last executing test programs:

3m21.817219621s ago: executing program 2 (id=6):
r0 = syz_open_dev$sndctrl(&(0x7f0000001ac0), 0x0, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r1, 0xc1105511, &(0x7f0000000040)={0x9, 0x0, 0x40, 0x10000, 'syz1\x00', 0x4000000})
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0xc1105511, &(0x7f0000000040))
socket(0xa, 0x2, 0x0)

3m21.617946866s ago: executing program 2 (id=7):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000080)=0x7, 0x4)
sendto$inet6(r0, &(0x7f0000000240)="15", 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0xfffffffd, @loopback}, 0x1c)
recvmmsg(r0, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x123, 0x0)

3m21.308137573s ago: executing program 2 (id=8):
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
setxattr$security_evm(&(0x7f00000002c0)='./bus\x00', &(0x7f0000000340), &(0x7f0000000000)=@v2={0x3, 0x0, 0x3, 0x2}, 0x9, 0x2)

3m21.154032016s ago: executing program 2 (id=9):
syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', 0x2000006, &(0x7f00000001c0)={[{@volume={'volume', 0x3d, 0x3e}}, {@umask={'umask', 0x3d, 0x9}}, {@anchor={'anchor', 0x3d, 0xffff}}, {@gid_forget}, {@volume={'volume', 0x3d, 0x3ff}}, {}, {}, {@lastblock}, {@iocharset={'iocharset', 0x3d, 'cp863'}}]}, 0x1, 0xc32, &(0x7f0000000e00)="$eJzs3U1sXNd9N+D/uRyKI/l9KyZ2FCeNi0lbpLJiufqKqViFO6pptgFkWQjF7AJwJI7UgSmSIKlGNtKC6aaLLgIURRdZEWiNAikaGE0RdMm0LpBsvCiy6opoYSMoumCLAFkFLO6dM9KQIm1GFCVKeh6b+s3ce86dc+4Z3ysLOvcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDxe6+dP3EyPexWAAAP0sXxr5445f4PAE+Uy/7/HwAAAAAAAAAAAAAA9rsURTwdKeYurqXJ6n1X/UJn8OatidGxrasdTFXNgap8+VM/eer0mS+9NHK2lxc6Mx9R/377bLwxfvl849XZG3Pz7YWF9lRjYqZzdXaqveMj7Lb+ZseqE9C48ebNqWvXFhqnXjy9Yfet4Q+HnjoyfG7k+ePP9cpOjI6Njd8pUu8vX7vnhnRtN8PjQBRxPFK88L2fplZEFLH7c1F/sGO/2cGqE8eqTkyMjlUdme60ZhbLnZd6J6KIaPRVavbO0dZjEbXBB9qH7TUjlsrmlw0+VnZvfK4137oy3W5cas0vdhY7szOXUre1ZX8aUcTZFLEcEatDdx9uMIqoRYrvHF5LVyJioHcevlhNDN6+HcUe9nEHynY2BiOWi0dgzPaxoSji9Ujxs/eOxtV8namuNV+IeL3MH0S8U+YrEan8YpyJ+GCL7xGPploU8efl+J9bS1PV9aB3XbnwtcZXZq7N9pXtXVd+yfvDXVeKh3R/OLgpH4x9fm2qRxGt6oq/lu79NzsAAAAAAAAAAAAAAAAA3G8Ho4jPRIrX/u2PqnnFUc1LP3xu5PeH/3//nPFnP+Y4ZdkXI2Kp2Nmc3AN5YuCldCmlhzyX+ElWjyL+OM//+9bDbgwAAAAAAAAAAAAAAAAAAMATrYifRIqX3z+alqN/TfHOzPXG5daV6e6qsL21f3trpq+vr683UjebOSdzLuVczrmSczVnFLl+zmbOyZxLOZdzruRczRkDuX7OZs7JnEs5l3Ou5FzNGbVcP2cz52TOpZzLOVdyruaMfbJ2LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIn4RKb79jbUUKSKaEZPRzZWhh906AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA0lIr4fqRo/EHz9rZaRKTq366j5S9nonmgzE9Gc6TMV6J5PmerylrzWw+h/ezOYCrix5FiqP7u7QHP4z/YfXf7axDvfPPOu8/WujnQ2zn84dBTRw6fGxn7tWe3e522asCxC52Zm7caE6NjY+N9m2v50z/Zt204f25xf7pORCy89fabrenp9vy9vyi/Aruo/gi9SLUnpadeVC+iti+a8XD6zhOgvP9/ECl++/1/793wu/f/evy/7rvbd/j4+Z/cuf+/vPlAO7z/1zbXy/f/8p6+1f3/6b5tL+ffjQzWIuqLN+YGj0TUF956+3jnRut6+3p75syJE18eGfny6RODByLq1zrT7b5X9+V0AQAAAAAAAAAAAAAAADw4qYjfjRStH6+lRkTcquZrDZ8bef74cwMxUM232jBv+43xy+cbr87emJtvLyy0pxoTM52rs1PtnX5cvZruNTE6tied+VgH97j9B+uvzs69Nd+5/oeLW+4/VD9/ZWFxvnV1691xMIqIZv+WY1WDJ0bHqkZPd1ozVdVLW06m/+UNpiL+I1JcPdNIn8/b8vz/zTP8N8z/X9p8oD2a//+Jvm3lZ6ZUxM8jxW/9xbPx+aqdh+Kuc5bL/U2kOHb2c7lcHCjL9drQfa5Ad2ZgWfZ/IsU//GJj2d58yKfvlD254xP7iCjH/3Ck+P6ffTd+PW/b+PyHrcf/0OYD7dH4P9O37dCG5xXsuuvk8T8eKV55+t34jbzto57/0Xv2xtFc+PbzOfZo/D/Vt204f+5v3p+uAwAAAAAAAAAAPNIGUxF/Gyl+OFZLL+VtO/n7f1ObD7RHf//r033bpu7PekUf+2LXJxUAAAAA9onBVMRPIsX1xXdvz6HeOP+7b/7n79yZ/zmaNu2t/pzvV6rnBtzPP//rN5w/d3L33QYAAAAAAAAAAAAAAAAAAIB9JaUiXsrrqU9W8/mntl1PfSVSvPZfL+Ry6UhZrrcO/HD1a/3i7Mzx89PTs1dbi60r0+3G+Fzrarus+0ykWPvrz+W6RbW+em+9+e4a73fWYp+PFGN/1yvbXYu9tzb5M72yS+2TZdlPRIr//PuNZXvrWH/qznFPlWX/KlJ8/Z+2LnvkTtnTZdnvRooffb3RK3uoLNt7Puqn75R98epssQejAgAAAAAAAAAAAAAAAAAAwJNmMBXxp5Hiv28s357Ln9f/H+x7W3nnm33r/W9yq1rnf7ha/3+71/ey/n/1XIGl7T4VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTymKeDtSzF1cSytD5fuu+oXOzM1bE6NjW1c7mKqaA1X58qd+8tTpM196aeRsLz+6/v32mXhj/PL5xquzN+bm2wsL7anGxEzn6uxUe8dH2G39zY5VJ6Bx482bU9euLTROvXh6w+5bwx8OPXVk+NzI88ef65WdGB0bG+8rUxu850+/S9pm+4Eo4i8jxQvf+2n64VBEEbs/Fx/z3dlrB6tOHKs6MTE6VnVkutOaWSx3XuqdiCKi0Vep2TtHD2AsdqUZsVQ2v2zwsbJ743Ot+daV6XbjUmt+sbPYmZ25lLqtLfvTiCLOpojliFgduvtwg1HEm5HiO4fX0j8PRQz0zsMXL45/9cSp7dtR7GEfd6BsZ2MwYrn4qDHbosNsMBRF/GOk+Nl7R+NfhiJq0f2JL0S8XuYPIt6J7nin8otxJuIDp/WxUYsi/rcc/3Nr6b2h8nrQu65c+FrjKzPXZvvK9q4rj/z94UHa5/eTehTxo+qKv5b+1X/XAAAAAAAAAAAAAAAAAPtIEb8aKV5+/2iq5gffnlPcmbneuNy6Mt2d1teb+9ebM72+vr7eSN1s5pzMuZRzOedKztWcUeT6OZtl1tfXJ/P7pZzLOVdyruaMgVw/ZzPnZM6lnMs5V3Ku5oxarp+zmXMy51LO5ZwrOVdzxj6ZuwcAAAAAAAAAAAAAAAAAADxeiuqfFN/+xlpaH6rWlx7o7VuxHuhj7/8CAAD//0pa+Ck=")
creat(&(0x7f0000000100)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f00000001c0)='./bus\x00', 0x0, 0xe3)
preadv2(r0, &(0x7f0000000040)=[{&(0x7f0000001200)=""/4096, 0xfffffdef}], 0x1, 0x22, 0x0, 0x0)

3m20.336846955s ago: executing program 2 (id=15):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x29d})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_GET_MSRS(r2, 0xc008ae88, &(0x7f0000000040))

3m19.784545309s ago: executing program 2 (id=17):
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000440)={'filter\x00', 0x0, [0x3cb4, 0xfffffffc, 0x1, 0x7, 0x8]}, &(0x7f0000000000)=0x54)

3m19.069490274s ago: executing program 32 (id=17):
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000440)={'filter\x00', 0x0, [0x3cb4, 0xfffffffc, 0x1, 0x7, 0x8]}, &(0x7f0000000000)=0x54)

2m47.747120506s ago: executing program 5 (id=145):
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000)
r0 = socket$xdp(0x2c, 0x3, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/49, 0x210000, 0x800, 0x0, 0x2}, 0x1c)
syz_clone3(&(0x7f0000000380)={0x5200, 0x0, 0x0, 0x0, {0x39}, 0x0, 0x0, 0x0, 0x0}, 0x58)

2m47.337124736s ago: executing program 5 (id=148):
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x817f20104678dc2a, 0x0, 0x0, 0x0, &(0x7f0000000000))
pipe2$9p(&(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000600)=ANY=[@ANYBLOB="090000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}})

2m46.984540567s ago: executing program 5 (id=149):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x1810714, &(0x7f0000000b00)={[{@test_dummy_encryption}, {@init_itable_val}, {@minixdf}, {@jqfmt_vfsv1}, {@nodioread_nolock}, {@stripe={'stripe', 0x3d, 0x93a4}}, {@dax_inode}, {@errors_remount}, {@auto_da_alloc}, {@test_dummy_encryption}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0xff, 0x48b, &(0x7f0000000580)="$eJzs289vFFUcAPDvTLf8KIStiCgIUkWT+qulBZWDidFo4kETEz3gsbaFIAs1tCZCGq3G4NGQeDceTfwLPHky6snEKx5NDAlRYiJ6cc3sziztsku70LKl+/kkS9+befPe++7Mm307jw2gZw1l/yQR2yPiUkSU69mlBYbqf65dnZ/85+r8ZBLV6pt/JLVyf1+dn6zmiuO25XUOpxHpp0neSPQvrnb23PlTE5XK9Nk8Pzp3+r3R2XPnnz55euLE9InpM+NHjx45PPbcs+PPtOj1bxc7CrIv/7v3w5l9e159++Lrk8cuvvPjN1l/d++v78ri6KjOFRjKAv+z/t4073tstRvrsv+q1+NMSvVtjw90uVMsKxsapXxwXopy9EWpsa8cr3zS1c4Bayq7Z29uv3uhCmxgSXS7B0B3FB/02fff4nWHph7rwpUX61+Asriv5a/6nlKkeZn+NWx/KCKOLfz7ZfaKpucQ1RbPDQAAbtd32fznqVbzvzR2Lyq3I18bGoyIeyJiZ0TcGxG7IuK+iFrZ+yPigZu01WoeNdSUv3H+mV6+5eBWIJv/PZ+vbS2d/xWzvxjs23S9/GD0J8dPVqYP5e/JcPRvzvJjrSovqnj5l8/btb94/pe9svZrc8GtjUoul+oP6LYUW6Ym5iZWa1J65eOIvaVW8SeNlYAkIvZExN7Oqt5RJE4+8fW+doXaxr8Spc461Er1q6KS+YVoir+Q3Hx9cnRLVKYPjRZXxY1++vnCG+3av634V0F2/geWXv9NJcp/JYvXa2cbO15YaRsXfv2s7XfK0rLxN67/huz635S8VVuzLobmBxNzc2fHIjYlr9XyS7aPXz+2yBfls/iHD7Ye/zvzY7L4H4yI7CLeHxEPRcSB/Nw9HBGPRMTBooEW4/KHlx59t1386+H8T7W8/zWu/8Gl57/zRN+p779t1/7y8Wfn/0gtNZxvqd3/ltG+O8VtNNtybPZW3zcAAAC4m6QRsT2SdKSRTtORkfr/4d8VA2llZnbuyeMz75+Zqv9GYDD60+JJV3nR89CxZCGvsZ4fz58VF/sP58+Nv+jbWsuPTM5UprocO/S6bW3Gf+b3vm73Dlhzq7COBtylmsd/2qV+AHeez3/oXcY/9K4bxr8bAvSMVsP9o6a8tQDYiKrljg/xgBA2DNN96F3GP/Qu4x960u38rn+tEqWb/HpfosuJgYioJSJdF/1ZN4kD62g0lRqje0vcaj1dvjEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACskv8DAAD//8Gk9dU=")
setuid(0xee01)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)

2m46.107943568s ago: executing program 5 (id=154):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x10, &(0x7f00000004c0)={[{@i_version}, {@nodiscard}, {@min_batch_time={'min_batch_time', 0x3d, 0x3ff}}]}, 0x1, 0x3f7, &(0x7f0000003080)="$eJzs3c1uG0UcAPD/bj6bliaVOPBxiQCJSIikSVugEkhEXDjQEz1wJIrdEtVpUGIkWkV8CMQNJBAPAAfgETjCgXeAM3CAShHKgZSb0dq7jhvbaZPadZX8ftLIMztrz6zHs15PZicBHFvTEfFqRAxFxNmImMy3p3mIjxoh229ne3P5v+3N5SRqtTf/SSLJtxWvleSPJ/MXmEkj0k+TeLJDuRs3bl5bqlTK63l6rrr67tzGjZvPr6wuXS1fLV9feOHc+QsXXrq48GLPjnVrNfn8me/f+PPLz0pf/fr3T1NZfU/lea3H0SvTMd18T/a62OvCBmy8JZ4MD7AiAADsK82v/Yfr1/+TMRS7F2+T8cUvA60cAAAA0BO1WvEIAAAAHF2J3/4AAABwxBXzAHa2N5eLMMDpCDxgW4sRMdVo/9t5aOQMN+/pHYkYGe9T+dMR8fr4pYUsRJ/uwwYAAAA4zn5ebCz81z7+l8ZjLfudiIiJYm2/Hprek24f/0lv9bhIWmwtRrwcEbfbxv/SYpepoTz1SH2ocCS5slIpn42I0xExEyNjWXp+nzI+eOraD93yWsf/vvnjrfms/Oxxd4/01vDYnc8pLVWX7ueY2bX1ccQTw53aP2mO/7auk3kYb6/svNItL2v/rL2L0N7+9FPt24hnO/b/3ZVLk/3XZ52rnw/m8rPCWHsZv5/67pNu5bf2/yxk5Rd/C6D/sv4/sX/719fJba7Xu3HwMn7899Jv3fLu3v6dz/+jyeV6BUfzbe8vVavr8xGjSWPLHdt9mpqK96N4v7L2n3m68/d/cf2X5N/9p1vWhz6I1z48c7lbnv4/WFn7lw7U/w8eeWfi8Zlu5d9b/z9fr0zxIq7/7u5eG2jQ9QQAAAAAAACgN9L63L4knW3G03R2tjHP99GYSCtrG9Xnrqy9d73UmAM4FSNpMf9zsmU+6HzjNvJmemFP+lxEnImIrydP1NOzy2uV0qAPHgAAAI6Jk11+/2f+OszNHgAAAMDDaWrQFQAAAAD6zu9/AAAAONLuZ13/Snm9+BdBh3y6iMjhIkP5B+9hqc/RiwzwpAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA/B8AAP//91C79Q==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
chdir(&(0x7f00000001c0)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
lseek(r0, 0xffffffffffffeffd, 0x3)

2m45.372452415s ago: executing program 5 (id=156):
syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000040)='./file0\x00', 0xcc04, &(0x7f0000000880)=ANY=[@ANYBLOB='dots,gid=', @ANYRESHEX=0xee01, @ANYBLOB="2c6e6f646f74732c646f74732c74696d655f6f66667365743d3078303030303030303030303030303264382c646f74732c646f74732c6e6f646f74732c6e6f646f74732c646f74732c646f74732c6e6f646f74732c6e6f646f74732c636865636b3d72656c617865642c666c7573682c64656275672c646f74732c73686f77657865632c6e6f646f74732c6572726f72733d636f6e74696e75652c646f74732c71756965742c003fa5bfd3e968f92d300444698c6f8d94d8b46ce3ce652bc8f6"], 0x1, 0x207, &(0x7f0000000500)="$eJzs3b9uUmEUAPBDS/ljHLqZmJhc46BToz5BjamJkcSkhkG3JnYqEyzA0j6Gr+B7+QCmE4v5DF5uQUoRiRe0/n5LTznfufc73HBh4ZAi9+Xep2g0KrFzGIcxqsR+7EThIgCA22SUUnxNud+vrpaxJQCgZCu8/3/b8JYAgJK9e//hzYtW6+g4yxoRlxf9dr+d/83zr163jp5mP+xPqy77/fbuVf5ZNv/ZYZzfizuT/PO8PrtK1yKiXYsnj/L8OPfybSv7ub4eH0vuHQAAAAAAAAAAAAAAAAAAAAAAtuVBZIWF830ODubzzUk+/29mPtDc/J5q3C/GA0/HA6XzTTQFAAAAAAAAAAAAAAAAAAAA/5jeYHh20umcdqdBPSJmH6kuWHNzUJkceKXF2w92Yr3y5qTNNU5amTxF5TbYXHxxVwmi+rdcnXWD7E8dsF5c5uupZlSWlKc0Dha/CoqxGDeW1yJi+cYeH6/b1yil1Pn8sNsbRFq6eHqPqG/sbgQAAAAAAAAAAAAAAAAAAP+3mW99X9PY3caOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDzeoNh8Sv/w7OTTue02xusHJxHxN345eLiXHvR2F6jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3GrfAwAA//8nTRyq")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_INPUT(r0, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125c7ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb32bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bd6c108fab3591bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2034fae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b8b74e26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd6929bbc2850cd4901389e6ea6e86041e0efa1158f334e7afda0e11c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c6692abb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b29674bfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bcddf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d672250658bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb15ac56438ea331820ae59c8c474e36fc73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4659698549646bd63175adf77b5cdcfe676e1b1a9af15102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4b9f6e46a8ce73eb22ebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f842629049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21bbfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e00686a3ed499cfb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9f058cc048f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002af6a6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b42e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae6644493f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a", 0x1000}}, 0x1006)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x2d41, 0x0)

2m44.32443495s ago: executing program 5 (id=161):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000f000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_exit\x00', r0, 0x0, 0xbe}, 0x18)
newfstatat(0xffffffffffffff9c, &(0x7f0000001580)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r2=>0x0}, 0x0)
setreuid(r2, r2)
fremovexattr(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='s'])

2m43.479439345s ago: executing program 33 (id=161):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000f000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_exit\x00', r0, 0x0, 0xbe}, 0x18)
newfstatat(0xffffffffffffff9c, &(0x7f0000001580)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r2=>0x0}, 0x0)
setreuid(r2, r2)
fremovexattr(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='s'])

28.191934854s ago: executing program 0 (id=1190):
r0 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$kcm(r0, &(0x7f0000001900)={0x0, 0xffffffea, 0x0}, 0x20040005)
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0xfc, 0x0}, 0x30004001)
r1 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)="1400000023000b6c8cfffdfccabb00f90429fc60", 0x14}], 0x1}, 0x2400c000)

27.953428078s ago: executing program 0 (id=1191):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000580)={0x1})

27.645432876s ago: executing program 0 (id=1193):
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000d1", @ANYRES16=0x0, @ANYBLOB="04"], 0x14}}, 0x0)
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000001580)={'vcan0\x00', <r2=>0x0})
sendto$packet(r0, &(0x7f0000000080)="18", 0x10, 0x0, &(0x7f00000000c0)={0x11, 0xe, r2, 0x1, 0x0, 0x6, @multicast}, 0x14)

27.498547854s ago: executing program 0 (id=1196):
rseq(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0xfe98, &(0x7f0000000000)={&(0x7f0000000680)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x1c, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x18, 0x10, 0x3}, @TCA_FQ_FLOW_MAX_RATE={0x2, 0x2}, @TCA_FQ_FLOW_MAX_RATE={0xfffffffffffffd87, 0x7, 0x3}]}}]}, 0x48}}, 0x0)

27.33430712s ago: executing program 0 (id=1199):
syz_mount_image$f2fs(&(0x7f0000000280), &(0x7f0000000040)='./file0\x00', 0x8, &(0x7f0000017400)=ANY=[@ANYBLOB="6a71666d743d76667376312c686561702c616c6c6f635f6d6f64653d64656661756c742c6163746976655f6c6f67733d362c666c7573685f6d657267652c6661756c745f696e6a656374696f6e3d30303030303030303030303030303030303032332c646973636172642c6e6f61636c2c6673796e635f6d6f64653d706f7369782c616c6c6f635f6d6f64653d64656661756c742c6e6f657874656e745f63616368652c6163746976655f6c6f67733d322c6661756c745f747970653d30303030303030303030303031363737373231342c00094d1695eb803de88d68e967a0f7d2cd8b4a53aa2c4d394863aff376cdb4d91991576c665e78ac0d9a7a135af73e88fa79d20e99cf763cb66477c57a4495c07b1141317c84e35f54fcfe8cdc802cc3e7e5710e347372ce7abf486b7aa38d915e96706428b82a2288ed6c16cf6049f87d543c36614d21b7a6e82cfdcef9f1bc29c6a0a96035f511"], 0x1, 0x5505, &(0x7f0000000340)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x10801, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x100)
openat(0xffffffffffffff9c, 0x0, 0x141242, 0x1)
symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')

26.497057131s ago: executing program 0 (id=1202):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_mount_image$fuse(0x0, 0x0, 0x8, &(0x7f0000000280)=ANY=[@ANYRESHEX, @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010024bd7000e8dbdf252100000008000300", @ANYRES32=r2, @ANYBLOB="08009e00"], 0x24}, 0x1, 0x0, 0x0, 0x4014001}, 0x0)

11.413813411s ago: executing program 34 (id=1202):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_mount_image$fuse(0x0, 0x0, 0x8, &(0x7f0000000280)=ANY=[@ANYRESHEX, @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010024bd7000e8dbdf252100000008000300", @ANYRES32=r2, @ANYBLOB="08009e00"], 0x24}, 0x1, 0x0, 0x0, 0x4014001}, 0x0)

3.943258468s ago: executing program 3 (id=1337):
syz_io_uring_setup(0x10d, &(0x7f00000004c0)={0x0, 0x2ad76, 0x0, 0x7, 0x168}, 0x0, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8003, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xff7fff01, 0x6, 0x3, 0x7, 0x7, 0x4, 0x0, 0x7, 0x3c5e, 0x1, 0x24, 0x10, 0x1, 0x0, 0xffffffff, 0xe661, 0xffffebf2, 0x7, 0x3, 0x8, 0x4c74, 0x10000, 0x242, 0x3, 0xb, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x8e, 0x2, 0x106, 0x0, 0x5, 0x2, 0x8, 0x3ff, 0x9, 0x0, 0x8, 0x2006, 0x8, 0x4000074, 0x0, 0xe], [0x10000007, 0x9, 0x8000012f, 0x100, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bf, 0x6, 0x9, 0x384, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x4007, 0x7fff, 0x6, 0x400, 0x401, 0x4, 0x1, 0xff, 0x5, 0x7, 0x5f31, 0xd, 0x4e0, 0x80000002, 0x4, 0xb, 0x4, 0x5662, 0x8, 0x9, 0x6, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0xbc45, 0x48c93690, 0x80, 0x3], [0x7, 0x408, 0x4, 0x5, 0xfffffffe, 0x100, 0x4, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0x80b, 0x4, 0x5, 0x800, 0x0, 0x4d4, 0x5, 0x8, 0x86, 0x3, 0xcc, 0x3e7, 0xb, 0x485, 0x2, 0x6, 0x3, 0x2000000b, 0x4, 0x106d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0x10000ac8, 0xbf, 0x2, 0xffffffff, 0x3, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x7, 0x120000, 0x3, 0x6, 0x712, 0xc, 0x25], [0x9, 0xbb35, 0x7b304120, 0x3ff, 0x5, 0x938, 0x6, 0x6, 0x0, 0x8, 0x82, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0x3f51, 0x4, 0x1, 0xffff, 0xa620, 0x1, 0x5, 0x2000001, 0x2000002, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x4, 0xc8, 0x1, 0xfffff000, 0x9, 0x3, 0x7e, 0x100, 0xa, 0x7, 0xaf, 0x8, 0xa, 0x226, 0x5, 0x5, 0x0, 0x30b1d693, 0xa1f, 0xf40, 0x6, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0x1000d5, 0x200, 0x9, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)

3.667637244s ago: executing program 1 (id=1339):
r0 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f00000006c0)=0x400, 0x4)
setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x7}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)

3.656920976s ago: executing program 3 (id=1340):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r1=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000000100000000000000b703000008000000b7040000000467938e6d05de04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r1, 0x0, <r2=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r0, 0x3ba0, &(0x7f0000000280)={0x48, 0x13, r2, 0x0, r1})

3.433014834s ago: executing program 4 (id=1341):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f000009f840)={0x1, 0x0, [{0x48b, 0x0, 0x8}]})

3.342502905s ago: executing program 3 (id=1342):
capset(&(0x7f0000000380)={0x20080522}, &(0x7f0000000040)={0x200000, 0x200003, 0x3, 0x0, 0x7, 0x400})
mkdir(&(0x7f00000020c0)='./file0\x00', 0x1c8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000001c0), 0x0, &(0x7f00000005c0)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@userxattr}]})

3.094553516s ago: executing program 4 (id=1343):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c0000006800010000000000fbdbdf250200000000000000060007000b0000000c0008"], 0x3c}, 0x1, 0x0, 0x0, 0x4402}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r0, @ANYBLOB="08000100", @ANYRES32=r2], 0x90}}, 0x0)

3.039502326s ago: executing program 6 (id=1344):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r0)
recvmmsg(r0, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x103}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000001b40)=""/153, 0x99}, {&(0x7f0000001c40)=""/4096, 0x1000}], 0x2}, 0x7}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000001980)=[{&(0x7f00000006c0)=""/4096, 0x1000}, {&(0x7f00000016c0)=""/215, 0xd7}, {&(0x7f00000000c0)=""/108, 0x6c}, {&(0x7f0000004c40)=""/4101, 0x1005}, {&(0x7f0000001840)=""/105, 0x69}], 0x5}, 0x80000000}, {{0x0, 0x0, 0x0}, 0x200005}], 0x5, 0x62, 0x0)

2.998231402s ago: executing program 3 (id=1345):
syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000180)='./file1\x00', 0x4040, &(0x7f00000015c0)=ANY=[], 0x2, 0xc2d, &(0x7f00000001c0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir")
setrlimit(0x1, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff})
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f00000000c0)='a', 0x200000c1, 0x404043000)
write$cgroup_subtree(r0, &(0x7f0000000000)={[{0x2b, 'cpu'}]}, 0x5)

2.869062943s ago: executing program 1 (id=1346):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000600)={0x26, 'hash\x00', 0x0, 0x0, 'xcbc(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r1 = accept4(r0, 0x0, 0x0, 0x80000)
sendmmsg$alg(r1, &(0x7f0000003380)=[{0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000540)="829bff9dc4c3a1b74267315836c862b987", 0x11}], 0x1, &(0x7f0000003440)=ANY=[], 0x118, 0x20000004}], 0x1, 0x20004000)

2.769641468s ago: executing program 6 (id=1347):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000400)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000640)='./file0\x00', 0x1004000, &(0x7f0000000cc0)=ANY=[@ANYBLOB="747970653dd88d17102c6e6c733d61736369692c00b65c5e80ee881a8017a99080db5f384bdecc38aad57f2265deb9bc09ceaa37a446dd9779c499df84c71ac5709884f5a46a6157a859efa0011b98ed9e0084e7f30840308a546dfc131f58f11e2885d3d93d1ea670d769ec2f0aa0c9e9bc2dce36eb80f93e9c66e51cd63047e63897ad645ff9e1c43c323948225427a038840483468e20afe97ee11df867f724292017e27da8ee18b36e12ec848a02f157f0c97084870848c3f5103ccfd56e4127491ea8e57c6de2a2684c421731b94b9a8eb0a73852ee4f6b71e76393bd", @ANYRES64, @ANYBLOB="ddfc36c1a86d80c396383ffcc197726f90603a191b7251c97237be8b92a4e2bee79ac5b0a630acc01ff6292ade8efe9a2912e4d5c0a67df08eb1b07fed89a1ed56983cea56d5a14532e0ca6acc7a0c89adaa25f5a6ab6af98d2a5615273b84368fe9a8162067e4931fc69722717bf6fa16ed2b3637b6a2d728ce8e1da3aaf1c1675d818a3346c6ec8521fb5e76a80770c3c036017ab72c5284bf759b76b729d4eaa7a132ebd7f6043c22b32b", @ANYRESOCT], 0x4, 0x5d9, &(0x7f00000010c0)="$eJzs3U9rHOcdB/DvrNZrrQuOktiJ2wYqUvqHitqS1m2TgqlaTNEhlIBfgajlWHitBGlTlByKXfxCUoLeQC+55OCDz+1LEPRYKPRURC8uMzu72tiyLCWWdhV/Pvaz8zx6Zn7zm9/OjHZXAgV4aS3PpfkwRZbn3tsqxzvbne7OdufuoJ/kbJJG9T/NsvvPZOpBMpt+y3eTFHW44ln7ufbF5818ef9Gf9SoW7X+1EHbHc69umWpTnLpBcZ79I3jFcMjLINeHwSfBI+f7z/HuPupY4zNYbT6i+IZz8VMci7JdH0fGJy4jRPM8FhMzAUIAAAAx+iV3exmK+fHnQcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcJvXf/y/q1hj0Z1MM/v5/q/5a6v6p9nDcCQAAAAAAAADAC/CD3exmK+cH48dF9TP/t6vBherxO/k4m1nNRi5nKyvppZeNLCSZGQnU2lrp9TYWDrHl4r5bLp7M8QIAAAAAAADAt9Rfsrz3838AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgERTLVX1TtwqA/k0YzyXSSVrneveQfg/5p9nDcCQAAAMAJeGU3u9nK+cH4cVG953+jet8/nY+znl7W0ks3q7lZfRbQf9ff2NnudHe2O3fL9nTc3/77SGlUEdP/7GH/PV+q1mjn1p1mvc0f82G6uZlGtWXp0iCf/fO6X+ZU/KZ2yMxu1ssiKb5ffxoyGWaqipzJraxVNZqvcyur8erBlTjis/PknhbSGH7yc+EYan6uXpY1n57omi+OnH1vHFyJ5EfX/rt+u7t+5/atzbnJOaSv6clKdEYq8eZLVYn5qhIXh+Pl/D43MpfZvJ+NrOVPWUkvq5nN9aq3Up/P5ePMwZVa+sro/edl0qqfl/5d9Gg5vV1tez5r+UM+zM2s5pdZzNW8k4X8qvp3deQZvniIq75xtKv+hz+tO68lRbu/nBBlXV8dqevoPXemmhv9yl6VXnvx98bm9+rOVFI0hzlNgicrsTBSidcPrsRfH5ePm931Oxu3Vz465P5+Ui/L7xJnn/td4iTr1KrP3v4rla+eHeXc6/vOLVRzF4ZzjafmLg7nnnelturXcE9HWqzm3tx3rlPNXRqZaw/nLg9fbwEw8c797Fyr/a/239uftR+0b7ffm/7d2XfOvtXKmUdnft2cn/px463ib/ksf957/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHx9m598emel213d0NHR0Rl2xn1n4iRc6d396MrmJ5/+fO3uygerH6yud+Z/sfhuZ2Hx3atXbq11V+f7j+NOk2Oyd9GPOxMAAAAAAAAAAACO4iR+nXTcxwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDpsTyX5sMUWZi/PF+Od7Y73bIN+ntrNpI0y+X/kqkHyWz6LTMj4Ypn7efaF5838+X9G3uxGoP1pw7a7nDu1S1LdZJLLzDeo28crxgeYRn0+iA4jNv/AwAA///YHBzc")
r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r1, &(0x7f0000001fc0)=""/184, 0xb8)

2.723923788s ago: executing program 4 (id=1348):
syz_mount_image$exfat(&(0x7f00000005c0), &(0x7f0000000240)='./file0\x00', 0x3800052, &(0x7f0000000600)=ANY=[], 0x1, 0x14fe, &(0x7f0000002180)="$eJzs3Au0ztXWMPA511p/NklPkvuaa/55kssiSXJJSCRJkiS5JSRJkoTEJrckJCH3JPeQ3GIn9/st9yQ5kiQJCUnWN3Q6n/e8nfftnO+c7/V9Z8/fGGvsNff/mfNZa889nv9ljL2/7Ti4av1qlesyM/xT8M9fUgEgBQD6AcA1ABABQKlspbIBDoNMGlP/uTcR/1oPTbvSKxBXkvQ/fZP+p2/S//RN+p++Sf/TN+l/+ib9T9+k/0KkZ1un575WRvod/3PP/0Ge//8/R87//0YOFxvz5fpi13f6B1Kk/+mb9D99k/6nb9L/9E36n75J///NRQCV/pvD0v/0TfovRHp2pZ8/y7iy40r//gkhhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGESB/OhcsMAPxlfqXXJYQQQgghhBBCiH+dkPFKr0AIIYQQQgghhBD/9yEo0GAgggyQEVIgE2SGqyALXA1Z4RpIwLWQDa6D7HA95ICckAtyQx7IC/nAAoEDhhjyQwFIwg1QEG6EQlAYikBR8FAMisNNUAJuhpJwC5SCW6E03AZloCyUg/JwO1SAO6AiVILKcCdUgbugKlSDu6E63AM14F6oCfdBLbgfasMDUAcehLrwENSDh6E+PAIN4FFoCI2gMTSBpv9H+S9CV3gJukF3SIUe0BNehl7QG/pAX+gHr0B/eBUGwGswEAbBYHgdhsAbMBTehGEwHEbAWzASRsFoGANjYRyMh7dhArwDE+FdmASTYQpMhWkwHWbAezATZsFseB/mwAcwF+bBfFgAC+FDWASLIQ0+giXwMSyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVPYBtshx2wE3bBbtgDn8Je+Az2weewH774B/PP/qf8TggIqFChQYMZMAOmYApmxsyYBbNgVsyKCUxgNsyG2TE75sAcmAtzYR7Mg/kwHxISMjLmx/yYxCQWxIJYCAthESyCHj0Wx+JYAm/GklgSS2EpLI2lsQyWxbJYHstjBayAFbEiVsbKWAWrYFWsinfj3XgP1sAaWBNrYi2shbWxNtbBOlgX62I9rIf1sT42wAbYEBtiY2yMTbEpNsNm2BybY0tsia2wFbbG1tgG22BbbIvtsB22x/bYATtgR+yInbAzdsYX8UV8CV/C7lhF9cCe2BN7YS/sg32xL76C/fFVfBVfw4E4CAfj6/g6voFD8QwOw+E4AkdgBTUKR+MYZDUOx+N4nIATcCJOxEk4GSfjVJyG03EGzsCZOAtn4fs4Bz/AD3AezsMFuBAX4iJcjGmYhkvwLC7FZbgcV+BKXIUrcQ2uxTW4HjfgetyEm3ALbsFP8BPcjttxJ+7E3bgbP8VP8TP8DAfiftyPB/AAHsSDeAgP4WE8jEfwCB7Fo3gMj+FxPI4n8CSewpN4Gk/jGTyL5/AcnsfzeAGfz/N1vd2F1w0EdYlRRmVQGVSKSlGZVWaVRWVRWVVWlVAJlU1lU9lVdpVD5VC5VC6VR+VR+VQ+RYoUq1jlV/lVUiVVQVVQFVKFVBFVRHnlVXFVXJVQJVRJVVKVUreq0uo2VUaVVS18eVVeVVAtfUVVSVVWlVUVdZeqqqqpaqq6qq5qqBqqpqqpaqlaqrZ6QNVRPbAPPqQudaa+GoQN1GBsqBqpxqqJegMfU83UUGyuWqiW6gk1HIdha9XMt1FPq7ZqNLZTz6ox+JzqoMZhR/WC6qQ6qy7qRdVVNffdMvz2EaimYi/VW/VRfdVMvEtd6lhV9ZoaqAapwep1tQDfUEPVm2qYGq5GqLfUSDVKjVZj1Fg1To1Xb6sJ6h01Ub2rJqnJaoqaqqap6WqGek/NVLPUbPW+mqM+UHPVPDVfLVAL1YdqkVqs0tRHaon6WC1Vy9RytUKtVKvUarVGrVXr1Hq1QW1Um9RmtUVtVZ+obWq72qF2ql1qt9qjPlV71Wdqn/pc7VdfqAPqT+qg+lIdUl+pw+prdUR9o46qb9Ux9Z06rr5XJ9RJdUr9oE6rH9UZdVadUz+p8+pndUH9oi6qoECjVlproyOdQWfUKTqTzqyv0ln01TqrvkYn9LU6m75OZ9fX6xw6p86lc+s8Oq/Op60m7TTrWOfXBXRS36AL6ht1IV1YF9FFtdfFdHF9ky6hb9Yl9S26lL5Vl9a36TK6rC6ny+vbdQV9h66oK+nK+k5dRd+lq+pq+m5dXd+ja+h7dU19n66l79e19QO6jn5Q19UP6Xr6YV1fP6Ib6Ed1Q91IN9ZNdFP9mG6mH9fNdQvdUj+hW+kndWv9lG6jn9Zt9TO6nX5Wt9fP6Q76ed1Rv6A76c66i/5FX9RBd9PddaruoXvql3Uv3Vv30X11P/2K7q9f1QP0a3qgHqQH69f1EP2GHqrf1MP0cD1Cv6VH6lF6tB6jx+pxerx+W0/Q7+iJ+l09SU/WU/RUPU1P131+qzT778h/52/kD/j13bforfoTvU1v1zv0Tr1L79Z79B69V+/V+/Q+vV/v1wf0AX1QH9SH9CF9WB/WR/QRfVQf1cf0MX1cH9cn9En9k/5Bn9Y/6jP6rD6rf9Ln9Xl94befARg0ymhjTGQymIwmxWQymc1VJou52mQ115iEudZkM9eZ7OZ6k8PkNLlMbpPH5DX5jDVknGETm/ymgEmaG0xBc6MpZAqbIqao8aaYKW5u+qfz/2h9TU1T08w0M81Nc9PStDStTCvT2rQ2bUwb09a0Ne1MO9PetDcdTAfT0XQ0nUwn08V0MV1NV9PNdDOpJtX0NC+bXqa36WP6mn7mFdPf9DcDzAAz0Aw0g81gM8QMMUPNUDPMDDMjzAgz0ow0o81oM9aMNePNeDPBTDATzUQzyUwyU8wUM81MMzPMDDPTzDSzzWwzx8wxc81cM9/MNwvNQrPILDJpJs0sMUvMUrPMLDMrzAqzyqwya8was86sMxvMBrPJbDJLzVaz1Wwz28wOs8PsMrvMHrPH7DV7zT6zz+w3+80Bc8AcNAfNIXPIHDaHzRFzxBw1R80xc8wcN8fNCXPCnDKnzGlz2pwxZ8w5c86cN+fNBXPBXDQXL132RSpSkYlMlCHKEKVEKVHmKHOUJcoSZY2yRokoEWWLskXZo+ujHFHOKFeUO8oT5Y1SwUYUuYijOMofFYiS0Q1RwejGqFBUOCoSFY18VCwqHt0UlYhujkpGt0Sloluj0tFtUZmobFQuKh/dHlWI7ogqRpWiytGdUZXorqhqVC26O6oe3RPViO6Nakb3RbWi+6Pa0QNRnejBqG70UFQvejiqHz0SNYgejRpGjaLGUZOo6b+0fghncj7uu9nuNtX2sD3ty7aX7W372L62n33F9rev2gH2NTvQDrKD7et2iH3DDrVv2mF2uB1h37Ij7Sg72o6xY+04O96+bSfYd+xE+66dZCfbKXaqnWan2xn2PTvTzrKz7ft2jv3AzrXz7Hy7wC60H9pFdrFNsx/ZJfZju9Qus8vtCrvSrrKr7Rq71q6z6+0Gu9FuspvtFrvVfmK32e12h91pd9nddo/91O61n9l99nO7335hD9g/2YP2S3vIfmUP26/tEfuNPWq/tcfsd/a4/d6esCftKfuDPW1/tGfsWXvO/mTP25/tBfuLvWjDpYv7S6d3MmQoA2WgFEqhzJSZslAWykpZKUEJykbZKDtlpxyUg3JRLspDeSgf5aNLmJjyU35KUpIKUkEqRIWoCBUhT56KU3EqQSWoJJWkUlSKSlNpKkNlqByVo9vpdrqD7qBKVInupDvpLrqLqlE1qk7VqQbVoJpUk2pRLapNtakO1aG6VJfqUT2qT/WpATWghtSQGlNjakpNqRk1o+bUnFpSS2pFrag1taY21IbaUltqR+2oPbWnDtSBOlJH6kSdqAt1oa7UlbpRN0qlVOpJPakX9aI+1If6UT/qT/1pAA2ggTSQBtNgGkJDaCgNpWE0nEbQWzSSRtFoGkNjaRyNp/E0gSbQRJpIk2gSTaEpNI2m0QyaQTNpJs2m2TSH5tBcmkvzaT4tpIW0iBZRGqXRElpCS2kpLafltJJW0mpaTWtpLa2n9bSRNtJm2kxbaStto220g3bQLtpFe2gP7aW9tI/20X7aTwfoAB2kg3SIDtFhOkxH6AgdpaN0jI7RcTpOJ+gEnaJTdJpO0xk6Q+foHJ2nn+kC/UIXKVCKU5DZXeWyuKtdVneNS3GZ3KU4AoBLcS6X2+VxeV0+Z10Ol/OvYnLOFXKFXRFX1HlXzBV3N/0uLuPKunKuvLvdVXB3uIq/i6u7e1wNd6+r6e5z1dzdfxXXcve72u4RV8c96uq6Rq6ea+Lqu0dcA/eoa+gaucauiWvlnnSt3VOujXvatXXP/C5e5Ba7tW6dW+82uL3uM3fO/eSOum/defez6+a6u37uFdffveoGuNfcQDfod/EI95Yb6Ua50W6MG+vG/S6e4qa6aW66m+HeczPdrN/FC92Hbo5Lc3PdPDffLfg1vrSmNPeRW+I+dkvdMrfcrXAr3Sq32q3532td4Ta5zW6L2+M+ddvcdrfD7XS73O5f40v72Oc+d/vdF+6I+8YddF+6Q+6YO+y+/jW+tL9j7jt33H3vTriT7pT7wZ12P7oz7uyv+7+09x/cL+6iCw4YWbFmwxFn4Iycwpk4M1/FWfhqzsrXcIKv5Wx8HWfn6zkH5+RcnJvzcF7Ox5aJHTPHnJ8LcJJv4IJ8IxfiwlyEi7LnYlycb+ISfDOX5Fu4FN/Kpfk2LsNluRyX59u5At/BFbkSV+Y7uUoIXJWr8d1cne/hGnwv1+T7uBbfz7X5Aa7DD3Jdfojr8cNcnx/hBvwoN+RG3JibcFN+jJvx49ycW3BLfoJb8ZPcmp/iNvw0t+VnuB0/y+35Oe7Az3NHfoE7cWfuwi9yV36Ju3F3TuUe3JNf5l7cm/twX+7Hr3B/fpUH8Gs8kAfxYH6dh/AbPJTf5GE8nEfwWzySR/FoHsNjeRyP57d5Ar/DE/ldnsSTeQpP5Wk8nWfwezyTZ/Fsfp/n8Ac8l+fxfF7AC/lDXsSLOY0/4iX8MS/lZbycV/BKXsWreQ2v5XW8njfwRt7Em3kLb+VPeBtv5x28k3fxbt7Dn/Je/oz38ee8n7/gA/wnPshf8iH+ig/z13yEv+Gj/C0f4+/4OH/PJ/gkn+If+DT/yGf4LJ/jn/g8/8wX+Be+yIEhxljFOjZxFGeIM8YpcaY4c3xVnCW+Os4aXxMn4mvjbPF1cfb4+jhHnDPOFeeO88R543yxjSl2McdxnD8uECfjG+KC8Y1xobhwXCQuGvu4WFw8vikuEd8cl4xviUvFt8al49viMnHZ+JH7yse3xxXiO+KKcaW4cnxnXCW+K64aV4vvjqvH98Q14nvjmvF9ccn4/rh2/EBcJ34wrhs/FNeLH47rx4/EDeJH44Zxo7hx3CRuGj8WN4sfj5vHLeKW8RNxq/jJuHX8VNwmfjpuGz/zh8dT4x5xz/jl+OU4hHv1/OSC5MLkh8lFycXJtORHySXJj5NLk8uSy5MrkiuTq5Krk2uSa5PrkuuTG5Ibk5uSm5NbkiFUywgevfLaGx/5DD6jT/GZfGZ/lc/ir/ZZ/TU+4a/12fx1Pru/3ufwOX0un9vn8Xl9Pm89eefZxz6/L+CT/gZf0N/oC/nCvogv6r0v5ov7Jr6pb+qb+cd9c9/Ct/RP+Cf8k/5J/5R/yj/t2/pnfDv/rG/vn/Md/PP+ef+C7+Q7+y7+Rd/Vv+S7+e4+1af6nr6n7+V7+T6+j+/n+/n+vr8f4Af4gX6gH+wH+yF+iB/qh/phfpgf4Uf4kX6kH+1H+7F+rB/vx/sJfoKf6Cf6SX6Sn+Kn+Gl+mp/hZ/iZfqaf7Wf7OYXm+Ll+rp/v5/uFfqFf5Bf5NJ/ml/glfqlf6pf75X6lX+lX+9V+rV/r1/v1fqPf6Df7zX6r3+q3+W1+h9/hd/ldfo/f4/f6vX6f3+f3+/3+gD/gD/qD/pD/yh/2X/sj/ht/1H/rj/nv/HH/vT/hT/pT/gd/2v/oz/iz/pz/yZ/3P/sL/hd/0Qc/PvF2YkLincTExLuJSYnJiSmJqYlpiemJGYn3EjMTsxKzE+8n5iQ+SMxNzEvMTyxILEx8mFiUWJxIS3yUWJL4OLE0sSyxPLEisTKxKhFC3m1xyB8KhGS4IRQMN4ZCoXAoEooGH4qF4uGmUCLcHEqGW0KpcGsoHW4LZULZUC48GhqGRqFxaBKahsdCs/B4aB5ahJbhidAqPBlah6dCm/B0aBueCe3Cs6F9eC50CM+HjuGF0Cl0Dl3Ci6FreCl0C91DaugReoaXQ6/QO/QJfUO/8EroH14NA8JrYWAYFAaH18OQ8EYYGt4Mw8LwMCK8FUaGUWF0GBPGhnFhfHg7TAjvhInh3TApTA5TwtQwLUwPM8J7YWaYFWaH98Oc8EGYG+aF+WFBWBg+DIvC4pAWPgpLwsdhaVgWlocVYWVYFVaHNWFtWBfWhw1hY9gUNoctYWv4JGwL28OOsDPsCrvDnvBp2Bs+C/vC52F/+CIcCH8KB8OX4VD4KhwOX4cj4ZtwNHwbjoXvwvHwfTgRToZT4YdwOvwYzoSz4Vz4KZwPP4cL4ZdwUf5mTQghhBDi76L/4HiPv/G9DACgfpv3BICrt+c+/J9rbszx53lvladVAgCe7t7xob+MKlVSU1N/e+1SDVGBeQCQ+Ov6f4mXQUt4EtpACyjxN9fXW3U+z39QP3krQOb/kJMCl+PL9W/+L+o/9sSIRaXjc9n+m/rzAAoVuJyTCS7Hl+uX/C/q52z2B+vP9OV4gOb/IScLXI4v1y8Oj8Mz0OavXimEEEIIIYQQQvxZb1Wu/R/dP1+6P89jLudkhMvxH92fCyGEEEIIIYQQ4sp7rnOXpx5r06ZF+79vgr89F/jHsmQiE5n8fza50p9MQgghhBBCiH+1yxf9V3olQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCFE+vU/8e/ErvQehRBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCiCvtfwUAAP//luw5aQ==")
truncate(&(0x7f0000000280)='./file1\x00', 0x1fefff)
syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x4800, 0x0, 0x0, 0x0, &(0x7f0000000000))
syz_mount_image$ext4(0x0, &(0x7f00000000c0)='./bus/file0\x00', 0x80008, 0x0, 0x0, 0x0, &(0x7f0000000000))
unlink(&(0x7f0000000140)='./file1\x00')

2.594495904s ago: executing program 7 (id=1349):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@s}]}, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18)
r1 = socket$nl_route(0x10, 0x3, 0x0)
connect$netlink(r1, &(0x7f0000000280)=@proc={0x10, 0x0, 0x25dfdbfc, 0x100000}, 0xc)
sendmsg$nl_route(r1, &(0x7f0000000300)={&(0x7f0000000080), 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c00000021000f0000f901000000000002"], 0x1c}}, 0x0)

2.429465731s ago: executing program 4 (id=1350):
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xc3490000)
socket$key(0xf, 0x3, 0x2)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$EBT_SO_GET_INIT_INFO(r0, 0x0, 0x82, &(0x7f00000000c0)={'nat\x00', 0x0, 0x0, 0x0, [0xf1, 0xfffffffb, 0x7, 0xfee, 0x3, 0x3]}, &(0x7f0000000340)=0x78)

2.380445686s ago: executing program 1 (id=1351):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x256c, 0x6d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x5, "17321748"}]}}, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000200)={0x24, 0x0, &(0x7f00000004c0)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0)

2.296683652s ago: executing program 6 (id=1352):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000000c0)='sys_exit\x00', r0}, 0x18)
r1 = epoll_create(0x2040)
epoll_pwait(r1, &(0x7f0000000140)=[{}], 0x1, 0x0, &(0x7f0000000180), 0x8)

2.274164955s ago: executing program 3 (id=1353):
sendmmsg$alg(0xffffffffffffffff, &(0x7f00000036c0)=[{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000140)="807be115ca08ffd11047fdc6aeadce1964f409a53189d92262d31ecccc26989e1f3bfbb54c66ba64cc5c0508a87021cde474acf48098a99e3435469f7ab0d0a2b4b3a2c7c963305aad7bcc6c3f", 0x4d}], 0x1, 0x0, 0x0, 0x4}], 0x1, 0x40000)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r0, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000140)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1a}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f900f5", 0x18, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@fastopen={0x1e, 0x2}]}}}}}}}}, 0x0)

2.204397224s ago: executing program 7 (id=1354):
setsockopt$MRT_ADD_MFC(0xffffffffffffffff, 0x0, 0x5, &(0x7f0000000000)={@rand_addr=0x64010102, @private=0x2000000, 0xfff9, "66c5aff8a7eb3af1f6cec2e74200", 0x4, 0x0, 0x7e}, 0x3c)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000000), 0xd)

2.049981305s ago: executing program 6 (id=1355):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4)
sendmmsg(r0, &(0x7f0000000940)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000200)="ad42", 0x2}], 0x1, &(0x7f0000000d40)=[{0x10, 0x1, 0x13}], 0x10}}], 0x2, 0x4000854)

2.035712569s ago: executing program 3 (id=1356):
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x8, &(0x7f0000005880)=ANY=[@ANYBLOB="6e6f646973636172642c6e6f636865636b706f696e745f6d657267652c616c6c6f635f6d6f64653d64656661756c742c6163746976655f6c6f67733d362c666c7573685f6d657267652c6661756c745f696e6a656374696f6e3d30303030303030303030303030303030303032332c646973636172642c6e6f61636c2c6673796e635f6d6f64653d706f7369782c616c6c6f635f6d6f64653d64656661756c742c6e6f657874656e745f63616368652c6163746976655f6c6f67733d322c6661756c745f747970653d30303030303030303030303031363737373231342c0071b1a3325f83482c0961b0e88944923b0c039b5713440e8bfe9b03cd735839577bdc2206c94f19915532121069d31d5b837bfe566213ca848679685540de5aa794f2bdf4daf374cc29c1f1f12dab5e09560694bda1b83f5d21c821f71fdafb606c829fa1b4d0ab1c7c2dd217dcca946abf1257c4b6cf95ae6b5dcaf73d49491efb2e9918a381568b5a081baddf1cbb01ccbb81b50c7c81028797700195adf5fd02a28c78066133dd0cb0014f44eafea1ab502d2192e8ce9f607d392a23940fc95a5a4867f40ad2335db9a6af219433f7fda740407bf1685b1672a903a2ec8019c0000000000000000000"], 0x1, 0x5505, &(0x7f0000000340)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x103042, 0x0)
write$FUSE_DIRENT(r0, &(0x7f0000000200)={0x10}, 0x10)
renameat2(0xffffffffffffff9c, &(0x7f0000000580)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./bus\x00', 0x0)

1.971475268s ago: executing program 7 (id=1357):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000001080)=0x8)
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000100)={r2, 0xfe01, 0x20, 0x9, 0x9}, &(0x7f0000000140)=0x18)

1.849382965s ago: executing program 6 (id=1358):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x5, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000100), 0x6)
recvmmsg(r0, &(0x7f0000000580)=[{{&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000100)=""/230, 0xe6}, {&(0x7f0000000240)=""/200, 0xc8}, {&(0x7f0000000340)=""/175, 0xaf}, {&(0x7f0000000400)=""/53, 0x35}, {&(0x7f0000000440)=""/119, 0x77}], 0x5, &(0x7f0000000540)=""/55, 0x37}}], 0x400000000000222, 0x12142, 0x0)

1.719433545s ago: executing program 7 (id=1359):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0x5885, 0x100, 0x0, 0xffeffc03}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x40, 0x0, r0, 0x32, &(0x7f00000000c0)=@un=@abs={0x1, 0x0, 0x4e20}})
io_uring_enter(r1, 0x3516, 0x483, 0x0, 0x0, 0x0)

1.707538839s ago: executing program 6 (id=1360):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f00000001c0)={[{@treelog}, {@nodatacow}, {@max_inline={'max_inline', 0x3d, [0x6d, 0x33, 0x78, 0x39, 0x65, 0x36]}}, {@space_cache}, {@nodatasum}, {@nobarrier}, {@flushoncommit}, {@noautodefrag}, {@ref_verify}, {@noenospc_debug}, {@clear_cache}, {@commit={'commit', 0x3d, 0x3}}, {@ssd}, {@nobarrier}, {@max_inline={'max_inline', 0x3d, [0x38, 0x36, 0x38, 0x35, 0x32, 0x25]}}]}, 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
pwrite64(r0, &(0x7f0000000000)='2', 0x1, 0x4fed0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
fallocate(r1, 0x0, 0x0, 0x8000c62)

1.21945805s ago: executing program 7 (id=1361):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
bind$bt_l2cap(r1, &(0x7f0000000200)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x0, 0x2}, 0xe)
bind$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x0, 0x2}, 0xe)
connect$unix(0xffffffffffffffff, 0x0, 0x0)

908.712929ms ago: executing program 7 (id=1362):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x4e20, @rand_addr=0x64010100}]}, &(0x7f00000002c0)=0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f00000004c0)=0x27)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000000)={0x7, 0x800, 0x2, 0x4, 0x7, 0xca, 0xfff, 0x1, r2}, 0x20)

462.500253ms ago: executing program 4 (id=1363):
r0 = open(&(0x7f0000000280)='.\x00', 0x20000, 0x0)
fcntl$notify(r0, 0x402, 0x5)
r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r1, 0x402, 0x8000001f)
creat(&(0x7f0000000080)='./file0\x00', 0x86)

370.150852ms ago: executing program 1 (id=1364):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x22803)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port1\x00', 0xf3, 0x1b1c07, 0xfffffffa, 0x0, 0xffffffff, 0x400, 0x0, 0x0, 0x0, 0x8})
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0), 0x80d02, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0x40a85323, &(0x7f0000000000)={{0x80}, 'port0\x00', 0x0, 0x849})
dup3(r0, r1, 0x0)

212.935055ms ago: executing program 4 (id=1365):
bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0)
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000080)=@req3={0x8000, 0x200, 0x80, 0x20000, 0x0, 0x0, 0x8}, 0x1c)
mmap(&(0x7f0000000000/0x400000)=nil, 0x1400000, 0x0, 0xc3072, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000568000/0x2000)=nil, 0x1000000, 0x0, 0x11, r0, 0x0)

185.546255ms ago: executing program 1 (id=1366):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x1a6c42)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000001ac0)={r0, 0x2000, {0x0, 0x0, 0x0, 0x1, 0x140000, 0x0, 0x0, 0x1e, 0x1c, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200"}})
r2 = dup(r1)
write$UHID_INPUT(r2, &(0x7f0000001c00)={0x8, {"b0476b76ba5d044f65271519727e4ff1ff0d12c0e6bdf3ea1f52e24f60ca698457b32832b83d7e96694c1feb5809bd67002f71e0b97c0d5270c04ffa64f63b2e18ee4b7b572fe2f4d03cad38bcd106ff12f53b443ac6fc81da518f54b9004a44859529c07a2b1b8feddc0180a0f37b13babba1dd0813b7ea56dac4b7ffe9a2ef54221439ecc55223ef2d40f4ba8108c10387ddffbaed25d41e7692bf26ddfa747a666caff49843e38c86cac7323f784a17df6beaa49c3f4a98fb4013f4e573e2ef77b0965d4bfbdf7d5eada69406ca93f422495e00addfca1518085a40f10284ff59388ecf476a12ef1a540163922098d600519ae8cf3ef544344e9d968f341af618503b455f3976b76975270e94d714302382c63de5b7c1fad1fa373b369916cb3b4d583a9ebbaeb262884d25a0e1d9fb141de60df7e64cb38b6f7167991f8fba06bffe2d49133bbb462cd8a9493177eee5f03875b15c7a92c3cd6a3fdfc64f236e14fa05a0e8d3c45f13eecd22e13528c74186dc50e0e2af44177e26bded1161e5533375508dadb83db5126cc810f4e30d4e24ec12c3b99e5220aacf42c58f2960bd43c337dbd318aeeb5c9a6cd5ffd3bf1497bb48ab7bcb32c9c33c9f5b9bc4645b96f23f9e0d826b780030444ffb925f55df587ef5ca5ea74ccd66afc7981da496d6f037efbb0b08f3f5078c60ffb4db18d1b59996bd9b1513442785bf4ece8587b39d8176dc9c735d5ea25133b2053bba227b81faab7220326f8814a9df4eba4ecc6acdd82f70b653b56a18cc9dfa4deb0a112c797ab89a51a103c3a9085d828523370c4d79d9484f4dc910735a2c9b5b85197cd9c073df7a54b40df8e1bf595bab957900c2a1a7dc40e88ed0c55c362ffbb7f88a0725a6ae73b936a639e951faf9c45ae74a2ece2f6f88e425ee41d2c60cb083a2fd6d07381908a7f629e32f89a553cf0794f54b8bdc7bd541d88464a4f80ac0b8b625a803a55de4b05a95fc7f8fc3d6d79858ccb269b7b8b21657654164a9aa29f4e8462377e9d234a41ea69841a4aaa1e5f89f9b074f6f71cb1ffaa450c3160b0e319ec81ad30101db66218b0c69f97c234465dc45849fcfd62d396f2b50ddcc0ed7dd8651431534232ab6d1186d7760770a1fc6c77553a79d0297194f794997ee47781094a76d9dccf632dcbb527b3e68950d9bb534245c7f08ae1d6ef2750292ae28e5e6dcfe2a69737dd7a1e453f3902ae90789e98c212905422099904d3bfb949bde187682a59c01aa8e6a9972a63d6aaef4d4139b10a24e063707f1aba79bd59e3f9709a873dff401d1f356c4be5e449ae0e2633a1fe50ed367fe56b0499957c3b6cabb42256547995ea998f3937d153897d1c83f1ad922d6835bdfa3b986dc6f4bd927a4ca13fbaa99b7b43758e2329d588f40fac718b16cca855468643f3818496b4915fe9a2bdd3e68889fea24bc1dfa6287a801d49a7bb84654147448550d2919e4df3a943a88cf616befea4e7a4fddb7969311c6837f9529966241be1e57ed2d773debc542986d09866905a3f63b6e1820086d52a70f039154e839da7ea852c33bf3722a048f61bbf068519e050b8788370fb130a42e9f5322dfff65b15d588f9e926b70e4530e8b66697cabb1e8514831431fa0eaecb49f9613ed5fd7bc50f897bda36d24d4296e143e2480e325ec09a77c03a07b4f86eb703085313ebeee94ef5b1cde3f6a7efd785772eb4034039f598c07819b769416a223fab824c4ac50086e78042a1ccf47b6c7ede8540cded4bd4c920ce6c2b7493a5634c5e96bb761373623ab473b121d555bfd5a8bc3f5c5418bed83ffd0d6492840550fccc0c35746370396d0190b7b1d2cadcc150877e0d197f692f97cec790c95e3d3959dc7c68aca37306c1bc13ad33848395dba5e3c9ce8090bc0e7e8312091773641be56411921e3d473321c6d8bd10b7d3f5aedd6620bcaa06474bbb298bc77297b8b5dcb9e6b33dbe676460cca825609857724cee245306d07fda287d5fe57c424c27cf9b6cf0f16d2c6a8071bd57c826d7371841cf43dab1b42421ce416d0d3a9c80bc807d2e6761e53f06b3e63c0af1b4548d820118421205f040f4ab35307871e4c7a21ff28082c29e02e89486064661898c0eb1811c70a6124c1f25d62c38794a3e87c312c870db7b60d0df8b57860c94d1a9c561b327fae3a68ce9ff4551e418eb00766f0341c5e796e3cbbbe6b4864928b966110256d5475eb1fd7b2893b60e19e859baaf23c9233a1b064771671ee2d07c151e2e99c37a116a338788052a726a8519b8335e9ff4f71d00ab634543c20ddea1bf57d4f2b797182ff19618b6974d2b69d9f052934d527a1830bf2785842f35eaf32b65b7c9fdd6f0c41756072a59c0cce0b7305740729f1daa14e0092da9d022321b726d658fcef55affa2bbf36ad788f1f423b7dfd328435b4d5df315143d8b8028ba4bea6134a3dc9720c73d5e66b8b8168752eea6b78c75f04efd9677dbe419f13f5e1c9764276a83821b710307d8f85359b34d038ff17de45e8739d4b647fd1a8d794a3273d922af3374f5d3c75b8345b9dfdabb2c0418a358921e0e73d0fe88caab1741b913673e22ff4b59afa0f653a423d9b2bb20cbf07951a349eea18a891b4f4dc6df8e42a6181284f643de5fd2924ae54f672a1920343476c67333e1e8205bf4877b1251a83f417936714edb1c6975ba7969d2fcc2e69024a4669ac2f998116ade1bd84568b8f3f1fccbe95df9ed21db77315b7469f30bfae418415d9cb5aeea627ba6811e30d56d4f4bfe5f794ea4243e3cdfad3ef55199699b8433083b6f72f95effc5f2f613cfcefaf0b94e801ebcb7095a1474ee93142b82c9bf9886617b6bf69d08c83c76cd21d4cce5872d99de8e54bbff915ab923b2d24bb3aa178dd50b44fd0eb880ef33ca51d4bf5f0fbc8ffe18afe4245397f277e4efad955baa10cf56613481253d69c02e7661714b68be0fd64f29bdafbc8b4a0b30bd6709c67fe8e8915d0479b3902b1d0169fb5486b02e966ad5d8a2bcf42ecba59177cd85e17239667f6b045d1f873ce24733ae17e2d8432709062e786a32ac925121f1b0d46c66d4fb9088f4aa0cfe2149f6c2cb5b75d45349bc88fbd47e01ea07e7cd573335aab8d389846566800dd084bc3caa95f7632719c651f2d33be0fb56347c063b3c6e3e75c5e58caeb4c37574859b78c1ed018fbeed788a4305a9ee1c1ef65a0c83a7cd717a8c08ecd4e86370ffffd6d40a89a0b1e8c15a10ad5406e867e49319ad83bfbb925d5e240b4bd44fd751e7510d5ea03a6cab95f37155d1fd69aaea1db4a1f53714eb90e669209cf634f84a50c85bdc51838ebbb545b4387790df67f0122740c2abc910cf83230394172a56c9ffda6675bb8bb39846730a1bf764aeb92407c90a194da880cb8a4efb5b57a8311d864209c7fd226b93582b6b11eec559abfbba653c0569c219d3a2e60555cb739f9d32d564f23c4e98be78aa553610822af426f961df0df2185c61ccaa22b2a6aa6fb3e917bdfb2be9c3ffb8a50821321119c4cf4917db39548abc17bfba267fa50f6af15c560a21055f967f1ca6f656ddb556f9c7e17a771eeef7e80940d1c14ddf2c27647686fd0526460036aeea395fb10abef2be2ea96c9bb380370c08d1568d30eea0f3e6b7cf8f7edc7b36d4d0affd249330707b54ee620f208d885791171eb67a25a80fcc6922e0258c9673b6576564949dfa5bed9a0299bf952aade654de16e22d54fcd391ded6adab94ff621efcd91ef69acf8dfa1b22692ba3e49cd1d3fbed6db1402065ab37e457056877977ebac33ef566f28a19b9acb67a9cc53feb156814e880b3dd5a9119ffdbc5a45c20ea375f2882575b9a28740eebf63f2895d9ffac1ec33cbdcdede98a201424d000df1efd64dd7268cc1b2366ccfb09754822dafdb1821de5e6ebee09608e82e679fafb7a5100172f26998d31d7f27c2b310f0372c3b5e888f8e6efb56074177bf6a2a5bbd9ed070ad5aaf23ce144d1ac86cad110e5916a8a57e1e7fc3d37353f84f2f6d43d92ab8b35040467f3f8b1d23fac021bbac3710edc8e2e26d794db38e48020f63e94d4b4dca3e015537a8e3008274d55f81af931a0faf1a438444b6a0489b93f7b88f81f761eae0f82e60cb0cf2745ca8c9e30d3cc189c1405b1994ed71b00d90ea7a94102916cdc915620c363d04e51eabaaca6c2814a7c1e7aaeec80bdc13135b813e6d0eea83446a5c57ec29695c302c0d8da65b61fe8ada51a36e1aff34d449f9eb70cb94931226121ab121a971c2fc070ca84272d122c1696f52fbd5ed06783abe188dcf133c4d41e10295f6ffda69fa8c5a7c0fec3425a2d60523a60d280b5ce34eac5911268172e772fefba63a6f5c6dafa9e500a5e1355fb614613f8fc1ef5e5466fa19212bcdc349a865f4cee6ea80b11a410bb6e4ad677393973e38621d25ff6c4876ef8a8d2ba651be4a78d2ba9fafadcea8eff9cca3f4ab71a0b84917794e521220dad099ac8aaf32abd162348879e4299e4d46395f9d55267b635e18ca2e2fc96146b96c8a8055130b8d8cb10cc31382df34057bd8637f86e48adc854af408226752a04df8d0362db263e0959f2bd7e8a4d33a8c4b257e19d308280baf40cced1b3cd3a86ee22df0da49d750539eee1104e99a9f8a065e5499c73125a8a8430eda7aee156821a97c237611b50f682a2cccd0969304f0a50ae98800dfb32ee1bcfeab98182c34a51e67fa5bd738c22c44fc1269ce73f464edd2f31296e92e62df51cf55798ae2e3c33c57b09f4ecd13469122095a3563f95f0a04cf58dcea4aed5e8bdda7617863cbc37a97ebadb46d679f7e30014d96d0ac7ce9484368fa5fd19cbc3d139410a2bd7ffacef1bdf76dd1d5f34d2392fcb91c7585fc1ae7d8ba2aa8ded9645d5a5e76e2279b6e0692101137da946dfbd3836476f5dad7fed70115d716dce87b5ad755e5653a709f5aa42265ec9657ed406cc9256af3628c0116b8e1d23306983e9adbc19dec354870c98e2e76566895df933a80c4c36b617db4bbda1a4ca7d6c80a43734471fc92d0bdeacfc125dddd73febd8f7ef84f221d52ae71372cee802d59013a15958e850f8fdf46d8fd3b874633daf3b1f346470456c05722258480959dd6afcffa1f3f2ca033011339c5cb85b7d1c9b5916fb8dc9c2783df64eb5cca5af83a74fe5bb259f93722842eb4ac851e71f3cfd67a39590e7f8e20f018744b9277e6eb46b5f211df5f767ef29dc9a972e14c40ea2d4624f187f301c1116d3a61adeb5c6f7ccc021ac5e18d8b40d7f1f19daf4445c06e72db8701c267c0144c92cddd49af7a87aca5aa05d0e380dd27cc780d2f7db3bef26cc4fd358543e19d73179b879f7bdc702ab405270c93a3ed64153e20b5b663773a2ad4e8e3e1e8eaf39ec80d75d02f74ff94f0e095240a564eeece4fc9bcf19bf2243c700e1dae14a1b0217013977bfa05f681abc37714fe462d0a632044ce52fdaa1c1a806b1eb4370e23ca0247e536165aa9f1c2af8adfea369ee1f4a2c7823a7baef028a1e77501db48db6aa0d7e30969f7197368db02d443803b53b2899315f7e2ba9c5ae952a3866b4ea60f3d669e0a91f7ef640cd938646bf8822fe455f0302fccf87c7fad6daf38fde038fa596b83a9fd5bf675669a6cb2bab44c6617f07950bf34edb93bbcb4174630f275dbda7a0631c4b456e5f80eb6258c1874e77d426743e478917fe44b73dc203baa2cc442b84b5818409abae99d97a28754969bd393df", 0x1000}}, 0xfffffe38)

0s ago: executing program 1 (id=1367):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0)
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMUNATTACH(r1, 0x89e1, &(0x7f0000000340))

kernel console output (not intermixed with test programs):

fs error (device loop1): mb_free_blocks:1948: group 0, inode 18: block 369:freeing already freed block (bit 23); block bitmap corrupt.
[  218.734581][ T6765] BTRFS info (device loop6): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  218.792724][   T10] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  218.876333][ T5845] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  218.956037][   T10] usb 4-1: Using ep0 maxpacket: 32
[  218.977473][   T10] usb 4-1: config index 0 descriptor too short (expected 35577, got 27)
[  219.003269][   T10] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  219.022162][   T10] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92
[  219.052419][   T10] usb 4-1: config 1 has no interface number 0
[  219.069649][   T10] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  219.108208][   T10] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  219.144144][   T10] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  219.182200][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  219.217711][   T10] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found
[  219.242558][ T8911] loop0: detected capacity change from 0 to 32768
[  219.261621][ T8911] ocfs2: Slot 0 on device (7,0) was already allocated to this node!
[  219.337703][ T8911] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  219.419369][   T10] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now attached
[  219.578655][ T5860] ocfs2: Unmounting device (7,0) on (node local)
[  219.599410][ T8919] loop4: detected capacity change from 0 to 32768
[  219.795084][ T8919] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  219.795115][ T8919]   allowing incompatible features above 0.0: (unknown version)
[  219.795128][ T8919]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  219.854655][   T10] usb 4-1: USB disconnect, device number 9
[  219.893788][   T10] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected
[  219.951647][ T8919] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0
[  219.964748][ T8919] bcachefs (loop4): initializing new filesystem
[  220.030920][ T8919] bcachefs (loop4): going read-write
[  220.116914][   T30] audit: type=1326 audit(1752659773.204:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8945 comm="syz.0.810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c6558e929 code=0x7ffc0000
[  220.131656][ T8947] netlink: 'syz.6.814': attribute type 12 has an invalid length.
[  220.149713][ T8947] netlink: 'syz.6.814': attribute type 29 has an invalid length.
[  220.167184][ T8947] netlink: 148 bytes leftover after parsing attributes in process `syz.6.814'.
[  220.183926][   T30] audit: type=1326 audit(1752659773.234:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8945 comm="syz.0.810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c6558e929 code=0x7ffc0000
[  220.196175][ T8947] netlink: 'syz.6.814': attribute type 1 has an invalid length.
[  220.231560][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!!
[  220.249155][   T30] audit: type=1326 audit(1752659773.254:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8945 comm="syz.0.810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f9c6558e929 code=0x7ffc0000
[  220.299610][ T8919] bcachefs (loop4): initializing freespace
[  220.344515][   T30] audit: type=1326 audit(1752659773.304:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8945 comm="syz.0.810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c6558e929 code=0x7ffc0000
[  220.367776][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  220.377935][   T30] audit: type=1326 audit(1752659773.304:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8945 comm="syz.0.810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c6558e929 code=0x7ffc0000
[  220.435895][   T30] audit: type=1326 audit(1752659773.304:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8945 comm="syz.0.810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f9c6558e929 code=0x7ffc0000
[  220.464388][   T30] audit: type=1326 audit(1752659773.304:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8945 comm="syz.0.810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c6558e929 code=0x7ffc0000
[  220.494816][   T30] audit: type=1326 audit(1752659773.304:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8945 comm="syz.0.810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c6558e929 code=0x7ffc0000
[  220.537122][   T30] audit: type=1326 audit(1752659773.304:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8945 comm="syz.0.810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f9c6558e929 code=0x7ffc0000
[  220.560778][   T30] audit: type=1326 audit(1752659773.304:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8945 comm="syz.0.810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9c6552ab19 code=0x7ffc0000
[  220.752957][ T8951] loop3: detected capacity change from 0 to 2048
[  220.865584][ T8951] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  221.010445][ T8919] syz.4.809 (8919) used greatest stack depth: 15000 bytes left
[  221.124034][ T5847] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  221.208755][ T5844] bcachefs (loop4): clean shutdown complete, journal seq 8
[  221.481764][ T8952] loop6: detected capacity change from 0 to 32768
[  221.563077][ T5925] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  221.734423][ T5925] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  221.745727][ T5925] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  221.755595][ T5925] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  221.768628][ T5925] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  221.777823][ T5925] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  221.789324][ T5925] usb 4-1: config 0 descriptor??
[  221.996765][ T8952] bcachefs (loop6): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,erasure_code,recovery_pass_last=initialize_subvolumes,nojournal_transaction_names,read_only,reconstruct_alloc
[  221.996796][ T8952]   allowing incompatible features above 0.0: (unknown version)
[  221.996809][ T8952]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  222.050296][ T8952] bcachefs (loop6): Using encoding defined by superblock: utf8-12.1.0
[  222.082803][ T8952] bcachefs (loop6): invalid journal entry, version=1.7: mi_btree_bitmap type=usage in superblock: invalid journal entry usage: bad size, fixing
[  222.104102][ T8952] bcachefs (loop6): recovering from clean shutdown, journal seq 10
[  222.114902][ T8952] bcachefs (loop6): Version upgrade required:
[  222.114902][ T8952] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  222.114902][ T8952] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive
[  222.114902][ T8952]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance
[  222.229535][ T8952] bcachefs (loop6): dropping and reconstructing all alloc info
[  222.274562][ T5925] plantronics 0003:047F:FFFF.000C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  222.308696][ T8952] bcachefs (loop6): accounting_read... done
[  222.319577][ T8952] bcachefs (loop6): alloc_read... done
[  222.336225][ T8952] bcachefs (loop6): Fixed errors, running fsck a second time to verify fs is clean
[  222.389177][ T8952] bcachefs (loop6): inode 536870912:4294967295 has wrong backpointer:
[  222.389223][ T8952]   got       4330382808765833931:0
[  222.389234][ T8952]   should be 4096:4330382808765833931, fixing
[  222.440386][ T8976] loop4: detected capacity change from 0 to 1024
[  222.461249][ T8976] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  222.525418][ T5940] usb 4-1: USB disconnect, device number 10
[  222.590753][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  222.657534][ T8976] EXT4-fs error (device loop4): mb_free_blocks:1948: group 0, inode 15: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[  223.073015][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  223.185172][ T5844] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  223.233317][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  223.241587][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  223.403454][ T8985] loop3: detected capacity change from 0 to 512
[  223.411771][ T8985] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  223.485039][ T8985] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  223.503759][ T8974] loop1: detected capacity change from 0 to 32768
[  223.554168][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!!
[  223.590296][ T8985] ext4 filesystem being mounted at /159/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  224.097804][ T5847] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  224.128750][ T8987] loop4: detected capacity change from 0 to 32768
[  224.232601][ T8987] XFS (loop4): DAX unsupported by block device. Turning off DAX.
[  224.256589][ T8987] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  224.513788][ T8987] XFS (loop4): Ending clean mount
[  224.549063][ T8987] XFS (loop4): Quotacheck needed: Please wait.
[  224.688051][ T9010] loop3: detected capacity change from 0 to 512
[  224.745090][ T8987] XFS (loop4): Quotacheck: Done.
[  224.776723][ T9010] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  224.854759][ T9010] EXT4-fs (loop3): 1 truncate cleaned up
[  224.881725][ T9010] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  225.279744][ T9001] loop1: detected capacity change from 0 to 32768
[  225.285029][ T5844] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  225.335307][ T9025] loop6: detected capacity change from 0 to 1024
[  225.405075][ T9025] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  225.436526][   T30] kauditd_printk_skb: 583 callbacks suppressed
[  225.436543][   T30] audit: type=1800 audit(1752659778.524:708): pid=9025 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.837" name="file1" dev="loop6" ino=15 res=0 errno=0
[  225.625658][ T9025] EXT4-fs error (device loop6): mb_free_blocks:1948: group 0, inode 15: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[  225.724574][ T9023] loop0: detected capacity change from 0 to 32768
[  225.748630][ T9001] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  225.748659][ T9001]   allowing incompatible features above 0.0: (unknown version)
[  225.748673][ T9001]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  225.803379][ T9023] ocfs2: Slot 0 on device (7,0) was already allocated to this node!
[  225.808377][ T5847] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  225.853199][ T9001] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0
[  225.887848][ T9001] bcachefs (loop1): initializing new filesystem
[  225.896798][ T6765] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  225.897140][ T9023] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  225.947340][ T9023] overlayfs: upper fs does not support tmpfile.
[  225.989028][ T9023] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  226.035061][ T9023] overlayfs: failed to set xattr on upper
[  226.039780][ T9001] bcachefs (loop1): going read-write
[  226.040925][ T9023] overlayfs: ...falling back to redirect_dir=nofollow.
[  226.040951][ T9023] overlayfs: ...falling back to index=off.
[  226.117769][ T9023] overlayfs: ...falling back to uuid=null.
[  226.147006][ T9023] overlayfs: upper fs missing required features.
[  226.211168][ T9001] bcachefs (loop1): initializing freespace
[  226.347857][ T5860] ocfs2: Unmounting device (7,0) on (node local)
[  226.676545][ T5845] bcachefs (loop1): clean shutdown complete, journal seq 8
[  226.921109][ T9052] loop6: detected capacity change from 0 to 40427
[  226.932582][ T9052] F2FS-fs (loop6): invalid crc value
[  226.997485][ T9052] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  227.013673][ T9052] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  227.031632][ T9062] f2fs_ckpt-7:6: attempt to access beyond end of device
[  227.031632][ T9062] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  227.050068][ T9062] CPU: 0 UID: 0 PID: 9062 Comm: f2fs_ckpt-7:6 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) 
[  227.050096][ T9062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  227.050109][ T9062] Call Trace:
[  227.050117][ T9062]  <TASK>
[  227.050126][ T9062]  dump_stack_lvl+0x189/0x250
[  227.050159][ T9062]  ? __pfx_dump_stack_lvl+0x10/0x10
[  227.050183][ T9062]  ? __pfx_queue_work_on+0x10/0x10
[  227.050216][ T9062]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  227.050240][ T9062]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  227.050279][ T9062]  f2fs_handle_critical_error+0x37c/0x540
[  227.050310][ T9062]  f2fs_write_end_io+0x886/0xb60
[  227.050360][ T9062]  __submit_merged_bio+0x27a/0x6a0
[  227.050391][ T9062]  __submit_merged_write_cond+0x255/0x530
[  227.050423][ T9062]  f2fs_write_data_pages+0x261d/0x3000
[  227.050491][ T9062]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  227.050622][ T9062]  ? __lock_acquire+0xab9/0xd20
[  227.050663][ T9062]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  227.050689][ T9062]  do_writepages+0x32e/0x550
[  227.050729][ T9062]  ? do_raw_spin_unlock+0x122/0x240
[  227.050761][ T9062]  filemap_fdatawrite+0x199/0x240
[  227.050788][ T9062]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  227.050876][ T9062]  ? do_raw_spin_unlock+0x122/0x240
[  227.050909][ T9062]  f2fs_sync_dirty_inodes+0x31f/0x830
[  227.050952][ T9062]  f2fs_write_checkpoint+0x95a/0x1df0
[  227.051011][ T9062]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  227.051087][ T9062]  ? down_write+0x162/0x1f0
[  227.051116][ T9062]  ? __pfx_down_write+0x10/0x10
[  227.051145][ T9062]  ? __pfx___schedule+0x10/0x10
[  227.051179][ T9062]  __checkpoint_and_complete_reqs+0xd9/0x3b0
[  227.051219][ T9062]  ? __pfx___checkpoint_and_complete_reqs+0x10/0x10
[  227.051263][ T9062]  issue_checkpoint_thread+0xd9/0x260
[  227.051286][ T9062]  ? __pfx_issue_checkpoint_thread+0x10/0x10
[  227.051306][ T9062]  ? __pfx_autoremove_wake_function+0x10/0x10
[  227.051327][ T9062]  ? __kthread_parkme+0x7b/0x200
[  227.051344][ T9062]  ? __kthread_parkme+0x1a1/0x200
[  227.051366][ T9062]  kthread+0x70e/0x8a0
[  227.051393][ T9062]  ? __pfx_issue_checkpoint_thread+0x10/0x10
[  227.051412][ T9062]  ? __pfx_kthread+0x10/0x10
[  227.051451][ T9062]  ? _raw_spin_unlock_irq+0x23/0x50
[  227.051468][ T9062]  ? lockdep_hardirqs_on+0x9c/0x150
[  227.051485][ T9062]  ? __pfx_kthread+0x10/0x10
[  227.051505][ T9062]  ret_from_fork+0x3f9/0x770
[  227.051523][ T9062]  ? __pfx_ret_from_fork+0x10/0x10
[  227.051544][ T9062]  ? __switch_to_asm+0x39/0x70
[  227.051561][ T9062]  ? __switch_to_asm+0x33/0x70
[  227.051579][ T9062]  ? __pfx_kthread+0x10/0x10
[  227.051599][ T9062]  ret_from_fork_asm+0x1a/0x30
[  227.051633][ T9062]  </TASK>
[  227.051639][ T9062] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  227.505942][ T9070] loop7: detected capacity change from 0 to 7
[  227.593256][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!!
[  227.731165][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!!
[  228.026666][ T9070] Dev loop7: unable to read RDB block 7
[  228.053188][    C1] invalid error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0
[  228.062482][ T9070]  loop7: unable to read partition table
[  228.063275][    C1] Buffer I/O error on dev loop7, logical block 0, lost async page write
[  228.069035][ T9070] loop7: partition table beyond EOD, truncated
[  228.142405][ T9070] loop_reread_partitions: partition scan of loop7 (úùƒå¡™‰ü�¾CêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö�˜Èµ4FLQkÝŠ) failed (rc=-5)
[  228.491581][ T9073] loop0: detected capacity change from 0 to 32768
[  228.594661][ T9073] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  228.659996][ T9073] XFS (loop0): Ending clean mount
[  228.688180][ T9073] XFS (loop0): Quotacheck needed: Please wait.
[  228.778586][ T9073] XFS (loop0): Quotacheck: Done.
[  228.792531][ T9095] loop6: detected capacity change from 0 to 8192
[  228.823484][   T30] audit: type=1800 audit(1752659781.904:709): pid=9073 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.850" name="file1" dev="loop0" ino=4422 res=0 errno=0
[  228.835356][ T9095] FAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  229.012386][ T5860] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  229.474233][ T9106] capability: warning: `syz.6.861' uses 32-bit capabilities (legacy support in use)
[  229.639896][ T9108] netlink: 104 bytes leftover after parsing attributes in process `syz.0.858'.
[  229.953774][ T9102] loop1: detected capacity change from 0 to 32768
[  229.978598][ T9100] loop3: detected capacity change from 0 to 32768
[  230.017302][ T9100] (syz.3.859,9100,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  230.061908][ T9100] (syz.3.859,9100,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  230.095339][ T9102] ocfs2: Mounting device (7,1) on (node local, slot 0) with writeback data mode.
[  230.126021][ T9120] loop6: detected capacity change from 0 to 256
[  230.147251][   T13] (kworker/u8:1,13,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #72: rec_len is smaller than minimal - offset=0, inode=348545186005064, rec_len=0, name_len=1
[  230.175664][   T30] audit: type=1800 audit(1752659783.234:710): pid=9120 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.866" name="file1" dev="loop6" ino=1048627 res=0 errno=0
[  230.190360][ T9120] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 196)
[  230.241633][ T9120] FAT-fs (loop6): Filesystem has been set read-only
[  230.248344][ T9102] (syz.1.846,9102,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #72: rec_len is smaller than minimal - offset=0, inode=348545186005064, rec_len=0, name_len=1
[  230.248430][ T9102] (syz.1.846,9102,0):ocfs2_prepare_dir_for_insert:4302 ERROR: status = -2
[  230.248455][ T9102] (syz.1.846,9102,0):__ocfs2_prepare_orphan_dir:2183 ERROR: status = -2
[  230.248478][ T9102] (syz.1.846,9102,0):ocfs2_prepare_orphan_dir:2227 ERROR: status = -2
[  230.248504][ T9102] (syz.1.846,9102,0):ocfs2_prepare_orphan_dir:2243 ERROR: status = -2
[  230.248562][ T9102] (syz.1.846,9102,0):ocfs2_unlink:967 ERROR: status = -2
[  230.348135][ T9100] JBD2: Ignoring recovery information on journal
[  230.479924][ T5845] ocfs2: Unmounting device (7,1) on (node local)
[  230.499009][ T9100] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  230.635762][ T9100] (syz.3.859,9100,1):ocfs2_check_set_options:1244 ERROR: Invalid heartbeat mount options
[  230.813075][ T5847] ocfs2: Unmounting device (7,3) on (node local)
[  230.917134][ T9104] loop4: detected capacity change from 0 to 40427
[  230.959761][ T9104] F2FS-fs (loop4): Invalid log sectors per block(0) log sectorsize(9)
[  230.991048][ T9104] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  231.013679][ T9140] IPVS: wlc: UDP 224.0.0.2:0 - no destination available
[  231.030811][ T9104] F2FS-fs (loop4): invalid crc value
[  231.402729][ T9104] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  231.482805][ T9104] F2FS-fs (loop4): Start checkpoint disabled!
[  231.531865][ T9104] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  231.574166][ T9104] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  231.712448][ T9104] syz.4.860: attempt to access beyond end of device
[  231.712448][ T9104] loop4: rw=2049, sector=45096, nr_sectors = 136 limit=40427
[  231.786491][ T9104] syz.4.860: attempt to access beyond end of device
[  231.786491][ T9104] loop4: rw=0, sector=45224, nr_sectors = 8 limit=40427
[  231.855845][ T9158] IPVS: sed: UDP 224.0.0.2:0 - no destination available
[  231.988482][ T1141] kworker/u8:6: attempt to access beyond end of device
[  231.988482][ T1141] loop4: rw=2049, sector=45232, nr_sectors = 8 limit=40427
[  232.023395][ T1141] CPU: 0 UID: 0 PID: 1141 Comm: kworker/u8:6 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) 
[  232.023426][ T1141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  232.023440][ T1141] Workqueue: writeback wb_workfn (flush-7:4)
[  232.023470][ T1141] Call Trace:
[  232.023479][ T1141]  <TASK>
[  232.023488][ T1141]  dump_stack_lvl+0x189/0x250
[  232.023519][ T1141]  ? __pfx_dump_stack_lvl+0x10/0x10
[  232.023544][ T1141]  ? __pfx_queue_work_on+0x10/0x10
[  232.023563][ T1141]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  232.023588][ T1141]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  232.023627][ T1141]  f2fs_handle_critical_error+0x37c/0x540
[  232.023666][ T1141]  f2fs_write_end_io+0x886/0xb60
[  232.023716][ T1141]  __submit_merged_bio+0x27a/0x6a0
[  232.023746][ T1141]  __submit_merged_write_cond+0x255/0x530
[  232.023778][ T1141]  f2fs_write_data_pages+0x261d/0x3000
[  232.023847][ T1141]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  232.023891][ T1141]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  232.023964][ T1141]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  232.024003][ T1141]  ? trace_f2fs_writepages+0x7f/0x200
[  232.024027][ T1141]  ? f2fs_write_node_pages+0x478/0x6e0
[  232.024055][ T1141]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  232.024096][ T1141]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  232.024121][ T1141]  do_writepages+0x32e/0x550
[  232.024154][ T1141]  ? reacquire_held_locks+0x127/0x1d0
[  232.024175][ T1141]  ? writeback_sb_inodes+0x384/0x1010
[  232.024211][ T1141]  __writeback_single_inode+0x145/0xff0
[  232.024237][ T1141]  ? do_raw_spin_unlock+0x122/0x240
[  232.024270][ T1141]  writeback_sb_inodes+0x6c7/0x1010
[  232.024331][ T1141]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  232.024434][ T1141]  ? rcu_is_watching+0x15/0xb0
[  232.024467][ T1141]  wb_writeback+0x43b/0xaf0
[  232.024500][ T1141]  ? queue_io+0x3a1/0x590
[  232.024526][ T1141]  ? __pfx_wb_writeback+0x10/0x10
[  232.024561][ T1141]  ? _raw_spin_unlock_irq+0x23/0x50
[  232.024590][ T1141]  wb_workfn+0x409/0xef0
[  232.024629][ T1141]  ? __pfx_wb_workfn+0x10/0x10
[  232.024664][ T1141]  ? __lock_acquire+0xab9/0xd20
[  232.024706][ T1141]  ? process_scheduled_works+0x9ef/0x17b0
[  232.024734][ T1141]  ? _raw_spin_unlock_irq+0x23/0x50
[  232.024755][ T1141]  ? process_scheduled_works+0x9ef/0x17b0
[  232.024772][ T1141]  ? process_scheduled_works+0x9ef/0x17b0
[  232.024795][ T1141]  process_scheduled_works+0xae1/0x17b0
[  232.024851][ T1141]  ? __pfx_process_scheduled_works+0x10/0x10
[  232.024893][ T1141]  worker_thread+0x8a0/0xda0
[  232.024949][ T1141]  kthread+0x70e/0x8a0
[  232.024978][ T1141]  ? __pfx_worker_thread+0x10/0x10
[  232.024998][ T1141]  ? __pfx_kthread+0x10/0x10
[  232.025026][ T1141]  ? _raw_spin_unlock_irq+0x23/0x50
[  232.025046][ T1141]  ? lockdep_hardirqs_on+0x9c/0x150
[  232.025068][ T1141]  ? __pfx_kthread+0x10/0x10
[  232.025094][ T1141]  ret_from_fork+0x3f9/0x770
[  232.025117][ T1141]  ? __pfx_ret_from_fork+0x10/0x10
[  232.025144][ T1141]  ? __switch_to_asm+0x39/0x70
[  232.025167][ T1141]  ? __switch_to_asm+0x33/0x70
[  232.025189][ T1141]  ? __pfx_kthread+0x10/0x10
[  232.025215][ T1141]  ret_from_fork_asm+0x1a/0x30
[  232.025259][ T1141]  </TASK>
[  232.025267][ T1141] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  232.204554][ T9147] loop6: detected capacity change from 0 to 32768
[  232.378016][ T9168] program syz.3.884 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  232.399114][ T9166] loop0: detected capacity change from 0 to 8
[  232.445905][ T9147] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  232.652798][ T9147] XFS (loop6): Ending clean mount
[  232.677998][ T9147] XFS (loop6): Quotacheck needed: Please wait.
[  232.757171][ T9147] XFS (loop6): Quotacheck: Done.
[  232.771075][ T9184] loop1: detected capacity change from 0 to 2048
[  232.825333][ T9184] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[  232.859729][ T9184] UDF-fs: Scanning with blocksize 512 failed
[  232.880761][ T9184] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  232.921213][   T30] audit: type=1800 audit(1752659786.004:711): pid=9184 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.888" name="bus" dev="loop1" ino=851 res=0 errno=0
[  232.980716][ T6765] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  233.647380][ T9196] sctp: [Deprecated]: syz.4.892 (pid 9196) Use of struct sctp_assoc_value in delayed_ack socket option.
[  233.647380][ T9196] Use struct sctp_sack_info instead
[  233.832942][ T9208] sctp: [Deprecated]: syz.3.898 (pid 9208) Use of struct sctp_assoc_value in delayed_ack socket option.
[  233.832942][ T9208] Use struct sctp_sack_info instead
[  233.907083][ T9210] loop6: detected capacity change from 0 to 128
[  233.971323][ T9210] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  234.006409][ T9210] ext4 filesystem being mounted at /132/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  234.165229][ T6765] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  234.412210][   T10] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  234.582897][   T10] usb 2-1: Using ep0 maxpacket: 32
[  234.597646][   T10] usb 2-1: config 0 has an invalid interface number: 67 but max is 0
[  234.608380][   T10] usb 2-1: config 0 has no interface number 0
[  234.626858][   T10] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  234.639301][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  234.652121][   T10] usb 2-1: Product: syz
[  234.656338][   T10] usb 2-1: Manufacturer: syz
[  234.660971][   T10] usb 2-1: SerialNumber: syz
[  234.695963][   T10] usb 2-1: config 0 descriptor??
[  234.713925][   T10] smsc95xx v2.0.0
[  234.811421][ T9239] loop0: detected capacity change from 0 to 1024
[  234.994497][ T1141] hfsplus: b-tree write err: -5, ino 3
[  235.308183][ T9216] loop4: detected capacity change from 0 to 32768
[  235.339288][ T9216] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.901 (9216)
[  235.419292][ T9216] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  235.444586][ T9216] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  235.457936][ T9216] BTRFS info (device loop4): disk space caching is enabled
[  235.467740][ T9216] BTRFS warning (device loop4): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  235.568022][ T9216] BTRFS info (device loop4): rebuilding free space tree
[  235.599808][ T9216] BTRFS info (device loop4): disabling free space tree
[  235.607536][ T9216] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  235.617481][ T9216] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  235.690407][ T9271] loop3: detected capacity change from 0 to 128
[  235.721560][ T9271] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  235.735851][   T10] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71
[  235.758130][   T10] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  235.768838][   T10] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  235.772536][ T9271] ext4 filesystem being mounted at /181/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  235.780717][   T10] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -71
[  235.803044][   T10] usb 2-1: USB disconnect, device number 9
[  235.887637][ T5844] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  235.920931][ T5847] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  236.047799][ T9276] loop3: detected capacity change from 0 to 128
[  236.076819][ T9276] vfat: Unexpected value for 'dos1xfloppy'
[  236.380702][ T9282] loop3: detected capacity change from 0 to 256
[  236.420988][ T9274] loop6: detected capacity change from 0 to 32768
[  236.461804][ T9282] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xf6e00961, utbl_chksum : 0xe619d30d)
[  236.636429][ T9274] bcachefs (loop6): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  236.636452][ T9274]   allowing incompatible features above 0.0: (unknown version)
[  236.636464][ T9274]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  236.707963][ T9301] syz.3.928 (9301): /proc/9298/oom_adj is deprecated, please use /proc/9298/oom_score_adj instead.
[  236.777892][ T9274] bcachefs (loop6): Using encoding defined by superblock: utf8-12.1.0
[  236.796669][ T9274] bcachefs (loop6): initializing new filesystem
[  236.855134][ T9274] bcachefs (loop6): going read-write
[  236.969740][ T9274] bcachefs (loop6): initializing freespace
[  237.028063][ T9274] bcachefs (loop6):  loop6: Superblock write was silently dropped! (seq 0 expected 42)
[  237.073694][ T9312] loop3: detected capacity change from 0 to 1024
[  237.090335][ T9312] EXT4-fs (loop3): Test dummy encryption mode enabled
[  237.131625][   T10] bcachefs (loop6): unclean shutdown complete, journal seq 6
[  237.137862][ T9274] bcachefs (loop6): shutdown by ioctl type 2emergency read only at seq 6
[  237.165175][ T9312] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  237.183103][ T9274] syz.6.920 (9274) used greatest stack depth: 14248 bytes left
[  237.192891][ T9284] loop0: detected capacity change from 0 to 32768
[  237.258489][ T9284] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  237.385703][ T5847] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  237.395924][ T9326] loop4: detected capacity change from 0 to 1024
[  237.400194][ T9284] XFS (loop0): Ending clean mount
[  237.431173][ T9326] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  237.435794][ T9284] XFS (loop0): Quotacheck needed: Please wait.
[  237.463232][ T9326] ext4 filesystem being mounted at /190/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  237.567442][ T9284] XFS (loop0): Quotacheck: Done.
[  237.591212][ T5844] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  237.647050][ T9333] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.938'.
[  237.683576][ T5860] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  237.705023][ T9332] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.938'.
[  239.269441][ T9377] loop1: detected capacity change from 0 to 1024
[  239.399719][ T9377] hfsplus: b-tree write err: -5, ino 3
[  239.490971][ T9383] loop3: detected capacity change from 0 to 256
[  239.500239][ T9383] exfat: Deprecated parameter 'utf8'
[  239.519118][ T9383] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xf6e00961, utbl_chksum : 0xe619d30d)
[  239.859123][ T9389] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  239.918211][ T9389] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  239.937591][ T9392] hsr0: entered promiscuous mode
[  239.960318][ T9392] netlink: 4 bytes leftover after parsing attributes in process `syz.1.963'.
[  240.000981][ T9392] hsr_slave_0: left promiscuous mode
[  240.020124][ T9392] hsr_slave_1: left promiscuous mode
[  240.124001][ T9368] netlink: 20 bytes leftover after parsing attributes in process `syz.0.954'.
[  240.133185][ T9368] netlink: 24 bytes leftover after parsing attributes in process `syz.0.954'.
[  240.152735][ T9392] hsr0 (unregistering): left promiscuous mode
[  240.349398][ T9398] loop3: detected capacity change from 0 to 2048
[  240.424024][ T9398] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  240.465609][ T9398] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  240.905082][ T9419] loop1: detected capacity change from 0 to 1024
[  240.921611][ T9413] loop6: detected capacity change from 0 to 4096
[  240.940538][ T9413] ntfs3(loop6): Different NTFS sector size (1024) and media sector size (512).
[  240.980683][ T9419] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  241.073996][ T9427] loop0: detected capacity change from 0 to 4096
[  241.085402][ T9427] EXT4-fs (loop0): Test dummy encryption mode enabled
[  241.111131][ T9427] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  241.136682][ T9427] System zones: 0-5
[  241.150273][ T9427] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  241.199184][ T5845] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  241.327917][ T5860] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  241.596787][ T9429] loop4: detected capacity change from 0 to 32768
[  241.655840][ T9442] loop0: detected capacity change from 0 to 1024
[  241.690021][ T9442] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  241.809343][ T9429] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=xxhash,data_checksum=xxhash,compression=lz4,str_hash=crc64,norecovery,reconstruct_alloc
[  241.809370][ T9429]   allowing incompatible features above 0.0: (unknown version)
[  241.809384][ T9429]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  241.886854][ T9429] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0
[  241.896336][ T9429] bcachefs (loop4): recovering from clean shutdown, journal seq 10
[  241.908265][ T9429] bcachefs (loop4): Version upgrade from 1.19: autofix_errors to 1.7: mi_btree_bitmap incomplete
[  241.908265][ T9429] Doing compatible version upgrade from 1.19: autofix_errors to 1.28: inode_has_case_insensitive
[  241.908265][ T9429]   running recovery passes: check_extents_to_backpointers,check_inodes
[  241.946600][ T9429] bcachefs (loop4): dropping and reconstructing all alloc info
[  241.983759][ T9442] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4113: comm syz.0.982: Allocating blocks 497-513 which overlap fs metadata
[  242.034043][ T9429] bcachefs (loop4): invalid bkey in btree_node btree=inodes level=0: u64s 18 type inode_v3 0:4098:U32_MAX len 0 ver 0: 
[  242.034089][ T9429]     mode=0
[  242.034100][ T9429]     flags=(15300000)
[  242.034111][ T9429]     journal_seq=4
[  242.034121][ T9429]     hash_seed=ece93825deac2443
[  242.034132][ T9429]     hash_type=siphash
[  242.034142][ T9429]     bi_size=0
[  242.034151][ T9429]     bi_sectors=0
[  242.034160][ T9429]     bi_version=0
[  242.034169][ T9429]     bi_atime=2770562249
[  242.034179][ T9429]     bi_ctime=2780562352
[  242.034188][ T9429]     bi_mtime=2780562352
[  242.034198][ T9429]     bi_otime=2770562249
[  242.034207][ T9429]     bi_uid=0
[  242.034227][ T9429]     bi_gid=0
[  242.034236][ T9429]     bi_nlink=0
[  242.034245][ T9429]     bi_generation=0
[  242.034254][ T9429]     bi_dev=0
[  242.034263][ T9429]     bi_data_checksum=0
[  242.034273][ T9429]     bi_compression=0
[  242.034282][ T9429]     bi_project=0
[  242.034291][ T9429]     bi_background_compression=0
[  242.034301][ T9429]     bi_data_replicas=0
[  242.034312][ T9429]     bi_promote_target=0
[  242.034321][ T9429]     bi_foreground_target=0
[  242.034330][ T9429]     bi_background_target=0
[  242.034340][ T9429]     bi_erasure_code=0
[  242.034350][ T9429]     bi_fields_set=0
[  242.034359][ T9429]     bi_dir=4096
[  242.034368][ T9429]     bi_dir_offset=189491840996961599
[  242.034378][ T9429]     bi_subvol=0
[  242.034387][ T9429]     bi_parent_subvol=0
[  242.034396][ T9429]     bi_nocow=0
[  242.034405][ T9429]     bi_depth=0
[  242.034414][ T9429]     bi_inodes_32bit=0
[  242.034423][ T9429]     bi_casefold=0
[  242.034432][ T9429]   invalid fields_start (got 18, min 6 max 13), deleting
[  242.112431][ T5851] Bluetooth: hci1: unexpected event for opcode 0x1004
[  242.137719][ T9429] bcachefs (loop4): accounting_read...
[  242.219717][ T9442] EXT4-fs (loop0): pa ffff8880510b00e8: logic 128, phys. 385, len 8
[  242.269108][ T9442] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[  242.285884][ T9442] EXT4-fs error (device loop0): mb_free_blocks:1948: group 0, inode 18: block 369:freeing already freed block (bit 23); block bitmap corrupt.
[  242.319559][ T9429]  done
[  242.327879][ T9429] bcachefs (loop4): alloc_read... done
[  242.347741][ T9429] bcachefs (loop4): snapshots_read... done
[  242.387330][ T9429] bcachefs (loop4): Fixed errors, running fsck a second time to verify fs is clean
[  242.446234][ T5860] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  242.603737][ T9473] netlink: 80 bytes leftover after parsing attributes in process `syz.3.991'.
[  242.657301][ T9474] loop0: detected capacity change from 0 to 512
[  242.719799][ T9474] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  242.783451][ T9474] EXT4-fs (loop0): orphan cleanup on readonly fs
[  242.808958][ T9474] Quota error (device loop0): do_check_range: Getting block 196613 out of range 1-5
[  242.820010][ T9474] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0
[  242.830635][ T9474] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.988: Failed to acquire dquot type 1
[  242.881216][ T9474] EXT4-fs (loop0): 1 truncate cleaned up
[  242.915116][ T9474] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-00000040ed00 ro without journal. Quota mode: writeback.
[  243.014465][ T9474] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended
[  243.057250][ T9474] EXT4-fs warning (device loop0): ext4_multi_mount_protect:332: MMP startup interrupted, failing mount
[  243.057250][ T9474] 
[  243.105262][ T9481] loop3: detected capacity change from 0 to 256
[  243.159921][ T5860] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-00000040ed00.
[  243.651299][ T9493] loop0: detected capacity change from 0 to 256
[  243.912162][   T43] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  243.974400][ T9495] loop6: detected capacity change from 0 to 1024
[  243.981085][ T9489] loop3: detected capacity change from 0 to 32768
[  244.009076][ T9489] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.998 (9489)
[  244.037078][ T9495] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  244.059656][ T9489] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  244.072403][   T43] usb 2-1: Using ep0 maxpacket: 16
[  244.077736][ T9489] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  244.113624][   T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  244.135619][   T43] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  244.167649][   T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  244.232924][   T43] usb 2-1: config 0 descriptor??
[  244.300221][ T9495] EXT4-fs error (device loop6): ext4_mb_mark_diskspace_used:4113: comm syz.6.999: Allocating blocks 497-513 which overlap fs metadata
[  244.325665][ T9489] BTRFS info (device loop3): rebuilding free space tree
[  244.332755][ T9497] loop0: detected capacity change from 0 to 32768
[  244.356587][ T9489] BTRFS info (device loop3): disabling free space tree
[  244.366321][ T9489] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  244.386070][ T9489] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  244.389657][ T9495] EXT4-fs (loop6): pa ffff8880510b0740: logic 128, phys. 385, len 8
[  244.404537][ T9495] EXT4-fs error (device loop6): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[  244.420101][ T9495] EXT4-fs error (device loop6): mb_free_blocks:1948: group 0, inode 18: block 369:freeing already freed block (bit 23); block bitmap corrupt.
[  244.576627][ T6765] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  244.677219][ T5847] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  244.698777][ T9497] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  244.698807][ T9497]   allowing incompatible features above 0.0: (unknown version)
[  244.698821][ T9497]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  244.704614][   T43] mcp2221 0003:04D8:00DD.000D: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0
[  244.724192][ T9497] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[  244.764823][ T9497] bcachefs (loop0): initializing new filesystem
[  244.831094][ T9497] bcachefs (loop0): going read-write
[  245.094425][ T9497] bcachefs (loop0): initializing freespace
[  245.177474][   T43] usb 2-1: USB disconnect, device number 10
[  245.602419][ T9524] loop6: detected capacity change from 0 to 40427
[  245.610828][ T9524] F2FS-fs (loop6): build fault injection rate: 19
[  245.617698][ T9524] F2FS-fs (loop6): build fault injection type: 0x3bfe8c
[  245.629132][ T5860] bcachefs (loop0): clean shutdown complete, journal seq 8
[  245.633400][ T9524] F2FS-fs (loop6): invalid crc value
[  245.664405][ T9524] F2FS-fs (loop6): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970
[  245.793032][ T9524] F2FS-fs (loop6): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x20a/0x3f0
[  245.831015][ T9524] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  245.899712][ T9524] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  246.001100][ T9524] F2FS-fs (loop6): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  246.040043][   T30] audit: type=1800 audit(1752659799.124:712): pid=9524 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1002" name="file1" dev="loop6" ino=10 res=0 errno=0
[  246.068011][ T9524] F2FS-fs (loop6): inject no more block in inc_valid_node_count of f2fs_new_node_folio+0x18b/0xa40
[  246.126990][ T9546] F2FS-fs (loop6): inject inconsistent footer in sanity_check_node_footer of f2fs_init_inode_metadata+0xf2/0xf70
[  246.177427][ T9546] F2FS-fs (loop6): inconsistent node block, node_type:1, nid:10, node_footer[nid:10,ino:10,ofs:0,cpver:0,blkaddr:0]
[  246.189859][ T5859] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  246.203623][ T5859] Bluetooth: hci1: Injecting HCI hardware error event
[  246.213160][ T5859] Bluetooth: hci1: hardware error 0x00
[  246.451480][ T6765] syz-executor: attempt to access beyond end of device
[  246.451480][ T6765] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  246.482419][ T6765] CPU: 0 UID: 0 PID: 6765 Comm: syz-executor Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) 
[  246.482443][ T6765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  246.482464][ T6765] Call Trace:
[  246.482470][ T6765]  <TASK>
[  246.482476][ T6765]  dump_stack_lvl+0x189/0x250
[  246.482501][ T6765]  ? __pfx_dump_stack_lvl+0x10/0x10
[  246.482518][ T6765]  ? __pfx_queue_work_on+0x10/0x10
[  246.482534][ T6765]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  246.482553][ T6765]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  246.482579][ T6765]  f2fs_handle_critical_error+0x37c/0x540
[  246.482600][ T6765]  f2fs_write_end_io+0x886/0xb60
[  246.482632][ T6765]  __submit_merged_bio+0x27a/0x6a0
[  246.482665][ T6765]  __submit_merged_write_cond+0x255/0x530
[  246.482684][ T6765]  f2fs_write_data_pages+0x261d/0x3000
[  246.482726][ T6765]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  246.482784][ T6765]  ? kernel_text_address+0xa5/0xe0
[  246.482805][ T6765]  ? __kernel_text_address+0xd/0x40
[  246.482825][ T6765]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  246.482854][ T6765]  ? __lock_acquire+0xab9/0xd20
[  246.482873][ T6765]  ? do_raw_spin_lock+0x121/0x290
[  246.482900][ T6765]  ? do_raw_spin_unlock+0x122/0x240
[  246.482919][ T6765]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  246.482937][ T6765]  do_writepages+0x32e/0x550
[  246.482963][ T6765]  ? do_raw_spin_unlock+0x122/0x240
[  246.482984][ T6765]  filemap_fdatawrite+0x199/0x240
[  246.483003][ T6765]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  246.483054][ T6765]  ? do_raw_spin_unlock+0x122/0x240
[  246.483075][ T6765]  f2fs_sync_dirty_inodes+0x31f/0x830
[  246.483105][ T6765]  f2fs_write_checkpoint+0x95a/0x1df0
[  246.483140][ T6765]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  246.483185][ T6765]  ? try_to_wake_up+0x81b/0x1290
[  246.483208][ T6765]  ? kill_f2fs_super+0x298/0x6c0
[  246.483230][ T6765]  kill_f2fs_super+0x2c3/0x6c0
[  246.483253][ T6765]  ? __pfx_kill_f2fs_super+0x10/0x10
[  246.483269][ T6765]  ? radix_tree_delete_item+0x2b6/0x400
[  246.483292][ T6765]  ? shrinker_free+0x2ce/0x3e0
[  246.483308][ T6765]  deactivate_locked_super+0xb9/0x130
[  246.483325][ T6765]  cleanup_mnt+0x425/0x4c0
[  246.483340][ T6765]  ? lockdep_hardirqs_on+0x9c/0x150
[  246.483361][ T6765]  task_work_run+0x1d1/0x260
[  246.483383][ T6765]  ? __pfx_task_work_run+0x10/0x10
[  246.483401][ T6765]  ? __x64_sys_umount+0x122/0x160
[  246.483422][ T6765]  ? exit_to_user_mode_loop+0x40/0x110
[  246.483447][ T6765]  exit_to_user_mode_loop+0xec/0x110
[  246.483468][ T6765]  do_syscall_64+0x2bd/0x3b0
[  246.483486][ T6765]  ? lockdep_hardirqs_on+0x9c/0x150
[  246.483503][ T6765]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  246.483518][ T6765]  ? clear_bhb_loop+0x60/0xb0
[  246.483535][ T6765]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  246.483548][ T6765] RIP: 0033:0x7f4b61d8fc57
[  246.483561][ T6765] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  246.483573][ T6765] RSP: 002b:00007fffec7c2708 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  246.483588][ T6765] RAX: 0000000000000000 RBX: 00007f4b61e10925 RCX: 00007f4b61d8fc57
[  246.483597][ T6765] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffec7c27c0
[  246.483606][ T6765] RBP: 00007fffec7c27c0 R08: 0000000000000000 R09: 0000000000000000
[  246.483614][ T6765] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffec7c3850
[  246.483623][ T6765] R13: 00007f4b61e10925 R14: 000000000003c1d5 R15: 00007fffec7c3890
[  246.483645][ T6765]  </TASK>
[  246.483651][ T6765] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  247.091959][ T9554] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1012'.
[  247.101230][ T9554] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1012'.
[  247.435995][ T9565] loop4: detected capacity change from 0 to 4096
[  247.488498][ T9565] ntfs3(loop4): ino=3, Correct links count -> 2.
[  247.520687][ T9567] loop3: detected capacity change from 0 to 24
[  247.531429][ T9567] MTD: Attempt to mount non-MTD device "/dev/loop3"
[  247.549885][ T9567] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  248.352451][ T5859] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  249.577202][ T9608] bridge0: port 3(vlan2) entered blocking state
[  249.604256][ T9608] bridge0: port 3(vlan2) entered disabled state
[  249.648461][ T9608] vlan2: entered allmulticast mode
[  249.649141][ T9609] loop1: detected capacity change from 0 to 2048
[  249.659770][ T9608] vlan2: entered promiscuous mode
[  249.679167][ T9608] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[  249.739542][ T9609] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[  249.810147][ T9615] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  249.847411][ T9609] NILFS error (device loop1): nilfs_readdir: zero-length directory entry
[  249.869623][ T9609] Remounting filesystem read-only
[  249.975040][ T9622] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  250.048422][ T9623] loop0: detected capacity change from 0 to 4096
[  250.063217][ T9623] ext4: Unknown parameter 'pcr'
[  250.256086][ T9634] loop6: detected capacity change from 0 to 2048
[  250.275166][ T9634] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  250.335815][ T9640] input: syz0 as /devices/virtual/input/input16
[  250.466677][ T9643] loop6: detected capacity change from 0 to 512
[  251.013778][ T9655] loop0: detected capacity change from 0 to 512
[  251.190890][ T9651] loop1: detected capacity change from 0 to 40427
[  251.208057][ T9651] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504)
[  251.218463][ T9651] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  251.236956][ T9651] F2FS-fs (loop1): build fault injection rate: 17008
[  251.244651][ T9651] F2FS-fs (loop1): build fault injection type: 0x6
[  251.257798][ T9651] F2FS-fs (loop1): invalid crc value
[  251.359091][ T9651] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  251.371907][ T9651] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  251.388496][ T9651] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  251.419352][ T9655] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  251.445252][ T9643] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  251.485062][ T9643] ext4 filesystem being mounted at /154/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  251.510037][ T9651] syz.1.1051: attempt to access beyond end of device
[  251.510037][ T9651] loop1: rw=2049, sector=53248, nr_sectors = 8 limit=40427
[  251.575006][   T30] audit: type=1800 audit(1752659804.664:713): pid=9643 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1048" name="file1" dev="loop6" ino=15 res=0 errno=0
[  251.660454][ T5860] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  251.692335][   T30] audit: type=1800 audit(1752659804.694:714): pid=9643 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1048" name="file2" dev="loop6" ino=16 res=0 errno=0
[  251.729503][ T5845] syz-executor: attempt to access beyond end of device
[  251.729503][ T5845] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  251.783332][ T6765] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  251.794244][ T5845] CPU: 0 UID: 0 PID: 5845 Comm: syz-executor Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) 
[  251.794274][ T5845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  251.794285][ T5845] Call Trace:
[  251.794292][ T5845]  <TASK>
[  251.794300][ T5845]  dump_stack_lvl+0x189/0x250
[  251.794330][ T5845]  ? __pfx_dump_stack_lvl+0x10/0x10
[  251.794352][ T5845]  ? __pfx_queue_work_on+0x10/0x10
[  251.794371][ T5845]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  251.794402][ T5845]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  251.794437][ T5845]  f2fs_handle_critical_error+0x37c/0x540
[  251.794465][ T5845]  f2fs_write_end_io+0x886/0xb60
[  251.794506][ T5845]  __submit_merged_bio+0x27a/0x6a0
[  251.794533][ T5845]  __submit_merged_write_cond+0x255/0x530
[  251.794560][ T5845]  f2fs_write_data_pages+0x261d/0x3000
[  251.794581][ T5845]  ? __lock_acquire+0xab9/0xd20
[  251.794631][ T5845]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  251.794702][ T5845]  ? stack_depot_save_flags+0x40/0x900
[  251.794744][ T5845]  ? kthread_stop+0x194/0x5f0
[  251.794783][ T5845]  ? kill_f2fs_super+0x137/0x6c0
[  251.794805][ T5845]  ? deactivate_locked_super+0xb9/0x130
[  251.794837][ T5845]  ? __lock_acquire+0xab9/0xd20
[  251.794873][ T5845]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  251.794899][ T5845]  do_writepages+0x32e/0x550
[  251.794935][ T5845]  ? do_raw_spin_unlock+0x122/0x240
[  251.794966][ T5845]  filemap_fdatawrite+0x199/0x240
[  251.795001][ T5845]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  251.795083][ T5845]  ? do_raw_spin_unlock+0x122/0x240
[  251.795114][ T5845]  f2fs_sync_dirty_inodes+0x31f/0x830
[  251.795157][ T5845]  f2fs_write_checkpoint+0x95a/0x1df0
[  251.795209][ T5845]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  251.795276][ T5845]  ? try_to_wake_up+0x7e5/0x1290
[  251.795309][ T5845]  ? kill_f2fs_super+0x298/0x6c0
[  251.795341][ T5845]  kill_f2fs_super+0x2c3/0x6c0
[  251.795373][ T5845]  ? __pfx_kill_f2fs_super+0x10/0x10
[  251.795402][ T5845]  ? radix_tree_delete_item+0x2b6/0x400
[  251.795435][ T5845]  ? shrinker_free+0x2ce/0x3e0
[  251.795459][ T5845]  deactivate_locked_super+0xb9/0x130
[  251.795483][ T5845]  cleanup_mnt+0x425/0x4c0
[  251.795504][ T5845]  ? lockdep_hardirqs_on+0x9c/0x150
[  251.795533][ T5845]  task_work_run+0x1d1/0x260
[  251.795564][ T5845]  ? __pfx_task_work_run+0x10/0x10
[  251.795589][ T5845]  ? __x64_sys_umount+0x122/0x160
[  251.795620][ T5845]  ? exit_to_user_mode_loop+0x40/0x110
[  251.795655][ T5845]  exit_to_user_mode_loop+0xec/0x110
[  251.795686][ T5845]  do_syscall_64+0x2bd/0x3b0
[  251.795712][ T5845]  ? lockdep_hardirqs_on+0x9c/0x150
[  251.795737][ T5845]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  251.795757][ T5845]  ? clear_bhb_loop+0x60/0xb0
[  251.795782][ T5845]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  251.795801][ T5845] RIP: 0033:0x7fe22a58fc57
[  251.795819][ T5845] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  251.795837][ T5845] RSP: 002b:00007ffcf2bccfa8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  251.795858][ T5845] RAX: 0000000000000000 RBX: 00007fe22a610925 RCX: 00007fe22a58fc57
[  251.795872][ T5845] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcf2bcd060
[  251.795884][ T5845] RBP: 00007ffcf2bcd060 R08: 0000000000000000 R09: 0000000000000000
[  251.795896][ T5845] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffcf2bce0f0
[  251.795910][ T5845] R13: 00007fe22a610925 R14: 000000000003d6c0 R15: 00007ffcf2bce130
[  251.795942][ T5845]  </TASK>
[  251.795950][ T5845] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  252.410300][ T5957] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  252.614721][ T9646] loop3: detected capacity change from 0 to 262144
[  252.629364][ T9646] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1050 (9646)
[  252.648020][ T9646] BTRFS info (device loop3): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  252.658361][ T9646] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[  252.667712][ T9646] BTRFS info (device loop3): using free-space-tree
[  252.702099][ T5957] usb 5-1: Using ep0 maxpacket: 32
[  252.721223][ T5957] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  252.748568][ T5957] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  252.760273][ T5957] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  252.779667][ T5957] usb 5-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[  252.803786][ T5957] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  252.849822][ T5957] usb 5-1: config 0 descriptor??
[  252.859488][ T9686] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1055'.
[  252.894356][ T9646] BTRFS info (device loop3): balance: start -d -m -s
[  252.917187][ T9646] BTRFS info (device loop3): relocating block group 30408704 flags metadata|dup
[  252.917553][ T9676] loop0: detected capacity change from 0 to 4096
[  252.954476][ T9676] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
[  252.993551][ T9646] BTRFS info (device loop3): found 3 extents, stage: move data extents
[  253.033936][ T9676] ntfs3(loop0): ino=19, mi_enum_attr
[  253.048963][ T9676] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  253.058275][ T9646] BTRFS info (device loop3): relocating block group 22020096 flags system|dup
[  253.075558][   T43] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  253.110824][ T9646] BTRFS info (device loop3): balance: canceled
[  253.158414][ T5847] BTRFS info (device loop3): last unmount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  253.234355][   T43] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  253.259700][   T43] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  253.282693][   T43] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  253.322593][ T9677] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  253.346816][   T43] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  253.371102][ T5957] input: HID 0458:5011 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0458:5011.000E/input/input17
[  253.516376][ T5957] input: HID 0458:5011 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0458:5011.000E/input/input18
[  253.618302][ T5957] kye 0003:0458:5011.000E: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.4-1/input0
[  253.691766][   T43] usb 7-1: USB disconnect, device number 5
[  253.815692][ T9688] loop1: detected capacity change from 0 to 32768
[  253.854352][ T9688] 
[  253.854352][ T9688]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  253.854352][ T9688] 
[  253.897153][ T9688] find_entry called with index = 0
[  253.909895][ T9688] read_mapping_page failed!
[  253.916936][ T9688] ERROR: (device loop1): txCommit: 
[  253.916936][ T9688] 
[  253.931059][ T9688] ERROR: (device loop1): remounting filesystem as read-only
[  253.950272][ T9688] read_mapping_page failed!
[  253.969626][ T9688] ERROR: (device loop1): txCommit: 
[  253.969626][ T9688] 
[  254.013794][ T5918] usb 5-1: USB disconnect, device number 9
[  254.501907][ T9700] random: crng reseeded on system resumption
[  254.529582][ T9693] loop0: detected capacity change from 0 to 32768
[  254.567398][ T9700] Restarting kernel threads ...
[  254.598815][ T9693] XFS (loop0): Mounting V5 Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4
[  254.607933][   T43] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  254.618050][ T9700] Done restarting kernel threads.
[  254.638313][ T9700] Unrecognized hibernate image header format!
[  254.648048][ T9708] loop4: detected capacity change from 0 to 2048
[  254.661839][ T9700] PM: hibernation: Image mismatch: architecture specific data
[  254.690961][ T9708] UDF-fs: error (device loop4): udf_process_sequence: Primary Volume Descriptor not found!
[  254.720142][ T9708] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  254.782145][   T43] usb 7-1: Using ep0 maxpacket: 16
[  254.807746][   T43] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  254.834023][ T9693] XFS (loop0): Starting recovery (logdev: internal)
[  254.844713][   T43] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  254.867948][   T43] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  254.889717][   T43] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  254.938452][   T43] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  254.962588][ T9693] XFS (loop0): Ending recovery (logdev: internal)
[  254.976110][   T43] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  254.995979][   T43] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  255.016336][   T43] usb 7-1: Manufacturer: syz
[  255.036277][   T43] usb 7-1: config 0 descriptor??
[  255.058162][ T9693] XFS (loop0): Corruption warning: Metadata has LSN (8192:64) ahead of current LSN (1:192). Please unmount and run xfs_repair (>= v4.3) to resolve.
[  255.098318][ T9693] XFS (loop0): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xe0, xfs_bnobt block 0x4 
[  255.117975][ T9693] XFS (loop0): Unmount and run xfs_repair
[  255.127390][ T9693] XFS (loop0): First 128 bytes of corrupted metadata buffer:
[  255.168226][ T9693] 00000000: 53 55 4d 59 00 00 00 02 ff ff ff ff ff ff ff ff  SUMY............
[  255.200489][ T9693] 00000010: 00 00 00 00 00 00 00 04 00 00 20 00 00 00 00 40  .......... ....@
[  255.227154][ T9693] 00000020: 9f 91 83 2a 3b 79 45 c3 9d 6d ed 0b c7 35 7f e4  ...*;yE..m...5..
[  255.255389][ T9693] 00000030: 00 00 00 00 25 47 cc 81 00 00 00 0d 00 00 00 03  ....%G..........
[  255.280469][ T9693] 00000040: 00 00 0e a8 00 00 11 58 00 00 00 00 00 00 00 00  .......X........
[  255.297713][ T9693] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  255.315836][ T9693] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  255.352130][ T9693] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  255.381413][ T9693] XFS (loop0): metadata I/O error in "xfs_btree_read_buf_block+0x290/0x470" at daddr 0x4 len 4 error 74
[  255.429313][   T43] rc_core: IR keymap rc-hauppauge not found
[  255.445988][   T43] Registered IR keymap rc-empty
[  255.452572][ T9693] XFS (loop0): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x517/0x8e0 (fs/xfs/xfs_trans_buf.c:311).  Shutting down filesystem.
[  255.452652][   T43] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  255.467716][ T9693] XFS (loop0): Please unmount the filesystem and rectify the problem(s)
[  255.503031][ T9725] hsr0: entered promiscuous mode
[  255.528870][ T9725] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1070'.
[  255.532781][ T5860] XFS (loop0): Unmounting Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4
[  255.572234][ T9725] hsr_slave_0: left promiscuous mode
[  255.589084][ T9725] hsr_slave_1: left promiscuous mode
[  255.611135][   T43] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  255.651593][ T9725] hsr0 (unregistering): left promiscuous mode
[  255.701497][   T43] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0
[  255.724270][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  255.730738][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  255.774969][ T9717] loop4: detected capacity change from 0 to 32768
[  255.808612][   T43] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0/input19
[  255.834142][   T43] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  255.872146][ T9717] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  255.874898][   T43] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  255.959133][   T43] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  256.009354][ T9717] XFS (loop4): Ending clean mount
[  256.025504][ T9717] XFS (loop4): Quotacheck needed: Please wait.
[  256.026374][   T43] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  256.093442][ T9717] XFS (loop4): Quotacheck: Done.
[  256.112235][   T43] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  256.132709][   T43] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  256.160237][   T43] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  256.196319][   T43] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  256.207859][ T5844] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  256.266643][   T43] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  256.301951][   T43] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  256.332586][   T43] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  256.365084][   T43] mceusb 7-1:0.0: Registered  with mce emulator interface version 1
[  256.392052][   T43] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  256.453105][   T43] usb 7-1: USB disconnect, device number 6
[  257.343950][ T9746] loop3: detected capacity change from 0 to 40427
[  257.364702][ T9746] F2FS-fs (loop3): invalid crc value
[  257.382200][ T9778] bridge0: port 1(bridge_slave_0) entered disabled state
[  257.407688][ T9781] bridge0: entered promiscuous mode
[  257.431421][ T9781] bond0: entered promiscuous mode
[  257.443293][ T9781] bond_slave_0: entered promiscuous mode
[  257.455587][ T9781] bond_slave_1: entered promiscuous mode
[  257.474483][ T9781] debugfs: 'hsr1' already exists in 'hsr'
[  257.484912][ T9781] Cannot create hsr debugfs directory
[  257.498100][ T9781] hsr1: entered allmulticast mode
[  257.522179][ T9781] bridge0: entered allmulticast mode
[  257.527532][ T9781] bond0: entered allmulticast mode
[  257.530011][ T9746] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  257.556830][ T9746] F2FS-fs (loop3): Start checkpoint disabled!
[  257.569517][ T9781] bond_slave_0: entered allmulticast mode
[  257.578791][ T9781] bond_slave_1: entered allmulticast mode
[  257.585593][ T9746] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  257.659711][ T9762] loop1: detected capacity change from 0 to 32768
[  257.676013][ T9762] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1083 (9762)
[  257.713508][ T9762] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  257.737242][ T9762] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  257.746932][ T9762] BTRFS info (device loop1): using free-space-tree
[  257.767222][ T9789] loop6: detected capacity change from 0 to 1024
[  257.790107][   T13] kworker/u8:1: attempt to access beyond end of device
[  257.790107][   T13] loop3: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  257.818525][   T13] kworker/u8:1: attempt to access beyond end of device
[  257.818525][   T13] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  257.841256][   T13] CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) 
[  257.841305][   T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  257.841324][   T13] Workqueue: writeback wb_workfn (flush-7:3)
[  257.841354][   T13] Call Trace:
[  257.841363][   T13]  <TASK>
[  257.841371][   T13]  dump_stack_lvl+0x189/0x250
[  257.841403][   T13]  ? __pfx_dump_stack_lvl+0x10/0x10
[  257.841427][   T13]  ? __pfx_queue_work_on+0x10/0x10
[  257.841458][   T13]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  257.841483][   T13]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  257.841524][   T13]  f2fs_handle_critical_error+0x37c/0x540
[  257.841558][   T13]  f2fs_write_end_io+0x886/0xb60
[  257.841609][   T13]  __submit_merged_bio+0x27a/0x6a0
[  257.841641][   T13]  __submit_merged_write_cond+0x255/0x530
[  257.841673][   T13]  f2fs_write_data_pages+0x261d/0x3000
[  257.841747][   T13]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  257.841790][   T13]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  257.841864][   T13]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  257.841907][   T13]  ? trace_f2fs_writepages+0x7f/0x200
[  257.841931][   T13]  ? f2fs_write_node_pages+0x478/0x6e0
[  257.841988][   T13]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  257.842014][   T13]  do_writepages+0x32e/0x550
[  257.842046][   T13]  ? reacquire_held_locks+0x127/0x1d0
[  257.842068][   T13]  ? writeback_sb_inodes+0x384/0x1010
[  257.842107][   T13]  __writeback_single_inode+0x145/0xff0
[  257.842134][   T13]  ? do_raw_spin_unlock+0x122/0x240
[  257.842168][   T13]  writeback_sb_inodes+0x6c7/0x1010
[  257.842193][   T13]  ? lockdep_hardirqs_on+0x9c/0x150
[  257.842228][   T13]  ? rcu_is_watching+0x15/0xb0
[  257.842274][   T13]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  257.842359][   T13]  ? rcu_is_watching+0x15/0xb0
[  257.842395][   T13]  wb_writeback+0x43b/0xaf0
[  257.842444][   T13]  ? queue_io+0x3a1/0x590
[  257.842475][   T13]  ? __pfx_wb_writeback+0x10/0x10
[  257.842513][   T13]  ? _raw_spin_unlock_irq+0x23/0x50
[  257.842545][   T13]  wb_workfn+0x409/0xef0
[  257.842589][   T13]  ? __pfx_wb_workfn+0x10/0x10
[  257.842629][   T13]  ? __lock_acquire+0xab9/0xd20
[  257.842664][   T13]  ? process_scheduled_works+0x9ef/0x17b0
[  257.842694][   T13]  ? _raw_spin_unlock_irq+0x23/0x50
[  257.842715][   T13]  ? process_scheduled_works+0x9ef/0x17b0
[  257.842734][   T13]  ? process_scheduled_works+0x9ef/0x17b0
[  257.842757][   T13]  process_scheduled_works+0xae1/0x17b0
[  257.842819][   T13]  ? __pfx_process_scheduled_works+0x10/0x10
[  257.842865][   T13]  worker_thread+0x8a0/0xda0
[  257.842942][   T13]  kthread+0x70e/0x8a0
[  257.842975][   T13]  ? __pfx_worker_thread+0x10/0x10
[  257.842996][   T13]  ? __pfx_kthread+0x10/0x10
[  257.843026][   T13]  ? _raw_spin_unlock_irq+0x23/0x50
[  257.843050][   T13]  ? lockdep_hardirqs_on+0x9c/0x150
[  257.843083][   T13]  ? __pfx_kthread+0x10/0x10
[  257.843110][   T13]  ret_from_fork+0x3f9/0x770
[  257.843135][   T13]  ? __pfx_ret_from_fork+0x10/0x10
[  257.843164][   T13]  ? __switch_to_asm+0x39/0x70
[  257.843188][   T13]  ? __switch_to_asm+0x33/0x70
[  257.843211][   T13]  ? __pfx_kthread+0x10/0x10
[  257.843238][   T13]  ret_from_fork_asm+0x1a/0x30
[  257.843300][   T13]  </TASK>
[  257.906058][ T9789] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  257.951346][   T13] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  258.087427][ T9789] ext4 filesystem being mounted at /162/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  258.266645][ T5845] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  258.388434][ T6765] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  258.506923][ T9820] loop4: detected capacity change from 0 to 256
[  258.616745][ T9822] netlink: 212376 bytes leftover after parsing attributes in process `syz.6.1103'.
[  258.679388][ T9820] exFAT-fs (loop4): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d)
[  258.700083][ T9824] loop0: detected capacity change from 0 to 256
[  258.735393][ T9824] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  258.746344][ T9824] exFAT-fs (loop0): Medium has reported failures. Some data may be lost.
[  258.799289][ T9824] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  259.172242][   T43] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  259.211328][ T9838] loop4: detected capacity change from 0 to 4096
[  259.280430][ T9840] siw: device registration error -23
[  259.364432][   T43] usb 2-1: Using ep0 maxpacket: 16
[  259.372610][   T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  259.402161][   T43] usb 2-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00
[  259.426238][   T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  259.456264][   T43] usb 2-1: config 0 descriptor??
[  259.696613][ T9830] loop3: detected capacity change from 0 to 32768
[  259.714868][ T9830] XFS: attr2 mount option is deprecated.
[  259.746341][ T9834] loop6: detected capacity change from 0 to 32768
[  259.766026][ T9830] XFS (loop3): DAX unsupported by block device. Turning off DAX.
[  259.795338][ T9830] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  259.806323][ T9834] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  259.891425][ T9830] XFS (loop3): Ending clean mount
[  259.935201][   T43] input: HID 041e:3100 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:041E:3100.000F/input/input20
[  259.953450][ T9830] XFS (loop3): Quotacheck needed: Please wait.
[  259.968810][ T9834] XFS (loop6): Ending clean mount
[  260.001731][ T9844] loop4: detected capacity change from 0 to 32768
[  260.008756][ T9834] XFS (loop6): Quotacheck needed: Please wait.
[  260.073185][ T9830] XFS (loop3): Quotacheck: Done.
[  260.085657][ T9844] JBD2: Ignoring recovery information on journal
[  260.120953][   T43] creative-sb0540 0003:041E:3100.000F: input,hidraw0: USB HID v0.00 Device [HID 041e:3100] on usb-dummy_hcd.1-1/input0
[  260.157191][ T9834] XFS (loop6): Quotacheck: Done.
[  260.169856][ T9844] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  260.180699][   T43] usb 2-1: USB disconnect, device number 11
[  260.214314][   T30] audit: type=1800 audit(1752659813.304:715): pid=9834 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1107" name="file1" dev="loop6" ino=9286 res=0 errno=0
[  260.253736][ T5847] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  260.496652][ T5844] ocfs2: Unmounting device (7,4) on (node local)
[  260.574706][ T6765] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  260.799033][ T9866] loop0: detected capacity change from 0 to 32768
[  260.877305][ T9866] JBD2: Ignoring recovery information on journal
[  260.902404][ T9874] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1119'.
[  260.968037][ T9874] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1119'.
[  261.042909][ T9866] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  261.158111][   T30] audit: type=1800 audit(1752659814.244:716): pid=9866 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1115" name="file1" dev="loop0" ino=17058 res=0 errno=0
[  261.195904][ T9888] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  261.207082][ T9888] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  261.254750][ T9888] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  261.273533][ T9888] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  261.280278][ T5860] ocfs2: Unmounting device (7,0) on (node local)
[  261.562946][ T9901] loop8: detected capacity change from 0 to 79
[  261.761223][ T9897] loop1: detected capacity change from 0 to 32768
[  261.800330][ T9897] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  261.887451][ T9897] XFS (loop1): Ending clean mount
[  261.922757][   T43] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  262.020234][ T5845] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  262.129264][   T43] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  262.161497][   T43] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  262.192242][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  262.215594][ T9905] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  262.255523][   T43] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  262.527932][   T43] usb 1-1: USB disconnect, device number 11
[  263.175776][ T9954] loop6: detected capacity change from 0 to 64
[  263.231246][ T5859] Bluetooth: hci2: command 0x0406 tx timeout
[  263.269884][ T9952] loop4: detected capacity change from 0 to 4096
[  263.302254][ T5859] Bluetooth: hci4: command 0x0406 tx timeout
[  263.350575][ T6765] hfs: node 4:3 still has 1 user(s)!
[  263.733729][ T9965] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  263.734744][ T5925] kernel read not supported for file /usbmon0 (pid: 5925 comm: kworker/1:3)
[  263.812705][   T43] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  263.921334][ T9975] loop1: detected capacity change from 0 to 256
[  264.002298][   T43] usb 1-1: Using ep0 maxpacket: 32
[  264.014088][   T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  264.025774][   T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  264.042060][   T43] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  264.061514][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  264.084264][   T43] usb 1-1: config 0 descriptor??
[  264.352093][ T5854] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  264.502482][ T5854] usb 5-1: Using ep0 maxpacket: 32
[  264.509491][ T5854] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  264.525285][   T43] savu 0003:1E7D:2D5A.0010: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.0-1/input0
[  264.542090][ T5925] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  264.543502][ T5854] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  264.569316][ T5854] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  264.577735][ T5854] usb 5-1: Product: syz
[  264.582662][ T5854] usb 5-1: Manufacturer: syz
[  264.589458][ T5854] usb 5-1: SerialNumber: syz
[  264.600712][ T5854] usb 5-1: config 0 descriptor??
[  264.606834][ T9981] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  264.620052][ T5854] hub 5-1:0.0: bad descriptor, ignoring hub
[  264.626205][ T5854] hub 5-1:0.0: probe with driver hub failed with error -5
[  264.692145][ T5925] usb 2-1: Using ep0 maxpacket: 16
[  264.699486][ T5925] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  264.722113][ T5925] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  264.739704][ T5925] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  264.752056][ T5925] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  264.770315][ T5925] usb 2-1: Product: syz
[  264.780431][ T5925] usb 2-1: Manufacturer: syz
[  264.785352][ T5925] usb 2-1: SerialNumber: syz
[  264.797045][   T43] usb 1-1: USB disconnect, device number 12
[  264.972971][ T5854] usb 5-1: USB disconnect, device number 10
[  265.062305][ T5925] usb 2-1: cannot find UAC_HEADER
[  265.118513][ T5925] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -22
[  265.163634][ T5925] usb 2-1: USB disconnect, device number 12
[  265.169018][ T9987] loop3: detected capacity change from 0 to 32768
[  265.178426][ T9987] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1163 (9987)
[  265.229315][ T9987] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  265.254988][ T9987] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm
[  265.266551][ T9987] BTRFS info (device loop3): disk space caching is enabled
[  265.282070][ T9987] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  265.302344][ T5859] Bluetooth: hci2: command 0x0406 tx timeout
[  265.325009][ T5854] usb 5-1: new full-speed USB device number 11 using dummy_hcd
[  265.389977][ T5859] Bluetooth: hci4: command 0x0406 tx timeout
[  265.451564][ T9987] BTRFS info (device loop3): rebuilding free space tree
[  265.488913][ T9987] BTRFS info (device loop3): disabling free space tree
[  265.498582][ T9987] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  265.504551][ T5854] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 1024, setting to 64
[  265.527898][ T9987] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  265.562525][ T5854] usb 5-1: string descriptor 0 read error: -22
[  265.578218][ T5854] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  265.651231][ T5854] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  265.684026][T10013] Illegal XDP return value 4294967274 on prog  (id 150) dev syz_tun, expect packet loss!
[  265.709608][ T5854] usb 5-1: config 0 descriptor??
[  265.779167][T10015] loop0: detected capacity change from 0 to 64
[  265.793118][ T9981] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  265.806865][ T5854] hub 5-1:0.0: bad descriptor, ignoring hub
[  265.837083][ T5854] hub 5-1:0.0: probe with driver hub failed with error -5
[  266.065258][ T5847] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  266.123140][ T5854] usb 5-1: USB disconnect, device number 11
[  266.290704][T10023] loop1: detected capacity change from 0 to 2048
[  266.358063][T10023] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  266.466915][T10023] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  266.526358][ T5845] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  267.132142][ T5925] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  267.143711][T10048] loop0: detected capacity change from 0 to 256
[  267.151333][T10048] exfat: Deprecated parameter 'namecase'
[  267.186151][T10048] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  267.239502][T10038] loop1: detected capacity change from 0 to 32768
[  267.322271][ T5925] usb 5-1: Using ep0 maxpacket: 32
[  267.340677][ T5925] usb 5-1: config 0 has an invalid interface number: 51 but max is 0
[  267.360185][ T5925] usb 5-1: config 0 has no interface number 0
[  267.384526][ T5925] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  267.412089][ T5925] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  267.430365][ T5925] usb 5-1: Product: syz
[  267.440125][ T5925] usb 5-1: Manufacturer: syz
[  267.450305][ T5925] usb 5-1: SerialNumber: syz
[  267.460863][ T5925] usb 5-1: config 0 descriptor??
[  267.472514][ T5925] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  267.639466][T10056] loop0: detected capacity change from 0 to 512
[  267.685502][T10056] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found
[  267.696287][T10056] UDF-fs: Scanning with blocksize 512 failed
[  267.723473][T10056] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found
[  267.742778][T10056] UDF-fs: Scanning with blocksize 1024 failed
[  267.758362][T10056] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found
[  267.768753][T10052] loop6: detected capacity change from 0 to 32768
[  267.784421][T10056] UDF-fs: Scanning with blocksize 2048 failed
[  267.794361][T10056] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256
[  267.824579][T10052] ocfs2: Mounting device (7,6) on (node local, slot 0) with writeback data mode.
[  267.835440][T10056] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  267.854809][ T1141] (kworker/u8:6,1141,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #72: rec_len % 4 != 0 - offset=16, inode=66, rec_len=491, name_len=2
[  267.912095][   T10] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  267.940636][ T6765] ocfs2: Unmounting device (7,6) on (node local)
[  268.059948][ T5925] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  268.082114][   T10] usb 2-1: Using ep0 maxpacket: 32
[  268.092038][   T10] usb 2-1: config 0 interface 0 has no altsetting 0
[  268.101028][   T10] usb 2-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[  268.123217][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  268.173471][   T10] usb 2-1: config 0 descriptor??
[  268.188718][ T5925] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  268.283427][    C1] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71
[  268.301176][ T5925] usb 5-1: USB disconnect, device number 12
[  268.312865][ T5925] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  268.347871][ T5925] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  268.363616][ T5925] quatech2 5-1:0.51: device disconnected
[  268.969280][   T10] corsair-cpro 0003:1B1C:0C10.0011: hidraw0: USB HID v4.06 Device [HID 1b1c:0c10] on usb-dummy_hcd.1-1/input0
[  269.046630][ T5918] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  269.134346][ T5957] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  269.202137][ T5918] usb 7-1: Using ep0 maxpacket: 8
[  269.219153][ T5918] usb 7-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  269.229881][ T5918] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  269.238116][ T5918] usb 7-1: Product: syz
[  269.242677][ T5918] usb 7-1: Manufacturer: syz
[  269.247324][ T5918] usb 7-1: SerialNumber: syz
[  269.261902][T10092] loop0: detected capacity change from 0 to 40427
[  269.269311][ T5918] usb 7-1: config 0 descriptor??
[  269.272213][   T43] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  269.279677][ T5918] gspca_main: sq930x-2.14.0 probing 2770:930c
[  269.284522][T10092] F2FS-fs: heap/no_heap options were deprecated
[  269.300842][ T5957] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  269.301416][T10092] F2FS-fs (loop0): build fault injection rate: 19
[  269.314341][ T5957] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  269.322769][T10092] F2FS-fs (loop0): build fault injection type: 0x3bfe8c
[  269.328883][ T5957] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  269.339804][T10092] F2FS-fs (loop0): invalid crc value
[  269.346966][ T5957] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  269.361206][ T5957] usb 4-1: config 0 descriptor??
[  269.376790][   T10] corsair-cpro 0003:1B1C:0C10.0011: probe with driver corsair-cpro failed with error -71
[  269.380687][T10092] F2FS-fs (loop0): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970
[  269.407150][   T10] usb 2-1: USB disconnect, device number 13
[  269.424288][   T43] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  269.435296][   T43] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  269.444436][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  269.458175][T10097] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22
[  269.474371][   T43] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  269.508671][T10092] F2FS-fs (loop0): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x20a/0x3f0
[  269.527530][T10092] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  269.538159][T10092] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  269.559935][T10092] F2FS-fs (loop0): inject page alloc in f2fs_grab_cache_folio of f2fs_new_node_folio+0x131/0xa40
[  269.575134][T10092] F2FS-fs (loop0): inject inconsistent footer in sanity_check_node_footer of f2fs_get_dnode_of_data+0x23a/0x1b50
[  269.587374][T10092] F2FS-fs (loop0): inconsistent node block, node_type:1, nid:14, node_footer[nid:14,ino:14,ofs:0,cpver:0,blkaddr:0]
[  269.779290][ T5957] cm6533_jd 0003:0D8C:0022.0012: unknown main item tag 0x0
[  269.797084][ T5957] cm6533_jd 0003:0D8C:0022.0012: unknown main item tag 0x0
[  269.830383][ T5957] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0D8C:0022.0012/input/input21
[  269.855222][ T5965] usb 5-1: USB disconnect, device number 13
[  269.887367][ T5957] cm6533_jd 0003:0D8C:0022.0012: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.3-1/input0
[  270.027490][   T43] usb 4-1: USB disconnect, device number 11
[  270.105158][ T5918] gspca_sq930x: ucbus_write failed -71
[  270.342308][ T5918] gspca_sq930x: Sensor ov9630 not yet treated
[  270.353141][ T5918] sq930x 7-1:0.0: probe with driver sq930x failed with error -22
[  270.368805][ T5918] usb 7-1: USB disconnect, device number 7
[  271.048284][T10107] loop4: detected capacity change from 0 to 32768
[  271.139667][T10107] JBD2: Ignoring recovery information on journal
[  271.397758][T10107] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  271.740326][T10119] loop1: detected capacity change from 0 to 4096
[  271.793200][ T5844] ocfs2: Unmounting device (7,4) on (node local)
[  271.842146][T10119] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512).
[  272.058195][T10109] loop3: detected capacity change from 0 to 32768
[  272.177214][T10109] find_entry called with index = 0
[  272.255524][T10109] read_mapping_page failed!
[  272.260117][T10109] ERROR: (device loop3): txCommit: 
[  272.260117][T10109] 
[  273.028272][T10113] loop6: detected capacity change from 0 to 262144
[  273.037951][T10113] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.1207 (10113)
[  273.075327][T10113] BTRFS info (device loop6): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  273.086012][T10113] BTRFS info (device loop6): using xxhash64 (xxhash64-generic) checksum algorithm
[  273.095407][T10113] BTRFS info (device loop6): using free-space-tree
[  273.111797][T10119] ntfs3(loop1): Failed to load $Extend (-22).
[  273.130261][T10119] ntfs3(loop1): Failed to initialize $Extend.
[  273.498433][T10113] BTRFS info (device loop6): balance: start -d -m -s
[  273.511037][T10113] BTRFS info (device loop6): relocating block group 30408704 flags metadata|dup
[  273.577460][T10113] BTRFS info (device loop6): found 3 extents, stage: move data extents
[  273.637821][T10113] BTRFS info (device loop6): relocating block group 22020096 flags system|dup
[  273.678446][T10113] BTRFS info (device loop6): balance: canceled
[  273.730737][ T6765] BTRFS info (device loop6): last unmount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  273.772430][T10150] capability: warning: `syz.1.1213' uses deprecated v2 capabilities in a way that may be insecure
[  274.048103][T10152] loop1: detected capacity change from 0 to 1024
[  274.139845][T10154] gretap0: entered promiscuous mode
[  274.188943][T10152] hfsplus: catalog searching failed
[  274.222345][T10154] macsec1: entered promiscuous mode
[  274.227879][T10154] macsec1: entered allmulticast mode
[  274.254909][   T13] hfsplus: b-tree write err: -5, ino 3
[  274.272116][T10154] gretap0: entered allmulticast mode
[  274.452195][ T5918] usb 4-1: new full-speed USB device number 12 using dummy_hcd
[  274.627653][ T5918] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  274.658109][ T5918] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  274.697250][ T5918] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  274.724764][ T5918] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  275.022242][ T5918] usb 4-1: GET_CAPABILITIES returned 0
[  275.027822][ T5918] usbtmc 4-1:16.0: can't read capabilities
[  275.209612][ T5957] usb 4-1: USB disconnect, device number 12
[  276.035367][T10173] loop3: detected capacity change from 0 to 65
[  276.082164][T10173] BFS-fs: bfs_fill_super(): NOTE: filesystem loop3 was created with 512 inodes, the real maximum is 511, mounting anyway
[  276.269369][T10176] loop4: detected capacity change from 0 to 1024
[  276.278207][T10176] EXT4-fs: Ignoring removed orlov option
[  276.302343][T10176] EXT4-fs: Ignoring removed nomblk_io_submit option
[  276.373238][T10176] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  276.504213][ T5844] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  277.013275][T10195] loop3: detected capacity change from 0 to 128
[  277.051147][T10195] EXT4-fs (loop3): Test dummy encryption mode enabled
[  277.140789][T10195] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  277.166042][T10195] ext4 filesystem being mounted at /253/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  277.357486][ T5847] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  277.692632][T10220] loop1: detected capacity change from 0 to 128
[  277.714816][T10220] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  277.744050][T10220] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  278.094640][T10229] loop3: detected capacity change from 0 to 1024
[  278.155515][T10229] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  278.182247][T10229] ext4 filesystem being mounted at /257/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  278.243828][   T30] audit: type=1326 audit(1752659831.334:717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10232 comm="syz.1.1251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe22a58e929 code=0x7ffc0000
[  278.277070][T10215] loop4: detected capacity change from 0 to 32768
[  278.293304][   T30] audit: type=1326 audit(1752659831.334:718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10232 comm="syz.1.1251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe22a58e929 code=0x7ffc0000
[  278.317950][   T30] audit: type=1326 audit(1752659831.334:719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10232 comm="syz.1.1251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7fe22a58e929 code=0x7ffc0000
[  278.341918][   T30] audit: type=1326 audit(1752659831.334:720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10232 comm="syz.1.1251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe22a58e929 code=0x7ffc0000
[  278.378102][T10215] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  278.389817][   T30] audit: type=1326 audit(1752659831.334:721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10232 comm="syz.1.1251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe22a58e929 code=0x7ffc0000
[  278.415643][   T30] audit: type=1326 audit(1752659831.334:722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10232 comm="syz.1.1251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7fe22a58e929 code=0x7ffc0000
[  278.438442][   T30] audit: type=1326 audit(1752659831.334:723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10232 comm="syz.1.1251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe22a58e929 code=0x7ffc0000
[  278.463153][   T30] audit: type=1326 audit(1752659831.334:724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10232 comm="syz.1.1251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe22a58e929 code=0x7ffc0000
[  278.489166][   T30] audit: type=1326 audit(1752659831.334:725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10232 comm="syz.1.1251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=69 compat=0 ip=0x7fe22a58e929 code=0x7ffc0000
[  278.519136][   T30] audit: type=1326 audit(1752659831.334:726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10232 comm="syz.1.1251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe22a58e929 code=0x7ffc0000
[  278.551379][T10244] input: syz1 as /devices/virtual/input/input22
[  278.672066][T10215] XFS (loop4): Ending clean mount
[  278.771693][ T5847] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  278.785882][ T5844] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  278.808023][T10246] loop1: detected capacity change from 0 to 256
[  279.302461][ T5957] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  279.317153][T10248] loop6: detected capacity change from 0 to 32768
[  279.336588][T10248] 
[  279.336588][T10248]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  279.336588][T10248] 
[  279.389009][T10248] read_mapping_page failed!
[  279.397198][T10248] ERROR: (device loop6): txCommit: 
[  279.397198][T10248] 
[  279.461757][ T6765] 
[  279.461757][ T6765]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  279.461757][ T6765] 
[  279.498348][ T6765] 
[  279.498348][ T6765]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  279.498348][ T6765] 
[  279.518460][ T5957] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  279.529380][ T5957] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  279.557313][ T5957] usb 2-1: config 0 descriptor??
[  279.888643][T10259] loop6: detected capacity change from 0 to 512
[  279.928260][T10259] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  279.966376][T10259] ext4 filesystem being mounted at /201/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  279.990739][T10259] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  280.005818][T10256] loop3: detected capacity change from 0 to 40427
[  280.035244][T10256] F2FS-fs (loop3): Image doesn't support compression
[  280.056202][T10256] F2FS-fs (loop3): build fault injection rate: 690
[  280.088541][T10256] F2FS-fs (loop3): invalid crc value
[  280.220317][T10256] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  280.231445][T10256] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  280.297077][ T5847] syz-executor: attempt to access beyond end of device
[  280.297077][ T5847] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  280.316706][ T5847] CPU: 0 UID: 0 PID: 5847 Comm: syz-executor Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) 
[  280.316737][ T5847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  280.316749][ T5847] Call Trace:
[  280.316758][ T5847]  <TASK>
[  280.316767][ T5847]  dump_stack_lvl+0x189/0x250
[  280.316801][ T5847]  ? __pfx_dump_stack_lvl+0x10/0x10
[  280.316826][ T5847]  ? __pfx_queue_work_on+0x10/0x10
[  280.316846][ T5847]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  280.316872][ T5847]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  280.316913][ T5847]  f2fs_handle_critical_error+0x37c/0x540
[  280.316954][ T5847]  f2fs_write_end_io+0x886/0xb60
[  280.317010][ T5847]  __submit_merged_bio+0x27a/0x6a0
[  280.317042][ T5847]  __submit_merged_write_cond+0x255/0x530
[  280.317074][ T5847]  f2fs_write_data_pages+0x261d/0x3000
[  280.317099][ T5847]  ? ktime_get+0x3e/0x1f0
[  280.317166][ T5847]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  280.317189][ T5847]  ? __switch_to+0xdae/0x1670
[  280.317277][ T5847]  ? trace_sched_exit_tp+0x38/0x120
[  280.317307][ T5847]  ? __schedule+0x1713/0x4d00
[  280.317337][ T5847]  ? folios_put_refs+0x559/0x640
[  280.317375][ T5847]  ? __lock_acquire+0xab9/0xd20
[  280.317406][ T5847]  ? do_raw_spin_lock+0x121/0x290
[  280.317448][ T5847]  ? do_raw_spin_unlock+0x122/0x240
[  280.317476][ T5847]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  280.317502][ T5847]  do_writepages+0x32e/0x550
[  280.317543][ T5847]  ? do_raw_spin_unlock+0x122/0x240
[  280.317576][ T5847]  filemap_fdatawrite+0x199/0x240
[  280.317603][ T5847]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  280.317718][ T5847]  ? do_raw_spin_unlock+0x122/0x240
[  280.317752][ T5847]  f2fs_sync_dirty_inodes+0x31f/0x830
[  280.317820][ T5847]  f2fs_write_checkpoint+0x95a/0x1df0
[  280.317882][ T5847]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  280.317971][ T5847]  ? try_to_wake_up+0x81b/0x1290
[  280.318008][ T5847]  ? kill_f2fs_super+0x298/0x6c0
[  280.318043][ T5847]  kill_f2fs_super+0x2c3/0x6c0
[  280.318080][ T5847]  ? __pfx_kill_f2fs_super+0x10/0x10
[  280.318104][ T5847]  ? radix_tree_delete_item+0x2b6/0x400
[  280.318141][ T5847]  ? shrinker_free+0x2ce/0x3e0
[  280.318166][ T5847]  deactivate_locked_super+0xb9/0x130
[  280.318194][ T5847]  cleanup_mnt+0x425/0x4c0
[  280.318217][ T5847]  ? lockdep_hardirqs_on+0x9c/0x150
[  280.318248][ T5847]  task_work_run+0x1d1/0x260
[  280.318282][ T5847]  ? __pfx_task_work_run+0x10/0x10
[  280.318308][ T5847]  ? __x64_sys_umount+0x122/0x160
[  280.318344][ T5847]  ? exit_to_user_mode_loop+0x40/0x110
[  280.318381][ T5847]  exit_to_user_mode_loop+0xec/0x110
[  280.318414][ T5847]  do_syscall_64+0x2bd/0x3b0
[  280.318441][ T5847]  ? lockdep_hardirqs_on+0x9c/0x150
[  280.318467][ T5847]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  280.318488][ T5847]  ? clear_bhb_loop+0x60/0xb0
[  280.318515][ T5847]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  280.318535][ T5847] RIP: 0033:0x7f99eb98fc57
[  280.318554][ T5847] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  280.318572][ T5847] RSP: 002b:00007ffcea4f4a38 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  280.318594][ T5847] RAX: 0000000000000000 RBX: 00007f99eba10925 RCX: 00007f99eb98fc57
[  280.318608][ T5847] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcea4f4af0
[  280.318620][ T5847] RBP: 00007ffcea4f4af0 R08: 0000000000000000 R09: 0000000000000000
[  280.318634][ T5847] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffcea4f5b80
[  280.318647][ T5847] R13: 00007f99eba10925 R14: 000000000004469a R15: 00007ffcea4f5bc0
[  280.318687][ T5847]  </TASK>
[  280.320339][ T5847] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  280.420475][ T5957] usb 2-1: Cannot set autoneg
[  280.736736][ T5957] MOSCHIP usb-ethernet driver 2-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  280.758524][ T5957] usb 2-1: USB disconnect, device number 14
[  280.987616][T10266] netlink: 'syz.6.1261': attribute type 1 has an invalid length.
[  281.157659][T10273] loop6: detected capacity change from 0 to 64
[  281.757256][T10274] loop1: detected capacity change from 0 to 32768
[  281.844545][T10274] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  281.894817][T10274] OCFS2: ERROR (device loop1): int ocfs2_validate_dx_root(struct super_block *, struct buffer_head *): Dir Index Root # 28549323745621536 has bad signature 
[  281.921856][T10274] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  281.932195][T10274] OCFS2: File system is now read-only.
[  281.938781][T10274] (syz.1.1264,10274,0):ocfs2_find_entry_dx:1037 ERROR: status = -30
[  281.939292][T10293] OCFS2: ERROR (device loop1): int __ocfs2_find_path(struct ocfs2_caching_info *, struct ocfs2_extent_list *, u32, path_insert_t *, void *): Owner 65 has invalid tree depth 312 in extent list
[  282.009220][T10293] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  282.022103][T10293] (syz.1.1264,10293,0):ocfs2_find_leaf:1948 ERROR: status = -30
[  282.029922][T10293] (syz.1.1264,10293,0):ocfs2_get_clusters_nocache:421 ERROR: status = -30
[  282.047814][T10293] (syz.1.1264,10293,0):ocfs2_fiemap:786 ERROR: status = -30
[  282.188701][ T5845] ocfs2: Unmounting device (7,1) on (node local)
[  282.475873][T10300] loop4: detected capacity change from 0 to 4096
[  282.532687][T10300] NILFS (loop4): invalid segment: Checksum error in segment payload
[  282.550952][T10300] NILFS (loop4): trying rollback from an earlier position
[  282.596660][T10300] NILFS (loop4): recovery complete
[  282.612780][T10305] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  283.199491][T10317] loop4: detected capacity change from 0 to 8192
[  283.228020][T10317] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  283.319224][T10321] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1284'.
[  283.383052][T10302] loop6: detected capacity change from 0 to 32768
[  283.435468][T10302] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  283.551638][T10331] netlink: 'syz.4.1285': attribute type 39 has an invalid length.
[  283.574746][T10302] XFS (loop6): Ending clean mount
[  283.692443][ T6765] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  284.307214][ T5965] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  284.482049][ T5965] usb 5-1: Using ep0 maxpacket: 16
[  284.533049][ T5965] usb 5-1: config 1 has an invalid interface number: 230 but max is 0
[  284.541284][ T5965] usb 5-1: config 1 has no interface number 0
[  284.561866][ T5918] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0
[  284.582591][ T5965] usb 5-1: config 1 interface 230 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  284.612030][ T5965] usb 5-1: config 1 interface 230 has no altsetting 0
[  284.621866][ T5918] hid-generic 0000:0000:0000.0013: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  284.669894][ T5965] usb 5-1: New USB device found, idVendor=093a, idProduct=2628, bcdDevice=55.d0
[  284.679572][ T5965] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  284.722931][ T5965] usb 5-1: Product: syz
[  284.727156][ T5965] usb 5-1: Manufacturer: syz
[  284.731786][ T5965] usb 5-1: SerialNumber: syz
[  284.760831][T10337] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  284.771044][ T5965] gspca_main: gspca_pac7302-2.14.0 probing 093a:2628
[  285.370715][ T5851] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  285.390332][ T5851] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  285.400053][ T5851] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  285.409404][ T5851] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  285.419426][ T5851] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  285.567431][T10366] loop6: detected capacity change from 0 to 512
[  285.582732][ T5965] input: gspca_pac7302 as /devices/platform/dummy_hcd.4/usb5/5-1/input/input23
[  285.620473][T10366] EXT4-fs: Ignoring removed oldalloc option
[  285.668179][T10366] EXT4-fs error (device loop6): ext4_xattr_inode_iget:433: comm syz.6.1301: Parent and EA inode have the same ino 15
[  285.730275][T10366] EXT4-fs (loop6): 1 orphan inode deleted
[  285.749261][T10366] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  285.810985][T10366] EXT4-fs: Can't set or change test_dummy_encryption on remount
[  285.830279][ T5965] usb 5-1: USB disconnect, device number 14
[  285.871022][ T6765] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  285.881665][T10359] chnl_net:caif_netlink_parms(): no params data found
[  286.275231][T10359] bridge0: port 1(bridge_slave_0) entered blocking state
[  286.293919][T10359] bridge0: port 1(bridge_slave_0) entered disabled state
[  286.310855][T10359] bridge_slave_0: entered allmulticast mode
[  286.328571][T10359] bridge_slave_0: entered promiscuous mode
[  286.358339][T10359] bridge0: port 2(bridge_slave_1) entered blocking state
[  286.384400][T10359] bridge0: port 2(bridge_slave_1) entered disabled state
[  286.405572][T10359] bridge_slave_1: entered allmulticast mode
[  286.428177][T10359] bridge_slave_1: entered promiscuous mode
[  286.505345][T10388] loop4: detected capacity change from 0 to 1024
[  286.530180][T10388] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  286.547344][T10388] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  286.561708][T10388] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  286.575437][T10359] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  286.601237][T10388] EXT4-fs (loop4): orphan cleanup on readonly fs
[  286.615315][T10359] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  286.617419][T10388] EXT4-fs error (device loop4): ext4_free_blocks:6587: comm syz.4.1306: Freeing blocks not in datazone - block = 0, count = 4096
[  286.774493][T10388] EXT4-fs (loop4): Remounting filesystem read-only
[  286.781782][T10388] EXT4-fs (loop4): 1 orphan inode deleted
[  286.797118][T10359] team0: Port device team_slave_0 added
[  286.808386][T10388] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  286.835461][T10359] team0: Port device team_slave_1 added
[  287.021559][ T5844] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  287.064454][T10397] input: syz0 as /devices/virtual/input/input24
[  287.072352][T10397] input: failed to attach handler leds to device input24, error: -6
[  287.106782][T10359] batman_adv: batadv0: Adding interface: batadv_slave_0
[  287.122403][T10359] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  287.172286][T10359] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  287.230032][T10399] loop4: detected capacity change from 0 to 128
[  287.246598][T10359] batman_adv: batadv0: Adding interface: batadv_slave_1
[  287.272091][T10359] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  287.282389][T10399] FAT-fs (loop4): bogus number of reserved sectors
[  287.360525][T10359] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  287.373428][T10404] loop6: detected capacity change from 0 to 1024
[  287.387463][T10399] FAT-fs (loop4): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero
[  287.417435][T10399] FAT-fs (loop4): Can't find a valid FAT filesystem
[  287.462308][ T5851] Bluetooth: hci5: command tx timeout
[  287.608997][T10399] loop4: detected capacity change from 0 to 8192
[  287.632274][T10399] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  288.018458][T10359] hsr_slave_0: entered promiscuous mode
[  288.066695][T10359] hsr_slave_1: entered promiscuous mode
[  288.274800][T10415] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1316'.
[  288.311829][T10415] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1316'.
[  288.354395][T10415] batadv0: entered promiscuous mode
[  288.371335][T10415] erspan0: entered promiscuous mode
[  288.383888][T10415] debugfs: 'hsr1' already exists in 'hsr'
[  288.400360][T10415] Cannot create hsr debugfs directory
[  288.681563][T10422] loop1: detected capacity change from 0 to 256
[  288.867164][T10425] loop3: detected capacity change from 0 to 2048
[  288.895360][T10425] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found!
[  288.934998][T10425] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  289.001935][T10359] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  289.094932][T10359] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  289.153763][T10359] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  289.307417][T10359] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  289.512269][ T5925] usb 4-1: new full-speed USB device number 13 using dummy_hcd
[  289.542331][ T5851] Bluetooth: hci5: command tx timeout
[  289.637276][T10359] 8021q: adding VLAN 0 to HW filter on device bond0
[  289.652255][ T5965] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  289.685739][T10359] 8021q: adding VLAN 0 to HW filter on device team0
[  289.712380][ T5925] usb 4-1: config 9 has an invalid interface number: 19 but max is 0
[  289.720619][ T5925] usb 4-1: config 9 has no interface number 0
[  289.737666][ T5925] usb 4-1: config 9 interface 19 altsetting 0 endpoint 0x7 has invalid maxpacket 1023, setting to 64
[  289.750918][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  289.758194][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  289.786188][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  289.789908][ T5925] usb 4-1: config 9 interface 19 altsetting 0 endpoint 0x4 has invalid maxpacket 512, setting to 64
[  289.795147][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  289.813675][ T5965] usb 7-1: Using ep0 maxpacket: 32
[  289.853829][ T5965] usb 7-1: New USB device found, idVendor=0b95, idProduct=2791, bcdDevice= d.2d
[  289.863559][ T5965] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  289.871590][ T5965] usb 7-1: Product: syz
[  289.893178][ T5925] usb 4-1: New USB device found, idVendor=093a, idProduct=2623, bcdDevice=16.3f
[  289.903279][ T5925] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  289.911306][ T5925] usb 4-1: Product: syz
[  289.925851][ T5965] usb 7-1: Manufacturer: syz
[  289.930507][ T5965] usb 7-1: SerialNumber: syz
[  289.931921][T10427] loop4: detected capacity change from 0 to 40427
[  289.947272][T10359] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  289.962070][ T5925] usb 4-1: Manufacturer: syz
[  289.969984][ T5925] usb 4-1: SerialNumber: syz
[  289.985867][T10427] F2FS-fs (loop4): Image doesn't support compression
[  290.001927][ T5925] gspca_main: gspca_pac7302-2.14.0 probing 093a:2623
[  290.005409][T10427] F2FS-fs (loop4): build fault injection rate: 690
[  290.037769][T10427] F2FS-fs (loop4): invalid crc value
[  290.191845][ T5965] aqc111 7-1:1.0: probe with driver aqc111 failed with error -22
[  290.245857][ T5965] usb 7-1: USB disconnect, device number 8
[  290.251668][T10427] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  290.280515][T10427] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  290.421828][T10427] syz.4.1322: attempt to access beyond end of device
[  290.421828][T10427] loop4: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  290.620447][ T5844] syz-executor: attempt to access beyond end of device
[  290.620447][ T5844] loop4: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  290.666531][ T5844] CPU: 1 UID: 0 PID: 5844 Comm: syz-executor Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) 
[  290.666563][ T5844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  290.666576][ T5844] Call Trace:
[  290.666584][ T5844]  <TASK>
[  290.666593][ T5844]  dump_stack_lvl+0x189/0x250
[  290.666628][ T5844]  ? __pfx_dump_stack_lvl+0x10/0x10
[  290.666653][ T5844]  ? __pfx_queue_work_on+0x10/0x10
[  290.666673][ T5844]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  290.666697][ T5844]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  290.666737][ T5844]  f2fs_handle_critical_error+0x37c/0x540
[  290.666770][ T5844]  f2fs_write_end_io+0x886/0xb60
[  290.666818][ T5844]  __submit_merged_bio+0x27a/0x6a0
[  290.666848][ T5844]  __submit_merged_write_cond+0x255/0x530
[  290.666887][ T5844]  f2fs_write_data_pages+0x261d/0x3000
[  290.666955][ T5844]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  290.666996][ T5844]  ? lockdep_hardirqs_on+0x9c/0x150
[  290.667074][ T5844]  ? folios_put_refs+0x559/0x640
[  290.667111][ T5844]  ? __lock_acquire+0xab9/0xd20
[  290.667141][ T5844]  ? do_raw_spin_lock+0x121/0x290
[  290.667183][ T5844]  ? do_raw_spin_unlock+0x122/0x240
[  290.667209][ T5844]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  290.667233][ T5844]  do_writepages+0x32e/0x550
[  290.667272][ T5844]  ? do_raw_spin_unlock+0x122/0x240
[  290.667305][ T5844]  filemap_fdatawrite+0x199/0x240
[  290.667332][ T5844]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  290.667416][ T5844]  ? do_raw_spin_unlock+0x122/0x240
[  290.667448][ T5844]  f2fs_sync_dirty_inodes+0x31f/0x830
[  290.667496][ T5844]  f2fs_write_checkpoint+0x95a/0x1df0
[  290.667556][ T5844]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  290.667631][ T5844]  ? try_to_wake_up+0x7e5/0x1290
[  290.667666][ T5844]  ? kill_f2fs_super+0x298/0x6c0
[  290.667699][ T5844]  kill_f2fs_super+0x2c3/0x6c0
[  290.667733][ T5844]  ? __pfx_kill_f2fs_super+0x10/0x10
[  290.667755][ T5844]  ? radix_tree_delete_item+0x2b6/0x400
[  290.667788][ T5844]  ? shrinker_free+0x2ce/0x3e0
[  290.667811][ T5844]  deactivate_locked_super+0xb9/0x130
[  290.667836][ T5844]  cleanup_mnt+0x425/0x4c0
[  290.667867][ T5844]  ? lockdep_hardirqs_on+0x9c/0x150
[  290.667895][ T5844]  task_work_run+0x1d1/0x260
[  290.667926][ T5844]  ? __pfx_task_work_run+0x10/0x10
[  290.667951][ T5844]  ? __x64_sys_umount+0x122/0x160
[  290.667984][ T5844]  ? exit_to_user_mode_loop+0x40/0x110
[  290.668019][ T5844]  exit_to_user_mode_loop+0xec/0x110
[  290.668051][ T5844]  do_syscall_64+0x2bd/0x3b0
[  290.668077][ T5844]  ? lockdep_hardirqs_on+0x9c/0x150
[  290.668102][ T5844]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.668121][ T5844]  ? clear_bhb_loop+0x60/0xb0
[  290.668146][ T5844]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.668165][ T5844] RIP: 0033:0x7fe66658fc57
[  290.668182][ T5844] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  290.668197][ T5844] RSP: 002b:00007ffc539886c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  290.668218][ T5844] RAX: 0000000000000000 RBX: 00007fe666610925 RCX: 00007fe66658fc57
[  290.668231][ T5844] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc53988780
[  290.668243][ T5844] RBP: 00007ffc53988780 R08: 0000000000000000 R09: 0000000000000000
[  290.668256][ T5844] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc53989810
[  290.668269][ T5844] R13: 00007fe666610925 R14: 0000000000046e96 R15: 00007ffc53989850
[  290.668304][ T5844]  </TASK>
[  290.668608][ T5844] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  291.024039][T10359] 8021q: adding VLAN 0 to HW filter on device batadv0
[  291.053027][ T5925] input: gspca_pac7302 as /devices/platform/dummy_hcd.3/usb4/4-1/input/input25
[  291.260354][ T5925] usb 4-1: USB disconnect, device number 13
[  291.622808][ T5851] Bluetooth: hci5: command tx timeout
[  291.642398][T10464] tun0: tun_chr_ioctl cmd 1074025675
[  291.647763][T10464] tun0: persist enabled
[  291.703696][T10467] tun0: tun_chr_ioctl cmd 1074025675
[  291.709057][T10467] tun0: persist disabled
[  292.026676][T10359] veth0_vlan: entered promiscuous mode
[  292.120844][T10359] veth1_vlan: entered promiscuous mode
[  292.231910][T10359] veth0_macvtap: entered promiscuous mode
[  292.251492][T10359] veth1_macvtap: entered promiscuous mode
[  292.315768][T10359] batman_adv: batadv0: Interface activated: batadv_slave_0
[  292.367687][T10359] batman_adv: batadv0: Interface activated: batadv_slave_1
[  292.432251][   T59] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  292.471133][   T59] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  292.548098][   T59] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  292.596476][   T59] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  292.652340][T10484] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  292.791033][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  292.809484][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  292.898418][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  292.918366][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  292.968555][T10493] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only
[  292.986699][T10493] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  293.018165][T10493] overlayfs: failed to get uuid (286/file1, err=-13); falling back to uuid=null.
[  293.180696][T10495] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1343'.
[  293.224498][T10495] netlink: 'syz.4.1343': attribute type 7 has an invalid length.
[  293.265026][T10495] netlink: 'syz.4.1343': attribute type 8 has an invalid length.
[  293.301265][T10499] loop7: detected capacity change from 0 to 512
[  293.324447][T10495] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1343'.
[  293.364334][T10499] EXT4-fs (loop7): blocks per group (34) and clusters per group (32768) inconsistent
[  293.399933][T10501] loop3: detected capacity change from 0 to 2048
[  293.452163][T10501] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  293.541119][T10509] loop4: detected capacity change from 0 to 256
[  293.556767][T10509] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  293.584854][T10509] exFAT-fs (loop4): Medium has reported failures. Some data may be lost.
[  293.624381][T10509] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  293.628217][T10507] loop6: detected capacity change from 0 to 1024
[  293.704063][ T5851] Bluetooth: hci5: command tx timeout
[  294.033047][ T5925] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  294.247365][ T5925] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  294.271901][ T5925] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  294.303881][ T5925] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  294.333797][ T5925] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  294.386436][ T5925] usb 2-1: config 0 descriptor??
[  295.008244][ T5925] usb 2-1: language id specifier not provided by device, defaulting to English
[  295.210296][ T5925] uclogic 0003:256C:006D.0014: failed retrieving Huion firmware version: -71
[  295.245418][ T5925] uclogic 0003:256C:006D.0014: failed probing parameters: -71
[  295.262116][ T5925] uclogic 0003:256C:006D.0014: probe with driver uclogic failed with error -71
[  295.306403][ T5925] usb 2-1: USB disconnect, device number 15
[  295.343622][T10529] loop3: detected capacity change from 0 to 40427
[  295.371447][T10529] F2FS-fs (loop3): build fault injection rate: 19
[  295.379389][T10536] loop6: detected capacity change from 0 to 32768
[  295.390747][T10529] F2FS-fs (loop3): build fault injection type: 0x3bfe8c
[  295.424438][T10536] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.1360 (10536)
[  295.461130][T10529] F2FS-fs (loop3): invalid crc value
[  295.490072][T10536] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  295.496854][T10529] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970
[  295.510540][T10536] BTRFS info (device loop6): using crc32c (crc32c-lib) checksum algorithm
[  295.537759][T10536] BTRFS info (device loop6): disk space caching is enabled
[  295.584672][T10536] BTRFS warning (device loop6): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  295.733928][T10529] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x20a/0x3f0
[  295.772531][T10529] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  295.819602][T10536] BTRFS info (device loop6): rebuilding free space tree
[  295.835894][T10529] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  295.910526][T10536] BTRFS info (device loop6): disabling free space tree
[  295.934252][T10536] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  295.949207][T10536] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  296.028651][T10529] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  296.075394][   T30] kauditd_printk_skb: 2 callbacks suppressed
[  296.075412][   T30] audit: type=1800 audit(1752659849.164:729): pid=10529 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1356" name="file1" dev="loop3" ino=10 res=0 errno=0
[  296.075740][T10529] F2FS-fs (loop3): inject inconsistent footer in sanity_check_node_footer of f2fs_get_dnode_of_data+0xa20/0x1b50
[  296.147590][T10529] F2FS-fs (loop3): inconsistent node block, node_type:0, nid:13, node_footer[nid:13,ino:3,ofs:191623,cpver:0,blkaddr:0]
[  296.204572][    C1] ------------[ cut here ]------------
[  296.210132][    C1] kernel BUG at fs/f2fs/data.c:356!
[  296.215420][    C1] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[  296.221696][    C1] CPU: 1 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) 
[  296.233173][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  296.243251][    C1] Workqueue: bat_events batadv_nc_worker
[  296.248919][    C1] RIP: 0010:f2fs_write_end_io+0xb52/0xb60
[  296.254676][    C1] Code: e8 03 25 16 fe e9 91 f6 ff ff 89 d9 80 e1 07 38 c1 0f 8c e3 f6 ff ff 48 89 df e8 79 25 16 fe e9 d6 f6 ff ff e8 3f 6d b1 fd 90 <0f> 0b 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90
[  296.274311][    C1] RSP: 0018:ffffc90000a08d28 EFLAGS: 00010246
[  296.280415][    C1] RAX: ffffffff840e5861 RBX: 0000000000000000 RCX: ffff88801ce98000
[  296.288403][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 000000000000000d
[  296.296373][    C1] RBP: ffff8880339ffb40 R08: ffffea00008fa307 R09: 1ffffd400011f460
[  296.304357][    C1] R10: dffffc0000000000 R11: fffff9400011f461 R12: 0000000000000006
[  296.312331][    C1] R13: ffffea00008fa300 R14: 000000000000000d R15: dffffc0000000000
[  296.320301][    C1] FS:  0000000000000000(0000) GS:ffff888125ced000(0000) knlGS:0000000000000000
[  296.329229][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  296.335815][    C1] CR2: 00007f4b62b61d58 CR3: 00000000778ca000 CR4: 00000000003526f0
[  296.343793][    C1] Call Trace:
[  296.347068][    C1]  <IRQ>
[  296.349919][    C1]  blk_update_request+0x5eb/0xe70
[  296.354960][    C1]  blk_mq_end_request+0x3e/0x70
[  296.359815][    C1]  blk_done_softirq+0x10a/0x160
[  296.364670][    C1]  handle_softirqs+0x283/0x870
[  296.369439][    C1]  ? do_softirq+0xec/0x180
[  296.373860][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  296.379146][    C1]  ? batadv_nc_purge_paths+0x318/0x3b0
[  296.384605][    C1]  do_softirq+0xec/0x180
[  296.388860][    C1]  </IRQ>
[  296.391806][    C1]  <TASK>
[  296.394761][    C1]  ? __pfx_do_softirq+0x10/0x10
[  296.399614][    C1]  ? __lock_acquire+0xab9/0xd20
[  296.404471][    C1]  ? lockdep_softirqs_on+0x13b/0x1c0
[  296.409759][    C1]  __local_bh_enable_ip+0x17d/0x1c0
[  296.414956][    C1]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  296.420679][    C1]  ? do_raw_spin_unlock+0x122/0x240
[  296.425880][    C1]  ? batadv_nc_purge_paths+0x318/0x3b0
[  296.431343][    C1]  ? __pfx_batadv_nc_to_purge_nc_path_coding+0x10/0x10
[  296.438208][    C1]  batadv_nc_purge_paths+0x318/0x3b0
[  296.443508][    C1]  batadv_nc_worker+0x328/0x610
[  296.448361][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[  296.454079][    C1]  process_scheduled_works+0xae1/0x17b0
[  296.459631][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  296.465614][    C1]  worker_thread+0x8a0/0xda0
[  296.470216][    C1]  kthread+0x70e/0x8a0
[  296.474289][    C1]  ? __pfx_worker_thread+0x10/0x10
[  296.479403][    C1]  ? __pfx_kthread+0x10/0x10
[  296.484004][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  296.489210][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  296.494416][    C1]  ? __pfx_kthread+0x10/0x10
[  296.499011][    C1]  ret_from_fork+0x3f9/0x770
[  296.503607][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  296.508716][    C1]  ? __switch_to_asm+0x39/0x70
[  296.513479][    C1]  ? __switch_to_asm+0x33/0x70
[  296.518251][    C1]  ? __pfx_kthread+0x10/0x10
[  296.522844][    C1]  ret_from_fork_asm+0x1a/0x30
[  296.527617][    C1]  </TASK>
[  296.530631][    C1] Modules linked in:
[  296.534553][    C1] vkms_vblank_simulate: vblank timer overrun
[  296.540628][    C1] ---[ end trace 0000000000000000 ]---
[  296.546158][    C1] RIP: 0010:f2fs_write_end_io+0xb52/0xb60
[  296.551932][    C1] Code: e8 03 25 16 fe e9 91 f6 ff ff 89 d9 80 e1 07 38 c1 0f 8c e3 f6 ff ff 48 89 df e8 79 25 16 fe e9 d6 f6 ff ff e8 3f 6d b1 fd 90 <0f> 0b 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90
[  296.571597][    C1] vkms_vblank_simulate: vblank timer overrun
[  296.577659][    C1] RSP: 0018:ffffc90000a08d28 EFLAGS: 00010246
[  296.583774][    C1] RAX: ffffffff840e5861 RBX: 0000000000000000 RCX: ffff88801ce98000
[  296.591787][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 000000000000000d
[  296.599797][    C1] RBP: ffff8880339ffb40 R08: ffffea00008fa307 R09: 1ffffd400011f460
[  296.607811][    C1] R10: dffffc0000000000 R11: fffff9400011f461 R12: 0000000000000006
[  296.615825][    C1] R13: ffffea00008fa300 R14: 000000000000000d R15: dffffc0000000000
[  296.623937][    C1] FS:  0000000000000000(0000) GS:ffff888125ced000(0000) knlGS:0000000000000000
[  296.627746][T10571] F2FS-fs (loop3): inconsistent node block, node_type:0, nid:13, node_footer[nid:0,ino:0,ofs:0,cpver:0,blkaddr:0]
[  296.632907][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  296.632925][    C1] CR2: 00007f4b62b61d58 CR3: 00000000778ca000 CR4: 00000000003526f0
[  296.632947][    C1] Kernel panic - not syncing: Fatal exception in interrupt
[  296.633373][    C1] Kernel Offset: disabled