last executing test programs:

1m56.939974473s ago: executing program 4 (id=78):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@newtaction={0x2bc, 0x30, 0x300, 0x71bd2a, 0x25dfdbff, {}, [{0x2a8, 0x1, [@m_gact={0x218, 0x17, 0x0, 0x0, {{0x9}, {0x70, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc, 0x3, {0x2, 0x1ae8, 0x5}}, @TCA_GACT_PARMS={0x18, 0x2, {0x65d6, 0x1, 0x8, 0x7, 0x3ff}}, @TCA_GACT_PARMS={0x18, 0x2, {0x2, 0x2b3a, 0x8, 0x4, 0x831}}, @TCA_GACT_PARMS={0x18, 0x2, {0x9, 0x8, 0x0, 0xbd1c, 0x4}}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0x583, 0x1}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0xaeb, 0x20000000}}]}, {0x17d, 0x6, "0f617356f0a663079abe295a350af32575b7576a2846e5b3b3d9b048dc90bac2c3b40552dc14f7774371c98d6e2763d4fda783e36f45e224474cc6a0e6a530d841c87c70bbf3448d6187a58197fa3ffb0b318a51ba59415ac311a355fe1d08f8de9966d8ba89a56bfbc37c6af7d37dcdeb618f98f29bf3b05a23cefbbf51193614c08c162352d9eaad342b2f307dd8babd71ab8a1c4f80bbbbccc8ce4d369a33f9c6fc16198b2cfa20bc906e08c92c0642310e03f00a0ed12baa1df64f1bf0502f23ff4d6a5e05aa81fa19a9b88c32227231211d5d298a3c63d5549b1a72ad3a2c2dbf727e06036e6f15f608bea0e2a8ff93600a6133a9b45faa6924e7b9e8756e78750bdef4103fcd162842f48260e1dbb952cf91a4fdf9ca11cc86255d345cc97e3e5a060faa5892b6b343ae47592ed09d5829b187941331c8c321997cbc0395a6658c85915c1468ea768127b402af42155e96f11ef5f95a4118370c736689c029238b89e6a7a47d06e553b3f1968de8d30df98c713bd5d1"}, {0xc}, {0xc, 0x8, {0x1, 0x2}}}}, @m_sample={0x30, 0x12, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}, @m_bpf={0x2c, 0xa, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_simple={0x30, 0x2, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x3, 0x3}}}}]}]}, 0x2bc}, 0x1, 0x0, 0x0, 0x4000810}, 0x20040800)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

1m56.677602105s ago: executing program 4 (id=82):
syz_mount_image$xfs(&(0x7f00000000c0), &(0x7f0000009780)='./file0\x00', 0x0, &(0x7f0000000280), 0x5, 0x9730, &(0x7f0000012f40)="$eJzs3QeYJHWhcP1ZYMkZRERRVFSMRAkiShAQCRIVFBAkSw5KUJKIBEVBQMk555xzzjnnnHPOfM+yu4rrget93/t+3HvPOc+zO9PVVTXV/1931cxUT/eS8yw258DA6ANDm2JgxG69a86FNt5xziv33WmvU6cYc/zJh00etsCkwy5OOmjYx5EGBgZGGraeYdPGeuykk0caGOW96f9orDHGHDTOwMB0wy7OPuzjTEM/TPT48PneHaERN3TQ3y8O2n7ov/cab8iXGPLJ0rdcdO7AwMD471t+yCLT/MsNlbbkHPPO8w+rv7sNsRo87PP3/xt16L+JHhwYmOi+Ab5/vH/eQR/BTRryNcff8aHR1/0Ivvb/uJacY975RvAf8lgcedi0mYY8xkd8DBob8X5+yyqz7jFsCN+7vw0MDNnF/dNj5X9ES84xzwIDH7yfH3hkzHHPfPe9/eZYzw0MjPX8wMBYLwwMjPXiwMBYLw0MjPXyR+1S/3fNMef0cw55vA+/PIx9+H15fLpf7Lv6S/sMDAyMNnSesd4ZerwYe4rhx4Sqqqr6790cc04/Fxz/R/+w4/9WW89xW8f/qqqq/7nNN8ec0w85jo9w/B/7w47/P7jppjWG/u5/9pmGLvXOR3sjqqqq6j/VPPPh8X/8Dzv+j7fDDQd0/K+qqvqf26ILvnf8H3uE4//EH3b8X2P+uy4fNt/w7xveft8q33v+2LDpb75v+sjvm/7G+6YPft963j//qO+b/tr7po8+MDDWY8Omv/WPyWM9N2SZf13PWK/84/k4k47yvumvvm/6qO+b/tqwbRoyfbT3TX/7ffOP/o/pYw/5b4phX/f1Dxnqqqqq/zYtOv08cw2873n2wyYPf2I/Pi/02GO3vvuj2t6qqqqqqqqq+s/3ztNnnPOPv/n+9MD7/nb173/DOuz3AoOOO++66z6yDf3v0aB//X3IFh/1Nv3fNsR59COmGBhYa4mPelPqI+h/zN+q1/+T8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/cR9w/v/vf/8/cN9Xdhg26yyT3XX/Yv9YctKB1YZ9dutdcy602kew7R9B/1vP/w+sNmhgYJjv+EMsF5pj0cWnGhgYWOz+uyabceDv18085LpZJxz5vT/mHBiY6r3/B0/6AWse9i4L7725w8R/X8dx761/vnf3H3nQCBvxvmY794GDV13y1RlG/PilD74df39/iaVe2X/K4X/LMtIIM43+AQsPX//w2zKi87Btn2rItk+9wZrrTL3+xpt8fbU1l19lpVVWWmu66aadYfoZZ5jum7NMvfJqa6w0zdD/P2DMhr51xcj/zpiNPeKYPT3H+8dsxNs2wSkH45j967t6/NMq3lvj+bM9csXwMRvl3xyz4V9v5A8fsylWG/aFJh0YPLDce0MzaGBg0lEGD2w05MK0ow0MTDp42LyTDpn32xOONDCw4z9u6KBhLzY6dJ5BWwyZ57/Z+5bMMmxENh0+34ivsz7ihv5H71ty4ti73DXC+5b8v+r/6Pj/L14zD/r7QA1/A4Rh8wz1+ojfZ+JftneKUd47yH3Q9n7I6+K8F92/1lz18SX+q14Xh7Z37A/Z3g95Hb8P3N6ppn12z6Gr+i/b3hH2dQsMvfLf2dcNfPi+bmRafqWrJx9xXzf/B2/iPz2Oh4/RaCPM9EH7uh3nP3/zIesf+PB93QKrDXvxgH/s60YaGJh05OH7uiE7vlEHD+w45MJ0Qy6MNnjgsCEXpn/vwhgD5w258I0V1l5jxUHvvczAsPVOM2S9s084aOgD6OaDVx1tl3ffHWXYtrwy1j9v67D7xxTvP57PMeGwwRy27PD1Dpl1+Hpf22bodaMOW++r/4n1Dl+WtnfSs4deN9qw9b42wnoHf8h6hy/7L4+HqQb90xNVYX/zkb6vET1+R/+Q7f2Q1+HG+9t77lMu+8h/wetwD/qg7R3lw7f3g9435AO394krntzvv+p1w+l+dt++Q+8row+7n739n7j/Dl92xP3Y0BcCGbrbH/3f2Y9N8S/7sS1HHmmEwX5fH/R97oow/7BHxN/XtuJBr642fOwHj7De/+j73PfdlkGwHxt/hJ/nBm2+38AgGvPH1nhxw3d2/vAxHzzwzz9bDB/z4ct+2JiP9u+M+ac+fMxH/D75g8Z8qs8PvX7wCNv//jFfZLfZbx4+5qOOsN7/aMxH+/Bjx7+O+cDAYBrzHScbOm4ftj/9oDEfvuzwMR/ydWadcJSBuQcGBqYcNuaj/jtjPul/zf18TJh/6Ocr/X3SczMu/LXhYz7iGP9HYz7qf3LMN7vv7/fzKd+77nMjDYw66sBGy2+wwXrTDv1/+MXphv7P+6LnVhw6zh92LP0go+HLftjjYpR/x2j8f8to0H9kNNkoH2T0j4fWyAcv+vz/6b5olP+s0Xm8Lzpt3qHj9mHfF33QmA9flo6DE79v+RF/Dv2Q18/C2/Te+My/7fCf9/47vH7W8J93/0e+ftbw30muNuJOvv7d+v2/u/zd5e8uf3f5i/uA8/9TDD///+7YB04y7IfOwVfPfNvsH/X2fsT9rz7/P8z3n87/z37bzFcP+dFq2HUfen526Dz/Lc/PzjT0w0SPD59vxPODI27of3R+dt9dN7j6/6fzs/9HDX+s/hs/F7f/d5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+Yv7gPP/0wx/HsDDiy/0w2EnQgdvOu3Rm37U2/sR97/6/P8w3386/7/p0dNuOtLA36/70PP/Q+dxnP9/YMHNl/nvfP5/+GO18//1H5S/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+Yv7gPP/sw9/HsCRs839heHPB7hxu/33/Ki39yPuf+v5/97/31v7f3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+4Yef/B0Z4m8SFu19gcP7/f3Yf4L9I/pjFf9H8MYv/YvljFv/F88cs/kvkj1n8f5Q/ZvH/cf6YxX/J/DGL/1L5Yxb/n+SPWfx/mj9m8V86f8ziv0z+mMV/2fwxi//P8scs/svlj1n8l88fs/j/PH/M4r9C/pjFf8X8MYv/SvljFv+V88cs/qvkj1n8V80fs/ivlj9m8f9F/pjFf/X8MYv/GvljFv8188cs/mvlj1n8184fs/ivkz9m8V83f8ziv17+mMV//fwxi/8G+WMW/1/mj1n8f5U/ZvHfMH/M4r9R/pjFf+P8MYv/JvljFv9f549Z/H+TP2bx3zR/zOK/Wf6YxX/z/DGL/xb5Yxb/LfPHLP6/zR+z+G+VP2bx/13+mMV/6/wxi//v88cs/tvkj1n8t80fs/hvlz9m8d8+f8zi/4f8MYv/H/PHLP475I9Z/P+UP2bx/3P+mMV/x/wxi/9O+WMW/7/kj1n8d84fs/jvkj9m8d81f8zi/9f8MYv/3/LHLP675Y9Z/HfPH7P475E/ZvHfM3/M4r9X/pjFf+/8MYv/PvljFv9988cs/vvlj1n8988fs/gfkD9m8T8wf8zif1D+mMX/4Pwxi/8h+WMW/0Pzxyz+h+WPWfwPzx+z+B+RP2bxPzJ/zOJ/VP6Yxf/o/DGL/zH5Yxb/Y/PHLP7H5Y9Z/I/PH7P4n5A/ZvE/MX/M4n9S/pjF/+T8MYv/KfljFv9T88cs/qflj1n8T88fs/ifkT9m8T8zf8zif1b+mMX/7Pwxi/85+WMW/3Pzxyz+5+WPWfzPzx+z+F+QP2bxvzB/zOJ/Uf6Yxf/i/DGL/yX5Yxb/S/PHLP6X5Y9Z/C/PH7P4X5E/ZvG/Mn/M4n9V/pjF/+r8MYv/NfljFv9r88cs/tflj1n8r88fs/jfkD9m8b8xf8zif1P+mMX/5vwxi/8t+WMW/1vzxyz+t+WPWfxvzx+z+N+RP2bxvzN/zOJ/V/6Yxf/u/DGL/z35Yxb/e/PHLP735Y9Z/O/PH7P4P5A/ZvF/MH/M4v9Q/pjF/+H8MYv/I/ljFv9H88cs/o/lj1n8H88fs/g/kT9m8X8yf8zi/1T+mMX/6fwxi/8z+WMW/2fzxyz+z+WPWfyfzx+z+L+QP2bxfzF/zOL/Uv6Yxf/l/DGL/yv5Yxb/V/PHLP6v5Y9Z/F/PH7P4v5E/ZvF/M3/M4v9W/pjF/+38MYv/O/ljFv9388ck/oMG8scs/oPyxyz+I+WPWfxHzh+z+I+SP2bxH5w/ZvEfNX/M4j9a/pjFf/T8MYv/GPljFv8x88cs/mPlj1n8x84fs/iPkz9m8R83f8ziP17+mMV//Pwxi/8E+WMW/wnzxyz+E+WPWfwnzh+z+H8sf8ziP0n+mMX/4/ljFv9J88cs/p/IH7P4T5Y/ZvH/ZP6Yxf9T+WMW/8nzxyz+n84fs/h/Jn/M4j9F/pjF/7P5Yxb/z+WPWfw/nz9m8Z8yf8zi/4X8MYv/F/PHLP5fyh+z+E+VP2bx/3L+mMX/K/ljFv+v5o9Z/L+WP2bx/3r+mMX/G/ljFv+p88cs/tPkj1n8p80fs/hPlz9m8Z8+f8ziP0P+mMX/m/ljFv8Z88cs/jPlj1n8Z84fs/jPkj9m8f9W/pjFf9b8MYv/t/PHLP6z5Y9Z/L+TP2bx/27+mMV/9vwxi/8c+WMW/znzxyz+c+WPWfy/lz9m8Z87f8ziP0/+mMV/3vwxi//388cs/vPlj1n8f5A/ZvGfP3/M4r9A/pjFf8H8MYv/QvljFv8f5o9Z/BfOH7P4L5I/ZvFfNH/M4r9Y/pjFf/H8MYv/EvljFv8f5Y9Z/H+cP2bxXzJ/zOK/VP6Yxf8n+WMW/5/mj1n8l84fs/gvkz9m8V82f8zi/7P8MYv/cvljFv/l88cs/j/PH7P4r5A/ZvFfMX/M4r9S/pjFf+X8MYv/KvljFv9V88cs/qvlj1n8f5E/ZvFfPX/M4r9G/pjFf838MYv/WvljFv+188cs/uvkj1n8180fs/ivlz9m8V8/f8ziv0H+mMX/l/ljFv9f5Y9Z/DfMH7P4b5Q/ZvHfOH/M4r9J/pjF/9f5Yxb/3+SPWfw3zR+z+G+WP2bx3zx/zOK/Rf6YxX/L/DGL/2/zxyz+W+WPWfx/lz9m8d86f8zi//v8MYv/NvljFv9t88cs/tvlj1n8t88fs/j/IX/M4v/H/DGL/w75Yxb/P+WPWfz/nD9m8d8xf8ziv1P+mMX/L/ljFv+d88cs/rvkj1n8d80fs/j/NX/M4v+3/DGL/275Yxb/3fPHLP575I9Z/PfMH7P475U/ZvHfO3/M4r9P/pjFf9/8MYv/fvljFv/988cs/gfkj1n8D8wfs/gflD9m8T84f8zif0j+mMX/0Pwxi/9h+WMW/8Pzxyz+R+SPWfyPzB+z+B+VP2bxPzp/zOJ/TP6Yxf/Y/DGL/3H5Yxb/4/PHLP4n5I9Z/E/MH7P4n5Q/ZvE/OX/M4n9K/pjF/9T8MYv/afljFv/T88cs/mfkj1n8z8wfs/iflT9m8T87f8zif07+mMX/3Pwxi/95+WMW//Pzxyz+F+SPWfwvzB+z+F+UP2bxvzh/zOJ/Sf6Yxf/S/DGL/2X5Yxb/y/PHLP5X5I9Z/K/MH7P4X5U/ZvG/On/M4n9N/pjF/9r8MYv/dfljFv/r88cs/jfkj1n8b8wfs/jflD9m8b85f8zif0v+mMX/1vwxi/9t+WMW/9vzxyz+d+SPWfzvzB+z+N+VP2bxvzt/zOJ/T/6Yxf/e/DGL/335Yxb/+/PHLP4P5I9Z/B/MH7P4P5Q/ZvF/OH/M4v9I/pjF/9H8MYv/Y/ljFv/H88cs/k/kj1n8n8wfs/g/lT9m8X86f8zi/0z+mMX/2fwxi/9z+WMW/+fzxyz+L+SPWfxfzB+z+L+UP2bxfzl/zOL/Sv6Yxf/V/DGL/2v5Yxb/1/PHLP5v5I9Z/N/MH7P4v5U/ZvF/O3/M4v9O/pjF/938MYn/e5/m/69Z/Aflj1n8R8ofs/iPnD9m8R8lf8ziPzh/zOI/av6YxX+0/DGL/+j5Yxb/MfLHLP5j5o9Z/MfKH7P4j50/ZvEfJ3/M4j9u/pjFf7z8MYv/+PljFv8J8scs/hPmj1n8J8ofs/hPnD9m8f9Y/pjFf5L8MYv/x/PHLP6T5o9Z/D+RP2bxnyx/zOL/yfwxi/+n8scs/pPnj1n8P50/ZvH/TP6YxX+K/DGL/2fzxyz+n8sfs/h/Pn/M4j9l/pjF/wv5Yxb/L+aPWfy/lD9m8Z8qf8zi/+X8MYv/V/LHLP5fzR+z+H8tf8zi//X8MYv/N/LHLP5T549Z/KfJH7P4T5s/ZvGfLn/M4j99/pjFf4b8MYv/N/PHLP4z5o9Z/GfKH7P4z5w/ZvGfJX/M4v+t/DGL/6z5Yxb/b+ePWfxnyx+z+H8nf8zi/938MYv/7PljFv858scs/nPmj1n858ofs/h/L3/M4j93/pjFf578MYv/vPljFv/v549Z/OfLH7P4/yB/zOI/f/6YxX+B/DGL/4L5Yxb/hfLHLP4/zB+z+C+cP2bxXyR/zOK/aP6YxX+x/DGL/+L5Yxb/JfLHLP4/yh+z+P84f8ziv2T+mMV/qfwxi/9P8scs/j/NH7P4L50/ZvFfJn/M4r9s/pjF/2f5Yxb/5fLHLP7L549Z/H+eP2bxXyF/zOK/Yv6YxX+l/DGL/8r5Yxb/VfLHLP6r5o9Z/FfLH7P4/yJ/zOK/ev6YxX+N/DGL/5r5Yxb/tfLHLP5r549Z/NfJH7P4r5s/ZvFfL3/M4r9+/pjFf4P8MYv/L/PHLP6/yh+z+G+YP2bx3yh/zOK/cf6YxX+T/DGL/6/zxyz+v8kfs/hvmj9m8d8sf8ziv3n+mMV/i/wxi/+W+WMW/9/mj1n8t8ofs/j/Ln/M4r91/pjF//f5Yxb/bfLHLP7b5o9Z/LfLH7P4b58/ZvH/Q/6Yxf+P+WMW/x3yxyz+f8ofs/j/OX/M4r9j/pjFf6f8MYv/X/LHLP47549Z/HfJH7P475o/ZvH/a/6Yxf9v+WMW/93yxyz+u+ePWfz3yB+z+O+ZP2bx3yt/zOK/d/6YxX+f/DGL/775Yxb//fLHLP77549Z/A/IH7P4H5g/ZvE/KH/M4n9w/pjF/5D8MYv/ofljFv/D8scs/ofnj1n8j8gfs/gfmT9m8T8qf8zif3T+mMX/mPwxi/+x+WMW/+Pyxyz+x+ePWfxPyB+z+J+YP2bxPyl/zOJ/cv6Yxf+U/DGL/6n5Yxb/0/LHLP6n549Z/M/IH7P4n5k/ZvE/K3/M4n92/pjF/5z8MYv/ufljFv/z8scs/ufnj1n8L8gfs/hfmD9m8b8of8zif3H+mMX/kvwxi/+l+WMW/8vyxyz+l+ePWfyvyB+z+F+ZP2bxvyp/zOJ/df6Yxf+a/DGL/7X5Yxb/6/LHLP7X549Z/G/IH7P435g/ZvG/KX/M4n9z/pjF/5b8MYv/rfljFv/b8scs/rfnj1n878gfs/jfmT9m8b8rf8zif3f+mMX/nvwxi/+9+WMW//vyxyz+9+ePWfwfyB+z+D+YP2bxfyh/zOL/cP6Yxf+R/DGL/6P5Yxb/x/LHLP6P549Z/J/IH7P4P5k/ZvF/Kn/M4v90/pjF/5n8MYv/s/ljFv/n8scs/s/nj1n8X8gfs/i/mD9m8X8pf8zi/3L+mMX/lfwxi/+r+WMW/9fyxyz+r+ePWfzfyB+z+L+ZP2bxfyt/zOL/dv6Yxf+d/DGL/7v5YxL/kQfyxyz+g/LHLP4j5Y9Z/EfOH7P4j5I/ZvEfnD9m8R81f8ziP1r+mMV/9Pwxi/8Y+WMW/zHzxyz+Y+WPWfzHzh+z+I+TP2bxHzd/zOI/Xv6YxX/8/DGL/wT5Yxb/CfPHLP4T5Y9Z/CfOH7P4fyx/zOI/Sf6Yxf/j+WMW/0nzxyz+n8gfs/hPlj9m8f9k/pjF/1P5Yxb/yfPHLP6fzh+z+H8mf8ziP0X+mMX/s/ljFv/P5Y9Z/D+fP2bxnzJ/zOL/hfwxi/8X88cs/l/KH7P4T5U/ZvH/cv6Yxf8r+WMW/6/mj1n8v5Y/ZvH/ev6Yxf8b+WMW/6nzxyz+0+SPWfynzR+z+E+XP2bxnz5/zOI/Q/6Yxf+b+WMW/xnzxyz+M+WPWfxnzh+z+M+SP2bx/1b+mMV/1vwxi/+388cs/rPlj1n8v5M/ZvH/bv6YxX/2/DGL/xz5Yxb/OfPHLP5z5Y9Z/L+XP2bxnzt/zOI/T/6YxX/e/DGL//fzxyz+8+WPWfx/kD9m8Z8/f8ziv0D+mMV/wfwxi/9C+WMW/x/mj1n8F84fs/gvkj9m8V80f8ziv1j+mMV/8fwxi/8S+WMW/x/lj1n8f5w/ZvFfMn/M4r9U/pjF/yf5Yxb/n+aPWfyXzh+z+C+TP2bxXzZ/zOL/s/wxi/9y+WMW/+Xzxyz+P88fs/ivkD9m8V8xf8ziv1L+mMV/5fwxi/8q+WMW/1Xzxyz+q+WPWfx/kT9m8V89f8ziv0b+mMV/zfwxi/9a+WMW/7Xzxyz+6+SPWfzXzR+z+K+XP2bxXz9/zOK/Qf6Yxf+X+WMW/1/lj1n8N8wfs/hvlD9m8d84f8ziv0n+mMX/1/ljFv/f5I9Z/DfNH7P4b5Y/ZvHfPH/M4r9F/pjFf8v8MYv/b/PHLP5b5Y9Z/H+XP2bx3zp/zOL/+/wxi/82+WMW/23zxyz+2+WPWfy3zx+z+P8hf8zi/8f8MYv/DvljFv8/5Y9Z/P+cP2bx3zF/zOK/U/6Yxf8v+WMW/53zxyz+u+SPWfx3zR+z+P81f8zi/7f8MYv/bvljFv/d88cs/nvkj1n898wfs/jvlT9m8d87f8ziv0/+mMV/3/wxi/9++WMW//3zxyz+B+SPWfwPzB+z+B+UP2bxPzh/zOJ/SP6Yxf/Q/DGL/2H5Yxb/w/PHLP5H5I9Z/I/MH7P4H5U/ZvE/On/M4n9M/pjF/9j8MYv/cfljFv/j88cs/ifkj1n8T8wfs/iflD9m8T85f8zif0r+mMX/1Pwxi/9p+WMW/9Pzxyz+Z+SPWfzPzB+z+J+VP2bxPzt/zOJ/Tv6Yxf/c/DGL/3n5Yxb/8/PHLP4X5I9Z/C/MH7P4X5Q/ZvG/OH/M4n9J/pjF/9L8MYv/ZfljFv/L88cs/lfkj1n8r8wfs/hflT9m8b86f8zif03+mMX/2vwxi/91+WMW/+vzxyz+N+SPWfxvzB+z+N+UP2bxvzl/zOJ/S/6Yxf/W/DGL/235Yxb/2/PHLP535I9Z/O/MH7P435U/ZvG/O3/M4n9P/pjF/978MYv/ffljFv/788cs/g/kj1n8H8wfs/g/lD9m8X84f8zi/0j+mMX/0fwxi/9j+WMW/8fzxyz+T+SPWfyfzB+z+D+VP2bxfzp/zOL/TP6Yxf/Z/DGL/3P5Yxb/5/PHLP4v5I9Z/F/MH7P4v5Q/ZvF/OX/M4v9K/pjF/9X8MYv/a/ljFv/X88cs/m/kj1n838wfs/i/lT9m8X87f8zi/07+mMX/3fwxif8oA/ljFv9B+WMW/5Hyxyz+I+ePWfxHyR+z+A/OH7P4j5o/ZvEfLX/M4j96/pjFf4z8MYv/mPljFv+x8scs/mPnj1n8x8kfs/iPmz9m8R8vf8ziP37+mMV/gvwxi/+E+WMW/4nyxyz+E+ePWfw/lj9m8Z8kf8zi//H8MYv/pPljFv9P5I9Z/CfLH7P4fzJ/zOL/qfwxi//k+WMW/0/nj1n8P5M/ZvGfIn/M4v/Z/DGL/+fyxyz+n88fs/hPmT9m8f9C/pjF/4v5Yxb/L+WPWfynyh+z+H85f8zi/5X8MYv/V/PHLP5fyx+z+H89f8zi/438MYv/1PljFv9p8scs/tPmj1n8p8sfs/hPnz9m8Z8hf8zi/838MYv/jPljFv+Z8scs/jPnj1n8Z8kfs/h/K3/M4j9r/pjF/9v5Yxb/2fLHLP7fyR+z+H83f8ziP3v+mMV/jvwxi/+c+WMW/7nyxyz+38sfs/jPnT9m8Z8nf8ziP2/+mMX/+/ljFv/58scs/j/IH7P4z58/ZvFfIH/M4r9g/pjFf6H8MYv/D/PHLP4L549Z/BfJH7P4L5o/ZvFfLH/M4r94/pjFf4n8MYv/j/LHLP4/zh+z+C+ZP2bxXyp/zOL/k/wxi/9P88cs/kvnj1n8l8kfs/gvmz9m8f9Z/pjFf7n8MYv/8vljFv+f549Z/FfIH7P4r5g/ZvFfKX/M4r9y/pjFf5X8MYv/qvljFv/V8scs/r/IH7P4r54/ZvFfI3/M4r9m/pjFf638MYv/2vljFv918scs/uvmj1n818sfs/ivnz9m8d8gf8zi/8v8MYv/r/LHLP4b5o9Z/DfKH7P4b5w/ZvHfJH/M4v/r/DGL/2/yxyz+m+aPWfw3yx+z+G+eP2bx3yJ/zOK/Zf6Yxf+3+WMW/63yxyz+v8sfs/hvnT9m8f99/pjFf5v8MYv/tvljFv/t8scs/tvnj1n8/5A/ZvH/Y/6YxX+H/DGL/5/yxyz+f84fs/jvmD9m8d8pf8zi/5f8MYv/zvljFv9d8scs/rvmj1n8/5o/ZvH/W/6YxX+3/DGL/+75Yxb/PfLHLP575o9Z/PfKH7P4750/ZvHfJ3/M4r9v/pjFf7/8MYv//vljFv8D8scs/gfmj1n8D8ofs/gfnD9m8T8kf8zif2j+mMX/sPwxi//h+WMW/yPyxyz+R+aPWfyPyh+z+B+dP2bxPyZ/zOJ/bP6Yxf+4/DGL//H5Yxb/E/LHLP4n5o9Z/E/KH7P4n5w/ZvE/JX/M4n9q/pjF/7T8MYv/6fljFv8z8scs/mfmj1n8z8ofs/ifnT9m8T8nf8zif27+mMX/vPwxi//5+WMW/wvyxyz+F+aPWfwvyh+z+F+cP2bxvyR/zOJ/af6Yxf+y/DGL/+X5Yxb/K/LHLP5X5o9Z/K/KH7P4X50/ZvG/Jn/M4n9t/pjF/7r8MYv/9fljFv8b8scs/jfmj1n8b8ofs/jfnD9m8b8lf8zif2v+mMX/tvwxi//t+WMW/zvyxyz+d+aPWfzvyh+z+N+dP2bxvyd/zOJ/b/6Yxf++/DGL//35Yxb/B/LHLP4P5o9Z/B/KH7P4P5w/ZvF/JH/M4v9o/pjF/7H8MYv/4/ljFv8n8scs/k/mj1n8n8ofs/g/nT9m8X8mf8zi/2z+mMX/ufwxi//z+WMW/xfyxyz+L+aPWfxfyh+z+L+cP2bxfyV/zOL/av6Yxf+1/DGL/+v5Yxb/N/LHLP5v5o9Z/N/KH7P4v50/ZvF/J3/M4v9u/pjEf/BA/pjFf1D+mMV/pPwxi//I+WMW/1Hyxyz+g/PHLP6j5o9Z/EfLH7P4j54/ZvEfI3/M4j9m/pjFf6z8MYv/2PljFv9x8scs/uPmj1n8x8sfs/iPnz9m8Z8gf8ziP2H+mMV/ovwxi//E+WMW/4/lj1n8J8kfs/h/PH/M4j9p/pjF/xP5Yxb/yfLHLP6fzB+z+H8qf8ziP3n+mMX/0/ljFv/P5I9Z/KfIH7P4fzZ/zOL/ufwxi//n88cs/lPmj1n8v5A/ZvH/Yv6Yxf9L+WMW/6nyxyz+X84fs/h/JX/M4v/V/DGL/9fyxyz+X88fs/h/I3/M4j91/pjFf5r8MYv/tPljFv/p8scs/tPnj1n8Z8gfs/h/M3/M4j9j/pjFf6b8MYv/zPljFv9Z8scs/t/KH7P4z5o/ZvH/dv6YxX+2/DGL/3fyxyz+380fs/jPnj9m8Z8jf8ziP2f+mMV/rvwxi//38scs/nPnj1n858kfs/jPmz9m8f9+/pjFf778MYv/D/LHLP7z549Z/BfIH7P4L5g/ZvFfKH/M4v/D/DGL/8L5Yxb/RfLHLP6L5o9Z/BfLH7P4L54/ZvFfIn/M4v+j/DGL/4/zxyz+S+aPWfyXyh+z+P8kf8zi/9P8MYv/0vljFv9l8scs/svmj1n8f5Y/ZvFfLn/M4r98/pjF/+f5Yxb/FfLHLP4r5o9Z/FfKH7P4r5w/ZvFfJX/M4r9q/pjFf7X8MYv/L/LHLP6r549Z/NfIH7P4r5k/ZvFfK3/M4r92/pjFf538MYv/uvljFv/18scs/uvnj1n8N8gfs/j/Mn/M4v+r/DGL/4b5Yxb/jfLHLP4b549Z/DfJH7P4/zp/zOL/m/wxi/+m+WMW/83yxyz+m+ePWfy3yB+z+G+ZP2bx/23+mMV/q/wxi//v8scs/lvnj1n8f58/ZvHfJn/M4r9t/pjFf7v8MYv/9vljFv8/5I9Z/P+YP2bx3yF/zOL/p/wxi/+f88cs/jvmj1n8d8ofs/j/JX/M4r9z/pjFf5f8MYv/rvljFv+/5o9Z/P+WP2bx3y1/zOK/e/6YxX+P/DGL/575Yxb/vfLHLP57549Z/PfJH7P475s/ZvHfL3/M4r9//pjF/4D8MYv/gfljFv+D8scs/gfnj1n8D8kfs/gfmj9m8T8sf8zif3j+mMX/iPwxi/+R+WMW/6Pyxyz+R+ePWfyPyR+z+B+bP2bxPy5/zOJ/fP6Yxf+E/DGL/4n5Yxb/k/LHLP4n549Z/E/JH7P4n5o/ZvE/LX/M4n96/pjF/4z8MYv/mfljFv+z8scs/mfnj1n8z8kfs/ifmz9m8T8vf8zif37+mMX/gvwxi/+F+WMW/4vyxyz+F+ePWfwvyR+z+F+aP2bxvyx/zOJ/ef6Yxf+K/DGL/5X5Yxb/q/LHLP5X549Z/K/JH7P4X5s/ZvG/Ln/M4n99/pjF/4b8MYv/jfljFv+b8scs/jfnj1n8b8kfs/jfmj9m8b8tf8zif3v+mMX/jvwxi/+d+WMW/7vyxyz+d+ePWfzvyR+z+N+bP2bxvy9/zOJ/f/6Yxf+B/DGL/4P5Yxb/h/LHLP4P549Z/B/JH7P4P5o/ZvF/LH/M4v94/pjF/4n8MYv/k/ljFv+n8scs/k/nj1n8n8kfs/g/mz9m8X8uf8zi/3z+mMX/hfwxi/+L+WMW/5fyxyz+L+ePWfxfyR+z+L+aP2bxfy1/zOL/ev6Yxf+N/DGL/5v5Yxb/t/LHLP5v549Z/N/JH7P4v5s/JvEfdSB/zOI/KH/M4j9S/pjFf+T8MYv/KPljFv/B+WMW/1Hzxyz+o+WPWfxHzx+z+I+RP2bxHzN/zOI/Vv6YxX/s/DGL/zj5Yxb/cfPHLP7j5Y9Z/MfPH7P4T5A/ZvGfMH/M4j9R/pjFf+L8MYv/x/LHLP6T5I9Z/D+eP2bxnzR/zOL/ifwxi/9k+WMW/0/mj1n8P5U/ZvGfPH/M4v/p/DGL/2fyxyz+U+SPWfw/mz9m8f9c/pjF//P5Yxb/KfPHLP5fyB+z+H8xf8zi/6X8MYv/VPljFv8v549Z/L+SP2bx/2r+mMX/a/ljFv+v549Z/L+RP2bxnzp/zOI/Tf6YxX/a/DGL/3T5Yxb/6fPHLP4z5I9Z/L+ZP2bxnzF/zOI/U/6YxX/m/DGL/yz5Yxb/b+WPWfxnzR+z+H87f8ziP1v+mMX/O/ljFv/v5o9Z/GfPH7P4z5E/ZvGfM3/M4j9X/pjF/3v5Yxb/ufPHLP7z5I9Z/OfNH7P4fz9/zOI/X/6Yxf8H+WMW//nzxyz+C+SPWfwXzB+z+C+UP2bx/2H+mMV/4fwxi/8i+WMW/0Xzxyz+i+WPWfwXzx+z+C+RP2bx/1H+mMX/x/ljFv8l88cs/kvlj1n8f5I/ZvH/af6YxX/p/DGL/zL5Yxb/ZfPHLP4/yx+z+C+XP2bxXz5/zOL/8/wxi/8K+WMW/xXzxyz+K+WPWfxXzh+z+K+SP2bxXzV/zOK/Wv6Yxf8X+WMW/9Xzxyz+a+SPWfzXzB+z+K+VP2bxXzt/zOK/Tv6YxX/d/DGL/3r5Yxb/9fPHLP4b5I9Z/H+ZP2bx/1X+mMV/w/wxi/9G+WMW/43zxyz+m+SPWfx/nT9m8f9N/pjFf9P8MYv/ZvljFv/N88cs/lvkj1n8t8wfs/j/Nn/M4r9V/pjF/3f5Yxb/rfPHLP6/zx+z+G+TP2bx3zZ/zOK/Xf6YxX/7/DGL/x/yxyz+f8wfs/jvkD9m8f9T/pjF/8/5Yxb/HfPHLP475Y9Z/P+SP2bx3zl/zOK/S/6YxX/X/DGL/1/zxyz+f8sfs/jvlj9m8d89f8ziv0f+mMV/z/wxi/9e+WMW/73zxyz+++SPWfz3zR+z+O+XP2bx3z9/zOJ/QP6Yxf/A/DGL/0H5Yxb/g/PHLP6H5I9Z/A/NH7P4H5Y/ZvE/PH/M4n9E/pjF/8j8MYv/UfljFv+j88cs/sfkj1n8j80fs/gflz9m8T8+f8zif0L+mMX/xPwxi/9J+WMW/5Pzxyz+p+SPWfxPzR+z+J+WP2bxPz1/zOJ/Rv6Yxf/M/DGL/1n5Yxb/s/PHLP7n5I9Z/M/NH7P4n5c/ZvE/P3/M4n9B/pjF/8L8MYv/RfljFv+L88cs/pfkj1n8L80fs/hflj9m8b88f8zif0X+mMX/yvwxi/9V+WMW/6vzxyz+1+SPWfyvzR+z+F+XP2bxvz5/zOJ/Q/6Yxf/G/DGL/035Yxb/m/PHLP635I9Z/G/NH7P435Y/ZvG/PX/M4n9H/pjF/878MYv/XfljFv+788cs/vfkj1n8780fs/jflz9m8b8/f8zi/0D+mMX/wfwxi/9D+WMW/4fzxyz+j+SPWfwfzR+z+D+WP2bxfzx/zOL/RP6Yxf/J/DGL/1P5Yxb/p/PHLP7P5I9Z/J/NH7P4P5c/ZvF/Pn/M4v9C/pjF/8X8MYv/S/ljFv+X88cs/q/kj1n8X80fs/i/lj9m8X89f8zi/0b+mMX/zfwxi/9b+WMW/7fzxyz+7+SPWfzfzR+T+I82kD9m8R+UP2bxHyl/zOI/cv6YxX+U/DGL/+D8MYv/qPljFv/R8scs/qPnj1n8x8gfs/iPmT9m8R8rf8ziP3b+mMV/nPwxi/+4+WMW//Hyxyz+4+ePWfwnyB+z+E+YP2bxnyh/zOI/cf6Yxf9j+WMW/0nyxyz+H88fs/hPmj9m8f9E/pjFf7L8MYv/J/PHLP6fyh+z+E+eP2bx/3T+mMX/M/ljFv8p8scs/p/NH7P4fy5/zOL/+fwxi/+U+WMW/y/kj1n8v5g/ZvH/Uv6YxX+q/DGL/5fzxyz+X8kfs/h/NX/M4v+1/DGL/9fzxyz+38gfs/hPnT9m8Z8mf8ziP23+mMV/uvwxi//0+WMW/xnyxyz+38wfs/jPmD9m8Z8pf8ziP3P+mMV/lvwxi/+38scs/rPmj1n8v50/ZvGfLX/M4v+d/DGL/3fzxyz+s+ePWfznyB+z+M+ZP2bxnyt/zOL/vfwxi//c+WMW/3nyxyz+8+aPWfy/nz9m8Z8vf8zi/4P8MYv//PljFv8F8scs/gvmj1n8F8ofs/j/MH/M4r9w/pjFf5H8MYv/ovljFv/F8scs/ovnj1n8l8gfs/j/KH/M4v/j/DGL/5L5Yxb/pfLHLP4/yR+z+P80f8ziv3T+mMV/mfwxi/+y+WMW/5/lj1n8l8sfs/gvnz9m8f95/pjFf4X8MYv/ivljFv+V8scs/ivnj1n8V8kfs/ivmj9m8V8tf8zi/4v8MYv/6vljFv818scs/mvmj1n818ofs/ivnT9m8V8nf8ziv27+mMV/vfwxi//6+WMW/w3yxyz+v8wfs/j/Kn/M4r9h/pjFf6P8MYv/xvljFv9N8scs/r/OH7P4/yZ/zOK/af6YxX+z/DGL/+b5Yxb/LfLHLP5b5o9Z/H+bP2bx3yp/zOL/u/wxi//W+WMW/9/nj1n8t8kfs/hvmz9m8d8uf8ziv33+mMX/D/ljFv8/5o9Z/HfIH7P4/yl/zOL/5/wxi/+O+WMW/53yxyz+f8kfs/jvnD9m8d8lf8ziv2v+mMX/r/ljFv+/5Y9Z/HfLH7P4754/ZvHfI3/M4r9n/pjFf6/8MYv/3vljFv998scs/vvmj1n898sfs/jvnz9m8T8gf8zif2D+mMX/oPwxi//B+WMW/0Pyxyz+h+aPWfwPyx+z+B+eP2bxPyJ/zOJ/ZP6Yxf+o/DGL/9H5Yxb/Y/LHLP7H5o9Z/I/LH7P4H58/ZvE/IX/M4n9i/pjF/6T8MYv/yfljFv9T8scs/qfmj1n8T8sfs/ifnj9m8T8jf8zif2b+mMX/rPwxi//Z+WMW/3Pyxyz+5+aPWfzPyx+z+J+fP2bxvyB/zOJ/Yf6Yxf+i/DGL/8X5Yxb/S/LHLP6X5o9Z/C/LH7P4X54/ZvG/In/M4n9l/pjF/6r8MYv/1fljFv9r8scs/tfmj1n8r8sfs/hfnz9m8b8hf8zif2P+mMX/pvwxi//N+WMW/1vyxyz+t+aPWfxvyx+z+N+eP2bxvyN/zOJ/Z/6Yxf+u/DGL/935Yxb/e/LHLP735o9Z/O/LH7P4358/ZvF/IH/M4v9g/pjF/6H8MYv/w/ljFv9H8scs/o/mj1n8H8sfs/g/nj9m8X8if8zi/2T+mMX/qfwxi//T+WMW/2fyxyz+z+aPWfyfyx+z+D+fP2bxfyF/zOL/Yv6Yxf+l/DGL/8v5Yxb/V/LHLP6v5o9Z/F/LH7P4v54/ZvF/I3/M4v9m/pjF/638MYv/2/ljFv938scs/u/mj0n8Rx/IH7P4D8ofs/iPlD9m8R85f8ziP0r+mMV/cP6YxX/U/DGL/2j5Yxb/0fPHLP5j5I9Z/MfMH7P4j5U/ZvEfO3/M4j9O/pjFf9z8MYv/ePljFv/x88cs/hPkj1n8J8wfs/hPlD9m8Z84f8zi/7H8MYv/JPljFv+P549Z/CfNH7P4fyJ/zOI/Wf6Yxf+T+WMW/0/lj1n8J88fs/h/On/M4v+Z/DGL/xT5Yxb/z+aPWfw/lz9m8f98/pjFf8r8MYv/F/LHLP5fzB+z+H8pf8ziP1X+mMX/y/ljFv+v5I9Z/L+aP2bx/1r+mMX/6/ljFv9v5I9Z/KfOH7P4T5M/ZvGfNn/M4j9d/pjFf/r8MYv/DPljFv9v5o9Z/GfMH7P4z5Q/ZvGfOX/M4j9L/pjF/1v5Yxb/WfPHLP7fzh+z+M+WP2bx/07+mMX/u/ljFv/Z88cs/nPkj1n858wfs/jPlT9m8f9e/pjFf+78MYv/PPljFv9588cs/t/PH7P4z5c/ZvH/Qf6YxX/+/DGL/wL5Yxb/BfPHLP4L5Y9Z/H+YP2bxXzh/zOK/SP6YxX/R/DGL/2L5Yxb/xfPHLP5L5I9Z/H+UP2bx/3H+mMV/yfwxi/9S+WMW/5/kj1n8f5o/ZvFfOn/M4r9M/pjFf9n8MYv/z/LHLP7L5Y9Z/JfPH7P4/zx/zOK/Qv6YxX/F/DGL/0r5Yxb/lfPHLP6r5I9Z/FfNH7P4r5Y/ZvH/Rf6YxX/1/DGL/xr5Yxb/NfPHLP5r5Y9Z/NfOH7P4r5M/ZvFfN3/M4r9e/pjFf/38MYv/BvljFv9f5o9Z/H+VP2bx3zB/zOK/Uf6YxX/j/DGL/yb5Yxb/X+ePWfx/kz9m8d80f8ziv1n+mMV/8/wxi/8W+WMW/y3zxyz+v80fs/hvlT9m8f9d/pjFf+v8MYv/7/PHLP7b5I9Z/LfNH7P4b5c/ZvHfPn/M4v+H/DGL/x/zxyz+O+SPWfz/lD9m8f9z/pjFf8f8MYv/TvljFv+/5I9Z/HfOH7P475I/ZvHfNX/M4v/X/DGL/9/yxyz+u+WPWfx3zx+z+O+RP2bx3zN/zOK/V/6YxX/v/DGL/z75Yxb/ffPHLP775Y9Z/PfPH7P4H5A/ZvE/MH/M4n9Q/pjF/+D8MYv/IfljFv9D88cs/oflj1n8D88fs/gfkT9m8T8yf8zif1T+mMX/6Pwxi/8x+WMW/2Pzxyz+x+WPWfyPzx+z+J+QP2bxPzF/zOJ/Uv6Yxf/k/DGL/yn5Yxb/U/PHLP6n5Y9Z/E/PH7P4n5E/ZvE/M3/M4n9W/pjF/+z8MYv/OfljFv9z88cs/uflj1n8z88fs/hfkD9m8b8wf8zif1H+mMX/4vwxi/8l+WMW/0vzxyz+l+WPWfwvzx+z+F+RP2bxvzJ/zOJ/Vf6Yxf/q/DGL/zX5Yxb/a/PHLP7X5Y9Z/K/PH7P435A/ZvG/MX/M4n9T/pjF/+b8MYv/LfljFv9b88cs/rflj1n8b88fs/jfkT9m8b8zf8zif1f+mMX/7vwxi/89+WMW/3vzxyz+9+WPWfzvzx+z+D+QP2bxfzB/zOL/UP6Yxf/h/DGL/yP5Yxb/R/PHLP6P5Y9Z/B/PH7P4P5E/ZvF/Mn/M4v9U/pjF/+n8MYv/M/ljFv9n88cs/s/lj1n8n88fs/i/kD9m8X8xf8zi/1L+mMX/5fwxi/8r+WMW/1fzxyz+r+WPWfxfzx+z+L+RP2bxfzN/zOL/Vv6Yxf/t/DGL/zv5Yxb/d/PHJP5jDOSPWfwH5Y9Z/EfKH7P4j5w/ZvEfJX/M4j84f8ziP2r+mMV/tPwxi//o+WMW/zHyxyz+Y+aPWfzHyh+z+I+dP2bxHyd/zOI/bv6YxX+8/DGL//j5Yxb/CfLHLP4T5o9Z/CfKH7P4T5w/ZvH/WP6YxX+S/DGL/8fzxyz+k+aPWfw/kT9m8Z8sf8zi/8n8MYv/p/LHLP6T549Z/D+dP2bx/0z+mMV/ivwxi/9n88cs/p/LH7P4fz5/zOI/Zf6Yxf8L+WMW/y/mj1n8v5Q/ZvGfKn/M4v/l/DGL/1fyxyz+X80fs/h/LX/M4v/1/DGL/zfyxyz+U+ePWfynyR+z+E+bP2bxny5/zOI/ff6YxX+G/DGL/zfzxyz+M+aPWfxnyh+z+M+cP2bxnyV/zOL/rfwxi/+s+WMW/2/nj1n8Z8sfs/h/J3/M4v/d/DGL/+z5Yxb/OfLHLP5z5o9Z/OfKH7P4fy9/zOI/d/6YxX+e/DGL/7z5Yxb/7+ePWfznyx+z+P8gf8ziP3/+mMV/gfwxi/+C+WMW/4Xyxyz+P8wfs/gvnD9m8V8kf8ziv2j+mMV/sfwxi//i+WMW/yXyxyz+P8ofs/j/OH/M4r9k/pjFf6n8MYv/T/LHLP4/zR+z+C+dP2bxXyZ/zOK/bP6Yxf9n+WMW/+Xyxyz+y+ePWfx/nj9m8V8hf8ziv2L+mMV/pfwxi//K+WMW/1Xyxyz+q+aPWfxXyx+z+P8if8ziv3r+mMV/jfwxi/+a+WMW/7Xyxyz+a+ePWfzXyR+z+K+bP2bxXy9/zOK/fv6YxX+D/DGL/y/zxyz+v8ofs/hvmD9m8d8of8ziv3H+mMV/k/wxi/+v88cs/r/JH7P4b5o/ZvHfLH/M4r95/pjFf4v8MYv/lvljFv/f5o9Z/LfKH7P4/y5/zOK/df6Yxf/3+WMW/23yxyz+2+aPWfy3yx+z+G+fP2bx/0P+mMX/j/ljFv8d8scs/n/KH7P4/zl/zOK/Y/6YxX+n/DGL/1/yxyz+O+ePWfx3yR+z+O+aP2bx/2v+mMX/b/ljFv/d8scs/rvnj1n898gfs/jvmT9m8d8rf8ziv3f+mMV/n/wxi/+++WMW//3yxyz+++ePWfwPyB+z+B+YP2bxPyh/zOJ/cP6Yxf+Q/DGL/6H5Yxb/w/LHLP6H549Z/I/IH7P4H5k/ZvE/Kn/M4n90/pjF/5j8MYv/sfljFv/j8scs/sfnj1n8T8gfs/ifmD9m8T8pf8zif3L+mMX/lPwxi/+p+WMW/9Pyxyz+p+ePWfzPyB+z+J+ZP2bxPyt/zOJ/dv6Yxf+c/DGL/7n5Yxb/8/LHLP7n549Z/C/IH7P4X5g/ZvG/KH/M4n9x/pjF/5L8MYv/pfljFv/L8scs/pfnj1n8r8gfs/hfmT9m8b8qf8zif3X+mMX/mvwxi/+1+WMW/+vyxyz+1+ePWfxvyB+z+N+YP2bxvyl/zOJ/c/6Yxf+W/DGL/635Yxb/2/LHLP63549Z/O/IH7P435k/ZvG/K3/M4n93/pjF/578MYv/vfljFv/78scs/vfnj1n8H8gfs/g/mD9m8X8of8zi/3D+mMX/kfwxi/+j+WMW/8fyxyz+j+ePWfyfyB+z+D+ZP2bxfyp/zOL/dP6Yxf+Z/DGL/7P5Yxb/5/LHLP7P549Z/F/IH7P4v5g/ZvF/KX/M4v9y/pjF/5X8MYv/q/ljFv/X8scs/q/nj1n838gfs/i/mT9m8X8rf8zi/3b+mMX/nfwxi/+7+WMS/zEH8scs/oPyxyz+I+WPWfxHzh+z+I+SP2bxH5w/ZvEfNX/M4j9a/pjFf/T8MYv/GPljFv8x88cs/mPlj1n8x84fs/iPkz9m8R83f8ziP17+mMV//Pwxi/8E+WMW/wnzxyz+E+WPWfwnzh+z+H8sf8ziP0n+mMX/4/ljFv9J88cs/p/IH7P4T5Y/ZvH/ZP6Yxf9T+WMW/8nzxyz+n84fs/h/Jn/M4j9F/pjF/7P5Yxb/z+WPWfw/nz9m8Z8yf8zi/4X8MYv/F/PHLP5fyh+z+E+VP2bx/3L+mMX/K/ljFv+v5o9Z/L+WP2bx/3r+mMX/G/ljFv+p88cs/tPkj1n8p80fs/hPlz9m8Z8+f8ziP0P+mMX/m/ljFv8Z88cs/jPlj1n8Z84fs/jPkj9m8f9W/pjFf9b8MYv/t/PHLP6z5Y9Z/L+TP2bx/27+mMV/9vwxi/8c+WMW/znzxyz+c+WPWfy/lz9m8Z87f8ziP0/+mMV/3vwxi//388cs/vPlj1n8f5A/ZvGfP3/M4r9A/pjFf8H8MYv/QvljFv8f5o9Z/BfOH7P4L5I/ZvFfNH/M4r9Y/pjFf/H8MYv/EvljFv8f5Y9Z/H+cP2bxXzJ/zOK/VP6Yxf8n+WMW/5/mj1n8l84fs/gvkz9m8V82f8zi/7P8MYv/cvljFv/l88cs/j/PH7P4r5A/ZvFfMX/M4r9S/pjFf+X8MYv/KvljFv9V88cs/qvlj1n8f5E/ZvFfPX/M4r9G/pjFf838MYv/WvljFv+188cs/uvkj1n8180fs/ivlz9m8V8/f8ziv0H+mMX/l/ljFv9f5Y9Z/DfMH7P4b5Q/ZvHfOH/M4r9J/pjF/9f5Yxb/3+SPWfw3zR+z+G+WP2bx3zx/zOK/Rf6YxX/L/DGL/2/zxyz+W+WPWfx/lz9m8d86f8zi//v8MYv/NvljFv9t88cs/tvlj1n8t88fs/j/IX/M4v/H/DGL/w75Yxb/P+WPWfz/nD9m8d8xf8ziv1P+mMX/L/ljFv+d88cs/rvkj1n8d80fs/j/NX/M4v+3/DGL/275Yxb/3fPHLP575I9Z/PfMH7P475U/ZvHfO3/M4r9P/pjFf9/8MYv/fvljFv/988cs/gfkj1n8D8wfs/gflD9m8T84f8zif0j+mMX/0Pwxi/9h+WMW/8Pzxyz+R+SPWfyPzB+z+B+VP2bxPzp/zOJ/TP6Yxf/Y/DGL/3H5Yxb/4/PHLP4n5I9Z/E/MH7P4n5Q/ZvE/OX/M4n9K/pjF/9T8MYv/afljFv/T88cs/mfkj1n8z8wfs/iflT9m8T87f8zif07+mMX/3Pwxi/95+WMW//Pzxyz+F+SPWfwvzB+z+F+UP2bxvzh/zOJ/Sf6Yxf/S/DGL/2X5Yxb/y/PHLP5X5I9Z/K/MH7P4X5U/ZvG/On/M4n9N/pjF/9r8MYv/dfljFv/r88cs/jfkj1n8b8wfs/jflD9m8b85f8zif0v+mMX/1vwxi/9t+WMW/9vzxyz+d+SPWfzvzB+z+N+VP2bxvzt/zOJ/T/6Yxf/e/DGL/335Yxb/+/PHLP4P5I9Z/B/MH7P4P5Q/ZvF/OH/M4v9I/pjF/9H8MYv/Y/ljFv/H88cs/k/kj1n8n8wfs/g/lT9m8X86f8zi/0z+mMX/2fwxi/9z+WMW/+fzxyz+L+SPWfxfzB+z+L+UP2bxfzl/zOL/Sv6Yxf/V/DGL/2v5Yxb/1/PHLP5v5I9Z/N/MH7P4v5U/ZvF/O3/M4v9O/pjF/938MYn/WAP5Yxb/QfljFv+R8scs/iPnj1n8R8kfs/gPzh+z+I+aP2bxHy1/zOI/ev6YxX+M/DGL/5j5Yxb/sfLHLP5j549Z/MfJH7P4j5s/ZvEfL3/M4j9+/pjFf4L8MYv/hPljFv+J8scs/hPnj1n8P5Y/ZvGfJH/M4v/x/DGL/6T5Yxb/T+SPWfwnyx+z+H8yf8zi/6n8MYv/5PljFv9P549Z/D+TP2bxnyJ/zOL/2fwxi//n8scs/p/PH7P4T5k/ZvH/Qv6Yxf+L+WMW/y/lj1n8p8ofs/h/OX/M4v+V/DGL/1fzxyz+X8sfs/h/PX/M4v+N/DGL/9T5Yxb/afLHLP7T5o9Z/KfLH7P4T58/ZvGfIX/M4v/N/DGL/4z5Yxb/mfLHLP4z549Z/GfJH7P4fyt/zOI/a/6Yxf/b+WMW/9nyxyz+38kfs/h/N3/M4j97/pjFf478MYv/nPljFv+58scs/t/LH7P4z50/ZvGfJ3/M4j9v/pjF//v5Yxb/+fLHLP4/yB+z+M+fP2bxXyB/zOK/YP6YxX+h/DGL/w/zxyz+C+ePWfwXyR+z+C+aP2bxXyx/zOK/eP6YxX+J/DGL/4/yxyz+P84fs/gvmT9m8V8qf8zi/5P8MYv/T/PHLP5L549Z/JfJH7P4L5s/ZvH/Wf6YxX+5/DGL//L5Yxb/n+ePWfxXyB+z+K+YP2bxXyl/zOK/cv6YxX+V/DGL/6r5Yxb/1fLHLP6/yB+z+K+eP2bxXyN/zOK/Zv6YxX+t/DGL/9r5Yxb/dfLHLP7r5o9Z/NfLH7P4r58/ZvHfIH/M4v/L/DGL/6/yxyz+G+aPWfw3yh+z+G+cP2bx3yR/zOL/6/wxi/9v8scs/pvmj1n8N8sfs/hvnj9m8d8if8ziv2X+mMX/t/ljFv+t8scs/r/LH7P4b50/ZvH/ff6YxX+b/DGL/7b5Yxb/7fLHLP7b549Z/P+QP2bx/2P+mMV/h/wxi/+f8scs/n/OH7P475g/ZvHfKX/M4v+X/DGL/875Yxb/XfLHLP675o9Z/P+aP2bx/1v+mMV/t/wxi//u+WMW/z3yxyz+e+aPWfz3yh+z+O+dP2bx3yd/zOK/b/6YxX+//DGL//75Yxb/A/LHLP4H5o9Z/A/KH7P4H5w/ZvE/JH/M4n9o/pjF/7D8MYv/4fljFv8j8scs/kfmj1n8j8ofs/gfnT9m8T8mf8zif2z+mMX/uPwxi//x+WMW/xPyxyz+J+aPWfxPyh+z+J+cP2bxPyV/zOJ/av6Yxf+0/DGL/+n5Yxb/M/LHLP5n5o9Z/M/KH7P4n50/ZvE/J3/M4n9u/pjF/7z8MYv/+fljFv8L8scs/hfmj1n8L8ofs/hfnD9m8b8kf8zif2n+mMX/svwxi//l+WMW/yvyxyz+V+aPWfyvyh+z+F+dP2bxvyZ/zOJ/bf6Yxf+6/DGL//X5Yxb/G/LHLP435o9Z/G/KH7P435w/ZvG/JX/M4n9r/pjF/7b8MYv/7fljFv878scs/nfmj1n878ofs/jfnT9m8b8nf8zif2/+mMX/vvwxi//9+WMW/wfyxyz+D+aPWfwfyh+z+D+cP2bxfyR/zOL/aP6Yxf+x/DGL/+P5Yxb/J/LHLP5P5o9Z/J/KH7P4P50/ZvF/Jn/M4v9s/pjF/7n8MYv/8/ljFv8X8scs/i/mj1n8X8ofs/i/nD9m8X8lf8zi/2r+mMX/tfwxi//r+WMW/zfyxyz+b+aPWfzfyh+z+L+dP2bxfyd/zOL/bv6YxH/sgfwxi/+g/DGL/0j5Yxb/kfPHLP6j5I9Z/Afnj1n8R80fs/iPlj9m8R89f8ziP0b+mMV/zPwxi/9Y+WMW/7Hzxyz+4+SPWfzHzR+z+I+XP2bxHz9/zOI/Qf6YxX/C/DGL/0T5Yxb/ifPHLP4fyx+z+E+SP2bx/3j+mMV/0vwxi/8n8scs/pPlj1n8P5k/ZvH/VP6YxX/y/DGL/6fzxyz+n8kfs/hPkT9m8f9s/pjF/3P5Yxb/z+ePWfynzB+z+H8hf8zi/8X8MYv/l/LHLP5T5Y9Z/L+cP2bx/0r+mMX/q/ljFv+v5Y9Z/L+eP2bx/0b+mMV/6vwxi/80+WMW/2nzxyz+0+WPWfynzx+z+M+QP2bx/2b+mMV/xvwxi/9M+WMW/5nzxyz+s+SPWfy/lT9m8Z81f8zi/+38MYv/bPljFv/v5I9Z/L+bP2bxnz1/zOI/R/6YxX/O/DGL/1z5Yxb/7+WPWfznzh+z+M+TP2bxnzd/zOL//fwxi/98+WMW/x/kj1n8588fs/gvkD9m8V8wf8ziv1D+mMX/h/ljFv+F88cs/ovkj1n8F80fs/gvlj9m8V88f8ziv0T+mMX/R/ljFv8f549Z/JfMH7P4L5U/ZvH/Sf6Yxf+n+WMW/6Xzxyz+y+SPWfyXzR+z+P8sf8ziv1z+mMV/+fwxi//P88cs/ivkj1n8V8wfs/ivlD9m8V85f8ziv0r+mMV/1fwxi/9q+WMW/1/kj1n8V88fs/ivkT9m8V8zf8ziv1b+mMV/7fwxi/86+WMW/3Xzxyz+6+WPWfzXzx+z+G+QP2bx/2X+mMX/V/ljFv8N88cs/hvlj1n8N84fs/hvkj9m8f91/pjF/zf5Yxb/TfPHLP6b5Y9Z/DfPH7P4b5E/ZvHfMn/M4v/b/DGL/1b5Yxb/3+WPWfy3zh+z+P8+f8ziv03+mMV/2/wxi/92+WMW/+3zxyz+f8gfs/j/MX/M4r9D/pjF/0/5Yxb/P+ePWfx3zB+z+O+UP2bx/0v+mMV/5/wxi/8u+WMW/13zxyz+f80fs/j/LX/M4r9b/pjFf/f8MYv/HvljFv8988cs/nvlj1n8984fs/jvkz9m8d83f8ziv1/+mMV///wxi/8B+WMW/wPzxyz+B+WPWfwPzh+z+B+SP2bxPzR/zOJ/WP6Yxf/w/DGL/xH5Yxb/I/PHLP5H5Y9Z/I/OH7P4H5M/ZvE/Nn/M4n9c/pjF//j8MYv/CfljFv8T88cs/iflj1n8T84fs/ifkj9m8T81f8zif1r+mMX/9Pwxi/8Z+WMW/zPzxyz+Z+WPWfzPzh+z+J+TP2bxPzd/zOJ/Xv6Yxf/8/DGL/wX5Yxb/C/PHLP4X5Y9Z/C/OH7P4X5I/ZvG/NH/M4n9Z/pjF//L8MYv/FfljFv8r88cs/lflj1n8r84fs/hfkz9m8b82f8zif13+mMX/+vwxi/8N+WMW/xvzxyz+N+WPWfxvzh+z+N+SP2bxvzV/zOJ/W/6Yxf/2/DGL/x35Yxb/O/PHLP535Y9Z/O/OH7P435M/ZvG/N3/M4n9f/pjF//78MYv/A/ljFv8H88cs/g/lj1n8H84fs/g/kj9m8X80f8zi/1j+mMX/8fwxi/8T+WMW/yfzxyz+T+WPWfyfzh+z+D+TP2bxfzZ/zOL/XP6Yxf/5/DGL/wv5Yxb/F/PHLP4v5Y9Z/F/OH7P4v5I/ZvF/NX/M4v9a/pjF//X8MYv/G/ljFv8388cs/m/lj1n8384fs/i/kz9m8X83f0ziP85A/pjFf1D+mMV/pPwxi//I+WMW/1Hyxyz+g/PHLP6j5o9Z/EfLH7P4j54/ZvEfI3/M4j9m/pjFf6z8MYv/2PljFv9x8scs/uPmj1n8x8sfs/iPnz9m8Z8gf8ziP2H+mMV/ovwxi//E+WMW/4/lj1n8J8kfs/h/PH/M4j9p/pjF/xP5Yxb/yfLHLP6fzB+z+H8qf8ziP3n+mMX/0/ljFv/P5I9Z/KfIH7P4fzZ/zOL/ufwxi//n88cs/lPmj1n8v5A/ZvH/Yv6Yxf9L+WMW/6nyxyz+X84fs/h/JX/M4v/V/DGL/9fyxyz+X88fs/h/I3/M4j91/pjFf5r8MYv/tPljFv/p8scs/tPnj1n8Z8gfs/h/M3/M4j9j/pjFf6b8MYv/zPljFv9Z8scs/t/KH7P4z5o/ZvH/dv6YxX+2/DGL/3fyxyz+380fs/jPnj9m8Z8jf8ziP2f+mMV/rvwxi//38scs/nPnj1n858kfs/jPmz9m8f9+/pjFf778MYv/D/LHLP7z549Z/BfIH7P4L5g/ZvFfKH/M4v/D/DGL/8L5Yxb/RfLHLP6L5o9Z/BfLH7P4L54/ZvFfIn/M4v+j/DGL/4/zxyz+S+aPWfyXyh+z+P8kf8zi/9P8MYv/0vljFv9l8scs/svmj1n8f5Y/ZvFfLn/M4r98/pjF/+f5Yxb/FfLHLP4r5o9Z/FfKH7P4r5w/ZvFfJX/M4r9q/pjFf7X8MYv/L/LHLP6r549Z/NfIH7P4r5k/ZvFfK3/M4r92/pjFf538MYv/uvljFv/18scs/uvnj1n8N8gfs/j/Mn/M4v+r/DGL/4b5Yxb/jfLHLP4b549Z/DfJH7P4/zp/zOL/m/wxi/+m+WMW/83yxyz+m+ePWfy3yB+z+G+ZP2bx/23+mMV/q/wxi//v8scs/lvnj1n8f58/ZvHfJn/M4r9t/pjFf7v8MYv/9vljFv8/5I9Z/P+YP2bx3yF/zOL/p/wxi/+f88cs/jvmj1n8d8ofs/j/JX/M4r9z/pjFf5f8MYv/rvljFv+/5o9Z/P+WP2bx3y1/zOK/e/6YxX+P/DGL/575Yxb/vfLHLP57549Z/PfJH7P475s/ZvHfL3/M4r9//pjF/4D8MYv/gfljFv+D8scs/gfnj1n8D8kfs/gfmj9m8T8sf8zif3j+mMX/iPwxi/+R+WMW/6Pyxyz+R+ePWfyPyR+z+B+bP2bxPy5/zOJ/fP6Yxf+E/DGL/4n5Yxb/k/LHLP4n549Z/E/JH7P4n5o/ZvE/LX/M4n96/pjF/4z8MYv/mfljFv+z8scs/mfnj1n8z8kfs/ifmz9m8T8vf8zif37+mMX/gvwxi/+F+WMW/4vyxyz+F+ePWfwvyR+z+F+aP2bxvyx/zOJ/ef6Yxf+K/DGL/5X5Yxb/q/LHLP5X549Z/K/JH7P4X5s/ZvG/Ln/M4n99/pjF/4b8MYv/jfljFv+b8scs/jfnj1n8b8kfs/jfmj9m8b8tf8zif3v+mMX/jvwxi/+d+WMW/7vyxyz+d+ePWfzvyR+z+N+bP2bxvy9/zOJ/f/6Yxf+B/DGL/4P5Yxb/h/LHLP4P549Z/B/JH7P4P5o/ZvF/LH/M4v94/pjF/4n8MYv/k/ljFv+n8scs/k/nj1n8n8kfs/g/mz9m8X8uf8zi/3z+mMX/hfwxi/+L+WMW/5fyxyz+L+ePWfxfyR+z+L+aP2bxfy1/zOL/ev6Yxf+N/DGL/5v5Yxb/t/LHLP5v549Z/N/JH7P4v5s/JvEfdyB/zOI/KH/M4j9S/pjFf+T8MYv/KPljFv/B+WMW/1Hzxyz+o+WPWfxHzx+z+I+RP2bxHzN/zOI/Vv6YxX/s/DGL/zj5Yxb/cfPHLP7j5Y9Z/MfPH7P4T5A/ZvGfMH/M4j9R/pjFf+L8MYv/x/LHLP6T5I9Z/D+eP2bxnzR/zOL/ifwxi/9k+WMW/0/mj1n8P5U/ZvGfPH/M4v/p/DGL/2fyxyz+U+SPWfw/mz9m8f9c/pjF//P5Yxb/KfPHLP5fyB+z+H8xf8zi/6X8MYv/VPljFv8v549Z/L+SP2bx/2r+mMX/a/ljFv+v549Z/L+RP2bxnzp/zOI/Tf6YxX/a/DGL/3T5Yxb/6fPHLP4z5I9Z/L+ZP2bxnzF/zOI/U/6YxX/m/DGL/yz5Yxb/b+WPWfxnzR+z+H87f8ziP1v+mMX/O/ljFv/v5o9Z/GfPH7P4z5E/ZvGfM3/M4j9X/pjF/3v5Yxb/ufPHLP7z5I9Z/OfNH7P4fz9/zOI/X/6Yxf8H+WMW//nzxyz+C+SPWfwXzB+z+C+UP2bx/2H+mMV/4fwxi/8i+WMW/0Xzxyz+i+WPWfwXzx+z+C+RP2bx/1H+mMX/x/ljFv8l88cs/kvlj1n8f5I/ZvH/af6YxX/p/DGL/zL5Yxb/ZfPHLP4/yx+z+C+XP2bxXz5/zOL/8/wxi/8K+WMW/xXzxyz+K+WPWfxXzh+z+K+SP2bxXzV/zOK/Wv6Yxf8X+WMW/9Xzxyz+a+SPWfzXzB+z+K+VP2bxXzt/zOK/Tv6YxX/d/DGL/3r5Yxb/9fPHLP4b5I9Z/H+ZP2bx/1X+mMV/w/wxi/9G+WMW/43zxyz+m+SPWfx/nT9m8f9N/pjFf9P8MYv/ZvljFv/N88cs/lvkj1n8t8wfs/j/Nn/M4r9V/pjF/3f5Yxb/rfPHLP6/zx+z+G+TP2bx3zZ/zOK/Xf6YxX/7/DGL/x/yxyz+f8wfs/jvkD9m8f9T/pjF/8/5Yxb/HfPHLP475Y9Z/P+SP2bx3zl/zOK/S/6YxX/X/DGL/1/zxyz+f8sfs/jvlj9m8d89f8ziv0f+mMV/z/wxi/9e+WMW/73zxyz+++SPWfz3zR+z+O+XP2bx3z9/zOJ/QP6Yxf/A/DGL/0H5Yxb/g/PHLP6H5I9Z/A/NH7P4H5Y/ZvE/PH/M4n9E/pjF/8j8MYv/UfljFv+j88cs/sfkj1n8j80fs/gflz9m8T8+f8zif0L+mMX/xPwxi/9J+WMW/5Pzxyz+p+SPWfxPzR+z+J+WP2bxPz1/zOJ/Rv6Yxf/M/DGL/1n5Yxb/s/PHLP7n5I9Z/M/NH7P4n5c/ZvE/P3/M4n9B/pjF/8L8MYv/RfljFv+L88cs/pfkj1n8L80fs/hflj9m8b88f8zif0X+mMX/yvwxi/9V+WMW/6vzxyz+1+SPWfyvzR+z+F+XP2bxvz5/zOJ/Q/6Yxf/G/DGL/035Yxb/m/PHLP635I9Z/G/NH7P435Y/ZvG/PX/M4n9H/pjF/878MYv/XfljFv+788cs/vfkj1n8780fs/jflz9m8b8/f8zi/0D+mMX/wfwxi/9D+WMW/4fzxyz+j+SPWfwfzR+z+D+WP2bxfzx/zOL/RP6Yxf/J/DGL/1P5Yxb/p/PHLP7P5I9Z/J/NH7P4P5c/ZvF/Pn/M4v9C/pjF/8X8MYv/S/ljFv+X88cs/q/kj1n8X80fs/i/lj9m8X89f8zi/0b+mMX/zfwxi/9b+WMW/7fzxyz+7+SPWfzfzR+T+I83kD9m8R+UP2bxHyl/zOI/cv6YxX+U/DGL/+D8MYv/qPljFv/R8scs/qPnj1n8x8gfs/iPmT9m8R8rf8ziP3b+mMV/nPwxi/+4+WMW//Hyxyz+4+ePWfwnyB+z+E+YP2bxnyh/zOI/cf6Yxf9j+WMW/0nyxyz+H88fs/hPmj9m8f9E/pjFf7L8MYv/J/PH/j/26MEADAQAAtjbGuBt27Zt27Zt27Zt27ZtW3UXuAl6yQpp+Z/Yf9TyP4n/qOV/Uv9Ry/9k/qOW/8n9Ry3/U/iPWv6n9B+1/E/lP2r5n9p/1PI/jf+o5X9a/1HL/3T+o5b/6f1HLf8z+I9a/mf0H7X8z+Q/avmf2X/U8j+L/6jlf1b/Ucv/bP6jlv/Z/Uct/3P4j1r+5/QftfzP5T9q+Z/bf9TyP4//qOV/Xv9Ry/98/qOW//n9Ry3/C/iPWv4X9B+1/C/kP2r5X9h/1PK/iP+o5X9R/1HL/2L+o5b/xf1HLf9L+I9a/pf0H7X8L+U/avlf2n/U8r+M/6jlf1n/Ucv/cv6jlv/l/Uct/yv4j1r+V/Qftfyv5D9q+V/Zf9Tyv4r/qOV/Vf9Ry/9q/qOW/9X9Ry3/a/iPWv7X9B+1/K/lP2r5X9t/1PK/jv+o5X9d/1HL/3r+o5b/9f1HLf8b+I9a/jf0H7X8b+Q/avnf2H/U8r+J/6jlf1P/Ucv/Zv6jlv/N/Uct/1v4j1r+t/Qftfxv5T9q+d/af9Tyv43/qOV/W/9Ry/92/qOW/+39Ry3/O/iPWv539B+1/O/kP2r539l/1PK/i/+o5X9X/1HL/27+o5b/3f1HLf97+I9a/vf0H7X87+U/avnf23/U8r+P/6jlf1//Ucv/fv6jlv/9/Uct/wf4j1r+D/Qftfwf5D9q+T/Yf9Tyf4j/qOX/UP9Ry/9h/qOW/8P9Ry3/R/iPWv6P9B+1/B/lP2r5P9p/1PJ/jP+o5f9Y/1HL/3H+o5b/4/1HLf8n+I9a/k/0H7X8n+Q/avk/2X/U8n+K/6jl/1T/Ucv/af6jlv/T/Uct/2f4j1r+z/Qftfyf5T9q+T/bf9Tyf47/qOX/XP9Ry/95/qOW//P9Ry3/F/iPWv4v9B+1/F/kP2r5v9h/1PJ/if+o5f9S/1HL/2X+o5b/y/1HLf9X+I9a/q/0H7X8X+U/avm/2n/U8n+N/6jl/1r/Ucv/df6jlv/r/Uct/zf4j1r+b/Qftfzf5D9q+b/Zf9Tyf4v/qOX/Vv9Ry/9t/qOW/9v9Ry3/d/iPWv7v9B+1/N/lP2r5v9t/1PJ/j/+o5f9e/1HL/33+o5b/+/1HLf8P+I9a/h/0H7X8P+Q/avl/2H/U8v+I/6jl/1H/Ucv/Y/6jlv/H/Uct/0/4j1r+n/Qftfw/5T9q+X/af9Ty/4z/qOX/Wf9Ry/9z/qOW/+f9Ry3/L/iPWv5f9B+1/L/kP2r5f9l/1PL/iv+o5f9V/1HL/2v+o5b/1/1HLf9v+I9a/t/0H7X8v+U/avl/23/U8v+O/6jl/13/Ucv/e/6jlv/3/Uct/x/4j1r+P/Qftfx/5D9q+f/Yf9Ty/4n/qOX/U/9Ry/9n/qOW/8/9Ry3/X/iPWv6/9B+1/H/lP2r5/9p/1PL/jf+o5f9b/1HL/3f+o5b/7/1HLf8/+I9a/n/0H7X8/+Q/avn/2X/U8v+L/6jl/1f/Ucv/b/6jlv/f/Uct/3/4j1r+//Qftfz/5T9q+f/bf9Ty/4//qOX/X/9Ry/9//qOW///9Ry3/A/xHLf8D/Uct/4P8Ry3/g/1HLf9D/Ect/0P9Ry3/w/xHJf8TjeQ/avkf2X/U8j+K/6jlf1T/Ucv/aP6jlv/R/Uct/2P4j1r+x/QftfyP5T9q+R/bf9TyP47/qOV/XP9Ry/94/qOW//H9Ry3/E/iPWv4n9B+NcP8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADCcvbuNzass/Dh+urZ7+rN/N+fwGjIYbLqJK1u7MhlsPtTHgqk6FgMmkC2sjEph7iG4gVoNSgzGMBkJIuo2dRNIjBkvhgkIK4lKnIrGiWiIQ1AXMTVMZETjUnO3vUt7r23Wq17XXuzzedHe55Tf6bbku3PK1gwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgpc3bbrlhbUdH2yYvvPDCi4EXp/p3JiC116I/1T8SAAAAAAAAAAAAAABgJDm+nehU/xwBAAAAAOB009L6ru7qqiGnqgcfzPl5W+/7plevvH7P84+vLL/v//Dlw1xywuCDnp6enpeau2b2H04qiqL02ab3H0+uHJeu39l1+fa+o1D89tnm1m3bmw/u/MrXH547dfqc2t6ztcWa69o72pZMKIpQXVtsLR00VBVFmFhbbC8dNJYOJtUW95cOlvYeTCkOlA4uvHZDx7rSiRM+NZx2Wlo/W1QPKbYY8rvB4P47uzbtKr8f5ZLlq9UU/f3XNf9wb8XHykbov3z9UFXZ/5h/gsCIxtb/7QvL70e55An3/0fb61YN97GR+y9fP0zQP6QzzPP/kEZ7n/f37J8xwvP/3GEuObD/6V9WdpX6v+mXL9T3n6o5mef/0ufrOwrVlf1PGPL8X3qOryk//08qilA7zl8OOK20tH6ue7T7f2X3Q/uvOatiUzW4/6Or9lSX+j981wPv7z9Ve1L9D1w/1Ixy/6/6zIGhP1ZgbFpad/dU3P/H0H+xYJhLDvQ/f/exq0r9n7HzyL5BHxtL/7WV/S/ecuMnFm/edkt9+41r17etb7upsbGhaemypsaLli/ufSToezvOXxU4PYzv/l9MrdhUFUXbwH7Rh5e9VOr/4Ln/+Fv/qclj7H/iqPf/59z/YVjnTygmTiy2rt2yZVND39vyYWPf277/bJj+T/z6f8T+55X/P2D56+7SF+QD+9+886sfKfV/76RVD/SfmjjG/ieN1n/na58XiDDO+/+6is2Q/ttf/c66Uv9/euX4of5TY/36f/Ko/e9y/4fxaGmt+As//2Ol/lf/6/Bwf05wEsIUf/4H6eTof+u0X3wzbh2m6h/SydH/0s1tkX/ZNvyf/iGdHP3/akfVkbh1OEP/kE6O/r/W/eDGuHWYpn9IJ0f/+2c/8lTcOvy//iGdHP0fXz/9qrh1qNM/pJOj/8u+tHd13DpM1z+kk6P/qlemPRG3DjP0D+nk6L++6uxPxa3D6/QP6eTo/7rOh1+MW4eZ+od0cvT/+Z2/jvw+nfB6/UM6Ofp/6o9bd8Stwyz9Qzo5+n9hVnt93DqcqX9IJ0f/99/wxCNx6/AG/UM6Ofp/+lsfPBa3DkH/kE6O/r/x7JE1ceswW/+QTo7+9y089oe4dThL/5BOjv7//dGrPxC3Dm/UP6STo/+wf/l349bhbP1DOjn6v+LJuxri1mGO/iGdHP13rrjtzrh1OEf/kE6O/puaF86OW4dz9Q/p5Oh/xp//fnfcOszVP6STo/+P3ffeyn/3+ySF8/QP6eTo/+YNqx+NW4fz9Q/p5Oh/5YyeC+LWYZ7+IZ0c/R8+et+P4tZhvv4hnRz9333nkivi1uFN+od0cvT/g1vP645bhzfrH9LJ0f/LtXfcGrcOC/QP6eTo/8s/q1kWtw4L9Q/p5Oj/xw99f1fcOrxF/5BOjv5ffN9j58StwwX6h3Ry9L/74llfjFuHt+of0snR/7uf2bg+bh0W6R/SydH/5L2/Pxq3DvX6h3Ry9D9/1cEPxa3DhfqHdHL0v2HRmt/FrcNi/UM6Ofp/5sDTh+LWYYn+IZ0c/e947NPNcevQoH9IJ0f/j1/W8Z+4dWjUP6STo/9/Nv3k43HrsFT/kE6O/s889O0vxK1Dk/4hnRz9X/3g5Jlx63CR/iGdHP1vvGb29+LWYZn+IZ0c/V8y96FL49bhbfqHdHL0/56/rrg5bh0u1j+kk6P/unvueS5uHZbrH9LJ0f+8a2+/Jm4dLtE/pJOj/+vn1D8Ztw6X6h/SydH/HcdbFsStwwr9Qzo5+u+67fl9ceuwUv+QTo7+uz/5cl3cOrxd/5BOjv73Trny3rh1eIf+AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOC/7MCBAAAAAACQ/2sjVFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWEHDmQAAAAAhPlb59F+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAnwIAAP//r0PLXg==")
r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0x101800, 0x10c)
creat(&(0x7f0000000080)='./file2\x00', 0x124)
ioctl$EXT4_IOC_GROUP_ADD(r0, 0xc0205838, &(0x7f0000000040)={0x2, 0xfffffffffffffffd, 0x7, 0x7206, 0xe, 0xa312})

1m55.15415638s ago: executing program 4 (id=103):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)={0x4c, r0, 0x801, 0x70bd28, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY={0x24, 0x50, 0x0, 0x1, [@NL80211_KEY_TYPE={0x8}, @NL80211_KEY_IDX={0x5, 0x2, 0x4}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "c612fb89dc"}, @NL80211_KEY_DEFAULT_MGMT={0x4}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4091}, 0x0)

1m54.711468157s ago: executing program 2 (id=106):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0)
sendmmsg$inet(r0, &(0x7f0000000380)=[{{&(0x7f0000000340)={0x2, 0x4e23, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000480)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x1a}, @multicast1}}}], 0x20}}, {{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000001440)="85dff603fa879b39113a08a1093289f99c717206c5b08001186e16ce44c5f0035bd9ce957b1dd95fc8051b0eecbf286caace45ad8b80e26b0aeef1468c687004c682e047c32850343ba97bc52120e7a895233204edd323a11b0461072c5cdebeba138897b9c1a071f0bfc15f1b024944a81542a345bdb75f259312460217e7ffb19ade0cc2c6c137799bded0b8bd7e2805bfc8d99974c302d959144667b78d8d3f9867441f3bfc9742b3641cb654d12b7a799c24caa7e772b2332d9d98461853feb6fd8a2b8ecf17f283850162afcc144fdb94f2bf8d3c689daea7ff2e29afe53223eb9598a1bf2074722d3aaa808b89f4197b6686b22dbf0a32b121bcb042d6ef95bddf07ef700bf9443365b7eab80d23d4ec13449fd3e4aa5605bfd49dbdbde9fe2b026d1fc9b45cae6c83a1f464ecf3f08476c2b18d37cf6cfdb44bce777961be324bc5f8e91289a8687102143370c2cb2d6aeb033c895545cfee34020367a1208b1c17012554d458d20f658132c6555555de2d0ae93812639206970bec37fe4cff65e2fd118c550b7c34bdd0a9a406aca14670701778ea28e8a49fc95ed1581bb2df7f6ce07f00d2abfa3c5ce9402c7fc3f2f00d2c1e0d654681a9410a84689258db56f9cc6b635950b0a939dca6c40f5d9bc46b21a722761762cc849b1a062d246c8170b44475bb33e08799c32627c3286396da3300dc83890faffbfbdf14a90e196fa78b95f2fed313f9ebc4d0e807d5abdb4c8e3481e22eec9cfd249549b2f05f11691aa0faf617220bf0cc47d9647236ce2843f94d25a785718b2929a0c272b07ffb3ea1f01fb46dc990404ebc2aed4c282a9457be7728f6c82756b850b9cf27f1863d4dc35de6d921bdfc9fd8142750cd97023dc3ea2717d456848d9f24ebd1fb0669b23d2d727fc5c078960644fa8ae6c5691c7a4651089c2dd57027e7f4646fc0a4532266ed09c58771f4f58b1f9fb2a20efb8462d9d7561b1ba354b4167db3917f1ddecec56283f285b299ab359e990d58f1fe75a053c891388e40a21b206285a29a430046cf204baca1d9cf07bee044738d9e8a029b97142603bf8e08489e937176b3409f3f6381277558b0cdd8c0561a3dc8209c6b59113ec387e5920039ab6480b807e3909b69127370dea4afed4ed2b84fa1f6464cbbd5fe6bc5fa0ad78e49b86c7b5f5205fc141e431c28f862adba49d4a241711e0c6630e3790af53c99368e9cf1dcdfe180347a8d3dcd14c6c56be8a3c81dbb76de7be69e0416956f974c5eec306ec90b3942777d239aad82883e391e3be2be4d3c39da55388fc083d0d7f2c4e3b8541dd09e973c5451df68ab49f998f155210cc8ef131480a736a0d7f7e25357713f5889e170f8aa9344879cc9918171d45c6e6f2a84ff9910189cab9aaefc7ba95d2371353e3be2e98b917afe8dc22ba5e6997e1d05bc8cae862bc0c4736049843ff7805552828280f855cbb27edcfac248816d069008b18c23d28dc27d9719d145a536b803d2e481576b5a5387f6cf69b014378418a1954a261fa192487482817de010e2fcc2932891e40b8f253bf58a0f4d01db28c7513597a0ed42ad48a7b63a5ce2dd4e38b824e641caceb870cadd79dc05157e2c7d9ddf7ee16665dfbbeb29ab4326554b103ae5bdb3909a8493b5df543563e239efd41aa8c1292f59d3a8ac4e8e8af6044285b8eb1828956aedd9807b7389ef510b7b4366a6f80d577fcb76df0868c8283cd074cea315bacd7a6e4695dc168194e47b8e4af14f07bef4f09a1ce70630c8fa24f7dd05c714f44e84468af8e15d252f47584c35cd21f4b0356b6e0b721290dc2c602839bb49d53920db5a1224a90799ff348ad4e8904da15d453b0620a03b3e4f26312a7ec1f3376c99d7ddc4f9a6ed05e3dc0ef496883d9f89fbc1d95ee7a8532b6b922f31d2761d19910613a18bcadbc72455824366db35ee91757634d9942af6eebb2b0bcde4120f4c9ba66434cbb95d91a64a86bf535b79e2ee79865dd12d8a2d509ab506d50238e48141911a451a1273066bfc16e4e6bbdb6953a6fe62e836c8630afdd19a44c7b8b5be6e6f0f37c25121a6c48746ccba01b0ee172d1f1f4208d18e9cd6743b42555aef06cc3ed1400b1a0101eb3b447a80d85394a52f91fe16892a6d42a0b23dd756c15b6958bba8c7b5f88cf7ada2a11629901db1770eaf03962f661249d241335d1e87923712cc38201b0fa0477979643c831d539add86d154656a0122fdcbb5658a20394c56ecd1cbd97b3c9c94900b0d1cffdb9078965ddb9cb7c22e24380818c696ea962e7eeb2f058f7b56b6159ae65995230bc33192d6d45e3d2823b65c97057ee666b8fc83b039c2259e2ab746049e7849b52225b8e42d415628036fb066071a1ca7f74c2cc0980e388852e248c67e042542d6ff1e022ca7f2a1f434bcb7921af834fa89240b1152a588d4a0a99503f72794f5798d20d9168f65c0a8c0172e1b95cafe9e246f366d57c19ee7857bb03a1707238ef49cb58695a01a98afe3ba8d84794a3abf40b88340eb4c01cb624cc69eef10a6c0f04a6279d12d1e15a019e2292dba7556fca386e6debfb14a9c2646c363ace16f4edbe88a0e8e0e557abe1801cf292877205b245ef1bc1ab3bc96531a5e4334f199e0cdc9c1e21f89ec6a422f22e8c5cc2bfc9067f89992437b2a567216f757b8a779dbc99b321028be90612e23404d057b6721ff9a6e5ebd7d3840bd358dea2702722cf9913801950afd45654f99ff33ad7bb67ff5b2ff318ac4eec270d362de5bf16a8556a2e4e95b6809ce0009fb55a0469282288f85a933eb6caf232ae8445016df36b798213b4ffa38c2e0f28620d7a6996aeadea297399d8becc2552beebe253d435afa8369c60cca7f321997956099cb6b7b5cf502028ab9ef6cb0129ec93e8a1d84b205b68ad0bcd6d6b162c766b4d2a9468c2fce03b746024970c346e49879fb2220150c39a2f28595a4b7fc714fc623ce880ee6a90f634892cd40b1a28e9dc5102f93707518ffabd6060beaea25d77b6c62f9491a0a1bb93dd2ec5bfb920fd93939ccf06203bd8e85e32f77d4b619224215964dabdbe3fc0caa11a16ae56843fc6624c4489d728d14215eb6007dafc88d21430eb20ad8d5dee5f7dad0643ee4a32ebb17f720af85f1efbe92e4eb6cc13b6b3cca43f08c1592319cd129fe83baa6deec1dafb2d1d26720ad997d123b7d606fde25dac843eee405aa6a4e19fdc26e5a8f089e53ba33e30e81eb87cd5dc6953d424ae7cb310d5631379ac1078b6c5fb018ac941d83ede9f5d51eaf1ce312f2255c9bba82f751cb503e83a17d443769ee4c46fd1e4c1100e794327c52f03b9a09a590bc73b9f9a8239854b1f8e5673d6638f2a13793dd92cd8c816925cf881111fbf6bd3bb6efbc7cc6fb354d9fa8a98b789962fc344974b228e9fe8279ee99eb836816a9c7203a66537e52bc4128b0506a110bc4ddb325342232fd8f435a001719e05a9bb8d0d04913f896ce4770abadab3079f539fabea3b223d760cc367d357136424e93c57c48a7660bbfb408f44c94fb5ba51faf55e03717394afd1e28059b6955f06f075f5147af0ba90bcdb56204e922202e9287e33957e60498f3746d8b19cd8d162a0746eddcddf252b36879279db2f09a32175186d8e0538ab4fce4594b9800cca618d23a25358e529baa1461ac95f244d8435170162a3ae82e150c8685e4890b0e662cd65357ba964b351d726c9c87f3ec1340b8f8ed7d6361c333693a7d5a27008da56b56c0f343543b17c885c679128ca11f432db007f7e534d8597b50a8ff7db937f90c82787e9b0eaef8bc0b082e5cc5f262c5cd18e00fb0bf3714206f0c6f8065e6c4c09b54548993888ef85a478ed6dc33fe1e6e4ab4d2a4f6c53a95af77cdabfeaeb5e73a056f4a25d339ffdc18a9acc07b1d25e1f61d8b9940d73ea12b5a6782a1fda18efa854ccae307c77d8329be08482dba7299eff971b7f4fbf50c787ebe09bc24e93c213085833a7c120819c6d9d1c74ab48d1fa5446a8e3e062c64b323b0d6630e3192e90208fe6ad333c6c66bb738700cb30a88393c74d9e029ddeebcbe3027fc5689a51524d99ebdef1ce7185d20b4802b8877675937ce94491d4ada7a0079eac311dbdffd57004811f563c41b72a306367997b28208becbdddce0a2e5abf53e61d4811e569a9cb9ff654e69755f72b318a5b43fb430c502d7805d4614beb3801e76e8b2d94bb44c9f", 0xbc1}, {0x0}], 0x2}}], 0x2, 0x40080c0)

1m54.506354883s ago: executing program 2 (id=107):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r1 = fcntl$dupfd(r0, 0x0, r0)
write$sndseq(r1, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38)
ioctl$SG_IO(r1, 0x2285, &(0x7f00000005c0)={0x53, 0xfffffffffffffffc, 0x0, 0x8, @scatter={0x0, 0x0, 0x0}, 0x0, 0x0, 0x81, 0x10006, 0x1, 0x0})

1m54.31415302s ago: executing program 4 (id=109):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x800, &(0x7f0000000400)={[{@allow_utime={'allow_utime', 0x3d, 0x6}}, {@umask={'umask', 0x3d, 0x2}}, {@gid}, {@errors_continue}, {@iocharset={'iocharset', 0x3d, 'default'}}, {@namecase}, {@fmask={'fmask', 0x3d, 0x106}}, {@fmask={'fmask', 0x3d, 0x5}}, {@fmask={'fmask', 0x3d, 0x6}}, {@gid}, {@iocharset={'iocharset', 0x3d, 'iso8859-3'}}]}, 0x1, 0x1524, &(0x7f00000037c0)="$eJzs3AuYjtXaOPD7Xms9Y0h6m+QwrLXuhzc5LJMkOSTJIUmSJMkpIWmSLQmJIaekIQnJYUgOQ0gOE5PG+Xw+JCRJkyQhOSXrf0342+3a3977233bd31z/67ruaz7Xc+9nvW89/u8z8HMfNdlaM3Gtao1JCL4t+DFf5IAIBYABgLAdQAQAEC5uHJxWf05JSb9exthf65HUq/2DNjVxPXP3rj+2RvXP3vj+mdvXP/sjeufvXH9szeuP2PZ2ebpBa/nJfsu/Pw/O+Pz//8hmaXHfrW29I1dAWL+2RSuf/bG9f8/K/hnVuL6Z29c/+wq9mpPgP0vwMd/dpDj7/Zw/bM3rj9j2dnVfv58tReIZO/34Gp//hhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMZQ9n/BUKAC63r/a8GGOMMcYYY4wx9ufxOa72DBhjjDHGGGOMMfY/D0GABAUBxEAOiIWckAsEAFwLeeA6iMD1EAc3QF64EfJBfigABSEeCkFh0GAgBghCKAJFIQo3QTG4GYpDCSgJpcBBaUiAW6AM3Apl4TYoB7dDebgDKkBFqASV4U6oAndBVbgbqsE9UB1qQE2oBfdCbbgP6sD9UBcegHrwINSHh6ABPAwN4RFoBI9CY3gMmsDj0BSaQXNoAS3/W/kvQQ94GXpCL0iC3tAHXoG+0A/6wwAYCK/CIHgNBsPrkAxDYCi8AcPgTRgOb8EIGAmj4G0YDe/AGBgL42A8pMAEmAjvwiR4DybDFJgK0yAVpsMMeB9mwiyYDR/AHPgQ5sI8mA8LIA0+goWwCNLhY1gMn0AGLIGlsAyWwwpYCatgNayBtbAO1sMG2AibYDNsga2wDbbDDtgJn8Iu+Ax2wx7YC5/DPvjiX8w//Tf5XREQUKBAhQpjMAZjMRZzYS7MjbkxD+bBCEYwDuMwL+bFfJgPC2ABjMd4LIyF0aBBQsIiWASjGMViWAyLY3EsiSXRocMETMAyeCuWxbJYDstheSyPFbAiVsTKWBmrYBWsilWxGlbD6lgda2JNvBfvxd5YB+tgXayL9bDe5cdT2BAbYiNshI2xMTbBJtgUm2JzbI4tsSW2wlbYGltjW2yL7bAdtsf2mIiJ2AE7YEfsiJ2wE3bGztgFu2BX7IbdMl/KAfgyvoy9sLrojX2wD/bF5Bz9cQAOwFdxEL6Gr+HrmIxDcCi+gW/gmzgcT+EIHImjcBRWEe/gGByLJMZjCqbgRJyIk3ASTsYpOAWnYSpOxxk4A2fiLJyFH+Ac/BA/xHk4DxdgGqbhQlyE6ZiOi/E0ZuASXIrLcDmuwOW4ClfjKlyL63AtbsANuAk34RbcgttwG+7AHfgpKgD8DPfgHkzGfbgP9+N+PIAH8CAexEzMxEN4CA/jYTyCR/AoHsVjeBxP4HE8iSfxFJ7GM3gGz+E5PI8vxH/T6NMSa5JBZFFCiRgRI2JFrMglconcIrfII/KIiIiIOBEn8oq8Ip/IJwqIAiJexIvCorAwwggSYQwAiKiIimKimCguiouSoqRwwokEkSDKiDKirCgryonbRXlxh6ggKoo2rrKoLKqItq6quFtUE9VEdVFD1BS1RC1RW9QWdUQdUVfUFfVEPVFfPCQaiN7YHx8RWZVpLIZgEzEUm4pmQl76BmslhmNr0Ua0FU+JkTgC24tWLlE8KzqIMdhR/EWMxedFZzEeu4gXRVfRTXQXL4keorXrKXqJydhb9BHTsK/oJ/qLAWIm1hAf4JycNcXrIlkMEUPFG2IBvimGi7fECDFSjBJvi9HiHTFGjBXjxHiRIiaIieJdMUm8JyaLKWKqmCZSxXQxQ7wvZopZYrb4QMwRH4q5Yp6YLxaINPGRWCgWiXTxsVgsPhEZYolYKpaJ5WKFWClWidVijVgr1on1YoPYKDaJzWKL2Cq2ie1ih9gpPhW7xGdit9gj9orPxT7xhdgvvhQHxFfioPhaZIpvxCHxrTgsvhNHxPfiqPhBHBPHxQnxozgpfhKnxGlxRpwV58TP4rz4RVwQXoBEKaSUSgYyRuaQsTKnzCWvkbllcOndvV7GyRtkXnmjzCfzywKyoIyXhWRhqaWRVpIMZRFZVEblTbKYvFkWlyVkSVlKOllaJshbZBl5qywrb5Pl5O2yvLxDVpAVZSVZWd4pq8i7JEQubqO6rCFrylryXpkE98k68n5ZVz4g68kHZX35kGwgH5YN5SOykXxUNpaPySbycdlUNpPNZQvZUj4hW8knZWvZRraVT8l28mnZXj4jE+WzsoP0lz4iz8vO8gXZRb4ou8pusrv8RV6QXvaUvST0BtlHviL7yn6yvxwgB8pX5SD5mhwsX5fJcogcKt+Qw+Sbcrh8S46QI+Uo+bYcLd+RY+RYOU6Olylygpwo35WT5Htyspwip8ppMlVOl/0vjTRbyn+Y/+4f5A/+deub5Ga5RW6V2+R2uUPulJ/KXXKX3C13y71yr9wn98n9cr88IA/Ig/KgzJSZ8pA8JA/Lw/KIPCKPyqPymDwuz8of5Un5kzwlT8vT8qw8J8/J85feA1CohJJKqUDFqBwqVuVUudQ1Kre6VuVR16mIul7FqRtUXnWjyqfyqwKqoIpXhVRhpZVRVpEKVRFVVEXVTXjpA6NKqlLKqdIqQd3yr+SrYupmVVyV+E3+5fkl/Z35tVQtVSvVSrVWrVVb1Va1U+1Ue9VeJapE1UF1UB1VR9VJdVKdVWfVRXVRXVVX1V11Vz1UD9VT9VRJKkn1Ua+ovqqf6q8GqIHqVTVIDVKD1WCVrJLVUDVUDVPD1HA1XI1QI9QoNUqNVqPVGDVGjVPjVIpKURPVRDVJTVKT1WQ1VU1VqSpVzVAz1Ew1U81Ws9UcNUfNVXPVfDVfpak0tVAtVOkqXS1Wi1WGWqKWqGVqmVqhVqhVapVao9aodWqd2qA2qAy1WW1WW9VWtV1tVzvVTrVL7VK71W61V+1V+9Q+tV/tVwfUAXVQHVSZKlMdUofUYXVYHVFH1FF1VB1Tx9QJdUKdVCfVKXVKnVFn1Dl1Tp1X59UFdSHrsi8QgQhUkHWmjQlig9ggV5AryB3kDvIEeYJIEAnigrggb3BjkC/IHxQICgbxQaGgcKADE9hAXCp6NLgpKBbcHBQPSgQlg1KBC0oHCcEtQZng1qBscFtQLrg9KB/cEVQIKgaVgsrBnUGV4K6ganB3UC24J6ge1AhqBrWCe4PawX1BneD+oG7wQFAveDCoHzwUNAgeDhoGjwSNgkeDxsFjQZPg8aBp0CxoHrQIWv6p43t/Kv+TrqfupZN0b91Hv6L76n66vx6gB+pX9SD9mh6sX9fJeogeqt/Qw/Sberh+S4/QI/Uo/bYerd/RY/RYPU6P1yl6gp6o39WT9Ht6sp6ip+ppOlVP1zP0+3qmnqVn6w/0HP2hnqvn6fl6gU7TH+mFepFO1x/rxfoTnaGX6KV6mV6uV+iVepVerdfotXqdXq836I16k96st+itepvernfonfpTvUt/pnfrPXqv/lzv01/o/fpLfUB/pQ/qr3Wm/kYf0t/qw/o7fUR/r4/qH/QxfVyf0D/qk/onfUqf1mf0WX1O/6zP61/0Be2zLu6zTu9GGWViTIyJNbEml8llcpvcJo/JYyImYuJMnMlr8pp8Jp8pYAqYeBNvCpvCJgsZMkVMERM1UVPMFDPFTXFT0pQ0zjiTYBJMGVPGlDVlTTlTzpQ35U0FU8FUMpXMneZOc5e5y9xt7jb3mHtMDVPD1DK1TG1T29QxdUxdU9fUM/VMfVPfNDANTEPT0DQyjUxj09g0MU1MU9PUNDfNTUvT0rQyrUxr09q0NW1NO9POtDftTaJJNB1MB9PRdDSdTCfT2XQ2XUwX09V0Nd1Nd9PD9DA9TU+TZJJMH9PH9DV9TX/T3ww0A80gM8gMNoNNskk2Q81QM8wMM8PNcDPCjDSjsg4f844ZY8aacWa8STEpZqKZaCaZSWaymWymmqkm1aSaGWaGmWlmmtlmtplj5pi5Zq6Zb+abNJNmFpqFJt2km8VmsckwGWapWWqWm+VmpVlpVpvVZq1Za9bDerPRbDSbzWaz1Ww12812s9PsNLvMLrPb7DZ7zV6zz+wz+81+c8AcMAfNQZNpMs0hc8gcNofNEXPEHDVHzTFzzJwwJ8xJc9KcMqfMGXPGnDP5L50vvYm1OW0ue43Nba+1eex19m/jAragjbeFbGGrbT6b/zexsdYWtyVsSVvKOlvaJthbfhdXsBVtJVvZ3mmr2Lts1d/Fte19to6939a1D9ha9t7fxPXsg7a+fcw2QASwzWwj28I2to/ZJvZx29Q2s81tC9vOPm3b22dson3WdrDP/S5eaBfZ1XaNXWvX2d12jz1jz9rD9jt7zv5se9pedqB91Q6yr9nB9nWbbIf8Lh5l37aj7Tt2jB1rx9nxv4un2mk21U63M+z7dqad9bs4zX5k59h0O9fOs/Ptgl/jrDml24/tYvuJzbABLLXL7HK7wq60q/7/XJfZDXaj3WR32c/sVrvNbrc77M7LF8J2j91rP7f77Bf2kP3WHrBf2YP2iM203/waZ+3fEfu9PWp/sMfscXvC/mhP2p/U5eysff/R/mIvWG+BkIAkKQoohnJQLOWkXHQN5aZrKQ9dRxG6nuLoBspLN1I+yk8FqCDFUyEqTJoMWSIKqQgVpSjdRJenV5JKkaPSlEC3UBm6lcrSbVSObqfydAdVoIpUiSrTnVSF7qKqdDdVo3uoOtWgmlSL7qXadB/VofupLjxA9ehBqk8PUQN6mBrSI9SIHqXG9Bg1ocepKTWj5tSCWtIT1IqepNbUhtrSU9SOnqb29Awl0rPUgZ6jjvQX6kTPU2d6gbrQi9SVulF3eol60MvUk3pREvWmPvQK9aV+1J8G0EB6lQbRazSYXqdkGkJD6Q0aRm/ScHqLRtBIGkVv02h6h8bQWBpH4ymFJtBEepcm0Xs0mabQVJpGqTSdZtD7NJNm0Wz6gObQhzSX5tF8WkBp9BEtpEWUTh/TYvqEMmgJLaVltJxW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nXbQTvqUdtFntJv20F76nPbRF7SfvqQD9BUdpK8pk76hQ/QtHabv6Ah973vRD3SMjtMJ+pFO0k90ik7TGTpL5+hnOk+/0AXyBCGGIpShCoMwJswRxoY5w1zhNWHu8NowT3hdGAmvD+PCG8K84Y1hvjB/WCAsGMaHhcLCoQ5NaEMKw7BIWDSMhjeFxcKbw+JhibBkWCp0YekwIbwlLBPeGpYNbwvLhbeH5cM7wgphxfCxByqHd4ZVwrvCquHdYbXwnrB6WCOsGdYK7w1rh/eFdcL7w7rhA2HZ8MGwfvhQ2CB8OGwYPhI2Ch8NG4ePhU3Cx8OmYbOwedgibBk+EbYKnwxbh23CtuFTYbvw6bB9+EyYGD4bdgif+7X/wUV/vz8p7B32CV8JXwm9v1/Ojy6IpkU/ii6MLoqmRz+OLo5+Es2ILokujS6LLo+uiK6Mroqujq6Jro2ui66PbohujG6Kel8rBzh0wkmnXOBiXA4X63K6XO4al9td6/K461zEXe/i3A0ur7vR5XP5XQFX0MW7Qq6w084468iFrogr6qLuJlfM3eyKuxKupCvlnCvtElwL19K1dK3ck661a+PauqfcU+5p97R7xj3jnnUd3HOuo/uL6+Sed53dC+4F96Lr6rq57u4l18NNyHPxmExyfVwf19f1df1dfzfQDXSD3CA32A12yS7ZDXVD3TA3zA13w90IN8KNcqPcaDfajXFj3Dg3zqW4FDfRTXST3CQ32U12U91Ul+pS3Qw3w810M12VWRe3MtfNdfPdfJfm0txCl3XNmO4Wu8Uuw2W4pW6pW+6Wu5VupVvtVru1bq1b79a7jW6j2+w2u61uq9vutrudbqfb5Xa53f66i4O6fW6/2+8OuAPuoPvaZbpv3CH3rTvsvnNH3PfuqPvBHXPH3Qn3ozvpfnKn3Gl3xp1159zP7rz7xV1w3qVEJkQmRt6NTIq8F5kcmRKZGpkWSY1Mj8yIvB+ZGZkVmR35IDIn8mFkbmReZH5kQSQt8lFkYWRRJD3ycWRx5JNIRmRJZGlkWWR5ZEXE+0JbQ1/EF/VRf5Mv5m/2xX0JX9KX8s6X9gn+Fl/G3+rL+tt8OX+7L+/v8BV8RV/JP+6b+ma+uW/hW/onfCv/pG/t2/i2/infzj/t2/tnfKJ/1nfwz/mO/i++k3/ed/Yv+C7+Rd/Vd/Pd/Uu+h3/Z9/S9fJLv7fv4V3xf38/39wP8QP+qH+Rf84P96z7ZD/FD/Rt+mH/TD/dv+RF+pB8V87YfffkWGcb7FD/BT/Tv+kn+PbjbT/FT/TSf6qf7Gf59P9PP8rP9B36O/9DP9fP8fL/Ap/mP/EK/yKf7j/1i/4nP8EsuP1T2K/0qv9qv8Wv9Or/eb/Ab/Sa/2W/xW/02v93v8Dv9p36X/8zv9nv8Xv+53+e/8Pv9l/6A/8of9F/7TP+NP+S/9Yf9d/6I/94f9T/4Y/64P+F/9Cf9T/6UP+3P+LP+nP/Zn/e/+Av8O2uMMcYYY/+UCVea4rc9Fx/n9/6DHPFXK/cBgGu3Fcz86/6sK8r1+S62+4n4dhEAeLZXl0cuL9WrJyUlXVo3Q0JQdB7A5f8JyhIDV+Il0BaehkRoA2X+cP79RLdz9A/Gj94OkOuvcmLhSnxl/C8BMOkPxn/iqVELy4dn4v6L8ecBFC96JScnXImXQNtfn6+0gbJ/Z/75W/2D+ef8KgWg9V/l5IYr8ZX5J8CT8Bwk/mZNxhhjjDHGGGPson6iUqfL95+Xf+Lzj+7P49WVnBxwJf5H9+eMMcYYY4wxxhi7+p7v1v2ZJxIT23T61xtV/1tZ/3SjCfxPjcyNP2x4D3D5FQUA/+aAAFkN+Z/ciy3/kW0lXzp0/rZr+VkfwP+OUv4Zjav8xcQYY4wxxhj701256P/t6+pqTYgxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGMuG/hN/Tuxq7yNjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDF2tf2/AAAA//8BsgGO")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
umount2(&(0x7f0000000040)='./file0\x00', 0x9)

1m54.307147851s ago: executing program 2 (id=110):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r0, &(0x7f0000002340)=[{{&(0x7f0000000140)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x6}, 0x1c, &(0x7f0000000cc0)=[{&(0x7f00000000c0)='O', 0x1}], 0x1}}], 0x1, 0x0)
shutdown(r0, 0x1)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x84, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0xfffffffd, @empty, 0x3f01}}, 0xfffd}, 0x90)

1m54.055057883s ago: executing program 2 (id=111):
r0 = openat$binfmt_register(0xffffff9c, &(0x7f0000000040), 0x1, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000580)='./file1\x00', 0x40, &(0x7f0000000340), 0x1, 0x55b, &(0x7f0000000940)="$eJzs3U9oHNUfAPDvzGZ//ZefqaCg0kNRoULpJukfrZ7aq1go9CB4qctmG0I22ZDdaBNySO9F7EFUeqk3PXhUPHgQLx69elE8C6JBoelBVvZf2iabuK1JtnY+H5jd9+Zt9vvezH7f7gwzJIDMOtp8SCOejYiLScTIPW1D0Wk82n7d2upy6c7qcimJRuPSb0kkEXF7dbnUfX3SeT4UESsR8UxEfJuPOJ5ujltbXJouVirl+U59tD4zN1pbXDoxNVOcLE+WZ0+98uqZs6fPjJ8c37GxXv/pxnvXv3/91o3PPj+yUvqgmMS5GO603TuOndTeJvk4t2H96d0INkDJoDvAQ8l18jwfEU/HSOQ6WQ88/hr7IhpARiXyHzKq+zugefzbXfby98ev59sHIM24a52l3TLUPjcR+1vHJgf/SO47Mmkebx7ey47yWFq5FhFjQ0ObP/9J5/P38MZ2ooPsqm/Ot3fU5v2frs8/0WP+Ge6eO/2XuvPf2qb572783Bbz38U+Y/z11s8fbxn/WsRzPeMn6/GTHvHTiHi7z/g33/zq7FZtjU8ijkXv+F3J9ueHR69MVcpj7ceeMb4+duS17cZ/cIv47XO2+1tfM722/1yf4//yuy+eX9km/ksvbL//e23/AxHxfp/xn7z96RtbtTXjT2wx/u3iN9fd6jP+y+eO/tjnSwEAAAAAAAAAgAeQtq5lS9LCejlNC4X2PbxPxcG0Uq3Vj1+pLsxOtK95Oxz5tHul1Ui7njTr453rcbv1kxvqp3KdgLkDrXqhVK1MDHjsAAAAAAAAAAAAAAAAAAAA8Kg4tOH+/z9z7fv/gYzwL78hu+Q/ZNf9+Z8MrB/A3vP9D5nVkP+QXfIfskv+Q3bJf8gu+Q/ZJf8hu+Q/AAAAAAAAAAAAAAAAAAAAAAAAAADsiosXLjSXxp3V5VKzPjG0uDBdfefERLk2XZhZKBVK1fm5wmS1OlkpF0rVmX96v0q1OjcWswtXR+vlWn20trh0eaa6MFu/PDVTnCxfLuf3ZFQAAAAAAAAAAAAAAAAAAADw3zLcWpK0EBFpq5ymhULE/yPicOSTK1OV8lhEPBERP+Ty+5r18UF3GgAAAAAAAAAAAAAAAAAAAB4ztcWl6WKlUp5X2FyIiJWdfefmOz7wX+U7++pR2SwKWSgMeGICAAAAAAAAAAAAAAAAAIAMunvT76B7AgAAAAAAAAAAAAAAAAAAAFmW/pJERHM5NvLi8MbW/yVrudZzRLx789KHV4v1+vx4c/3v6+vrH3XWnxxE/4F+dfO0m8cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAXbXFpelipVKe38XCoMcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DD+DgAA//+H69Sv")
write$binfmt_register(r0, &(0x7f0000000100)={0x3a, 'syz3', 0x3a, 'E', 0x3a, 0xffffffffffffffff, 0x3a, '#]+$', 0x3a, '{', 0x3a, './file0/file0', 0x3a, [0x46]}, 0x33)
creat(&(0x7f0000000340)='./file0/file0\x00', 0x0)

1m53.67711939s ago: executing program 4 (id=115):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x27, 0xae, 0x91, 0x40, 0x5ac, 0x259, 0xf0b2, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x69, 0x0, 0x0, 0x3, 0x72, 0x2}}]}}]}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0)

1m53.41110815s ago: executing program 2 (id=118):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file2\x00', 0x1000010, &(0x7f0000000100)={[{@metadata_ratio={'metadata_ratio', 0x3d, 0x2}}, {@ssd_spread}, {@space_cache}, {@nodiscard}, {@compress_algo={'compress', 0x3d, 'zstd'}}, {@clear_cache}, {@user_subvol_rm}, {@max_inline={'max_inline', 0x3d, [0x38, 0x40, 0x33, 0x74, 0x37, 0x31]}}]}, 0xff, 0x50f3, &(0x7f0000005140)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=")
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file3\x00', 0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x5)
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8)

1m53.093424108s ago: executing program 4 (id=120):
r0 = epoll_create1(0x0)
r1 = socket(0x23, 0x5, 0x0)
listen(r1, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0)={0x10000005})

1m52.606283897s ago: executing program 32 (id=120):
r0 = epoll_create1(0x0)
r1 = socket(0x23, 0x5, 0x0)
listen(r1, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0)={0x10000005})

1m51.916508042s ago: executing program 2 (id=127):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000000)=0x3)
ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000080)={0x2, &(0x7f0000000100)=[{0x48, 0xff, 0x0, 0xffeffffd}, {0x6, 0x60, 0x0, 0x8}]})
write$ppp(r0, &(0x7f0000000300)="5af9", 0x2)

1m51.300992926s ago: executing program 33 (id=127):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000000)=0x3)
ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000080)={0x2, &(0x7f0000000100)=[{0x48, 0xff, 0x0, 0xffeffffd}, {0x6, 0x60, 0x0, 0x8}]})
write$ppp(r0, &(0x7f0000000300)="5af9", 0x2)

7.131464111s ago: executing program 5 (id=1211):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0)
ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f00000002c0)={0x3f})
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3)
write$uinput_user_dev(r0, &(0x7f0000000840)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x219, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x7, 0x4, 0x0, 0xfffffffd], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x1000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff]}, 0x45c)

7.094165534s ago: executing program 5 (id=1213):
r0 = socket(0x8000000010, 0x2, 0x0)
write(r0, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a0100000001481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
sendto$inet(r1, 0x0, 0x0, 0x2000c000, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x15}}, 0x10)
ioctl$sock_inet_SIOCSARP(r1, 0x8953, &(0x7f0000000180)={{0x2, 0x0, @empty}, {}, 0x0, {0x2, 0x0, @multicast1=0xe000cc02}})

6.143033091s ago: executing program 5 (id=1228):
write$binfmt_register(0xffffffffffffffff, &(0x7f00000001c0)={0x3a, 'syz2', 0x3a, 'M', 0x3a, 0x80000000000ffe, 0x3a, '\xe5J\x83\x8f4\xc0\x1e\xe8ey$Ee\xcb\xfe\xdd]>\x14\xcf\xa1\x9fT\xf9\xf1 \xa4i\v\x14\xd3\xd2\xafD-\"\x81\xf3C)\x1c\v\x83\x00\xf6\xdb\xb8H\xb9`r\x10\x91\x1f\x86Q\xd7\xdc\xad\xf3\x17\x80\xfe^\xc4G\xc4d`\xbfkk\xa4\xfe\xc7\xec*\xaeR\x11R\xbdb\x1a\xbd6t\x05oY\xe7^\xbd\x16Y\x1a\x93\xf7\xfe\x89\xban\x10c\xef\xa3\xd94\xec\r\xb5q\xd5v\xf6', 0x3a, '\xd9\x01\x18\xd5\xc3\x18!l\xbf\xab\xe3\x1e\x9dI\xde[:\xf6\xcb\xb5\x0f\xe4\xa8\x00\x00I\xb4u\xd4?\x10b\xa6\x03\xa7m\xb0\xaf\xc7\x15\xd4\xbeh\x8a; \xf1\x88\x00\x00\x00\x00\x00\x00\x00\xb2L\xac\x17\xea\xe5F\x8a9)Q\x8f\xa9\xe8(\x80\xf3\xad\"\xd4-\xa4\xdd\x06\x85\xf0\xa5\xc8', 0x3a, './file/file0'}, 0xf2)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000900)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffb}}, [@mark={0xc, 0x15, {0x35075c, 0xfffffffb}}]}, 0xc4}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="b80000001500"], 0xb8}}, 0x0)

6.038061319s ago: executing program 5 (id=1231):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000002c0)=ANY=[@ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="02"], 0x10)
socket$l2tp6(0xa, 0x2, 0x73)

5.947454807s ago: executing program 5 (id=1233):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="19000000040000000400000002"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000800850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000280)="b9ff03076804268c989e14f088a8", 0x0, 0x1, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

5.814815129s ago: executing program 1 (id=1235):
syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8052, &(0x7f0000000380)={[{@grpjquota}, {@init_itable_val={'init_itable', 0x3d, 0x7}}, {@dioread_nolock}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x7fffffff}}]}, 0x3, 0x4de, &(0x7f0000000c40)="$eJzs3E1oXNUeAPD/nUma9Ot1Xl9f32utmlrFYDFp02q7EKSi4EJBrKAuQ5KW2rSRJgVbqkxB6lIK7sWlWxdu1U0RV4LbuhSkUKSbtoI4cmfunZlMZ5ImmWSM+f1gMufcr3POPffcOfeczASwYQ2lf5Ja+GZE7IiIQusGQ7W3e3euTNy/c2UiypXKyd+S6m5303gmO0xszSLDhYjCx0ljRZPZS5fPjk9PT13I4qNz594fnb10+dkzg9mS48ePHjl87Pmx55ZeqDbppeW6u/ejmX17Xn33+usTffnyPLXmcnTLUAy1y0rVU91OrMe2N4WTvh5mhCVJr/+0uvqr7X9HFGOhyiuvYc6A1VapVCoDnVeXK62uPrAEWLdisNc5AHoj/6BPn3/zV7uOwKbV6X703O0TtQegtNz3slfE49WF+ThIf8vzbTcNRcQ75d8/T1+xSuMQAADNvj2R9wRb+n+l2szIHxdvvJi+/yubQylFxL8jYmdE/CcidkXEfyNid0T8LyL+33L8YkRUFkh/qCVeT78+CVW41aWitpX2/17I5rYa/b95GSgVs9j2iLzDPHUoOyfD0T9w6sz01OEF0vju5Z8+7bSuuf+XvtL0875glo9bfS0DdJPjc+PLLnCL21cj9va1lj/pi0jqMwFJROyJiL1LOG6pKXzmmS/31SP987dbvPxVlbbzaF2YZ6p8EfF0rf7LMa/+Gykm8+Ynz42fnjo9dX6sPj85OhjTU4dG06vgUNs0fvjx2hud0l+0/F//0rrLK8e+OZm1rJVL639L0/Uf+fxto/ylJCKpz9fOLj2Naz9/0vGZZrnX/6bkrWo4fy79YHxu7sLhiE3Jaw8uH2vsm8fT9yjXyj98oH3735ntk56JRyIivYgfjYjHovaEmOZ9f0Q8EREHFij/9y89+d7yy7+60vJPttz/ajU/r/4b8/WdAkk2N9hmVfHs/pv3O9w8Hq7+j1ZDw9mS9ve/ZN4tolNO80+7dMmfKz57AAAAsD4UImJb01jStigURkZqY0C7YkthemZ27uCpmYvnJ9N1EaXoL+QjXbXx4P4kH/8sNcXHWuJHsnHjz4qbq/GRiZnpyZ6WHNhabfNJYSTi7WJT+0/92p0hZuDvzPe1YONaqP2nnfjd19cwM8CaevjP/xsfrmpGgDXX1P47fcO/vIz/+wLWAc//QMPiP/TjngHrX0Vbhg1tSe3/oB8BhH+SvnizHi70NCfAWtP/hw1p0e/1ryhQGWi/ajAe3DgGFz5gMZaXjc1t0upJIO1Z9ST1zcvZK/81hY7bRGFpBxyI7tTpqRWejfKF2dO7u37xV7L/le92DX61Ju20XaAntyMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICu+ysAAP//+sDgnA==")
syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x104880, 0x0, 0x1, 0x0, &(0x7f0000000200))
chdir(&(0x7f00000000c0)='./bus\x00')
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90)
getdents64(r0, &(0x7f0000000f80)=""/4085, 0xff5)

5.700505726s ago: executing program 1 (id=1237):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140), 0x802, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000000))
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000001400))
writev(r0, &(0x7f0000000640)=[{&(0x7f00000006c0)="2e31b69c9bd4beb2ce56518bf0aea548722f054677edd0cb67e2afb987c3e16e3b65bfe50c4d55086a56832bebeb32802ecd8e61032995b891d24c782afea345ed2f0a87bc1bfc6101fa7d1d2c2e57f889dbb28fe7b7e2fc562acebfd86566be11c267f5c5c5e1707a44f2795400fb26cd4170d76c6807d8270435f365d737751f", 0x81}], 0x1)
ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0)

5.587732791s ago: executing program 5 (id=1239):
r0 = io_uring_setup(0x1fc4, &(0x7f0000000bc0)={0x0, 0x0, 0x12, 0x20000000, 0x217})
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000080)={0x10001, r1})
close_range(r0, 0xffffffffffffffff, 0x0)

5.587042344s ago: executing program 1 (id=1240):
r0 = syz_io_uring_setup(0x1249, &(0x7f00000004c0)={0x0, 0x2170, 0x1, 0x1, 0x1c1}, &(0x7f0000000180)=<r1=>0x0, &(0x7f0000000000)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x40, 0x0, 0x5, 0x3, 0x0, 0xffffffff, 0x0, 0x0, {0x3, r3}})
io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0)

4.828451244s ago: executing program 1 (id=1243):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000006, 0x4008031, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f000053f000/0x1000)=nil, 0x1000, 0x0, 0x100020, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socket(0x26, 0x803, 0x0)
syz_open_dev$MSR(0x0, 0x0, 0x0)

3.02136454s ago: executing program 0 (id=1258):
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0xc000, &(0x7f0000000380), 0x2, 0x24d, &(0x7f0000000440)="$eJzs3T9oJFUcB/DvzO4ac7fIqY0g/gER0UA4O8HmbBQO5DhEBBVORGyUixAT7LJWNhZaq6SyCWJntJQ0wUYRrKKmiI2gwcJgocXK7iQSNytqNtk5Mp8PTGYm89783rDzfbvN7AZorAtJLiVpJZlL0klSHG5wb7Vc2N9dnd28lvT7T/1SDNtV+5WDfueT9JI8kmSjLPJKO1lef27nt60nHnh7qXP/h+vPzk71Ivft7mw/uffBlbc+ufzw8lff/HSlyKV0/3ZdJ68Y8792kdx2GsVuEEW77hHwX1x94+NvB7m/Pcl9w/x3UqZ68d5ZvGmjk4fe/6e+7/789Z3THCtw8vr9zuA9sNcHGqdM0k1Rzieptstyfr76DP9d61z56sLi63MvLyxdf6numQo4Kd1k+/HPZj49P5L/H1tV/oGza5D/p6+ufT/Y3muNHOzP1DMo4HTdVa0G+Z97YeXBjMs/cKbJPzSX/ENzyT80l/xDc8k/NJf8wxnWOdjojT0s/9Bc8g/NJf/QXIfzDwA0S3+m7ieQgbrUPf8AAAAAAAAAAAAAAAAAAABHrc5uXjtYplXzi/eS3ceStMfVbw1/jzi5efj33K/FoNlfiqrbRJ6/Z8ITTOijmp++vuWHeut/eXe99VeuJ703k1xst4/ef8X+/Xd8t/7L8c6LExb4n4qR/UefmW79UX+s1Vv/8lby+WD+uThu/ilzx3A9fv7pHv6K5WN67fcJTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDU/BkAAP//d4lu0g==")
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0xe1, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, &(0x7f0000000000))
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000140)=@v1={0x0, @aes256, 0x4, @desc1})

2.827357003s ago: executing program 0 (id=1260):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, r2, 0x303, 0x0, 0x0, {0x6}, [@BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)

2.768009414s ago: executing program 0 (id=1261):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r0, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)

2.667099639s ago: executing program 1 (id=1263):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f0000000300)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

2.53946909s ago: executing program 0 (id=1264):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000003200)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)

2.524033053s ago: executing program 0 (id=1265):
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x4f3, 0x755, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0xb1, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x101, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xc}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000000)={0x2c, &(0x7f0000000040)={0x20, 0x12, 0x7, {0x7, 0x1, "00f4000000"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$hidraw(&(0x7f0000000280), 0x82, 0x2)
poll(&(0x7f0000000180)=[{r1, 0x10}], 0x1, 0x200)

1.055529799s ago: executing program 6 (id=1277):
r0 = syz_open_dev$video4linux(&(0x7f0000000080), 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0)
ioctl$VIDIOC_QUERYMENU(r0, 0xc040564a, &(0x7f0000000140)={0x0, 0x1, @value=0x101b})

936.358366ms ago: executing program 6 (id=1279):
r0 = socket$inet6(0xa, 0x1, 0x0)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x4c, r1, 0x1, 0x0, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x3}}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0x6}]}]}, 0x4c}}, 0x0)
getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f0000000100)=""/217, &(0x7f0000000200)=0x18)

835.167566ms ago: executing program 1 (id=1280):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
read$FUSE(r0, &(0x7f0000002300)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_LSEEK(r0, &(0x7f00000021c0)={0x18, 0x0, r1, {0x7}}, 0x18)
chown(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)

757.487231ms ago: executing program 3 (id=1282):
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
mount$tmpfs(0x0, 0x0, 0x0, 0x1000040, &(0x7f0000000100)=ANY=[@ANYBLOB='m'])
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xd)
ioctl$UFFDIO_CONTINUE(r0, 0xc020aa07, &(0x7f0000000100)={{&(0x7f0000ff1000/0xc000)=nil, 0xc000}, 0x2})

686.981439ms ago: executing program 3 (id=1283):
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/user\x00')
fchdir(r0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
readlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=""/211, 0xd3)

661.479566ms ago: executing program 6 (id=1284):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, <r2=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f0000000400)={0x48, 0x7, r2, 0x0, 0x10000, 0x0, 0x9, 0x2a7345, 0x20d37, 0xfffffffffffffff0})

554.854158ms ago: executing program 3 (id=1285):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
sendmsg$tipc(r0, &(0x7f00000005c0)={&(0x7f0000000000), 0x10, &(0x7f0000000480)=[{&(0x7f0000000180)="f7", 0x101d0}], 0x1}, 0x0)

554.162543ms ago: executing program 6 (id=1286):
r0 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r0, 0x8)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, &(0x7f0000001840)=0x3d5, 0x4)
accept4(r0, 0x0, 0x0, 0x0)

439.471366ms ago: executing program 3 (id=1287):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0xfef2)
connect$inet(r0, &(0x7f00000000c0)={0x2, 0x4e23, @remote}, 0x10)
r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/tcp\x00')
read$FUSE(r1, &(0x7f00000000c0)={0x2020}, 0x2020)

435.080829ms ago: executing program 6 (id=1288):
r0 = socket$inet(0x2, 0x2, 0x1)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x6e24, @empty}, 0x10)
r1 = socket$inet(0x2, 0x2, 0x1)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e24, @local}, 0x10)
close(r1)

355.578878ms ago: executing program 3 (id=1289):
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0)
r1 = syz_io_uring_setup(0x239, &(0x7f0000000340)={0x0, 0x0, 0x10100}, &(0x7f00000002c0)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000080)={0x4000000})

316.910327ms ago: executing program 6 (id=1290):
r0 = timerfd_create(0x8, 0x0)
timerfd_settime(r0, 0x3, &(0x7f00000000c0)={{0x0, 0x989680}, {0x77359400}}, 0x0)
clock_settime(0x0, &(0x7f0000000100)={0x77359400})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
timerfd_settime(r0, 0x3, &(0x7f0000000300)={{}, {0x77359400}}, 0x0)

467.847µs ago: executing program 3 (id=1291):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f00000000c0)=ANY=[], 0x8)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x4, @mcast2, 0x5}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000140)='batadv0\x00', 0x10)
sendto$inet6(r0, &(0x7f0000000300), 0x626, 0x0, 0x0, 0xfffffffffffffdfd)

0s ago: executing program 0 (id=1292):
r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = epoll_create(0x1)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000280)={0x60002003})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x80044940, &(0x7f0000001480))
epoll_pwait(r1, &(0x7f0000000600)=[{}], 0x1, 0x1, 0x0, 0x0)

kernel console output (not intermixed with test programs):

evice number 2 using dummy_hcd
[  124.568192][ T7040] loop3: detected capacity change from 0 to 1024
[  124.585686][ T7040] EXT4-fs: Ignoring removed mblk_io_submit option
[  124.623588][ T7040] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  124.633463][ T7040] EXT4-fs (loop3): stripe (7) is not aligned with cluster size (4096), stripe is disabled
[  124.670770][ T7040] EXT4-fs error (device loop3): ext4_ext_check_inode:523: inode #11: comm syz.3.310: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  124.718371][ T7040] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.310: couldn't read orphan inode 11 (err -117)
[  124.730165][ T5923] usb 6-1: Using ep0 maxpacket: 32
[  124.745053][ T5923] usb 6-1: config 0 has an invalid interface number: 51 but max is 0
[  124.754305][ T5923] usb 6-1: config 0 has no interface number 0
[  124.762839][ T5923] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  124.774223][ T7040] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  124.789173][ T5923] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  124.797204][ T5923] usb 6-1: Product: syz
[  124.801450][ T5923] usb 6-1: Manufacturer: syz
[  124.806071][ T5923] usb 6-1: SerialNumber: syz
[  124.828921][ T5923] usb 6-1: config 0 descriptor??
[  124.837240][ T5923] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  124.861370][ T7040] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm syz.3.310: Invalid block bitmap block 0 in block_group 0
[  124.899460][ T7040] Quota error (device loop3): write_blk: dquota write failed
[  124.937241][ T7046] EXT4-fs error (device loop3): ext4_nfs_get_inode:1525: inode #11: comm syz.3.310: iget: bad extra_isize 65535 (inode size 256)
[  124.952815][ T7040] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  125.045110][ T7040] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.310: Failed to acquire dquot type 0
[  125.090504][ T5923] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  125.130587][ T5923] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  125.403597][ T5845] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  125.452367][    C0] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71
[  125.456254][ T5898] usb 6-1: USB disconnect, device number 2
[  125.499954][ T5898] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  125.587870][   T30] audit: type=1326 audit(1749194769.717:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7057 comm="syz.3.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf5458e929 code=0x7ffc0000
[  125.654046][ T5898] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  125.696008][   T30] audit: type=1326 audit(1749194769.717:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7057 comm="syz.3.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=444 compat=0 ip=0x7fdf5458e929 code=0x7ffc0000
[  125.721054][ T5898] quatech2 6-1:0.51: device disconnected
[  125.745356][ T7063] netlink: 8 bytes leftover after parsing attributes in process `syz.6.314'.
[  125.796867][   T30] audit: type=1326 audit(1749194769.717:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7057 comm="syz.3.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf5458e929 code=0x7ffc0000
[  125.869552][   T30] audit: type=1326 audit(1749194769.717:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7057 comm="syz.3.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf5458e929 code=0x7ffc0000
[  125.917734][ T7070] loop1: detected capacity change from 0 to 1024
[  125.925373][   T30] audit: type=1326 audit(1749194769.727:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7057 comm="syz.3.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=446 compat=0 ip=0x7fdf5458e929 code=0x7ffc0000
[  125.994484][ T7070] EXT4-fs: Ignoring removed nobh option
[  126.016935][   T30] audit: type=1326 audit(1749194769.727:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7057 comm="syz.3.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf5458e929 code=0x7ffc0000
[  126.049171][ T7070] EXT4-fs: Ignoring removed bh option
[  126.117396][ T7070] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  126.342477][ T5835] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  126.501125][ T7089] loop5: detected capacity change from 0 to 64
[  126.562691][ T7089] Trying to free block not in datazone
[  126.603538][ T7089] minix_free_block (loop5:21): bit already cleared
[  126.994696][ T7072] loop3: detected capacity change from 0 to 32768
[  127.031264][ T7072] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.319 (7072)
[  127.058754][ T7107] openvswitch: netlink: Unknown VXLAN extension attribute 0
[  127.094597][ T7072] BTRFS info (device loop3): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  127.158111][ T7072] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  127.208818][ T7072] BTRFS info (device loop3): using free-space-tree
[  127.667795][ T7133] loop1: detected capacity change from 0 to 1024
[  127.781794][ T7133] EXT4-fs: Ignoring removed nomblk_io_submit option
[  127.890882][ T7133] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  127.979821][ T5845] BTRFS info (device loop3): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  128.074639][ T5835] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  128.299168][   T43] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  128.520506][   T43] usb 7-1: Using ep0 maxpacket: 16
[  128.541802][   T43] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  128.584923][   T43] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  128.622312][   T43] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  128.689160][   T43] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  128.698880][   T43] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  128.780420][   T43] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  128.816588][ T7164] loop3: detected capacity change from 0 to 1764
[  128.827328][   T43] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  128.847624][   T43] usb 7-1: Manufacturer: syz
[  128.864923][   T43] usb 7-1: config 0 descriptor??
[  129.253167][   T43] rc_core: IR keymap rc-hauppauge not found
[  129.279127][   T43] Registered IR keymap rc-empty
[  129.309429][   T43] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  129.329156][   T43] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  129.380152][   T43] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0
[  129.449718][ T7188] netlink: 16 bytes leftover after parsing attributes in process `syz.3.350'.
[  129.463811][   T43] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0/input6
[  129.552401][   T43] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  129.629530][   T43] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  129.712412][   T43] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  129.769201][   T43] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  129.870541][   T43] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  129.897847][   T43] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  129.951009][   T43] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  129.998433][ T7197] mkiss: ax0: crc mode is auto.
[  130.029285][   T43] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  130.100223][   T43] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  130.150980][ T7202] sock: sock_set_timeout: `syz.5.354' (pid 7202) tries to set negative timeout
[  130.179591][   T43] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  130.221292][   T43] mceusb 7-1:0.0: Registered  with mce emulator interface version 1
[  130.279994][   T43] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  130.399155][   T43] usb 7-1: USB disconnect, device number 2
[  130.626810][ T7206] bridge0: port 2(bridge_slave_1) entered disabled state
[  130.635448][ T7206] bridge0: port 1(bridge_slave_0) entered disabled state
[  130.674998][ T7209] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  130.816652][ T7214] bridge_slave_0: vlans aren't supported yet for dev_uc|mc_add()
[  131.049631][ T7223] tun0: tun_chr_ioctl cmd 2147767507
[  131.078570][ T7228] loop9: detected capacity change from 0 to 8
[  131.115222][ T6129] Dev loop9: unable to read RDB block 8
[  131.128795][ T6129]  loop9: unable to read partition table
[  131.142598][ T6129] loop9: partition table beyond EOD, truncated
[  131.171477][ T7228] Dev loop9: unable to read RDB block 8
[  131.198423][ T7228]  loop9: unable to read partition table
[  131.225723][ T7228] loop9: partition table beyond EOD, truncated
[  131.247144][ T7228] loop_reread_partitions: partition scan of loop9 (�被x󟣑� ) failed (rc=-5)
[  131.454115][ T7240] netlink: 28 bytes leftover after parsing attributes in process `syz.1.369'.
[  131.486164][ T7240] netem: change failed
[  131.768938][ T7253] netlink: 212 bytes leftover after parsing attributes in process `syz.1.373'.
[  131.819409][   T30] audit: type=1326 audit(1749194775.937:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7219 comm="syz.5.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff26258e929 code=0x7fc00000
[  132.348652][ T7275] loop5: detected capacity change from 0 to 128
[  132.417330][ T7275] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  132.489117][ T5923] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  132.538847][ T7275] ext4 filesystem being mounted at /21/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  132.640966][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  132.647383][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  132.716392][ T5923] usb 2-1: config 0 has an invalid interface number: 237 but max is 0
[  132.735187][ T5923] usb 2-1: config 0 has no interface number 0
[  132.751364][ T5923] usb 2-1: config 0 interface 237 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  132.774008][ T5923] usb 2-1: config 0 interface 237 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  132.810064][ T5923] usb 2-1: config 0 interface 237 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  132.861004][ T5923] usb 2-1: config 0 interface 237 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  132.943337][ T5923] usb 2-1: New USB device found, idVendor=045e, idProduct=84bd, bcdDevice=89.b6
[  132.952924][ T5923] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  132.963155][ T5923] usb 2-1: Product: syz
[  132.967361][ T5923] usb 2-1: Manufacturer: syz
[  132.997779][ T5923] usb 2-1: SerialNumber: syz
[  133.019321][ T6307] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  133.042097][ T5923] usb 2-1: config 0 descriptor??
[  133.067852][ T5923] xpad 2-1:0.237: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[  133.113393][ T5923] input: Generic X-Box pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.237/input/input7
[  133.129672][ T7256] loop6: detected capacity change from 0 to 40427
[  133.182562][ T7256] F2FS-fs (loop6): Invalid segment count (0)
[  133.209408][ T7256] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  133.292704][ T5923] usb 2-1: USB disconnect, device number 3
[  133.322834][ T7256] F2FS-fs (loop6): invalid crc value
[  133.341078][ T5923] xpad 2-1:0.237: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  133.677061][ T7256] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  133.692980][ T7256] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  133.793311][ T6327] syz-executor: attempt to access beyond end of device
[  133.793311][ T6327] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  133.849921][ T6327] CPU: 0 UID: 0 PID: 6327 Comm: syz-executor Not tainted 6.15.0-next-20250606-syzkaller #0 PREEMPT(full) 
[  133.849947][ T6327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  133.849958][ T6327] Call Trace:
[  133.849965][ T6327]  <TASK>
[  133.849972][ T6327]  dump_stack_lvl+0x189/0x250
[  133.849997][ T6327]  ? __pfx_dump_stack_lvl+0x10/0x10
[  133.850011][ T6327]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  133.850039][ T6327]  ? __pfx_queue_work_on+0x10/0x10
[  133.850055][ T6327]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  133.850081][ T6327]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  133.850109][ T6327]  ? f2fs_hw_is_readonly+0x39b/0x470
[  133.850135][ T6327]  f2fs_handle_critical_error+0x37c/0x540
[  133.850162][ T6327]  f2fs_write_end_io+0x495/0x810
[  133.850183][ T6327]  ? blkg_put+0x22/0x240
[  133.850218][ T6327]  __submit_merged_bio+0x27a/0x6a0
[  133.850245][ T6327]  __submit_merged_write_cond+0x255/0x530
[  133.850271][ T6327]  f2fs_write_data_pages+0x261d/0x3000
[  133.850325][ T6327]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  133.850360][ T6327]  ? arch_stack_walk+0xfc/0x150
[  133.850402][ T6327]  ? __mod_zone_page_state+0xd7/0x140
[  133.850428][ T6327]  ? folios_put_refs+0x560/0x640
[  133.850462][ T6327]  ? __lock_acquire+0xab9/0xd20
[  133.850494][ T6327]  ? do_raw_spin_lock+0x121/0x290
[  133.850524][ T6327]  ? do_raw_spin_unlock+0x122/0x240
[  133.850544][ T6327]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  133.850567][ T6327]  do_writepages+0x32b/0x550
[  133.850611][ T6327]  ? do_raw_spin_unlock+0x122/0x240
[  133.850635][ T6327]  filemap_fdatawrite+0x191/0x230
[  133.850653][ T6327]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  133.850714][ T6327]  ? do_raw_spin_unlock+0x122/0x240
[  133.850738][ T6327]  f2fs_sync_dirty_inodes+0x31f/0x830
[  133.850777][ T6327]  f2fs_write_checkpoint+0x94a/0x1de0
[  133.850823][ T6327]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  133.850892][ T6327]  ? kill_f2fs_super+0x298/0x6c0
[  133.850922][ T6327]  kill_f2fs_super+0x2c3/0x6c0
[  133.850952][ T6327]  ? __pfx_kill_f2fs_super+0x10/0x10
[  133.850974][ T6327]  ? radix_tree_delete_item+0x2b6/0x400
[  133.850998][ T6327]  ? shrinker_free+0x2ce/0x3e0
[  133.851022][ T6327]  deactivate_locked_super+0xb9/0x130
[  133.851049][ T6327]  cleanup_mnt+0x425/0x4c0
[  133.851073][ T6327]  ? lockdep_hardirqs_on+0x9c/0x150
[  133.851093][ T6327]  task_work_run+0x1d1/0x260
[  133.851117][ T6327]  ? __pfx_task_work_run+0x10/0x10
[  133.851136][ T6327]  ? __x64_sys_umount+0x122/0x160
[  133.851158][ T6327]  ? exit_to_user_mode_loop+0x40/0x110
[  133.851185][ T6327]  exit_to_user_mode_loop+0xec/0x110
[  133.851209][ T6327]  do_syscall_64+0x2bd/0x3b0
[  133.851226][ T6327]  ? lockdep_hardirqs_on+0x9c/0x150
[  133.851243][ T6327]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.851260][ T6327]  ? clear_bhb_loop+0x60/0xb0
[  133.851280][ T6327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.851297][ T6327] RIP: 0033:0x7f92f818fc57
[  133.851312][ T6327] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  133.851332][ T6327] RSP: 002b:00007fff3c395a58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  133.851353][ T6327] RAX: 0000000000000000 RBX: 00007f92f8210925 RCX: 00007f92f818fc57
[  133.851365][ T6327] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff3c395b10
[  133.851375][ T6327] RBP: 00007fff3c395b10 R08: 0000000000000000 R09: 0000000000000000
[  133.851385][ T6327] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff3c396ba0
[  133.851396][ T6327] R13: 00007f92f8210925 R14: 0000000000020a5a R15: 00007fff3c396be0
[  133.851423][ T6327]  </TASK>
[  133.851711][ T6327] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  134.201593][ T7313] 9pnet_fd: Insufficient options for proto=fd
[  134.744711][ T7327] loop3: detected capacity change from 0 to 1024
[  134.843327][ T7327] hfsplus: bad catalog folder thread
[  134.951688][   T64] hfsplus: found bad thread record in catalog
[  135.277970][ T7342] Sensor A: =================  START STATUS  =================
[  135.333253][ T7342] Sensor A: Test Pattern: 75% Colorbar
[  135.351549][ T7342] Sensor A: Show Information: All
[  135.356839][ T7342] Sensor A: Vertical Flip: false
[  135.364303][ T7342] Sensor A: Horizontal Flip: false
[  135.386663][ T7342] Sensor A: Brightness: 128
[  135.391366][ T7342] Sensor A: Contrast: 128
[  135.405915][ T7342] Sensor A: Hue: 0
[  135.410321][ T7342] Sensor A: Saturation: 128
[  135.429582][ T7342] Sensor A: ==================  END STATUS  ==================
[  135.638520][ T5923] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  135.674764][ T5923] hid-generic 0000:0000:0000.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  135.879443][ T5913] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  135.985786][ T7339] loop6: detected capacity change from 0 to 32768
[  136.005665][ T7339] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.386 (7339)
[  136.049675][ T7339] BTRFS info (device loop6): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  136.065162][ T5913] usb 6-1: Using ep0 maxpacket: 16
[  136.069146][ T7339] BTRFS info (device loop6): using sha256 (sha256-x86_64) checksum algorithm
[  136.097576][ T5913] usb 6-1: config 1 interface 0 altsetting 93 bulk endpoint 0x82 has invalid maxpacket 1024
[  136.108009][ T7339] BTRFS info (device loop6): using free-space-tree
[  136.134134][ T5913] usb 6-1: config 1 interface 0 altsetting 93 bulk endpoint 0x3 has invalid maxpacket 64
[  136.143612][ T7366] vxcan1: tx address claim with dlc 0
[  136.185267][ T5913] usb 6-1: config 1 interface 0 altsetting 93 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  136.205887][ T5913] usb 6-1: config 1 interface 0 has no altsetting 0
[  136.214547][ T5913] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  136.296771][ T5913] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  136.361848][ T5913] usb 6-1: SerialNumber: syz
[  136.417574][ T7351] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  136.432741][ T7351] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  136.502692][ T7345] loop3: detected capacity change from 0 to 32768
[  136.553700][ T6327] BTRFS info (device loop6): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  136.606238][ T7345] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  136.649633][ T5898] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  136.749763][ T5913] cdc_ether 6-1:1.0: probe with driver cdc_ether failed with error -71
[  136.784366][ T7345] XFS (loop3): Ending clean mount
[  136.805245][ T5898] usb 2-1: config 0 interface 0 altsetting 10 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  136.849302][ T5913] usb 6-1: USB disconnect, device number 3
[  136.865927][ T5898] usb 2-1: config 0 interface 0 altsetting 10 endpoint 0x81 has invalid wMaxPacketSize 0
[  136.933193][ T5898] usb 2-1: config 0 interface 0 has no altsetting 0
[  136.957878][ T5898] usb 2-1: New USB device found, idVendor=046d, idProduct=c082, bcdDevice= 0.00
[  137.018564][ T5898] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  137.098790][ T5898] usb 2-1: config 0 descriptor??
[  137.225061][ T5845] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  137.885663][ T7422] loop3: detected capacity change from 0 to 64
[  137.998597][ T7422] syz.3.406: attempt to access beyond end of device
[  137.998597][ T7422] loop3: rw=0, sector=268435468, nr_sectors = 2 limit=64
[  138.059434][ T7422] Buffer I/O error on dev loop3, logical block 134217734, async page read
[  138.072381][ T5898] logitech-hidpp-device 0003:046D:C082.0002: hidraw0: USB HID v0.c4 Device [HID 046d:c082] on usb-dummy_hcd.1-1/input0
[  138.206689][ T5898] usb 2-1: USB disconnect, device number 4
[  138.312827][ T7432] fido_id[7432]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory
[  138.342901][ T7434] Trying to free block not in datazone
[  138.582962][ T7444] netlink: 4 bytes leftover after parsing attributes in process `syz.3.416'.
[  138.670075][ T7444] mac80211_hwsim hwsim5 wlan1: entered promiscuous mode
[  138.702798][ T7444] macvtap1: entered promiscuous mode
[  138.771216][ T7444] mac80211_hwsim hwsim5 wlan1: left promiscuous mode
[  138.914018][ T7425] loop6: detected capacity change from 0 to 32768
[  138.960681][ T7425] XFS: noikeep mount option is deprecated.
[  139.007697][ T7425] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  139.176632][ T7471] loop3: detected capacity change from 0 to 64
[  139.233447][ T7425] XFS (loop6): Ending clean mount
[  139.285091][ T7425] XFS (loop6): Quotacheck needed: Please wait.
[  139.402574][ T7425] XFS (loop6): Quotacheck: Done.
[  139.405071][ T7471] hfs: request for non-existent node 327680 in B*Tree
[  139.453826][ T7471] hfs: request for non-existent node 327680 in B*Tree
[  139.489439][ T7471] hfs: request for non-existent node 327680 in B*Tree
[  139.516377][ T7471] hfs: request for non-existent node 327680 in B*Tree
[  139.546976][ T7474] hfs: request for non-existent node 327680 in B*Tree
[  139.564614][ T7474] hfs: request for non-existent node 327680 in B*Tree
[  139.613151][ T6327] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  139.712802][ T1107] hfs: request for non-existent node 327680 in B*Tree
[  139.769242][ T1107] hfs: request for non-existent node 327680 in B*Tree
[  139.838193][ T7480] loop5: detected capacity change from 0 to 4096
[  140.296025][ T7495] Falling back ldisc for ttyS3.
[  140.828134][ T7511] bridge0: port 2(bridge_slave_1) entered disabled state
[  141.276796][ T7538] program syz.0.450 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  141.914825][ T7537] loop6: detected capacity change from 0 to 32768
[  141.926457][   T30] audit: type=1326 audit(1749194786.067:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7558 comm="syz.0.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ef398e929 code=0x7ffc0000
[  141.947235][ T7537] XFS: attr2 mount option is deprecated.
[  142.057692][   T30] audit: type=1326 audit(1749194786.077:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7558 comm="syz.0.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ef398e929 code=0x7ffc0000
[  142.166192][ T7537] XFS (loop6): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  142.201887][   T30] audit: type=1326 audit(1749194786.077:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7558 comm="syz.0.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1ef398e929 code=0x7ffc0000
[  142.235000][   T30] audit: type=1326 audit(1749194786.097:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7558 comm="syz.0.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ef398e929 code=0x7ffc0000
[  142.271984][   T30] audit: type=1326 audit(1749194786.097:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7558 comm="syz.0.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1ef39858e7 code=0x7ffc0000
[  142.301617][   T30] audit: type=1326 audit(1749194786.097:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7558 comm="syz.0.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1ef392ab19 code=0x7ffc0000
[  142.324174][   T30] audit: type=1326 audit(1749194786.097:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7558 comm="syz.0.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=17 compat=0 ip=0x7f1ef398e929 code=0x7ffc0000
[  142.324220][   T30] audit: type=1326 audit(1749194786.097:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7558 comm="syz.0.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1ef39858e7 code=0x7ffc0000
[  142.324260][   T30] audit: type=1326 audit(1749194786.097:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7558 comm="syz.0.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1ef392ab19 code=0x7ffc0000
[  142.324309][   T30] audit: type=1326 audit(1749194786.097:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7558 comm="syz.0.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ef398e929 code=0x7ffc0000
[  142.388246][ T7537] XFS (loop6): Ending clean mount
[  142.393156][ T7537] XFS (loop6): Quotacheck needed: Please wait.
[  142.563661][ T7537] XFS (loop6): Quotacheck: Done.
[  142.815858][ T6327] XFS (loop6): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  142.984262][ T7598] netlink: 4 bytes leftover after parsing attributes in process `syz.3.469'.
[  143.035009][ T7599] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  143.411999][ T7608] loop3: detected capacity change from 0 to 2048
[  143.437971][ T7608] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  144.130294][ T7629] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  144.454310][ T7607] loop6: detected capacity change from 0 to 40427
[  144.496052][ T7607] F2FS-fs (loop6): Invalid log blocks per segment (4278190089)
[  144.549124][ T7607] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  144.598432][ T7607] F2FS-fs (loop6): invalid crc value
[  144.960253][ T7647] openvswitch: netlink: VXLAN extension 0 has unexpected len 4 expected 0
[  144.998690][ T7607] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  145.007037][   T43] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  145.043129][ T7607] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  145.228413][   T43] usb 6-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  145.264537][   T43] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  145.307787][   T43] usb 6-1: Product: syz
[  145.329596][   T43] usb 6-1: Manufacturer: syz
[  145.336174][ T6327] syz-executor: attempt to access beyond end of device
[  145.336174][ T6327] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  145.367227][   T43] usb 6-1: SerialNumber: syz
[  145.391142][   T43] usb 6-1: config 0 descriptor??
[  145.401455][ T6327] CPU: 1 UID: 0 PID: 6327 Comm: syz-executor Not tainted 6.15.0-next-20250606-syzkaller #0 PREEMPT(full) 
[  145.401479][ T6327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  145.401490][ T6327] Call Trace:
[  145.401496][ T6327]  <TASK>
[  145.401504][ T6327]  dump_stack_lvl+0x189/0x250
[  145.401529][ T6327]  ? __pfx_dump_stack_lvl+0x10/0x10
[  145.401543][ T6327]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  145.401571][ T6327]  ? __pfx_queue_work_on+0x10/0x10
[  145.401588][ T6327]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  145.401615][ T6327]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  145.401643][ T6327]  ? f2fs_hw_is_readonly+0x39b/0x470
[  145.401668][ T6327]  f2fs_handle_critical_error+0x37c/0x540
[  145.401695][ T6327]  f2fs_write_end_io+0x495/0x810
[  145.401723][ T6327]  ? blkg_put+0x22/0x240
[  145.401757][ T6327]  __submit_merged_bio+0x27a/0x6a0
[  145.401784][ T6327]  __submit_merged_write_cond+0x255/0x530
[  145.401811][ T6327]  f2fs_write_data_pages+0x261d/0x3000
[  145.401865][ T6327]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  145.401899][ T6327]  ? is_bpf_text_address+0x292/0x2b0
[  145.401925][ T6327]  ? is_bpf_text_address+0x26/0x2b0
[  145.401976][ T6327]  ? stack_trace_save+0x9c/0xe0
[  145.401997][ T6327]  ? stack_depot_save_flags+0x40/0x900
[  145.402035][ T6327]  ? __schedule+0x16fd/0x4d00
[  145.402049][ T6327]  ? schedule+0x165/0x360
[  145.402062][ T6327]  ? schedule_timeout+0x9a/0x270
[  145.402094][ T6327]  ? __lock_acquire+0xab9/0xd20
[  145.402132][ T6327]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  145.402156][ T6327]  do_writepages+0x32b/0x550
[  145.402193][ T6327]  ? do_raw_spin_unlock+0x122/0x240
[  145.402218][ T6327]  filemap_fdatawrite+0x191/0x230
[  145.402235][ T6327]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  145.402295][ T6327]  ? do_raw_spin_unlock+0x122/0x240
[  145.402319][ T6327]  f2fs_sync_dirty_inodes+0x31f/0x830
[  145.402357][ T6327]  f2fs_write_checkpoint+0x94a/0x1de0
[  145.402403][ T6327]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  145.402472][ T6327]  ? kill_f2fs_super+0x298/0x6c0
[  145.402501][ T6327]  kill_f2fs_super+0x2c3/0x6c0
[  145.402531][ T6327]  ? __pfx_kill_f2fs_super+0x10/0x10
[  145.402553][ T6327]  ? radix_tree_delete_item+0x2b6/0x400
[  145.402577][ T6327]  ? shrinker_free+0x2ce/0x3e0
[  145.402601][ T6327]  deactivate_locked_super+0xb9/0x130
[  145.402628][ T6327]  cleanup_mnt+0x425/0x4c0
[  145.402651][ T6327]  ? lockdep_hardirqs_on+0x9c/0x150
[  145.402672][ T6327]  task_work_run+0x1d1/0x260
[  145.402696][ T6327]  ? __pfx_task_work_run+0x10/0x10
[  145.402719][ T6327]  ? __x64_sys_umount+0x122/0x160
[  145.402741][ T6327]  ? exit_to_user_mode_loop+0x40/0x110
[  145.402768][ T6327]  exit_to_user_mode_loop+0xec/0x110
[  145.402793][ T6327]  do_syscall_64+0x2bd/0x3b0
[  145.402810][ T6327]  ? lockdep_hardirqs_on+0x9c/0x150
[  145.402827][ T6327]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.402844][ T6327]  ? clear_bhb_loop+0x60/0xb0
[  145.402865][ T6327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.402881][ T6327] RIP: 0033:0x7f92f818fc57
[  145.402896][ T6327] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  145.402910][ T6327] RSP: 002b:00007fff3c395a58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  145.402928][ T6327] RAX: 0000000000000000 RBX: 00007f92f8210925 RCX: 00007f92f818fc57
[  145.402940][ T6327] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff3c395b10
[  145.402950][ T6327] RBP: 00007fff3c395b10 R08: 0000000000000000 R09: 0000000000000000
[  145.402960][ T6327] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff3c396ba0
[  145.402971][ T6327] R13: 00007f92f8210925 R14: 0000000000023732 R15: 00007fff3c396be0
[  145.402999][ T6327]  </TASK>
[  145.403006][ T6327] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  146.003857][ T5958] usb 6-1: USB disconnect, device number 4
[  146.138947][ T7663] loop3: detected capacity change from 0 to 32768
[  146.149401][ T7663] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.497 (7663)
[  146.184884][ T7663] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  146.196497][ T7663] BTRFS info (device loop3): using crc32c (crc32c-x86_64) checksum algorithm
[  146.208683][ T7663] BTRFS info (device loop3): using free-space-tree
[  146.267561][ T7663] BTRFS info (device loop3): rebuilding free space tree
[  146.344909][ T7663] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_LZO (0x8)
[  146.415119][ T5845] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  146.945552][ T7700] loop5: detected capacity change from 0 to 4096
[  146.961120][ T7700] ntfs3(loop5): Different NTFS sector size (1024) and media sector size (512).
[  147.016912][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  147.016928][   T30] audit: type=1800 audit(1749194791.147:30): pid=7700 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.505" name="bus" dev="loop5" ino=33 res=0 errno=0
[  147.055143][ T7707] netlink: 4 bytes leftover after parsing attributes in process `syz.0.508'.
[  147.292994][ T7720] veth0_to_bond: entered promiscuous mode
[  147.319432][   T43] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  147.351723][ T7722] netlink: 56 bytes leftover after parsing attributes in process `syz.3.516'.
[  147.373971][ T7722] netlink: 28 bytes leftover after parsing attributes in process `syz.3.516'.
[  147.420724][ T7722] netlink: 56 bytes leftover after parsing attributes in process `syz.3.516'.
[  147.492002][   T43] usb 2-1: Using ep0 maxpacket: 32
[  147.499322][   T43] usb 2-1: config 4 has an invalid interface number: 228 but max is 0
[  147.518055][   T43] usb 2-1: config 4 has no interface number 0
[  147.531126][   T43] usb 2-1: config 4 interface 228 altsetting 68 endpoint 0x7 has an invalid bInterval 251, changing to 11
[  147.549157][   T43] usb 2-1: config 4 interface 228 altsetting 68 endpoint 0x7 has invalid maxpacket 49748, setting to 1024
[  147.609689][   T43] usb 2-1: config 4 interface 228 has no altsetting 0
[  147.681621][   T43] usb 2-1: New USB device found, idVendor=0499, idProduct=a9a2, bcdDevice=c4.e8
[  147.715143][   T43] usb 2-1: New USB device strings: Mfr=1, Product=25, SerialNumber=3
[  147.735083][   T43] usb 2-1: Product: syz
[  147.739820][   T43] usb 2-1: Manufacturer: syz
[  147.782374][   T43] usb 2-1: SerialNumber: syz
[  147.872227][ T7750] sp0: Synchronizing with TNC
[  148.047990][   T43] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  148.068918][   T43] usb 2-1: invalid MIDI in EP 0
[  148.193558][   T43] snd-usb-audio 2-1:4.228: probe with driver snd-usb-audio failed with error -22
[  148.242804][   T43] usb 2-1: USB disconnect, device number 5
[  148.414302][ T7775] netlink: 8 bytes leftover after parsing attributes in process `syz.0.540'.
[  148.727761][ T7759] loop6: detected capacity change from 0 to 32768
[  148.777986][ T7759] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  148.929450][ T5913] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  148.962166][ T7759] XFS (loop6): Ending clean mount
[  148.996045][ T7759] XFS (loop6): Quotacheck needed: Please wait.
[  149.067699][ T7759] XFS (loop6): Quotacheck: Done.
[  149.095483][ T5913] usb 6-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  149.134415][ T5913] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  149.165557][ T5913] usb 6-1: config 0 descriptor??
[  149.196139][ T5913] gspca_main: cpia1-2.14.0 probing 0813:0001
[  149.251680][ T6327] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  149.275422][ T7783] loop3: detected capacity change from 0 to 32768
[  149.346575][ T7783] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  149.517193][ T7783] XFS (loop3): Ending clean mount
[  149.537217][ T7783] XFS (loop3): Quotacheck needed: Please wait.
[  149.554232][ T7824] netlink: 8 bytes leftover after parsing attributes in process `syz.0.557'.
[  149.579083][ T7824] macsec0: entered promiscuous mode
[  149.598828][ T7783] XFS (loop3): Quotacheck: Done.
[  149.604822][ T5913] cpia1 6-1:0.0: unexpected state after lo power cmd: 00
[  149.781616][ T5845] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  150.008733][ T5913] gspca_cpia1: usb_control_msg 02, error -71
[  150.018944][ T5913] gspca_cpia1: usb_control_msg 05, error -71
[  150.044698][ T5913] cpia1 6-1:0.0: unexpected systemstate: 00
[  150.069602][ T5913] usb 6-1: USB disconnect, device number 5
[  150.142749][ T7826] loop6: detected capacity change from 0 to 32768
[  150.298117][ T7846] netlink: 'syz.3.567': attribute type 9 has an invalid length.
[  150.317781][ T7846] netlink: 8 bytes leftover after parsing attributes in process `syz.3.567'.
[  150.352347][ T7846] hsr0: entered promiscuous mode
[  150.368113][ T7846] macvlan2: entered promiscuous mode
[  150.378212][ T7846] macvlan2: entered allmulticast mode
[  150.388157][ T7846] hsr0: entered allmulticast mode
[  150.419006][ T7846] hsr_slave_0: entered allmulticast mode
[  150.425184][ T7846] hsr_slave_1: entered allmulticast mode
[  150.460235][ T7826] netlink: 24 bytes leftover after parsing attributes in process `syz.6.555'.
[  151.203362][ T7868] loop6: detected capacity change from 0 to 4096
[  151.241153][ T7868] ntfs3(loop6): Different NTFS sector size (1024) and media sector size (512).
[  151.263695][ T7853] loop3: detected capacity change from 0 to 32768
[  151.333810][ T7868] ntfs3(loop6): Failed to load $Extend (-22).
[  151.350954][ T7868] ntfs3(loop6): Failed to initialize $Extend.
[  151.419361][  T111] blkno = 8ed2c, nblocks = 1
[  151.424020][  T111] ERROR: (device loop3): dbUpdatePMap: blocks are outside the map
[  151.424020][  T111] 
[  151.451196][  T111] ERROR: (device loop3): remounting filesystem as read-only
[  151.468977][  T111] JFS: metapage_get_blocks failed
[  151.479546][  T111] ERROR: (device loop3): release_metapage: metapage_write_one() failed
[  151.479546][  T111] 
[  151.509413][  T111] blkno = 8ed2c, nblocks = 1
[  151.514138][  T111] ERROR: (device loop3): dbUpdatePMap: blocks are outside the map
[  151.514138][  T111] 
[  151.613177][ T7880] syzkaller1: tun_chr_ioctl cmd 1074025677
[  151.639378][ T7880] syzkaller1: linktype set to 780
[  151.862109][ T7872] loop5: detected capacity change from 0 to 32768
[  151.942313][ T7872] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  151.995160][ T7872] (syz.5.579,7872,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len % 4 != 0 - offset=312, inode=13845347915746889, rec_len=25793, name_len=214
[  152.077945][ T6307] ocfs2: Unmounting device (7,5) on (node local)
[  152.253677][ T7908] netlink: 4 bytes leftover after parsing attributes in process `syz.0.597'.
[  152.269861][ T7908] netlink: 3 bytes leftover after parsing attributes in process `syz.0.597'.
[  153.140279][ T7930] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  153.147107][ T7930] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  153.175339][ T7930] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  153.181930][ T7930] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  153.215801][ T7911] loop6: detected capacity change from 0 to 131072
[  153.216032][ T7930] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  153.228915][ T7930] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  153.237786][ T7911] F2FS-fs (loop6): invalid crc value
[  153.253452][ T7930] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  153.259986][ T7930] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  153.267967][ T7930] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  153.274435][ T7930] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  153.347847][ T7911] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e4
[  153.369236][ T7938] overlay: filesystem on ./file1 not supported
[  153.861561][   T30] audit: type=1326 audit(1749194797.987:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7959 comm="syz.1.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcda3d8e929 code=0x7ffc0000
[  153.913646][   T30] audit: type=1326 audit(1749194797.987:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7959 comm="syz.1.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcda3d8e929 code=0x7ffc0000
[  153.938919][   T30] audit: type=1326 audit(1749194797.987:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7959 comm="syz.1.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7fcda3d8e929 code=0x7ffc0000
[  153.979834][ T7966] netlink: 'syz.1.623': attribute type 1 has an invalid length.
[  153.989912][   T30] audit: type=1326 audit(1749194797.987:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7959 comm="syz.1.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcda3d8e929 code=0x7ffc0000
[  154.012798][ T7966] netlink: 172 bytes leftover after parsing attributes in process `syz.1.623'.
[  154.075375][   T30] audit: type=1326 audit(1749194797.987:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7959 comm="syz.1.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcda3d8e929 code=0x7ffc0000
[  154.117755][   T30] audit: type=1326 audit(1749194797.987:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7959 comm="syz.1.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=332 compat=0 ip=0x7fcda3d8e929 code=0x7ffc0000
[  154.175335][   T30] audit: type=1326 audit(1749194797.987:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7959 comm="syz.1.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcda3d8e929 code=0x7ffc0000
[  154.227070][   T30] audit: type=1326 audit(1749194797.987:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7959 comm="syz.1.619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcda3d8e929 code=0x7ffc0000
[  154.964523][ T8011] loop6: detected capacity change from 0 to 1024
[  154.986637][ T8011] hfsplus: Unknown parameter 'Ky�r�>RA�j�O�}0�A�R�l�9�ri�$��c�C����|h�}��z������P���a�biN�U2��!:���x�i�U��R��-���P�|�<��C����Rк�.�����uO�\�R��l�d]F�}�5��ǣ��ǩ{��]����sy���p���>����jqK�
[  154.986637][ T8011] ��0���'
[  154.997514][ T8013] loop3: detected capacity change from 0 to 256
[  155.062565][ T8011] bpf: Bad value for 'gid'
[  155.067109][ T8013] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  155.112488][ T8013] exFAT-fs (loop3): Medium has reported failures. Some data may be lost.
[  155.144727][ T8013] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  155.709191][ T5913] usb 6-1: new full-speed USB device number 6 using dummy_hcd
[  155.905374][ T5913] usb 6-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00
[  155.923969][ T5913] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  155.949905][ T5913] usb 6-1: config 0 descriptor??
[  155.970294][ T5913] ftdi_sio 6-1:0.0: FTDI USB Serial Device converter detected
[  156.021596][ T8037] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  156.154946][ T8039] loop6: detected capacity change from 0 to 2048
[  156.162937][ T5913] usb 6-1: Detected FT232B
[  156.217477][ T8039] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  156.334352][ T8047] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.654: bg 0: block 234: padding at end of block bitmap is not set
[  156.358221][ T8046] loop3: detected capacity change from 0 to 2048
[  156.359650][ T8047] EXT4-fs (loop6): Remounting filesystem read-only
[  156.375857][ T5913] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  156.388810][ T5913] usb 6-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  156.399893][   T10] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  156.425982][ T8046] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  156.537252][ T5845] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  156.574817][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  156.601715][ T5913] usb 6-1: USB disconnect, device number 6
[  156.608718][ T6327] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  156.622947][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  156.635315][ T5913] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  156.647049][   T10] usb 1-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00
[  156.656418][ T5913] ftdi_sio 6-1:0.0: device disconnected
[  156.664887][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  156.681011][   T10] usb 1-1: config 0 descriptor??
[  156.808900][ T8065] bridge0: entered promiscuous mode
[  156.821575][ T8065] macvlan2: entered promiscuous mode
[  157.234212][ T8088] syz.5.675: attempt to access beyond end of device
[  157.234212][ T8088] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  157.275531][ T8090] netlink: 12 bytes leftover after parsing attributes in process `syz.1.676'.
[  157.505809][ T8098] cgroup: fork rejected by pids controller in /syz5
[  157.519269][   T10] hid-led 0003:27B8:01ED.0003: probe with driver hid-led failed with error -71
[  157.558231][   T10] usb 1-1: USB disconnect, device number 4
[  158.105571][ T6276] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  158.169510][ T8082] loop6: detected capacity change from 0 to 65536
[  158.188553][ T8105] loop3: detected capacity change from 0 to 40427
[  158.208971][ T6276] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  158.216333][ T8105] F2FS-fs (loop3): invalid crc value
[  158.227969][ T8082] XFS (loop6): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  158.280151][ T8082] XFS (loop6): Ending clean mount
[  158.321423][ T6276] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  158.323588][ T8082] XFS (loop6): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xe0, xfs_cntbt block 0x6 
[  158.369432][ T8082] XFS (loop6): Unmount and run xfs_repair
[  158.375978][ T8082] XFS (loop6): First 128 bytes of corrupted metadata buffer:
[  158.383532][ T8105] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  158.392226][ T8082] 00000000: 41 42 33 43 00 00 00 02 ff ff ff ff ff ff ff ff  AB3C............
[  158.434810][   T30] audit: type=1800 audit(1749194802.567:39): pid=8105 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.683" name="file1" dev="loop3" ino=10 res=0 errno=0
[  158.436487][ T8082] 00000010: 00 00 00 00 00 00 00 06 00 00 00 01 00 00 00 10  ................
[  158.465983][ T8082] 00000020: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  158.476028][ T8082] 00000030: 00 00 00 00 b2 4a d0 a1 00 00 00 0d 00 00 00 03  .....J..........
[  158.484991][ T8082] 00000040: 00 00 00 39 00 00 3f c7 00 00 00 00 00 00 00 00  ...9..?.........
[  158.491082][ T8105] syz.3.683: attempt to access beyond end of device
[  158.491082][ T8105] loop3: rw=34817, sector=53248, nr_sectors = 8 limit=40427
[  158.518380][ T8082] 00000050: 00 00 00 00 00 00 00 00 00 00 00 3f 00 00 00 00  ...........?....
[  158.531489][ T6276] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  158.562747][ T8082] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  158.584288][ T8082] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  158.604308][ T8082] XFS (loop6): metadata I/O error in "xfs_btree_read_buf_block+0x290/0x470" at daddr 0x6 len 2 error 74
[  158.628398][ T5845] syz-executor: attempt to access beyond end of device
[  158.628398][ T5845] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  158.668361][ T5845] CPU: 0 UID: 0 PID: 5845 Comm: syz-executor Not tainted 6.15.0-next-20250606-syzkaller #0 PREEMPT(full) 
[  158.668387][ T5845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  158.668404][ T5845] Call Trace:
[  158.668411][ T5845]  <TASK>
[  158.668418][ T5845]  dump_stack_lvl+0x189/0x250
[  158.668441][ T5845]  ? __pfx_dump_stack_lvl+0x10/0x10
[  158.668454][ T5845]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  158.668483][ T5845]  ? __pfx_queue_work_on+0x10/0x10
[  158.668501][ T5845]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  158.668528][ T5845]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  158.668556][ T5845]  ? f2fs_hw_is_readonly+0x39b/0x470
[  158.668583][ T5845]  f2fs_handle_critical_error+0x37c/0x540
[  158.668610][ T5845]  f2fs_write_end_io+0x495/0x810
[  158.668633][ T5845]  ? blkg_put+0x22/0x240
[  158.668668][ T5845]  __submit_merged_bio+0x27a/0x6a0
[  158.668694][ T5845]  __submit_merged_write_cond+0x255/0x530
[  158.668722][ T5845]  f2fs_write_data_pages+0x261d/0x3000
[  158.668777][ T5845]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  158.668849][ T5845]  ? unwind_next_frame+0xa5/0x2390
[  158.668873][ T5845]  ? rcu_is_watching+0x15/0xb0
[  158.668897][ T5845]  ? __kasan_check_byte+0x12/0x40
[  158.668927][ T5845]  ? __lock_acquire+0xab9/0xd20
[  158.668960][ T5845]  ? do_raw_spin_lock+0x121/0x290
[  158.668990][ T5845]  ? do_raw_spin_unlock+0x122/0x240
[  158.669010][ T5845]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  158.669032][ T5845]  do_writepages+0x32b/0x550
[  158.669067][ T5845]  ? do_raw_spin_unlock+0x122/0x240
[  158.669086][ T5845]  filemap_fdatawrite+0x191/0x230
[  158.669102][ T5845]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  158.669158][ T5845]  ? do_raw_spin_unlock+0x122/0x240
[  158.669181][ T5845]  f2fs_sync_dirty_inodes+0x31f/0x830
[  158.669221][ T5845]  f2fs_write_checkpoint+0x94a/0x1de0
[  158.669266][ T5845]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  158.669331][ T5845]  ? kill_f2fs_super+0x298/0x6c0
[  158.669361][ T5845]  kill_f2fs_super+0x2c3/0x6c0
[  158.669392][ T5845]  ? __pfx_kill_f2fs_super+0x10/0x10
[  158.669419][ T5845]  ? radix_tree_delete_item+0x2b6/0x400
[  158.669438][ T5845]  ? shrinker_free+0x2ce/0x3e0
[  158.669460][ T5845]  deactivate_locked_super+0xb9/0x130
[  158.669486][ T5845]  cleanup_mnt+0x425/0x4c0
[  158.669506][ T5845]  ? lockdep_hardirqs_on+0x9c/0x150
[  158.669523][ T5845]  task_work_run+0x1d1/0x260
[  158.669543][ T5845]  ? __pfx_task_work_run+0x10/0x10
[  158.669557][ T5845]  ? __x64_sys_umount+0x122/0x160
[  158.669574][ T5845]  ? exit_to_user_mode_loop+0x40/0x110
[  158.669599][ T5845]  exit_to_user_mode_loop+0xec/0x110
[  158.669619][ T5845]  do_syscall_64+0x2bd/0x3b0
[  158.669633][ T5845]  ? lockdep_hardirqs_on+0x9c/0x150
[  158.669646][ T5845]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.669659][ T5845]  ? clear_bhb_loop+0x60/0xb0
[  158.669678][ T5845]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.669691][ T5845] RIP: 0033:0x7fdf5458fc57
[  158.669706][ T5845] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  158.669718][ T5845] RSP: 002b:00007ffe106ed3d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  158.669734][ T5845] RAX: 0000000000000000 RBX: 00007fdf54610925 RCX: 00007fdf5458fc57
[  158.669743][ T5845] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe106ed490
[  158.669752][ T5845] RBP: 00007ffe106ed490 R08: 0000000000000000 R09: 0000000000000000
[  158.669762][ T5845] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe106ee520
[  158.669770][ T5845] R13: 00007fdf54610925 R14: 0000000000026b45 R15: 00007ffe106ee560
[  158.669793][ T5845]  </TASK>
[  158.689211][ T8082] XFS (loop6): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x517/0x8e0 (fs/xfs/xfs_trans_buf.c:311).  Shutting down filesystem.
[  158.776238][ T5845] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  158.813861][ T8082] XFS (loop6): Please unmount the filesystem and rectify the problem(s)
[  159.083358][ T6276] bridge_slave_1: left allmulticast mode
[  159.104089][ T6276] bridge_slave_1: left promiscuous mode
[  159.123994][ T6327] XFS (loop6): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  159.125341][ T6276] bridge0: port 2(bridge_slave_1) entered disabled state
[  159.200332][ T6276] bridge_slave_0: left allmulticast mode
[  159.215697][ T6276] bridge_slave_0: left promiscuous mode
[  159.247837][ T6276] bridge0: port 1(bridge_slave_0) entered disabled state
[  159.269188][ T5159] Bluetooth: hci4: command tx timeout
[  159.426279][ T5851] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  159.437136][ T5851] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  159.447803][ T5851] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  159.489238][ T5851] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  159.497190][ T5851] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  160.114777][ T6276] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  160.136104][ T6276] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  160.158362][ T8153] loop6: detected capacity change from 0 to 64
[  160.159704][ T8141] loop3: detected capacity change from 0 to 32768
[  160.173362][ T6276] bond0 (unregistering): Released all slaves
[  160.196785][ T8141] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  160.209627][ T8139] netlink: 32 bytes leftover after parsing attributes in process `syz.0.696'.
[  160.476165][ T8141] XFS (loop3): Ending clean mount
[  160.495024][ T8141] XFS (loop3): Quotacheck needed: Please wait.
[  160.545879][ T8141] XFS (loop3): Quotacheck: Done.
[  160.649309][ T5944] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  160.743144][ T5845] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  160.851134][ T5944] usb 1-1: Using ep0 maxpacket: 32
[  160.905726][ T5944] usb 1-1: config 0 has no interfaces?
[  160.924547][ T5944] usb 1-1: New USB device found, idVendor=2040, idProduct=4901, bcdDevice=47.77
[  160.935904][ T8178] loop6: detected capacity change from 0 to 2048
[  160.943133][ T5944] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  160.964873][ T5944] usb 1-1: Product: syz
[  160.989316][ T5944] usb 1-1: Manufacturer: syz
[  160.993995][ T5944] usb 1-1: SerialNumber: syz
[  160.994339][ T8178] UDF-fs: error (device loop6): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  161.021548][ T5944] usb 1-1: config 0 descriptor??
[  161.030812][ T8178] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  161.032413][ T6276] hsr_slave_0: left promiscuous mode
[  161.062716][ T6276] hsr_slave_1: left promiscuous mode
[  161.078362][ T6276] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  161.103315][ T6276] batman_adv: batadv0: Removing interface: batadv_slave_0
[  161.130234][ T6276] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  161.140000][ T6276] batman_adv: batadv0: Removing interface: batadv_slave_1
[  161.167108][ T6276] veth1_macvtap: left promiscuous mode
[  161.177111][ T6276] veth0_macvtap: left promiscuous mode
[  161.183239][ T6276] veth1_vlan: left promiscuous mode
[  161.192990][ T6276] veth0_vlan: left promiscuous mode
[  161.592692][ T5851] Bluetooth: hci1: command tx timeout
[  161.742745][ T8203] net_ratelimit: 66 callbacks suppressed
[  161.742765][ T8203] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  161.806355][   T30] audit: type=1326 audit(1749194805.937:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8204 comm="syz.1.720" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcda3d8e929 code=0x0
[  161.934497][ T6276] team0 (unregistering): Port device team_slave_1 removed
[  161.975980][ T6276] team0 (unregistering): Port device team_slave_0 removed
[  162.382990][ T8166] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  162.513628][ T8212] loop3: detected capacity change from 0 to 256
[  162.556469][ T5944] usb 1-1: USB disconnect, device number 5
[  162.573448][ T8212] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  162.608090][ T8136] chnl_net:caif_netlink_parms(): no params data found
[  162.610616][ T8212] exFAT-fs (loop3): Medium has reported failures. Some data may be lost.
[  162.683114][ T8212] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  162.776808][ T8221] loop6: detected capacity change from 0 to 128
[  162.801860][ T8136] bridge0: port 1(bridge_slave_0) entered blocking state
[  162.811525][ T8136] bridge0: port 1(bridge_slave_0) entered disabled state
[  162.818709][ T8136] bridge_slave_0: entered allmulticast mode
[  162.828699][ T8136] bridge_slave_0: entered promiscuous mode
[  162.850238][ T8136] bridge0: port 2(bridge_slave_1) entered blocking state
[  162.857449][ T8136] bridge0: port 2(bridge_slave_1) entered disabled state
[  162.868435][ T8136] bridge_slave_1: entered allmulticast mode
[  162.877622][ T8136] bridge_slave_1: entered promiscuous mode
[  162.878253][ T8221] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  162.953039][ T8221] ext4 filesystem being mounted at /73/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  162.967354][ T8136] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  162.982911][ T8229] xt_hashlimit: size too large, truncated to 1048576
[  162.990390][ T8227] loop3: detected capacity change from 0 to 4096
[  162.993595][ T8136] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  163.152722][ T8230] 
: renamed from bridge_slave_0 (while UP)
[  163.250735][ T6327] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  163.364156][ T8136] team0: Port device team_slave_0 added
[  163.401506][ T8136] team0: Port device team_slave_1 added
[  163.648684][ T8136] batman_adv: batadv0: Adding interface: batadv_slave_0
[  163.657484][ T8136] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  163.683398][    C1] vkms_vblank_simulate: vblank timer overrun
[  163.686985][ T5851] Bluetooth: hci1: command tx timeout
[  163.743299][ T8136] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  163.756522][ T8136] batman_adv: batadv0: Adding interface: batadv_slave_1
[  163.768436][ T8136] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  163.797519][ T8136] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  163.862644][ T8251] loop6: detected capacity change from 0 to 256
[  163.886040][   T30] audit: type=1804 audit(1749194808.017:41): pid=8253 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.736" name="/" dev="pidfs" ino=8251 res=1 errno=0
[  163.963115][ T8255] loop3: detected capacity change from 0 to 64
[  164.003382][ T8136] hsr_slave_0: entered promiscuous mode
[  164.020896][ T8136] hsr_slave_1: entered promiscuous mode
[  164.036871][ T8136] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  164.060955][ T8136] Cannot create hsr debugfs directory
[  164.544227][ T8273] loop3: detected capacity change from 0 to 8
[  164.760861][ T8136] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  164.774864][ T8136] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  164.786206][ T8136] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  164.816913][ T8136] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  164.965496][ T8136] 8021q: adding VLAN 0 to HW filter on device bond0
[  164.987050][ T8286] loop3: detected capacity change from 0 to 4096
[  165.011108][ T8136] 8021q: adding VLAN 0 to HW filter on device team0
[  165.023258][ T8286] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512).
[  165.037097][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  165.044298][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  165.078837][ T1107] bridge0: port 2(bridge_slave_1) entered blocking state
[  165.086038][ T1107] bridge0: port 2(bridge_slave_1) entered forwarding state
[  165.114526][ T8286] ntfs3(loop3): ino=19, mi_enum_attr
[  165.128568][ T8286] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[  165.236390][ T8286] ntfs3(loop3): ino=1e, "file1" ntfs_rename
[  165.580151][ T8136] 8021q: adding VLAN 0 to HW filter on device batadv0
[  165.695083][ T8315] IPv6: NLM_F_CREATE should be specified when creating new route
[  165.749400][ T5851] Bluetooth: hci1: command tx timeout
[  166.244530][ T8136] veth0_vlan: entered promiscuous mode
[  166.280352][ T8136] veth1_vlan: entered promiscuous mode
[  166.288772][ T8342] loop6: detected capacity change from 0 to 256
[  166.341628][ T8342] exFAT-fs (loop6): failed to load upcase table (idx : 0x00000c00, chksum : 0xd8e97c99, utbl_chksum : 0xe619d30d)
[  166.371932][ T8136] veth0_macvtap: entered promiscuous mode
[  166.404504][ T8136] veth1_macvtap: entered promiscuous mode
[  166.413056][   T30] audit: type=1800 audit(1749194810.547:42): pid=8342 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.771" name="file2" dev="loop6" ino=1048626 res=0 errno=0
[  166.436126][ T8136] batman_adv: batadv0: Interface activated: batadv_slave_0
[  166.458222][ T8136] batman_adv: batadv0: Interface activated: batadv_slave_1
[  166.478453][ T8136] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  166.491601][ T8136] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  166.505733][ T8136] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  166.507313][   T30] audit: type=1800 audit(1749194810.577:43): pid=8342 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.771" name="file2" dev="loop6" ino=1048626 res=0 errno=0
[  166.536311][ T8136] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  166.748842][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  166.774477][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  166.867497][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  166.899243][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  167.707773][ T8379] loop5: detected capacity change from 0 to 1024
[  167.830349][ T8379] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  167.833031][ T5851] Bluetooth: hci1: command tx timeout
[  168.028248][ T8136] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  168.306564][ T8402] TCP: tcp_parse_options: Illegal window scaling value 112 > 14 received
[  168.653586][ T8390] loop6: detected capacity change from 0 to 32768
[  169.259284][   T43] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  169.314069][ T8448] program syz.6.807 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  169.366653][ T8450] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode
[  169.374001][ T8450] macvlan2: entered allmulticast mode
[  169.384283][ T8450] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode
[  169.395372][ T8450] mac80211_hwsim hwsim2 wlan0: left allmulticast mode
[  169.415057][ T8450] mac80211_hwsim hwsim2 wlan0: left promiscuous mode
[  169.429120][   T43] usb 4-1: Using ep0 maxpacket: 32
[  169.450933][   T43] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 102, changing to 10
[  169.472586][   T43] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024
[  169.489433][   T43] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  169.516157][   T43] usb 4-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[  169.549154][   T43] usb 4-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[  169.557562][   T43] usb 4-1: Product: syz
[  169.574253][   T43] usb 4-1: Manufacturer: syz
[  169.578925][   T43] usb 4-1: SerialNumber: syz
[  169.626202][   T43] input: appletouch as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/input/input8
[  169.641356][ T8458] loop6: detected capacity change from 0 to 512
[  169.651248][ T8458] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  169.678164][ T8458] EXT4-fs (loop6): orphan cleanup on readonly fs
[  169.697103][ T8458] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.822: bg 0: block 248: padding at end of block bitmap is not set
[  169.720967][ T8458] Quota error (device loop6): write_blk: dquota write failed
[  169.728650][ T8458] Quota error (device loop6): qtree_write_dquot: Error -117 occurred while creating quota
[  169.740478][ T8458] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.822: Failed to acquire dquot type 1
[  169.761301][ T8458] EXT4-fs (loop6): 1 truncate cleaned up
[  169.784526][ T8458] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  169.859315][ T6327] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  169.886477][ T5944] usb 4-1: USB disconnect, device number 3
[  169.903543][ T5944] appletouch 4-1:1.0: input: appletouch disconnected
[  170.090385][ T8481] loop6: detected capacity change from 0 to 1024
[  170.526058][ T8500] netlink: 24 bytes leftover after parsing attributes in process `syz.3.839'.
[  171.073936][ T8523] netlink: 4 bytes leftover after parsing attributes in process `syz.3.851'.
[  171.698919][ T8520] loop5: detected capacity change from 0 to 40427
[  171.721339][ T8520] F2FS-fs (loop5): Fix alignment : done, start(4096) end(16896) block(12288)
[  171.750226][ T8520] F2FS-fs (loop5): invalid crc value
[  171.776363][ T8541] netlink: 'syz.1.860': attribute type 2 has an invalid length.
[  171.798220][ T8541] netlink: 164 bytes leftover after parsing attributes in process `syz.1.860'.
[  171.867824][ T8525] loop3: detected capacity change from 0 to 32768
[  171.884903][ T8525] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.852 (8525)
[  171.940440][ T8525] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  171.979119][ T8525] BTRFS info (device loop3): using sha256 (sha256-x86_64) checksum algorithm
[  171.994834][ T8520] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  171.994864][ T8525] BTRFS info (device loop3): using free-space-tree
[  172.095631][   T30] audit: type=1800 audit(1749194816.217:44): pid=8520 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.849" name="file1" dev="loop5" ino=10 res=0 errno=0
[  172.118019][ T8520] syz.5.849: attempt to access beyond end of device
[  172.118019][ T8520] loop5: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  172.167827][ T8136] syz-executor: attempt to access beyond end of device
[  172.167827][ T8136] loop5: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  172.210335][ T8136] CPU: 1 UID: 0 PID: 8136 Comm: syz-executor Not tainted 6.15.0-next-20250606-syzkaller #0 PREEMPT(full) 
[  172.210363][ T8136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  172.210374][ T8136] Call Trace:
[  172.210381][ T8136]  <TASK>
[  172.210389][ T8136]  dump_stack_lvl+0x189/0x250
[  172.210416][ T8136]  ? __pfx_dump_stack_lvl+0x10/0x10
[  172.210431][ T8136]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  172.210460][ T8136]  ? __pfx_queue_work_on+0x10/0x10
[  172.210478][ T8136]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  172.210504][ T8136]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  172.210534][ T8136]  ? f2fs_hw_is_readonly+0x39b/0x470
[  172.210561][ T8136]  f2fs_handle_critical_error+0x37c/0x540
[  172.210590][ T8136]  f2fs_write_end_io+0x495/0x810
[  172.210612][ T8136]  ? blkg_put+0x22/0x240
[  172.210652][ T8136]  __submit_merged_bio+0x27a/0x6a0
[  172.210681][ T8136]  __submit_merged_write_cond+0x255/0x530
[  172.210711][ T8136]  f2fs_write_data_pages+0x261d/0x3000
[  172.210773][ T8136]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  172.210817][ T8136]  ? is_bpf_text_address+0x292/0x2b0
[  172.210875][ T8136]  ? __mod_zone_page_state+0xd7/0x140
[  172.210910][ T8136]  ? folios_put_refs+0x560/0x640
[  172.210945][ T8136]  ? __pfx_folios_put_refs+0x10/0x10
[  172.210966][ T8136]  ? rcu_is_watching+0x15/0xb0
[  172.211003][ T8136]  ? __lock_acquire+0xab9/0xd20
[  172.211046][ T8136]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  172.211072][ T8136]  do_writepages+0x32b/0x550
[  172.211112][ T8136]  ? do_raw_spin_unlock+0x122/0x240
[  172.211136][ T8136]  filemap_fdatawrite+0x191/0x230
[  172.211154][ T8136]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  172.211221][ T8136]  ? do_raw_spin_unlock+0x122/0x240
[  172.211245][ T8136]  f2fs_sync_dirty_inodes+0x31f/0x830
[  172.211288][ T8136]  f2fs_write_checkpoint+0x94a/0x1de0
[  172.211340][ T8136]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  172.211413][ T8136]  ? kill_f2fs_super+0x298/0x6c0
[  172.211444][ T8136]  kill_f2fs_super+0x2c3/0x6c0
[  172.211476][ T8136]  ? __pfx_kill_f2fs_super+0x10/0x10
[  172.211498][ T8136]  ? radix_tree_delete_item+0x2b6/0x400
[  172.211523][ T8136]  ? shrinker_free+0x2ce/0x3e0
[  172.211548][ T8136]  deactivate_locked_super+0xb9/0x130
[  172.211576][ T8136]  cleanup_mnt+0x425/0x4c0
[  172.211599][ T8136]  ? lockdep_hardirqs_on+0x9c/0x150
[  172.211621][ T8136]  task_work_run+0x1d1/0x260
[  172.211646][ T8136]  ? __pfx_task_work_run+0x10/0x10
[  172.211664][ T8136]  ? __x64_sys_umount+0x122/0x160
[  172.211687][ T8136]  ? exit_to_user_mode_loop+0x40/0x110
[  172.211714][ T8136]  exit_to_user_mode_loop+0xec/0x110
[  172.211738][ T8136]  do_syscall_64+0x2bd/0x3b0
[  172.211756][ T8136]  ? lockdep_hardirqs_on+0x9c/0x150
[  172.211773][ T8136]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.211801][ T8136]  ? clear_bhb_loop+0x60/0xb0
[  172.211823][ T8136]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.211840][ T8136] RIP: 0033:0x7f056458fc57
[  172.211856][ T8136] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  172.211870][ T8136] RSP: 002b:00007ffcf14b3f88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  172.211889][ T8136] RAX: 0000000000000000 RBX: 00007f0564610925 RCX: 00007f056458fc57
[  172.211900][ T8136] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcf14b4040
[  172.211911][ T8136] RBP: 00007ffcf14b4040 R08: 0000000000000000 R09: 0000000000000000
[  172.211921][ T8136] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffcf14b50d0
[  172.211932][ T8136] R13: 00007f0564610925 R14: 000000000002a046 R15: 00007ffcf14b5110
[  172.211963][ T8136]  </TASK>
[  172.211969][ T8136] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  172.632684][ T8546] loop6: detected capacity change from 0 to 32768
[  172.649555][ T5845] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  172.718400][ T8546] bcachefs (loop6): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,erasure_code,degraded=yes,no_splitbrain_check,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,nocow
[  172.718400][ T8546]   allowing incompatible features above 0.0: (unknown version)
[  172.718400][ T8546]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  172.762859][ T8546] bcachefs (loop6): Using encoding defined by superblock: utf8-12.1.0
[  172.771519][ T8546] bcachefs (loop6): recovering from clean shutdown, journal seq 10
[  172.836507][ T8546] bcachefs (loop6): Version upgrade required:
[  172.836507][ T8546] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  172.836507][ T8546] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive
[  172.836507][ T8546]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance
[  172.909333][    C0] vkms_vblank_simulate: vblank timer overrun
[  172.960192][ T8546] bcachefs (loop6): dropping and reconstructing all alloc info
[  173.077130][ T8546] bcachefs (loop6): accounting_read... done
[  173.116649][ T8546] bcachefs (loop6): alloc_read... done
[  173.136895][ T8546] bcachefs (loop6): snapshots_read... done
[  173.167867][ T8546] bcachefs (loop6): done starting filesystem
[  173.311596][ T6327] bcachefs (loop6): shutting down
[  173.400488][ T6327] bcachefs (loop6): shutdown complete
[  173.635393][ T8587] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  173.769884][ T8592] netlink: 277 bytes leftover after parsing attributes in process `syz.0.876'.
[  173.919248][   T30] audit: type=1326 audit(1749194818.047:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8597 comm="syz.0.880" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ef398e929 code=0x7ffc0000
[  173.941378][    C0] vkms_vblank_simulate: vblank timer overrun
[  173.969503][   T30] audit: type=1326 audit(1749194818.047:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8597 comm="syz.0.880" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ef398e929 code=0x7ffc0000
[  173.991599][    C0] vkms_vblank_simulate: vblank timer overrun
[  174.035192][   T30] audit: type=1326 audit(1749194818.087:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8597 comm="syz.0.880" exe="/root/syz-executor" sig=0 arch=c000003e syscall=87 compat=0 ip=0x7f1ef398e929 code=0x7ffc0000
[  174.057252][    C0] vkms_vblank_simulate: vblank timer overrun
[  174.103037][   T30] audit: type=1326 audit(1749194818.087:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8597 comm="syz.0.880" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ef398e929 code=0x7ffc0000
[  174.125163][    C0] vkms_vblank_simulate: vblank timer overrun
[  174.194944][   T30] audit: type=1326 audit(1749194818.087:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8597 comm="syz.0.880" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ef398e929 code=0x7ffc0000
[  174.269373][   T30] audit: type=1326 audit(1749194818.087:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8597 comm="syz.0.880" exe="/root/syz-executor" sig=0 arch=c000003e syscall=271 compat=0 ip=0x7f1ef398e929 code=0x7ffc0000
[  174.291480][    C0] vkms_vblank_simulate: vblank timer overrun
[  174.329443][   T30] audit: type=1326 audit(1749194818.147:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8597 comm="syz.0.880" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ef398e929 code=0x7ffc0000
[  174.829425][ T5913] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  174.993636][ T5913] usb 1-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  175.009705][ T5913] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  175.020818][ T5913] usb 1-1: Product: syz
[  175.025376][ T5913] usb 1-1: Manufacturer: syz
[  175.039109][ T5913] usb 1-1: SerialNumber: syz
[  175.046343][ T5913] usb 1-1: config 0 descriptor??
[  175.297276][ T7566] usb 1-1: USB disconnect, device number 6
[  175.650557][ T8647] Zero length message leads to an empty skb
[  175.663829][ T8636] loop6: detected capacity change from 0 to 32768
[  175.665608][ T8648] vlan2: entered allmulticast mode
[  175.677279][ T8648] bond0: entered allmulticast mode
[  175.685012][ T8648] bond_slave_0: entered allmulticast mode
[  175.692542][ T8648] bond_slave_1: entered allmulticast mode
[  175.715813][ T8636] JBD2: Ignoring recovery information on journal
[  175.775509][ T8636] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  175.942401][ T6327] ocfs2: Unmounting device (7,6) on (node local)
[  176.014531][ T8654] syz.5.905 uses obsolete (PF_INET,SOCK_PACKET)
[  176.023972][ T8654] syzkaller1: entered promiscuous mode
[  176.035697][ T8654] syzkaller1: entered allmulticast mode
[  176.254378][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  176.254396][   T30] audit: type=1326 audit(1749194820.387:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8661 comm="syz.6.903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92f818e929 code=0x7ffc0000
[  176.295348][   T30] audit: type=1326 audit(1749194820.387:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8661 comm="syz.6.903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92f818e929 code=0x7ffc0000
[  176.362884][   T30] audit: type=1326 audit(1749194820.387:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8661 comm="syz.6.903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f92f818e929 code=0x7ffc0000
[  176.419253][   T30] audit: type=1326 audit(1749194820.387:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8661 comm="syz.6.903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92f818e929 code=0x7ffc0000
[  176.441611][    C0] vkms_vblank_simulate: vblank timer overrun
[  176.485196][ T7566] IPVS: starting estimator thread 0...
[  176.499784][   T30] audit: type=1326 audit(1749194820.387:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8661 comm="syz.6.903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92f818e929 code=0x7ffc0000
[  176.577061][   T30] audit: type=1326 audit(1749194820.397:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8661 comm="syz.6.903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f92f818e929 code=0x7ffc0000
[  176.579241][ T8680] loop6: detected capacity change from 0 to 64
[  176.605680][ T5944] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  176.613383][ T8677] IPVS: using max 30 ests per chain, 72000 per kthread
[  176.621222][   T30] audit: type=1326 audit(1749194820.397:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8661 comm="syz.6.903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92f818e929 code=0x7ffc0000
[  176.643323][    C0] vkms_vblank_simulate: vblank timer overrun
[  176.671940][   T30] audit: type=1326 audit(1749194820.397:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8661 comm="syz.6.903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92f818e929 code=0x7ffc0000
[  176.694153][    C0] vkms_vblank_simulate: vblank timer overrun
[  176.718817][   T30] audit: type=1326 audit(1749194820.397:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8661 comm="syz.6.903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f92f818e929 code=0x7ffc0000
[  176.740955][    C0] vkms_vblank_simulate: vblank timer overrun
[  176.762660][ T6276] kworker/u8:15: attempt to access beyond end of device
[  176.762660][ T6276] loop6: rw=1, sector=65, nr_sectors = 1 limit=64
[  176.782386][   T30] audit: type=1326 audit(1749194820.397:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8661 comm="syz.6.903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92f818e929 code=0x7ffc0000
[  176.783485][ T6276] Buffer I/O error on dev loop6, logical block 65, lost async page write
[  176.816376][ T6276] kworker/u8:15: attempt to access beyond end of device
[  176.816376][ T6276] loop6: rw=1, sector=66, nr_sectors = 1 limit=64
[  176.832639][ T5944] usb 2-1: config 0 has no interfaces?
[  176.833810][ T6276] Buffer I/O error on dev loop6, logical block 66, lost async page write
[  176.840795][ T5944] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  176.847712][ T6276] kworker/u8:15: attempt to access beyond end of device
[  176.847712][ T6276] loop6: rw=1, sector=67, nr_sectors = 1 limit=64
[  176.889203][ T5944] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  176.891397][ T6276] Buffer I/O error on dev loop6, logical block 67, lost async page write
[  176.908517][ T6276] kworker/u8:15: attempt to access beyond end of device
[  176.908517][ T6276] loop6: rw=1, sector=68, nr_sectors = 1 limit=64
[  176.917860][ T5944] usb 2-1: config 0 descriptor??
[  176.925068][ T6276] Buffer I/O error on dev loop6, logical block 68, lost async page write
[  176.935688][ T6276] kworker/u8:15: attempt to access beyond end of device
[  176.935688][ T6276] loop6: rw=1, sector=72, nr_sectors = 1 limit=64
[  176.936862][ T8685] loop5: detected capacity change from 0 to 2048
[  176.949561][ T6276] Buffer I/O error on dev loop6, logical block 72, lost async page write
[  176.983194][ T6276] kworker/u8:15: attempt to access beyond end of device
[  176.983194][ T6276] loop6: rw=1, sector=73, nr_sectors = 1 limit=64
[  177.003797][ T8686] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  177.027004][ T8688] netlink: 'syz.0.918': attribute type 12 has an invalid length.
[  177.030655][ T6276] Buffer I/O error on dev loop6, logical block 73, lost async page write
[  177.035635][ T8688] netlink: 'syz.0.918': attribute type 29 has an invalid length.
[  177.044136][ T6276] kworker/u8:15: attempt to access beyond end of device
[  177.044136][ T6276] loop6: rw=1, sector=76, nr_sectors = 1 limit=64
[  177.064734][ T6276] Buffer I/O error on dev loop6, logical block 76, lost async page write
[  177.073361][ T6276] kworker/u8:15: attempt to access beyond end of device
[  177.073361][ T6276] loop6: rw=1, sector=77, nr_sectors = 1 limit=64
[  177.088500][ T6276] Buffer I/O error on dev loop6, logical block 77, lost async page write
[  177.104854][ T8688] netlink: 148 bytes leftover after parsing attributes in process `syz.0.918'.
[  177.132408][ T8686] NILFS (loop5): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  177.156691][ T8686] NILFS error (device loop5): nilfs_bmap_propagate: broken bmap (inode number=4)
[  177.188619][ T8686] Remounting filesystem read-only
[  177.216836][ T8136] NILFS (loop5): disposed unprocessed dirty file(s) when stopping log writer
[  177.497961][ T5913] usb 2-1: USB disconnect, device number 6
[  177.542336][ T8704] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem
[  177.716393][ T8707] loop6: detected capacity change from 0 to 64
[  177.778801][ T8707] bio_check_eod: 1 callbacks suppressed
[  177.778821][ T8707] syz.6.926: attempt to access beyond end of device
[  177.778821][ T8707] loop6: rw=34817, sector=14, nr_sectors = 65 limit=64
[  177.966295][ T8714] loop6: detected capacity change from 0 to 256
[  177.984401][ T8716] gretap0: entered promiscuous mode
[  178.002595][ T8714] exFAT-fs (loop6): failed to load upcase table (idx : 0x0001e4a3, chksum : 0xe1cea053, utbl_chksum : 0x7319d30d)
[  178.015123][ T8716] vlan2: entered promiscuous mode
[  178.155896][ T8696] loop3: detected capacity change from 0 to 32768
[  178.235379][ T8696] XFS (loop3): DAX unsupported by block device. Turning off DAX.
[  178.267473][ T8696] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  178.345743][ T8696] XFS (loop3): Ending clean mount
[  178.353815][ T8696] XFS (loop3): Quotacheck needed: Please wait.
[  178.438540][ T8696] XFS (loop3): Quotacheck: Done.
[  178.576402][ T8735] loop5: detected capacity change from 0 to 4096
[  178.602202][ T8735] ntfs3(loop5): Different NTFS sector size (4096) and media sector size (512).
[  178.665674][ T5845] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  178.678151][ T8735] ntfs3(loop5): ino=19, mi_enum_attr
[  178.692124][ T8735] ntfs3(loop5): Mark volume as dirty due to NTFS errors
[  178.763291][ T8739] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  178.821438][ T8735] ntfs3(loop5): ino=1e, "file1" ntfs_rename
[  179.926958][ T8743] loop6: detected capacity change from 0 to 32768
[  179.950557][ T8749] loop5: detected capacity change from 0 to 131072
[  179.953750][ T8743] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.939 (8743)
[  180.004915][ T8743] BTRFS info (device loop6): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  180.016768][ T8749] F2FS-fs (loop5): Invalid log sectors per block(570425347) log sectorsize(9)
[  180.026214][ T8749] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
[  180.038786][ T8749] F2FS-fs (loop5): invalid crc value
[  180.038785][ T8743] BTRFS info (device loop6): using xxhash64 (xxhash64-generic) checksum algorithm
[  180.038819][ T8743] BTRFS info (device loop6): disk space caching is enabled
[  180.092739][ T8743] BTRFS warning (device loop6): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  180.134719][ T8749] F2FS-fs (loop5): Try to recover 2th superblock, ret: -30
[  180.142579][ T8749] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b
[  180.320076][ T8743] BTRFS info (device loop6): rebuilding free space tree
[  180.344665][ T8743] BTRFS info (device loop6): disabling free space tree
[  180.359357][ T8743] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  180.379191][ T8743] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  180.594742][ T8764] loop3: detected capacity change from 0 to 32768
[  180.640039][ T8764] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.948 (8764)
[  180.650298][ T6277] BTRFS info (device loop6): qgroup scan completed (inconsistency flag cleared)
[  180.707505][ T8764] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  180.718135][ T8764] BTRFS info (device loop3): using crc32c (crc32c-x86_64) checksum algorithm
[  180.741016][ T8764] BTRFS info (device loop3): using free-space-tree
[  180.847661][ T6327] BTRFS info (device loop6): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  181.261690][ T5845] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  181.351966][ T8805] loop5: detected capacity change from 0 to 256
[  181.372095][ T8805] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  181.399888][ T8805] exFAT-fs (loop5): Medium has reported failures. Some data may be lost.
[  181.424813][ T8805] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d)
[  182.411842][ T8819] loop6: detected capacity change from 0 to 32768
[  182.449133][ T7566] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[  182.474912][ T8819] JBD2: Ignoring recovery information on journal
[  182.507861][ T8819] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  182.575822][   T30] kauditd_printk_skb: 6 callbacks suppressed
[  182.575840][   T30] audit: type=1800 audit(1749194826.707:69): pid=8819 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.959" name="file1" dev="loop6" ino=17058 res=0 errno=0
[  182.613873][ T7566] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  182.627675][ T7566] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  182.654279][ T7566] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64
[  182.676214][ T7566] usb 4-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  182.686260][ T7566] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  182.686285][ T7566] usb 4-1: Product: syz
[  182.686299][ T7566] usb 4-1: Manufacturer: syz
[  182.686314][ T7566] usb 4-1: SerialNumber: syz
[  182.697894][ T7566] usb 4-1: config 0 descriptor??
[  182.698540][ T8826] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  182.698694][ T8826] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  182.700382][ T7566] usb 4-1: ucan: probing device on interface #0
[  182.757156][ T6327] ocfs2: Unmounting device (7,6) on (node local)
[  183.308140][ T8871] netlink: 32 bytes leftover after parsing attributes in process `syz.5.981'.
[  183.321360][ T7566] ucan 4-1:0.0: probe with driver ucan failed with error -22
[  183.536337][ T7566] usb 4-1: USB disconnect, device number 4
[  184.502916][ T8912] Bluetooth: MGMT ver 1.23
[  184.739438][ T8924] loop5: detected capacity change from 0 to 512
[  184.759155][ T8924] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  184.782628][ T8924] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  184.828659][ T8924] EXT4-fs (loop5): 1 orphan inode deleted
[  184.842199][ T8924] EXT4-fs (loop5): 1 truncate cleaned up
[  184.853548][ T8924] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  184.926497][ T8924] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  185.022283][ T8924] EXT4-fs (loop5): Remounting filesystem read-only
[  185.049669][ T8924] EXT4-fs (loop5): error restoring inline_data for inode -- potential data loss! (inode 12, error -30)
[  185.174027][ T8136] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  185.323052][ T8922] loop3: detected capacity change from 0 to 32768
[  185.353269][ T8922] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1003 (8922)
[  185.398376][ T8922] BTRFS info (device loop3): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  185.422519][ T8922] BTRFS info (device loop3): using crc32c (crc32c-x86_64) checksum algorithm
[  185.469442][ T8922] BTRFS info (device loop3): using free-space-tree
[  185.749888][ T8922] BTRFS info (device loop3): balance: start -s
[  185.805815][ T8967] loop6: detected capacity change from 0 to 256
[  185.806873][ T8922] BTRFS info (device loop3): relocating block group 1048576 flags system
[  185.963961][ T8922] BTRFS info (device loop3): balance: ended with status: 0
[  185.996913][ T8971] 9pnet: p9_errstr2errno: server reported unknown error 
[  186.138374][ T8977] binfmt_misc: register: failed to install interpreter file ./file2
[  186.349727][ T7566] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  186.511409][ T7566] usb 6-1: Using ep0 maxpacket: 8
[  186.522988][ T7566] usb 6-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  186.539317][ T7566] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  186.547544][ T7566] usb 6-1: Product: syz
[  186.575108][ T7566] usb 6-1: Manufacturer: syz
[  186.589065][ T7566] usb 6-1: SerialNumber: syz
[  186.600325][ T7566] usb 6-1: config 0 descriptor??
[  186.606474][ T5845] BTRFS info (device loop3): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  186.623039][ T7566] gspca_main: se401-2.14.0 probing 047d:5003
[  186.666395][ T8979] loop6: detected capacity change from 0 to 32768
[  186.695049][ T8979] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.1021 (8979)
[  186.760250][ T8979] BTRFS info (device loop6): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  186.785121][ T8979] BTRFS info (device loop6): using sha256 (sha256-x86_64) checksum algorithm
[  186.805418][ T8979] BTRFS info (device loop6): using free-space-tree
[  187.027425][ T7566] gspca_se401: Frame size: 0x0 1/16th janggu
[  187.035826][ T7566] gspca_se401: Frame size: 0x0 1/16th janggu
[  187.042476][ T7566] gspca_se401: Frame size: 0x0 1/16th janggu
[  187.048522][ T7566] gspca_se401: Frame size: 17x0 bayer
[  187.054512][ T6327] BTRFS info (device loop6): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  187.080168][ T7566] gspca_se401: Frame size: 0x0 1/16th janggu
[  187.086585][ T7566] gspca_se401: Frame size: 0x0 1/16th janggu
[  187.093699][ T7566] gspca_se401: Frame size: 0x1 1/4th janggu
[  187.101285][ T7566] gspca_se401: Frame size: 0x2 bayer
[  187.247399][ T7566] input: se401 as /devices/platform/dummy_hcd.5/usb6/6-1/input/input9
[  187.311219][ T7566] usb 6-1: USB disconnect, device number 7
[  187.696907][ T9017] loop3: detected capacity change from 0 to 32768
[  187.746623][ T9017] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  187.881227][ T9017] XFS (loop3): Ending clean mount
[  187.902709][ T9017] XFS (loop3): Quotacheck needed: Please wait.
[  187.946994][ T9017] XFS (loop3): Quotacheck: Done.
[  187.983938][ T9045] vlan2: entered promiscuous mode
[  188.003427][ T9045] bond0: entered promiscuous mode
[  188.030160][ T9045] bond_slave_0: entered promiscuous mode
[  188.049635][ T9045] bond_slave_1: entered promiscuous mode
[  188.094086][ T5845] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  188.537251][ T9031] loop6: detected capacity change from 0 to 40427
[  188.584037][ T9031] F2FS-fs (loop6): invalid crc value
[  188.807063][ T9031] F2FS-fs (loop6): Start checkpoint disabled!
[  188.822353][ T9031] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[  188.930325][ T6276] kworker/u8:15: attempt to access beyond end of device
[  188.930325][ T6276] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  188.950950][ T6276] CPU: 0 UID: 0 PID: 6276 Comm: kworker/u8:15 Not tainted 6.15.0-next-20250606-syzkaller #0 PREEMPT(full) 
[  188.950976][ T6276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  188.950988][ T6276] Workqueue: writeback wb_workfn (flush-7:6)
[  188.951029][ T6276] Call Trace:
[  188.951036][ T6276]  <TASK>
[  188.951044][ T6276]  dump_stack_lvl+0x189/0x250
[  188.951066][ T6276]  ? __pfx_dump_stack_lvl+0x10/0x10
[  188.951080][ T6276]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  188.951108][ T6276]  ? __pfx_queue_work_on+0x10/0x10
[  188.951127][ T6276]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  188.951151][ T6276]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  188.951178][ T6276]  ? f2fs_hw_is_readonly+0x39b/0x470
[  188.951205][ T6276]  f2fs_handle_critical_error+0x37c/0x540
[  188.951232][ T6276]  f2fs_write_end_io+0x495/0x810
[  188.951255][ T6276]  ? blkg_put+0x22/0x240
[  188.951291][ T6276]  __submit_merged_bio+0x27a/0x6a0
[  188.951318][ T6276]  __submit_merged_write_cond+0x255/0x530
[  188.951351][ T6276]  f2fs_write_data_pages+0x261d/0x3000
[  188.951407][ T6276]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  188.951444][ T6276]  ? unwind_next_frame+0xa5/0x2390
[  188.951491][ T6276]  ? ret_from_fork_asm+0x1a/0x30
[  188.951515][ T6276]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  188.951552][ T6276]  ? __lock_acquire+0xab9/0xd20
[  188.951582][ T6276]  ? __update_page_owner_handle+0x5a/0x570
[  188.951617][ T6276]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  188.951641][ T6276]  do_writepages+0x32b/0x550
[  188.951673][ T6276]  ? reacquire_held_locks+0x127/0x1d0
[  188.951689][ T6276]  ? writeback_sb_inodes+0x372/0x1000
[  188.951723][ T6276]  __writeback_single_inode+0x145/0xff0
[  188.951739][ T6276]  ? do_raw_spin_unlock+0x122/0x240
[  188.951764][ T6276]  writeback_sb_inodes+0x6b5/0x1000
[  188.951793][ T6276]  ? __lock_acquire+0xab9/0xd20
[  188.951836][ T6276]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  188.951901][ T6276]  ? rcu_is_watching+0x15/0xb0
[  188.951937][ T6276]  wb_writeback+0x43b/0xaf0
[  188.951971][ T6276]  ? queue_io+0x391/0x590
[  188.952000][ T6276]  ? __pfx_wb_writeback+0x10/0x10
[  188.952034][ T6276]  ? _raw_spin_unlock_irq+0x23/0x50
[  188.952065][ T6276]  wb_workfn+0x409/0xef0
[  188.952103][ T6276]  ? __pfx_wb_workfn+0x10/0x10
[  188.952131][ T6276]  ? __lock_acquire+0xab9/0xd20
[  188.952164][ T6276]  ? process_scheduled_works+0x9ef/0x17b0
[  188.952196][ T6276]  ? _raw_spin_unlock_irq+0x23/0x50
[  188.952221][ T6276]  ? process_scheduled_works+0x9ef/0x17b0
[  188.952245][ T6276]  ? process_scheduled_works+0x9ef/0x17b0
[  188.952273][ T6276]  process_scheduled_works+0xae1/0x17b0
[  188.952326][ T6276]  ? __pfx_process_scheduled_works+0x10/0x10
[  188.952375][ T6276]  worker_thread+0x8a0/0xda0
[  188.952417][ T6276]  kthread+0x70e/0x8a0
[  188.952440][ T6276]  ? __pfx_worker_thread+0x10/0x10
[  188.952456][ T6276]  ? __pfx_kthread+0x10/0x10
[  188.952477][ T6276]  ? _raw_spin_unlock_irq+0x23/0x50
[  188.952503][ T6276]  ? lockdep_hardirqs_on+0x9c/0x150
[  188.952519][ T6276]  ? __pfx_kthread+0x10/0x10
[  188.952540][ T6276]  ret_from_fork+0x3f9/0x770
[  188.952568][ T6276]  ? __pfx_ret_from_fork+0x10/0x10
[  188.952598][ T6276]  ? __switch_to_asm+0x39/0x70
[  188.952614][ T6276]  ? __switch_to_asm+0x33/0x70
[  188.952630][ T6276]  ? __pfx_kthread+0x10/0x10
[  188.952650][ T6276]  ret_from_fork_asm+0x1a/0x30
[  188.952682][ T6276]  </TASK>
[  188.952688][ T6276] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  188.989109][ T5958] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  189.220218][ T9059] loop3: detected capacity change from 0 to 32768
[  189.341444][ T9059] ocfs2: Slot 0 on device (7,3) was already allocated to this node!
[  189.408116][ T9059] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  189.511355][ T5958] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  189.542116][ T5958] usb 2-1: config 0 interface 0 has no altsetting 0
[  189.552443][ T9059] syz.3.1045 (9059) used greatest stack depth: 18440 bytes left
[  189.576485][ T5958] usb 2-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce
[  189.591109][ T5958] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  189.641490][ T5958] usb 2-1: Product: syz
[  189.645726][ T5958] usb 2-1: Manufacturer: syz
[  189.688724][ T5958] usb 2-1: SerialNumber: syz
[  189.712428][ T5845] ocfs2: Unmounting device (7,3) on (node local)
[  189.721074][ T5958] usb 2-1: config 0 descriptor??
[  189.763775][ T5958] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state.
[  189.805972][ T5958] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  189.836540][ T5958] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0)
[  189.859541][ T5958] usb 2-1: media controller created
[  189.918662][ T5958] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  189.979328][   T10] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  190.053860][ T5958] DVB: Unable to find symbol tda10046_attach()
[  190.061553][ T5958] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0'
[  190.070724][ T5958] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected.
[  190.149367][   T10] usb 1-1: Using ep0 maxpacket: 8
[  190.156625][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  190.168033][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  190.177763][   T10] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  190.188323][   T10] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 246
[  190.205212][   T10] usb 1-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  190.214645][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  190.228178][   T10] usb 1-1: config 0 descriptor??
[  190.235490][ T9080] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  190.269225][   T43] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  190.369210][ T5898] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  190.429281][ T5944] usb 6-1: new full-speed USB device number 8 using dummy_hcd
[  190.437832][   T43] usb 7-1: Using ep0 maxpacket: 16
[  190.445897][   T43] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  190.457203][   T43] usb 7-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  190.466778][   T43] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  190.477845][   T43] usb 7-1: config 0 descriptor??
[  190.491406][ T5851] Bluetooth: hci5: Opcode 0x0c03 failed: -71
[  190.501329][   T10] usb 1-1: USB disconnect, device number 7
[  190.522876][ T5898] usb 4-1: Using ep0 maxpacket: 8
[  190.545852][ T5898] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  190.570179][ T5898] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  190.584237][ T5898] usb 4-1: New USB device found, idVendor=046d, idProduct=c24f, bcdDevice= 0.00
[  190.595327][ T5898] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  190.607303][ T5944] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  190.618624][ T5944] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  190.630625][ T5898] usb 4-1: config 0 descriptor??
[  190.643452][ T5944] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  190.657768][ T5944] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  190.675088][ T5944] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  190.684645][ T5944] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  190.692927][ T5944] usb 6-1: Manufacturer: syz
[  190.700082][ T5958] dvb_usb_m920x 2-1:0.0: probe with driver dvb_usb_m920x failed with error -71
[  190.713345][ T5944] usb 6-1: config 0 descriptor??
[  190.727585][ T5958] usb 2-1: USB disconnect, device number 7
[  190.917149][   T43] mcp2221 0003:04D8:00DD.0004: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.6-1/input0
[  190.989673][ T5944] rc_core: IR keymap rc-hauppauge not found
[  190.995716][ T5944] Registered IR keymap rc-empty
[  191.019066][ T5944] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  191.041107][ T5944] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  191.052233][ T5898] logitech 0003:046D:C24F.0005: unbalanced collection at end of report description
[  191.062357][ T5944] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0
[  191.074524][ T5898] logitech 0003:046D:C24F.0005: parse failed
[  191.080775][ T5898] logitech 0003:046D:C24F.0005: probe with driver logitech failed with error -22
[  191.093174][ T5944] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input11
[  191.126599][ T5944] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  191.149264][ T5944] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  191.169222][ T5944] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  191.193711][ T5944] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  191.219254][ T5944] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  191.239320][ T5944] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  191.259215][ T5944] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  191.277037][ T5913] usb 4-1: USB disconnect, device number 5
[  191.279225][ T5944] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  191.315275][ T5944] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  191.337886][   T10] usb 7-1: USB disconnect, device number 3
[  191.340271][ T5944] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  191.376826][ T5944] mceusb 6-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  191.386315][ T5944] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  191.400419][ T5944] usb 6-1: USB disconnect, device number 8
[  191.479135][ T5898] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  191.629253][ T5898] usb 1-1: Using ep0 maxpacket: 16
[  191.641880][ T5898] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00
[  191.655585][ T5898] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  191.667449][ T5898] usb 1-1: Product: syz
[  191.678542][ T5898] usb 1-1: Manufacturer: syz
[  191.683410][ T5898] usb 1-1: SerialNumber: syz
[  191.694243][ T5898] usb 1-1: config 0 descriptor??
[  191.703282][ T5898] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected
[  191.715358][ T5898] usb 1-1: Detected FT232H
[  191.928090][ T5898] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  192.233551][ T9120] loop3: detected capacity change from 0 to 256
[  192.346950][ T9120] FAT-fs (loop3): Directory bread(block 64) failed
[  192.363484][ T5898] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  192.389879][ T9120] FAT-fs (loop3): Directory bread(block 65) failed
[  192.396961][ T9120] FAT-fs (loop3): Directory bread(block 66) failed
[  192.416750][ T9120] FAT-fs (loop3): Directory bread(block 67) failed
[  192.452078][ T9120] FAT-fs (loop3): Directory bread(block 68) failed
[  192.509324][ T9120] FAT-fs (loop3): Directory bread(block 69) failed
[  192.516077][ T9120] FAT-fs (loop3): Directory bread(block 70) failed
[  192.569701][ T9120] FAT-fs (loop3): Directory bread(block 71) failed
[  192.584037][ T9120] FAT-fs (loop3): Directory bread(block 72) failed
[  192.621929][ T5898] usb 1-1: USB disconnect, device number 8
[  192.629420][ T9120] FAT-fs (loop3): Directory bread(block 73) failed
[  192.666096][ T5898] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  192.687920][ T5898] ftdi_sio 1-1:0.0: device disconnected
[  192.715574][ T9137] loop5: detected capacity change from 0 to 64
[  192.759125][   T30] audit: type=1800 audit(1749194836.887:70): pid=9120 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1073" name="file1" dev="loop3" ino=1048641 res=0 errno=0
[  192.780793][ T9139] loop8: detected capacity change from 0 to 8
[  192.790667][ T9135] loop6: detected capacity change from 0 to 1764
[  192.808141][ T9139] Dev loop8: unable to read RDB block 8
[  192.817426][ T9140] syz.3.1073: attempt to access beyond end of device
[  192.817426][ T9140] loop3: rw=2049, sector=1256, nr_sectors = 8 limit=256
[  192.821709][ T9139]  loop8: unable to read partition table
[  192.840654][ T9139] loop8: partition table beyond EOD, truncated
[  192.861922][ T9139] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  193.000799][ T9144] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  193.110841][ T6278] kworker/u8:17: attempt to access beyond end of device
[  193.110841][ T6278] loop3: rw=1, sector=1264, nr_sectors = 24 limit=256
[  193.135170][ T6278] kworker/u8:17: attempt to access beyond end of device
[  193.135170][ T6278] loop3: rw=1, sector=1320, nr_sectors = 32 limit=256
[  193.177002][ T6278] kworker/u8:17: attempt to access beyond end of device
[  193.177002][ T6278] loop3: rw=1, sector=1384, nr_sectors = 32 limit=256
[  193.207796][ T6278] kworker/u8:17: attempt to access beyond end of device
[  193.207796][ T6278] loop3: rw=1, sector=1448, nr_sectors = 32 limit=256
[  193.247282][ T6278] kworker/u8:17: attempt to access beyond end of device
[  193.247282][ T6278] loop3: rw=1, sector=1512, nr_sectors = 32 limit=256
[  193.293899][ T6278] kworker/u8:17: attempt to access beyond end of device
[  193.293899][ T6278] loop3: rw=1, sector=1576, nr_sectors = 32 limit=256
[  193.316738][ T6278] kworker/u8:17: attempt to access beyond end of device
[  193.316738][ T6278] loop3: rw=1, sector=1640, nr_sectors = 32 limit=256
[  193.338387][ T9159] syzkaller1: entered promiscuous mode
[  193.341744][ T6278] kworker/u8:17: attempt to access beyond end of device
[  193.341744][ T6278] loop3: rw=1, sector=1704, nr_sectors = 32 limit=256
[  193.359147][ T9159] syzkaller1: entered allmulticast mode
[  193.651621][ T5898] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  193.720595][ T9184] Cannot find add_set index 1 as target
[  193.811985][ T5898] usb 7-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  193.831729][ T5898] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  193.874698][ T5898] usb 7-1: config 0 descriptor??
[  193.932170][ T9191] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1104'.
[  194.075343][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  194.081799][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  194.194524][ T9196] loop5: detected capacity change from 0 to 256
[  194.223961][ T9196] FAT-fs (loop5): Directory bread(block 64) failed
[  194.231661][ T9196] FAT-fs (loop5): Directory bread(block 65) failed
[  194.238412][ T9196] FAT-fs (loop5): Directory bread(block 66) failed
[  194.245307][ T9196] FAT-fs (loop5): Directory bread(block 67) failed
[  194.254957][ T9196] FAT-fs (loop5): Directory bread(block 68) failed
[  194.261824][ T9196] FAT-fs (loop5): Directory bread(block 69) failed
[  194.279173][ T9196] FAT-fs (loop5): Directory bread(block 70) failed
[  194.286140][ T9196] FAT-fs (loop5): Directory bread(block 71) failed
[  194.298927][ T9196] FAT-fs (loop5): Directory bread(block 72) failed
[  194.307304][ T9196] FAT-fs (loop5): Directory bread(block 73) failed
[  194.367600][ T9196] bio_check_eod: 19 callbacks suppressed
[  194.367621][ T9196] syz.5.1106: attempt to access beyond end of device
[  194.367621][ T9196] loop5: rw=2051, sector=1224, nr_sectors = 32 limit=256
[  194.924018][ T5898] pegasus 7-1:0.0: probe with driver pegasus failed with error -71
[  194.951908][ T5898] usb 7-1: USB disconnect, device number 4
[  195.076148][ T9218] loop3: detected capacity change from 0 to 128
[  195.226367][ T9222] netlink: 100 bytes leftover after parsing attributes in process `syz.3.1119'.
[  195.241742][ T9224] overlayfs: invalid origin (00000079000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000)
[  195.796333][ T9254] loop6: detected capacity change from 0 to 2048
[  195.810082][ T9254] UDF-fs: error (device loop6): udf_process_sequence: Primary Volume Descriptor not found!
[  195.812130][ T9256] loop3: detected capacity change from 0 to 256
[  195.827127][ T9254] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  195.855681][   T30] audit: type=1800 audit(1749194839.987:71): pid=9254 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1132" name="file1" dev="loop6" ino=1367 res=0 errno=0
[  196.710351][ T7566] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  196.880226][ T7566] usb 6-1: Using ep0 maxpacket: 16
[  196.906186][ T7566] usb 6-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  196.939061][ T7566] usb 6-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  196.967885][ T7566] usb 6-1: Product: syz
[  196.988073][ T7566] usb 6-1: Manufacturer: syz
[  197.000253][ T7566] usb 6-1: SerialNumber: syz
[  197.033234][ T7566] usb 6-1: config 0 descriptor??
[  197.132755][ T9289] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1149'.
[  197.244745][ T9275] loop3: detected capacity change from 0 to 40427
[  197.272591][ T5913] usb 6-1: USB disconnect, device number 9
[  197.273823][ T9293] /dev/nbd0: Can't open blockdev
[  197.296048][ T9275] F2FS-fs (loop3): build fault injection rate: 690
[  197.310280][ T9275] F2FS-fs (loop3): heap/no_heap options were deprecated
[  197.332054][ T9275] F2FS-fs (loop3): invalid crc value
[  197.457996][ T9298] gretap0: entered promiscuous mode
[  197.468701][ T9298] macsec2: entered promiscuous mode
[  197.486451][ T9298] macsec2: entered allmulticast mode
[  197.498079][ T9298] gretap0: entered allmulticast mode
[  197.628518][ T9275] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  197.712165][ T9275] syz.3.1142: attempt to access beyond end of device
[  197.712165][ T9275] loop3: rw=34817, sector=77824, nr_sectors = 8 limit=40427
[  197.889951][ T5845] syz-executor: attempt to access beyond end of device
[  197.889951][ T5845] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  197.929829][ T5845] CPU: 1 UID: 0 PID: 5845 Comm: syz-executor Not tainted 6.15.0-next-20250606-syzkaller #0 PREEMPT(full) 
[  197.929856][ T5845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  197.929868][ T5845] Call Trace:
[  197.929875][ T5845]  <TASK>
[  197.929883][ T5845]  dump_stack_lvl+0x189/0x250
[  197.929908][ T5845]  ? __pfx_dump_stack_lvl+0x10/0x10
[  197.929923][ T5845]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  197.929951][ T5845]  ? __pfx_queue_work_on+0x10/0x10
[  197.929970][ T5845]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  197.929997][ T5845]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  197.930026][ T5845]  ? f2fs_hw_is_readonly+0x39b/0x470
[  197.930054][ T5845]  f2fs_handle_critical_error+0x37c/0x540
[  197.930084][ T5845]  f2fs_write_end_io+0x495/0x810
[  197.930106][ T5845]  ? blkg_put+0x22/0x240
[  197.930145][ T5845]  __submit_merged_bio+0x27a/0x6a0
[  197.930174][ T5845]  __submit_merged_write_cond+0x255/0x530
[  197.930204][ T5845]  f2fs_write_data_pages+0x261d/0x3000
[  197.930265][ T5845]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  197.930302][ T5845]  ? is_bpf_text_address+0x292/0x2b0
[  197.930359][ T5845]  ? __mod_zone_page_state+0xd7/0x140
[  197.930387][ T5845]  ? folios_put_refs+0x560/0x640
[  197.930424][ T5845]  ? __lock_acquire+0xab9/0xd20
[  197.930464][ T5845]  ? do_raw_spin_lock+0x121/0x290
[  197.930497][ T5845]  ? do_raw_spin_unlock+0x122/0x240
[  197.930518][ T5845]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  197.930543][ T5845]  do_writepages+0x32b/0x550
[  197.930582][ T5845]  ? do_raw_spin_unlock+0x122/0x240
[  197.930608][ T5845]  filemap_fdatawrite+0x191/0x230
[  197.930626][ T5845]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  197.930698][ T5845]  ? do_raw_spin_unlock+0x122/0x240
[  197.930723][ T5845]  f2fs_sync_dirty_inodes+0x31f/0x830
[  197.930765][ T5845]  f2fs_write_checkpoint+0x94a/0x1de0
[  197.930817][ T5845]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  197.930894][ T5845]  ? kill_f2fs_super+0x298/0x6c0
[  197.930925][ T5845]  kill_f2fs_super+0x2c3/0x6c0
[  197.930957][ T5845]  ? __pfx_kill_f2fs_super+0x10/0x10
[  197.930979][ T5845]  ? radix_tree_delete_item+0x2b6/0x400
[  197.931005][ T5845]  ? shrinker_free+0x2ce/0x3e0
[  197.931031][ T5845]  deactivate_locked_super+0xb9/0x130
[  197.931059][ T5845]  cleanup_mnt+0x425/0x4c0
[  197.931084][ T5845]  ? lockdep_hardirqs_on+0x9c/0x150
[  197.931105][ T5845]  task_work_run+0x1d1/0x260
[  197.931130][ T5845]  ? __pfx_task_work_run+0x10/0x10
[  197.931148][ T5845]  ? __x64_sys_umount+0x122/0x160
[  197.931172][ T5845]  ? exit_to_user_mode_loop+0x40/0x110
[  197.931201][ T5845]  exit_to_user_mode_loop+0xec/0x110
[  197.931227][ T5845]  do_syscall_64+0x2bd/0x3b0
[  197.931245][ T5845]  ? lockdep_hardirqs_on+0x9c/0x150
[  197.931262][ T5845]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.931280][ T5845]  ? clear_bhb_loop+0x60/0xb0
[  197.931303][ T5845]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.931320][ T5845] RIP: 0033:0x7fdf5458fc57
[  197.931347][ T5845] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  197.931362][ T5845] RSP: 002b:00007ffe106ed3d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  197.931381][ T5845] RAX: 0000000000000000 RBX: 00007fdf54610925 RCX: 00007fdf5458fc57
[  197.931393][ T5845] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe106ed490
[  197.931403][ T5845] RBP: 00007ffe106ed490 R08: 0000000000000000 R09: 0000000000000000
[  197.931412][ T5845] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe106ee520
[  197.931424][ T5845] R13: 00007fdf54610925 R14: 0000000000030442 R15: 00007ffe106ee560
[  197.931458][ T5845]  </TASK>
[  197.931466][ T5845] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  197.971851][ T9291] loop6: detected capacity change from 0 to 32768
[  198.348843][ T9291] XFS (loop6): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  198.489190][ T9291] XFS (loop6): Ending clean mount
[  198.569794][ T6327] XFS (loop6): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  199.057715][ T9336] loop3: detected capacity change from 0 to 128
[  199.100015][ T9336] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  199.173763][ T9336] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  199.299681][ T9336] kvm: kvm [9335]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010058) = 0x2978473613fabc6
[  199.462409][ T9342] xt_ecn: cannot match TCP bits for non-tcp packets
[  199.572562][ T9348] (unnamed net_device) (uninitialized): ARP target 1.0.0.0 is already present
[  199.586908][ T9348] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (1)
[  199.918063][ T9350] cgroup: fork rejected by pids controller in /syz6
[  200.952639][ T9722] loop3: detected capacity change from 0 to 32768
[  201.028406][   T30] audit: type=1800 audit(1749194845.167:72): pid=9722 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1181" name="file1" dev="loop3" ino=4 res=0 errno=0
[  201.277542][ T5852] Bluetooth: hci3: command 0x0406 tx timeout
[  201.283871][   T51] Bluetooth: hci0: command 0x0406 tx timeout
[  201.283891][ T5838] Bluetooth: hci2: command 0x0406 tx timeout
[  201.442364][ T9931] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only
[  201.529375][ T9931] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  201.639739][ T9938] syzkaller1: entered promiscuous mode
[  201.696212][ T9938] syzkaller1: entered allmulticast mode
[  202.016948][ T9950] veth1_to_hsr: entered promiscuous mode
[  202.041729][ T9950] macsec1: entered promiscuous mode
[  202.047262][ T9950] macsec1: entered allmulticast mode
[  202.073498][ T9950] veth1_to_hsr: entered allmulticast mode
[  202.097614][ T9950] veth1_to_hsr: left allmulticast mode
[  202.119541][ T9950] veth1_to_hsr: left promiscuous mode
[  202.400686][ T9973] IPv6: Can't replace route, no match found
[  202.429514][ T9975] netlink: 'syz.5.1213': attribute type 12 has an invalid length.
[  202.759249][   T43] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  202.921182][   T43] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  202.948930][   T43] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  202.963698][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  202.993985][   T43] usb 1-1: Product: syz
[  203.010843][   T43] usb 1-1: Manufacturer: syz
[  203.023261][   T43] usb 1-1: SerialNumber: syz
[  203.285519][T10007] loop3: detected capacity change from 0 to 512
[  203.330291][T10007] EXT4-fs: Ignoring removed nobh option
[  203.364170][T10007] fscrypt (loop3, inode 2): Error -61 getting encryption context
[  203.402695][T10007] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -61
[  203.422676][T10007] EXT4-fs error (device loop3): ext4_orphan_get:1393: inode #13: comm syz.3.1227: casefold flag without casefold feature
[  203.474290][T10007] EXT4-fs (loop3): Remounting filesystem read-only
[  203.500556][T10007] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  203.544826][T10007] fscrypt (loop3, inode 2): Error -61 getting encryption context
[  203.639501][ T5845] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  204.129946][   T43] cdc_ncm 1-1:1.0: bind() failure
[  204.143300][   T43] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  204.173247][   T43] cdc_ncm 1-1:1.1: bind() failure
[  204.195077][   T43] usb 1-1: USB disconnect, device number 9
[  204.307119][T10035] loop6: detected capacity change from 0 to 2048
[  204.340899][T10035] NILFS (loop6): broken superblock, retrying with spare superblock (blocksize = 1024)
[  204.382445][T10036] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  204.435071][T10035] NILFS error (device loop6): nilfs_readdir: zero-length directory entry
[  204.475358][T10035] Remounting filesystem read-only
[  204.510506][T10026] loop3: detected capacity change from 0 to 32768
[  204.605141][T10026] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  204.819146][T10026] XFS (loop3): Ending clean mount
[  204.982802][ T5159] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  204.998368][ T5159] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  204.999228][ T5845] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  205.016312][ T5159] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  205.026792][ T5159] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  205.037640][ T5159] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  205.282338][ T5913] usb 7-1: new full-speed USB device number 5 using dummy_hcd
[  205.450987][ T5913] usb 7-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  205.468443][ T5913] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  205.487804][ T5913] usb 7-1: config 0 descriptor??
[  205.786499][T10052] chnl_net:caif_netlink_parms(): no params data found
[  205.817188][T10071] vivid-001: disconnect
[  205.865555][T10066] vivid-001: reconnect
[  206.130362][T10052] bridge0: port 1(bridge_slave_0) entered blocking state
[  206.137575][T10052] bridge0: port 1(bridge_slave_0) entered disabled state
[  206.169292][T10052] bridge_slave_0: entered allmulticast mode
[  206.182652][T10052] bridge_slave_0: entered promiscuous mode
[  206.213523][T10052] bridge0: port 2(bridge_slave_1) entered blocking state
[  206.229990][T10052] bridge0: port 2(bridge_slave_1) entered disabled state
[  206.237486][T10052] bridge_slave_1: entered allmulticast mode
[  206.249340][T10052] bridge_slave_1: entered promiscuous mode
[  206.344143][T10052] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  206.379698][T10052] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  206.512729][ T5913] pegasus 7-1:0.0: probe with driver pegasus failed with error -71
[  206.517532][T10052] team0: Port device team_slave_0 added
[  206.526606][ T5913] usb 7-1: USB disconnect, device number 5
[  206.550194][T10052] team0: Port device team_slave_1 added
[  206.636706][T10052] batman_adv: batadv0: Adding interface: batadv_slave_0
[  206.654651][T10052] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  206.680741][    C0] vkms_vblank_simulate: vblank timer overrun
[  206.710787][T10052] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  206.763676][T10052] batman_adv: batadv0: Adding interface: batadv_slave_1
[  206.783393][T10052] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  206.813254][T10052] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  206.933179][T10052] hsr_slave_0: entered promiscuous mode
[  206.940878][T10052] hsr_slave_1: entered promiscuous mode
[  206.947180][T10052] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  206.955024][T10052] Cannot create hsr debugfs directory
[  207.059240][ T5913] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  207.111938][ T5851] Bluetooth: hci1: command tx timeout
[  207.270441][    C0] vkms_vblank_simulate: vblank timer overrun
[  207.278866][ T7566] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  207.288422][ T5913] usb 2-1: Using ep0 maxpacket: 32
[  207.296552][ T5913] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  207.307872][ T5913] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  207.317817][ T5913] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  207.326921][ T5913] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  207.339815][ T5913] usb 2-1: config 0 descriptor??
[  207.361677][ T5913] hub 2-1:0.0: USB hub found
[  207.403464][T10052] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  207.442470][ T7566] usb 1-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  207.466470][ T7566] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  207.478262][ T7566] usb 1-1: config 0 descriptor??
[  207.563237][T10052] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  207.578836][ T5913] hub 2-1:0.0: 1 port detected
[  207.671970][T10052] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  207.747010][T10052] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  207.914781][ T7566] elan 0003:04F3:0755.0006: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.0-1/input0
[  207.935985][T10052] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  207.954612][T10052] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  207.975557][T10052] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  207.987326][ T5913] usb 2-1: USB disconnect, device number 8
[  208.006577][T10052] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  208.083322][T10127] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  208.224803][T10052] 8021q: adding VLAN 0 to HW filter on device bond0
[  208.282135][T10052] 8021q: adding VLAN 0 to HW filter on device team0
[  208.296238][ T6276] bridge0: port 1(bridge_slave_0) entered blocking state
[  208.303485][ T6276] bridge0: port 1(bridge_slave_0) entered forwarding state
[  208.335231][ T6276] bridge0: port 2(bridge_slave_1) entered blocking state
[  208.342463][ T6276] bridge0: port 2(bridge_slave_1) entered forwarding state
[  208.620604][ T5898] usb 1-1: USB disconnect, device number 10
[  208.705450][T10143] IPVS: Scheduler module ip_vs_sip not found
[  208.824071][T10052] 8021q: adding VLAN 0 to HW filter on device batadv0
[  314.168989][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  314.176015][    C1] rcu: 	0-...!: (0 ticks this GP) idle=832c/1/0x4000000000000000 softirq=41154/41154 fqs=1
[  314.187368][    C1] rcu: 	(detected by 1, t=10502 jiffies, g=31501, q=627 ncpus=2)
[  314.195141][    C1] Sending NMI from CPU 1 to CPUs 0:
[  314.195185][    C0] NMI backtrace for cpu 0
[  314.195277][    C0] CPU: 0 UID: 0 PID: 10176 Comm: syz.6.1290 Not tainted 6.15.0-next-20250606-syzkaller #0 PREEMPT(full) 
[  314.195307][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  314.195323][    C0] RIP: 0010:check_preemption_disabled+0x12/0x120
[  314.195355][    C0] Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 41 57 41 56 53 48 83 ec 10 65 48 8b 05 9e 4d 36 07 <48> 89 44 24 08 65 8b 05 a6 4d 36 07 65 8b 0d 9b 4d 36 07 f7 c1 ff
[  314.195371][    C0] RSP: 0018:ffffc90000007b88 EFLAGS: 00000086
[  314.195387][    C0] RAX: abdf03bdf6116000 RBX: 0000000000000000 RCX: abdf03bdf6116000
[  314.195400][    C0] RDX: 0000000000000000 RSI: ffffffff8db70f6d RDI: ffffffff8be2a880
[  314.195412][    C0] RBP: ffffffff898674c4 R08: 0000000000000000 R09: ffffffff898674c4
[  314.195424][    C0] R10: dffffc0000000000 R11: ffffffff89867400 R12: 0000000000000000
[  314.195435][    C0] R13: ffff8880206b3300 R14: 0000000000000001 R15: 0000000000000046
[  314.195447][    C0] FS:  00007f92f90ab6c0(0000) GS:ffff888125c4d000(0000) knlGS:0000000000000000
[  314.195462][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  314.195473][    C0] CR2: 000000110c35e060 CR3: 0000000023f70000 CR4: 00000000003526f0
[  314.195488][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  314.195498][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  314.195509][    C0] Call Trace:
[  314.195522][    C0]  <IRQ>
[  314.195530][    C0]  ? advance_sched+0xc4/0xc90
[  314.195556][    C0]  ? lock_acquire+0x120/0x360
[  314.195586][    C0]  ? advance_sched+0xc4/0xc90
[  314.195610][    C0]  lock_acquire+0x130/0x360
[  314.195638][    C0]  _raw_spin_lock+0x2e/0x40
[  314.195668][    C0]  ? advance_sched+0xc4/0xc90
[  314.195692][    C0]  advance_sched+0xc4/0xc90
[  314.195717][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  314.195748][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  314.195779][    C0]  ? __pfx_advance_sched+0x10/0x10
[  314.195802][    C0]  __hrtimer_run_queues+0x52c/0xc60
[  314.195848][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  314.195872][    C0]  ? read_tsc+0x9/0x20
[  314.195897][    C0]  hrtimer_interrupt+0x45b/0xaa0
[  314.195939][    C0]  __sysvec_apic_timer_interrupt+0x108/0x410
[  314.195968][    C0]  sysvec_apic_timer_interrupt+0xa1/0xc0
[  314.195986][    C0]  </IRQ>
[  314.195991][    C0]  <TASK>
[  314.195998][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  314.196022][    C0] RIP: 0010:_raw_spin_unlock_irqrestore+0xa8/0x110
[  314.196050][    C0] Code: 74 05 e8 7b 9e 5e f6 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f6 44 24 21 02 75 4f f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> 63 8a 27 f6 65 8b 05 5c e3 33 07 85 c0 74 40 48 c7 04 24 0e 36
[  314.196065][    C0] RSP: 0018:ffffc90015d1fb60 EFLAGS: 00000206
[  314.196079][    C0] RAX: abdf03bdf6116000 RBX: 0000000000000a06 RCX: abdf03bdf6116000
[  314.196096][    C0] RDX: 0000000000000007 RSI: ffffffff8d984053 RDI: 0000000000000001
[  314.196107][    C0] RBP: ffffc90015d1fbf0 R08: ffffffff8fa126f7 R09: 1ffffffff1f424de
[  314.196119][    C0] R10: dffffc0000000000 R11: fffffbfff1f424df R12: dffffc0000000000
[  314.196132][    C0] R13: ffff8880b8627ac0 R14: ffff8880b8627ac0 R15: 1ffff92002ba3f6c
[  314.196155][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  314.196180][    C0]  ? read_tsc+0x9/0x20
[  314.196205][    C0]  clock_was_set+0x63b/0x7c0
[  314.196234][    C0]  ? __pfx_clock_was_set+0x10/0x10
[  314.196255][    C0]  ? do_settimeofday64+0x2d1/0x5e0
[  314.196276][    C0]  ? timekeeping_update_from_shadow+0x2b1/0x350
[  314.196297][    C0]  do_settimeofday64+0x2ec/0x5e0
[  314.196319][    C0]  ? __pfx_do_settimeofday64+0x10/0x10
[  314.196337][    C0]  ? wacom_setup_inputs+0xf1/0x1f0
[  314.196357][    C0]  ? bpf_lsm_settime+0x9/0x20
[  314.196374][    C0]  ? security_settime64+0x76/0x290
[  314.196397][    C0]  ? do_sys_settimeofday64+0x163/0x260
[  314.196419][    C0]  __x64_sys_clock_settime+0x229/0x280
[  314.196442][    C0]  ? __pfx___x64_sys_clock_settime+0x10/0x10
[  314.196462][    C0]  ? rcu_is_watching+0x15/0xb0
[  314.196490][    C0]  ? do_syscall_64+0xbe/0x3b0
[  314.196510][    C0]  do_syscall_64+0xfa/0x3b0
[  314.196527][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  314.196543][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.196560][    C0]  ? clear_bhb_loop+0x60/0xb0
[  314.196578][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.196596][    C0] RIP: 0033:0x7f92f818e929
[  314.196613][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  314.196628][    C0] RSP: 002b:00007f92f90ab038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e3
[  314.196644][    C0] RAX: ffffffffffffffda RBX: 00007f92f83b5fa0 RCX: 00007f92f818e929
[  314.196656][    C0] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000000
[  314.196667][    C0] RBP: 00007f92f8210b39 R08: 0000000000000000 R09: 0000000000000000
[  314.196678][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  314.196688][    C0] R13: 0000000000000000 R14: 00007f92f83b5fa0 R15: 00007fff3c3967c8
[  314.196707][    C0]  </TASK>
[  314.197172][    C1] rcu: rcu_preempt kthread starved for 10495 jiffies! g31501 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[  314.706057][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  314.716053][    C1] rcu: RCU grace-period kthread stack dump:
[  314.721944][    C1] task:rcu_preempt     state:R  running task     stack:27192 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
[  314.735461][    C1] Call Trace:
[  314.738747][    C1]  <TASK>
[  314.741694][    C1]  __schedule+0x16f5/0x4d00
[  314.746219][    C1]  ? do_raw_spin_unlock+0x122/0x240
[  314.751437][    C1]  ? schedule+0x165/0x360
[  314.755781][    C1]  ? __lock_acquire+0xab9/0xd20
[  314.760652][    C1]  ? __pfx___schedule+0x10/0x10
[  314.765535][    C1]  ? schedule+0x91/0x360
[  314.769819][    C1]  schedule+0x165/0x360
[  314.773995][    C1]  schedule_timeout+0x12b/0x270
[  314.778868][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[  314.784256][    C1]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  314.790182][    C1]  ? __pfx_process_timeout+0x10/0x10
[  314.795493][    C1]  ? prepare_to_swait_event+0x341/0x380
[  314.801064][    C1]  rcu_gp_fqs_loop+0x301/0x1540
[  314.805956][    C1]  ? __pfx_rcu_watching_snap_save+0x10/0x10
[  314.811870][    C1]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  314.817171][    C1]  ? _raw_spin_unlock_irq+0x2e/0x50
[  314.822397][    C1]  ? finish_swait+0xcd/0x1f0
[  314.827009][    C1]  rcu_gp_kthread+0x99/0x390
[  314.831623][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  314.836840][    C1]  ? __kthread_parkme+0x7b/0x200
[  314.841798][    C1]  ? __kthread_parkme+0x1a1/0x200
[  314.846845][    C1]  kthread+0x70e/0x8a0
[  314.850936][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  314.856175][    C1]  ? __pfx_kthread+0x10/0x10
[  314.860815][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  314.866068][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  314.871292][    C1]  ? __pfx_kthread+0x10/0x10
[  314.875908][    C1]  ret_from_fork+0x3f9/0x770
[  314.880527][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  314.885672][    C1]  ? __switch_to_asm+0x39/0x70
[  314.890451][    C1]  ? __switch_to_asm+0x33/0x70
[  314.895229][    C1]  ? __pfx_kthread+0x10/0x10
[  314.899840][    C1]  ret_from_fork_asm+0x1a/0x30
[  314.904644][    C1]  </TASK>
[  314.907679][    C1] rcu: Stack dump where RCU GP kthread last ran:
[  314.914018][    C1] CPU: 1 UID: 0 PID: 5842 Comm: syz-executor Not tainted 6.15.0-next-20250606-syzkaller #0 PREEMPT(full) 
[  314.925314][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  314.935380][    C1] RIP: 0010:smp_call_function_many_cond+0xf69/0x12d0
[  314.942077][    C1] Code: 00 45 8b 2f 44 89 ee 83 e6 01 31 ff e8 60 78 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 07 e8 0b 74 0b 00 eb 37 f3 90 <43> 0f b6 04 2c 84 c0 75 10 41 f7 07 01 00 00 00 74 1e e8 f0 73 0b
[  314.961716][    C1] RSP: 0018:ffffc900041cf560 EFLAGS: 00000293
[  314.967800][    C1] RAX: ffffffff81b4eaf0 RBX: ffff8880b873cb40 RCX: ffff88802ba4bc00
[  314.975783][    C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  314.983782][    C1] RBP: ffffc900041cf6c0 R08: ffffffff8fa126f7 R09: 1ffffffff1f424de
[  314.991788][    C1] R10: dffffc0000000000 R11: fffffbfff1f424df R12: 1ffff110170c86b5
[  314.999780][    C1] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8880b86435a8
[  315.007768][    C1] FS:  000055555fd6e500(0000) GS:ffff888125d4d000(0000) knlGS:0000000000000000
[  315.016712][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  315.023309][    C1] CR2: 00007fcec94926d0 CR3: 0000000076bd0000 CR4: 00000000003526f0
[  315.031303][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  315.039299][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  315.047294][    C1] Call Trace:
[  315.050596][    C1]  <TASK>
[  315.053569][    C1]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[  315.059945][    C1]  ? ldt_dup_context+0x336/0x3e0
[  315.064907][    C1]  ? rcu_is_watching+0x15/0xb0
[  315.069710][    C1]  ? __pfx_flush_tlb_func+0x10/0x10
[  315.074933][    C1]  on_each_cpu_cond_mask+0x3f/0x80
[  315.080081][    C1]  flush_tlb_mm_range+0x6b1/0x12c0
[  315.085231][    C1]  ? __pfx_flush_tlb_mm_range+0x10/0x10
[  315.090800][    C1]  ? up_write+0x1c4/0x420
[  315.095151][    C1]  dup_mmap+0x15a0/0x1ac0
[  315.099513][    C1]  ? __pfx_dup_mmap+0x10/0x10
[  315.104221][    C1]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  315.110135][    C1]  ? mm_init+0xd20/0xf50
[  315.114419][    C1]  copy_mm+0x13c/0x4b0
[  315.118509][    C1]  copy_process+0x1706/0x3c00
[  315.123239][    C1]  ? copy_process+0x97f/0x3c00
[  315.128029][    C1]  ? __pfx_copy_process+0x10/0x10
[  315.133099][    C1]  kernel_clone+0x21e/0x870
[  315.137627][    C1]  ? __pfx_kernel_clone+0x10/0x10
[  315.142699][    C1]  __x64_sys_clone+0x18b/0x1e0
[  315.147476][    C1]  ? count_memcg_event_mm+0x21/0x260
[  315.152783][    C1]  ? __pfx___x64_sys_clone+0x10/0x10
[  315.158101][    C1]  ? do_user_addr_fault+0xc8a/0x1390
[  315.163409][    C1]  ? do_syscall_64+0xbe/0x3b0
[  315.168110][    C1]  do_syscall_64+0xfa/0x3b0
[  315.172628][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  315.177856][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  315.183946][    C1]  ? clear_bhb_loop+0x60/0xb0
[  315.188647][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  315.194562][    C1] RIP: 0033:0x7f1ef3985193
[  315.198990][    C1] Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
[  315.218609][    C1] RSP: 002b:00007ffc6d17c838 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  315.227039][    C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1ef3985193
[  315.235017][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[  315.243093][    C1] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001
[  315.251081][    C1] R10: 000055555fd6e7d0 R11: 0000000000000246 R12: 0000000000000000
[  315.259063][    C1] R13: 00000000000927c0 R14: 0000000000032ffe R15: 00007ffc6d17c9d0
[  315.267073][    C1]  </TASK>