last executing test programs:

18.1684669s ago: executing program 3 (id=446):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="02000000040000000400000009"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0xc48e, 0x4, 0x1, 0x0, r0}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000840), &(0x7f0000000880)=r0}, 0x20)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0xfff, r2}, 0x38)

18.075668069s ago: executing program 3 (id=447):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001d40)=@base={0x12, 0x5, 0x4, 0x2}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r1}, &(0x7f0000000580)=0x2, &(0x7f00000005c0)=r0}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r1, &(0x7f0000000040)}, 0x20)

17.913846999s ago: executing program 3 (id=452):
sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000fcdbdf2512000000180001801400020076657468300000000000000008000000080009"], 0x3c}, 0x1, 0x0, 0x0, 0x400c000}, 0x2004c0a0)
r0 = socket$inet6(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c000000190001000000000000000000021800000000fd000000ed0008000100ac1414003400080004"], 0x2c}}, 0x0)
sendto$inet6(r0, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)

17.710806274s ago: executing program 3 (id=455):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000200)={[{@orlov}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@grpquota}, {@barrier}, {@usrjquota}, {@jqfmt_vfsold}, {@minixdf}]}, 0x3, 0x466, &(0x7f0000000340)="$eJzs3E1sFFUcAPD/TD9QvloRP0DUKjE2frS0oHLwgtHEA0YTPeCxtoUQCjW0JkKIVGPwYmJI9Gw8mng38ebFqCcTr3o3JES5gMZDzczOlN1ltx+w7C7u75cMvDfztu/9++btvJm32wB61kj2TxKxNSJ+i4ihSra2wEjlv2tXzk3/feXcdBLLy2/+meTlrl45N10WLV+3pciMphHpx0lRSa2FM2dPTM3NzZ4u8uOLJ98dXzhz9tnjJ6eOzR6bPTV58OCB/RMvPD/5XEvizOK6uvuD+T27Xn374mvTRy6+89M3WXu3Fser42iVkSzwv5Zz9ceeaHVlHbatKp30d7AhbEhfRGTdNZCP/6Hoi+udNxSvfNTRxgG3VXZt2tT88NLyjb5tsA+4IyXR6RYAnVFe6LP733Jr09SjK1w+VLkByuK+VmyVI/2RFmUG6u5vW2kkIo4s/fNltsVteg4BAFDt0+kvDsczjeZ/adxfVW57sYYyHBH3RMSOiLg3InZGxH0RedkHIuLBDdZfvzR04/wnvXRTga1TNv97sVjbqp3/lbO/GO4rctvy+AeSo8fnZvcVv5PRGNiU5SdWqeP7l3/9rNmx6vlftmX1l3PBoh2X+use0M1MLU7lk9IWuPxhxO7+RvEnKysBSUTsiojdG/vR28vE8ae+3tOs0Nrxr6IF60zLX0U8Wen/paiLv5Ssvj45flfMze4bL8+KG/38y4U3mtV/S/G3QNb/m2vP//oiw0n1eu3Cxuu48PsnTe9pbvb8H0zeyvtlsNj3/tTi4umJiMHkcJ6v2T95/bVl/t/lSvks/tG9jcf/juI1WT0PRUR2Ej8cEY9ExKNF2x+LiMcjYu8q8f/4UvNj3dD/Mw3f/1bO/5r+z9LFibByRqyV6Dvxw3fN6l9f/x/IU6PFnvz9bw3rbeCt/O4AAADgTpHmn4FP0rGVdJqOjVU+w78zNqdz8wuLTx+df+/UTOWz8sMxkJZPuoaqnodOJEvFT6zkJ4tnxeXx/cVz48/77s7zY9PzczMdjh163ZYm4z/zR1+nWwfcdo3W0SYHO9AQoO3qx39amz3/ejsbA7SV72tD71pj/KftagfQfq7/0Lsajf/zdXlrAfD/5PoPvcv4h95l/EPvMv6hJ63/W/wS3Zs41IFKI+2O2NdKJBHRBc3o/kT5F4WKPR1+YwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGiR/wIAAP//VMLodg==")
mount$overlay(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f0000000000)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
fsync(r0)

17.204371127s ago: executing program 3 (id=460):
syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="696f636861727365743d6d616363726f617469616e2c646973636172643d3078303030303030303030303030303030332c6e6f646973636172642c6572726f72733d636f6e74696e75652c696f636861727365743d6d6163637972696c6c69632c0067add4ceec7cb8702b1b4a0ff322839e69b507d7478e0706b00408dc59283f5c0159b8e3c0289dcb182504844ef8e6972cdb3f50680fc9602ed27c1f6b47a91f941f154ae205d34a9b7a7c67efa0c0e2a70251d664fce12ae64a5a521aa83080b7672c4e1566a61a0ade4b6c9d78151053d9fb31fd2cfc77f269f873e14e5fe3c46c0acbb22d40391ae31d2025dcd947adf76739ae4ecbe3b630040b37e2b09d7816e0b93981de1147532cf2f46d4d4904f68fb43cd165b9"], 0x1, 0x61d0, &(0x7f0000016fc0)="$eJzs3c2OHFfZB/Cn+ms+8saxsojyWghNEgMJIf4MxhAgyQIWbFggb5GtySSycADZBjmRhSeaDQsuAoTEEhBLVlxAFmzZcQFYspGArFKoZs4Z1zTd7rGd6eqZ8/tJk6qnTtX0qfy7prtdVX0CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIjvffcHZ6uIuPzztOB4xP9FP6IXsdLUaxGxsnY8rz+IiOdjuzmei4jhUkSVG5+JeD0iPj4Wce/+7fVm0bl99uM7f/zbb3/41Pf/+vvh6X//6Wb/jWnr3br1q3/9+c7j7y8AAACUqK7rukof80+kz/e9rjsFAMxFfv2vk7xcvXD15oL1R61Wq9WHsG6rJ7vTLiJis71N857B6XgAOGQ245Ouu0CH5F+0QUQ81XUngIVWdd0BDsS9+7fXq5Rv1X49WNtpz9eC7Ml/s9q9v2PadJbxa0zm9fzain48O6U/K3PqwyLJ+ffG87+80z5K6x10/vMyLf/Rzq1Pxcn598fzH3N08u9NzL9UOf/BI+Xflz8AAAAAACyw/O//xzs+/7v05LuyLw87/7s2pz4AAAAAAAAAwGftScf/21UZ/w8AAAAWVfNZvfHrYw+WTfsutmb5pSri6bH1gcKkm2VWu+4HAAAAAAAAAAAAAJRksHMN76UqYhgRT6+u1nXd/LSN14/qSbc/7ErffyhZ13/kAQBgx8fHxu7lryKWI+JS+q6/4erqal0vr6zWq/XKUn4/O1parldan2vztFm2NNrHG+LBqG5+2XJru7ZZn5dntY//vuaxRnV/Hx2bjw4DB4CI2Hk1uucV6Yip62ei63c5HA6O/6PH8c9+dP08BQAAAA5eXdd1lb7O+0Q659/rulMAwFzk1//x8wJqtVqtVquPXt1WT3anXUTEZnub5j2D4fgB4JDZjE+67gIdkn/RBhHxfNedABZa1XUHOBD37t9er1K+Vfv1II3vnq8F2ZP/ZrW9Xd5+0nSW8WtM5vX82op+PDulP8/NqQ+LJOffG8//8k77KK130PnPy7T8m/083kF/upbz74/nP+bo5N+bmH+pcv6DR8q/L38AAAAAAFhg+d//jy/U+d/R4+7OTA87/7t2YI8KAAAAAAAAAAfr3v3b6/m+13z+/3MT1nP/59GU86/kX6Scf7r/f/fCm5fH1uu35u++/SD/f96/vf67m//4/zzdb/5LeaZKz6wqPSOq9EjVIE0fc8em2Br2R80jDatef5Cu+amH78bVuBYbcWbPur10PDxoP7unvenpcLu97u+0n9vTPthtz9uf39M+TFc61Su5/VSsx0/iWryz3d60Lc3Y/+UZ7fWM9px/3/FfpJz/oPXT5L+a2quxaePuR73/Oe7b00mP89bVz//yzMHvzkxb0d/dt7Zm/17soD/b/0+eGsXPbmxcP3Xrys2b189GmuxZei7S5DOW8x+mn5z/yy/ttOe/++3j9e5Ho0fOf1FsxWBq/i+15pv9fWXOfetCzn+UfnL+76T2ycf/Yc5/+vH/agf9AQAAAAAAAAAAAAAAgIep63r7FtG3IuJCuv+nq3szAYD5yq//dZKXz6vuP+72f9i7H131X62ec10tWH/mWn9aL1Z/1AtZ/2fB+rNwdVs92ZvtIiL+0t6mec/wi0m/DABYZJ9GxN+77gSdkX/B8vf9NdOTXXcGmKsbH3z4oyvXrm1cv9F1TwAAAAAAAACAx5XH/1xrjf98sq7rO2Pr7Rn/9e1Ye9LxPwd5ZneA0SkDVfcffZ8eZqs36vdaw42/ENPG/x7uzj1s/O/BjMcbzmgfzWhfmtG+PKN94o0eLTn/F1rjnZ+MiBNjw6+XMP7r+Jj3Jcj5v9h6Pjf5f2lsvXb+9W8Oc/69Pfmfvvn+T0/f+ODD166+f+W9jfc2fnz+7Nkz5y9cuHjx4ul3r17bOLPz3w57fLBy/nnsa9eBliXnnzOXf1ly/l9ItfzLkvP/YqrlX5acf36/J/+y5PzzZx/5lyXn/0qq5V+WnP+XUy3/suT8X021/MuS8/9KquVflpz/a6mWf1ly/qdSLf+y5PxPp3qf+a8cdL+Yj5x/PsPl+C9Lzj9f2SD/suT8z6Va/mXJ+Z9PtfzLkvN/PdXyL0vO/6upln9Zcv4XUi3/suT8v5Zq+Zcl538x1fIvS87/66mWf1ly/t9ItfzLkvN/I9XyL0vO/5upln9Zcv7fSrX8y5Lz/3aq5V+WnP+bqZZ/WR58/78ZM2bM5Jmu/zIBAAAAAAAAAAAAAOPmcTlx1/sIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB/2YEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUV9u4tRq67vgP4mb1540BiIKROasLGMcY4m+z6El9oXUy4NtxKQij0gu1612bBN7x2CTSqHQVKJIyKKtqGh7aAUJuXCqvigVaA8oBaVaoE7QN9QVSoPERVQAGpKq0gW82c//+/M7OzM7ve8ebMOZ+PlPyyM2fmnDnzn9n92vnuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM3ufMPsp2pZltVqtfyCTVn2ovq8YWJT45LXvrDHBwAAAKzdLxr/fu7mdMHhFdyoaZt/uuPbX11YWFjI3jf8p6OfW1hIV0xk2eiGLGtcF139wftrzdsEj2fjtaGmr4d67H64x/UjPa4f7XH9WI/rN/S4frzH9UtOwBI3ZLV0Z9sa/7kpP6XZLdlo47ptHW71eG3DUP3cpdtmtcZtFkZPZHPZqWw2m27ZPt+21tj+63fW9/XWLO5rqGlfW+or5CePHo/HUAvneFvLvhbvM/rR67OJn/7k0eN/feHZ2zrNnqeh5f7y49yxtX6cnwiX5MdayzakcxKPc6jpOLd0eE6GW46z1rhd/b/bj/O5FR7n8OJhrqv253w8G2r893ca52mklnU4T1vCZT+7K8uyy4uH3b7Nkn1lQ9nGlkuGFp+f8XxF1u+jvpRemo2sap3euYJ1Wp8z21rXaftrIj7/d4bbjSxzDM1P048eG2t63n++cC3rNKo/6uVeK+1rsN+vlaKswbguvtN40E90XIPbwuN/dPvya7Dj2umwBtPjblqDW3utwaGx4cYxpyeh1rjN4hrc1bL9cGNPtcZ8Znv3NTh14fS5qfmPffyeudPHTs6enD2zZ9eu6T379h04cGDqxNyp2en839d4totvYzaUXgNbw7mLr4FXt23bvFQXvji25P33Wl+H411eh5vatu3363Ck/cHV1ucFuXRN56+N99RP+viVoWyZ11jj+dm59tdhetxNr8ORptdhx+8pHV6HIyt4Hda3ObdzZT+zjDT90+kYlv9esLY1uKlpDbb/PNK+Bvv980hR1uB4WBff27n894It4XifmFztzyPDS9Zgerjhvad+Sfp5f/xAY3Ral7fXr7hxLLs4P3v+3keOXbhwflcWxrp4WdNaaV+vG5seU7ZkvQ6ter0enrvjids7XL4pnKvxe+r/Gl/2uapvs/fe7s9V47tb5/PZcunuLIw+W+/z2em7ef18jmXZ57/12IPfePTzb1j2fNbz5iem1v6zeMqlTe+/o8u8/8bc/3y+v3RXjw+PjuSv3+F0dkZb3o9bn6qRxntXrbHv56ZW9n48Gv5Z7/fjW7q8H29u27bf78ej7Q8uvh/Xev1px9q0P5/jYZ2cmu7+flzfZvPu1a7Jka7vx3eFWQvn/zUhKaRc1LR2llu3aV8jI6PhcY3EPbSu0z0t24+GbFbf11O7r22d7rgrv6/h9OgWrdc6nWjbtt/rNP3Z13LrtNbrT9+uTfvzOR7WxS17uq/T+jZP7137e+cN8T+b3jvHeq3B0eGx+jGPpkXYeL/PFm6Ia/De7Hh2NjuVzTSuHWusp1pjX5P3rWwNjoV/1vu9cnOXNbijbdt+r8H0fWy5tVcbWfrg+6D9+RwP6+LJ+7qvwfo2b9zf359dd4RL0jZNP7u2//nacn/mdXvbabpea2UkHOe39nf/s9n6NqcOrDZndj9Pd4dLbuxwntpfv8u9pmay9TlPm8NxPntg+fNUP576Np87uML1dDjLsksfub/x573h71f+7uJ3v9ry9y6d/k7n0kfu//GLT/zjao4fgMH3fD425t/rmv5maiV//w8AAAAMhJj7h8JM5H8AAAAojZj74/8Vnsj/AAAAUBox94+EmVQk/29+47Nzz1/KUjN/IYjXp9PwQL5d7LhOh68nFhbVL7//y7P//Q+XVrbvoSzLfv7AH3TcfvMD8bhyE+E4r76p9fIlvnrPivZ99OFLab/N/fUvhPuPj2ely6BTBXc6y7Kv3/yZxn4m3n+lMZ9+4GhjPnj5icfr2zx3MP863v6Zl+Xb/0Uo/x4+cazl9s+E8/DDMKff1vl8xNt95cprtux/7+L+4u1qW29qPOwnP5Dfb/w9OZ99PN8+nufljv8bn37qK/XtH3lV5+O/NNT5+J8K9/vlMP/3Ffn2zc9B/et4u0+G44/7i7e790vf7Hj8Vz+Vb3/uzfl2R8OM+98Rvt725mfnms/XI7VjLY8re0u+Xdz/9Hf/uHF9vL94/+3HP37kSsv5aF8fT/9bfj9TbdvHy+N+or9v23/9fprXZ9z/U390tOU899r/1QefeUX9ftv3f3fbduc+srOx/8X7a/2NTX/5yc903F88nsN/e67l8Rx+d3gdh/0/+YGwHsP1/3c1v7/2365w9N2t7z9x+y9sutTyeKK3/jTf/9XXnWzMDeM3bLzxRS++6fIr6+cuy76zIb+/Xvs/+VdnW47/i7fm5yNeHzv67ftfTtz/+Y9Onjk7f3FuJp3VR29u/O6ct+fHE4/35vDe2v71kbMXPjh7fmJ6YjrLJsr7K/Su2ZfC/HE+LnffemHJO+jOh8Pzefuff33j9n/9dLz839+TX37lbfn3rVeH7T4bLt8Unr/V7X+pJ++8tfH6rj0djnBh6e8LXost2/7rwIo2DI+//eeCuN7PvfyDjfNQv67xfSO+rtd4/N+fye/na+G8LoTfzLz11sX9NW8ffzfClYfy1/uaz194m4vP69+E5/sdP8zvPx5XfLzfDz/HfHNz6/tdXB9fuzTUfv+N3+JxObyfZJfz6+NW8Xxfee7WjocXfw9Jdvm2xtd/ku7ntlU9zOXMf2x+6tTcmYuPTF2Ynb8wNf+xjx85ffbimQtHGr/L88iHet1+8f1pY+P9aWZ2396s8W51Nh/X2Qt9/OcePj6zf3r7zOyJYxdPXHj43Oz5k8fn54/PzsxvP3bixOxHe91+bubQrt0H9+zfPXlybubQgYMH9xycnDtztn4Y+UH1sG/6w5Nnzh9p3GT+0N6Du+67b+/05OmzM7OH9k9PT17sdfvG96bJ+q1/f/L87KljF+ZOz07Oz3189tCug/v27e752wBPnzsxPzF1/uKZqYvzs+en8scycaFxcf17X6/bU07z/5H/PNuulv8ivuxdd+9Lv5+17suPLXtX+SZtv0D02fC7aP75JecOrOTrmPtHw0wqkv8BAACgCmLuHwszkf8BAACgNGLu3xBmIv8DAABAacTcPx5mUpH8X7r+/+ZLK9q//r/+f/P50v+vWP//oaL1//P3C/3//lhr/17/P9D/1//X/9f/1/+nD4rW/4+5/4Ysq2T+BwAAgCqIuX9jmIn8DwAAAKURc/+NYSbyPwAAAJRGzP0vCjOpSP7X/9f/1//X/9f/77x//f/BpP/fnf5/D/r/U1m1+v+X+3n8+v/6/yxVtP5/zP0vDjOpSP4HAACAKoi5/6YwE/kfAAAASiPm/pvDTOR/AAAAKI2Y+zeFmVQk/+v/6//r/+v/6/933r/+/2DS/+9O/78H/X+f/6//r/9PXxWt/x9z/0vCTCqS/wEAAKAKYu5/aZiJ/A8AAADFM3JtN4u5/2VhJkvy/zXuAAAAAHjBxdx/S9ZWBK/I3//r/+v/F7//vyFdp/+v/58Vsv8/nOn/F4f+f3f6/z3o/+v/6//r/9NXRev/N3J/Np69PMykIvkfAAAAqiDm/lvDTOR/AAAAKI2Y+38pzET+BwAAgNKIuX9zmElF8r/+v/5/8fv/Pv9f/7/o/X+f/18k+v/d6f/3oP+v/6//r/9PXxWt/x9z/21hJhXJ/wAAAFAFMfffHmYi/wMAAEBpxNz/y2Em8j8AAACURsz9W8JMKpL/9f8L3v+PzVH9f/1//X/9f/3/FdH/707/vwf9f/1//X/9f/qqaP3/mPtfEWZSkfwPAAAAVRBz/x1hJvI/AAAAlEbM/a8MM5H/AQAAoDRi7p8IM6lI/tf/L3j/P+/Bj/n8f/1//X/9f/3/ldH/707/vwf9f/3/vvT/Fy7p/+v/kyta/z/m/jvDTCqS/wEAAKAKYu7fGmYi/wMAAEBpxNx/V5iJ/A8AAAClEXP/tjCTiuR//f+B6P9n+v/6//r/+v/6/yuj/9+d/n8P+v/6/z7/X/+fvipa/z/m/leFmVQk/wMAAEAVxNy/PcxE/gcAAIDSiLn/1WEm8j8AAACURsz9O8JMKpL/9f/1//X/9f/1/zvvX/9/MOn/d6f/34P+v/6//r/+P31VtP5/zP2vCTOpSP4HAACAKoi5f2eYifwPAAAApRFz/91hJvI/AAAAlEbM/ZNhJhXJ//r/+v/6//r/+v+d96//P5j0/7vT/+9B/1//X/9f/5++Klr/P+b+e8JMKpL/AQAAoApi7r83zET+BwAAgNKIuX8qzET+BwAAgNKIuX86zKQi+V//X/9f/1//f1X9/1cu3q/+f07/v1j0/7vT/+9B/1///wXv/4/q/1MqRev/x9y/K8ykIvkfAAAAqiDm/t1hJvI/AAAAlEbM/XvCTOR/AAAAKI2Y+/eGmVQk/+v/6//r/+v/+/z/zvvX/x9M+v/d9b//Hx+i/r/+v/6/z//X/2epovX/Y+6/L8ykIvkfAAAAqiDm/n1hJvI/AAAAlEbM/fvDTOR/AAAAKI2Y+w+EmVQk/+v/6//r/+v/6/933r/+/2DS/+/O5//3oP+v/6//r//PGj30h81fFa3/H3P/wTCTiuR/AAAAqIKY+18bZiL/AwAAQGnE3P8rYSbyPwAAAJRGzP2/GmZSkfyv/9/SPa8/XP1//X/9f/3/Bv3/waT/353+fw/6//r/+v/6//TVsv3/EL3Xu/8fc/+hMJOK5H8AAACogpj7fy3MRP4HAACA0oi5/3VhJvI/AAAAlEbM/YfDTCqS//X/ff6//r/+v/5/5/2vd/9/LN6v/v+a6P93p//fg/6//r/+v/4/fVW0z/+Puf/1YSYVyf8AAABQBTH33x9mIv8DAABAacTc/4YwE/kfAAAASiPm/jeGmVQk/+v/6//r/+v/6/933r/P/x9M+v/d6f/3oP+v/6//r/9PXxWt/x9z/5vCTCqS/wEAAKAKYu5/c5iJ/A8AAAClEXP/W8JM5H8AAAAojZj73xpmUpH8r/+v/6//r/+v/995//r/g0n/vzv9/x70//X/9f/1/+mrovX/Y+7/9TCTiuR/AAAAqIKY+x8IM5H/AQAAoDRi7n9bmIn8DwAAAKURc//bw0wqkv/1//X/9f/1//X/O+9f/38w6f93N2D9/1/cFC7X/8/p/xf7+Ffb/x9p+/q69P9/sFz/f2FD++31/7keitb/j7n/HWEmFcn/AAAAUAUx978zzET+BwAAgNKIuf9dYSbyPwAAAJRGzP2/EWZSkfyv/18/jsX2sv5/Wfv/Q/r/+v/6/xWh/9/dgPX/ff5/G/3/Yh+/z//X/2epovX/Y+5/d5hJRfI/AAAAVEHM/Q+Gmcj/AAAAUBox9z8UZiL/AwAAQGnE3P+eMJOK5H/9f5//X43+v8//z/T/9f8rQv+/O/3/HvT/9f+L1v//T/1/BlvR+v8x9z8cZlKR/A8AAABVEHP/e8NM5H8AAAAojZj7fzPMRP4HAACA0oi5/31hJhXJ//r/g9L/nxjQ/v9j+v/Xsf9/x035dvr/+v8s0v/vTv+/B/1//f+i9f99/j8Drmj9/5j73x9msvL8P77iLQEAAIAXRMz9vxVmUpG//wcAAIAqiLn/t8NM5H8AAAAojZj7fyfMpCL5X/9/UPr/Pv8/0//3+f9tj0f/X/+/k/Xr/8d3Hv1//X/9/0j/X/9f/592Rev/x9z/u2EmFcn/AAAAUAUx938gzET+BwAAgIHQ6f/Jbhdz/5EwE/kfAAAASiPm/qNhJhXJ//r/+v/6/wXt///Z1n/53rffeXSX/r/+v/7/qqzr5//XX/w+/1//X/8/0f/X/9f/p13R+v8x9x8LM6lI/gcAAIAqiLn/98JM5H8AAAAojZj7j4eZyP8AAABQGjH3z4SZVCT/6//r/+v/F7T/P8Cf/x/Ph/5/q771/+Obrv5/R3n/Pq2i69v/f+9iT1z/f7X9/7GOl+r/6/8P8vHr/+v/s1TR+v8x98+GmVQk/wMAAEAVhNw/dCKfi1fI/wAAAFAaMfefDDOR/wEAAKA0Yu7/YJhJRfK//r/+v/6//r/P/++8/279/9qIz/8vqtS//1njhaL/36Y4/f/O9P/1/wf5+PX/9f9Zqmj9/5j758JMKpL/AQAAoApi7v9QmIn8DwAAAKURc/+Hw0zkfwAAACiNmPtPhZlUJP/r/+v/6//r/+v/d95/YT//X/+/q7X27/X/A/3/avf//0f/X/9f/5/+KFr/P+b+02EmFcn/AAAAUAUx958JM5H/AQD+n707abKzLvs4fvp5wpNO8SzcuXBjlUtfAgtd6wtw4caNVZYLJ1ScCc4jioqzIjgPOIAgooLzAE4ozqDiPA84IUrFonNdV9Ldd9+nOzndfd///+ezyCVtmnOkUgm/dL7eANCM3P2PjVvsfwAAAGhG7v7HxS2d7H/9/9n0/6cqZf3/5vc/if7/Qfr/nV5f/6//b5n+f5z+fwn9v+f/6//1/6zU1Pr/3P2Pj1s62f8AAADQg9z9T4hb7H8AAABoRu7+8+MW+x8AAACakbv/iXFLJ/t/S/+/tuiz/8+M1/P/W+r/Pf9/x9fX/+v/W3aw/f9F9/7Mp//X/+v/g/5/V/3/0Z0+X/9Pi6bW/+fuf1Lc0sn+BwAAgB7k7n9y3GL/AwAAQDNy918Qt9j/AAAA0Izc/U+JWzrZ/6t7/v+xjY/PtP8v+n/9/8YH9P/6f/3/bHn+/7ie+v/zbz33MXdee7/r9vL6+n/9v+f/6/9Zran1/7n7nxq3dLL/AQAAoAe5+58Wt9j/AAAA0Izc/U+PW+x/AAAAaEbu/mfELZ3s/9X1/7N+/n/R/+v/Nz6g/9f/6/9nS/8/rqf+/0xeX/+v/9f/6/9Zran1/7n7nxm3dLL/AQAAoAe5+58Vt9j/AAAA0Izc/RfGLfY/AAAANCN3//G4pZP9r//f//7/Hv2//j+u/l//r//ff/r/cfr/JfT/+n/9v/6flZpa/5+7/6K4pZP9DwAAAD3I3f/suMX+BwAAgGbk7n9O3GL/AwAAQDNy9z83bulk/+v/Pf9f/6//1/8Pv77+f570/+P0/0vo/8+2nz9H/6//1/9zuj32/3eP/LS9kv4/d//z4pZO9j8AAAD0IHf/8+MW+x8AAACakbv/BXGL/Q8AAADNyN3/wrilk/2v/9f/6//1/2fc/2//obdB/z9M/38w9P/jJtP/rx0Z/LD+f/b9v+f/6//1/2wytef/5+5/UdzSyf4HAACAHuTuf3HcMrL/9/yb+QAAAMChyt3/krjF1/8BAABg9rI6y93/0rilk/2v/9f/6//1/57/P/z6Y/3/dae9P/3/tOj/x02m/9+B/l//P+f3r//X/7Pd1Pr/3P0vi1s62f8AAADQg9z9F8ct9j8AAAA0I3f/y+MW+x8AAACakbv/FXFLJ/t/uP8/9d/r/3dH/7/5/ev/h398rKr/z7+j/n+0/3+w5//3Sf8/7uD7/6P6/81/f/3/Pjrs9994/39s2efr/xkytf4/d/8lcUsn+x8AAAB6kLv/lXGL/Q8AAADNyN3/qrjF/gcAAIBm5O5/ddzSyf73/H/9v/5/fv2/5/+fdJjP/18ceP9/RP+/S/r/cZ7/v4T+X/+v//f8f1Zqav1/7v5L45ZO9j8AAAD04NK7Fhu7/zWLhf0PAAAAc3T6nx3Y+gdKQ+7+18Yt9j8AAAA0I3f/6+KWTva//l//r//X/+v/h19/Wv2/5//vlv5/nP5/Cf3/fvTzRxrr/y/b6fOn0P9fqP9nYjb1/zec+vhh9f+5+18ft3Sy/wEAAKAHufvfELfY/wAAANCM3P1vjFvsfwAAAGhG7v43xS2d7P997/+P7fza+n/9v/5f/6//1/+vmv5/nP5/Cf2/5/97/r/+n5U61f9v/vnwsPr/3P1vjls62f8AAADQg9z9b4lb7H8AAABoRu7+y+IW+x8AAACakbv/rXFLJ/vf8//1//p//b/+f/j19f/zpP8fp/9fQv+v/9f/6/9ZqU3P/z/NYfX/ufsvj1s62f8AAADQg9z9V8Qt9j8AAAA0I3f/2+IW+x8AAACakbv/7XFLJ/tf/7+//X9+XP+v/1/o//X/+v8D0W3/vzb0K9F2O/T/Nz/q+EM3f0T/r//X/+v/9f+swCT6/xOn/u0yd/874pZO9j8AAAD0IHf/O+MW+x8AAACakbv/XXGL/Q8AAADNyN3/7rhlj/v/Pit9VwdH/+/5//p//b/+f/j19f/z1G3/v0ue/7+E/l//r//X/7NSk+j/T/vr3P3viVt8/R8AAACakbv/vXGL/Q8AAADNyN3/vrjF/gcAAIBm5O5/f9zSyf7X/+v/9f/6f/3/8Oufaf+/vhim/z8Y+v9x+v8l9P/6f/2//p+Vmlr/n7v/yrilk/0PAAAAPcjd/4G4xf4HAACAZuTu/2DcYv8DAABAM3L3fyhu6WT/6//1//p//b/+f/j1Pf9/nvT/4/T/i8XiqpE3MNT/nziq/9f/6//1/5yhqfX/ufs/HLd0sv8BAACgB7n7r4pb7H8AAABoRu7+q+MW+x8AAACakbv/I3FLJ/tf/6//1//r//X/w6+v/58n/f84/f8Snv+v/9f/6/9Zqan1/7n7r4lbOtn/AAAA0IPc/dfGLfY/AAAANCN3/0fjFvsfAAAAmpG7/7q4pZP9r//X/+v/9f/70v8f1/9vpf8/GPvX/y/0//p//f8S+n/9v/6frQ6q/787fr5f1v/n7v9Y3NLJ/gcAAIAe5O6/Pm6x/wEAAKAZufs/HrfY/wAAANCM3P2fiFs62f/6f/2//l//7/n/w6+v/58nz/8fp/9fQv+v/9f/6/9ZqYPq/3fq/bf+de7+T8Ytnex/AAAA6EHu/hviFvsfAAAAmpG7/8a4xf4HAACAZuTu/1Tc0sn+1//r/zf3/4uF/l//r/8/6QD6//WF/n/l9P/j9P9L6P/b7P//Z9FQ/39sx8/X/zNFU+v/c/d/Om7pZP8DAABAD3L3fyZusf8BAACgGbn7Pxu32P8AAADQjNz9n4tbWtr/9+ycvs2//z+65RP1/4vF4rYLPP9f/z/y+vr/yfT/9U9V/786+v9x+v8l9P9t9v+e/6//59BMrf/P3f/5uKWl/Q8AAACdy93/hbjF/gcAAIBm5O7/Ytxi/wMAAEAzcvd/KW7pZP/Pv//f+on6/8VZPf9f/7/xAf2//l//P1tn299fvh6/pun/9f/6/8F+fm2Hf+9Z6P/1//p/Bkyt/8/d/+W4pZP9DwAAAD3I3X9T3GL/AwAAQDNy998ct9j/AAAA0Izc/V+JWzrZ//p//b/+f579/7r+X/+v/x80lef/n3feQ27R/+v/W+z/x+j/9f/6f7aaWv+fu/+rcUsn+x8AAAB6kLv/a3GL/Q8AAADNyN3/9bjF/gcAAIBm5O7/RtzSyf7f3v+fszhZqJ401P9Ho6b/P43+f/P71/8P//jw/H/9v/5//02l//f8/zN7//p//f+c3/+e+v/7b/98/T8tmlr/n7v/lrilk/0PAAAAPcjd/824xf4HAACAZuTu/1bcYv8DAABAM3L33xq3dLL/Pf9f/6//1//r/4dfX/8/T/r/cfr/JfT/Z9/P58+q+v/5Pv//f/X/rM7U+v/c/d+OWzaG3wP+/wz/ZwIAAAATkrv/O3FLJ1//BwAAgB7k7v9u3GL/AwAAQDNy938vbulk/+v/9f/6f/2//n/49fX/86T/H6f/X6Kf/n996IOH3c+frcN+/830/57/zwpNrf/P3f/9uKWT/Q8AAABtu2vj29z9P4hb7H8AAABoRu7+H8Yt9j8AAAA0I3f/bXFLJ/tf/6//b7//f4T+f8vr6//1/y3T/+ev6MP0/0v00/8POux+fu7vX/+v/2e7qfX/uftvj1s62f8AAADQg9z9P4pb7H8AAABoRu7+H8ct9j8AAAA0I3f/T+KWTva//r+v/n9t0WP/7/n/+n/9f0/m0/9fcWToo57/r//X/8/3/ev/9f9sN7X+P3f/HWtHutz/AAAAMFcPe+Cjb9/t971j49v1xU/jFvsfAAAAmpG7/2dxi/0PAAAAzcjd//O4pZP9r//vq//v8/n/+n/9v/6/J/Pp/4fp//X/+v/5vn/9v/6f7abW/+fu/0XcctrwG/w/6AEAAAAOz//t7bvn7v9l3NLJ1/8BAACgB7n7fxW3bNv/J3b5p9oBAACAqcnd/+u4pZOv/+v/J97/L/ap/4/vp/8/Sf+v/x96ff3/POn/x51l/39iTf+v/x+h/9f/6//Zamr9f+7+669ZdLn/AQAAoFGbfkfhNxvfri9+G7fY/wAAANCM3P2/i1vsfwAAAGhG7v7fxy2d7H/9/8T7/zN6/v+x+k+e/995/3/x+uDr6//1/y3T/4/z/P8l9P/6f/2//p+V2kP/vzFI97v/z93/h7ilk/0PAAAAPcjd/8e4xf4HAACAZuTu/1PcYv8DAABAM3L3/zlu6WT/6/8Pof+/5Ohisa/9/y6e/6//76P/3+H12+n/73vu8Zse/sirr9T/c8pB9v/5Y0H/r//X/5+k/9f/6//ZamrP/8/d/5e4pZP9DwAAAD3I3X9n3GL/AwAAQDNy9/81brl3/994WO8KAAAAWKXc/X+LWzr5+r/+v8Xn/8+z/89/1ofQ/x+fX/+fTXHv/b/n/+v/t/P8/3H6/yX0//p//b/+n5WaWv+fu//vcUsn+x8AAAB6kLv/H3FL7v+1Pf/WPQAAADAxufv/Gbf4+j8AAAA0I3f/XXFLJ/tf/6//n0r/nzz//9Tnef7/Sfp//f9e6P/H6f+X0P/r//X/+n9Wamr9f+7+f8Utnex/AAAA6EHu/rvjFvsfAAAAmpG7/99xi/0PAAAAzcjd/5+4pZP9r//X/+v/9f/6/+HX1//Pk/5/nP5/Cf2//l//r/9npabW/+fu/28AAAD//xDQcaQ=")
syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000001080)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x1021408, 0x0, 0x1, 0x0, &(0x7f0000006380))
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1a4a438, &(0x7f0000000100)=ANY=[@ANYRES64=0x0, @ANYRES16, @ANYRES8=0x0, @ANYRES64], 0xb, 0x0, &(0x7f0000000000))
renameat2(0xffffffffffffff9c, &(0x7f0000000580)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./file5\x00', 0x0)

16.623865757s ago: executing program 3 (id=463):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x20)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000001c0)={{{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @in=@remote, 0x4e22, 0xeb, 0x4e20, 0x1, 0xa, 0x80, 0x120, 0x73}, {0x5, 0x9, 0x0, 0xeb, 0x70000, 0x5, 0x4, 0x3}, {0x8, 0x7, 0x80000001, 0x400}, 0x6, 0x0, 0x0, 0x1, 0x2, 0x3}, {{@in=@rand_addr=0x64010101, 0x4d5, 0x33}, 0x2, @in=@private=0xa010102, 0x3502, 0x4, 0x2, 0x1, 0x201, 0x9, 0xb03}}, 0xe8)
syz_emit_ethernet(0x46, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd60f91e2e00107300fc040000000000000000000000000000ff02000000000000000000000000000100000000ff"], 0x0)

16.273333959s ago: executing program 32 (id=463):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x20)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000001c0)={{{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @in=@remote, 0x4e22, 0xeb, 0x4e20, 0x1, 0xa, 0x80, 0x120, 0x73}, {0x5, 0x9, 0x0, 0xeb, 0x70000, 0x5, 0x4, 0x3}, {0x8, 0x7, 0x80000001, 0x400}, 0x6, 0x0, 0x0, 0x1, 0x2, 0x3}, {{@in=@rand_addr=0x64010101, 0x4d5, 0x33}, 0x2, @in=@private=0xa010102, 0x3502, 0x4, 0x2, 0x1, 0x201, 0x9, 0xb03}}, 0xe8)
syz_emit_ethernet(0x46, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd60f91e2e00107300fc040000000000000000000000000000ff02000000000000000000000000000100000000ff"], 0x0)

2.264421279s ago: executing program 2 (id=675):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r1 = openat$cgroup_devices(r0, &(0x7f0000000300)='devices.deny\x00', 0x2, 0x0)
write$cgroup_devices(r1, &(0x7f0000000140)=ANY=[@ANYBLOB='c *:23'], 0xa)

2.108694803s ago: executing program 2 (id=679):
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x818, &(0x7f0000000340), 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=")
unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x2200020, 0x0)

2.046477658s ago: executing program 6 (id=681):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f00000001c0)="0b0312002e0064000200475400f6", 0xe, 0x20000040, &(0x7f0000000140)={0x11, 0x7, r1, 0x1, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x15}}, 0x14)

1.930901493s ago: executing program 6 (id=683):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x7e0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
inotify_init1(0x0)

1.54786779s ago: executing program 1 (id=692):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r0, &(0x7f0000002400)=[{{&(0x7f0000000140)={0xa, 0x4e21, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}}, 0x1c, &(0x7f0000000080)=[{&(0x7f0000000000)="7f", 0x1}], 0x1}}, {{&(0x7f0000000180)={0xa, 0x4e21, 0x100, @private1={0xfc, 0x1, '\x00', 0x1}, 0x1}, 0x1c, &(0x7f00000003c0)=[{&(0x7f00000001c0)="5f03", 0x2}], 0x1}}], 0x2, 0x20040140)
listen(r0, 0xfff)
accept(r0, 0xfffffffffffffffd, &(0x7f0000000680))

1.410176632s ago: executing program 1 (id=696):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000790000000000000000e50000000000000095"], &(0x7f0000000040)='syzkaller\x00'}, 0x94)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r0, 0xffffffffffffffff, 0x32, 0x0, @val=@kprobe_multi=@addrs={0x0, 0x0, 0x0, 0x0, 0xcfe}}, 0x30)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=ANY=[@ANYBLOB="480000001000030500000000fcdbdf2500000001", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800b0001006d61637365630000180002800c0004000400000100c28000050006"], 0x48}}, 0x0)

1.277762772s ago: executing program 1 (id=698):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r0, 0x1, 0x10, &(0x7f0000000040), 0x4)
sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000200)="9e", 0x1}], 0x1}, 0x0)
recvmsg$unix(r0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)}, 0x10040)

1.250973546s ago: executing program 6 (id=699):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x24, r1, 0x1, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x14}]}, 0x24}, 0x1, 0x0, 0x0, 0x40040c0}, 0x4000000)

1.22222153s ago: executing program 0 (id=700):
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r1}, 0x10)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848420000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0)

1.209578954s ago: executing program 6 (id=701):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r0, 0x0)
syz_emit_ethernet(0x4e, &(0x7f00000000c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xc}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f900f5", 0x18, 0x6, 0x0, @local, @local, {[], {{0xfffe, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x1ff, {[@fastopen={0x1e, 0x4, "4d1f"}]}}}}}}}}, 0x0)

1.164934594s ago: executing program 6 (id=702):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
r0 = syz_open_procfs(0x0, &(0x7f0000000200)='task\x00')
lseek(r0, 0x4, 0x2)
getdents64(r0, 0xffffffffffffffff, 0x43)

1.107566193s ago: executing program 1 (id=704):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x6, 0x4, 0x88, 0x4, 0x0, 0x1}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x6a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000780)={&(0x7f0000000880)='sched_process_fork\x00', r1}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

1.105407027s ago: executing program 2 (id=705):
syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
rmdir(&(0x7f0000000100)='./file0\x00')

1.013538205s ago: executing program 4 (id=706):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r0, &(0x7f0000001a80)=[{{&(0x7f0000000000)={0xa, 0x4e24, 0x48, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x4}, 0x1c, &(0x7f00000002c0)=[{&(0x7f00000000c0)='\x00', 0x1}], 0x1}}, {{&(0x7f0000000040)={0xa, 0x4e23, 0x4, @private2, 0x4}, 0x1c, &(0x7f0000000640)=[{&(0x7f0000000140)="b220", 0x2}], 0x1}}], 0x2, 0x8001)
shutdown(r0, 0x1)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000380)=@sack_info={0x0, 0x2, 0x8d}, &(0x7f0000000080)=0xc)

966.063118ms ago: executing program 4 (id=707):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x2, @loopback, 0xfffffffd}}, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6}, 0x9c)

902.44802ms ago: executing program 0 (id=708):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x9fd, 0x84, 0x105}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc)

864.133454ms ago: executing program 1 (id=709):
openat(0xffffffffffffff9c, &(0x7f00000002c0)='./bus\x00', 0x141842, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x1000087}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x4)
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000000040)='./bus\x00', 0x18, &(0x7f0000000300)={[{@space_cache_v1}, {@nossd_spread}, {@ref_verify}, {@compress_algo={'compress', 0x3d, 'zlib'}}, {@clear_cache}, {@noacl}, {@nodatacow}, {@barrier}, {@ref_verify}]}, 0x1, 0x55ae, &(0x7f000000ac40)="$eJzs3X9snHUdB/DnruvaFdeWMOuArGwDJFtEOjdNCCR2bNNpYTnphE3I+gNH0DmtY8NVCCtinIERijWMwQoLbn9MEYqucyiJBewqul8IJtNFBbPFNWOkOBExYTG9u+d299zaHhMpwuu1tM/zvc/z/d73njx/3PvW73MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEHwx+N3TL/t3roJ26+ru++8a85e+2D3kuMX3rq1avND20v2dTz31aNVq1qPLF1w0/2JpkfW93d3BkEs2S+W7t9w2fwrr69vuKI0HLDxc6ltZeVQT5nq+mKqMTbnwcF+uT9NQRAURwYoSm/npXfiOQNkdlfkDzisayf1tE4dP69x28qujc8uu3xL/ktnUOloT2C0pK+rgyeupdrk73jkiEw769KL5Vyiqf7RC+4deREAwFtSk0huMm9H029xM+22aD3Sro202yPt8B1Ce3bjVKTGHTvUPCdH66M0z9pUVCgZcp6Revr8Z9qJaP9IOxI13sI8cw9NR5rSoebZEqmP1jwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k0uuH5m/d49D7/8ldbf/u7h17/16sePrGq8ZaC7/qJ1ix/v2PG9vx2tWtV6ZOmCm+5PND2yvr+7Mwgqk/1iqe6xZ6ri8ZkDddseu6e3puFDC9cUpccNt2OyDg72hzsXVwRBc1blYDhsf3kQJHILyWawIb/wpeTOZ8ICAAAA7yVnJn/HM+1UHCzOaceSaTKW/BdKhcVrJ/W0Th0/r3Hbyq6Nzy67fMupj5cYYrzak46XaVee+IllBeMw/kbHO1EPD12RN87woiNG8/zpx/qnNdfdUHrl7gsWzphdv+XS4CfTD3csX3TfhBfHL9nXXpOX/yuHz//hmZP/AQAA+G/I/9FxhjdS/m+uqZh0cOp3ix67rur44fkP/Lyz7/kn4w8VD3Q//dLYcbf9cnVe/p+c85R5+T+ccZj/48Gp5X8AAAB4N/tf5//avHGGN1L+/8X+zZ//98pvTDk84187Xnj69xdvnVI+/7WyGTe8+cSCVxp2tf0pL//XFJb/x2RPO3xwVzjhZRVBUFP4SQUAAAByhP/vfuKjhTCvpz45iOb1y+4qe3LXG+tvjJ/V8o8zFvfPqv7i7tVf37ApNrChc92O5XNX5OX/2sLyf/E783IBAACAAvxm+y13V395ydYtew7N2XFnYvPYS+a+uuennVf1vXwsUfT8zX15+T9RWP4vGZ2XAwAAAJzEU+MmPnfo0UNfm7177YS9q9rmPD5t3+qFD/xz9t+veOnPxzddWJ6X/xsLy/9l6W165UOq087wrxA6KoKgdHCnJVXoC9o/mSkAAAAAb5Mwpzc1revduX7MrNfOPvzDNSuW/2rvpd++a2P1zQd+XXX7ucf2996Yl/9bhr//f3ing3D9f879//LW/2cVUnf9u8SNAQAAAHg/yl/PH94eP/XNBUN9/36h6/8/euaBko7m8ysnx7dVz3rig31Xra1+fVHHRZ/YfusbH46V//VTefm/rbD8X5S9fTu//w8AAABOwf/b9/8tzhtneCPd/79v3DPnrPnsPT+o/WbZU+e+eXfzd9oPTj9v87QzPlJ0fvecmX/4fl7+by8s/4fb07JfXk94fm6vCIKJgzvpuwluDae7LFLoKs4qpE58pEd92CNd6CrJKiS1RHp8rCIIpgzutEUKp4eF9khhoDxd2BQp7A0L6eshU3g0UugJr7R7y9PTjRZ+FhbSCyy6whUUp2WWRER6HBuqx2DhpD0OZJ4cAADgfSUMz+ksW5zbDKJRtis20gFlIx0QH+mAopEOGBM5IHrgUI8HjbmF8PEfz+1e+so1D9b1Xt1w9KzZe5bc0faBnkW9O7/wo55z/nL1Cws/nZf/NxWW/8NTMTa1GWr9fxCu/09/r2Fm/X9jWKiMFLrCQiJ6x4BE+BypsHtn+ByViXSPgYmZAgAAALynhZ8LFI3yPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sHfvcVJVd4LATzf9oJum6YgBY4ygRkR3aZomGEQcUXRXo4tNJKtjhtAIjXZoAwq4YsyKr3GV6GLUmBjZwY+jJg6r+CDqRIXoiElGJfE5Kz4HnciqS9BR45gs++m+dYqqW112IaC0+/3+0XWqfud569F17r11LgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/P/hsiX3Nrw58H9965ffW/f697409TdTD9m8y19uqHt3yDlPbT5ocN0tbw1asPCNtklnXtsyffk1G1YuDaGlq1xZUrzsoUHl5aP/cMxdt13xcNO0wVPOrcrUm4mHfp1/yjN3Loytvto/hLvLQqhIB0bUJYHKzP26WN8edSF8LmwJZEu01SYl0g2Hh2tCWBa2BLJV3VsTQl1OYMoTD666rDNxVU0I+4YQqtNtvFCdtFGTDgyrSgK16cCciiTw/uZENnBPeRKArVHV3YPxzZB90a9oyc/Q0H1lRV5/lR+3czuZ9PD6xERD8XxvHbaDO5Wj4Lls2aanrduXBttdwdtjtXdbL3i3FWznJZ623C9SmW8om7eEqkP5zLZZ0xd0zI+PlIfGxj7FatpBz/O6TefM2Jp0r3kdxg40bJfX4QO1k+ove3viwStP/uPp+85fO3Vbu/lczibNTe9o1SHzmus1z2M04dP7PNm8LYW3r539aSv4ljTUl64QwvF/+nzZM3Ne2n3jB6+eOPH2Fy6+etrCa6ZMfHbQL8b+47W73D3t8oL5f8NHz//jyznelufljq1+WJ/MzeMjdTGxsT6ZmwMAAECv0Rv2mn519KsvnfrQ3YteXH5cxXfH/eqk3eorzv5+x/G7rhz/xUuvbH98l4L5/9DSjv/HQ/51uaNdHcKErsQFA0LYrevxJPCz2J2TB4SwV1eqJT9wWCqwOoQvdCX2z1aVKtE3lhiaCvy+PhOYkAqsiYGWVODGGFiSClwYAytSgRkxsDoVODwGQnv+OA6oz4yj5EBNDLQmG3FFPAvhnfrYWmpbrctWBQAAsJ1kZoeV+XdzznXY1gxxermipqcM8QzsohmqUzWkZ7DZaVXRGip6qqG8pxqy41700cMvqLmsp5oLTsMoy8/w4ZDvlA+YuPeP7rpxxE3NL0787rtjj//Kn998d/X+//Tf7zln/nUHFMz/mz56/l/dTUfKCo7/hzC562/MXZ6JdGTjrS15GQAAAIBtcNVjS5+84YCj/s99L99355euvaF89dVf/7+vbLxg71HHDS/r+3ffXlEw/59Q2vn/cZ9In5zM4dG4G2L2gBCa8gNJtQcXBpKj3v0yAQAAAOgNssfjs8fC2zO3ySna6fl0Yf6WrcwfD/xP6Db/5Zv++tkvX/vkiQuH7bPhiv925gdlnx/7u12OXTvy8bf2HPYPDX0Lz/9vKe38/9r826QTa2IvrhwQQt+cwCOxl52BLkNj4OVD8wOZ8a+JG2BxrCpzYkK2qsWxRGsMNKUCy4qV+G22xG75gcyTlW38guw42jMlcgIAAADwiYu7A+Jx+Xj+/z2TD/jS/oNeGvPinvcufG3C0hNOrf3hPrfs+vqAjkljDpxwyBHPFMz/W7fu/P+ueXDB6f0d/UIYWRFCn/QPAx6tTRYGjIG6skzi/tqkrj7pqs6rDWF858DSVb2SWf+/Ir3G4BM1SVUxsNveP900rDNxQ00II3MDz3zz+jGdifmpQLbxb9SEMKRztOnGV/ZNGq9MN35N3xD2zAlkqzq5bwidjVWlq3qwOnMdg3RVt1WHMDAnkK3qwOoQFgYAeqn4r3Rm7oPzFp49e3pHR9sZOzAR9+HXhFntHW2NM+Z0zKwu0qeZqT7nLWN0XuGYSr3yzfOZJYqmDrl9eCnp7O8Em3LbyuzHLzhxMHM/fheq7Bpnc2Xe3dHpIQ/fp7CJkPNNqtiQy3fwkGtzK9nyJBbUH/NXhX6h74J5bWc0njV9/vwzRiV/S83enPyNh5mSbTUqva1qu+tbCS+PoqtlpXzcbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/PQx1v+6qTg118/Uljms7DnX3ipxKPolPDQkJid6WmL6k7PwJ0359/7f2WHPaWSft8fd7zBxx0l9d/pu5JzYeMvlX1//l2oL5/9yPnv/HT534yZ9Zn6HY8f+GeJg/eXzLYf7WGFhW6vH/hmJH87MnBgxNBRbFwCKH+QEAAPhsiLsj497MuFf6urp/uvvImTMOef+XJ0y5+m/Hjjv1rPX7Nlx89bFL/sP6d5asOuLtgvn/otJ+/7+d1v/PLl3/tWLL/O8fSzQVW/8/vcx/dv3/RcXW/08v859d/3/Zp7D+/4JsILVJ3rH+PwAA8Fnwya3/3+Py/ukLBBRk6HF5//QFAgoy9LiMf6kXCNjq9f/ndPxF7aDL54w7dMTcHz+yau8lA2/70vMTf73P0oNG3LvylvdG3Vow/19S2vzfwv0AAACw83jol32/ffG7w+5/6pH3jyy79Lcbbzr+r9oOOOQPA5tPmXx0zfdv+reC+f+y0ub/n/z6f6HY+f9DiwVaii0MaP0/AAAAeqli6//dPPDloavnj7jxsZ+/ectLrb+YOf61f7fkB1+ZPqzp5jXrftMwY33B/H9FafP/eNpFeV7u2JsP65M17UJ6TbuN9dmfDAAAAEDvUB4aGytLzJu3MuphH7/NdZmlQD8qnevp+watWlD+0FVl1Rt/cMm0QxrPPfbMOUdetP77tU/+pHZqY/UZBfP/1aXN//N+l/FA7aT6y96eePCHK0/+4+n7zl87dcvxfwAAAGDHKXW/BAAAAAAAAAAAAAAA8Ol7qnXpQR+MOvqNmXuN+tM3jn3hB4u/+M1H/ubaP5/588Pv26t987ApBb//D5O7yhX7/X+87l/8fcGuebljqz2v/5e5P+WYWxd2LVn4aH0I++QGZp8/+3Mhc23+/XIDq6buP7gzcX66xH0vHv5aZ2JaOnDUiF3e60yMTwVa4yKJX0gH4lUV3+ufCsTlFZ9MB+L2WJEOVGUCl/RPxlGW3lYb6pJtVZbeVs/VhTAgJ5DdVnfXJW2UpQd4VSqQHeDp6UAc4KRMoDzdq1v7Jb2KgbpY9G/6Jb0CAGCnFb8FVoZZ7R1tTfErfLzdvSL/Nspbsuy8wmrLSmz++czSZFOH3D68lHSf9HfRLdcarwzVnUMYVfB1NTdLWdcot08tPWy6XYsMuafV3sqLlEvb2k1XVXxENcmIGmfM6ZhZ2ePAR/ecpbmixyyjCiY7uVnKuzZpCbWU0JcSRlTitimhy/F+eWhs7JPKNS4GG0Kenl4Rpf5eP3edv2Kvgtw8f1tz7aV9Bvd5/9/GX/TQgwMqO06d3HbR7o/988BRM3/8wwdbr/l9wfy/obT5f3XuuN7LXAxgUbyy3sEDQmgtcUQAAADw2fc/z11+x4lz1myYtbri2d/9bnb5cSdWbj7nrnPOvui5+xcfdcm/v3lb4yvKntp04hubzvrrN37ylesePuulw2ecddekdYesb6u+8bt/sfzUIQXz/6Glzf/jHqzMoeBkb8fqeP3/CwaE0HVp/YYk8LM43JMHhLBXV6ollkguqP+1WKIpCfws7jDZP5Zobcmvqm8MrEgFfl+fCaxOBdbEQGYvxU9DZlfOFfUhjOlKTc4vMTeWaEgFjouBoalAYww0pQL9Y2BCKvBm/0ygJRX4xxgI7fnb6s7+mW0FAACwNTLzrMr8uyE9z1tR0VOGsp4y1PaUobynDNU9ZSg2inj/jpihMnXySllOpsp0rTWpWgoyxIvhb3W/CjKE3+bnTBcsaDqef5A936AsP8O4H97RetDX5v1408U/evzIAy88csmVb196dL/BVz77v9vP7dd/U23B/L+ptPl/bf5t0vqaOP/fcv2/JPBI7N6V8dTxoTHw8qH5gcyOgTVxsrs4W1VLpkRm0r44lpgQA0NTgbkxMCEVaJ2cCSwbnB/IzLSzjV+Qbbw9UyInAAAAAJ+4uIMg7qaJ8/+V48I7exz5fvPuVw6cO+7xR847YnrNrtU1/zx+7dLxl1Y/tF/fgvn/hNLm/7G9frmNXRh782r/EO4u29KbbGBEXRKI+zHq4s/j96gL4XM5OziyJdpqkxJVqYbDwzXJL9Sr0lXdW5OsMRDvT3niwVWXdSauqglh35y9L9k2XqhO2qhJB4ZVJYHadGBORRKIe36ygXvKkwBss+xewfiCypzqktXQfbkir7/PyjVB08Mr2AfaTb7ufnO1o1SnH8jsU83auqetoDp2iIK3x2rvtt74bmvwbsv9IpX5hrJ5S6g6lM9smzV9Qcf8+EjuL1kL7KDnOfdXqqWkt8PrcNHH723PqtMdaEp9fDR1X67712FZrO6B2kn1l7098eCVJ//x9H3nr51acjeKiD8UPvjWuQc8l7N5d7TqkHnN9brPkxafJ73x38BQT1sIYfkFs5584l/ef75iffN/OXDs8tvefGz5Tw56YNaIL2y45Msb33r3qIL5f0tp8/+K1G2XD+LGnDcghOE5G/fRuPknDkg+B3MCyafkwMJAcsh9fX3RT04AAADY3rK7O7L7C9ozt8kJ4el5cmH+lq3MH/dXTOg2f6n9HjjmH7536FWvf+Pr63e//NGlT637T2++csS0Qx/Y9PSKla83H/v5pwvm/60fPf/vm+qm4/+O/7ODOP7frZ19V3Tf9AOLtmlXdEF17BCO/3drZ3+3Of7fLcf/Hf/vjuP/PXD8v1s7+9NW8C1pri9dIYTWATfc/ova6cP7XXHOt2as/fnT7zSNe6Hu3KPv/B+HLw7XnLfqzwXz/7mlzf+t/9f9on3Z9f9ai63/N7fY+n+LrP8HAADsUEUWmkvP8wpW7yvIkF69ryBDjwsE9rjEoPX/tnr9v9qTzj7plfq39rpm4u3/+c7pFz5/0onP7tvn+RNuP+GmkVcPf+nLGwrm/4tKm//Hl0O/3NZ7y/p/QycXqWpJDMy1MCAAAAA7o2I7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPh0rXhw8Rc3L97noJue/fxNh//rsjWz9v7VAZtHjzm5cfjigWVX/t2/vDVowcI32iadeW3L9OXXbFi5NIT2rnJlSfGyhwaVl4/+wzF33XbFw03TBk85tzpTb2Xm9ot5uWOrH9aHsCznkbqY2FjfeWdLYMoxty6s6Ew8Wh/CPrmB2efP/lxn4sb6EPbLDayauv/gzsT56RL3vXj4a52JaenAUSN2ea8zMT4TKEt397r+SXfL0t29rH8IA3IC2e5+u39+Vdk2/mMmUJ5u4+a6pI0YqItFf1SXtBEDHbFEe98QRlaE0Cdd1a+rk6r6pKv6++qkqj7pqv5rdQjjQwgV6aperEqqqkiPfG1VUlUM7Lb3TzcN60wsqwphZG7gmW9eP6YzcXoqkG3861UhDOl8yaQbv6Myabwy3fhVlSHsGUKoSpf414qkRFW6xCsVIQzMCWQbP7UihIWBz4T44TMz98F5C8+ePb2jo+2MHZioyrRVE2a1d7Q1zpjTMbM61adiynLSm8/7+GN/ftM5Mzpvpw65fXgp6YpMucquLjdX5t0dvbP3PvarNreSLc9HQf0xf1XoF/oumNd2RuNZ0+fPP2NU8rfU7M3J3z6ZaLKtRvWWbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/22Oo13/yQ929IqeST+IDQEJCorclyvM+3Zp29g/ygi/6WzpaGaq7PqALphW5Wcq6Rrk9Bn3Yxxzxx/me0uOIRhVMHAqyNPecZXTBZGJLlpokS9f3uoLJYW5N5V2bNN4vD42NfYpth4b8u7mb961t2LzrMpuu1DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD/2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBYAAAAAECYv3UYPRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlwIAAP//WKHPZA==")

862.645164ms ago: executing program 5 (id=710):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x33, &(0x7f0000000000)=0x7, 0x4)
setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000240)=0xf2b, 0x4)
getsockopt$inet6_buf(r0, 0x29, 0x6, 0x0, &(0x7f00000000c0))

858.6795ms ago: executing program 4 (id=711):
pipe(&(0x7f0000000080))
syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
r0 = socket(0x10, 0x3, 0x0)
write(r0, &(0x7f0000000000)="3c00000058001f000307f4f9002304000a04d65f0800010002010002170003800500000099db973b91aa057972513500b0406700912deb5b85932234", 0x3c)

740.737571ms ago: executing program 5 (id=712):
r0 = syz_io_uring_setup(0x49a, &(0x7f0000000140)={0x0, 0x79b0, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000080)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_TIMEOUT={0xb, 0x11, 0x0, 0x0, 0x0, &(0x7f0000000100), 0x1, 0x40, 0x1})
io_uring_enter(r0, 0x627, 0xc1040000, 0x43, 0x0, 0x0)

655.165771ms ago: executing program 0 (id=713):
r0 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r0, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
bind$tipc(r0, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x3, {0x41, 0x2, 0xfffffffd}}, 0x10)
bind$tipc(r0, &(0x7f0000000100)=@name={0x1e, 0x2, 0x9d3354bba4295a8d, {{0x41}}}, 0x10)

513.877452ms ago: executing program 2 (id=714):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0xffffffffffffff4a, &(0x7f0000000200)={&(0x7f0000000080)={0x18, 0x16, 0xa01}, 0x78}}, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), r0)
recvmmsg$unix(r0, &(0x7f0000006b40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x2, 0x0)

491.189913ms ago: executing program 4 (id=715):
r0 = socket(0x2, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f00000004c0)=0x517, 0x4)
r1 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000500)={0x2cf67cb7e14e88d0})

483.055224ms ago: executing program 5 (id=716):
ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc02c5625, &(0x7f0000000180)={0x8000, 0xc5f7, @value=0x1})
r0 = add_key$user(&(0x7f0000000080), &(0x7f0000000300)={'syz', 0x3}, &(0x7f0000000600)="00ef2cd143d7056ca618d90b54804dfa8677e960733b14c59c33193f2b8e59e988390c3a94fa9aa92c376aa22daca989abeec5363a225ed17c35599b56acbc1309309ff7e1b14f1f03f7d64c76012071a27bce9f02950e6f33", 0x59, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000000)={r1, r1, r0}, &(0x7f0000000480)=""/205, 0xcd, 0x0)

430.080131ms ago: executing program 5 (id=717):
syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000000)='./file2\x00', 0x3000812, &(0x7f0000000400)=ANY=[@ANYBLOB="71756965742c636f6465706167653d63703836302c696f636861727365743d63703836312c00808fead042bd35dc78f7f06333a5e7165b8271e41aee85e59cbb6c2df3d4e5c16b06c73f2e3b348a7fba46e286378a15ee516bac8d4813c9c3d9cee1ddb95d1bbcf504e065b3749a1cbd841e685a558598cf0db10b55885946e678d0a71877037a090000000700848879ef1604cadc1faca3aa22a576750d559c4e124d4cb7293e7393b77286fa8c6dc449eda0a03d342382e84d6d3c29ab95cc923fbe25e134d1c421320a3bffaa17fcd6b5178e322cc47133b3811e3d3bc34998dc7ed029834ad591d9d56c41063d8de2d50a2398e73ff2913a9fe8e954a4e4ca99ceb5737e57193c5f47fd63b16c8b34f256dbac0e5ebd009078df2cb1ca1051ad091adbfee5126d8a59fa5438734bc3e8cc7b7edc10716a0a9b711952cdf96586e06fbace21dc04bdb4a1a2072ce5f72cf0", @ANYRESOCT, @ANYRESDEC, @ANYRESDEC, @ANYRES8, @ANYRESOCT], 0x11, 0x2f0, &(0x7f00000019c0)="$eJzs3c1qE18Yx/HfmaRN+m/+NX0RwWW1oBvRuhE3EcktCOJCtG2EYqioFdSNqbgS0b17b8GLcKN4A7pyIV5Auxo5Z16SSSYzaWkyDX4/oE5m5pnznMzbcwJyBOCfdbP549PVX/aPkUoqSW+vS56kqlSWdFpnqs92drd3262trAOVXIQOfBkFkWZgn82dlvt3L7naxrmIUN1+KqvWuw7j4fv+jZ996357BSWDwri7P4UnVcK7022vTjyzbHtHjOsccx7TxuxrX8+1UHQeAIBi2ff/XlD42/d8LazfPU9aC1/7J/L9f1T7RScwdn7m1p73vxtl+cae31NuU3e854ZwdrsXjRJHaXmm7/OsgkIyUWCavFGly8Wbe7Ddbl3afNTe8vRajVDPbitxCyF7heZku5oyNs0wQt9NakUZpOXN2D6sD8l/+YgtZhgYviVOiPlivpm7pq6P2orrv7JvbLYu4XrfmQryvzy8vXkXZfdS+NhoNBqeO1Bk0TVyNnmmcnpZTR+RKPpiF5X8gaCel6eLWuqLCnp3JTWgEkctp0atR5+GtLWSiLK9ia/m4VmOm3lvbptV/dFnNXvqf8/mt6bMO7N715i14EZz33jQn9n05srumPWBN0dHd2rJNfG3WBmW+kH2Mw0jiM7hO23omhaevnj5sNRut57YhfspC49r8ZqZN1LqPgUvqNNdU5HvDOwcPQMnmdjFYz2gfX7k7mzvsol0cKxXgrwTcmkNWWh+HdeF5FdOQgf/L/ABhUnqnvSiM0FBbN1lgvGfq+TDet8VCvavW5XhdXpUkKWVbK56D4/o2xo7HgFVE/FLbum/ZBmdMzaYD+uYlHFcR6ONuc5dkM6P3mI9zHM6+K9ydjBNfdc9fv8HAAAAAAAAAAAAAAAAAACYNof/HwJzh44quo8AAAAAAAAAAAAAAAAAAAAAAEy7eP5fRfP/arT5f/unYgnn/60qZ/7fjcEcBub//bAj05GY/xcYr78BAAD//xzCgK4=")
syz_mount_image$hfs(&(0x7f0000000100), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000000c0)={[{@iocharset={'iocharset', 0x3d, 'cp863'}}, {@codepage={'codepage', 0x3d, 'cp950'}}, {@type={'type', 0x3d, "3ae6f83f"}}]}, 0x1, 0x2e5, &(0x7f0000000140)="$eJzs3U1PE0Ecx/HfbFsoD8EVMCZeNCiJXoioB+OlxvTq3ZNR25IQG4iAiXoRjUfjC/DuW/BFeNH4BvTkybucHDPTadnCdkvFshS/n4RmOzuz+5/OPsx/Y60A/LfuVL99uP7D/RmpoIKkW1IkqSwVJZ3R2fLTta3VrWajnrWhgm/h/oxaLc2+OrW1RlpT1863CGL3rqjpZBmGw1p7+3veQSB3/uxPEUnj4Tz068tHHNewbEvn847hqCUH2OxoR880k2M4AIBjINz/o3CbmPZFRlEkLYbb/om6/++cnK44N5r7imxmg8T938/urHHje8qv2s33fArn1kftLPEgwZT2vB9T68jqmmCaflmljyWaWFktaqn2SvVIr1UJEtXm/Wu9dei29Yl2ISU3zdB7ayXdnWz1xs8o92qHtLLabIy7hZT45wbb4+GZT+aLuW9ivVe9M/8rWuOGyY9UvGekopKL/2rvLU75Vq6WQtpfqVSiriqn/U7OhT0EfXpZTs9IkttsPyDY7kSQFaff96y6Hyu0erfcp9VcWqu4865Hq/muVoVwJCzV1puZj1KGo91F887cMwv6qY+qJub/kYtvUYkzM+v6aHzNcGTU1vXb2rH0mkVfM953ud09XS50IgjGB+4bpAGflr3VI93UzObzF48LzWZjwy08TFl4Mr1hQknpjZRaZ/gLBWXU0fZuiXVeWnvQLdtDBGb6fRpX+m/n18F36q4fnRJ3+qRVdmdZpyT6B5+8NTkM93FfqH5W1gE5OgvWSj1WDe06hWNk07QHPRRM5BwQjpqbd5lW/udn8mFW51Mk9xJnzNOzk0x1bXG5k8F1TwVn/evkQBncVO8MLrHHaz1yRp9zXbwsXUoUGmXuMQ5xnhCmqq96wPN/AAAAAAAAAAAAAAAAAACAURP+0X/7K5tD+aZBzl0EAAAAAAAAAAAAAAAAAAAAAGDk/dXv/6b9H/H+939jfv8XGCF/AgAA///7WndM")
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)

355.291516ms ago: executing program 0 (id=718):
r0 = fsopen(&(0x7f0000000000)='binder\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0xf)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0)

354.511495ms ago: executing program 2 (id=719):
socket$packet(0x11, 0x2, 0x300)
r0 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000100)=@hci={0x1f, 0xfffd, 0x5}, 0x80, &(0x7f0000000040)=[{&(0x7f0000000300)="2705020029ff14000600002fb96dbcf70606", 0x12}, {&(0x7f0000001680)="1c393502dda1a67d93b1ceccbe972c4fef9c33ecf2d824f3a33513f45f472bbdc8e3a2275f2587f0da0b3ae419bed996116448f90d113ce98aa985f379d729430858f5cb9a668a1800bf2354b33cdff83033de518580a3080d7f4cc2406e071138439e1566dd17983ee153ab672f362d3292e24a9952f18ec3d8b37bb3391096c1d4442a754899299321c03cbcfb98a26994b2a072c2b9d9c70d619545e5f61b050e40166d2ff57dcc008f24fd5339e7bc21e25863f80d2487c30b6bf781608a31d68e9319ab1712d8f5bdde849c040417c864cbfd3923dcb9fc6bdc2ea53334184b03efcb631dc68f0a7b6e13eea4b80d4237120e32932ca4e2b50bad0a35496d36a191d91f03b477b9587bc0ba489932e34f819fa1524ebad53a3d94b46c6aeff4f42fa067729fbb2862c09d337a75e0c8429d4bfe0dee2e1e23e8c22787178600ecca135623731e4701f35bd4e7c936a8ee27010000002328a5aba1161b05889b045696721c79bff0547efe051f3c5de77fdd3c77afd41a1a7747a982b7efb0d6bac7d3ad1f9b7c3a5a1448b35696f03bca1c875e346edc55b7a271c3e5f3c0df72c8e4d7cccfa2e9b598f0ae06efbc1a5d5bd91aed6b32deccf7755cef50fab72633c802533b9d94f17f9be978f2514c47671575ee528fbdddc6194328e605e4d10e293756d20eb8a545f2bfe48df5d1d98a270458392a0a57647dcb8ee005e78877a072d12d0429b9b9957a695c3289b4a59469691115e6ba204181708b9d1ae47418ed594b8128f20c100f0600000060d73ab818da73fab78caf42afd1f89cdb29dfdd6676c55ea00d35321bc4878170c62b056b4e03ae556ac804026cabcbc8e79e7a18f2f56442cd650aa2bc88f62ebb65bfafd3e5b4c62ac2e720ff0fdf03c46889df55ff91058319c953f90cd6e7f7b15d56a58ff6128357510c4c618aa25434881d58c39092969ba1f7c444465f16d1f2561991e357bda928f2a50422f774f318fb41169a0d0324a8efd19b940a17c28cda06b750cd02155dbdbd1dc695e190a997ae8f4bb8766983d8db8678a78ae8f044b868549e9c60f7ce25a36300ce07f304e75d285e914b3aec703969df969b81bcd3732736dd99fcab1944c751f8ef4c34cbb86d5f27ef9982be245949d5579b540750d1eac428b0cd2541295b577573b27e9ecac3934987e85b44bc85e6e307cf6f5683bf1c817369d556a321d20657f9021828082b9c68bc5560a1737aa2bec3cac4689e04fbe851ed4b6c1a355950522f8918af3855fe97ec285da15a20e8119483e7419fa2b0639d5add10b396a8033ec2b98d9a9fca3fc4202d0a6bcfa55798eacafa4c8efafb73a2ab89bb58b0c20364a6ad9c233dfb1bdbb87b8f91e3ab9790e876f906107183419aa7480e327388c01dc5f2d5bcb8a7565cddc4e1275741116416b66bf3adf9e7e31c3fc518740446ed2a394e7699baf9408c62b4c0e7a11dec8f4a67e78a3f00bedae9f55f36c52a1fd4ee3a8be7285f9ca898ee63d3718a7c4603bcb9a24537b34a41a6c0eee4cc609b014d3f4fb928aa7e3fa7a4f97dcef5c0e526b650284ffeda82f603ed9ea1eb6627d29d8bcd6c7e6fe128b1c4463b2cfe50c0ff9a46090635dde4b4d4a984e5a91f7486856cd2bf85088fa4d27b219628be8cdba7004d00985a73fb5b0b4b0f96844e73a8ff7884bdee1a0d6e62decfeebfb56351c135e6580fd61ea806ee5592fe4ffba5c73b8a4a04d44aa52645320cb73fe0c5f14a971d3b3f64c85f5ebaab5e1a061f5186050230286331048e43368e45cfc88e8f4d0d3b1b86b64d5394bc68c2b754389b3c18a45c1edb0496dd88cb3113bbdf1a0f127eb8cd52caf8da95b83d0decad3775b2f2e43776d0d32d447cdd0b267b32775e3473f51a233f8c91a4c07ad669da1844f3d9554f399d43ca1eda29c5c761b3936f845f0c4d1c090000004b5ab3291e06cd86de6116fc3236a11343d6f4ad02199717054ac15b0d0000000000007bd4bea33c0ca36e2c4209026849de21c1da1057f353cc824947d75119e4501b98cb9e", 0x5b3}], 0x2}, 0x48011)

268.720917ms ago: executing program 4 (id=720):
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_subtree(r0, &(0x7f0000000200), 0x2, 0x0)
read$FUSE(r1, &(0x7f0000000240)={0x2020}, 0x2020)

203.293598ms ago: executing program 0 (id=721):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRESDEC], 0x24}, 0x1, 0x0, 0x0, 0x50}, 0x0)
recvmmsg$unix(r0, &(0x7f0000008f40)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000580)=""/199, 0xc7}, {&(0x7f0000000680)=""/4096, 0x1000}], 0x2}}], 0x1, 0x40000000, 0x0)
write(r0, &(0x7f0000000100)="1400000052004f7fb3e4bf80a000080000000000", 0x14)

161.464285ms ago: executing program 5 (id=722):
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x80, 0x1}, 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

69.162554ms ago: executing program 6 (id=723):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x28, 0x140d, 0x4, 0x70bd29, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x1)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)

69.058613ms ago: executing program 4 (id=724):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x4, 0x1}, 0xe)
connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @none, 0x2, 0x1}, 0xe)

28.528465ms ago: executing program 1 (id=725):
syz_open_procfs(0x0, 0x0)
clock_settime(0x0, &(0x7f0000000240)={0x77359400})
clock_adjtime(0x0, &(0x7f0000000640)={0x7, 0x9, 0x380000, 0x8, 0xfffffffffffffff9, 0xfffffffffffffff7, 0x9, 0x0, 0xae, 0x6, 0x7, 0x4, 0xfffffffffffff04f, 0x7, 0x80000000, 0xfffffffffffffff8, 0xffffffffffffffff, 0x6, 0x0, 0x100, 0x4, 0x2, 0x5, 0x3, 0x8, 0x8})
clock_adjtime(0x0, &(0x7f0000000900)={0x6, 0x20000000e, 0xf, 0x0, 0xf, 0x8000000000000000, 0xa, 0x2, 0x9, 0x4, 0x5, 0x8000000000000000, 0xc, 0x9, 0x7, 0x9, 0x8, 0x3, 0x8, 0xfffffffffffffffa, 0x0, 0x5, 0x7, 0x7, 0x3, 0x6})

26.881708ms ago: executing program 0 (id=726):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
sendmmsg$inet(r0, &(0x7f0000006980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000000400)=[{&(0x7f0000000200)='T', 0x1}], 0x1}}], 0x1, 0x810)
listen(r0, 0xc6)
accept4(r0, &(0x7f0000000180)=@ax25={{0x3, @default}, [@rose, @netrom, @null, @netrom, @null, @null]}, 0x0, 0x80800)

6.144006ms ago: executing program 2 (id=727):
r0 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, &(0x7f0000000240)={{&(0x7f0000c00000/0x400000)=nil, 0x400000}})

0s ago: executing program 5 (id=728):
r0 = socket(0xa, 0x3, 0xff)
syz_emit_ethernet(0x3e, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa3986dd6c370c8900082b0100000000000000001700ffffac1e0001fe8000000000000000000000000000aaff"], 0x0)
ioctl$SIOCGSTAMP(r0, 0x8906, 0x0)
recvmsg$unix(r0, &(0x7f0000000dc0)={0x0, 0x0, 0x0}, 0x40000102)

kernel console output (not intermixed with test programs):

t to access beyond end of device
[   84.654207][ T6319] loop0: rw=1, sector=1224, nr_sectors = 64 limit=256
[   84.668850][ T6319] syz.0.130: attempt to access beyond end of device
[   84.668850][ T6319] loop0: rw=1, sector=1320, nr_sectors = 36 limit=256
[   84.701366][ T6323] loop1: detected capacity change from 0 to 4096
[   84.716969][ T6323] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512).
[   84.746251][ T6290] loop4: detected capacity change from 0 to 40427
[   84.791732][ T6290] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[   84.797695][ T6323] ntfs3(loop1): Failed to load $Extend (-22).
[   84.811442][ T6290] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[   84.815521][ T6323] ntfs3(loop1): Failed to initialize $Extend.
[   84.842469][ T6290] F2FS-fs (loop4): invalid crc value
[   84.946014][ T6290] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   84.979767][ T6290] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[   84.988952][ T6290] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   85.080077][ T6340] loop5: detected capacity change from 0 to 128
[   85.128561][ T1162] kworker/u8:7: attempt to access beyond end of device
[   85.128561][ T1162] loop4: rw=1, sector=45096, nr_sectors = 16 limit=40427
[   85.157197][ T6340] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   85.228189][ T6340] ext4 filesystem being mounted at /13/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   85.414341][ T5866] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   85.440908][ T6356] loop2: detected capacity change from 0 to 1024
[   85.495121][ T6356] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[   85.544089][ T6356] ext4 filesystem being mounted at /19/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   85.724519][ T5859] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[   85.806745][ T6375] loop4: detected capacity change from 0 to 1024
[   85.865748][ T6375] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   85.871101][ T6387] syz.1.159 uses obsolete (PF_INET,SOCK_PACKET)
[   85.896294][ T6375] ext4 filesystem being mounted at /18/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   85.988253][ T6375] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[   86.043906][   T24] cfg80211: failed to load regulatory.db
[   86.061738][ T6393] loop2: detected capacity change from 0 to 512
[   86.072924][ T6375] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 319 with max blocks 1 with error 28
[   86.086549][ T6375] EXT4-fs (loop4): This should not happen!! Data will be lost
[   86.086549][ T6375] 
[   86.097335][ T6375] EXT4-fs (loop4): Total free blocks count 0
[   86.103837][ T6375] EXT4-fs (loop4): Free/Dirty block details
[   86.109892][ T6375] EXT4-fs (loop4): free_blocks=4293918720
[   86.116129][ T6375] EXT4-fs (loop4): dirty_blocks=16
[   86.120158][ T6393] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   86.168496][ T6375] EXT4-fs (loop4): Block reservation details
[   86.183010][ T6375] EXT4-fs (loop4): i_reserved_data_blocks=1
[   86.200275][ T6393] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=800ec018, mo2=0082]
[   86.266889][ T6393] EXT4-fs (loop2): 1 truncate cleaned up
[   86.269704][ T6400] loop1: detected capacity change from 0 to 8192
[   86.294506][ T6367] loop0: detected capacity change from 0 to 32768
[   86.301950][ T6367] XFS: noikeep mount option is deprecated.
[   86.302493][ T6393] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   86.324508][ T5861] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   86.346124][ T6385] loop3: detected capacity change from 0 to 32768
[   86.415848][ T6407] loop5: detected capacity change from 0 to 128
[   86.423908][ T6367] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   86.447291][ T6407] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256
[   86.507430][ T5859] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   86.533502][ T6367] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[   86.549774][ T6407] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   86.575915][ T6367] XFS (loop0): Starting recovery (logdev: internal)
[   86.617083][ T6367] XFS (loop0): Ending recovery (logdev: internal)
[   86.623127][ T6420] loop3: detected capacity change from 0 to 1024
[   86.634785][ T6420] EXT4-fs: inline encryption not supported
[   86.651649][ T6420] EXT4-fs: Ignoring removed i_version option
[   86.676878][ T6422] loop2: detected capacity change from 0 to 1024
[   86.682567][ T6420] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   86.722998][ T6422] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   86.742866][ T5850] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   86.750312][ T6420] EXT4-fs error (device loop3): mb_free_blocks:2017: group 0, inode 15: block 177:freeing already freed block (bit 11); block bitmap corrupt.
[   86.768117][ T6422] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.171: bg 0: block 280: padding at end of block bitmap is not set
[   86.791367][ T5942] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   86.799105][ T6422] EXT4-fs (loop2): Remounting filesystem read-only
[   86.811244][ T6422] EXT4-fs warning (device loop2): ext4_xattr_inode_lookup_create:1597: inode #18: comm syz.2.171: cleanup dec ref error -117
[   86.821823][ T5856] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   86.877133][ T5859] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   86.942613][ T5942] usb 2-1: config 0 has an invalid interface number: 128 but max is 0
[   86.962604][ T5942] usb 2-1: config 0 has no interface number 0
[   86.982204][ T5942] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[   86.999132][ T5942] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   87.016613][ T5942] usb 2-1: Product: syz
[   87.025288][ T5942] usb 2-1: Manufacturer: syz
[   87.036004][ T5942] usb 2-1: SerialNumber: syz
[   87.054895][ T5942] usb 2-1: config 0 descriptor??
[   87.069249][ T6442] mmap: syz.3.179 (6442) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   87.137747][ T6447] input: syz1 as /devices/virtual/input/input6
[   87.202479][ T6453] loop3: detected capacity change from 0 to 512
[   87.239590][ T6453] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   87.254537][ T6453] ext4 filesystem being mounted at /42/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   87.304534][ T5856] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   87.480988][ T6463] netlink: 8 bytes leftover after parsing attributes in process `syz.4.189'.
[   87.490106][ T6463] sch_fq: defrate 4294967295 ignored.
[   87.499090][ T5942] usb 2-1: Firmware: major: 154, minor: 51, hardware type: ATUSB (1)
[   87.557417][ T6467] loop3: detected capacity change from 0 to 16
[   87.596325][ T6467] MTD: Attempt to mount non-MTD device "/dev/loop3"
[   87.708557][ T5942] usb 2-1: failed to fetch extended address, random address set
[   87.762008][ T5942] usb 2-1: USB disconnect, device number 3
[   88.226163][ T6490] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.200'.
[   88.338785][ T6481] loop5: detected capacity change from 0 to 32768
[   88.346711][ T6481] BTRFS: device fsid 3a375e4e-b156-4d76-a2ad-16e198ce1409 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.197 (6481)
[   88.389887][ T6481] BTRFS info (device loop5): first mount of filesystem 3a375e4e-b156-4d76-a2ad-16e198ce1409
[   88.410343][ T6481] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm
[   88.470530][ T6481] BTRFS info (device loop5): using free-space-tree
[   88.813663][ T5866] BTRFS info (device loop5): last unmount of filesystem 3a375e4e-b156-4d76-a2ad-16e198ce1409
[   89.042849][ T6530] loop0: detected capacity change from 0 to 2048
[   89.102802][ T6530] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[   89.145718][ T6530] NILFS (loop0): mounting unchecked fs
[   89.158661][ T6534] loop1: detected capacity change from 0 to 512
[   89.196188][ T6534] EXT4-fs: Ignoring removed nomblk_io_submit option
[   89.222110][ T6530] NILFS (loop0): recovery complete
[   89.237164][ T6534] EXT4-fs: Ignoring removed i_version option
[   89.261138][ T6536] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   89.315539][ T6534] EXT4-fs (loop1): 1 orphan inode deleted
[   89.352000][ T6534] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   89.560216][ T6540] ALSA: mixer_oss: invalid OSS volume 'A1é4ó1Ø=w”�ÄVe]'
[   89.620875][ T6540] ALSA: mixer_oss: invalid OSS volume 'ÊÒ±BËÂì;T`¿@$™¿¾E÷ócXÆMYdŸè,'
[   89.651692][ T5853] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   89.720713][ T6540] ALSA: mixer_oss: invalid OSS volume 'b«Ž@hé#'
[   89.756195][ T6540] ALSA: mixer_oss: invalid OSS volume '•‘h4¿–ÐX¬„S4v=0�_>¤&äÏ'
[   89.835249][ T6540] ALSA: mixer_oss: invalid OSS volume '|œ/"tj'
[   89.906299][ T6540] ALSA: mixer_oss: invalid OSS volume '-z5²Šc^÷Jƒå6�$̹�'
[   89.991577][ T6540] ALSA: mixer_oss: invalid OSS volume '0ÉóT„®°yòÝäî¬ó‰´ª‡—‚j–P&†³aït'
[   90.066115][ T6540] ALSA: mixer_oss: invalid OSS volume '÷|á¥ó~‚\'
[   90.066756][ T6521] loop4: detected capacity change from 0 to 262144
[   90.093038][ T6521] F2FS-fs (loop4): invalid crc value
[   90.102168][ T6540] ALSA: mixer_oss: invalid OSS volume '­É@ô^3bÉœ‘}˜ÔG�$º#\Ä("/øoúLÛ'
[   90.175610][ T6521] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   90.185449][ T6540] ALSA: mixer_oss: invalid OSS volume ''
[   90.185473][ T6521] F2FS-fs (loop4): Start checkpoint disabled!
[   90.227134][ T6521] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   90.406898][ T6566] loop1: detected capacity change from 0 to 512
[   90.483474][ T6568] netlink: 20 bytes leftover after parsing attributes in process `syz.3.226'.
[   90.493825][ T6572] loop5: detected capacity change from 0 to 128
[   90.512764][ T6572] EXT4-fs: Ignoring removed nobh option
[   90.537725][ T6572] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   90.554781][ T6572] ext4 filesystem being mounted at /28/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   90.663518][ T6572] fscrypt (loop5, inode 12): Unsupported log2_data_unit_size in encryption policy: 179
[   90.796065][ T5866] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   90.845836][ T6583] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode
[   90.870668][ T6583] macsec1: entered allmulticast mode
[   90.880907][ T6583] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode
[   90.922576][ T6583] mac80211_hwsim hwsim4 wlan0: left allmulticast mode
[   90.950694][ T6583] mac80211_hwsim hwsim4 wlan0: left promiscuous mode
[   90.956724][ T6558] loop2: detected capacity change from 0 to 32768
[   90.973435][ T6558] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.221 (6558)
[   91.023962][ T6558] BTRFS info (device loop2): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[   91.062608][ T6558] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[   91.100530][ T6558] BTRFS info (device loop2): using free-space-tree
[   91.357836][ T6616] loop5: detected capacity change from 0 to 1024
[   91.365769][ T5859] BTRFS info (device loop2): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[   91.405280][ T6616] EXT4-fs: Ignoring removed nobh option
[   91.415666][ T6582] loop0: detected capacity change from 0 to 32768
[   91.439258][ T6616] EXT4-fs: inline encryption not supported
[   91.491964][ T6616] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   91.551298][ T6582] find_entry called with index = 0
[   91.560709][ T6582] read_mapping_page failed!
[   91.565219][ T6582] ERROR: (device loop0): txCommit: 
[   91.565219][ T6582] 
[   91.613023][ T6627] netlink: 12 bytes leftover after parsing attributes in process `syz.2.244'.
[   91.641258][ T6616] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4183: comm syz.5.243: Allocating blocks 385-513 which overlap fs metadata
[   91.714731][ T6630] EXT4-fs (loop5): pa ffff88804da8c1d0: logic 16, phys. 129, len 24
[   91.723121][ T6630] EXT4-fs error (device loop5): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[   91.883212][ T5866] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   92.023666][ T6638] loop3: detected capacity change from 0 to 512
[   92.217589][ T6629] loop1: detected capacity change from 0 to 32768
[   92.257917][ T6629] 
[   92.257917][ T6629]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   92.257917][ T6629] 
[   92.333404][ T6629] JFS: metapage_get_blocks failed
[   92.340152][ T6629] ERROR: (device loop1): release_metapage: metapage_write_one() failed
[   92.340152][ T6629] 
[   92.359268][ T6629] ERROR: (device loop1): diWrite: ixpxd invalid
[   92.359268][ T6629] 
[   92.384940][ T6629] ERROR: (device loop1): txCommit: 
[   92.384940][ T6629] 
[   92.404232][ T6654] ERROR: (device loop1): diWrite: ixpxd invalid
[   92.404232][ T6654] 
[   92.433289][ T6654] ERROR: (device loop1): txCommit: 
[   92.433289][ T6654] 
[   92.541355][ T5853] 
[   92.541355][ T5853]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   92.541355][ T5853] 
[   92.574349][ T5853] 
[   92.574349][ T5853]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   92.574349][ T5853] 
[   92.685195][ T6642] loop5: detected capacity change from 0 to 32768
[   92.720675][ T6642] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.251 (6642)
[   92.782448][ T6642] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   92.812580][ T6642] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm
[   92.824300][ T6665] bond_slave_0: entered promiscuous mode
[   92.829990][ T6665] bond_slave_1: entered promiscuous mode
[   92.860928][ T6642] BTRFS info (device loop5): using free-space-tree
[   92.867800][ T6665] macsec1: entered allmulticast mode
[   92.891620][ T6665] bond0: entered allmulticast mode
[   92.897295][ T6665] bond_slave_0: entered allmulticast mode
[   92.917796][ T6665] bond_slave_1: entered allmulticast mode
[   92.954537][ T6665] bond0: left allmulticast mode
[   92.959492][ T6665] bond_slave_0: left allmulticast mode
[   92.970801][ T6665] bond_slave_1: left allmulticast mode
[   92.988182][ T6665] bond_slave_0: left promiscuous mode
[   92.993641][ T6665] bond_slave_1: left promiscuous mode
[   93.004561][ T6686] loop1: detected capacity change from 0 to 64
[   93.019938][ T6651] loop2: detected capacity change from 0 to 32768
[   93.041568][ T5866] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   93.431615][ T6698] binder: 6697:6698 ioctl c018620c 200000000100 returned -1
[   93.460881][ T6014] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   93.551621][ T6703] netlink: 44 bytes leftover after parsing attributes in process `syz.2.272'.
[   93.582362][ T6703] netlink: 43 bytes leftover after parsing attributes in process `syz.2.272'.
[   93.613822][ T6703] netlink: 'syz.2.272': attribute type 5 has an invalid length.
[   93.630445][ T6703] netlink: 43 bytes leftover after parsing attributes in process `syz.2.272'.
[   93.630542][ T6014] usb 2-1: Using ep0 maxpacket: 8
[   93.672172][ T6014] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   93.697521][ T6688] loop0: detected capacity change from 0 to 32768
[   93.705213][ T6014] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[   93.720693][ T6014] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   93.730935][ T6688] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.268 (6688)
[   93.751351][ T6014] usb 2-1: config 0 descriptor??
[   93.774391][ T6688] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   93.783965][ T6707] netlink: 4 bytes leftover after parsing attributes in process `syz.2.274'.
[   93.800587][ T6688] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm
[   93.834211][ T6688] BTRFS info (device loop0): disk space caching is enabled
[   93.844314][ T6692] loop4: detected capacity change from 0 to 32768
[   93.853462][ T6688] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[   93.883557][ T6692] XFS (loop4): DAX unsupported by block device. Turning off DAX.
[   93.904009][ T6692] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   93.958250][ T6692] XFS (loop4): Ending clean mount
[   93.967860][ T6688] BTRFS info (device loop0): rebuilding free space tree
[   93.983154][ T6014] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[   93.998366][ T6692] XFS (loop4): Quotacheck needed: Please wait.
[   94.015806][ T6688] BTRFS info (device loop0): disabling free space tree
[   94.022871][ T6688] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[   94.034567][ T6688] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[   94.040880][ T6692] XFS (loop4): Quotacheck: Done.
[   94.118750][ T5861] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   94.138466][ T6719] loop2: detected capacity change from 0 to 4096
[   94.148763][ T5850] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   94.149222][ T6719] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512).
[   94.192629][ T6014] usb 2-1: USB disconnect, device number 4
[   94.439515][ T6740] loop5: detected capacity change from 0 to 1024
[   94.459322][ T6740] EXT4-fs: Ignoring removed orlov option
[   94.491399][ T6740] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   94.551540][   T30] kauditd_printk_skb: 7 callbacks suppressed
[   94.551559][   T30] audit: type=1800 audit(1755413211.465:18): pid=6740 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.280" name="file1" dev="loop5" ino=15 res=0 errno=0
[   94.744588][ T6741] loop4: detected capacity change from 0 to 32768
[   94.744832][ T5866] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   94.788216][ T6735] loop3: detected capacity change from 0 to 32768
[   94.847587][ T6741] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[   94.847617][ T6741]   allowing incompatible features above 0.0: (unknown version)
[   94.847631][ T6741]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[   94.938382][ T6735] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,str_hash=crc32c,noacl,usrquota,grpquota,nojournal_transaction_names,allocator_stuck_timeout=256
[   94.938411][ T6735]   allowing incompatible features above 0.0: (unknown version)
[   94.938425][ T6735]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[   94.938451][ T6735] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[   94.938484][ T6735] bcachefs (loop3): initializing new filesystem
[   94.954096][ T6735] bcachefs (loop3): going read-write
[   94.980879][ T6735] bcachefs (loop3): marking superblocks
[   94.990214][ T6741] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0
[   95.030317][ T6735] bcachefs (loop3): initializing freespace
[   95.041886][ T6741] bcachefs (loop4): initializing new filesystem
[   95.059451][ T6741] bcachefs (loop4): going read-write
[   95.067152][ T6735] bcachefs (loop3): done initializing freespace
[   95.076288][ T6735] bcachefs (loop3): reading snapshots table
[   95.082291][ T6741] bcachefs (loop4): marking superblocks
[   95.084087][ T6735] bcachefs (loop3): reading snapshots done
[   95.102946][ T6741] bcachefs (loop4): initializing freespace
[   95.128275][ T6741] bcachefs (loop4): done initializing freespace
[   95.148157][ T6741] bcachefs (loop4): reading snapshots table
[   95.155311][ T6741] bcachefs (loop4): reading snapshots done
[   95.170091][ T6735] bcachefs (loop3): done starting filesystem
[   95.181088][   T24] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[   95.190353][ T6741] bcachefs (loop4): done starting filesystem
[   95.210753][ T5942] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[   95.257546][ T6792] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.265045][ T6792] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.285175][ T5856] bcachefs (loop3): shutting down
[   95.290204][ T5856] bcachefs (loop3): going read-only
[   95.303922][ T5861] bcachefs (loop4): shutting down
[   95.320371][ T5856] bcachefs (loop3): finished waiting for writes to stop
[   95.327532][ T5861] bcachefs (loop4): going read-only
[   95.332874][ T5861] bcachefs (loop4): finished waiting for writes to stop
[   95.340214][ T5856] bcachefs (loop3): flushing journal and stopping allocators, journal seq 3
[   95.355002][   T24] usb 6-1: config 0 has an invalid interface number: 128 but max is 0
[   95.364247][ T5861] bcachefs (loop4): flushing journal and stopping allocators, journal seq 2
[   95.364766][   T24] usb 6-1: config 0 has no interface number 0
[   95.396510][ T5856] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 3
[   95.402702][ T5861] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 3
[   95.406218][ T5942] usb 2-1: Using ep0 maxpacket: 16
[   95.427389][ T5942] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   95.433082][   T24] usb 6-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[   95.439333][ T5942] usb 2-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00
[   95.457917][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   95.460525][ T5861] bcachefs (loop4): clean shutdown complete, journal seq 4
[   95.473534][ T5856] bcachefs (loop3): clean shutdown complete, journal seq 4
[   95.480873][   T24] usb 6-1: Product: syz
[   95.485033][   T24] usb 6-1: Manufacturer: syz
[   95.489654][   T24] usb 6-1: SerialNumber: syz
[   95.491045][ T5856] bcachefs (loop3): marking filesystem clean
[   95.504420][ T5861] bcachefs (loop4): marking filesystem clean
[   95.514996][ T5942] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   95.518946][   T24] usb 6-1: config 0 descriptor??
[   95.541815][ T5942] usb 2-1: config 0 descriptor??
[   95.568922][ T5861] bcachefs (loop4): shutdown complete
[   95.576464][ T5856] bcachefs (loop3): shutdown complete
[   95.946120][   T24] usb 6-1: Firmware: major: 154, minor: 51, hardware type: ATUSB (1)
[   95.959664][ T5942] kye 0003:0458:5016.0001: control desc unexpectedly large
[   95.970039][ T5942] input: HID 0458:5016 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0458:5016.0001/input/input7
[   96.025527][ T6810] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   96.057422][ T5942] input: HID 0458:5016 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0458:5016.0001/input/input8
[   96.117404][ T6810] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   96.148216][   T24] usb 6-1: failed to fetch extended address, random address set
[   96.148243][ T5942] kye 0003:0458:5016.0001: input,hiddev0,hidraw0: USB HID v0.09 Device [HID 0458:5016] on usb-dummy_hcd.1-1/input0
[   96.234482][   T24] usb 6-1: USB disconnect, device number 2
[   96.339816][ T6819] loop0: detected capacity change from 0 to 256
[   96.356604][ T6819] exfat: Deprecated parameter 'utf8'
[   96.383542][ T6819] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d)
[   96.437126][ T6016] usb 2-1: USB disconnect, device number 5
[   96.660585][ T6014] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   96.690144][ T6827] loop3: detected capacity change from 0 to 32768
[   96.705697][ T6827] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[   96.760771][ T5856] ocfs2: Unmounting device (7,3) on (node local)
[   96.785318][ T6835] loop5: detected capacity change from 0 to 128
[   96.810726][ T6014] usb 3-1: Using ep0 maxpacket: 32
[   96.822973][ T6014] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   96.836265][ T6014] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   96.846640][ T6014] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[   96.856456][ T6014] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   96.866729][ T6014] usb 3-1: config 0 descriptor??
[   96.873731][ T6014] hub 3-1:0.0: USB hub found
[   97.078584][ T6014] hub 3-1:0.0: 1 port detected
[   97.131873][ T6849] Zero length message leads to an empty skb
[   97.197320][ T6851] netlink: 'syz.1.319': attribute type 21 has an invalid length.
[   97.205919][ T6851] netlink: 8 bytes leftover after parsing attributes in process `syz.1.319'.
[   97.270638][ T5942] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[   97.359137][ T6843] loop3: detected capacity change from 0 to 40427
[   97.375461][ T6843] F2FS-fs (loop3): invalid crc value
[   97.466038][ T5942] usb 6-1: config 0 has no interfaces?
[   97.479304][ T6843] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   97.482342][ T6014] usb 3-1: USB disconnect, device number 3
[   97.498886][ T5942] usb 6-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[   97.518279][ T5942] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   97.527728][ T6843] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   97.540768][ T5942] usb 6-1: Product: syz
[   97.544935][ T5942] usb 6-1: Manufacturer: syz
[   97.560575][ T5942] usb 6-1: SerialNumber: syz
[   97.571109][ T5942] usb 6-1: config 0 descriptor??
[   97.614021][ T5856] syz-executor: attempt to access beyond end of device
[   97.614021][ T5856] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   97.629765][ T5856] CPU: 1 UID: 0 PID: 5856 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT(full) 
[   97.629797][ T5856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   97.629811][ T5856] Call Trace:
[   97.629819][ T5856]  <TASK>
[   97.629828][ T5856]  dump_stack_lvl+0x189/0x250
[   97.629861][ T5856]  ? srso_alias_return_thunk+0x5/0xfbef5
[   97.629891][ T5856]  ? __pfx_dump_stack_lvl+0x10/0x10
[   97.629919][ T5856]  ? __pfx_queue_work_on+0x10/0x10
[   97.629944][ T5856]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   97.629976][ T5856]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   97.630015][ T5856]  f2fs_handle_critical_error+0x37c/0x540
[   97.630064][ T5856]  f2fs_write_end_io+0x886/0xb60
[   97.630101][ T5856]  __submit_merged_bio+0x27a/0x6a0
[   97.630139][ T5856]  __submit_merged_write_cond+0x255/0x530
[   97.630178][ T5856]  f2fs_write_data_pages+0x261d/0x3000
[   97.630215][ T5856]  ? rcu_is_watching+0x15/0xb0
[   97.630262][ T5856]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   97.630309][ T5856]  ? srso_alias_return_thunk+0x5/0xfbef5
[   97.630337][ T5856]  ? rcu_is_watching+0x15/0xb0
[   97.630379][ T5856]  ? __mod_zone_page_state+0xd7/0x140
[   97.630420][ T5856]  ? srso_alias_return_thunk+0x5/0xfbef5
[   97.630452][ T5856]  ? folios_put_refs+0x560/0x640
[   97.630487][ T5856]  ? __pfx_folios_put_refs+0x10/0x10
[   97.630513][ T5856]  ? rcu_is_watching+0x15/0xb0
[   97.630536][ T5856]  ? lru_add+0xa2f/0xd80
[   97.630561][ T5856]  ? lru_add+0x198/0xd80
[   97.630604][ T5856]  ? srso_alias_return_thunk+0x5/0xfbef5
[   97.630632][ T5856]  ? folio_batch_move_lru+0x319/0x3a0
[   97.630663][ T5856]  ? srso_alias_return_thunk+0x5/0xfbef5
[   97.630690][ T5856]  ? rcu_is_watching+0x15/0xb0
[   97.630717][ T5856]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   97.630756][ T5856]  do_writepages+0x32e/0x550
[   97.630790][ T5856]  ? srso_alias_return_thunk+0x5/0xfbef5
[   97.630817][ T5856]  ? rcu_is_watching+0x15/0xb0
[   97.630840][ T5856]  ? srso_alias_return_thunk+0x5/0xfbef5
[   97.630870][ T5856]  ? srso_alias_return_thunk+0x5/0xfbef5
[   97.630897][ T5856]  ? do_raw_spin_unlock+0x122/0x240
[   97.630932][ T5856]  filemap_fdatawrite+0x199/0x240
[   97.630966][ T5856]  ? __pfx_filemap_fdatawrite+0x10/0x10
[   97.631027][ T5856]  ? srso_alias_return_thunk+0x5/0xfbef5
[   97.631061][ T5856]  ? rcu_is_watching+0x15/0xb0
[   97.631084][ T5856]  ? srso_alias_return_thunk+0x5/0xfbef5
[   97.631115][ T5856]  ? do_raw_spin_unlock+0x122/0x240
[   97.631148][ T5856]  f2fs_sync_dirty_inodes+0x31f/0x830
[   97.631184][ T5856]  f2fs_write_checkpoint+0x95a/0x1df0
[   97.631225][ T5856]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[   97.631248][ T5856]  ? srso_alias_return_thunk+0x5/0xfbef5
[   97.631310][ T5856]  ? kill_f2fs_super+0x298/0x6c0
[   97.631337][ T5856]  kill_f2fs_super+0x2c3/0x6c0
[   97.631365][ T5856]  ? __pfx_kill_f2fs_super+0x10/0x10
[   97.631388][ T5856]  ? radix_tree_delete_item+0x2b6/0x400
[   97.631425][ T5856]  ? srso_alias_return_thunk+0x5/0xfbef5
[   97.631453][ T5856]  ? shrinker_free+0x2ce/0x3e0
[   97.631482][ T5856]  deactivate_locked_super+0xbc/0x130
[   97.631512][ T5856]  cleanup_mnt+0x425/0x4c0
[   97.631543][ T5856]  task_work_run+0x1d4/0x260
[   97.631579][ T5856]  ? __pfx_task_work_run+0x10/0x10
[   97.631611][ T5856]  ? __x64_sys_umount+0x122/0x160
[   97.631643][ T5856]  ? __pfx___x64_sys_umount+0x10/0x10
[   97.631673][ T5856]  ? srso_alias_return_thunk+0x5/0xfbef5
[   97.631703][ T5856]  ? srso_alias_return_thunk+0x5/0xfbef5
[   97.631731][ T5856]  ? rcu_is_watching+0x15/0xb0
[   97.631757][ T5856]  exit_to_user_mode_loop+0xec/0x110
[   97.631793][ T5856]  do_syscall_64+0x2bd/0x3b0
[   97.631828][ T5856]  ? srso_alias_return_thunk+0x5/0xfbef5
[   97.631857][ T5856]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.631880][ T5856]  ? srso_alias_return_thunk+0x5/0xfbef5
[   97.631907][ T5856]  ? exc_page_fault+0x9f/0xf0
[   97.631940][ T5856]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.631964][ T5856] RIP: 0033:0x7fa5fe18ff17
[   97.631984][ T5856] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   97.632004][ T5856] RSP: 002b:00007ffe40285fe8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   97.632029][ T5856] RAX: 0000000000000000 RBX: 00007fa5fe211c05 RCX: 00007fa5fe18ff17
[   97.632053][ T5856] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe402860a0
[   97.632068][ T5856] RBP: 00007ffe402860a0 R08: 0000000000000000 R09: 0000000000000000
[   97.632084][ T5856] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe40287130
[   97.632100][ T5856] R13: 00007fa5fe211c05 R14: 0000000000017d29 R15: 00007ffe40287170
[   97.632130][ T5856]  </TASK>
[   98.081567][ T5856] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[   98.151203][ T5942] usb 6-1: USB disconnect, device number 3
[   98.179169][ T6874] loop4: detected capacity change from 0 to 8
[   98.195247][ T6874] SQUASHFS error: Failed to read block 0x4de: -5
[   98.211524][ T6874] SQUASHFS error: Failed to read block 0x4de: -5
[   98.218257][   T30] audit: type=1800 audit(1755413215.125:19): pid=6874 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.328" name="file1" dev="loop4" ino=5 res=0 errno=0
[   98.286420][ T6876] netlink: 36 bytes leftover after parsing attributes in process `syz.4.329'.
[   98.296626][ T6876] netlink: 36 bytes leftover after parsing attributes in process `syz.4.329'.
[   98.374533][ T6878] loop4: detected capacity change from 0 to 2048
[   98.384194][ T6878] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=18576, location=18576
[   98.398813][ T6878] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[   98.494702][   T30] audit: type=1326 audit(1755413215.405:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6879 comm="syz.2.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95da18ebe9 code=0x7ffc0000
[   98.533894][ T6872] loop0: detected capacity change from 0 to 65536
[   98.542182][   T30] audit: type=1326 audit(1755413215.425:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6879 comm="syz.2.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95da18ebe9 code=0x7ffc0000
[   98.565062][   T30] audit: type=1326 audit(1755413215.435:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6879 comm="syz.2.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f95da18ebe9 code=0x7ffc0000
[   98.588141][   T30] audit: type=1326 audit(1755413215.435:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6879 comm="syz.2.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95da18ebe9 code=0x7ffc0000
[   98.611755][   T30] audit: type=1326 audit(1755413215.435:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6879 comm="syz.2.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95da18ebe9 code=0x7ffc0000
[   98.634994][   T30] audit: type=1326 audit(1755413215.435:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6879 comm="syz.2.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f95da18ebe9 code=0x7ffc0000
[   98.657933][   T30] audit: type=1326 audit(1755413215.435:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6879 comm="syz.2.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95da18ebe9 code=0x7ffc0000
[   98.684117][   T30] audit: type=1326 audit(1755413215.435:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6879 comm="syz.2.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95da18ebe9 code=0x7ffc0000
[   98.686217][ T6872] XFS (loop0): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[   98.725294][ T6889] netlink: 20 bytes leftover after parsing attributes in process `syz.2.333'.
[   98.790805][ T6891] netlink: 65039 bytes leftover after parsing attributes in process `syz.1.334'.
[   98.815015][ T6889] bond0: option coupled_control: mode dependency failed, not supported in mode balance-rr(0)
[   98.817544][ T6872] XFS (loop0): Ending clean mount
[   98.840796][ T6898] netlink: 8 bytes leftover after parsing attributes in process `syz.5.336'.
[   98.916341][ T6872] XFS (loop0): Quotacheck needed: Please wait.
[   98.972393][ T6904] loop2: detected capacity change from 0 to 128
[   98.982953][ T6872] XFS (loop0): Quotacheck: Done.
[   99.082700][   T24] hid-generic 0005:0C45:1010.0002: item fetching failed at offset 0/1
[   99.115146][   T24] hid-generic 0005:0C45:1010.0002: probe with driver hid-generic failed with error -22
[   99.234646][ T6921] loop2: detected capacity change from 0 to 512
[   99.258159][ T6921] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   99.324953][ T6925] loop4: detected capacity change from 0 to 2048
[   99.332552][ T6921] EXT4-fs (loop2): 1 truncate cleaned up
[   99.362091][ T6921] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   99.398047][ T6925] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   99.429771][ T6925] EXT4-fs error (device loop4): ext4_read_inline_dir:1476: inode #12: block 9: comm syz.4.347: path /41/file0/file0: bad entry in directory: rec_len % 4 != 0 - offset=24, inode=13, rec_len=21, size=80 fake=0
[   99.547066][ T5859] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   99.555281][ T5850] XFS (loop0): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[   99.597292][ T5861] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   99.625873][ T6937] misc userio: Invalid payload size
[   99.807783][ T6944] loop5: detected capacity change from 0 to 65
[   99.829968][ T6944] BFS-fs: bfs_fill_super(): NOTE: filesystem loop5 was created with 512 inodes, the real maximum is 511, mounting anyway
[   99.882954][ T6944] BFS-fs: bfs_fill_super(): Inode 0x00000002 corrupted on loop5
[   99.956726][ T6949] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  100.011109][   T24] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  100.092343][ T6933] loop1: detected capacity change from 0 to 32768
[  100.150552][ T5942] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  100.173439][ T6933] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=crc64,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,recovery_pass_last=set_may_go_rw,reconstruct_alloc,no_data_io
[  100.173466][ T6933]   allowing incompatible features above 0.0: (unknown version)
[  100.173480][ T6933]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  100.173513][   T24] usb 5-1: Using ep0 maxpacket: 32
[  100.224238][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  100.235295][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  100.245213][   T24] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  100.259250][   T24] usb 5-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[  100.268331][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  100.280962][ T6933] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0
[  100.289700][   T24] usb 5-1: config 0 descriptor??
[  100.294882][ T6933] bcachefs (loop1): recovering from clean shutdown, journal seq 10
[  100.306417][ T6933] bcachefs (loop1): Version upgrade required:
[  100.306417][ T6933] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  100.306417][ T6933] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive
[  100.306417][ T6933]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance
[  100.380947][ T5942] usb 1-1: Using ep0 maxpacket: 16
[  100.420790][ T5942] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  100.432052][ T5942] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  100.439683][ T6933] bcachefs (loop1): dropping and reconstructing all alloc info
[  100.450621][ T5942] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  100.476461][ T6933] bcachefs (loop1): accounting_read... done
[  100.480598][ T5942] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  100.484434][ T6933] bcachefs (loop1): alloc_read... done
[  100.518619][ T6933] bcachefs (loop1): snapshots_read... done
[  100.523548][ T5942] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  100.528403][ T6944] loop5: detected capacity change from 0 to 32768
[  100.539812][ T6933] bcachefs (loop1): check_allocations...
[  100.555175][ T5942] usb 1-1: config 0 descriptor??
[  100.556367][ T6933]  done
[  100.571596][ T6944] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.355 (6944)
[  100.585812][ T6933] bcachefs (loop1): going read-write
[  100.598578][ T6944] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  100.614048][ T6933] bcachefs (loop1): done starting filesystem
[  100.622229][ T6944] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm
[  100.642975][ T6933] bcachefs (loop1): inode 536870913 truncated to 0 but i_blocks 24 (ondisk 24)
[  100.647982][   T12] bcachefs (loop1): bucket incorrectly unset in freespace btree
[  100.652081][ T6944] BTRFS info (device loop5): using free-space-tree
[  100.677831][   T12]   u64s 5 type deleted 0:30:0 len 0 ver 0, , continuing
[  100.696525][ T5853] bcachefs (loop1): shutting down
[  100.704049][   T12] bcachefs (loop1): bucket incorrectly unset in freespace btree
[  100.704066][   T12]   u64s 5 type deleted 0:29:0 len 0 ver 0, , continuing
[  100.715207][ T5853] bcachefs (loop1): going read-only
[  100.715239][ T5853] bcachefs (loop1): finished waiting for writes to stop
[  100.717511][   T24] hid (null): unknown global tag 0xc
[  100.717532][   T24] hid (null): invalid report_size 1853668426
[  100.717580][   T24] hid (null): report_id 56152 is invalid
[  100.717597][   T24] hid (null): invalid report_count 927939214
[  100.717614][   T24] hid (null): global environment stack underflow
[  100.733982][ T6951] loop3: detected capacity change from 0 to 32768
[  100.749756][   T12] bcachefs (loop1): bucket incorrectly unset in freespace btree
[  100.756707][   T24] input: HID 0458:5011 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0458:5011.0003/input/input9
[  100.767436][   T12]   u64s 5 type deleted 0:33:0 len 0 ver 0, , continuing
[  100.792825][ T5853] bcachefs (loop1): flushing journal and stopping allocators, journal seq 11
[  100.819426][   T24] input: HID 0458:5011 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0458:5011.0003/input/input10
[  100.851020][   T24] kye 0003:0458:5011.0003: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.4-1/input0
[  100.880947][ T6944] BTRFS info (device loop5): rebuilding free space tree
[  100.906669][ T1162] bcachefs (loop1): bucket incorrectly unset in freespace btree
[  100.906688][ T1162]   u64s 5 type deleted 0:43:0 len 0 ver 0, , continuing
[  100.939092][ T6951] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,metadata_target=invalid label 246,noinodes_use_key_cache,journal_flush_delay=3,journal_reclaim_delay=1000,nocow
[  100.939123][ T6951]   allowing incompatible features above 0.0: (unknown version)
[  100.939156][ T6951]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  100.939182][ T6951] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[  100.939213][ T6951] bcachefs (loop3): initializing new filesystem
[  100.946198][ T6951] bcachefs (loop3): going read-write
[  100.996672][   T24] usb 5-1: USB disconnect, device number 2
[  101.031290][ T5853] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 11
[  101.041633][ T6951] bcachefs (loop3): marking superblocks
[  101.043451][ T5942] microsoft 0003:045E:07DA.0004: unknown main item tag 0x1
[  101.056217][ T5942] microsoft 0003:045E:07DA.0004: report is too long
[  101.063302][ T5942] microsoft 0003:045E:07DA.0004: item 0 2 0 11 parsing failed
[  101.063353][ T5853] bcachefs (loop1): unclean shutdown complete, journal seq 12
[  101.071581][ T5942] microsoft 0003:045E:07DA.0004: parse failed
[  101.086894][ T5942] microsoft 0003:045E:07DA.0004: probe with driver microsoft failed with error -22
[  101.108143][ T6964] loop2: detected capacity change from 0 to 40427
[  101.108526][ T6951] bcachefs (loop3): initializing freespace
[  101.122102][ T6964] F2FS-fs (loop2): invalid crc value
[  101.126548][ T5866] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  101.128495][ T5853] bcachefs (loop1): done going read-only, filesystem not clean
[  101.141021][ T6951] bcachefs (loop3): done initializing freespace
[  101.164706][ T6951] bcachefs (loop3): reading snapshots table
[  101.185170][ T6951] bcachefs (loop3): reading snapshots done
[  101.200171][ T6964] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  101.215130][ T6964] F2FS-fs (loop2): Start checkpoint disabled!
[  101.229239][ T6951] bcachefs (loop3): done starting filesystem
[  101.233271][ T5853] bcachefs (loop1): shutdown complete
[  101.265216][ T6964] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  101.289516][ T3529] usb 1-1: USB disconnect, device number 3
[  101.372257][ T6951] bcachefs (loop3): going read-only
[  101.390320][ T6951] bcachefs (loop3): finished waiting for writes to stop
[  101.403405][ T6951] bcachefs (loop3): flushing journal and stopping allocators, journal seq 6
[  101.413522][ T1162] kworker/u8:7: attempt to access beyond end of device
[  101.413522][ T1162] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  101.444533][ T6951] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 7
[  101.455131][ T1162] CPU: 1 UID: 0 PID: 1162 Comm: kworker/u8:7 Not tainted 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT(full) 
[  101.455164][ T1162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  101.455180][ T1162] Workqueue: writeback wb_workfn (flush-7:2)
[  101.455216][ T1162] Call Trace:
[  101.455225][ T1162]  <TASK>
[  101.455237][ T1162]  dump_stack_lvl+0x189/0x250
[  101.455269][ T1162]  ? srso_alias_return_thunk+0x5/0xfbef5
[  101.455299][ T1162]  ? __pfx_dump_stack_lvl+0x10/0x10
[  101.455327][ T1162]  ? __pfx_queue_work_on+0x10/0x10
[  101.455351][ T1162]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  101.455384][ T1162]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  101.455423][ T1162]  f2fs_handle_critical_error+0x37c/0x540
[  101.455462][ T1162]  f2fs_write_end_io+0x886/0xb60
[  101.455497][ T1162]  __submit_merged_bio+0x27a/0x6a0
[  101.455534][ T1162]  __submit_merged_write_cond+0x255/0x530
[  101.455571][ T1162]  f2fs_write_data_pages+0x261d/0x3000
[  101.455629][ T1162]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  101.455672][ T1162]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  101.455719][ T1162]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  101.455761][ T1162]  ? trace_f2fs_writepages+0x7f/0x200
[  101.455794][ T1162]  ? f2fs_write_node_pages+0x478/0x6e0
[  101.455821][ T1162]  ? xa_load+0x60/0x210
[  101.455860][ T1162]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  101.455890][ T1162]  ? do_raw_spin_lock+0x121/0x290
[  101.455922][ T1162]  ? rcu_is_watching+0x15/0xb0
[  101.455945][ T1162]  ? set_shrinker_bit+0x7c/0x350
[  101.455970][ T1162]  ? srso_alias_return_thunk+0x5/0xfbef5
[  101.456000][ T1162]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  101.456043][ T1162]  do_writepages+0x32e/0x550
[  101.456076][ T1162]  ? unwind_next_frame+0xa5/0x2390
[  101.456111][ T1162]  ? srso_alias_return_thunk+0x5/0xfbef5
[  101.456144][ T1162]  __writeback_single_inode+0x145/0xff0
[  101.456177][ T1162]  ? srso_alias_return_thunk+0x5/0xfbef5
[  101.456205][ T1162]  ? do_raw_spin_unlock+0x122/0x240
[  101.456238][ T1162]  writeback_sb_inodes+0x6c7/0x1010
[  101.456278][ T1162]  ? srso_alias_return_thunk+0x5/0xfbef5
[  101.456306][ T1162]  ? fprop_reflect_period_percpu+0x6b/0x330
[  101.456345][ T1162]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  101.456403][ T1162]  ? srso_alias_return_thunk+0x5/0xfbef5
[  101.456430][ T1162]  ? rcu_is_watching+0x15/0xb0
[  101.456453][ T1162]  ? srso_alias_return_thunk+0x5/0xfbef5
[  101.456486][ T1162]  wb_writeback+0x43b/0xaf0
[  101.456520][ T1162]  ? queue_io+0x3c1/0x590
[  101.456551][ T1162]  ? __pfx_wb_writeback+0x10/0x10
[  101.456586][ T1162]  ? rcu_is_watching+0x15/0xb0
[  101.456613][ T1162]  wb_workfn+0x409/0xef0
[  101.456648][ T1162]  ? __pfx_wb_workfn+0x10/0x10
[  101.456671][ T1162]  ? srso_alias_return_thunk+0x5/0xfbef5
[  101.456697][ T1162]  ? rcu_is_watching+0x15/0xb0
[  101.456722][ T1162]  ? srso_alias_return_thunk+0x5/0xfbef5
[  101.456749][ T1162]  ? rcu_is_watching+0x15/0xb0
[  101.456772][ T1162]  ? srso_alias_return_thunk+0x5/0xfbef5
[  101.456803][ T1162]  ? srso_alias_return_thunk+0x5/0xfbef5
[  101.456830][ T1162]  ? rcu_is_watching+0x15/0xb0
[  101.456853][ T1162]  ? srso_alias_return_thunk+0x5/0xfbef5
[  101.456880][ T1162]  ? lock_acquire+0x5f/0x360
[  101.456914][ T1162]  ? srso_alias_return_thunk+0x5/0xfbef5
[  101.456943][ T1162]  ? rcu_is_watching+0x15/0xb0
[  101.456965][ T1162]  ? process_scheduled_works+0x9ef/0x17b0
[  101.456992][ T1162]  ? process_scheduled_works+0x9ef/0x17b0
[  101.457016][ T1162]  process_scheduled_works+0xae1/0x17b0
[  101.457077][ T1162]  ? __pfx_process_scheduled_works+0x10/0x10
[  101.457114][ T1162]  ? srso_alias_return_thunk+0x5/0xfbef5
[  101.457148][ T1162]  worker_thread+0x8a0/0xda0
[  101.457173][ T1162]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  101.457208][ T1162]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  101.457239][ T1162]  ? __kthread_parkme+0x7b/0x200
[  101.457272][ T1162]  kthread+0x711/0x8a0
[  101.457309][ T1162]  ? __pfx_worker_thread+0x10/0x10
[  101.457333][ T1162]  ? __pfx_kthread+0x10/0x10
[  101.457360][ T1162]  ? srso_alias_return_thunk+0x5/0xfbef5
[  101.457389][ T1162]  ? srso_alias_return_thunk+0x5/0xfbef5
[  101.457417][ T1162]  ? rcu_is_watching+0x15/0xb0
[  101.457440][ T1162]  ? __pfx_kthread+0x10/0x10
[  101.457471][ T1162]  ret_from_fork+0x3fc/0x770
[  101.457497][ T1162]  ? __pfx_ret_from_fork+0x10/0x10
[  101.457525][ T1162]  ? __switch_to_asm+0x39/0x70
[  101.457555][ T1162]  ? __switch_to_asm+0x33/0x70
[  101.457585][ T1162]  ? __pfx_kthread+0x10/0x10
[  101.457615][ T1162]  ret_from_fork_asm+0x1a/0x30
[  101.457658][ T1162]  </TASK>
[  101.458893][ T1162] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  101.460703][ T6951] bcachefs (loop3): clean shutdown complete, journal seq 8
[  101.620851][   T24] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  101.706268][ T6951] bcachefs (loop3): marking filesystem clean
[  101.870640][   T24] usb 6-1: Using ep0 maxpacket: 8
[  101.910033][ T7005] loop4: detected capacity change from 0 to 2048
[  101.988105][ T7006] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  102.029642][ T5856] bcachefs (loop3): shutting down
[  102.052762][   T24] usb 6-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  102.064112][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  102.072883][   T24] usb 6-1: Product: syz
[  102.078163][   T24] usb 6-1: Manufacturer: syz
[  102.094087][ T5856] bcachefs (loop3): shutdown complete
[  102.104024][   T24] usb 6-1: SerialNumber: syz
[  102.128509][   T24] usb 6-1: config 0 descriptor??
[  102.153438][   T24] gspca_main: se401-2.14.0 probing 047d:5003
[  102.205145][ T7014] loop0: detected capacity change from 0 to 512
[  102.213506][ T7014] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  102.240909][ T7014] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:169: inode #17: comm syz.0.372: inline data xattr refers to an external xattr inode
[  102.259999][ T7014] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.372: couldn't read orphan inode 17 (err -117)
[  102.272206][ T3529] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  102.285962][ T7014] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  102.291719][ T7018] netlink: 'syz.4.373': attribute type 4 has an invalid length.
[  102.337688][ T7021] batadv0: entered allmulticast mode
[  102.346745][ T7014] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  102.429861][ T5850] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.431022][ T3529] usb 2-1: Using ep0 maxpacket: 32
[  102.465808][ T3529] usb 2-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7
[  102.475264][ T3529] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  102.507256][ T3529] usb 2-1: config 0 descriptor??
[  102.523797][ T3529] gspca_main: sq930x-2.14.0 probing 041e:403c
[  102.549852][   T24] gspca_se401: ExtraFeatures: 117
[  102.555606][   T24] gspca_se401: Too many frame sizes
[  102.758468][ T6014] usb 6-1: USB disconnect, device number 4
[  102.770290][ T7041] loop2: detected capacity change from 0 to 4096
[  102.796433][ T7041] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  102.817461][ T7041] ntfs3(loop2): Failed to load $Extend (-22).
[  102.824807][ T7041] ntfs3(loop2): Failed to initialize $Extend.
[  103.361129][ T3529] gspca_sq930x: reg_w 0105 bf00 failed -71
[  103.430606][ T3529] sq930x 2-1:0.0: probe with driver sq930x failed with error -71
[  103.447713][ T3529] usb 2-1: USB disconnect, device number 6
[  103.553188][ T7072] loop5: detected capacity change from 0 to 512
[  103.577881][ T7072] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  103.591287][ T7072] ext4 filesystem being mounted at /51/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  103.635360][   T30] kauditd_printk_skb: 3 callbacks suppressed
[  103.635380][   T30] audit: type=1800 audit(1755413220.545:31): pid=7072 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.396" name="file2" dev="loop5" ino=16 res=0 errno=0
[  103.718449][ T5866] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  103.859912][ T7085] loop2: detected capacity change from 0 to 1024
[  104.103323][   T12] hfsplus: b-tree write err: -5, ino 4
[  104.111569][ T5177] Bluetooth: hci5: command 0x0405 tx timeout
[  104.300374][ T7078] loop0: detected capacity change from 0 to 32768
[  104.331246][ T7078] BTRFS warning: excessive commit interval 2147483647, use with care
[  104.377380][ T7078] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.398 (7078)
[  104.427215][ T7100] lo speed is unknown, defaulting to 1000
[  104.477240][ T7101] loop5: detected capacity change from 0 to 512
[  104.493782][ T7100] lo speed is unknown, defaulting to 1000
[  104.503184][ T7078] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  104.527242][ T7100] lo speed is unknown, defaulting to 1000
[  104.536960][ T7101] EXT4-fs: Ignoring removed mblk_io_submit option
[  104.542748][ T7078] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm
[  104.552007][ T7078] BTRFS info (device loop0): disk space caching is enabled
[  104.560232][ T7078] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  104.577561][ T7100] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  104.600768][ T7101] EXT4-fs: Ignoring removed bh option
[  104.608133][ T7100] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  104.633015][ T7101] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  104.640708][ T7100] lo speed is unknown, defaulting to 1000
[  104.649967][ T7100] lo speed is unknown, defaulting to 1000
[  104.662120][ T7100] lo speed is unknown, defaulting to 1000
[  104.668730][ T7100] lo speed is unknown, defaulting to 1000
[  104.676375][ T7100] lo speed is unknown, defaulting to 1000
[  104.683104][ T7100] lo speed is unknown, defaulting to 1000
[  104.711201][ T7078] BTRFS info (device loop0): rebuilding free space tree
[  104.781253][ T7101] EXT4-fs (loop5): 1 truncate cleaned up
[  104.787836][ T7101] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  104.813087][ T7078] BTRFS info (device loop0): disabling free space tree
[  104.833190][ T7078] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  104.892702][ T7078] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  105.123606][ T7120] loop2: detected capacity change from 0 to 32768
[  105.158120][ T5850] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  105.337545][ T7120] bcachefs (loop2): starting version 1.13: inode_has_child_snapshots opts=metadata_checksum=none,data_checksum=none,compression=lz4
[  105.337571][ T7120]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  105.354155][ T5866] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.402153][ T7120] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[  105.411250][ T7120] bcachefs (loop2): recovering from clean shutdown, journal seq 8
[  105.419267][ T7120] bcachefs (loop2): Doing compatible version upgrade from 1.13: inode_has_child_snapshots to 1.28: inode_has_case_insensitive
[  105.419267][ T7120]   running recovery passes: check_allocations,check_extents_to_backpointers,check_inodes
[  105.491718][ T7120] bcachefs (loop2): error reading btree root btree=accounting level=0: btree_node_read_error, fixing
[  105.539718][ T7120] bcachefs (loop2): check_topology... done
[  105.644494][ T7120] bcachefs (loop2): accounting_read... done
[  105.680807][ T7120] bcachefs (loop2): alloc_read... done
[  105.710908][ T7120] bcachefs (loop2): snapshots_read...
[  105.717613][ T7152] loop5: detected capacity change from 0 to 4096
[  105.732290][ T7120]  done
[  105.735053][ T7120] bcachefs (loop2): check_allocations...
[  105.744691][ T7120] bcachefs (loop2): bucket 0:79 gen 0 has wrong data_type: got btree, should be need_discard, fixing
[  105.777263][ T7120] bcachefs (loop2): bucket 0:79 gen 0 data type need_discard has wrong dirty_sectors: got 64, should be 0, fixing
[  105.814844][ T7120]  done
[  105.839311][ T7120] bcachefs (loop2): going read-write
[  105.905984][ T7120] bcachefs (loop2): journal_replay...
[  105.915918][ T7171] loop4: detected capacity change from 0 to 512
[  105.955608][ T7171] EXT4-fs (loop4): Test dummy encryption mode enabled
[  105.970507][ T7171] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  106.023625][ T7120]  done
[  106.039421][ T7120] bcachefs (loop2): check_lrus...
[  106.041835][ T7171] EXT4-fs error (device loop4): xattr_find_entry:333: inode #15: comm syz.4.427: corrupted xattr entries
[  106.060390][ T7120]  done
[  106.063212][ T7120] bcachefs (loop2): check_backpointers_to_extents... done
[  106.075892][ T7120] bcachefs (loop2): check_extents_to_backpointers...
[  106.084772][ T7171] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  106.110712][ T7120]  done
[  106.137200][ T7120] bcachefs (loop2): check_inodes...
[  106.138431][ T7171] EXT4-fs (loop4): 1 orphan inode deleted
[  106.150550][ T7120]  done
[  106.151515][ T7171] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  106.153340][ T7120] bcachefs (loop2): resume_logged_ops... done
[  106.197659][ T7120] bcachefs (loop2): delete_dead_inodes... done
[  106.214687][ T7120] bcachefs (loop2): Fixed errors, running fsck a second time to verify fs is clean
[  106.237349][ T7160] loop0: detected capacity change from 0 to 32768
[  106.246224][ T7120] bcachefs (loop2): check_extents_to_backpointers...
[  106.247696][ T7120] bcachefs (loop2): scanning for missing backpointers in 1/512 buckets
[  106.255428][ T7164] loop1: detected capacity change from 0 to 32768
[  106.285412][ T7120]  done
[  106.292034][ T7171] fscrypt: AES-256-XTS using implementation "xts-aes-vaes-avx2"
[  106.293418][ T7120] bcachefs (loop2): check_inodes...
[  106.307058][ T7178] loop3: detected capacity change from 0 to 4096
[  106.312978][ T7164] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.425 (7164)
[  106.320581][ T3529] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  106.342353][   T30] audit: type=1800 audit(1755413223.225:32): pid=7171 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.427" name="file2" dev="loop4" ino=15 res=0 errno=0
[  106.366011][ T7120]  done
[  106.368797][ T7120] bcachefs (loop2): resume_logged_ops...
[  106.375320][ T7164] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  106.391745][ T7120]  done
[  106.394514][ T7120] bcachefs (loop2): delete_dead_inodes... done
[  106.395355][ T7164] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  106.410541][ T7120] bcachefs (loop2): done starting filesystem
[  106.417841][ T7164] BTRFS info (device loop1): using free-space-tree
[  106.421729][ T5861] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.494258][ T3529] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  106.514446][ T3529] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  106.528628][ T3529] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  106.530387][   T30] audit: type=1800 audit(1755413223.435:33): pid=7120 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.409" name="file1" dev="loop2" ino=4101 res=0 errno=0
[  106.539225][ T3529] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  106.567979][ T3529] usb 6-1: SerialNumber: syz
[  106.641797][ T7120] syz.2.409 (7120) used greatest stack depth: 14352 bytes left
[  106.680851][ T5859] bcachefs (loop2): shutting down
[  106.686102][ T5859] bcachefs (loop2): going read-only
[  106.694997][ T5853] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  106.705451][ T5859] bcachefs (loop2): finished waiting for writes to stop
[  106.744882][ T5859] bcachefs (loop2): flushing journal and stopping allocators, journal seq 19
[  106.764171][ T7204] loop3: detected capacity change from 0 to 128
[  106.772647][ T5859] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 20
[  106.788999][ T3529] usb 6-1: 0:2 : does not exist
[  106.799172][ T3529] usb 6-1: unit 1 not found!
[  106.799467][ T7204] syz.3.437: attempt to access beyond end of device
[  106.799467][ T7204] loop3: rw=2049, sector=138, nr_sectors = 2 limit=128
[  106.817123][ T3529] usb 6-1: USB disconnect, device number 5
[  106.829601][ T7204] syz.3.437: attempt to access beyond end of device
[  106.829601][ T7204] loop3: rw=2049, sector=138, nr_sectors = 2 limit=128
[  106.852357][ T5859] bcachefs (loop2): clean shutdown complete, journal seq 21
[  106.860157][ T5859] bcachefs (loop2): marking filesystem clean
[  106.910098][ T7209] loop0: detected capacity change from 0 to 1024
[  106.925368][ T7211] loop4: detected capacity change from 0 to 512
[  106.935531][ T7209] EXT4-fs: Ignoring removed bh option
[  106.935845][ T5859] bcachefs (loop2): shutdown complete
[  106.945312][ T7211] EXT4-fs (loop4): Test dummy encryption mode enabled
[  106.972680][ T7211] EXT4-fs error (device loop4): __ext4_iget:5464: inode #11: block 1: comm syz.4.441: invalid block
[  106.994692][ T7209] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  107.007641][ T7211] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.441: couldn't read orphan inode 11 (err -117)
[  107.022353][ T7209] EXT4-fs error (device loop0): mb_free_blocks:2017: group 0, inode 15: block 177:freeing already freed block (bit 11); block bitmap corrupt.
[  107.037224][ T7209] EXT4-fs (loop0): Remounting filesystem read-only
[  107.056731][ T7211] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  107.107946][ T5850] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.153852][ T7211] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni"
[  107.170192][ T7220] openvswitch: netlink: Multiple metadata blocks provided
[  107.230849][ T7211] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 216 vs 220 free clusters
[  107.364029][ T5861] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.582713][ T7238] loop1: detected capacity change from 0 to 64
[  107.590424][ T7237] netlink: 27 bytes leftover after parsing attributes in process `syz.3.452'.
[  107.776491][ T7243] loop3: detected capacity change from 0 to 512
[  107.813443][ T7243] EXT4-fs: Ignoring removed orlov option
[  107.848362][ T7243] EXT4-fs error (device loop3): ext4_iget_extra_inode:5104: inode #15: comm syz.3.455: corrupted in-inode xattr: invalid ea_ino
[  107.894842][ T7244] loop1: detected capacity change from 0 to 4096
[  107.902478][ T7243] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.455: couldn't read orphan inode 15 (err -117)
[  107.924704][ T7244] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512).
[  107.934517][ T7223] loop0: detected capacity change from 0 to 131072
[  107.946696][ T7223] F2FS-fs (loop0): Test dummy encryption mode enabled
[  107.957180][ T7223] F2FS-fs (loop0): invalid crc value
[  107.999604][ T7223] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  108.011500][ T7243] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  108.011546][ T7223] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  108.123206][   T30] audit: type=1800 audit(1755413225.015:34): pid=7223 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.444" name="file1" dev="loop0" ino=10 res=0 errno=0
[  108.166350][ T7244] ntfs3(loop1): ino=1d, mi_enum_attr
[  108.189355][ T5856] EXT4-fs error (device loop3): htree_dirblock_to_tree:1080: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0
[  108.200934][ T7244] ntfs3(loop1): ino=1d, mi_enum_attr
[  108.224303][ T7244] ntfs3(loop1): ino=1d, mi_enum_attr
[  108.252344][ T5856] EXT4-fs error (device loop3): ext4_lookup:1791: inode #2: comm syz-executor: deleted inode referenced: 15
[  108.297402][ T5856] EXT4-fs error (device loop3): ext4_lookup:1791: inode #2: comm syz-executor: deleted inode referenced: 15
[  108.447260][ T7258] geneve2: entered promiscuous mode
[  108.471182][ T7258] geneve2: entered allmulticast mode
[  108.495889][ T7255] loop4: detected capacity change from 0 to 32768
[  108.519159][ T7255] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.458 (7255)
[  108.535330][ T7255] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  108.561637][ T7255] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  108.580390][ T7255] BTRFS info (device loop4): using free-space-tree
[  108.679663][ T7127] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  108.704398][ T7255] BTRFS info (device loop4): rebuilding free space tree
[  108.880105][ T7280] overlayfs: missing 'workdir'
[  108.928658][   T49] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  108.975935][ T5861] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  109.025165][   T49] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  109.107026][   T49] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  109.215866][   T49] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  109.253749][ T7292] netlink: 40 bytes leftover after parsing attributes in process `syz.5.471'.
[  109.426246][   T49] bridge_slave_1: left allmulticast mode
[  109.436364][   T49] bridge_slave_1: left promiscuous mode
[  109.460689][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.476904][ T7297] loop5: detected capacity change from 0 to 512
[  109.521263][   T49] bridge_slave_0: left allmulticast mode
[  109.526948][   T49] bridge_slave_0: left promiscuous mode
[  109.542833][ T7297] EXT4-fs error (device loop5): ext4_iget_extra_inode:5104: inode #15: comm syz.5.473: corrupted in-inode xattr: invalid ea_ino
[  109.572935][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.583125][ T5177] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  109.594433][ T5177] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  109.605954][ T7297] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.473: couldn't read orphan inode 15 (err -117)
[  109.610522][ T5177] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  109.648342][ T5177] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  109.658179][ T5177] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  109.666378][ T7297] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  109.802971][ T5866] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.906426][ T7291] loop0: detected capacity change from 0 to 40427
[  109.940208][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  109.972983][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  109.987474][ T7293] loop4: detected capacity change from 0 to 40427
[  109.997535][ T7293] F2FS-fs (loop4): Image doesn't support compression
[  109.998360][ T7291] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  110.004508][ T7293] F2FS-fs (loop4): build fault injection rate: 19
[  110.015130][   T49] bond0 (unregistering): Released all slaves
[  110.023479][ T7293] F2FS-fs (loop4): build fault injection type: 0x3bfe8c
[  110.036414][ T7293] F2FS-fs (loop4): invalid crc value
[  110.048793][ T7291] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  110.075996][ T7293] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970
[  110.123938][ T7320] loop5: detected capacity change from 0 to 256
[  110.229025][ T7293] F2FS-fs (loop4): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x20a/0x3f0
[  110.238623][ T5850] syz-executor: attempt to access beyond end of device
[  110.238623][ T5850] loop0: rw=2051, sector=77824, nr_sectors = 8 limit=40427
[  110.242620][ T7293] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  110.265891][ T5850] F2FS-fs (loop0): Issue discard(9728, 9728, 1) failed, ret: -5
[  110.305263][ T7293] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  110.354923][ T7293] F2FS-fs (loop4): inject no more block in inc_valid_node_count of f2fs_new_node_folio+0x18b/0xa40
[  110.498261][    C1] F2FS-fs (loop4): inject write IO error in f2fs_write_end_io of blk_update_request+0x57e/0xe60
[  110.508823][    C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT(full) 
[  110.508854][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  110.508869][    C1] Call Trace:
[  110.508878][    C1]  <TASK>
[  110.508888][    C1]  dump_stack_lvl+0x189/0x250
[  110.508921][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  110.508952][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  110.508980][    C1]  ? __pfx_queue_work_on+0x10/0x10
[  110.509006][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  110.509037][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  110.509075][    C1]  f2fs_handle_critical_error+0x37c/0x540
[  110.509113][    C1]  f2fs_write_end_io+0x886/0xb60
[  110.509145][    C1]  blk_update_request+0x57e/0xe60
[  110.509182][    C1]  blk_mq_end_request+0x3e/0x70
[  110.509211][    C1]  blk_done_softirq+0x10a/0x160
[  110.509238][    C1]  handle_softirqs+0x286/0x870
[  110.509264][    C1]  ? run_ksoftirqd+0x9b/0x100
[  110.509294][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  110.509316][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  110.509343][    C1]  ? rcu_is_watching+0x15/0xb0
[  110.509368][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  110.509390][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  110.509420][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  110.509441][    C1]  run_ksoftirqd+0x9b/0x100
[  110.509468][    C1]  ? __pfx_run_ksoftirqd+0x10/0x10
[  110.509499][    C1]  smpboot_thread_fn+0x542/0xa60
[  110.509523][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  110.509550][    C1]  kthread+0x711/0x8a0
[  110.509581][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  110.509604][    C1]  ? __pfx_kthread+0x10/0x10
[  110.509631][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  110.509661][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  110.509689][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  110.509717][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  110.509747][    C1]  ? __pfx_kthread+0x10/0x10
[  110.509777][    C1]  ret_from_fork+0x3fc/0x770
[  110.509813][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  110.509840][    C1]  ? __switch_to_asm+0x39/0x70
[  110.509872][    C1]  ? __switch_to_asm+0x33/0x70
[  110.509902][    C1]  ? __pfx_kthread+0x10/0x10
[  110.509931][    C1]  ret_from_fork_asm+0x1a/0x30
[  110.509972][    C1]  </TASK>
[  110.509981][    C1] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  110.735310][    C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT(full) 
[  110.735343][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  110.735359][    C1] Call Trace:
[  110.735368][    C1]  <TASK>
[  110.735377][    C1]  dump_stack_lvl+0x189/0x250
[  110.735411][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  110.735441][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  110.735469][    C1]  ? __pfx_queue_work_on+0x10/0x10
[  110.735493][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  110.735525][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  110.735563][    C1]  f2fs_handle_critical_error+0x37c/0x540
[  110.735600][    C1]  f2fs_write_end_io+0x886/0xb60
[  110.735633][    C1]  blk_update_request+0x57e/0xe60
[  110.735669][    C1]  blk_mq_end_request+0x3e/0x70
[  110.735698][    C1]  blk_done_softirq+0x10a/0x160
[  110.735726][    C1]  handle_softirqs+0x286/0x870
[  110.735752][    C1]  ? run_ksoftirqd+0x9b/0x100
[  110.735782][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  110.735812][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  110.735840][    C1]  ? rcu_is_watching+0x15/0xb0
[  110.735865][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  110.735887][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  110.735917][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  110.735939][    C1]  run_ksoftirqd+0x9b/0x100
[  110.735966][    C1]  ? __pfx_run_ksoftirqd+0x10/0x10
[  110.735997][    C1]  smpboot_thread_fn+0x542/0xa60
[  110.736021][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  110.736048][    C1]  kthread+0x711/0x8a0
[  110.736079][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  110.736102][    C1]  ? __pfx_kthread+0x10/0x10
[  110.736129][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  110.736162][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  110.736190][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  110.736217][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  110.736248][    C1]  ? __pfx_kthread+0x10/0x10
[  110.736278][    C1]  ret_from_fork+0x3fc/0x770
[  110.736304][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  110.736331][    C1]  ? __switch_to_asm+0x39/0x70
[  110.736363][    C1]  ? __switch_to_asm+0x33/0x70
[  110.736393][    C1]  ? __pfx_kthread+0x10/0x10
[  110.736423][    C1]  ret_from_fork_asm+0x1a/0x30
[  110.736464][    C1]  </TASK>
[  110.736474][    C1] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  110.820551][ T5942] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  110.822912][    C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT(full) 
[  110.822942][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  110.822957][    C1] Call Trace:
[  110.822967][    C1]  <TASK>
[  110.822976][    C1]  dump_stack_lvl+0x189/0x250
[  110.823010][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  110.823040][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  110.823068][    C1]  ? __pfx_queue_work_on+0x10/0x10
[  110.823092][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  110.823124][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  110.823160][    C1]  f2fs_handle_critical_error+0x37c/0x540
[  110.823199][    C1]  f2fs_write_end_io+0x886/0xb60
[  110.823231][    C1]  blk_update_request+0x57e/0xe60
[  110.823268][    C1]  blk_mq_end_request+0x3e/0x70
[  110.823298][    C1]  blk_done_softirq+0x10a/0x160
[  110.823324][    C1]  handle_softirqs+0x286/0x870
[  110.823350][    C1]  ? run_ksoftirqd+0x9b/0x100
[  110.823379][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  110.823401][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  110.823428][    C1]  ? rcu_is_watching+0x15/0xb0
[  110.823453][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  110.823475][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  110.823504][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  110.823526][    C1]  run_ksoftirqd+0x9b/0x100
[  110.823552][    C1]  ? __pfx_run_ksoftirqd+0x10/0x10
[  110.823582][    C1]  smpboot_thread_fn+0x542/0xa60
[  110.823606][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  110.823633][    C1]  kthread+0x711/0x8a0
[  110.823664][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  110.823686][    C1]  ? __pfx_kthread+0x10/0x10
[  110.823714][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  110.823742][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  110.823771][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  110.823805][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  110.823836][    C1]  ? __pfx_kthread+0x10/0x10
[  110.823865][    C1]  ret_from_fork+0x3fc/0x770
[  110.823891][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  110.823917][    C1]  ? __switch_to_asm+0x39/0x70
[  110.823948][    C1]  ? __switch_to_asm+0x33/0x70
[  110.823977][    C1]  ? __pfx_kthread+0x10/0x10
[  110.824007][    C1]  ret_from_fork_asm+0x1a/0x30
[  110.824046][    C1]  </TASK>
[  110.824056][    C1] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  110.996764][ T5942] usb 6-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  110.997473][    C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT(full) 
[  110.997503][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  110.997518][    C1] Call Trace:
[  110.997528][    C1]  <TASK>
[  110.997537][    C1]  dump_stack_lvl+0x189/0x250
[  110.997571][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  110.997601][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  110.997627][    C1]  ? __pfx_queue_work_on+0x10/0x10
[  110.997651][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  110.997684][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  110.997721][    C1]  f2fs_handle_critical_error+0x37c/0x540
[  110.997761][    C1]  f2fs_write_end_io+0x886/0xb60
[  110.997848][    C1]  blk_update_request+0x57e/0xe60
[  110.997886][    C1]  blk_mq_end_request+0x3e/0x70
[  110.997915][    C1]  blk_done_softirq+0x10a/0x160
[  110.997944][    C1]  handle_softirqs+0x286/0x870
[  110.997970][    C1]  ? run_ksoftirqd+0x9b/0x100
[  110.998000][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  110.998021][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  110.998047][    C1]  ? rcu_is_watching+0x15/0xb0
[  110.998073][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  110.998095][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  110.998124][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  110.998147][    C1]  run_ksoftirqd+0x9b/0x100
[  110.998174][    C1]  ? __pfx_run_ksoftirqd+0x10/0x10
[  110.998205][    C1]  smpboot_thread_fn+0x542/0xa60
[  110.998229][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  110.998257][    C1]  kthread+0x711/0x8a0
[  110.998288][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  110.998311][    C1]  ? __pfx_kthread+0x10/0x10
[  110.998338][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  110.998366][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  110.998395][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  110.998421][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  110.998453][    C1]  ? __pfx_kthread+0x10/0x10
[  110.998482][    C1]  ret_from_fork+0x3fc/0x770
[  110.998508][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  110.998535][    C1]  ? __switch_to_asm+0x39/0x70
[  110.998565][    C1]  ? __switch_to_asm+0x33/0x70
[  110.998595][    C1]  ? __pfx_kthread+0x10/0x10
[  110.998624][    C1]  ret_from_fork_asm+0x1a/0x30
[  110.998664][    C1]  </TASK>
[  110.998673][    C1] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  111.009662][ T5942] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  111.012926][    C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT(full) 
[  111.012956][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  111.012970][    C1] Call Trace:
[  111.012978][    C1]  <TASK>
[  111.012987][    C1]  dump_stack_lvl+0x189/0x250
[  111.013020][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  111.013050][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  111.013078][    C1]  ? __pfx_queue_work_on+0x10/0x10
[  111.013102][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  111.013134][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  111.013171][    C1]  f2fs_handle_critical_error+0x37c/0x540
[  111.013211][    C1]  f2fs_write_end_io+0x886/0xb60
[  111.013244][    C1]  blk_update_request+0x57e/0xe60
[  111.013282][    C1]  blk_mq_end_request+0x3e/0x70
[  111.013311][    C1]  blk_done_softirq+0x10a/0x160
[  111.013339][    C1]  handle_softirqs+0x286/0x870
[  111.013365][    C1]  ? run_ksoftirqd+0x9b/0x100
[  111.013395][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  111.013417][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  111.013443][    C1]  ? rcu_is_watching+0x15/0xb0
[  111.013469][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  111.013490][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  111.013520][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  111.013541][    C1]  run_ksoftirqd+0x9b/0x100
[  111.013567][    C1]  ? __pfx_run_ksoftirqd+0x10/0x10
[  111.013598][    C1]  smpboot_thread_fn+0x542/0xa60
[  111.013623][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  111.013651][    C1]  kthread+0x711/0x8a0
[  111.013683][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  111.013705][    C1]  ? __pfx_kthread+0x10/0x10
[  111.013733][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  111.013762][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  111.013796][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  111.013823][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  111.013856][    C1]  ? __pfx_kthread+0x10/0x10
[  111.013885][    C1]  ret_from_fork+0x3fc/0x770
[  111.013913][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  111.013940][    C1]  ? __switch_to_asm+0x39/0x70
[  111.013971][    C1]  ? __switch_to_asm+0x33/0x70
[  111.014001][    C1]  ? __pfx_kthread+0x10/0x10
[  111.014030][    C1]  ret_from_fork_asm+0x1a/0x30
[  111.014070][    C1]  </TASK>
[  111.014080][    C1] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  111.042000][ T5942] usb 6-1: Product: syz
[  111.049331][ T5861] F2FS-fs (loop4): do_checkpoint failed err:-5, stop checkpoint
[  111.088060][ T5942] usb 6-1: Manufacturer: syz
[  111.680100][ T7358] loop1: detected capacity change from 0 to 32768
[  111.703579][ T5942] usb 6-1: SerialNumber: syz
[  111.717706][ T5177] Bluetooth: hci2: command tx timeout
[  111.732463][ T5942] usb 6-1: config 0 descriptor??
[  111.742543][ T5942] i2c-tiny-usb 6-1:0.0: version 6d.cc found at bus 006 address 006
[  111.754141][ T7358] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  111.763921][ T7360] ip6tnl0: Caught tx_queue_len zero misconfig
[  111.795186][ T7302] chnl_net:caif_netlink_parms(): no params data found
[  111.855304][   T49] hsr_slave_0: left promiscuous mode
[  111.877816][ T7358] XFS (loop1): Ending clean mount
[  111.890516][   T49] hsr_slave_1: left promiscuous mode
[  111.906520][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  111.930677][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[  111.958869][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  111.972824][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[  111.993926][ T5853] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  112.009343][   T49] veth1_macvtap: left promiscuous mode
[  112.023274][   T49] veth0_macvtap: left promiscuous mode
[  112.041993][   T49] veth1_vlan: left promiscuous mode
[  112.054052][   T49] veth0_vlan: left promiscuous mode
[  112.145243][ T5942]  (null): failure reading functionality
[  112.153244][ T5942] i2c i2c-1: connected i2c-tiny-usb device
[  112.329300][   T49] team0 (unregistering): Port device team_slave_1 removed
[  112.352606][   T49] team0 (unregistering): Port device team_slave_0 removed
[  112.419496][ T5942] usb 6-1: USB disconnect, device number 6
[  112.578836][ T7302] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.588191][ T7372] loop4: detected capacity change from 0 to 32768
[  112.595204][ T7302] bridge0: port 1(bridge_slave_0) entered disabled state
[  112.605078][ T7302] bridge_slave_0: entered allmulticast mode
[  112.613573][ T7302] bridge_slave_0: entered promiscuous mode
[  112.625030][ T7387] loop1: detected capacity change from 0 to 128
[  112.628723][ T7302] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.646293][ T7302] bridge0: port 2(bridge_slave_1) entered disabled state
[  112.655097][ T7302] bridge_slave_1: entered allmulticast mode
[  112.662136][ T7302] bridge_slave_1: entered promiscuous mode
[  112.692107][ T7302] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  112.703937][ T7302] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  112.740822][ T7302] team0: Port device team_slave_0 added
[  112.748548][ T7302] team0: Port device team_slave_1 added
[  112.772105][ T7372]  loop4: p9 p11 p16
[  112.839295][ T7302] batman_adv: batadv0: Adding interface: batadv_slave_0
[  112.859093][ T7302] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  112.920400][ T7302] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  113.028329][ T7302] batman_adv: batadv0: Adding interface: batadv_slave_1
[  113.040717][ T7302] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  113.087036][ T7397] loop2: detected capacity change from 0 to 128
[  113.095897][ T7397] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  113.112683][ T7302] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  113.129136][ T7397] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  113.250785][   T12] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  113.297293][ T7302] hsr_slave_0: entered promiscuous mode
[  113.313257][ T7302] hsr_slave_1: entered promiscuous mode
[  113.325798][ T7302] debugfs: 'hsr0' already exists in 'hsr'
[  113.343339][ T7302] Cannot create hsr debugfs directory
[  113.618374][ T7419] netlink: 'syz.2.513': attribute type 16 has an invalid length.
[  113.643835][ T7419] netlink: 'syz.2.513': attribute type 17 has an invalid length.
[  113.700694][ T7421] loop0: detected capacity change from 0 to 2048
[  113.715583][ T7403] loop1: detected capacity change from 0 to 40427
[  113.720119][ T7421] EXT4-fs: Ignoring removed mblk_io_submit option
[  113.725594][ T7403] F2FS-fs (loop1): Image doesn't support compression
[  113.735345][ T7403] F2FS-fs (loop1): build fault injection rate: 690
[  113.774518][ T7421] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  113.787725][ T7403] F2FS-fs (loop1): invalid crc value
[  113.794494][ T5177] Bluetooth: hci2: command tx timeout
[  113.807023][ T7419] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  113.920851][ T7416] loop4: detected capacity change from 0 to 32768
[  113.931617][ T7416] 
[  113.931617][ T7416]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  113.931617][ T7416] 
[  113.945637][ T7302] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  113.957935][ T5850] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.977349][ T7403] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  113.989263][ T5861] 
[  113.989263][ T5861]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  113.989263][ T5861] 
[  113.989265][ T7403] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  114.009801][ T5861] 
[  114.009801][ T5861]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  114.009801][ T5861] 
[  114.015579][ T7302] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  114.093015][ T7302] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  114.141396][ T5853] syz-executor: attempt to access beyond end of device
[  114.141396][ T5853] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  114.162247][ T5853] CPU: 0 UID: 0 PID: 5853 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT(full) 
[  114.162281][ T5853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  114.162297][ T5853] Call Trace:
[  114.162305][ T5853]  <TASK>
[  114.162315][ T5853]  dump_stack_lvl+0x189/0x250
[  114.162348][ T5853]  ? srso_alias_return_thunk+0x5/0xfbef5
[  114.162378][ T5853]  ? __pfx_dump_stack_lvl+0x10/0x10
[  114.162406][ T5853]  ? __pfx_queue_work_on+0x10/0x10
[  114.162431][ T5853]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  114.162463][ T5853]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  114.162501][ T5853]  f2fs_handle_critical_error+0x37c/0x540
[  114.162542][ T5853]  f2fs_write_end_io+0x886/0xb60
[  114.162577][ T5853]  __submit_merged_bio+0x27a/0x6a0
[  114.162615][ T5853]  __submit_merged_write_cond+0x255/0x530
[  114.162653][ T5853]  f2fs_write_data_pages+0x261d/0x3000
[  114.162689][ T5853]  ? arch_stack_walk+0xfc/0x150
[  114.162741][ T5853]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  114.162777][ T5853]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  114.162881][ T5853]  ? rcu_is_watching+0x15/0xb0
[  114.162924][ T5853]  ? srso_alias_return_thunk+0x5/0xfbef5
[  114.162958][ T5853]  ? srso_alias_return_thunk+0x5/0xfbef5
[  114.162985][ T5853]  ? folios_put_refs+0x559/0x640
[  114.163019][ T5853]  ? __pfx_folios_put_refs+0x10/0x10
[  114.163043][ T5853]  ? rcu_is_watching+0x15/0xb0
[  114.163065][ T5853]  ? lru_add+0xa2f/0xd80
[  114.163089][ T5853]  ? lru_add+0x198/0xd80
[  114.163114][ T5853]  ? srso_alias_return_thunk+0x5/0xfbef5
[  114.163141][ T5853]  ? do_raw_spin_lock+0x121/0x290
[  114.163175][ T5853]  ? srso_alias_return_thunk+0x5/0xfbef5
[  114.163206][ T5853]  ? srso_alias_return_thunk+0x5/0xfbef5
[  114.163233][ T5853]  ? do_raw_spin_unlock+0x122/0x240
[  114.163263][ T5853]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  114.163302][ T5853]  do_writepages+0x32e/0x550
[  114.163335][ T5853]  ? srso_alias_return_thunk+0x5/0xfbef5
[  114.163361][ T5853]  ? rcu_is_watching+0x15/0xb0
[  114.163384][ T5853]  ? srso_alias_return_thunk+0x5/0xfbef5
[  114.163413][ T5853]  ? srso_alias_return_thunk+0x5/0xfbef5
[  114.163440][ T5853]  ? do_raw_spin_unlock+0x122/0x240
[  114.163472][ T5853]  filemap_fdatawrite+0x199/0x240
[  114.163505][ T5853]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  114.163565][ T5853]  ? srso_alias_return_thunk+0x5/0xfbef5
[  114.163591][ T5853]  ? rcu_is_watching+0x15/0xb0
[  114.163614][ T5853]  ? srso_alias_return_thunk+0x5/0xfbef5
[  114.163644][ T5853]  ? do_raw_spin_unlock+0x122/0x240
[  114.163677][ T5853]  f2fs_sync_dirty_inodes+0x31f/0x830
[  114.163712][ T5853]  f2fs_write_checkpoint+0x95a/0x1df0
[  114.163753][ T5853]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  114.163776][ T5853]  ? srso_alias_return_thunk+0x5/0xfbef5
[  114.163841][ T5853]  ? kill_f2fs_super+0x298/0x6c0
[  114.163869][ T5853]  kill_f2fs_super+0x2c3/0x6c0
[  114.163897][ T5853]  ? __pfx_kill_f2fs_super+0x10/0x10
[  114.163919][ T5853]  ? radix_tree_delete_item+0x2b6/0x400
[  114.163956][ T5853]  ? srso_alias_return_thunk+0x5/0xfbef5
[  114.163983][ T5853]  ? shrinker_free+0x2ce/0x3e0
[  114.164011][ T5853]  deactivate_locked_super+0xbc/0x130
[  114.164041][ T5853]  cleanup_mnt+0x425/0x4c0
[  114.164071][ T5853]  task_work_run+0x1d4/0x260
[  114.164106][ T5853]  ? __pfx_task_work_run+0x10/0x10
[  114.164137][ T5853]  ? __x64_sys_umount+0x122/0x160
[  114.164168][ T5853]  ? __pfx___x64_sys_umount+0x10/0x10
[  114.164199][ T5853]  ? srso_alias_return_thunk+0x5/0xfbef5
[  114.164229][ T5853]  ? srso_alias_return_thunk+0x5/0xfbef5
[  114.164256][ T5853]  ? rcu_is_watching+0x15/0xb0
[  114.164282][ T5853]  exit_to_user_mode_loop+0xec/0x110
[  114.164318][ T5853]  do_syscall_64+0x2bd/0x3b0
[  114.164353][ T5853]  ? srso_alias_return_thunk+0x5/0xfbef5
[  114.164381][ T5853]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.164404][ T5853]  ? srso_alias_return_thunk+0x5/0xfbef5
[  114.164431][ T5853]  ? exc_page_fault+0x9f/0xf0
[  114.164464][ T5853]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.164487][ T5853] RIP: 0033:0x7fe97038ff17
[  114.164508][ T5853] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  114.164528][ T5853] RSP: 002b:00007ffe19047f88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  114.164554][ T5853] RAX: 0000000000000000 RBX: 00007fe970411c05 RCX: 00007fe97038ff17
[  114.164570][ T5853] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe19048040
[  114.164586][ T5853] RBP: 00007ffe19048040 R08: 0000000000000000 R09: 0000000000000000
[  114.164602][ T5853] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe190490d0
[  114.164619][ T5853] R13: 00007fe970411c05 R14: 000000000001bd79 R15: 00007ffe19049110
[  114.164648][ T5853]  </TASK>
[  114.164658][ T5853] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  114.253246][ T7302] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  114.305636][ T5853] CPU: 0 UID: 0 PID: 5853 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT(full) 
[  114.305672][ T5853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  114.305687][ T5853] Call Trace:
[  114.305697][ T5853]  <TASK>
[  114.305706][ T5853]  dump_stack_lvl+0x189/0x250
[  114.305740][ T5853]  ? srso_alias_return_thunk+0x5/0xfbef5
[  114.305771][ T5853]  ? __pfx_dump_stack_lvl+0x10/0x10
[  114.305808][ T5853]  ? __pfx_queue_work_on+0x10/0x10
[  114.305832][ T5853]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  114.305864][ T5853]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  114.305902][ T5853]  f2fs_handle_critical_error+0x37c/0x540
[  114.305942][ T5853]  f2fs_write_end_io+0x886/0xb60
[  114.305977][ T5853]  __submit_merged_bio+0x27a/0x6a0
[  114.306014][ T5853]  __submit_merged_write_cond+0x255/0x530
[  114.306051][ T5853]  f2fs_write_data_pages+0x261d/0x3000
[  114.306086][ T5853]  ? arch_stack_walk+0xfc/0x150
[  114.306138][ T5853]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  114.306172][ T5853]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  114.306210][ T5853]  ? rcu_is_watching+0x15/0xb0
[  114.306254][ T5853]  ? srso_alias_return_thunk+0x5/0xfbef5
[  114.306289][ T5853]  ? srso_alias_return_thunk+0x5/0xfbef5
[  114.306315][ T5853]  ? folios_put_refs+0x559/0x640
[  114.306350][ T5853]  ? __pfx_folios_put_refs+0x10/0x10
[  114.306375][ T5853]  ? rcu_is_watching+0x15/0xb0
[  114.306398][ T5853]  ? lru_add+0xa2f/0xd80
[  114.306422][ T5853]  ? lru_add+0x198/0xd80
[  114.306447][ T5853]  ? srso_alias_return_thunk+0x5/0xfbef5
[  114.306473][ T5853]  ? do_raw_spin_lock+0x121/0x290
[  114.306507][ T5853]  ? srso_alias_return_thunk+0x5/0xfbef5
[  114.306537][ T5853]  ? srso_alias_return_thunk+0x5/0xfbef5
[  114.306563][ T5853]  ? do_raw_spin_unlock+0x122/0x240
[  114.306596][ T5853]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  114.306633][ T5853]  do_writepages+0x32e/0x550
[  114.306666][ T5853]  ? srso_alias_return_thunk+0x5/0xfbef5
[  114.306693][ T5853]  ? rcu_is_watching+0x15/0xb0
[  114.306716][ T5853]  ? srso_alias_return_thunk+0x5/0xfbef5
[  114.306745][ T5853]  ? srso_alias_return_thunk+0x5/0xfbef5
[  114.306772][ T5853]  ? do_raw_spin_unlock+0x122/0x240
[  114.306809][ T5853]  filemap_fdatawrite+0x199/0x240
[  114.306846][ T5853]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  114.306905][ T5853]  ? srso_alias_return_thunk+0x5/0xfbef5
[  114.306931][ T5853]  ? rcu_is_watching+0x15/0xb0
[  114.306954][ T5853]  ? srso_alias_return_thunk+0x5/0xfbef5
[  114.306982][ T5853]  ? do_raw_spin_unlock+0x122/0x240
[  114.307014][ T5853]  f2fs_sync_dirty_inodes+0x31f/0x830
[  114.307046][ T5853]  f2fs_write_checkpoint+0x95a/0x1df0
[  114.307085][ T5853]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  114.307108][ T5853]  ? srso_alias_return_thunk+0x5/0xfbef5
[  114.307168][ T5853]  ? kill_f2fs_super+0x298/0x6c0
[  114.307195][ T5853]  kill_f2fs_super+0x2c3/0x6c0
[  114.307223][ T5853]  ? __pfx_kill_f2fs_super+0x10/0x10
[  114.307244][ T5853]  ? radix_tree_delete_item+0x2b6/0x400
[  114.307280][ T5853]  ? srso_alias_return_thunk+0x5/0xfbef5
[  114.307306][ T5853]  ? shrinker_free+0x2ce/0x3e0
[  114.307335][ T5853]  deactivate_locked_super+0xbc/0x130
[  114.307364][ T5853]  cleanup_mnt+0x425/0x4c0
[  114.307394][ T5853]  task_work_run+0x1d4/0x260
[  114.307429][ T5853]  ? __pfx_task_work_run+0x10/0x10
[  114.307459][ T5853]  ? __x64_sys_umount+0x122/0x160
[  114.307490][ T5853]  ? __pfx___x64_sys_umount+0x10/0x10
[  114.307519][ T5853]  ? srso_alias_return_thunk+0x5/0xfbef5
[  114.307549][ T5853]  ? srso_alias_return_thunk+0x5/0xfbef5
[  114.307575][ T5853]  ? rcu_is_watching+0x15/0xb0
[  114.307601][ T5853]  exit_to_user_mode_loop+0xec/0x110
[  114.307635][ T5853]  do_syscall_64+0x2bd/0x3b0
[  114.307669][ T5853]  ? srso_alias_return_thunk+0x5/0xfbef5
[  114.307697][ T5853]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.307719][ T5853]  ? srso_alias_return_thunk+0x5/0xfbef5
[  114.307746][ T5853]  ? exc_page_fault+0x9f/0xf0
[  114.307786][ T5853]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.307812][ T5853] RIP: 0033:0x7fe97038ff17
[  114.307832][ T5853] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  114.307852][ T5853] RSP: 002b:00007ffe19047f88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  114.307877][ T5853] RAX: 0000000000000000 RBX: 00007fe970411c05 RCX: 00007fe97038ff17
[  114.307894][ T5853] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe19048040
[  114.307909][ T5853] RBP: 00007ffe19048040 R08: 0000000000000000 R09: 0000000000000000
[  114.307925][ T5853] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe190490d0
[  114.307941][ T5853] R13: 00007fe970411c05 R14: 000000000001bd79 R15: 00007ffe19049110
[  114.307970][ T5853]  </TASK>
[  114.309436][ T5853] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  114.390800][ T7442] loop4: detected capacity change from 0 to 4096
[  114.510727][ T7436] team0: Caught tx_queue_len zero misconfig
[  114.515553][ T7442] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512).
[  114.529102][ T7436] netlink: 8 bytes leftover after parsing attributes in process `syz.0.521'.
[  115.262857][ T7302] 8021q: adding VLAN 0 to HW filter on device bond0
[  115.324420][ T7302] 8021q: adding VLAN 0 to HW filter on device team0
[  115.381741][ T1162] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.388888][ T1162] bridge0: port 1(bridge_slave_0) entered forwarding state
[  115.415187][ T1162] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.422329][ T1162] bridge0: port 2(bridge_slave_1) entered forwarding state
[  115.494648][ T7467] loop1: detected capacity change from 0 to 256
[  115.526330][ T7467] exfat: Deprecated parameter 'namecase'
[  115.559704][ T7467] exfat: Deprecated parameter 'namecase'
[  115.585580][ T7467] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  115.619231][ T7473] netlink: 44 bytes leftover after parsing attributes in process `syz.2.533'.
[  115.619488][ T7472] loop5: detected capacity change from 0 to 512
[  115.634573][ T7473] netem: unknown loss type 12
[  115.639243][ T7473] netem: change failed
[  115.657361][ T7472] EXT4-fs: Ignoring removed nomblk_io_submit option
[  115.708495][ T7472] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -2
[  115.720964][ T7472] EXT4-fs (loop5): Cannot turn on journaled quota: type 1: error -2
[  115.748344][ T7472] EXT4-fs (loop5): 1 truncate cleaned up
[  115.762936][ T7472] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  115.813244][ T7486] netlink: 108 bytes leftover after parsing attributes in process `syz.2.538'.
[  115.866143][ T7490] loop1: detected capacity change from 0 to 512
[  115.878740][ T5177] Bluetooth: hci2: command tx timeout
[  115.889001][ T7493] netlink: 'syz.2.541': attribute type 11 has an invalid length.
[  115.898045][ T7302] 8021q: adding VLAN 0 to HW filter on device batadv0
[  115.902097][ T7490] EXT4-fs: Ignoring removed orlov option
[  115.914191][ T7490] journal_path: Lookup failure for './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[  115.926281][ T5866] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  115.939068][ T7490] EXT4-fs: error: could not find journal device path
[  115.947110][ T7491] tap0: tun_chr_ioctl cmd 1074025677
[  115.981971][ T7491] tap0: linktype set to 804
[  116.117869][ T7504] block nbd2: NBD_DISCONNECT
[  116.220733][ T7513] netlink: 'syz.4.547': attribute type 1 has an invalid length.
[  116.237872][ T7513] netlink: 144 bytes leftover after parsing attributes in process `syz.4.547'.
[  116.260725][ T7513] netlink: 36 bytes leftover after parsing attributes in process `syz.4.547'.
[  116.287872][ T7518] loop2: detected capacity change from 0 to 512
[  116.378201][ T7302] veth0_vlan: entered promiscuous mode
[  116.416325][ T7302] veth1_vlan: entered promiscuous mode
[  116.493356][ T7302] veth0_macvtap: entered promiscuous mode
[  116.510347][ T7302] veth1_macvtap: entered promiscuous mode
[  116.557913][ T7532] loop2: detected capacity change from 0 to 2048
[  116.567115][ T7302] batman_adv: batadv0: Interface activated: batadv_slave_0
[  116.584471][ T7532] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  116.603407][ T7302] batman_adv: batadv0: Interface activated: batadv_slave_1
[  116.641793][   T12] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  116.685393][   T12] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  116.721823][ T1106] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  116.751941][ T5941] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  116.762325][ T1106] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  116.847082][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.870505][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.920574][ T5941] usb 1-1: Using ep0 maxpacket: 32
[  116.933013][ T5941] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  116.946331][ T7546] loop2: detected capacity change from 0 to 128
[  116.959261][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.990561][ T5941] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  116.994370][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.008588][ T7546] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  117.011194][ T5941] usb 1-1: config 0 descriptor??
[  117.027837][ T7546] ext4 filesystem being mounted at /97/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  117.073022][ T7546] fscrypt (loop2, inode 12): Unsupported encryption flags (0x08)
[  117.089761][ T7526] loop4: detected capacity change from 0 to 32768
[  117.134157][ T7526] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  117.156490][ T5859] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  117.182965][   T49] (kworker/u8:3,49,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #72: rec_len % 4 != 0 - offset=16, inode=66, rec_len=491, name_len=2
[  117.290764][ T5941] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  117.320410][ T5941] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  117.340798][ T5861] ocfs2: Unmounting device (7,4) on (node local)
[  117.348242][ T5941] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  117.360366][ T5941] usb 1-1: media controller created
[  117.368706][ T7565] netlink: 'syz.2.566': attribute type 10 has an invalid length.
[  117.400409][ T7565] team0: Port device geneve1 added
[  117.415361][ T5941] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  117.493069][ T5941] az6027: usb out operation failed. (-71)
[  117.499515][ T7570] loop2: detected capacity change from 0 to 2048
[  117.506384][ T5941] az6027: usb out operation failed. (-71)
[  117.515177][ T5941] stb0899_attach: Driver disabled by Kconfig
[  117.521372][ T5941] az6027: no front-end attached
[  117.521372][ T5941] 
[  117.529872][ T5941] az6027: usb out operation failed. (-71)
[  117.536097][ T5941] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  117.544862][ T5941] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input11
[  117.558234][ T5941] dvb-usb: schedule remote query interval to 400 msecs.
[  117.563940][ T7572] loop5: detected capacity change from 0 to 1024
[  117.576208][ T7570] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  117.576855][ T5941] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  117.606418][ T7572] hfsplus: bad catalog folder thread
[  117.613512][ T5941] usb 1-1: USB disconnect, device number 4
[  117.639832][ T7570] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  117.661638][ T5941] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  117.665560][ T7570] EXT4-fs (loop2): Remounting filesystem read-only
[  117.770743][ T5859] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  117.824611][ T7586] loop4: detected capacity change from 0 to 256
[  117.835666][ T7586] exfat: Deprecated parameter 'namecase'
[  117.853153][ T7586] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  117.952306][ T5177] Bluetooth: hci2: command tx timeout
[  118.345874][ T7618] loop6: detected capacity change from 0 to 256
[  118.380597][ T6016] usb 6-1: new full-speed USB device number 7 using dummy_hcd
[  118.414412][ T7618] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d)
[  118.438954][ T7602] loop2: detected capacity change from 0 to 32768
[  118.447481][ T7618] exFAT-fs (loop6): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  118.478340][ T7602] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  118.480918][ T7618] exFAT-fs (loop6): valid_size(150994954) is greater than size(10)
[  118.539742][ T7602] XFS (loop2): Ending clean mount
[  118.545188][ T6016] usb 6-1: unable to read config index 0 descriptor/start: -71
[  118.563913][ T6016] usb 6-1: can't read configurations, error -71
[  118.573475][ T7632] use of bytesused == 0 is deprecated and will be removed in the future,
[  118.613861][ T7632] use the actual size instead.
[  118.703565][ T5859] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  118.750740][  T975] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  118.816588][ T7638] loop6: detected capacity change from 0 to 1024
[  118.855175][ T7638] EXT4-fs (loop6): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  118.872726][ T7638] ext4 filesystem being mounted at /5/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  118.884366][ T7640] loop1: detected capacity change from 0 to 1024
[  118.903688][ T7638] EXT4-fs error (device loop6): ext4_map_blocks:814: inode #15: block 3: comm syz.6.600: lblock 3 mapped to illegal pblock 3 (length 1)
[  118.914585][ T7640] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  118.930724][  T975] usb 1-1: Using ep0 maxpacket: 8
[  118.939248][ T7640] ext4 filesystem being mounted at /100/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  118.960536][  T975] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  118.975021][ T7638] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 117
[  118.987552][  T975] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  118.998971][ T7620] loop4: detected capacity change from 0 to 32768
[  119.006606][ T7620] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.594 (7620)
[  119.010823][ T7638] EXT4-fs (loop6): This should not happen!! Data will be lost
[  119.010823][ T7638] 
[  119.032808][  T975] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  119.043090][ T7620] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  119.044531][  T975] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  119.081859][ T7620] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  119.094958][ T7646] EXT4-fs error (device loop6): ext4_free_blocks:6696: comm syz.6.600: Freeing blocks not in datazone - block = 3, count = 1
[  119.110708][ T7620] BTRFS info (device loop4): using free-space-tree
[  119.111926][  T975] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  119.127775][ T5853] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  119.133463][ T7651] input: syz1 as /devices/virtual/input/input12
[  119.147574][  T975] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  119.184473][ T7652] loop5: detected capacity change from 0 to 4096
[  119.228610][ T7668] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  119.244689][ T7620] BTRFS info (device loop4): rebuilding free space tree
[  119.247972][ T7302] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  119.267049][ T7652] NILFS error (device loop5): nilfs_dotdot: directory #12 missing '.'
[  119.285966][ T7652] Remounting filesystem read-only
[  119.353245][ T1101] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared)
[  119.368137][  T975] usb 1-1: GET_CAPABILITIES returned 0
[  119.406072][  T975] usbtmc 1-1:16.0: can't read capabilities
[  119.473714][ T5861] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  119.583959][ T3529] usb 1-1: USB disconnect, device number 5
[  119.679000][ T7683] dvmrp0: tun_chr_ioctl cmd 1074025677
[  119.687412][ T7669] loop1: detected capacity change from 0 to 32768
[  119.697379][ T7669] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.603 (7669)
[  119.710225][ T7683] dvmrp0: linktype set to 768
[  119.730523][ T7669] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  119.785544][ T7669] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  119.843294][ T7696] vlan2: entered promiscuous mode
[  119.848467][ T7696] dummy0: entered promiscuous mode
[  119.854517][ T7696] vlan2: entered allmulticast mode
[  119.859995][ T7696] dummy0: entered allmulticast mode
[  119.907606][ T7710] netlink: 'syz.4.617': attribute type 12 has an invalid length.
[  119.944298][ T7669] BTRFS info (device loop1): rebuilding free space tree
[  119.979647][ T7669] BTRFS info (device loop1): disabling free space tree
[  120.007467][ T7669] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  120.030353][ T7669] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  120.064182][ T7716] loop4: detected capacity change from 0 to 512
[  120.091156][ T7716] EXT4-fs: Ignoring removed nobh option
[  120.124306][ T7716] EXT4-fs error (device loop4): ext4_orphan_get:1392: inode #15: comm syz.4.619: iget: bad i_size value: 38620345925642
[  120.183205][ T7716] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.619: couldn't read orphan inode 15 (err -117)
[  120.222968][ T5853] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  120.254844][ T7716] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  120.341628][ T7689] loop5: detected capacity change from 0 to 40427
[  120.359863][   T30] audit: type=1800 audit(1755413237.265:35): pid=7716 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.619" name="bus" dev="loop4" ino=18 res=0 errno=0
[  120.383961][ T7716] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.619: bg 0: block 5: invalid block bitmap
[  120.426213][ T7727] loop0: detected capacity change from 0 to 1024
[  120.473665][ T7727] hfsplus: catalog searching failed
[  120.503067][ T7698] loop6: detected capacity change from 0 to 32768
[  120.534332][ T7689] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  120.547775][ T7698] JBD2: Ignoring recovery information on journal
[  120.584376][ T7689] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  120.613562][ T1106] hfsplus: b-tree write err: -5, ino 3
[  120.617240][ T7689] F2FS-fs (loop5): Stopped filesystem due to reason: 0
[  120.623793][ T7698] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  120.656811][ T5861] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  120.689451][ T7735] loop0: detected capacity change from 0 to 128
[  120.713471][ T7698] (syz.6.615,7698,0):ocfs2_get_suballoc_slot_bit:2819 ERROR: invalid inode 8192 requested
[  120.738950][ T7698] (syz.6.615,7698,0):ocfs2_get_suballoc_slot_bit:2844 ERROR: status = -22
[  120.768293][ T7698] (syz.6.615,7698,0):ocfs2_test_inode_bit:2926 ERROR: get alloc slot and bit failed -22
[  120.805430][ T7698] (syz.6.615,7698,0):ocfs2_test_inode_bit:2967 ERROR: status = -22
[  120.928580][ T7302] ocfs2: Unmounting device (7,6) on (node local)
[  120.981761][ T7743] loop0: detected capacity change from 0 to 2048
[  120.992898][ T7713] loop2: detected capacity change from 0 to 65536
[  121.033508][ T7743] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  121.082235][ T7713] XFS (loop2): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  121.094726][ T7743] EXT4-fs (loop0): shut down requested (2)
[  121.143422][ T5850] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  121.182410][ T7713] XFS (loop2): Ending clean mount
[  121.256101][ T7763] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  121.306323][ T5859] XFS (loop2): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  121.469148][ T7758] loop1: detected capacity change from 0 to 32768
[  121.515357][ T7778] loop4: detected capacity change from 0 to 1024
[  121.529412][ T7776] loop5: detected capacity change from 0 to 4096
[  121.556818][ T7776] ntfs3(loop5): Different NTFS sector size (1024) and media sector size (512).
[  121.604564][ T1101] hfsplus: b-tree write err: -5, ino 8
[  121.650703][ T6016] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  121.792583][ T7788] loop5: detected capacity change from 0 to 2048
[  121.820491][ T6016] usb 7-1: Using ep0 maxpacket: 16
[  121.836748][ T6016] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  121.856642][ T6016] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  121.857744][ T7788] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  121.886427][ T6016] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  121.896358][ T6016] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  121.906079][ T6016] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  121.919198][ T7788] ext4 filesystem being mounted at /95/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  121.930632][ T6016] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  121.939673][ T6016] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  121.949499][ T6016] usb 7-1: Manufacturer: syz
[  121.955941][ T6016] usb 7-1: config 0 descriptor??
[  121.989597][   T30] audit: type=1800 audit(1755413238.895:36): pid=7788 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.645" name="file0" dev="loop5" ino=13 res=0 errno=0
[  122.015000][ T7788] fs-verity (loop5, inode 13): Error -22 reading file data
[  122.022376][ T7788] fs-verity (loop5, inode 13): Error -22 building Merkle tree
[  122.105479][ T5866] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  122.149984][ T7811] loop1: detected capacity change from 0 to 64
[  122.220245][ T7816] netlink: 28 bytes leftover after parsing attributes in process `syz.5.656'.
[  122.238288][ T3529] IPVS: starting estimator thread 0...
[  122.248726][ T6016] rc_core: IR keymap rc-hauppauge not found
[  122.255244][ T6016] Registered IR keymap rc-empty
[  122.260387][ T6016] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  122.269003][ T7818] IPVS: sed: SCTP 172.20.20.187:0 - no destination available
[  122.290625][ T6016] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  122.311136][ T6016] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0
[  122.339277][ T6016] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0/input13
[  122.355600][ T7819] IPVS: using max 34 ests per chain, 81600 per kthread
[  122.377148][ T6016] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  122.384857][    C1] mceusb 7-1:0.0: short-range (0x3e) receiver active
[  122.412079][ T6016] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  122.440545][ T6016] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  122.459961][   T24] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  122.467701][ T6016] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  122.500549][ T6016] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  122.514984][ T7834] netlink: 'syz.1.664': attribute type 10 has an invalid length.
[  122.530714][ T6016] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  122.553983][ T7834] team0: Port device geneve1 added
[  122.567575][ T6016] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  122.601194][ T6016] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  122.620762][   T24] usb 1-1: Using ep0 maxpacket: 16
[  122.630540][ T6016] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  122.650589][   T24] usb 1-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90
[  122.671803][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  122.679812][   T24] usb 1-1: Product: syz
[  122.685131][ T6016] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  122.692537][ T7841] binder: BINDER_SET_CONTEXT_MGR already set
[  122.698681][   T24] usb 1-1: Manufacturer: syz
[  122.705140][   T24] usb 1-1: SerialNumber: syz
[  122.711540][ T6016] mceusb 7-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  122.715423][ T7841] binder: 7839:7841 ioctl 40046207 0 returned -16
[  122.721564][   T24] usb 1-1: config 0 descriptor??
[  122.736168][ T7844] loop1: detected capacity change from 0 to 512
[  122.742687][ T6016] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x3e active)
[  122.754021][   T24] ums-onetouch 1-1:0.0: USB Mass Storage device detected
[  122.763754][ T6016] usb 7-1: USB disconnect, device number 2
[  122.774718][ T7844] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #15: comm syz.1.670: casefold flag without casefold feature
[  122.795814][ T7844] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.670: couldn't read orphan inode 15 (err -117)
[  122.832641][ T7844] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  122.925234][ T7844] fscrypt (loop1, inode 18): Mutually exclusive encryption flags (0x14)
[  122.966357][   T24] usb 1-1: USB disconnect, device number 6
[  123.053361][ T5853] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  123.178812][ T7857] bridge0: port 1(bridge_slave_0) entered disabled state
[  123.188081][ T7857] bridge0: port 2(bridge_slave_1) entered disabled state
[  123.202510][ T7858] netlink: 'syz.1.673': attribute type 16 has an invalid length.
[  123.225876][ T7858] netlink: 'syz.1.673': attribute type 17 has an invalid length.
[  123.324390][ T7858] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  123.456699][ T7870] netlink: 20 bytes leftover after parsing attributes in process `syz.4.680'.
[  123.848729][ T7868] loop2: detected capacity change from 0 to 32768
[  123.869671][ T7893] netlink: 'syz.5.690': attribute type 9 has an invalid length.
[  123.888641][ T7868] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.679 (7868)
[  123.910716][ T7893] netlink: 211988 bytes leftover after parsing attributes in process `syz.5.690'.
[  123.935988][ T7868] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  123.967238][ T7868] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[  123.984030][ T7868] BTRFS info (device loop2): using free-space-tree
[  124.060226][ T7911] lo speed is unknown, defaulting to 1000
[  124.095492][ T7911] lo speed is unknown, defaulting to 1000
[  124.124327][ T7921] overlayfs: failed to clone upperpath
[  124.134663][ T7911] lo speed is unknown, defaulting to 1000
[  124.163796][ T7911] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  124.257599][ T7911] lo speed is unknown, defaulting to 1000
[  124.277533][ T7911] lo speed is unknown, defaulting to 1000
[  124.299458][ T7933] netlink: 'syz.0.700': attribute type 10 has an invalid length.
[  124.309055][ T7911] lo speed is unknown, defaulting to 1000
[  124.332509][ T5859] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  124.366081][ T7933] team0: Port device geneve1 added
[  124.395904][ T7911] lo speed is unknown, defaulting to 1000
[  124.411624][ T7911] lo speed is unknown, defaulting to 1000
[  124.422381][ T7911] lo speed is unknown, defaulting to 1000
[  124.647379][ T7951] netlink: 'syz.4.711': attribute type 3 has an invalid length.
[  124.696902][ T7951] netlink: 8 bytes leftover after parsing attributes in process `syz.4.711'.
[  124.847847][ T7945] loop1: detected capacity change from 0 to 32768
[  124.855222][ T7945] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.709 (7945)
[  124.873131][ T7945] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  124.883365][ T7945] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  124.891948][ T7945] BTRFS info (device loop1): disk space caching is enabled
[  124.899140][ T7945] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  125.061624][ T7981] loop5: detected capacity change from 0 to 64
[  125.069616][ T7945] BTRFS info (device loop1): rebuilding free space tree
[  125.085481][ T7945] BTRFS info (device loop1): disabling free space tree
[  125.092464][ T7945] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  125.102501][ T7945] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  125.146478][ T7945] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  125.430382][ T7998] siw: device registration error -23
[  230.460408][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  230.467377][    C0] rcu: 	1-...!: (1 ticks this GP) idle=fc3c/1/0x4000000000000000 softirq=25150/25150 fqs=0
[  230.477356][    C0] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P5866/1:b..l
[  230.485261][    C0] rcu: 	(detected by 0, t=10502 jiffies, g=16905, q=644 ncpus=2)
[  230.492970][    C0] Sending NMI from CPU 0 to CPUs 1:
[  230.493004][    C1] NMI backtrace for cpu 1
[  230.493019][    C1] CPU: 1 UID: 0 PID: 7997 Comm: syz.1.725 Not tainted 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT(full) 
[  230.493049][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  230.493063][    C1] RIP: 0010:advance_sched+0x725/0xc90
[  230.493088][    C1] Code: f8 48 c7 c7 e0 5e 59 8f 4c 89 fe e8 25 ae 64 fb e9 77 fe ff ff e8 bb 23 25 f8 eb 05 e8 b4 23 25 f8 4c 8b 3c 24 48 8b 44 24 40 <48> 85 c0 4c 8b 6c 24 18 48 8b 6c 24 28 0f 84 99 00 00 00 48 8d 98
[  230.493106][    C1] RSP: 0018:ffffc90000a08c70 EFLAGS: 00000006
[  230.493124][    C1] RAX: 0000000000000000 RBX: 1867670854000000 RCX: ffff88802a071e00
[  230.493140][    C1] RDX: 0000000000010000 RSI: 0000000004000000 RDI: 0000000000000000
[  230.493154][    C1] RBP: 0000000000000001 R08: 0000000000000003 R09: 0000000000000004
[  230.493166][    C1] R10: dffffc0000000000 R11: fffff5200014117c R12: dffffc0000000000
[  230.493183][    C1] R13: ffff8880521834c8 R14: ffff888052183408 R15: ffff888052183c00
[  230.493202][    C1] FS:  0000000000000000(0000) GS:ffff888125d1b000(0000) knlGS:0000000000000000
[  230.493219][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  230.493234][    C1] CR2: 000000110c3e28d9 CR3: 000000000df36000 CR4: 0000000000350ef0
[  230.493250][    C1] Call Trace:
[  230.493261][    C1]  <IRQ>
[  230.493279][    C1]  ? __pfx_advance_sched+0x10/0x10
[  230.493299][    C1]  __hrtimer_run_queues+0x52c/0xc60
[  230.493321][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  230.493356][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  230.493375][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  230.493400][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  230.493430][    C1]  hrtimer_interrupt+0x45b/0xaa0
[  230.493463][    C1]  __sysvec_apic_timer_interrupt+0x10b/0x410
[  230.493492][    C1]  sysvec_apic_timer_interrupt+0xa1/0xc0
[  230.493521][    C1]  </IRQ>
[  230.493528][    C1]  <TASK>
[  230.493536][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  230.493559][    C1] RIP: 0010:unmap_page_range+0x1670/0x4370
[  230.493582][    C1] Code: ef e8 54 cb 19 00 49 8b 45 00 48 89 44 24 78 4d 8d 66 18 4d 89 e5 49 c1 ed 03 48 b8 00 00 00 00 00 fc ff df 41 80 7c 05 00 00 <74> 08 4c 89 e7 e8 26 cb 19 00 49 8b 1c 24 83 e3 01 31 ff 48 89 de
[  230.493599][    C1] RSP: 0018:ffffc90003b8f5e0 EFLAGS: 00000246
[  230.493616][    C1] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  230.493630][    C1] RDX: ffff88802a071e00 RSI: 0000000000000011 RDI: 0000000000000001
[  230.493644][    C1] RBP: ffffc90003b8f890 R08: ffffea0001648907 R09: 1ffffd40002c9120
[  230.493660][    C1] R10: dffffc0000000000 R11: fffff940002c9121 R12: ffffea0001648918
[  230.493676][    C1] R13: 1ffffd40002c9123 R14: ffffea0001648900 R15: 0000000000000011
[  230.493701][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  230.493725][    C1]  ? is_bpf_text_address+0x292/0x2b0
[  230.493782][    C1]  ? __pfx_unmap_page_range+0x10/0x10
[  230.493807][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  230.493831][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  230.493860][    C1]  unmap_vmas+0x399/0x580
[  230.493880][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  230.493903][    C1]  ? rcu_is_watching+0x15/0xb0
[  230.493928][    C1]  ? __pfx_unmap_vmas+0x10/0x10
[  230.493961][    C1]  exit_mmap+0x248/0xb50
[  230.493995][    C1]  ? __pfx_exit_mmap+0x10/0x10
[  230.494028][    C1]  ? __mutex_unlock_slowpath+0x1a1/0x760
[  230.494067][    C1]  ? __pfx_exit_aio+0x10/0x10
[  230.494100][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  230.494127][    C1]  ? uprobe_clear_state+0x274/0x290
[  230.494151][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  230.494178][    C1]  __mmput+0x118/0x420
[  230.494199][    C1]  exit_mm+0x1da/0x2c0
[  230.494228][    C1]  ? __pfx_exit_mm+0x10/0x10
[  230.494256][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  230.494280][    C1]  ? rcu_is_watching+0x15/0xb0
[  230.494303][    C1]  do_exit+0x648/0x2300
[  230.494332][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  230.494356][    C1]  ? preempt_schedule_common+0x83/0xd0
[  230.494384][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  230.494408][    C1]  ? preempt_schedule+0xae/0xc0
[  230.494435][    C1]  ? __pfx_do_exit+0x10/0x10
[  230.494462][    C1]  ? rcu_is_watching+0x15/0xb0
[  230.494483][    C1]  ? preempt_schedule_thunk+0x16/0x30
[  230.494521][    C1]  do_group_exit+0x21c/0x2d0
[  230.494552][    C1]  __x64_sys_exit_group+0x3f/0x40
[  230.494580][    C1]  x64_sys_call+0x21f7/0x2200
[  230.494609][    C1]  do_syscall_64+0xfa/0x3b0
[  230.494640][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  230.494665][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  230.494685][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  230.494709][    C1]  ? exc_page_fault+0x9f/0xf0
[  230.494738][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  230.494758][    C1] RIP: 0033:0x7fe97038ebe9
[  230.494775][    C1] Code: Unable to access opcode bytes at 0x7fe97038ebbf.
[  230.494786][    C1] RSP: 002b:00007ffe19049058 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  230.494807][    C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe97038ebe9
[  230.494821][    C1] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
[  230.494834][    C1] RBP: 00007ffe190490bc R08: 000000041904914f R09: 00000000000927c0
[  230.494849][    C1] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000078
[  230.494862][    C1] R13: 00000000000927c0 R14: 000000000001e98c R15: 00007ffe19049110
[  230.494885][    C1]  </TASK>
[  230.494995][    C0] task:syz-executor    state:R  running task     stack:21960 pid:5866  tgid:5866  ppid:5849   task_flags:0x400140 flags:0x00004000
[  231.027471][    C0] Call Trace:
[  231.030736][    C0]  <TASK>
[  231.033661][    C0]  __schedule+0x1798/0x4cc0
[  231.038177][    C0]  ? unwind_next_frame+0xa5/0x2390
[  231.043293][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  231.049446][    C0]  ? __pfx___schedule+0x10/0x10
[  231.054296][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  231.060360][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.066167][    C0]  ? rcu_is_watching+0x15/0xb0
[  231.070930][    C0]  preempt_schedule_irq+0xb5/0x150
[  231.076054][    C0]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  231.081773][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.087397][    C0]  ? rcu_is_watching+0x15/0xb0
[  231.092153][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.097778][    C0]  ? rcu_irq_exit_check_preempt+0xd6/0x210
[  231.103587][    C0]  irqentry_exit+0x6f/0x90
[  231.108010][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  231.113987][    C0] RIP: 0010:unwind_next_frame+0x12e3/0x2390
[  231.119887][    C0] Code: 18 48 8b 10 48 c7 c7 80 3c 88 8b 89 de e8 15 cd b4 ff e9 43 06 00 00 49 89 d5 48 89 d5 48 89 d8 48 29 e8 48 89 c1 48 c1 f9 02 <48> c1 e8 3f 48 01 c8 48 83 e0 fe 4c 8d 3c 45 00 00 00 00 49 01 ef
[  231.139494][    C0] RSP: 0018:ffffc90002e66e38 EFLAGS: 00000256
[  231.145561][    C0] RAX: 0000000000000000 RBX: ffffffff8fbf07f4 RCX: 0000000000000000
[  231.153523][    C0] RDX: ffffffff8fbf07f4 RSI: ffffffff903ed530 RDI: ffffffff8be334a0
[  231.161498][    C0] RBP: ffffffff8fbf07f4 R08: 0000000000000001 R09: 0000000000000000
[  231.169471][    C0] R10: dffffc0000000000 R11: ffffffff81ac3870 R12: ffffffff820c0590
[  231.177451][    C0] R13: ffffffff8fbf07f4 R14: ffffc90002e66f08 R15: 0000000000010c05
[  231.185422][    C0]  ? copy_pmd_range+0x6a90/0x71d0
[  231.190457][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  231.196625][    C0]  ? unwind_next_frame+0xcb/0x2390
[  231.201737][    C0]  ? unwind_next_frame+0xa5/0x2390
[  231.206847][    C0]  ? copy_pmd_range+0x6a91/0x71d0
[  231.211980][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  231.218130][    C0]  arch_stack_walk+0x11c/0x150
[  231.222894][    C0]  ? copy_pmd_range+0x6a91/0x71d0
[  231.227922][    C0]  stack_trace_save+0x9c/0xe0
[  231.232596][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  231.237963][    C0]  ? try_charge_memcg+0x5e6/0x1290
[  231.243246][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.248873][    C0]  ? css_rstat_updated+0x23a/0x4f0
[  231.253973][    C0]  ? try_charge_memcg+0x22a/0x1290
[  231.259086][    C0]  kasan_save_track+0x3e/0x80
[  231.263766][    C0]  ? kasan_save_track+0x3e/0x80
[  231.268612][    C0]  ? __kasan_slab_alloc+0x6c/0x80
[  231.273631][    C0]  ? kmem_cache_alloc_noprof+0x1c1/0x3c0
[  231.279259][    C0]  ? ptlock_alloc+0x20/0x70
[  231.283758][    C0]  ? pte_alloc_one+0x7d/0x170
[  231.288427][    C0]  ? __pte_alloc+0x25/0x1a0
[  231.292925][    C0]  ? copy_pmd_range+0x6a91/0x71d0
[  231.297985][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.303657][    C0]  __kasan_slab_alloc+0x6c/0x80
[  231.308514][    C0]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  231.313975][    C0]  ? ptlock_alloc+0x20/0x70
[  231.318482][    C0]  ptlock_alloc+0x20/0x70
[  231.322821][    C0]  pte_alloc_one+0x7d/0x170
[  231.327322][    C0]  __pte_alloc+0x25/0x1a0
[  231.331642][    C0]  copy_pmd_range+0x6a91/0x71d0
[  231.336492][    C0]  ? unwind_get_return_address+0x4d/0x90
[  231.342119][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  231.348270][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.353898][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.359532][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.365169][    C0]  ? kernel_clone+0x21e/0x840
[  231.369844][    C0]  ? __pfx_copy_pmd_range+0x10/0x10
[  231.375045][    C0]  ? dup_mmap+0x9eb/0x1ac0
[  231.379553][    C0]  ? copy_mm+0x13c/0x4b0
[  231.383805][    C0]  ? kernel_clone+0x21e/0x840
[  231.388508][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.394311][    C0]  ? rcu_is_watching+0x15/0xb0
[  231.399064][    C0]  ? copy_page_range+0x28f/0x1270
[  231.404092][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.409726][    C0]  ? rcu_is_watching+0x15/0xb0
[  231.414487][    C0]  ? copy_page_range+0x28f/0x1270
[  231.419510][    C0]  ? lock_release+0x4b/0x3e0
[  231.424114][    C0]  copy_page_range+0xc14/0x1270
[  231.428961][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.434601][    C0]  ? __pfx_copy_page_range+0x10/0x10
[  231.439876][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.445507][    C0]  ? up_write+0x1c4/0x420
[  231.449830][    C0]  ? __pfx_vma_interval_tree_augment_rotate+0x10/0x10
[  231.456586][    C0]  dup_mmap+0xf57/0x1ac0
[  231.460849][    C0]  ? __pfx_dup_mmap+0x10/0x10
[  231.465534][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.471162][    C0]  ? mm_init+0xcc3/0xef0
[  231.475399][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.481029][    C0]  copy_mm+0x13c/0x4b0
[  231.485099][    C0]  copy_process+0x1706/0x3c00
[  231.489765][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.495401][    C0]  ? copy_process+0x97f/0x3c00
[  231.500162][    C0]  ? __pfx_copy_process+0x10/0x10
[  231.505176][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.510814][    C0]  kernel_clone+0x21e/0x840
[  231.515312][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.520952][    C0]  ? css_rstat_updated+0x23a/0x4f0
[  231.526064][    C0]  ? __pfx_kernel_clone+0x10/0x10
[  231.531086][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.536718][    C0]  __x64_sys_clone+0x18b/0x1e0
[  231.541478][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.547112][    C0]  ? __pfx___x64_sys_clone+0x10/0x10
[  231.552416][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.558063][    C0]  ? do_user_addr_fault+0xc8a/0x1390
[  231.563712][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.569350][    C0]  ? rcu_is_watching+0x15/0xb0
[  231.574141][    C0]  do_syscall_64+0xfa/0x3b0
[  231.578648][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.584279][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  231.590336][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.595962][    C0]  ? exc_page_fault+0x9f/0xf0
[  231.600645][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  231.606528][    C0] RIP: 0033:0x7f2c60185453
[  231.610933][    C0] RSP: 002b:00007ffeba248958 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  231.619340][    C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2c60185453
[  231.627326][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[  231.635283][    C0] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001
[  231.643244][    C0] R10: 00005555865167d0 R11: 0000000000000246 R12: 0000000000000000
[  231.651202][    C0] R13: 00000000000927c0 R14: 000000000001e9a4 R15: 00007ffeba248af0
[  231.659176][    C0]  </TASK>
[  231.662193][    C0] rcu: rcu_preempt kthread timer wakeup didn't happen for 10501 jiffies! g16905 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
[  231.674590][    C0] rcu: 	Possible timer handling issue on cpu=1 timer-softirq=8810
[  231.682376][    C0] rcu: rcu_preempt kthread starved for 10502 jiffies! g16905 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
[  231.693732][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  231.703782][    C0] rcu: RCU grace-period kthread stack dump:
[  231.709654][    C0] task:rcu_preempt     state:I stack:27856 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
[  231.721584][    C0] Call Trace:
[  231.724851][    C0]  <TASK>
[  231.727772][    C0]  __schedule+0x1798/0x4cc0
[  231.732286][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.737916][    C0]  ? rcu_is_watching+0x15/0xb0
[  231.742673][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.748302][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.753937][    C0]  ? __pfx___schedule+0x10/0x10
[  231.758787][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  231.764679][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.770306][    C0]  ? rcu_is_watching+0x15/0xb0
[  231.775068][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.780695][    C0]  ? lock_release+0x4b/0x3e0
[  231.785291][    C0]  schedule+0x165/0x360
[  231.789448][    C0]  schedule_timeout+0x12b/0x270
[  231.794382][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[  231.799752][    C0]  ? __pfx_process_timeout+0x10/0x10
[  231.805041][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.810758][    C0]  ? prepare_to_swait_event+0x341/0x380
[  231.816306][    C0]  rcu_gp_fqs_loop+0x301/0x1540
[  231.821165][    C0]  ? __pfx_rcu_gp_init+0x10/0x10
[  231.826106][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  231.831399][    C0]  ? _raw_spin_unlock_irq+0x2e/0x50
[  231.836600][    C0]  ? finish_swait+0xcd/0x1f0
[  231.841190][    C0]  rcu_gp_kthread+0x99/0x390
[  231.845783][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  231.850987][    C0]  ? __kthread_parkme+0x7b/0x200
[  231.855927][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.861554][    C0]  ? __kthread_parkme+0x1a1/0x200
[  231.866577][    C0]  kthread+0x711/0x8a0
[  231.870682][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  231.875892][    C0]  ? __pfx_kthread+0x10/0x10
[  231.880474][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.886102][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  231.891318][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.896969][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  231.902171][    C0]  ? __pfx_kthread+0x10/0x10
[  231.906764][    C0]  ret_from_fork+0x3fc/0x770
[  231.911349][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  231.916454][    C0]  ? __switch_to_asm+0x39/0x70
[  231.921216][    C0]  ? __switch_to_asm+0x33/0x70
[  231.925983][    C0]  ? __pfx_kthread+0x10/0x10
[  231.930574][    C0]  ret_from_fork_asm+0x1a/0x30
[  231.935348][    C0]  </TASK>