loop2p5, 10) failed: No such file or directory
[  102.423405][  T786] usb 1-1: Using ep0 maxpacket: 16
[  102.423955][ T5795] udevd[5795]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  102.456383][  T786] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  102.504349][  T786] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  102.532317][  T786] usb 1-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  102.545655][  T786] usb 1-1: config 0 interface 0 has no altsetting 0
[  102.552354][  T786] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  102.562273][  T786] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  102.624759][  T786] usb 1-1: config 0 descriptor??
[  102.655193][ T6054] "syz.2.60" (6054) uses obsolete ecb(arc4) skcipher
[  103.298375][ T6067] netlink: 8 bytes leftover after parsing attributes in process `syz.2.65'.
[  103.407277][ T1624] usb 1-1: USB disconnect, device number 2
[  103.680745][ T6065] loop1: detected capacity change from 0 to 32768
[  103.702528][ T6065] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.64 (6065)
[  103.727053][ T6065] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  103.739926][ T6065] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  103.770788][ T6065] BTRFS info (device loop1): setting nodatacow, compression disabled
[  103.835304][ T6065] BTRFS info (device loop1): setting datacow
[  103.850821][ T6065] BTRFS info (device loop1): enabling auto defrag
[  103.864041][ T6065] BTRFS info (device loop1): using free space tree
[  103.943000][   T28] audit: type=1326 audit(1752774411.576:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6083 comm="syz.3.68" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f805c18e929 code=0x0
[  104.032402][ T6065] BTRFS info (device loop1): enabling ssd optimizations
[  104.055218][ T6065] BTRFS info (device loop1): auto enabling async discard
[  104.152460][ T6092] loop0: detected capacity change from 0 to 128
[  104.184651][ T6092] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  104.264541][ T6092] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  104.273872][   T28] audit: type=1800 audit(1752774411.896:8): pid=6065 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.64" name="file1" dev="loop1" ino=260 res=0 errno=0
[  104.440528][   T42] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  104.619132][   T28] audit: type=1800 audit(1752774412.256:9): pid=6100 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.72" name="file2" dev="overlay" ino=143 res=0 errno=0
[  104.620695][ T5797] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  105.046984][    T0] NOHZ tick-stop error: local softirq work is pending, handler #0c!!!
[  105.079241][  T786] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  105.133658][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  105.142448][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  105.257197][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  105.384141][  T786] usb 1-1: Using ep0 maxpacket: 16
[  105.422222][ T6109] Zero length message leads to an empty skb
[  105.455966][  T786] usb 1-1: config 1 has an invalid interface number: 105 but max is 0
[  105.535596][  T786] usb 1-1: config 1 has no interface number 0
[  105.632097][  T786] usb 1-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  105.760328][  T786] usb 1-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  105.863500][  T786] usb 1-1: config 1 interface 105 has no altsetting 0
[  105.962450][ T6111] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  106.009225][  T786] usb 1-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  106.024153][  T786] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  106.032218][  T786] usb 1-1: Product: syz
[  106.067124][  T786] usb 1-1: Manufacturer: syz
[  106.071806][  T786] usb 1-1: SerialNumber: syz
[  106.123381][ T6111] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  106.161719][ T6105] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  106.176241][ T6105] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  106.192816][ T6111] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  106.228749][ T6111] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  106.235605][ T6111] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  106.258177][ T6111] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  106.275030][ T6111] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  106.315124][ T6111] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  106.356200][ T6111] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  106.362621][ T6111] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  106.405926][ T6111] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  106.602353][ T6105] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  106.614045][ T6105] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  106.809668][ T6113] loop1: detected capacity change from 0 to 32768
[  106.860863][ T6113] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  107.015667][ T6134] loop2: detected capacity change from 0 to 128
[  107.039648][  T786] aqc111 1-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -32
[  107.054643][ T6113] XFS (loop1): Ending clean mount
[  107.080838][ T6113] XFS (loop1): Quotacheck needed: Please wait.
[  107.091152][  T786] aqc111 1-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -32
[  107.194799][ T6113] XFS (loop1): Quotacheck: Done.
[  107.205344][ T5792] Bluetooth: hci0: command 0x0c1a tx timeout
[  107.238654][  T786] aqc111 1-1:1.105 eth1: register 'aqc111' at usb-dummy_hcd.0-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 20:fc:94:45:3a:41
[  107.482886][  T786] usb 1-1: USB disconnect, device number 3
[  107.519441][  T786] aqc111 1-1:1.105 eth1: unregister 'aqc111' usb-dummy_hcd.0-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter
[  107.563869][ T5797] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  107.666308][  T786] aqc111 1-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  107.688408][  T786] aqc111 1-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  107.713442][  T786] aqc111 1-1:1.105 eth1 (unregistered): Failed to write(0x61) reg index 0x0000: -19
[  108.246260][ T5792] Bluetooth: hci1: command 0x0406 tx timeout
[  108.323587][ T5792] Bluetooth: hci2: command 0x0c1a tx timeout
[  108.403393][ T5792] Bluetooth: hci3: command 0x0c1a tx timeout
[  109.285318][ T5792] Bluetooth: hci0: command 0x0c1a tx timeout
[  109.684507][ T6200] vivid-000: disconnect
[  109.715497][ T6193] vivid-000: reconnect
[  109.996637][ T6212] loop0: detected capacity change from 0 to 256
[  110.050798][ T6212] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  110.050904][ T6212] exFAT-fs (loop0): Medium has reported failures. Some data may be lost.
[  110.066218][ T6212] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  110.323289][ T5792] Bluetooth: hci1: command 0x0406 tx timeout
[  110.409945][ T5792] Bluetooth: hci2: command 0x0c1a tx timeout
[  110.483476][ T5792] Bluetooth: hci3: command 0x0c1a tx timeout
[  111.363303][ T5792] Bluetooth: hci0: command 0x0c1a tx timeout
[  112.483418][ T5792] Bluetooth: hci2: command 0x0c1a tx timeout
[  112.573193][ T5792] Bluetooth: hci3: command 0x0c1a tx timeout
[  113.236062][ T6223] ÿ: renamed from bond_slave_0 (while UP)
[  113.808339][ T6220] loop2: detected capacity change from 0 to 32768
[  113.851748][ T6220] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.103 (6220)
[  113.882928][ T6220] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  113.898011][ T6220] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  113.926476][ T6220] BTRFS info (device loop2): force clearing of disk cache
[  113.943271][ T6220] BTRFS info (device loop2): metadata ratio 5
[  113.953694][ T6220] BTRFS info (device loop2): turning on sync discard
[  113.970810][ T6220] BTRFS info (device loop2): enabling disk space caching
[  113.980534][ T6220] BTRFS info (device loop2): turning off discard
[  113.987947][ T6220] BTRFS info (device loop2): disk space caching is enabled
[  114.274124][ T6220] BTRFS info (device loop2): enabling ssd optimizations
[  114.315352][ T6220] BTRFS info (device loop2): rebuilding free space tree
[  114.319379][ T6264] loop3: detected capacity change from 0 to 64
[  114.418212][ T6264] hfs: invalid btree extent records (0 size)
[  114.444387][ T6220] BTRFS info (device loop2): disabling free space tree
[  114.461306][ T6264] hfs: unable to open catalog tree
[  114.475780][ T6220] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  114.497209][ T6264] hfs: can't find a HFS filesystem on dev loop3
[  114.513930][ T6220] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  114.864520][ T6271] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  115.220053][ T6280] loop1: detected capacity change from 0 to 512
[  115.246436][ T6280] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  115.296981][ T6280] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  115.358246][ T6280] EXT4-fs (loop1): 1 truncate cleaned up
[  115.388001][ T6280] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  115.542041][ T6280] syz.1.121 (pid 6280) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  115.584332][ T5786] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  115.621825][ T6280] fscrypt: key with description 'fscrypt:0000111122223333' has invalid payload
[  115.638588][ T6280] fscrypt: key with description 'fscrypt:0000111122223333' has invalid payload
[  115.834762][ T5797] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  116.118438][ T6300] netlink: 104 bytes leftover after parsing attributes in process `syz.3.129'.
[  117.138843][ T6303] loop3: detected capacity change from 0 to 131072
[  117.204051][ T6303] F2FS-fs (loop3): Wrong CP boundary, start(512) end(1536) blocks(0)
[  117.212500][ T6303] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  117.237778][ T6303] F2FS-fs (loop3): invalid crc value
[  117.334180][ T6303] F2FS-fs (loop3): Found nat_bits in checkpoint
[  117.410518][ T6303] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  117.417716][ T6303] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  117.508449][   T28] audit: type=1326 audit(1752774425.146:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6296 comm="syz.1.128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f353912ab19 code=0x7ffc0000
[  117.556084][ T6303] F2FS-fs (loop3): Stopped filesystem due to reason: 0
[  117.602755][   T28] audit: type=1326 audit(1752774425.206:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6296 comm="syz.1.128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f353918e929 code=0x7ffc0000
[  117.741488][   T28] audit: type=1326 audit(1752774425.206:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6296 comm="syz.1.128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f353918e929 code=0x7ffc0000
[  117.844867][   T28] audit: type=1326 audit(1752774425.206:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6296 comm="syz.1.128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f353918e929 code=0x7ffc0000
[  117.957584][   T28] audit: type=1326 audit(1752774425.206:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6296 comm="syz.1.128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f353912ab19 code=0x7ffc0000
[  118.037369][ T6297] loop0: detected capacity change from 0 to 32768
[  118.083464][   T28] audit: type=1326 audit(1752774425.206:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6296 comm="syz.1.128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f353918e929 code=0x7ffc0000
[  118.156749][ T6315] loop3: detected capacity change from 0 to 128
[  118.216469][   T28] audit: type=1326 audit(1752774425.206:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6296 comm="syz.1.128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f353912ab19 code=0x7ffc0000
[  118.284242][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!!
[  118.297942][ T6315] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  118.355222][ T6315] ext4 filesystem being mounted at /34/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  118.440108][   T28] audit: type=1326 audit(1752774425.206:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6296 comm="syz.1.128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f353918e929 code=0x7ffc0000
[  118.611504][   T28] audit: type=1326 audit(1752774425.206:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6296 comm="syz.1.128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f353918e929 code=0x7ffc0000
[  118.648801][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  118.781760][   T28] audit: type=1326 audit(1752774425.206:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6296 comm="syz.1.128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f353912ab19 code=0x7ffc0000
[  118.813873][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  119.072887][ T5784] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  119.116778][ T6325] loop0: detected capacity change from 0 to 4096
[  119.183835][ T6325] ntfs3: loop0: Different NTFS sector size (1024) and media sector size (512).
[  119.575831][ T6335] loop2: detected capacity change from 0 to 512
[  119.625140][ T6335] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  119.743889][ T5863] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  119.989427][ T5863] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  120.034764][ T5863] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  120.067646][ T5863] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  120.113525][ T5863] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  120.157643][ T5863] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  120.203372][ T5863] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  120.222231][ T5863] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  120.250516][ T5863] usb 2-1: Product: syz
[  120.261350][ T5863] usb 2-1: Manufacturer: syz
[  120.296528][ T5863] cdc_wdm 2-1:1.0: skipping garbage
[  120.311940][ T5863] cdc_wdm 2-1:1.0: skipping garbage
[  120.354815][ T5863] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  120.388347][ T5863] cdc_wdm 2-1:1.0: Unknown control protocol
[  120.473838][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  120.508589][ T6344] loop3: detected capacity change from 0 to 2048
[  120.608056][ T6344] NILFS (loop3): invalid segment: Magic number mismatch
[  120.631703][ T6344] NILFS (loop3): trying rollback from an earlier position
[  120.691481][ T6344] NILFS (loop3): recovery complete
[  120.713825][ T6348] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  120.864328][ T6352] netlink: 156 bytes leftover after parsing attributes in process `syz.0.143'.
[  122.446322][  T786] usb 2-1: USB disconnect, device number 2
[  123.420403][ T6405] loop3: detected capacity change from 0 to 512
[  123.444570][ T6405] EXT4-fs: Ignoring removed orlov option
[  123.491624][ T6407] loop1: detected capacity change from 0 to 512
[  123.510078][ T6405] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  123.514464][ T6407] EXT4-fs: Ignoring removed bh option
[  123.547115][ T6407] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  123.585951][ T6407] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8002c119, mo2=0002]
[  123.616752][ T6405] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8002c119, mo2=0002]
[  123.662009][ T6407] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2244: inode #15: comm syz.1.166: corrupted in-inode xattr: e_value size too large
[  123.662912][ T6405] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2244: inode #15: comm syz.3.164: corrupted in-inode xattr: e_value size too large
[  123.707400][ T6407] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.166: couldn't read orphan inode 15 (err -117)
[  123.731228][ T6415] netlink: 'syz.0.167': attribute type 58 has an invalid length.
[  123.742604][ T6405] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.164: couldn't read orphan inode 15 (err -117)
[  123.796060][ T6407] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  123.818301][ T6405] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  124.006253][ T6407] EXT4-fs error (device loop1): ext4_check_dx_root:2266: inode #2: comm syz.1.166: Corrupt dir, invalid name for '.', running e2fsck is recommended
[  124.006683][ T5784] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  124.120021][ T5797] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  125.093390][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  125.116342][ T6419] loop0: detected capacity change from 0 to 40427
[  125.177656][ T6419] F2FS-fs (loop0): invalid crc value
[  125.229399][ T6419] F2FS-fs (loop0): Found nat_bits in checkpoint
[  125.503003][ T6419] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  125.585388][ T6447] loop1: detected capacity change from 0 to 256
[  125.663882][ T6447] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  125.683468][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  125.771713][ T6433] loop3: detected capacity change from 0 to 40427
[  125.824590][ T6419] syz.0.169: attempt to access beyond end of device
[  125.824590][ T6419] loop0: rw=34817, sector=77824, nr_sectors = 128 limit=40427
[  125.862179][ T6433] F2FS-fs (loop3): heap/no_heap options were deprecated
[  125.892673][ T6433] F2FS-fs (loop3): build fault injection attr: rate: 16, type: 0x7ffff
[  125.905800][ T6419] syz.0.169: attempt to access beyond end of device
[  125.905800][ T6419] loop0: rw=0, sector=77864, nr_sectors = 8 limit=40427
[  125.922418][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!!
[  125.940701][ T6433] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0xae
[  125.984973][ T6433] F2FS-fs (loop3): invalid crc value
[  126.022550][ T6433] F2FS-fs (loop3): inject kvmalloc in f2fs_kvmalloc of f2fs_build_segment_manager+0x30ee/0x4730
[  126.056217][ T6433] F2FS-fs (loop3): Failed to initialize F2FS segment manager (-12)
[  126.109802][ T5796] syz-executor: attempt to access beyond end of device
[  126.109802][ T5796] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  126.164083][ T5796] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  127.053843][ T6472] warning: `syz.1.187' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  127.394335][ T6478] netlink: 16 bytes leftover after parsing attributes in process `syz.3.190'.
[  127.580378][ T6485] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  127.627651][ T6486] loop1: detected capacity change from 0 to 512
[  127.673493][ T6486] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  127.797280][ T6486] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  127.856448][ T6486] ext4 filesystem being mounted at /40/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  127.982253][ T6468] loop2: detected capacity change from 0 to 32768
[  128.031824][ T6468] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  128.128028][ T6468] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  128.150831][ T5797] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  128.176992][ T6468] XFS (loop2): Starting recovery (logdev: internal)
[  128.233951][ T6468] XFS (loop2): Ending recovery (logdev: internal)
[  128.478106][   T28] kauditd_printk_skb: 182 callbacks suppressed
[  128.478122][   T28] audit: type=1804 audit(1752774436.116:202): pid=6514 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.186" name="/newroot/52/file1/file1" dev="loop2" ino=4422 res=1 errno=0
[  128.573857][   T28] audit: type=1804 audit(1752774436.196:203): pid=6468 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.186" name="/newroot/52/file1/file1" dev="loop2" ino=4422 res=1 errno=0
[  128.751165][ T5786] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  128.878942][ T6523] netlink: 8 bytes leftover after parsing attributes in process `syz.1.205'.
[  129.161234][ T6525] loop0: detected capacity change from 0 to 2048
[  129.185629][ T6525] EXT4-fs: Ignoring removed bh option
[  129.223673][ T6527] Dead loop on virtual device ip6_vti0, fix it urgently!
[  129.252771][ T6527] Dead loop on virtual device ip6_vti0, fix it urgently!
[  129.261143][ T6525] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  129.277896][ T6527] Dead loop on virtual device ip6_vti0, fix it urgently!
[  129.337360][ T6527] Dead loop on virtual device ip6_vti0, fix it urgently!
[  129.385614][ T6527] Dead loop on virtual device ip6_vti0, fix it urgently!
[  129.437547][ T6527] Dead loop on virtual device ip6_vti0, fix it urgently!
[  129.445313][   T28] audit: type=1800 audit(1752774437.086:204): pid=6525 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.207" name="file1" dev="loop0" ino=15 res=0 errno=0
[  129.491736][ T6524] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  129.517934][ T6527] Dead loop on virtual device ip6_vti0, fix it urgently!
[  129.536210][ T6533] netlink: 304 bytes leftover after parsing attributes in process `syz.2.206'.
[  129.553683][ T6533] netlink: 4 bytes leftover after parsing attributes in process `syz.2.206'.
[  129.570006][ T6524] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  129.637346][ T6524] EXT4-fs (loop0): This should not happen!! Data will be lost
[  129.637346][ T6524] 
[  129.655835][ T6524] EXT4-fs (loop0): Total free blocks count 0
[  129.708239][ T6524] EXT4-fs (loop0): Free/Dirty block details
[  129.730561][ T6524] EXT4-fs (loop0): free_blocks=2415919104
[  129.755535][ T6524] EXT4-fs (loop0): dirty_blocks=16
[  129.774909][ T6524] EXT4-fs (loop0): Block reservation details
[  129.803255][ T6524] EXT4-fs (loop0): i_reserved_data_blocks=1
[  129.859711][ T6525] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  130.053476][ T6539] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.211'.
[  130.503871][ T5832] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  130.610952][ T6550] loop3: detected capacity change from 0 to 8
[  130.640655][ T6549] loop2: detected capacity change from 0 to 2048
[  130.672926][ T6549] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  130.733461][ T5832] usb 1-1: Using ep0 maxpacket: 32
[  130.748717][ T6550] SQUASHFS error: Failed to read block 0x636: -5
[  130.760161][ T5832] usb 1-1: config 0 has no interfaces?
[  130.767709][ T6550] SQUASHFS error: Unable to read metadata cache entry [634]
[  130.781145][ T6550] SQUASHFS error: Unable to read metadata cache entry [634]
[  130.784472][ T5832] usb 1-1: New USB device found, idVendor=0856, idProduct=bc00, bcdDevice=b2.7f
[  130.834728][ T6551] SQUASHFS error: Unable to read metadata cache entry [634]
[  130.834899][ T5832] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  130.875709][ T6550] SQUASHFS error: Unable to read directory block [634:0]
[  130.882743][ T6551] SQUASHFS error: Unable to read metadata cache entry [634]
[  130.890186][ T5832] usb 1-1: Product: syz
[  130.890208][ T5832] usb 1-1: Manufacturer: syz
[  130.890224][ T5832] usb 1-1: SerialNumber: syz
[  130.906251][ T5832] usb 1-1: config 0 descriptor??
[  130.953310][ T6551] SQUASHFS error: Unable to read directory block [629:0]
[  130.954341][ T6549] loop2: detected capacity change from 2048 to 0
[  131.005422][    C1] I/O error, dev loop2, sector 1437 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  131.100422][ T5786] syz-executor: attempt to access beyond end of device
[  131.100422][ T5786] loop2: rw=0, sector=1437, nr_sectors = 1 limit=0
[  131.143919][ T5786] syz-executor: attempt to access beyond end of device
[  131.143919][ T5786] loop2: rw=0, sector=1437, nr_sectors = 1 limit=0
[  131.262010][ T5786] syz-executor: attempt to access beyond end of device
[  131.262010][ T5786] loop2: rw=2049, sector=128, nr_sectors = 1 limit=0
[  131.298165][ T5786] Buffer I/O error on dev loop2, logical block 128, lost sync page write
[  131.787975][ T5832] usb 1-1: USB disconnect, device number 4
[  131.858038][ T3458] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.011812][ T3458] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.052715][ T6570] loop1: detected capacity change from 0 to 128
[  132.122837][ T3458] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.312304][ T3458] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.741657][ T6584] loop3: detected capacity change from 0 to 128
[  132.839337][ T6584] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  132.860240][ T6584] ext4 filesystem being mounted at /64/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  132.872922][ T6587] tmpfs: Bad value for 'nr_inodes'
[  133.101070][ T5793] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  133.115992][ T5793] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  133.133807][ T5793] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  133.145618][ T5793] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  133.160523][ T5793] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  133.168175][ T5793] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  133.216234][ T1284] ieee802154 phy0 wpan0: encryption failed: -22
[  133.223321][ T1284] ieee802154 phy1 wpan1: encryption failed: -22
[  133.304477][ T6596] loop0: detected capacity change from 0 to 2048
[  133.390250][ T6596] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  133.435282][ T5784] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  133.652355][ T5796] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  133.667464][ T6603] loop3: detected capacity change from 0 to 128
[  133.728916][ T6603] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  133.773812][ T6603] ext4 filesystem being mounted at /65/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  134.075625][ T5784] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  134.443579][ T5805] usb 2-1: new full-speed USB device number 3 using dummy_hcd
[  134.636933][ T5805] usb 2-1: unable to get BOS descriptor or descriptor too short
[  134.657760][ T5805] usb 2-1: not running at top speed; connect to a high speed hub
[  134.668816][ T5805] usb 2-1: config 225 has an invalid interface number: 249 but max is 0
[  134.684083][ T5805] usb 2-1: config 225 has no interface number 0
[  134.690811][ T5805] usb 2-1: config 225 interface 249 altsetting 7 has an invalid endpoint descriptor of length 2, skipping
[  134.738041][ T5805] usb 2-1: config 225 interface 249 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  134.778950][ T5805] usb 2-1: config 225 interface 249 has no altsetting 0
[  134.811530][ T5805] usb 2-1: New USB device found, idVendor=0781, idProduct=0001, bcdDevice= 2.00
[  134.837824][ T5805] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  134.860830][ T6592] chnl_net:caif_netlink_parms(): no params data found
[  134.872224][ T5805] usb 2-1: Product: syz
[  134.884291][ T5805] usb 2-1: Manufacturer: syz
[  134.901428][ T5805] usb 2-1: SerialNumber: syz
[  135.184299][ T5805] usb-storage 2-1:225.249: USB Mass Storage device detected
[  135.203615][ T5792] Bluetooth: hci1: command tx timeout
[  135.245148][ T5805] usb-storage 2-1:225.249: Quirks match for vid 0781 pid 0001: 1
[  135.454711][ T5805] usb 2-1: USB disconnect, device number 3
[  135.889321][ T6592] bridge0: port 1(bridge_slave_0) entered blocking state
[  135.902985][ T6592] bridge0: port 1(bridge_slave_0) entered disabled state
[  135.939069][ T6592] bridge_slave_0: entered allmulticast mode
[  135.954845][ T6592] bridge_slave_0: entered promiscuous mode
[  136.009777][ T6592] bridge0: port 2(bridge_slave_1) entered blocking state
[  136.038538][ T6592] bridge0: port 2(bridge_slave_1) entered disabled state
[  136.053482][ T6592] bridge_slave_1: entered allmulticast mode
[  136.074861][ T6592] bridge_slave_1: entered promiscuous mode
[  136.187927][ T3458] hsr_slave_0: left promiscuous mode
[  136.194899][ T3458] hsr_slave_1: left promiscuous mode
[  136.201354][ T3458] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  136.209286][ T3458] batman_adv: batadv0: Removing interface: batadv_slave_0
[  136.222629][ T3458] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  136.230402][ T3458] batman_adv: batadv0: Removing interface: batadv_slave_1
[  136.239623][ T3458] bridge_slave_1: left allmulticast mode
[  136.245893][ T3458] bridge_slave_1: left promiscuous mode
[  136.254359][ T3458] bridge0: port 2(bridge_slave_1) entered disabled state
[  136.272210][ T3458] bridge_slave_0: left allmulticast mode
[  136.282568][ T3458] bridge_slave_0: left promiscuous mode
[  136.291171][ T3458] bridge0: port 1(bridge_slave_0) entered disabled state
[  136.393333][ T3458] veth1_macvtap: left promiscuous mode
[  136.404004][ T3458] veth0_macvtap: left promiscuous mode
[  136.416609][ T3458] veth1_vlan: left promiscuous mode
[  136.430645][ T3458] veth0_vlan: left promiscuous mode
[  136.512902][ T6667] loop3: detected capacity change from 0 to 32768
[  136.548522][ T6667] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  136.762202][ T6667] XFS (loop3): Ending clean mount
[  136.805966][ T6667] XFS (loop3): Quotacheck needed: Please wait.
[  136.988022][ T6667] XFS (loop3): Quotacheck: Done.
[  137.078592][   T28] audit: type=1800 audit(1752774444.716:205): pid=6667 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.249" name="file2" dev="loop3" ino=9287 res=0 errno=0
[  137.233592][ T6694] fuse: root generation should be zero
[  137.283979][ T5792] Bluetooth: hci1: command tx timeout
[  137.366430][   T28] audit: type=1326 audit(1752774445.006:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6695 comm="syz.0.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c6558e929 code=0x7ffc0000
[  137.408624][   T28] audit: type=1326 audit(1752774445.006:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6695 comm="syz.0.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c6558e929 code=0x7ffc0000
[  137.439549][   T28] audit: type=1326 audit(1752774445.026:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6695 comm="syz.0.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=91 compat=0 ip=0x7f2c6558e929 code=0x7ffc0000
[  137.462551][   T28] audit: type=1326 audit(1752774445.026:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6695 comm="syz.0.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c6558e929 code=0x7ffc0000
[  137.502336][   T28] audit: type=1326 audit(1752774445.026:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6695 comm="syz.0.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c6558e929 code=0x7ffc0000
[  137.534362][ T5784] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  137.862267][ T3458] team0 (unregistering): Port device team_slave_1 removed
[  138.013070][ T3458] team0 (unregistering): Port device team_slave_0 removed
[  138.082871][ T3458] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  138.132589][ T3458] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  138.766293][ T3458] bond0 (unregistering): Released all slaves
[  138.865495][ T6592] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  138.912624][ T6592] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  139.111322][ T6592] team0: Port device team_slave_0 added
[  139.154471][ T6592] team0: Port device team_slave_1 added
[  139.363600][ T5792] Bluetooth: hci1: command tx timeout
[  139.403305][ T6592] batman_adv: batadv0: Adding interface: batadv_slave_0
[  139.410342][ T6592] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  139.468508][ T6592] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  139.584389][ T6592] batman_adv: batadv0: Adding interface: batadv_slave_1
[  139.613227][ T6592] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  139.683464][ T6592] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  139.959865][ T6592] hsr_slave_0: entered promiscuous mode
[  139.998767][ T6592] hsr_slave_1: entered promiscuous mode
[  140.025157][ T6592] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  140.042064][ T6592] Cannot create hsr debugfs directory
[  140.810664][ T6766] loop1: detected capacity change from 0 to 256
[  140.841038][ T6766] exfat: Deprecated parameter 'utf8'
[  140.861816][ T6766] exfat: Deprecated parameter 'namecase'
[  140.896437][ T6766] exfat: Deprecated parameter 'utf8'
[  140.935308][ T6592] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  140.952918][ T6766] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d)
[  140.974687][ T6592] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  141.011505][ T6592] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  141.055616][ T6766] exFAT-fs (loop1): error, tried to truncate zeroed cluster.
[  141.090072][ T6592] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  141.135061][ T6766] exFAT-fs (loop1): hint_cluster is invalid (1), rewind to the first cluster
[  141.213559][ T6766] exFAT-fs (loop1): error, invalid access to exfat cache (entry 0x00000000)
[  141.232946][ T6766] exFAT-fs (loop1): error, failed to bmap (inode : ffff88805f8b87e0 iblock : 9, err : -5)
[  141.259813][ T6766] exFAT-fs (loop1): error, tried to truncate zeroed cluster.
[  141.298551][ T6766] exFAT-fs (loop1): error, tried to truncate zeroed cluster.
[  141.432254][ T6592] 8021q: adding VLAN 0 to HW filter on device bond0
[  141.443995][ T5792] Bluetooth: hci1: command tx timeout
[  141.447846][   T48] kworker/u4:3: attempt to access beyond end of device
[  141.447846][   T48] loop1: rw=1, sector=34359738488, nr_sectors = 8 limit=256
[  141.480020][ T6592] 8021q: adding VLAN 0 to HW filter on device team0
[  141.515769][   T42] bridge0: port 1(bridge_slave_0) entered blocking state
[  141.523076][   T42] bridge0: port 1(bridge_slave_0) entered forwarding state
[  141.552982][   T42] bridge0: port 2(bridge_slave_1) entered blocking state
[  141.560304][   T42] bridge0: port 2(bridge_slave_1) entered forwarding state
[  142.177396][ T6769] loop3: detected capacity change from 0 to 32768
[  142.216624][ T6769] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.273 (6769)
[  142.306728][ T6769] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  142.342546][ T6769] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  142.358157][ T6769] BTRFS info (device loop3): using free space tree
[  142.457133][ T6769] BTRFS info (device loop3): enabling ssd optimizations
[  142.473676][ T6769] BTRFS info (device loop3): auto enabling async discard
[  142.574792][ T6592] 8021q: adding VLAN 0 to HW filter on device batadv0
[  142.619197][   T28] audit: type=1800 audit(1752774450.256:211): pid=6769 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.273" name="bus" dev="loop3" ino=263 res=0 errno=0
[  142.715330][   T28] audit: type=1800 audit(1752774450.296:212): pid=6769 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.273" name="bus" dev="loop3" ino=263 res=0 errno=0
[  143.013681][   T28] audit: type=1800 audit(1752774450.646:213): pid=6829 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.273" name="bus" dev="loop3" ino=263 res=0 errno=0
[  143.547944][ T5784] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  143.806189][ T6592] veth0_vlan: entered promiscuous mode
[  143.852441][ T6592] veth1_vlan: entered promiscuous mode
[  144.075507][ T6592] veth0_macvtap: entered promiscuous mode
[  144.589066][ T6849] netlink: 4 bytes leftover after parsing attributes in process `syz.3.282'.
[  144.671630][    C0] vcan0: j1939_xtp_rx_dat: no tx connection found
[  144.678909][    C0] vcan0: j1939_xtp_rx_dat: no rx connection found
[  144.685530][    C0] vcan0: j1939_xtp_rx_dat: no tx connection found
[  144.692007][    C0] vcan0: j1939_xtp_rx_dat: no rx connection found
[  144.698639][    C0] vcan0: j1939_xtp_rx_dat: no tx connection found
[  144.705137][    C0] vcan0: j1939_xtp_rx_dat: no rx connection found
[  144.841938][ T6592] veth1_macvtap: entered promiscuous mode
[  144.920403][ T6592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  144.978495][ T6592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  145.003417][ T6592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  145.029977][ T6592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  145.054672][ T6592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  145.093205][ T6592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  145.142274][ T6592] batman_adv: batadv0: Interface activated: batadv_slave_0
[  145.190317][ T6592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  145.235021][ T6592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  145.276267][ T6592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  145.306268][ T6592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  145.322152][ T6867] loop3: detected capacity change from 0 to 1024
[  145.342065][ T6592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  145.367029][ T6592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  145.395125][ T6592] batman_adv: batadv0: Interface activated: batadv_slave_1
[  145.424843][ T6867] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  145.460858][ T6592] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  145.533510][ T6592] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  145.542286][ T6592] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  145.596665][ T6592] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  145.755545][ T5784] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  145.925293][ T3458] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  145.949985][ T3458] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  146.082996][   T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  146.113985][   T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  147.511630][ T6925] loop1: detected capacity change from 0 to 2048
[  147.620312][ T6925] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  147.713736][ T6925] ext4 filesystem being mounted at /73/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  148.198387][ T5797] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  149.223220][ T5863] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  149.436356][ T5863] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  149.464812][ T5863] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  149.502152][ T5863] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  149.535416][ T5863] usb 5-1: config 0 descriptor??
[  149.795810][ T5863] usbhid 5-1:0.0: can't add hid device: -71
[  149.807266][ T5863] usbhid: probe of 5-1:0.0 failed with error -71
[  149.840030][ T5863] usb 5-1: USB disconnect, device number 2
[  150.368194][ T7002] loop0: detected capacity change from 0 to 128
[  150.393803][ T5863] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  150.421387][ T7002] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  150.439412][ T7002] ext4 filesystem being mounted at /92/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  150.635528][ T5863] usb 5-1: Using ep0 maxpacket: 32
[  150.653553][ T5832] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  150.672718][ T5863] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  150.689036][ T5863] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  150.691401][ T5796] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  150.698947][ T5863] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  150.720636][ T5863] usb 5-1: config 0 descriptor??
[  150.753632][ T5863] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  150.791451][ T5863] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  150.875917][ T5832] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  150.894411][ T5832] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  150.913629][ T5832] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  150.923044][ T5832] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  150.946058][ T5832] usb 4-1: config 0 descriptor??
[  151.134258][ T5838] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  151.203304][ T5793] Bluetooth: hci1: command tx timeout
[  151.344385][ T5838] usb 1-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  151.366659][ T5838] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  151.385647][ T5832] kovaplus 0003:1E7D:2D50.0002: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.3-1/input0
[  151.397782][ T5838] usb 1-1: Product: syz
[  151.412962][ T5838] usb 1-1: Manufacturer: syz
[  151.430406][ T5838] usb 1-1: SerialNumber: syz
[  151.439915][ T5805] usb 5-1: USB disconnect, device number 3
[  151.451715][ T5838] usb 1-1: config 0 descriptor??
[  151.470177][ T5838] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  151.477915][ T5805] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[  152.105417][ T7033] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  152.119826][ T7033] overlayfs: overlapping lowerdir path
[  152.375412][ T5832] kovaplus 0003:1E7D:2D50.0002: couldn't init struct kovaplus_device
[  152.390432][ T5832] kovaplus 0003:1E7D:2D50.0002: couldn't install mouse
[  152.413038][ T5832] kovaplus: probe of 0003:1E7D:2D50.0002 failed with error -71
[  152.435637][ T5832] usb 4-1: USB disconnect, device number 2
[  152.908387][ T5838] gspca_sunplus: reg_w_riv err -71
[  152.922850][ T5838] sunplus: probe of 1-1:0.0 failed with error -71
[  152.960432][ T5838] usb 1-1: USB disconnect, device number 5
[  153.623688][ T5805] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  153.751360][ T7072] tipc: Started in network mode
[  153.757640][ T7072] tipc: Node identity 2, cluster identity 3142
[  153.764480][ T7072] tipc: Node number set to 2
[  153.770443][ T7072] tipc: Cannot configure node identity twice
[  153.818864][ T5805] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  153.851481][ T5805] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  153.872943][ T5805] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  153.891399][ T5805] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  153.903064][ T5805] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  153.920065][ T5805] usb 2-1: config 0 descriptor??
[  153.995088][   T11] Bluetooth: hci4: Frame reassembly failed (-84)
[  154.313831][ T7081] Bluetooth: hci5: Frame reassembly failed (-84)
[  154.329025][   T48] Bluetooth: hci5: Frame reassembly failed (-84)
[  154.336099][ T7063] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  154.347895][ T7063] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  154.361364][ T5805] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  154.373355][ T5805] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  154.380823][ T5805] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  154.392172][ T5805] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving
[  154.412741][ T5805] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  154.641788][ T5832] usb 2-1: USB disconnect, device number 4
[  155.563679][ T7096] sctp: [Deprecated]: syz.1.350 (pid 7096) Use of int in max_burst socket option.
[  155.563679][ T7096] Use struct sctp_assoc_value instead
[  155.717310][ T7102] input: syz1 as /devices/virtual/input/input5
[  156.005594][ T5793] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  156.050401][ T7110] loop4: detected capacity change from 0 to 1024
[  156.320000][ T7112] loop1: detected capacity change from 0 to 4096
[  156.327176][ T5792] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  156.334705][ T5788] Bluetooth: hci5: command 0x1003 tx timeout
[  156.949168][ T7129] Bluetooth: MGMT ver 1.22
[  156.995560][ T7129] Bluetooth: hci0: service_discovery: too big uuid_count value 29487
[  157.547560][ T7118] loop3: detected capacity change from 0 to 40427
[  157.564251][ T7118] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x7
[  157.611516][ T7118] F2FS-fs (loop3): invalid crc value
[  157.646758][ T7118] F2FS-fs (loop3): Found nat_bits in checkpoint
[  157.824324][ T7118] F2FS-fs (loop3): Start checkpoint disabled!
[  157.897290][ T7118] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  158.307546][ T7147] loop4: detected capacity change from 0 to 32768
[  158.321280][ T4542] kworker/u4:10: attempt to access beyond end of device
[  158.321280][ T4542] loop3: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  158.367397][   T11] kworker/u4:0: attempt to access beyond end of device
[  158.367397][   T11] loop3: rw=2049, sector=40960, nr_sectors = 24 limit=40427
[  158.388016][ T7147] XFS (loop4): Mounting V5 Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6
[  158.440920][   T11] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  158.473076][   T11] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  158.477907][ T7149] loop1: detected capacity change from 0 to 32768
[  158.521846][   T11] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  158.646571][ T7147] XFS (loop4): Ending clean mount
[  158.742275][ T7149] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  159.079194][ T7172] (syz.1.369,7172,0):ocfs2_read_blocks_sync:112 ERROR: status = -12
[  159.109400][ T7172] (syz.1.369,7172,0):update_backups:188 ERROR: status = -12
[  159.157666][ T7172] ocfs2: Failed to update super blocks on 7,1 during fs resize. This condition is not fatal, but fsck.ocfs2 should be run to fix it
[  159.219568][ T6592] XFS (loop4): Unmounting Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6
[  159.508650][ T7180] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  159.526915][ T5797] ocfs2: Unmounting device (7,1) on (node local)
[  160.257621][ T7190] loop4: detected capacity change from 0 to 128
[  160.565921][ T7190] EXT4-fs (loop4): Test dummy encryption mode enabled
[  160.599778][ T7190] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  160.697924][ T7190] ext4 filesystem being mounted at /25/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  160.892723][ T7190] fscrypt: AES-256-XTS using implementation "xts-aes-aesni"
[  161.118916][ T6592] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  162.211900][ T7238] loop0: detected capacity change from 0 to 32768
[  162.223920][ T7238] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.394 (7238)
[  162.249676][ T7238] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  162.260117][ T7238] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  162.268932][ T7238] BTRFS info (device loop0): turning on sync discard
[  162.275721][ T7238] BTRFS info (device loop0): use zlib compression, level 3
[  162.282970][ T7238] BTRFS info (device loop0): turning off barriers
[  162.289778][ T7238] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  162.301004][ T7238] BTRFS info (device loop0): trying to use backup root at mount time
[  162.309212][ T7238] BTRFS info (device loop0): enabling auto defrag
[  162.315870][ T7238] BTRFS info (device loop0): max_inline at 0
[  162.321905][ T7238] BTRFS info (device loop0): using free space tree
[  162.429187][   T42] BTRFS warning (device loop0): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  162.473430][ T7238] BTRFS error (device loop0): failed to load root extent
[  162.480577][ T7238] BTRFS warning (device loop0): try to load backup roots slot 1
[  162.492011][   T42] BTRFS warning (device loop0): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  162.506869][ T7238] BTRFS warning (device loop0): couldn't read tree root
[  162.515292][ T7238] BTRFS warning (device loop0): try to load backup roots slot 2
[  162.532656][   T42] BTRFS error (device loop0): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  162.566902][ T7238] BTRFS warning (device loop0): couldn't read tree root
[  162.574679][ T7238] BTRFS warning (device loop0): try to load backup roots slot 3
[  162.617629][ T7238] BTRFS info (device loop0): enabling ssd optimizations
[  162.627954][ T7238] BTRFS info (device loop0): rebuilding free space tree
[  162.721154][ T7238] BTRFS info (device loop0): checking UUID tree
[  163.220345][ T5796] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  163.883125][    C1] sched: RT throttling activated
[  164.432570][ T7281] Illegal XDP return value 4294967274 on prog  (id 69) dev syz_tun, expect packet loss!
[  164.907852][ T5795] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 9 /dev/loop0 scanned by udevd (5795)
[  165.388230][ T7265] loop3: detected capacity change from 0 to 262144
[  165.479677][ T7265] F2FS-fs (loop3): invalid crc value
[  165.516278][ T7265] F2FS-fs (loop3): Found nat_bits in checkpoint
[  165.591504][ T7265] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  166.509844][ T7322] loop1: detected capacity change from 0 to 1024
[  166.522868][ T7322] EXT4-fs: Ignoring removed oldalloc option
[  166.552248][ T7322] EXT4-fs: Ignoring removed orlov option
[  166.591533][ T7322] EXT4-fs (loop1): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  166.671447][ T7322] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  166.685633][ T7325] loop0: detected capacity change from 0 to 4096
[  166.976758][ T5797] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  168.373293][ T7346] loop1: detected capacity change from 0 to 32768
[  168.396088][ T7346] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.416 (7346)
[  168.473202][ T7346] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  168.514962][ T7346] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  168.542390][ T7346] BTRFS info (device loop1): setting nodatacow, compression disabled
[  168.583766][ T7346] BTRFS info (device loop1): enabling ssd optimizations
[  168.590885][ T7346] BTRFS info (device loop1): setting datacow
[  168.597046][ T7370] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  168.662243][ T7346] BTRFS info (device loop1): doing ref verification
[  168.682753][ T7346] BTRFS info (device loop1): force clearing of disk cache
[  168.701062][ T7346] BTRFS info (device loop1): turning off barriers
[  168.711193][ T7346] BTRFS info (device loop1): using spread ssd allocation scheme
[  168.750333][ T7346] BTRFS info (device loop1): using free space tree
[  169.023593][ T7346] BTRFS info (device loop1): auto enabling async discard
[  169.100327][ T7346] BTRFS info (device loop1): rebuilding free space tree
[  169.669852][ T7408] loop4: detected capacity change from 0 to 1024
[  169.694382][ T7408] EXT4-fs: Ignoring removed oldalloc option
[  169.700480][ T7408] EXT4-fs: Ignoring removed bh option
[  169.741253][ T7408] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  169.826498][ T7408] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  169.852370][ T5797] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  169.875736][   T28] audit: type=1804 audit(1752774477.516:214): pid=7408 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.425" name="/newroot/40/file1/bus" dev="loop4" ino=18 res=1 errno=0
[  170.066627][ T6592] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  170.399870][ T7431] loop0: detected capacity change from 0 to 65
[  170.451862][ T7431] BFS-fs: bfs_fill_super(): NOTE: filesystem loop0 was created with 512 inodes, the real maximum is 511, mounting anyway
[  170.696232][ T7438] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  171.023744][ T5832] libceph: connect (1)[c::]:6789 error -101
[  171.030821][ T5832] libceph: mon0 (1)[c::]:6789 connect error
[  171.098263][ T5832] libceph: connect (1)[c::]:6789 error -101
[  171.134846][ T5832] libceph: mon0 (1)[c::]:6789 connect error
[  171.213813][ T7453] loop3: detected capacity change from 0 to 256
[  171.253576][ T7442] ceph: No mds server is up or the cluster is laggy
[  171.275661][ T7453] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0xda2184db, utbl_chksum : 0xe619d30d)
[  171.587856][ T7459] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  171.645214][ T7459] batadv_slave_0: entered promiscuous mode
[  171.691283][ T7464] loop4: detected capacity change from 0 to 64
[  171.823219][   T28] audit: type=1804 audit(1752774479.446:215): pid=7465 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.440" name="/newroot/103/file0/file1" dev="overlay" ino=566 res=1 errno=0
[  172.189835][ T7477] loop4: detected capacity change from 0 to 65
[  172.265781][ T7477] BFS-fs: bfs_fill_super(): NOTE: filesystem loop4 was created with 512 inodes, the real maximum is 511, mounting anyway
[  172.869456][ T7489] loop1: detected capacity change from 0 to 8192
[  172.877705][ T7495] loop3: detected capacity change from 0 to 2048
[  172.929256][ T7489] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  172.996132][ T7489] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal
[  173.008944][ T7489] REISERFS (device loop1): using ordered data mode
[  173.015937][ T7489] reiserfs: using flush barriers
[  173.036610][ T7495] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[  173.092562][ T7489] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  173.109501][ T7495] UDF-fs: Scanning with blocksize 512 failed
[  173.158385][ T7489] REISERFS (device loop1): checking transaction log (loop1)
[  173.180470][ T7495] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  173.285748][ T5863] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  173.439419][ T7489] REISERFS (device loop1): Using tea hash to sort names
[  173.468686][ T7489] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  173.514270][ T5863] usb 5-1: Using ep0 maxpacket: 16
[  173.528880][ T5863] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  173.550003][ T5863] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  173.579862][ T5863] usb 5-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  173.620443][ T5863] usb 5-1: config 0 interface 0 has no altsetting 0
[  173.638302][ T5863] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  173.657766][ T5863] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  173.694053][ T5863] usb 5-1: config 0 descriptor??
[  173.753469][  T786] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  173.821509][ T7519] loop3: detected capacity change from 0 to 64
[  173.974473][  T786] usb 1-1: Using ep0 maxpacket: 8
[  173.985862][  T786] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  174.014395][  T786] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  174.043031][  T786] usb 1-1: Product: syz
[  174.047613][  T786] usb 1-1: Manufacturer: syz
[  174.052294][  T786] usb 1-1: SerialNumber: syz
[  174.107238][  T786] usb 1-1: config 0 descriptor??
[  174.351186][  T786] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  174.464519][ T5863] usb 5-1: USB disconnect, device number 4
[  174.920721][ T7534] loop1: detected capacity change from 0 to 65
[  174.969520][ T7534] BFS-fs: bfs_fill_super(): NOTE: filesystem loop1 was created with 512 inodes, the real maximum is 511, mounting anyway
[  175.287988][ T7544] input: syz1 as /devices/virtual/input/input6
[  175.533488][ T5863] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  175.567414][  T786] dvb_usb_rtl28xxu: probe of 1-1:0.0 failed with error -71
[  175.596308][  T786] usb 1-1: USB disconnect, device number 6
[  175.634587][ T7553] loop3: detected capacity change from 0 to 2048
[  175.721959][ T7553] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  175.743705][ T5863] usb 5-1: Using ep0 maxpacket: 32
[  175.783698][ T5863] usb 5-1: config 0 has an invalid interface number: 111 but max is 1
[  175.799752][ T7555] nbd1: detected capacity change from 0 to 63
[  175.827614][ T5863] usb 5-1: config 0 has no interface number 1
[  175.855244][ T5863] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=4a.83
[  175.859496][ T7560] block nbd1: NBD_DISCONNECT
[  175.874690][ T7560] block nbd1: Disconnected due to user request.
[  175.881608][ T7560] block nbd1: shutting down sockets
[  175.904649][ T5784] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  175.915313][ T5863] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  175.924208][ T5863] usb 5-1: Product: syz
[  175.926210][    C1] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  175.928631][ T5863] usb 5-1: Manufacturer: syz
[  175.937508][    C1] Buffer I/O error on dev nbd1, logical block 0, async page read
[  175.942733][   T54] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 3 prio class 2
[  175.952450][ T5863] usb 5-1: SerialNumber: syz
[  175.960822][   T54] Buffer I/O error on dev nbd1, logical block 1, async page read
[  175.972711][   T54] Buffer I/O error on dev nbd1, logical block 2, async page read
[  175.980674][   T54] Buffer I/O error on dev nbd1, logical block 3, async page read
[  175.991132][ T1168] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 4 prio class 2
[  176.009003][ T1168] Buffer I/O error on dev nbd1, logical block 0, async page read
[  176.017551][ T1168] Buffer I/O error on dev nbd1, logical block 1, async page read
[  176.027924][ T1168] Buffer I/O error on dev nbd1, logical block 2, async page read
[  176.036237][ T1168] Buffer I/O error on dev nbd1, logical block 3, async page read
[  176.045228][ T1168] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 4 prio class 2
[  176.054370][ T1168] Buffer I/O error on dev nbd1, logical block 0, async page read
[  176.062424][ T1168] Buffer I/O error on dev nbd1, logical block 1, async page read
[  176.072837][ T1168] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 4 prio class 2
[  176.082347][ T1168] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 4 prio class 2
[  176.103550][ T1168] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 4 prio class 2
[  176.113008][ T1168] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 4 prio class 2
[  176.123379][ T1168] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  176.132672][ T1168] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  176.142629][ T6048] ldm_validate_partition_table(): Disk read failed.
[  176.156973][ T5863] usb 5-1: config 0 descriptor??
[  176.225571][ T6048] Dev nbd1: unable to read RDB block 0
[  176.284673][ T6048]  nbd1: unable to read partition table
[  176.372100][ T6048] ldm_validate_partition_table(): Disk read failed.
[  176.372416][ T5863] snd-usb-6fire 5-1:0.111: unable to receive device firmware state.
[  176.393241][ T6048] Dev nbd1: unable to read RDB block 0
[  176.425337][ T6048]  nbd1: unable to read partition table
[  176.446380][ T5863] snd-usb-6fire: probe of 5-1:0.111 failed with error -71
[  176.510616][ T5863] usb 5-1: USB disconnect, device number 5
[  176.583650][ T7570] loop3: detected capacity change from 0 to 8192
[  176.601856][ T7570] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  176.617126][ T7570] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal
[  176.627372][ T7570] REISERFS (device loop3): using ordered data mode
[  176.634777][ T7570] reiserfs: using flush barriers
[  176.642089][ T7570] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  176.659542][ T7570] REISERFS (device loop3): checking transaction log (loop3)
[  176.878908][ T7570] REISERFS (device loop3): Using tea hash to sort names
[  176.935269][ T7570] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  177.150938][   T28] audit: type=1326 audit(1752774484.786:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7580 comm="syz.4.467" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe23658e929 code=0x0
[  177.172887][    C1] vkms_vblank_simulate: vblank timer overrun
[  177.923645][  T786] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  178.127717][  T786] usb 4-1: Using ep0 maxpacket: 16
[  178.164077][  T786] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  178.194225][  T786] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  178.216677][ T7602] loop1: detected capacity change from 0 to 128
[  178.223211][  T786] usb 4-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  178.240405][  T786] usb 4-1: config 0 interface 0 has no altsetting 0
[  178.248698][  T786] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  178.267262][ T7602] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (30846!=65535)
[  178.285911][  T786] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  178.299618][  T786] usb 4-1: config 0 descriptor??
[  178.327975][ T7602] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 ro without journal. Quota mode: none.
[  178.354576][ T7602] EXT4-fs error (device loop1): htree_dirblock_to_tree:1083: inode #2: comm syz.1.476: Directory block failed checksum
[  178.426180][ T5797] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  178.995819][  T786] usb 4-1: USB disconnect, device number 3
[  179.041413][ T7615] vivid-000: disconnect
[  179.047063][ T7614] vivid-000: reconnect
[  179.309042][ T7624] loop1: detected capacity change from 0 to 512
[  179.494344][ T7624] EXT4-fs error (device loop1): ext4_do_update_inode:5230: inode #16: comm syz.1.484: corrupted inode contents
[  179.549149][ T7624] EXT4-fs error (device loop1): ext4_dirty_inode:6106: inode #16: comm syz.1.484: mark_inode_dirty error
[  179.571084][ T7624] EXT4-fs error (device loop1): ext4_do_update_inode:5230: inode #16: comm syz.1.484: corrupted inode contents
[  179.660464][ T7624] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #16: comm syz.1.484: mark_inode_dirty error
[  179.725076][ T7624] EXT4-fs error (device loop1): ext4_do_update_inode:5230: inode #16: comm syz.1.484: corrupted inode contents
[  179.773373][ T7624] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem
[  179.795622][ T7624] EXT4-fs error (device loop1): ext4_do_update_inode:5230: inode #16: comm syz.1.484: corrupted inode contents
[  179.835429][ T7624] EXT4-fs error (device loop1): ext4_truncate:4288: inode #16: comm syz.1.484: mark_inode_dirty error
[  179.856983][ T7624] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem
[  179.922927][ T7624] EXT4-fs (loop1): 1 truncate cleaned up
[  179.935514][ T7624] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  179.935853][ T4542] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  179.955978][ T7624] ext4 filesystem being mounted at /119/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  180.043459][ T4542] EXT4-fs error (device loop1): ext4_release_dquot:6974: comm kworker/u4:10: Failed to release dquot type 1
[  180.110974][ T7638] syz.0.489 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  180.201072][ T5797] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #2: block 3: comm syz-executor: lblock 0 mapped to illegal pblock 3 (length 1)
[  180.435173][ T6571] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5902: Corrupt filesystem
[  180.450386][ T6571] EXT4-fs error (device loop1): ext4_dirty_inode:6106: inode #2: comm syz.1.226: mark_inode_dirty error
[  180.474536][ T6571] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  180.492192][ T6571] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5902: Corrupt filesystem
[  180.546830][ T6571] EXT4-fs error (device loop1): ext4_quota_off:7222: inode #4: comm syz.1.226: mark_inode_dirty error
[  180.588782][ T6571] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5902: Corrupt filesystem
[  180.811030][ T6571] EXT4-fs error (device loop1): ext4_quota_off:7222: inode #3: comm syz.1.226: mark_inode_dirty error
[  181.572620][ T7650] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  181.614662][ T7650] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  181.626581][ T7650] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  181.637278][ T7650] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  181.646807][ T7650] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  182.084745][ T3458] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.229758][ T3458] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.367036][ T3458] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.515576][ T3458] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.803647][ T5788] Bluetooth: hci0: command 0x0c1a tx timeout
[  182.820232][ T7675] loop4: detected capacity change from 0 to 64
[  182.885651][ T7675] hfs: invalid btree extent records (0 size)
[  182.899678][ T7675] hfs: unable to open catalog tree
[  182.951483][ T7675] hfs: can't find a HFS filesystem on dev loop4
[  183.225423][ T7678] netlink: 104 bytes leftover after parsing attributes in process `syz.0.515'.
[  183.276115][ T5792] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  183.291549][ T5792] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  183.301766][ T5792] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  183.311105][ T5792] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  183.325048][ T5792] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  183.332522][ T5792] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  183.371070][ T7683] loop4: detected capacity change from 0 to 256
[  183.431031][ T7683] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  183.473947][ T7683] exFAT-fs (loop4): Medium has reported failures. Some data may be lost.
[  183.529678][ T7683] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  183.683448][ T5792] Bluetooth: hci1: command 0x0c1a tx timeout
[  183.689600][ T5792] Bluetooth: hci2: command 0x0c1a tx timeout
[  184.720215][ T7708] loop3: detected capacity change from 0 to 512
[  184.822227][ T7708] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  185.004430][ T7708] EXT4-fs (loop3): 1 truncate cleaned up
[  185.042260][ T7708] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  185.069764][ T7693] loop0: detected capacity change from 0 to 131072
[  185.087090][ T7693] F2FS-fs (loop0): Wrong CP boundary, start(512) end(1536) blocks(0)
[  185.095384][ T7693] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  185.113510][ T7693] F2FS-fs (loop0): invalid crc value
[  185.185686][ T7693] F2FS-fs (loop0): Found nat_bits in checkpoint
[  185.251707][ T7708] fscrypt: key with description 'fscrypt:0000111122223333' has invalid payload
[  185.271214][ T7680] chnl_net:caif_netlink_parms(): no params data found
[  185.283963][ T7693] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  185.291080][ T7693] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[  185.301612][ T7708] fscrypt: key with description 'fscrypt:0000111122223333' has invalid payload
[  185.399706][ T5784] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  185.418554][ T7693] F2FS-fs (loop0): Stopped filesystem due to reason: 0
[  185.443346][ T5792] Bluetooth: hci3: command tx timeout
[  185.764827][ T5792] Bluetooth: hci1: command 0x0c1a tx timeout
[  185.907375][ T7734] loop0: detected capacity change from 0 to 128
[  185.953260][  T786] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  186.081440][ T7734] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  186.277223][ T7734] ext4 filesystem being mounted at /144/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  186.880283][ T7737] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  186.907747][ T7737] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  186.926649][ T7680] bridge0: port 1(bridge_slave_0) entered blocking state
[  186.948318][ T7680] bridge0: port 1(bridge_slave_0) entered disabled state
[  186.974655][ T7680] bridge_slave_0: entered allmulticast mode
[  187.005507][ T7737] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  187.011699][ T7680] bridge_slave_0: entered promiscuous mode
[  187.032099][ T7737] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  187.055783][ T7737] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  187.061807][  T786] usb 4-1: Using ep0 maxpacket: 16
[  187.077441][  T786] usb 4-1: config 1 has an invalid interface number: 105 but max is 0
[  187.107004][  T786] usb 4-1: config 1 has no interface number 0
[  187.116661][  T786] usb 4-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  187.124303][ T7737] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  187.132864][ T5796] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  187.161609][  T786] usb 4-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  187.185004][  T786] usb 4-1: config 1 interface 105 has no altsetting 0
[  187.195699][  T786] usb 4-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  187.213792][  T786] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  187.228787][ T7680] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.247133][ T7680] bridge0: port 2(bridge_slave_1) entered disabled state
[  187.261347][ T7680] bridge_slave_1: entered allmulticast mode
[  187.267583][  T786] usb 4-1: Product: syz
[  187.271803][  T786] usb 4-1: Manufacturer: syz
[  187.295898][ T7680] bridge_slave_1: entered promiscuous mode
[  187.296007][  T786] usb 4-1: SerialNumber: syz
[  187.365925][ T7730] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  187.383670][ T7730] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  187.492309][ T3458] hsr_slave_0: left promiscuous mode
[  187.518784][ T3458] hsr_slave_1: left promiscuous mode
[  187.549689][ T3458] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  187.585615][ T3458] batman_adv: batadv0: Removing interface: batadv_slave_0
[  187.614563][ T3458] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  187.636433][ T3458] batman_adv: batadv0: Removing interface: batadv_slave_1
[  187.652499][ T3458] bridge_slave_1: left allmulticast mode
[  187.663237][ T3458] bridge_slave_1: left promiscuous mode
[  187.679322][ T3458] bridge0: port 2(bridge_slave_1) entered disabled state
[  187.699182][ T3458] bridge_slave_0: left allmulticast mode
[  187.733140][ T3458] bridge_slave_0: left promiscuous mode
[  187.748882][ T3458] bridge0: port 1(bridge_slave_0) entered disabled state
[  187.838528][ T7730] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  187.882599][ T7730] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  187.955624][ T3458] veth1_macvtap: left promiscuous mode
[  187.961247][ T3458] veth0_macvtap: left promiscuous mode
[  187.982338][ T3458] veth1_vlan: left promiscuous mode
[  188.003712][ T3458] veth0_vlan: left promiscuous mode
[  188.324351][  T786] aqc111 4-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -32
[  188.355695][  T786] aqc111 4-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -32
[  188.493525][ T5792] Bluetooth: hci0: command 0x0c1a tx timeout
[  188.970888][ T5792] Bluetooth: hci2: command 0x0c1a tx timeout
[  189.041520][ T7762] loop4: detected capacity change from 0 to 32768
[  189.053374][ T5792] Bluetooth: hci3: command 0x040f tx timeout
[  189.059490][ T5788] Bluetooth: hci1: command 0x0c1a tx timeout
[  189.111510][   T28] audit: type=1326 audit(1752774496.726:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7766 comm="syz.0.527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c6558e929 code=0x7ffc0000
[  189.173623][   T28] audit: type=1326 audit(1752774496.726:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7766 comm="syz.0.527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2c6552ab19 code=0x7ffc0000
[  189.254200][   T28] audit: type=1326 audit(1752774496.726:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7766 comm="syz.0.527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c6558e929 code=0x7ffc0000
[  189.313386][   T28] audit: type=1326 audit(1752774496.726:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7766 comm="syz.0.527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c6558e929 code=0x7ffc0000
[  189.339158][ T7773] loop0: detected capacity change from 0 to 512
[  189.377265][   T28] audit: type=1326 audit(1752774496.726:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7766 comm="syz.0.527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c6558e929 code=0x7ffc0000
[  189.412993][   T28] audit: type=1326 audit(1752774496.726:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7766 comm="syz.0.527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c6558e929 code=0x7ffc0000
[  189.437510][   T28] audit: type=1326 audit(1752774496.726:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7766 comm="syz.0.527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c6558e929 code=0x7ffc0000
[  189.461032][   T28] audit: type=1326 audit(1752774496.726:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7766 comm="syz.0.527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c6558e929 code=0x7ffc0000
[  189.483836][   T28] audit: type=1326 audit(1752774496.726:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7766 comm="syz.0.527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2c6552ab19 code=0x7ffc0000
[  189.497128][ T7773] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  189.506846][   T28] audit: type=1326 audit(1752774496.726:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7766 comm="syz.0.527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c6558e929 code=0x7ffc0000
[  189.668178][ T7776] loop3: detected capacity change from 0 to 4096
[  189.718345][ T7776] ntfs3: loop3: Different NTFS sector size (1024) and media sector size (512).
[  190.213244][ T5796] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  190.238668][ T7781] netlink: 156 bytes leftover after parsing attributes in process `syz.3.531'.
[  190.492263][ T3458] team0 (unregistering): Port device team_slave_1 removed
[  190.602893][ T3458] team0 (unregistering): Port device team_slave_0 removed
[  190.781783][ T3458] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  191.004676][ T3458] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  191.133790][ T5788] Bluetooth: hci3: command 0x040f tx timeout
[  191.468451][ T3458] bond0 (unregistering): (slave team0): Releasing backup interface
[  191.640862][ T3458] bond0 (unregistering): Released all slaves
[  191.727474][ T7680] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  191.746500][  T786] aqc111 4-1:1.105 eth9: register 'aqc111' at usb-dummy_hcd.3-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 20:fc:94:45:3a:41
[  191.776768][  T786] usb 4-1: USB disconnect, device number 4
[  191.802271][  T786] aqc111 4-1:1.105 eth9: unregister 'aqc111' usb-dummy_hcd.3-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter
[  191.888322][ T7680] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  192.123445][  T786] aqc111 4-1:1.105 eth9 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  192.141936][ T7680] team0: Port device team_slave_0 added
[  192.150739][  T786] aqc111 4-1:1.105 eth9 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  192.170324][  T786] aqc111 4-1:1.105 eth9 (unregistered): Failed to write(0x61) reg index 0x0000: -19
[  192.229554][ T7680] team0: Port device team_slave_1 added
[  192.349371][ T7813] loop0: detected capacity change from 0 to 2048
[  192.377355][ T7680] batman_adv: batadv0: Adding interface: batadv_slave_0
[  192.412618][ T7680] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  192.447979][ T7680] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  192.473273][ T7813] NILFS (loop0): invalid segment: Magic number mismatch
[  192.480297][ T7813] NILFS (loop0): trying rollback from an earlier position
[  192.515398][ T7680] batman_adv: batadv0: Adding interface: batadv_slave_1
[  192.522406][ T7680] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  192.577754][ T7680] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  192.620564][ T7813] NILFS (loop0): recovery complete
[  192.643969][ T7819] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  192.974648][ T7680] hsr_slave_0: entered promiscuous mode
[  193.005675][ T7680] hsr_slave_1: entered promiscuous mode
[  193.043608][ T7680] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  193.054293][ T7680] Cannot create hsr debugfs directory
[  193.204283][ T5788] Bluetooth: hci3: command 0x040f tx timeout
[  193.313233][  T786] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  193.543362][  T786] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  193.552036][  T786] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  193.583272][  T786] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  193.593925][  T786] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  193.653192][  T786] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  193.680688][  T786] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  193.692177][  T786] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  193.713225][  T786] usb 4-1: Product: syz
[  193.717540][  T786] usb 4-1: Manufacturer: syz
[  193.736762][  T786] cdc_wdm 4-1:1.0: skipping garbage
[  193.750792][  T786] cdc_wdm 4-1:1.0: skipping garbage
[  193.759575][  T786] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  193.769017][ T7680] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  193.770246][  T786] cdc_wdm 4-1:1.0: Unknown control protocol
[  193.808156][ T7680] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  193.837209][ T7680] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  193.923310][ T7680] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  193.962139][ T7845] loop4: detected capacity change from 0 to 512
[  193.984670][ T7845] EXT4-fs: Ignoring removed bh option
[  193.993756][ T7845] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  194.041070][ T7845] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8002c119, mo2=0002]
[  194.120403][ T7845] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2244: inode #15: comm syz.4.547: corrupted in-inode xattr: e_value size too large
[  194.149212][ T7845] EXT4-fs error (device loop4): ext4_orphan_get:1404: comm syz.4.547: couldn't read orphan inode 15 (err -117)
[  194.198733][ T7845] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  194.231259][ T7680] 8021q: adding VLAN 0 to HW filter on device bond0
[  194.299418][ T7680] 8021q: adding VLAN 0 to HW filter on device team0
[  194.326879][ T7845] EXT4-fs error (device loop4): ext4_check_dx_root:2266: inode #2: comm syz.4.547: Corrupt dir, invalid name for '.', running e2fsck is recommended
[  194.356522][ T3458] bridge0: port 1(bridge_slave_0) entered blocking state
[  194.364916][ T3458] bridge0: port 1(bridge_slave_0) entered forwarding state
[  194.418135][ T6592] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  194.449874][ T3458] bridge0: port 2(bridge_slave_1) entered blocking state
[  194.457126][ T3458] bridge0: port 2(bridge_slave_1) entered forwarding state
[  194.671043][ T1284] ieee802154 phy0 wpan0: encryption failed: -22
[  194.677614][ T1284] ieee802154 phy1 wpan1: encryption failed: -22
[  195.168947][ T7680] 8021q: adding VLAN 0 to HW filter on device batadv0
[  195.283480][ T5788] Bluetooth: hci3: command 0x040f tx timeout
[  196.017900][ T5832] usb 4-1: USB disconnect, device number 5
[  196.286302][ T7680] veth0_vlan: entered promiscuous mode
[  196.369172][ T7680] veth1_vlan: entered promiscuous mode
[  196.477377][ T7680] veth0_macvtap: entered promiscuous mode
[  196.510814][ T7680] veth1_macvtap: entered promiscuous mode
[  196.587583][ T7680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  196.625232][ T7680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  196.662164][ T7680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  196.714518][ T7680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  196.740374][ T7680] batman_adv: batadv0: Interface activated: batadv_slave_0
[  196.772832][ T7680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  196.811163][ T7680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  196.833353][ T7680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  196.859149][ T7680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  196.876704][ T7680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  196.894408][ T7680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  196.911134][ T7680] batman_adv: batadv0: Interface activated: batadv_slave_1
[  196.940043][ T7680] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  196.954451][ T7680] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  196.976776][ T7680] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  196.987038][ T7680] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  197.163657][   T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  197.171544][   T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  197.284609][   T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  197.292494][   T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  197.363692][ T5788] Bluetooth: hci3: command 0x040f tx timeout
[  197.584151][ T7910] loop0: detected capacity change from 0 to 40427
[  197.627625][ T7910] F2FS-fs (loop0): heap/no_heap options were deprecated
[  197.646924][ T7910] F2FS-fs (loop0): build fault injection attr: rate: 16, type: 0x7ffff
[  197.664439][ T7910] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0xae
[  197.680654][ T7910] F2FS-fs (loop0): invalid crc value
[  197.708174][ T7910] F2FS-fs (loop0): inject kvmalloc in f2fs_kvmalloc of f2fs_build_segment_manager+0x30ee/0x4730
[  197.727409][ T7910] F2FS-fs (loop0): Failed to initialize F2FS segment manager (-12)
[  197.908530][ T7937] loop5: detected capacity change from 0 to 512
[  197.931707][ T7918] loop4: detected capacity change from 0 to 40427
[  197.977016][ T7937] EXT4-fs: Ignoring removed orlov option
[  197.993964][ T7918] F2FS-fs (loop4): invalid crc value
[  198.002459][ T7937] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  198.053025][ T7918] F2FS-fs (loop4): Found nat_bits in checkpoint
[  198.101260][ T7937] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8002c119, mo2=0002]
[  198.202924][ T7937] EXT4-fs error (device loop5): ext4_xattr_ibody_find:2244: inode #15: comm syz.5.562: corrupted in-inode xattr: e_value size too large
[  198.255423][ T7937] EXT4-fs error (device loop5): ext4_orphan_get:1404: comm syz.5.562: couldn't read orphan inode 15 (err -117)
[  198.286353][ T7918] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  198.309152][ T7937] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  198.557172][ T7918] syz.4.560: attempt to access beyond end of device
[  198.557172][ T7918] loop4: rw=34817, sector=77824, nr_sectors = 128 limit=40427
[  198.648582][ T7918] syz.4.560: attempt to access beyond end of device
[  198.648582][ T7918] loop4: rw=0, sector=77864, nr_sectors = 8 limit=40427
[  198.674095][ T7680] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  198.901187][ T7962] netlink: 'syz.5.567': attribute type 58 has an invalid length.
[  198.952844][ T6592] syz-executor: attempt to access beyond end of device
[  198.952844][ T6592] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  198.994094][ T6592] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  199.263612][ T7971] netlink: 16 bytes leftover after parsing attributes in process `syz.5.572'.
[  199.764284][    C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
[  200.401574][ T7977] loop3: detected capacity change from 0 to 32768
[  200.423774][ T7977] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.573 (7977)
[  200.482757][ T7977] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  200.510242][ T7977] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  200.569530][ T7977] BTRFS info (device loop3): using free space tree
[  200.729020][ T7977] BTRFS info (device loop3): enabling ssd optimizations
[  200.766534][ T7977] BTRFS info (device loop3): auto enabling async discard
[  200.767386][ T7990] loop0: detected capacity change from 0 to 32768
[  200.801959][ T7990] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.577 (7990)
[  200.896260][ T7990] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  200.943358][ T7990] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  200.952084][ T7990] BTRFS info (device loop0): setting nodatacow, compression disabled
[  201.013925][ T7990] BTRFS info (device loop0): setting datacow
[  201.020007][ T7990] BTRFS info (device loop0): enabling auto defrag
[  201.051326][ T7990] BTRFS info (device loop0): using free space tree
[  201.284690][ T7990] BTRFS info (device loop0): enabling ssd optimizations
[  201.291719][ T7990] BTRFS info (device loop0): auto enabling async discard
[  201.533016][   T28] kauditd_printk_skb: 51 callbacks suppressed
[  201.533033][   T28] audit: type=1800 audit(1752774509.166:278): pid=7990 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.577" name="file1" dev="loop0" ino=260 res=0 errno=0
[  201.957613][ T5796] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  202.289905][ T8067] loop4: detected capacity change from 0 to 2048
[  202.320483][ T8067] EXT4-fs: Ignoring removed bh option
[  202.481724][ T8067] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  202.699879][ T5784] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  202.710831][   T28] audit: type=1800 audit(1752774510.326:279): pid=8067 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.587" name="file1" dev="loop4" ino=15 res=0 errno=0
[  202.739699][ T8063] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  202.858264][ T8063] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  202.919948][ T8063] EXT4-fs (loop4): This should not happen!! Data will be lost
[  202.919948][ T8063] 
[  202.954526][ T8063] EXT4-fs (loop4): Total free blocks count 0
[  202.960590][ T8063] EXT4-fs (loop4): Free/Dirty block details
[  203.003173][ T8063] EXT4-fs (loop4): free_blocks=2415919104
[  203.053142][ T8063] EXT4-fs (loop4): dirty_blocks=16
[  203.063556][ T8063] EXT4-fs (loop4): Block reservation details
[  203.069638][ T8063] EXT4-fs (loop4): i_reserved_data_blocks=1
[  203.155928][ T8067] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  204.721577][ T8110] loop4: detected capacity change from 0 to 32768
[  204.753250][   T27] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  204.758811][ T8108] loop5: detected capacity change from 0 to 32768
[  204.805696][ T8108] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 scanned by syz.5.594 (8108)
[  204.857279][ T8110] ERROR: (device loop4): jfs_readdir: JFS:Dtree error: ino = 2, bn=44, index = 4
[  204.857279][ T8110] 
[  204.900498][ T8110] ERROR: (device loop4): remounting filesystem as read-only
[  204.912884][ T8108] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  204.937903][ T8108] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm
[  204.952377][  T112] BUG: Bad page state in process jfsCommit  pfn:64b24
[  204.963295][   T27] usb 4-1: Using ep0 maxpacket: 32
[  204.986188][  T112] page:ffffea000192c900 refcount:0 mapcount:0 mapping:0000000000000000 index:0x2c pfn:0x64b24
[  204.993561][ T8110] ERROR: (device loop4): dtSearch: stack overrun!
[  204.993561][ T8110] 
[  205.009687][ T8108] BTRFS info (device loop5): setting nodatacow, compression disabled
[  205.019389][  T112] flags: 0xfff0000000820d(locked|referenced|uptodate|workingset|private|node=0|zone=1|lastcpupid=0x7ff)
[  205.023219][   T27] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  205.054076][ T8110] ERROR: (device loop4): remounting filesystem as read-only
[  205.054276][  T112] page_type: 0xffffffff()
[  205.070713][ T8108] BTRFS info (device loop5): setting datacow
[  205.081209][  T112] raw: 00fff0000000820d dead000000000100 dead000000000122 0000000000000000
[  205.087330][ T8110] btstack dump:
[  205.097613][   T27] usb 4-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  205.109416][ T8108] BTRFS info (device loop5): enabling auto defrag
[  205.116234][ T8110] bn = 0, index = 0
[  205.123592][   T27] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  205.131956][  T112] raw: 000000000000002c ffff8880250c22e8 00000000ffffffff 0000000000000000
[  205.133249][ T8110] bn = 2c, index = 0
[  205.145330][ T8108] BTRFS info (device loop5): using free space tree
[  205.152266][   T27] usb 4-1: Product: syz
[  205.161199][   T27] usb 4-1: Manufacturer: syz
[  205.171713][  T112] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[  205.179798][   T27] usb 4-1: SerialNumber: syz
[  205.188529][ T8110] bn = 0, index = 0
[  205.192375][ T8110] bn = 2c, index = 0
[  205.226800][   T27] usb 4-1: config 0 descriptor??
[  205.234578][ T8123] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  205.247641][ T8110] bn = 0, index = 0
[  205.251516][ T8110] bn = 2c, index = 0
[  205.254786][   T27] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input7
[  205.255703][  T112] page_owner tracks the page as allocated
[  205.290968][ T8110] bn = 0, index = 0
[  205.315722][  T112] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x140c40(GFP_NOFS|__GFP_COMP|__GFP_HARDWALL), pid 8110, tgid 8106 (syz.4.595), ts 204817353505, free_ts 204386809829
[  205.327266][ T8110] bn = 0, index = 0
[  205.339169][ T8110] jfs_lookup: dtSearch returned -5
[  205.428882][  T112]  post_alloc_hook+0x1cd/0x210
[  205.438382][  T112]  get_page_from_freelist+0x195c/0x19f0
[  205.493409][ T8108] BTRFS info (device loop5): enabling ssd optimizations
[  205.509883][ T8108] BTRFS info (device loop5): auto enabling async discard
[  205.517516][  T112]  __alloc_pages+0x1e3/0x460
[  205.542801][  T112]  folio_alloc+0x1e/0x30
[  205.557480][  T112]  filemap_alloc_folio+0xdf/0x470
[  205.562594][  T112]  __filemap_get_folio+0x3ee/0xbc0
[  205.570698][  T112]  pagecache_get_page+0x2a/0x250
[  205.579465][  T112]  __get_metapage+0x2a8/0xfa0
[  205.585912][  T112]  dtSplitRoot+0x203/0x16b0
[  205.590683][  T112]  dtInsert+0xeec/0x5f40
[  205.598552][  T112]  jfs_create+0x6a1/0xa40
[  205.609353][  T112]  path_openat+0x1277/0x3190
[  205.619742][  T112]  do_filp_open+0x1c5/0x3d0
[  205.625823][  T112]  do_sys_openat2+0x12c/0x1c0
[  205.630754][  T112]  __x64_sys_creat+0x90/0xb0
[  205.639215][  T112]  do_syscall_64+0x55/0xb0
[  205.645267][  T112] page last free stack trace:
[  205.649985][  T112]  free_unref_page_prepare+0x7ce/0x8e0
[  205.659606][  T112]  free_unref_page+0x32/0x2e0
[  205.666085][  T112]  vfree+0x1a6/0x320
[  205.670186][  T112]  delayed_vfree_work+0x55/0x80
[  205.680385][  T112]  process_scheduled_works+0xa45/0x15b0
[  205.689298][  T112]  worker_thread+0xa55/0xfc0
[  205.697012][  T112]  kthread+0x2fa/0x390
[  205.701304][  T112]  ret_from_fork+0x48/0x80
[  205.709169][  T112]  ret_from_fork_asm+0x11/0x20
[  205.727320][  T112] Modules linked in:
[  205.745516][ T5887] usb 4-1: USB disconnect, device number 6
[  205.745709][    C1] usbtouchscreen 4-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  205.776530][  T112] CPU: 0 PID: 112 Comm: jfsCommit Not tainted 6.6.98-syzkaller #0
[  205.784412][  T112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  205.794533][  T112] Call Trace:
[  205.797850][  T112]  <TASK>
[  205.800827][  T112]  dump_stack_lvl+0x16c/0x230
[  205.805559][  T112]  ? show_regs_print_info+0x20/0x20
[  205.810809][  T112]  ? swiotlb_print_info+0x70/0x70
[  205.815900][  T112]  ? dump_page+0xba7/0x14d0
[  205.820467][  T112]  bad_page+0x14b/0x170
[  205.824673][  T112]  free_unref_page_prepare+0x887/0x8e0
[  205.830198][  T112]  free_unref_page+0x32/0x2e0
[  205.834933][  T112]  ? __folio_put+0xef/0x210
[  205.839486][  T112]  txUnlock+0x27e/0xcb0
[  205.843696][  T112]  ? lockdep_hardirqs_on+0x98/0x150
[  205.848954][  T112]  jfs_lazycommit+0x570/0xa60
[  205.853690][  T112]  ? txFreelock+0x5a0/0x5a0
[  205.858251][  T112]  ? do_task_dead+0xd0/0xd0
[  205.862805][  T112]  ? __kthread_parkme+0x7a/0x1c0
[  205.867817][  T112]  kthread+0x2fa/0x390
[  205.871941][  T112]  ? txFreelock+0x5a0/0x5a0
[  205.876526][  T112]  ? kthread_blkcg+0xd0/0xd0
[  205.881187][  T112]  ret_from_fork+0x48/0x80
[  205.885667][  T112]  ? kthread_blkcg+0xd0/0xd0
[  205.890308][  T112]  ret_from_fork_asm+0x11/0x20
[  205.895142][  T112]  </TASK>
[  205.914146][   T28] audit: type=1800 audit(1752774513.556:280): pid=8108 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.594" name="file1" dev="loop5" ino=260 res=0 errno=0
[  205.944529][  T112] Disabling lock debugging due to kernel taint
[  205.950898][  T112] page:ffffea000192c900 refcount:0 mapcount:0 mapping:0000000000000000 index:0x2c pfn:0x64b24
[  206.000209][  T112] flags: 0xfff0000000820d(locked|referenced|uptodate|workingset|private|node=0|zone=1|lastcpupid=0x7ff)
[  206.026067][  T112] page_type: 0xffffffff()
[  206.030616][  T112] raw: 00fff0000000820d dead000000000100 dead000000000122 0000000000000000
[  206.039696][  T112] raw: 000000000000002c ffff8880250c22e8 00000000ffffffff 0000000000000000
[  206.050796][  T112] page dumped because: VM_BUG_ON_FOLIO(((unsigned int) folio_ref_count(folio) + 127u <= 127u))
[  206.061328][  T112] page_owner tracks the page as allocated
[  206.067464][  T112] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x140c40(GFP_NOFS|__GFP_COMP|__GFP_HARDWALL), pid 8110, tgid 8106 (syz.4.595), ts 204817353505, free_ts 204386809829
[  206.086053][  T112]  post_alloc_hook+0x1cd/0x210
[  206.090945][  T112]  get_page_from_freelist+0x195c/0x19f0
[  206.096897][  T112]  __alloc_pages+0x1e3/0x460
[  206.101621][  T112]  folio_alloc+0x1e/0x30
[  206.106032][  T112]  filemap_alloc_folio+0xdf/0x470
[  206.111391][  T112]  __filemap_get_folio+0x3ee/0xbc0
[  206.116628][  T112]  pagecache_get_page+0x2a/0x250
[  206.121819][  T112]  __get_metapage+0x2a8/0xfa0
[  206.127396][  T112]  dtSplitRoot+0x203/0x16b0
[  206.132087][  T112]  dtInsert+0xeec/0x5f40
[  206.136472][  T112]  jfs_create+0x6a1/0xa40
[  206.141050][  T112]  path_openat+0x1277/0x3190
[  206.145914][  T112]  do_filp_open+0x1c5/0x3d0
[  206.150544][  T112]  do_sys_openat2+0x12c/0x1c0
[  206.155425][  T112]  __x64_sys_creat+0x90/0xb0
[  206.160298][  T112]  do_syscall_64+0x55/0xb0
[  206.165253][  T112] page last free stack trace:
[  206.170148][  T112]  free_unref_page_prepare+0x7ce/0x8e0
[  206.175820][  T112]  free_unref_page+0x32/0x2e0
[  206.180847][  T112]  vfree+0x1a6/0x320
[  206.184915][  T112]  delayed_vfree_work+0x55/0x80
[  206.189944][  T112]  process_scheduled_works+0xa45/0x15b0
[  206.195830][  T112]  worker_thread+0xa55/0xfc0
[  206.200539][  T112]  kthread+0x2fa/0x390
[  206.205660][  T112]  ret_from_fork+0x48/0x80
[  206.210222][  T112]  ret_from_fork_asm+0x11/0x20
[  206.216258][  T112] ------------[ cut here ]------------
[  206.221785][  T112] kernel BUG at include/linux/mm.h:1447!
[  206.228837][  T112] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[  206.234956][  T112] CPU: 1 PID: 112 Comm: jfsCommit Tainted: G    B              6.6.98-syzkaller #0
[  206.244360][  T112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  206.254457][  T112] RIP: 0010:put_metapage+0x253/0x340
[  206.259781][  T112] Code: 38 c1 0f 8c 32 ff ff ff 4c 89 ef e8 57 b4 dd fe e9 25 ff ff ff e8 6d 70 86 fe 48 8b 3c 24 48 c7 c6 80 f3 e3 8a e8 7d 2f c6 fe <0f> 0b f3 0f 1e fa 4c 8b 2c 24 4c 89 ee 48 81 e6 ff 0f 00 00 31 ff
[  206.279425][  T112] RSP: 0018:ffffc90002cd7cc0 EFLAGS: 00010246
[  206.285530][  T112] RAX: 0b357368544a2800 RBX: ffff8880250c22e8 RCX: 0b357368544a2800
[  206.293538][  T112] RDX: 0000000000000000 RSI: ffffffff8afc65a0 RDI: ffffffff8afc6560
[  206.301523][  T112] RBP: 000000000000007f R08: ffffffff8e4a742f R09: 1ffffffff1c94e85
[  206.309502][  T112] R10: dffffc0000000000 R11: fffffbfff1c94e86 R12: ffff8880250c2310
[  206.317487][  T112] R13: ffffea000192c934 R14: 1ffff11004a18462 R15: 1ffff11004a1846f
[  206.325470][  T112] FS:  0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  206.334411][  T112] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  206.340998][  T112] CR2: 00007f26a21b2000 CR3: 0000000063ba9000 CR4: 00000000003506e0
[  206.348984][  T112] Call Trace:
[  206.352272][  T112]  <TASK>
[  206.355217][  T112]  txUnlock+0x427/0xcb0
[  206.359406][  T112]  jfs_lazycommit+0x570/0xa60
[  206.364104][  T112]  ? txFreelock+0x5a0/0x5a0
[  206.368626][  T112]  ? do_task_dead+0xd0/0xd0
[  206.373149][  T112]  ? __kthread_parkme+0x7a/0x1c0
[  206.378133][  T112]  kthread+0x2fa/0x390
[  206.382209][  T112]  ? txFreelock+0x5a0/0x5a0
[  206.386721][  T112]  ? kthread_blkcg+0xd0/0xd0
[  206.391318][  T112]  ret_from_fork+0x48/0x80
[  206.395756][  T112]  ? kthread_blkcg+0xd0/0xd0
[  206.400359][  T112]  ret_from_fork_asm+0x11/0x20
[  206.405143][  T112]  </TASK>
[  206.408167][  T112] Modules linked in:
[  206.426900][  T112] ---[ end trace 0000000000000000 ]---
[  206.436602][  T112] RIP: 0010:put_metapage+0x253/0x340
[  206.442038][  T112] Code: 38 c1 0f 8c 32 ff ff ff 4c 89 ef e8 57 b4 dd fe e9 25 ff ff ff e8 6d 70 86 fe 48 8b 3c 24 48 c7 c6 80 f3 e3 8a e8 7d 2f c6 fe <0f> 0b f3 0f 1e fa 4c 8b 2c 24 4c 89 ee 48 81 e6 ff 0f 00 00 31 ff
[  206.463815][  T112] RSP: 0018:ffffc90002cd7cc0 EFLAGS: 00010246
[  206.470020][  T112] RAX: 0b357368544a2800 RBX: ffff8880250c22e8 RCX: 0b357368544a2800
[  206.479936][  T112] RDX: 0000000000000000 RSI: ffffffff8afc65a0 RDI: ffffffff8afc6560
[  206.488026][  T112] RBP: 000000000000007f R08: ffffffff8e4a742f R09: 1ffffffff1c94e85
[  206.498281][  T112] R10: dffffc0000000000 R11: fffffbfff1c94e86 R12: ffff8880250c2310
[  206.506418][  T112] R13: ffffea000192c934 R14: 1ffff11004a18462 R15: 1ffff11004a1846f
[  206.511313][ T7680] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  206.514434][  T112] FS:  0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  206.514457][  T112] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  206.514470][  T112] CR2: 00007f26a21b2000 CR3: 000000002e7bb000 CR4: 00000000003506e0
[  206.514491][  T112] Kernel panic - not syncing: Fatal exception
[  206.514914][  T112] Kernel Offset: disabled