last executing test programs:

1m31.448469815s ago: executing program 0 (id=312):
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[<r1=>0x0], &(0x7f0000000340)=[<r2=>0x0], 0x0, 0x0, 0x1, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)=[r2, r1], 0x2, 0x0, 0x0, <r3=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r0, 0xc05064a7, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000})
ioctl$DRM_IOCTL_MODE_GETENCODER(r3, 0xc01464a6, &(0x7f0000000180)={r4})

1m31.255483187s ago: executing program 0 (id=315):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r1 = open$dir(&(0x7f0000000180)='./file0\x00', 0x7e, 0x0)
fcntl$setstatus(r1, 0x4, 0x42400)
close_range(r0, 0xffffffffffffffff, 0x0)

1m31.155031988s ago: executing program 0 (id=316):
syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000500)='./file0\x00', 0x18008, &(0x7f0000000200)=ANY=[@ANYRES8=0x0, @ANYRESDEC], 0xfe, 0x4b1, &(0x7f0000001d00)="$eJzs201sVNUbx/HfM3c6TIf+/5YXCxgCTTSxgkBfsEBqYnix0YQXLVQj8SWVTrHSdkinKCUgLNWdC5Yu3bpwZdwaEpfGhcEYFibIxs2sxB3m3LlvM5TOjG1nKP1+CJx7zzx3OOc8c+ecM5kRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQjrx6uLfPWt0KAADQTCdPj/QOMP8DALCmnGH/DwAAsJaYPP0u054LJTvhn5dlj0/OXLo8emx44cvaTaaUPD/e/c329Q/sf2nwwMGwXPz65bZNp06fOdx9tDB9cTZfLObHu0dnJs8VxvN1P8NSr6+2yx+A7ukLl8YnJord/XsHKh6+3Hlv3fquzqHB945mwtjRY8PDpxMx6bb//L8/5FEr/Iw8vSDTx99/ayclpbT0sajx2llp7X4ndvmdGD027HdkanJsZs49aKkgKlU5JplwjJqQiyVJSa5dllmePVubPP0g05F9JTslyQvHYbf/wXBd7WmFtNu6SurRKsjZY2ydPH0g0619nXojGFc//xnpaqsbhxWXDu7/gpXsTf/9wN1P7m3z+Fvdr89MFBKxlgruqNU+PzTTY/7elJWnU/4dX7IR7Wx1c9Bk7fI0LVPmq0/8dYX8delTQwd27DyUXGFsqfE8LnZvcHPVMye3BUsHS7k/y98v1Cdrnv6U6f5vWf+8J5wDpBsPFrvwj6Y0DyvNPE3J9M+1klnVvtRL7O8jq33uX9n2t2ePFi7Oz06e/2huwcdz2cMfFudmx84t/HB57+ola2rtY6ulGtuS5ay84/v801J0XbAH+F/5LG7NN1fj10JPVRlKvn7qOa57F9vAOsq1yczTXZkm3t9anmeUa3hs1gKX/2GZiqWfLcx0kP90+SyR/5fj8ctaZRnxc/v/8uda4Vpi29nNj6pfify7Nrn8vyPTkb+3Bp9plPPvVcW6uC6Z3r25PYhLZVxcOuxO+RknJqfyvS72gUwbfwpj5cfmgthNcWyfiy3K9MWtytj1QezmOLbfxd6W6c6vC8c+HccOuNh5l6873WFszsXuCGK74ti95wpT47WG1eW/X6a3r79mYZ8fmf/E/X+jqow8lPPFj5cr/52JuhtBXs8G+U/XyP+XMs3/tT3stz/24ctqg/9vnH+3Vv7uZmVsuKHcGMf21dutVnP53yDTvVduR30O+hacxhlK5v+ZdGUZjWuL8r8hUdcZtCvT4FisRcX5KxfGpqbysxxwwAEH0UGr35nQDG7+H3Gz+qBn4TommP87ymfxiun+Z/H8P1RVRlo0/29M1A0Fq5a2tJSdm77YtkXKFuev7JmcHjufP5+fGdg/2Nt/aH/vwMG2TLi4i4/qHrsngcv/bpmu/fhLtI+pXP8tvP7PVZWRFuV/U7JPFeuauodiTXL575Bp8O7taL+52Po/3P/3PFtZRvdfi/K/OVHXGbSro8GxAAAAAAAAAAAAAAAAAIDVJGeenpPp8siLFv6GqJ7v/41XlZHl//5X+YfJNb7/1ZWoG2/S7xoaGmgAAAAAAAAAAIAmScnT1zI9r5JddxUd0olkiSfavwEAAP//G6xIAA==")
setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff})
r0 = open(&(0x7f00000000c0)='./bus\x00', 0x1431c2, 0x0)
pwrite64(r0, &(0x7f0000005680)="a9a74b673822987ec60cdc60aa1ef138964740ed45d223166f6d8c37be985a21f62ea0daa9b7c1772c73f40c1ac011bae9ee7372e5d8905233f29bb3747941a2bff2720ac5bea9602bc298d7699624aebb022d44565d931ab6a0557a707e4534cc4f4ca38287c54cefd362bd4b2ffeaae9eaefb3f7a75131fcadd62d59b3aadb054a76373c17c451784d6757a3fc47b58c24f34f17db3fa054b4ea288f5a780bd75b1518555d8b3b4a3fe61644c40a4e0deb273b8833767a8ff985e356308ff18bbfd680418d1204cfce1924202febbef708a5762a61ae6b83a2c7c975f6669b9f007a5d1594fe15df9de15dc1833ba5306589dde8e62c1bf44a5be5", 0xfffffe16, 0x600000fff)
write$FUSE_BMAP(r0, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x9}}, 0x18)

1m30.599854806s ago: executing program 0 (id=322):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x200c840, &(0x7f0000000080)={[{@discard}, {@noload}]}, 0x64, 0x526, &(0x7f0000000a40)="$eJzs3c9vI1cdAPDveO0l2c3WKXCAHkqhRdkVrJ00tI04lCIhOFUCyn0JiRNFceIocdpNVNFE/AFcECBxggsXJP4DVIkLxwqpCM4gikAItnDgAAwae5zNZu04uzh26nw+0uy8N7++73n3jefNvB0HcGk9ExGvRMR/0zS9FRHlfHkhn+KgPWXbvX/vzaVsSiJNX/tbEkm+rHOsJJ9fz3ebiIivfyXiW8nDcXf29tcX6/Xadp6vNje2qjt7+7fXNhZXa6u1zfn5uRcXXlp4YWF2IPW8EREvf+lP3//uT7/88i8++8Yf7vzl5rezYk3l64/X4xEVT1vZrnqp9Vkc32H7MYNdRMVWDXOTZ9vn8BzLAwBAb9k1/ocj4lMRcSvKceX0y1kAAADgAyj9wlT8O4lIu7vabeFE9NweAAAAuIAKrTGwSaGSjwWYikKhUmmP4f1oXEvfimh+ZqWxu7ncHis7HaXCylq9NpuPFZ6OUpLl51rp+/nn2/nD9yJa+fmIeDIivleebOUrS4368qhvfgAAAMAlcf1E//+f5Xb/HwAAABgz06MuAAAAAHDu9P8BAABg/On/AwAAwFj76quvZlPa+f3r5df3dtcbr99eru2sVzZ2lypLje2tymqjsdp6Z99Gv+PVG42tz8Xm7t1qs7bTrO7s7d/ZaOxuNu+sPfAT2AAAAMAQPfmJt3+XRMTB5ydbU+Zqj22vDLVkwHkrHqWSfN6l9f/+ifb8vSEVChiKft/pvykPqSDA0BVHXQBgZEqPsrH/JwBjKemzvufgnXfy+ScHWx4AAGDwZj7e+/l/4dQ9D05fDVx4GjFcXkfP/3sN+gPGVuv5/1nbvosFGCslo/rh0uv7/L/XAIB3zhohTR+tRAAAwKBNtaakUMlv701FoVCpRNxoDfcvJStr9dpsRDwREb8tlz6U5edaeyZ9+wwAAAAAAAAAAAAAAAAAAAAAAAAAQFuaJpECAAAAYy2i8Ofkl+13+c+Un5s6eX/gavKvcuQ/EfrGj177wd3FZnN7Llv+96PlzR/my58fxR0MAAAA4KROP73TjwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAQXr/3ptLnWmYcf/6xYiY7ha/GBOt+USUIuLaP5IoHtsviYgrA4h/cBgRH+sWP8mKdRSyW/zJ848f0/mn0C3+9QHEh8vs7ez880rW/q5GxPH2V4hnWvPu7a8Y8UD+cbXOf9kJrsv5t3P+u9Kj/d84cazpHjGeevfn1Z7xDyOeKnY//3TiJz3iP3vGOn7zG/v7vdalP46Y6fr9kzwQq9rc2Kru7O3fXttYXK2t1jbn5+deXHhp4YWF2erKWr2W//nQ8Ut9ypbV/1qP+NN96v/cGev/n3fv3vtIj+Jk8W8+2yX+r36Sb/Fw/EL+3ffpPJ2tn+mkD9rp457+2a+fPq3+yz3q3+/v/+YZ63/ra9/549FOAMDI7eztry/W67XtsU1kvfQLUAyJx0uc6z/RtwZ6wDRN06xN/R/HSWLkH3gnMeozEwAAMGj3L/pHXRIAAAAAAAAAAAAAAAAAAAC4vIbxOrGTMQ+OUskgXqENAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAQ/wsAAP//Yu/R8g==")
r0 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0)
write$binfmt_register(r0, &(0x7f0000000140)={0x3a, 'syz2', 0x3a, 'E', 0x3a, 0x2007, 0x3a, 'M', 0x3a, '\x84\xa3\xea\xd6O\x89|\xeb\x80\xf0\xe96\xf4`&\xd4E\xe7L\x82n;H\xd8\xdf\x9a, \\E\xd4\xab\x1ed', 0x3a, './file2', 0x3a, [0x46]}, 0x4b)
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1258438, &(0x7f0000000f80)=ANY=[], 0xb, 0x0, &(0x7f0000000000))

1m29.813252096s ago: executing program 0 (id=330):
r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
write$binfmt_script(r0, &(0x7f0000000400)={'#! ', './file0', [], 0xa, "1f411d2552ad52cb07410969e814977e4f2c4a80522094786c8673fb61cf8b86bda4de504f5a3c7c04055f1f70e4064d46b2bb9e5100d446bb6a"}, 0x2)
write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000300)=ANY=[@ANYBLOB='\t'], 0x28)
close(r0)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)

1m29.306553532s ago: executing program 0 (id=337):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_merged\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f00000000c0)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x10012, r0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)

1m29.018905566s ago: executing program 32 (id=337):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_merged\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f00000000c0)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x10012, r0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)

6.193521451s ago: executing program 1 (id=1028):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000059770c40c009030243d3000000010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000006c0)={0x84, &(0x7f00000001c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000004c0)={0x1c, &(0x7f0000000340)={0x20, 0xf, 0x6, "050c4e2d2e1a"}, 0x0, &(0x7f0000000440)={0x0, 0x8, 0x1, 0x5}})

4.67294562s ago: executing program 2 (id=1037):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
setsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000140), 0x4)
sendto$inet(r0, &(0x7f00000000c0)="8f", 0x1, 0x1, &(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10)
close(0x3)

4.643056611s ago: executing program 5 (id=1038):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$UHID_CREATE(r0, &(0x7f0000000a00)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000940)=""/3, 0x3, 0x0, 0x4, 0x0, 0x0, 0xc08}}, 0x120)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000240)=""/161, 0xa1}, {&(0x7f0000000040)=""/18, 0x12}], 0x2)
readv(r0, &(0x7f0000000140)=[{&(0x7f0000000080)=""/155, 0x9b}], 0x1)
write$UHID_DESTROY(r0, &(0x7f0000000200), 0x4)

4.292635885s ago: executing program 2 (id=1039):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
recvmmsg(r0, &(0x7f0000000240)=[{{0x0, 0x0, 0x0}, 0x8}], 0x1, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f0000000180)=0x8, 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x2e, &(0x7f0000001140)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x1, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0)

4.167106737s ago: executing program 3 (id=1041):
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
alarm(0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00004bd000/0x3000)=nil, 0x3000}})

4.087817868s ago: executing program 1 (id=1042):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f0000000040)={0x1, 0x7fffffff, 0xab8})

3.990399169s ago: executing program 3 (id=1043):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10)
r1 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000200))

3.795726972s ago: executing program 1 (id=1045):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x101000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_mount_image$exfat(&(0x7f0000000040), &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x211000, &(0x7f0000000880)=ANY=[@ANYBLOB="23805308c71ebebc4431750f7be86835bb3bb4b158cd58eed26d37b7148a290cd165cc958ccf029a6f9a01e88b4170d7f0f7c62a97f1ae7dc8a8ed0cbfbe679b46da3f4d9228dfcffcec400f2b37c93011bb47f3d5297c80d22ee658dec8a0a4ad7fcf40fe", @ANYRES16=r1, @ANYRES16=r0, @ANYRES16=r0, @ANYBLOB="75b8fdeeab1654b4fb498e37c662c00e75c506cf39096270875d0a02537f71fccf9c1cafa241d2b464c41eafd3a8e7fcd5e6b56f795512c98d115410085aaf9e962f396d7daff254935d6755d3d089f164a6ae605f14be2c090000007e1700000000ce183beb3290da", @ANYBLOB="1d62ebb0ccb5e94dcdcb828c3970355b9987cd6e334ffd454ca2bf544100429d00dcac2b5ec12138c76a72d6cda85586456756cfeeebfff5318562932cc5ea38c4d76f9b48de0492f1be1b8371c6efb50e014f04f60a7cb78d3388ef325f13519f1a31f9c9d36e767716fd3eee1722b811f8ac99893bea886c4fa4947aeae5c7e075d58400146bce9d3eea0143e89892b92be440a44d16c809f06d40dd7761e7a04fa177d3b0407807aa78aff0c33b86c40b81ae7091495934b57c7ff4d692d19df7267ae058eb67e57259fa8b951eb46cfe735ef396279e0507b4ab6f733511c2f94bc0df878e9f90fca75fcdb0057b8e1b1014f5", @ANYRESDEC=r0, @ANYRESDEC=r1, @ANYRESDEC=r1, @ANYRESHEX=r0, @ANYBLOB="450cefe1e809e19f9aadbc89c99e54816863c56624fb0ef2405c59f85e2e0c02c9668d15a26c6cc47b44d8edc12ef5bf53d6a23c2c31b8ce390b611c97983fb71d3e41f4aa00b8ff770ef0398ec5adc27967a3a9c6d4e3615a80ae", @ANYBLOB="7c91a1f5ee5f6b491836cf8dcd550d1c6cbf4868d50472df80829d2c03b12302a05d55143ee732bf63bf5682b09999009c39894d87055315e37b896ca2bbbc6a4ece4af825ab0132f602c11bae881f0acbc7d21ea1ef89db12950cbd075060ed37940a2886e202c102874596838da198f956a10a1262311e78c8b2bc435f3f3ad8e4cf8ffda9bd099bc7c2a2c9e3847f9772df2c983d555ed1f516f238db0a417d57bb4e52cac216dc54f3115cc0fa170a184db813dffd95aca6bd55979b5869", @ANYRES32, @ANYRES16, @ANYRESHEX=0x0, @ANYRES16, @ANYRES8, @ANYRESDEC=r1], 0x45, 0x1538, &(0x7f0000002c80)="$eJzs3AvYTdXWOPAx5pyLl6Sd5D7HHIudXCZJkktCLkmSHElyS0iSJAmJl9ySkITck9xDcgvJ/X7LPUmOJElCQpL5f1Tn75xT53TO1/k+5xzj9zzzeed415pjj7XH3u9eaz3Pu79sN6BSncrlazEz/C74049UAEgBgN4AcBUARABQLFOxTBe2p9M7Qwi/72HEv9J9ky91BeJSkv5f3qT/lzfp/+VN+v9fyPzju0r/L2/S/8ub9P/yJv0X4nK2eUr2q//jxrl/gxr+eqT5+Qm91HX8k+P/9v4/pv7uF6z4F5LP//8iBwuN/HRtoWvb/xNLpP+XN+n/5U36f3mT/l/epP+XN+n/f79yf2eb9P/yJv0X4nJ2qe8//94R/RvU8B8w0vytbZf69SeEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQ4vJwJlxkAOBP80tdlxBCCCGEEEIIIf51QtpLXYEQQgghhBBCCCH+9yEo0GAggjSQFlIgHaSHKyADXAkZ4SpIwNWQCa6BzHAtZIGskA2yQw7ICbnAAoEDhhhyQx5IwnWQF66HfJAfCkBB8FAICsMNUARuhKJwExSDm6E43AIloCSUgtJwK5SB26AslIPycDtUgIpQCSrDHVAF7oSqcBdUg7uhOtwDNeBeqAl/gFpwH9SG+6EOPAB14UGoB/WhATSERv/0ekitC89CJ3gOOkMXSIWu0A2eh+7QA3pCL+gNL0AfeBH6wkvQD/rDAHgZBsIrMAhehcEwBIbCazAMhsMIGAmjYDSMgddhLLwB4+BNGA8TYCJMgskwBabCWzANpsMMeBtmwjswC2bDHJgL8+BdmA8LYCG8B4vgfVgMS2ApLIPlsAJWwipYDWtgLayD9bABNsIm2AwfwBbYCttgO+yAnbALPoTd8BHsgY9hL3zyT64//Vfr2yMgoEKFBg2mwTSYgimYHtNjBsyAGTEjJjCBmTATZsbMmAWzYDbMhjkwB+ZKABISMjLmxtyYxCTmxbyYD/NhASyAHj0WxsJYBG/EolgUi2ExLI7FsQSWxJJYGktjGSyDZbEslsfyWAErYCWshHfgHXgnVsWqWA2rYXWsjjWwBtbEmlgLa2FtrI11sA7WxbpYD+thA2yAjbARNsbG2ASbYDNshs2xObbAFtgSW2IrbIWtsTW2wTbYFttiO2yH7bEDdsBn8Vl8Dp/DLlhBdcVu2A27Y3fsib2wF76AffBFfBFfwn7YHwfgy/gyvoKD8BQOxiE4FIdiGTUcR+BIZDUax+AYHItjcRyOw/E4ASfgJJyMU3AqTsVpOB2n49s4E9/Bd3A2zsa5OA/n4XxcgAtxIS7C07gYl+BSXIbLcQUux1W4GlfhWlyHa3EDbsBNuAk/wA9wK27F7bgdd+JO/BA/xI/wI+yHe3Ev7sN9uB/34wE8gAfxIB7CQ3gYD+MRPIJH8Sgew+N4Ao/jScSf3+5n8CyexXP4dI7Pa+/Mv6YfqAuMMiqNSqNSVIpKr9KrDCqDyqgyGgBQmVQmlVllVllUFpVNZVM5VA6VS+VSpEixilVulVslVVLlVXlVPpVPFVAFlFdeFVaFVRFVRBVVRVUxdbMqrm5RJVRJ1dSXVqVVGdXMl1XlVHlVXlVQFVUlVVlVVlVUFVVVVVXVVDVVXVVXNdS9qqbqij3xPnWhM3VUf6yrBmA9VV81UA3VK/iQaqwGYRPVVDVTj6ghOBhbqMa+pXpctVIjsLV6Uo3Ep1RbNRrbqWdUe9VBdVTPqk6qie+suqjx2FV1U5Owu+qheqpeahpWVBc6Vkm9pPqp/mqAelnNxVfUIPWqGqyGqKHqNTVMDVcj1Eg1So1WY9Traqx6Q41Tb6rxaoKaqCapyWqKmqreUtPUdDVDva1mqnfULDVbzVFz1Tz1rpqvFqiF6j21SL2vFqslaqlapparFWqlWqVWqzVqrVqn1qsNaqPapDarD9QWtVVtU9vVDrVT7VIfqt3qI7VHfaz2qk/UPvVHtV99qg6oz9RB9bk6pL5Qh9WX6oj6Sh1VX6tj6rg6ob5RJ9W36pQ6rc6o79RZ9b06p35Q51VQoFErrbXRkU6j0+oUnU6n11foDPpKnVFfpRP6ap1JX6Mz62t1Fp1VZ9PZdQ6dU+fSVpN2mnWsc+s8Oqmv03n19RoAdAFdUHtdSBfWN+gi+kZdVN+ki+mbdXF9iy6hS+pSurS+VZfRt+myupwur2/XFXRFXUlX1nfoKvpOXVXfpavpu3V1fY+uoe/VNfUfdC19n66t79d19AO6rn5Q19P1dQPdUDfSD+nG+mHdRDfVzfQjurl+VLfQj+mW+nHdSj+hW+sndRv9lG6rn9bt9DO6ve6gO+of9HkddGfdRafqrrqbfl531z10T91L99Yv6D76Rd1Xv6T76f56gH5ZD9Sv6EH6VT1YD9FD9Wt6mB6uR+iRepQercfo1/VY/YYep9/U4/UEPVFP0pP1FN3z50wz/oH1b/zK+r4/PvomvVl/oLforXqb3q536J16l96ld+vdeo/eo/fqvXqf3qf36/36gD6gD+qD+pA+pA/rw/qIPqKP6qP6mD6uv9Pf6JP6W31Kn9an9Xf6rD6rz/38HIBBo4w2xkQmjUlrUkw6k95cYTKYK01Gc5VJmKtNJnONyWyuNVlMVpPNZDc5TE6Ty1hDxhk2sclt8pikuc7kNdebfCa/KWAKGm8KmcLmht+9/rfqa2QamcamsWlimphmpplpbpqbFqaFaWlamlamlWltWps2po1pa9qadqadaW/am46mo+lkOpnOprNJNammm3nedDc9TE/Ty/Q2L5g+po/pa/qafqafGWAGmIFmoBlkBpnBZrAZaoaaYWaYGWFGmFFmlBljxpixZqwZZ8aZ8Wa8mWgmmslmsplqppppZpqZYWaYmWammWVmmTlmjpln5pn5Zr5ZaBaaRWaRWWyWmCVmmVlmVpgVZpVZZdaYNWadWWc2mA1msdlsNpstZovZZraZHWaH2WV2md1mt9lj9pi9Zq/ZZ/aZ/Wa/OWAOmIPmoDlkDpnD5rA5Yo6Yo+aoOWaOmRPmhDlpTppT5pQ5Y86Ys+asOWfOmfPm/IXTvkhFKjKRidJEaaKUKCVKH6WPMkQZooxRxigRJaJMUaYoc3RtlCXKGmWLskc5opxRrshGFLmIozjKHeWJktF1Ud7o+ihflD8qEBWMfFQoKhzdEBWJboyKRjelB4CoeHRLVCIqGZWKSke3RmWi26KyUbmofHR7VCGqGFWKKkd3RFWiO6Oq0V1RtejuqHp0T1QjujeqGf0hqhXdF9WO7o/qRA9EdaMHo3pR/ahB1DBq9FP+qFh089/Pf+FM54K/mz+EU1kf9p1tF5tqu9pu9nnb3fawPW0v29u+YPvYF21f+5LtZ/vbAfZlO9C+YgfZV+1gO8QOta/ZYXa4HWFH2lF2tB1jX7dj7Rt2nH3TjrcT7EQ7yU62U+xU+5adZqfbGfZtO9O+Y2fZ2XaOnWvn2XftfLvALrTv2UX2fbvYLrFL7TK73K6wK+0qu9qusWvtOrvebrAb7Sa72X5gt9itdpvdbnfYnXaX/dDuth/ZPfZju9d+YvfZP9r99lN7wH5mD9rP7SH7hT1sv7RH7Ff2qP3aHrPH7Qn7jT1pv7Wn7Gl7xn5nz9rv7Tn7gz1vw4WT+wsf72TIUBpKQymUQukpPWWgDJSRMlKCEpSJMlFmykxZKAtlo2yUg3JQLspFFzAx5abclKQk5aW8lI/yUQEqQJ48FabCVISKUFEqSsWoGBWn4lSCSlApKkW30q10G91G5agc3U63U0WqSJWpMlWhKlSVqlI1qkbVqTrVoBpUk2pSLapFtak21aE6VJfqUj2qRw2oATWiRtSYGlMTakLNqBk1p+bUglpQS2pJragVtabW1IbaUFtqS+2oHbWn9tSROlIn6kSdqTOlUip1o27UnbpTT+pJvak39aE+1Jf6Uj/qRwNoAA2kgTSIBtFgGkJD6TUaRsNpBI2kUTSaxtAYGktjaRyNo/E0nibSRJpMk2kqTaVpNI1m0AyaSTNpFs2iOTSH5tE8mk/zaSEtpEW0iBbTYlpKS2k5LaeVtJJW02paS2tpPa2njbSRNtNm2kJbaBttox20g3bRLtpNu2kP7aG9tJf20T7aT/vpAB2gg3SQDtEhOkyH6QgdoaN0lI7RMTpBJ+gknaRTdIrO0Bk6S9/TOfqBzlOgFKcgvbvCZXBXuozuKpfi0rk/j7O57C6Hy+lyOeuyuKx/EZNzLp/L7wq4gs67Qq6wu+EXcQlX0pVypd2troy7zZX9RVzF3emqurtcNXe3q+zu+Iu4urvH1XAPuJruQVfL1Xe1XUNXxz3g6roHXT1X3zVwDV1z96hr4R5zLd3jrpV74hfxfLfArXZr3Fq3zu12H7kz7jt32H3pzrrvXWfXxfV2L7g+7kXX173k+rn+v4iHutfcMDfcjXAj3Sg3+hfxRDfJTXZT3FT3lpvmpv8inufedTPdQjfLzXZz3Nwf4ws1LXTvuUXufbfYLXFL3TK33K1wK92q/1/rMrfBbXSb3C73odvitrptbrvb4Xb+GF84jj3uY7fXfeIOuS/cfvepO+COuIPu8x/jC8d3xH3ljrqv3TF33J1w37iT7lt3yp3+8fgvHPs37gd33gUHjKxYs+GI03BaTuF0nJ6v4Ax8JWfkqzjBV3MmvoYz87WchbNyNs7OOTgn52LLxI6ZY87NeTjJ13Fevp7zcX4uwAXZcyEuzDdwEb6Ri/JNXIxv5uJ8C5fgklyKS/OtXIZv47Jcjsvz7VyBK3Ilrsx3cBW+k6vyXVyN7+bqfA/X4Hu5Jv+Ba/F9XJvv5zr8ANflB7ke1+cG3JAb8UPcmB/mJtyUm/Ej3Jwf5Rb8GLfkx7kVP8Gt+Uluw09xW36a2/Ez3J47cEd+ljvxc9yZu3Aqd+Vu/Dx35x7ck3txb36B+/CL3Jdf4n7cnwfwyzyQX+FB/CoP5iE8lF/jYTycR/BIHsWjeQy/zmP5DR7Hb/J4nsATeRJP5ik8ld/iaTydZ/DbPJPf4Vk8m+fwXJ7H7/J8XsAL+T1exO/zYl7CS3kZL+cVvJJX8Wpew2t5Ha/nDbyRN/Fm/oC38Fbextt5B+/kXfwh7+aPeA9/zHv5E97Hf+T9/Ckf4M/4IH/Oh/gLPmyAj/BXfJS/5mN8nE/wN3ySv+VTfJrP8Hd8lr/nc/wDn2d9CmKMVaxjE0dxmjhtnBKni9PHV8QZ4ivjjPFVcSK+Os4UXxNnjq+Ns8RZ42xx9jhHnDPOFduYYhdzHMe54zxxMr4uzhtfH+eL88cF4oKxjwvFheMb4iLxjXHR+Ka4WHxzXDy+JS4Rl4wfuLt0fGtcJr4tLhuXi8vHt8cV4opxpbhyfEdcJb4zrhrfFVeL746LxvfENeJ745rxH+Ja8X1x7fj+uE78QFw3fjCuF9ePG8QN40bxQ3Hj+OG4Sdw0bhY/EjePH41bxI/FLePH41bxE7+5PTXuGneLn4+fj0O4S89Jzk3OS76bnJ9ckFyYfC+5KPl+cnFySXJpcllyeXJFcmVyVXJ1ck1ybXJdcn1yQ3JjclMyhMppwaNXXnvjI5/Gp/UpPp1P76/wGfyVPqO/yif81T6Tv8Zn9tf6LD6rz+az+xw+p8/lrSfvPPvY5/Z5fNJf5/P6630+n98X8AW994V8Yd/QN/KNfGP/sG/im/pm/hH/iH/UP+of84/5x30r/4Rv7Z/0bfxTvq1/2j/tn/HtfQff0T/rO/nnfGffxaf6VN/Nd/PdfXff0/f0vX1v38f38X19X9/P9/MD/AA/0A/0g/wgP9gP9kP9UD/MD/Mj/Ag/yo/yY/wYP9aP9eP8OD/ej/cT/UQ/2U/2U/1UP81P8zP8DD8z30w/y8/yc/wcP8/P8/P9fL/QL/SL/CK/2C/2S/1Sv9wv9yv9Sr/ar/Zr/Vq/3q/3G/1Gv9lv9gq2+G1+m9/hd/hdfpff7Xf7PX6P3+v3+n1+n9/v9/sD/jN/0H/uD/kv/GH/pT/iv/JH/df+mD/uT/hv/En/rT/lT/sz/jt/1n/vz/kf/Hkf/JjE64mxiTcS4xJvJsYnJiQmJiYlJiemJKYm3kpMS0xPzEi8nZiZeCcxKzE7MScxNzEv8W5ifmJBYmHivcSixPuJxYkliaWJZYnlCUiEkHNLHHKHPCEZrgt5w/UhX8gfCoSCwYdCoXC4IRQJN4ai4aZQLNwciodbQolQMpQKD4Z6oX5oEBqGRuGh0Dg8HJqEpqFZeCQ0D4+GFuGx0DI8HlqFJ0Lr8GRoE54KbcPToV14JrQPHULH8GzoFJ4LnUOXkBq6hm7h+dA99Ag9Q6/QO7wQ+oQXQ9/wUugX+ocB4eUwMLwSBoVXw+AwJAwNr4VhYXgYEUaGUWF0GBNeD2PDG2FceDOMDxPCxDApTA5TwtTwVpgWpocZ4e0wM7wTZoXZYU6YG+aFd8P8sCAsDO+FReH9sDgsCUvDsrA8rAgrw6qwOqwJa8O6sD5sCBvDprA5fBC2hK1hW9gedoSdYddPd6TSQ/g47A2fhH3hj2F/+DQcCJ+Fg+HzcCh8EQ6HL8OR8FU4Gr4Ox8LxcCJ8E06Gb8OpcDqcCd+Fs+H7cC78EJ4+Jv+zJoQQQgjxj9C/sb3rr/xO/Twu6AYAV27NfvCvc67P8tO8h8rRPAEAj3dpd9+fRoUKqampP++7WEOUZzYAJC6uTwN/Fqc2g0ehJTSFIr9aXw/V4Sz/Rv7kzRdOMi9KgYvxEvhT/hv/Rv6HHhk6v3h8JtPfyT8bIF+ei2vSwcX4Yv6ifyN/1sa/UX+6T8cANPmzNRngYnwxf2F4GJ6Aln+xpxBCCCGEEEII8ZMeqlSbv7z+1L96fZ7DXFyTFn6Mf/zmgIvXn79+fS6EEEIIIYQQQohL76kOHR97qGXLpm3+QyYpP9f971LP/3gS9L9FGTL5GxP8D32D/Msml/CPkhBCCCGEEOJ/xcWT/ktdiRBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIcfn6v/g6sUt9jEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIcSl9v8CAAD//+BAI6A=")
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x800000000003)
ioctl$KVM_CAP_HYPERV_DIRECT_TLBFLUSH(r2, 0x4068aea3, &(0x7f0000000540))

3.723853093s ago: executing program 3 (id=1046):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r0, 0x6)
syz_emit_ethernet(0x56, &(0x7f0000000340)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x20, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x8, 0x2, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x3f}]}}}}}}}}, 0x0)
syz_emit_ethernet(0x56, &(0x7f0000000040)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x20, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x8, 0x10, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa}]}}}}}}}}, 0x0)

3.335986198s ago: executing program 1 (id=1047):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10)
r1 = socket$inet(0x2, 0x6, 0x0)
shutdown(r1, 0x0)
recvmmsg(r1, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)

3.335742418s ago: executing program 3 (id=1048):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x82)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f0000000300)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mount$bind(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x20000, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)

3.312394088s ago: executing program 5 (id=1057):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r1}, 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)={0x1, 0x0, 0x0, {0x0, 0x2710}, {0x77359400}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "a5976ac6acd41fd8"}}, 0x48}}, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000280)={0x1, 0x600, 0x678, {0x0, 0x2710}, {0x0, 0xea60}, {}, 0x1, @can={{0x0, 0x0, 0x0, 0x1}, 0x2, 0x3, 0x0, 0x0, "ee6a491530f05065"}}, 0x48}, 0x1, 0x0, 0x0, 0x8090}, 0x0)

3.311470258s ago: executing program 2 (id=1049):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x101880a, &(0x7f0000005a80)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c61636c2c6673796e635f6d6f64653d7374726963742c696e6c696e655f78617474722c6673796e635f6d6f64653d706f7369782c646973636172645f756e69743d7365676d656e742c6261636b67726f756e645f67633d6f6e2c6e6f696e6c696e655f78617474722c646973636172645f756e69743d626c6f636b2c6673796e635f6d6f64653d7374726963742c617467632c657874656e745f63616368652c6661756c745f696e6a656374696f6e3d30303030303030303030303030303031343033302c00271d57a599b8b169a579679e220c689eaaec4fa6229021e75c68a687d319b615573b0b0ceefba8e2e2419434463974ef8174b66469344931de0ccad650792761"], 0x1, 0x550b, &(0x7f0000000540)="$eJzs3M1rI2UYAPAn/dhv1yIevO3AIrSwiU0/Fr1V3cUP7FJWPXjSNElDdpNMadK09uTBo3jwPxEFTx79Gzx49iYeFG+Ckpmpbv0AoWlj298PJs+8b94887xhWXhmSgK4sOaSX34qxc24GhHTEXEjIjsvFUdmLQ/PRcStiJh64igV839MXIqIaxFxc5Q8z1kq3vrszvD26o9v/vz1t5dnrn/+1XeT2zUwac9HRHc7P9/r5jFt5fFRMV8btrPYXRkWMX+j+7gYp3nca25mGfZqh+tqWVxu5evT7d3+KG51avVRbLW3svntXn7B/rB1mCf7wKPaTjZuNDez2O6nWWwd5HXtH+T/tx30B3meRpHvwyx9DAaHMZ9v7jfz/Ww/zmK9Nyjm87xpo7k/isMiFpeLetppZHVsHueb/n97q93b3U+GzZ1+O+0lq5Xqi5Xq3XJ1J200B82Vcq3buLuSzLc6o2XlQbPWXWulaavTrNTT7kIy36rXy9VqMn+vudmu9ZJqtbJcWSyvLhRnd5LXHrybdBrJ/Ci+0u7tDtqdfrKV7iT5JxaSpcrySwvJ7Wry9vpGsvHw/v31jXfev/feg5fX33i1WPS3spL5pcWlpXJ1sbxUXbhA+/+4KHqM+4djKU26AICzR/8PTMLJ9f87DyNOvv8P/f9YnKn+9/z1/3svREx0/3As+n8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAvr+9kvXs9O5vLx9WL+qWLqmWJcioipiPjtH0zHpSM5p4s8s/+yfvYvNXxTiizD6BqXi+NaRKwVx69Pn/S3AAAAAOfXlx/d+jTv1vOXuUkXxGnKb9pM3fhgTPlKETE798OYsk2NXp4dU7Ls3/dM7I8pW3YD68qYkuW33GbGle0/mT4SrjwRSnmYOtVyAACAU3G0EzjdLgQAAIDT9MmkC2AySnH4KPPwWXD2l/d/PhC8emQEAAAAnEGlSRcAAAAAnLis//f7fwAAAHC+5b//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7NzP7eJA1EcgJ8NXth/WrTa+7ayNyhjS9jjHiMKSBMUkANpIQ1QA7mlhAgiPA6BiEMkj20l+j7JmYxlfrxBcJgZaQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu3Vfrxe3V7+u2Obt9O3lGAwAAAFyyrdaL+p9Z6n9t7n9vbv1s+kVElBFxae4+ik9nmaMmp3p5/ub0+epVDXcRdcLhPSbN9SUi/jTX44+uPwUAAAD4uDbL1TzN1tOf2dAF0ae0aFN++5spr4iIavaQKa085P3KFFZ/v8fxP1NavYA1zRSWltzGudLepP65H1ftpidNkZry4suORWYbOwAA0KPRWdPvLAQAAIA+/Ru6AIZRxPNW5nErcJKaZnvv81kPAAAAeIeKoQsAAAAAOlfP/3s6/2/v/D8AAAAYRjr/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC5tq/Vis1zN2+bs9u3kGQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyxP+8oEAJhEAZ713cmc//DSoOmpiZVIHz8jcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMX+vKRACARBFMwZ/zvp+x9WEvQMIkRAw6OKWjQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMXO/bzGUcUBAP/OzM7WtooxSg4RUfCgF5tua2tv4kEJHvwThJBua+zWH20QW4qYizfJuRfRo4igxFv/h55b6KXeethDBc/KzM5kp23A9dfMNvl84M377jDM+75ZCPnOewkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtfFb0zgrDguTOK3O3bp/bb3obz/UF25s31kuWhEnbSb9eHih+SFZioij3SUDAADAwZDV9X1E3M13Vos+XSjr/7y+pqj5v31qElf1/Gd1yfpw/V/X/kX75ed7z+0OtDAZp7jpuY3R8PijqfT+rznOu6f/8ope+eTLdy9Z+YWk7249O87L55l8ffPm2/0yPNRGtgDAP3Gs7qug/n2o6AddJgbAgdFrFN51/Z8tdJsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQBvGW3G0jpOIWO5N48Lt+9fW9+pvbN9Zrtvp69e348vpPYtb5BFxbmM0PN7qbObb5StXL6yNRsNL7QcvRkRXo79ZTf/C+zNcHNHJ8xH8R0Fafdnzks/jEXT4QwkAgH0pr1pR19/Nd1aLc8lixB/fPVj/v9KIY8b6/94Hp281x2rW/4PWZjj/VjYvfrJy+crV1zYurp0fnh9+9PqJwRuDk2dOnTqzUr4rWfHGBAAAgH+nX7Vm/Z8uPrr+f6QRx4z1/6ffDL5ojpWp//c0XfTrOhMAAICD7ZmXfv8t2eN80u/H52ubm5cGk+Pu5xOTYwep/m2Hqtas/7PFrrMCAAAA2jDeSh5Y/z/biGPG9f8nv3/+x+Y9s4g4XK3/H1v/eHS2venMtTb+nLjrOQIAANCtw1Vrrv/n5f7/dHfLQxoRr748iat/AzhT/Z+989UPzbGa+/9PtjfFuZQuTZ5H2S9F9Ja6zggAAID97ImqFcX+r/nO6oc/HXmvb/8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQNv+DAAA///fxzxy")
r0 = open(&(0x7f0000000100)='./file1\x00', 0x109042, 0x88)
fallocate(r0, 0x10, 0x0, 0x7000000)
r1 = open(&(0x7f0000000000)='./file1\x00', 0x109042, 0x0)
fallocate(r1, 0x20, 0x0, 0x7000000)

3.031733761s ago: executing program 5 (id=1051):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x1b, &(0x7f0000000140)=0x2, 0x4)
listen(r0, 0xfff)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a9646", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)

3.016809191s ago: executing program 3 (id=1052):
r0 = syz_open_dev$ndb(&(0x7f0000000380), 0x0, 0x4080)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r0, 0xab00, r1)
ioctl$NBD_DO_IT(r0, 0xab03)
ioctl$NBD_CLEAR_SOCK(r0, 0xab04)

2.984668032s ago: executing program 1 (id=1053):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000600)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6469725f726573765f6c6576656c3d30303030303030303030303030303030303030332c726573765f6c6576656c3d30303030303030303030303030303030303030362c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c636f686572656e63793d66756c6c2c6e6f61636c2c004c98065b85e5b137d63b2211c62c402045083da9bddc3b0d88d44ecd24ba5288d428197284f332858b83349af2c7646f1e07e91120d7f23ce20389bbc031d81d654f1ca08f61c92d90e6ea478843c1ad942c7c257f9ff5348dd038e947775991ad90f8861dada21d5fa2de7042b5e2cbbcd1ada2b568e375812eb0bc448e68eda4c70cf1d5adf566142ed45924fe72a1eb1a914faf754b9d94bf0fdc1f98c708bd89940b5ef96e328240c39559b35bc83c15c15104f3b3fe1945f0278c34e2399dadcd9776ac659afcbb239569140ab408ad87f15b353941"], 0x1, 0x442d, &(0x7f0000004480)="$eJzs3c9rVNceAPBzb/KeiU998cfCBw/ewBPeoy0hcdU2QjVGY6KpxVYp3YyTZNS0k4wkk9KFi3QndFXoQrqQFrrLSrLo1v4J3XRp10K76KZQkKbMzJ0492aGTCXXVPl8wJzc8zvznXvmzOJ64kTt1sJKYWGlUFoqVOdurJwsfFytrC6WQ/yc7PX49CaPOIn93rl89vy7106G8N38D483Nzc3Q11/6Gi07fdff7kz1562xJk29X4797ZbPgghHNs2r7q+EML734YQhRDOJHnjSToYQjgUmmXX7nx2vbBLs3nwqHyq+GTm7sbYien1+xvd//YohC8r/3rt5uJP/+0b+/GVXRoeAAAAAAAAAAAAAAAAAIAX3OSVy1ffGRkND6PQvx5tf153Mkm7PR+7uWv+k/8fCwAAAAAAAAAAAAAAAAAAAH9RT5//L0RHOjz/P5Gkp7u033wr/zmSn6m3L0+cGxlNzn+PtpW/nmT9fKYvHO5w7nv2/Pczmfadz3/fPs6zas2vNe5QiOLh1HUcDw+H8HVy8PvxaH9cqa7UXr1RXV2a37VpvLDS8W+e3p+KTnKgf6/xH8/0n//5/0e3vZvq19d37y32UkvHv69rvW8+jXqK/9l0s3s5TbvN0fyHeIml49/fyBtsr7CvmdTj/3n/zvGfyPSf1/1/KIRQiOpzLaRWgPoepp7fbb9CWjr+f2vkpZbO5IXsdv//lon/uUz/e7X+r2U/iOgoHf+/N/IGUjWaG4BG/OOd7//zmf73Iv71+a/5/O9JOv7JYt+fqtJ4JXtd/ycz/ecV/6txMs9DUeodsB4187v9f3WkpeM/sK386fe/uKf934VM++f1/a81buv7X2v5/3/U/P5HZ+n4D3at1+v9P5Vpl/f6f7qx/+NZpeO/v5GX3jsPNX72Gv/pTP95xb+xKxloxf/pevL7vmb+V/Z/PUnH/x/NzLi9xlrjZ2P/F+28/7+Y6X8v9n/1+a/F+Y76skjH/0DXevX4f9/D5/+lTLv84x/CiL3+M0vH/2DXeo37f2Dn+M9k2uUd///l2TkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAC2A8SYdCFA+nruN4eDiEs8n18bA/mi3NF2cr1bmPVkKYSPIL4Uh0s1KdLVWKC0vV+XKxVKlU50I4l5QfCwPRSqVaKy6Wbp/f6mswulUuLddmy6VaCGEyyf93ONjqa3ahtli6HUK4sFX2z7i6fPtWaak4v7D85sjIyEiY2prD4aj8Sa28VGuO3iwNYXqr7VDUNrlG8cWtuRyIPqyuLi+VKo38S21tKtW5UqWtzUxS9kU4HNWWV5fmSrVysVK92RpvL51O0ompK+9duTS6rfx61EzHn++0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiTHo69cS+E0N+8ikMIhSj5JUr+pTx4VD5VfDJzd2PsxPT6/Y3HneoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAH+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhl/5RIgaiOAC/GQUtPYZVSDrbiCJaGBE8gR7Dw+hRvIR3sLCwtVgWdiew5A+EwHbf1zyYH2/ewDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgubvn7uWpbiJSnG/OIr7evn8O84dSP66n+09WzDxd0cNx3D92N7d1U/49jfKrcvTb5l36//f+GhO19znYk+E+7Y3nDM3t29z7+rkXkXIVEW3JL1POVbXsLgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDLDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgWAAAAABAmL91FH0bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPwKAAD//4w3HM8=")
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
syz_mount_image$exfat(0x0, &(0x7f0000000300)='./bus\x00', 0x84c00, 0x0, 0x0, 0x0, &(0x7f0000000000))
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./bus/file0\x00', 0x8000a, 0x0, 0x1, 0x0, &(0x7f0000000000))
rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./bus\x00')

2.671109616s ago: executing program 3 (id=1055):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27)

2.670331156s ago: executing program 5 (id=1056):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'xfrm0\x00', <r2=>0x0})
sendto$packet(r0, &(0x7f0000000340)="0b03060003001000030047c8a3e7e3ecaa96ca1a00000000000000000000a87a88cb", 0x22, 0x20008000, &(0x7f0000000040)={0x11, 0x3, r2, 0x1, 0x4, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x15}}, 0x14)

2.239406782s ago: executing program 33 (id=1055):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27)

2.227235382s ago: executing program 5 (id=1059):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000004c0)=ANY=[@ANYBLOB="12010000000000404c054b0200000000000109022400010000000009040000010300000009210000000122f8040905810300"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_usb_control_io(0xffffffffffffffff, &(0x7f00000001c0)={0x18, &(0x7f0000000040)=ANY=[@ANYBLOB="000706000000ff0309"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)

2.219097822s ago: executing program 4 (id=1060):
syz_mount_image$erofs(&(0x7f0000000280), &(0x7f0000000140)='./file0\x00', 0x1000801, &(0x7f0000000040)=ANY=[], 0x0, 0x1ca, &(0x7f00000008c0)="$eJzsmb+uEkEUxr+Z3QvcG2NiY2GjiTfxmlyW3UUNjQU+gQn4r5PIStAFDGwBJBbExsbH8BUsqCzs7Gy1UBMTCymt18xw2B35J8QQSTy/hNlvZs7MnDnAVwAYhvlv+frl5+dXt0rVUwBncIwsjX+30hhpxH/Kkfj4+l377PPx/H4CQBxvfr4N4G3ZQkT9OP599TE9q5CJvgOJq6TvQcAh/RASd0kHEHhA+omhO4ckwsB51Anrj5th4KrGU42vmuJ8fpORQB1AjvITxnxvMHxaC8OgOy8O4tk5C1Pbij/Uz56UJW4a9VPv1/2XL0aqP6uNa9TPg4RHugiBCukSsnAcJy2Jcf8Ldrq/tcn990Gcy6+LOd2DDFn8AyGMkUMl1Bc6GTk/Gb9fXPVtl4ld2u2VQZ69MPXh6O92zpAJLI1J/VNZ7hXDn2zYiX8UotazQm8wzDdbtUbQCNq+X7zhXnPd635BG9G0XeN/Oe1PR8b+BytiMyKDfi2Kul4fiLpe0venreG4lTedH3qN1P4ncXJ5uof6qOhrZ5efIegl9VOpE2tl8gzDMAzDMAzDMAzDMAzDMFtxEUL/Ckp/VMUr8G/r6F8BAAD///ckZMc=")
mount$overlay(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
chdir(&(0x7f0000000240)='./file0\x00')
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmmsg$unix(r0, &(0x7f00000025c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}}, {{&(0x7f0000000380)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x20000004}}], 0x2, 0x0)

1.747841478s ago: executing program 4 (id=1061):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vxcan0\x00', <r1=>0x0})
socket$can_bcm(0x1d, 0x2, 0x2)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newtfilter={0x24, 0x11, 0x1, 0x691522eb, 0x0, {0x0, 0x0, 0x74, r1, {0x12, 0x4}, {}, {0x5, 0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)

1.269938814s ago: executing program 2 (id=1062):
r0 = io_uring_setup(0x70c3, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1})
r1 = socket(0x2b, 0x1, 0x1)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x3}, 0x1c)
ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r1, 0xf502, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

970.187398ms ago: executing program 4 (id=1063):
r0 = syz_open_procfs(0x0, &(0x7f0000000380)='map_files\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='freezer.parent_freezing\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f00000002c0)=ANY=[@ANYRESDEC], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x100000d, 0x12, r1, 0x0)
openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000000), 0x2, 0x0)

947.056678ms ago: executing program 2 (id=1064):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, 0x0)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f00000004c0)=0x27)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000080)={r2, 0x7, 0xfff7}, 0x8)

850.539619ms ago: executing program 2 (id=1065):
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000005600)='./file1\x00', 0x0, &(0x7f0000000040), 0x1, 0x559a, &(0x7f0000005680)="$eJzs3X2QVWUdB/Bzd1lYZGI3BMGBFShfQEIhpVRS7kBBuDJtkjU2GQtioaAwzBI1ii04WLgam1kz5QxCiwjDUmszGmXlygyQk9PWjIPIgjLThjG9SMXEFjU2e+99Lveey+5eyVxfPh9m99zn/s7znOeeOX/c72WfcyMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIoujgjtr/rB1ZV75+06hFt199cPSq0RNWVDWdHHWg+rzdl/absWjovuntdw6b0bH6SPX65tsu6IyiRKpfItN/3vSPX/+FufPmlIcBaz+Z3lZWdnfIdNfD6Ub/vCe7+uX/zI+iqCw2QGlmu7s0p52IHyBaXjhgj8pmbVsycEGyduvmp+ouX7J1XOFLp0t5X0+gr2Suq45T11Iy9bsktke2nXPpJfIu0XT/+AX3prwIAOB1mVST2mTfjmbe4mbb9fF6rJ2MtRtj7fAOoTG3cSbS4/bvbp5j4vU+mmcyHRUGdDvPWD1z/rPtmnj/WDsWNV7HPPN3zUSa8u7muSxW76t5AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALyVvFa3Ys34z714sOyX549bvfLk4WvLL3zoq/8uWXrzS68dqlnzl7ah+6a33zlsRsfqI9Xrm2+7oDOKKlP9EunuiWknXr1kYvWcUeuf+N7ETc+OP16aGTds++XsHO0PD66siKIFOZWOMOzRwVFUk19INaPvFhZuTT2YHQoAAAC8k5yb+l2SbafjYFleO5FKk4nUvyAdFstmbVsycEGyduvmp+ouX7J13JmPV9PNeMnTjpdtV576SeQE4xB/4+OdqoddlxeM07P4iPE8P+X5l1+oGHHtT5+pOu+mlde/NPKax9tmfnP48UX7K+8YtGrc2CsK8n9lz/k/nDn5HwAAgP+F/B8fp2e95f/PzK+75Y5HvnJszD2HVw66+8H9G4eVH7nplsn7/jj8hosvvqz2xoL8PybvkAX5P8w45P+S6MzyPwAAALyV/b/zf7JgnJ71lv/bhzff/MB7Di2sbOt4evtlK/b0X3j1RUMOPHTR3In3XjdozPkNBfl/UnH5v1/utMOTz4UJL66IoknFn1QAAAAgT/h/91MfLYS8nv7kIJ7XW+dtGd3y6swvTxj78KH6P1Vtnvj5jUMe37lh5jd2PXf3/RPbzi7I/8ni8n/Zm/NyAQAAgCI0HTpnxNBPJ38e3X/01vnf/+yuR+9b+sWrLtnbOWvC2l9UP72jviD/1xSX/wf0zcsBAAAATuPE+GsW/mPnkd9e1/yJ+5qO/v5Lq0p/NaNp9/62hqZ/bh81e/XkgvxfW1z+Pyuzzax8SHfaE/4K4VsVUVTe9WBZurA3apyWLQAAAABvkJDT75ryfMm9A6edu2Xub06Me+KFPZ/aN3vxhnPWTGp69n2tiz9y4WMF+X9Zz/f/D3c6COv/8+7/V7D+P6eQvuvfVDcGAAAA4N2ocD1/uD1++psLuvv+/WLX///w6xv+mqiqf/ID8342q/P9zT/Z2zr1wZNVf5hz/OGW5MgnL32xIP/XF5f/S3O3b+T3/wEAAMAZeLt9/9+NBeP0rLf7/7c980j1o1d+6GtXza2buuN3H77iz68Mn9qwPXpl+UfbFx342K5fF+T/xuLyf9gOyn15reH83FMRRSO6HmTuJrgtTHdxrNBSllNIn/hYj7mhR6bQMiCnkLIs1uODFVE0tutBfazw3lBojBWODc4UNsYKbaGQuR6yhR/ECq3hSvvO4Mx044Ufh0JmgUVLWEExKLskItbj79316Cqctkd79uAAAADvKiE8Z7JsWX4zikfZlkRvO5zV2w4lve1Q2tsO/WI7xHfs7vmoNr8Qnv/Rt294ecBdD2yom7Jl04KqhrPX/euxyZNuX7Z2Z93SziF/W7euIP9vLC7/h1PRP73pbv1/FNb/Z77XMLv+vzYUKmOFllCoid8xoCYcIx12G8IxKmsyPY6NyBYAAADgHS18LlDax/MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/7J373FW1nXiwL8zzIUZhplRMS+RISaKwTCMKYaZID/TnwQOq6WFJgSDjgxCXEzQTUTd1VzB2+ZtE0jdtIwoNbVUeGnekspLsKl5SfHSK41lS5Js133NnPM9nPOcOc5BQBn3/f5jzvecz/f6nMuc7/M85/sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/N2z85GVfeHmfj/xg3cKBi1eP+krfI4cMn3DMNTceu/jhb0/e777f//8+aw575sydR60955XRi245de+3QmjuKFeSKl5y6F/XNQwePabvotuvGbz0kYF/qUjXm46HXu1/StN3zoutru0dwh0lIZQlA4NrUoHy9P2aWF/fmhB2CJsCmRIt1akSyYbDA1UhLAmbApmq7qoKoSYrcOwT9624uD1xRVUIe4cQKpNtPFuZaqMqGRhQkQpUJwPTy1KBv76TkgncWZoKwBaLb4bMi355c26G+s7LFXj9lW+1jn2wksPrERP1hfO9MXIbdypLRfKB5i162vKqY5vIe3us9G7rBu+2vO18iact+4tU+hvKO5tClaF0csuUiXPaZsdHSkNDQ49CNW2j5/np9WdN2px0t3kdxg7Ub5XX4aoLe49d/OhRw2+tG35Dn0ELN25pNwtt3m2tMqRfc93meYxG+DzpBm+/vG9J/XzpCiHsf9v42798wcs3L7h87K4HPbHTsDc+u/vdLT+75YTxxx++fsVXf//jvPl//bvP/+PLOd6W5uSOrb5dm5qbx0dqYmJdbWpuDgAAAN1Gd9hr+srq/5722X3HDX185OrqW2+659SL7/v8tT9r3a/t4bE77fj8vvN+lDf/71fc8f94yL8me7QrQxjRkTi3LoRdOx5PBW6O3flqXQh7dqSacwMjE4GVIezWkRiYqSpRomcs0S8ReLU2HRiRCDwYA82JwI0xcEkicF4MLE8EJsXAykTgsBgIrbnj2K82PY6iA1UxMCG1EZfHsxD+XBtbS2yrZzJVAQAAbCXp2WF57t2scx22NEOcXi6v6ipDPAO7YIbKRA3JGWxmWlWwhrKuaijtqobMuOe/+/Dzai7pqua80zBKcjNcWXXLpT8aNumNu2e8tOG0Iz7x2quP1S/96afXXfPGU9Mr79/j8ofz5v+N7z7/r+ykIyV5x/9DGNfxN+YuTUfaMvEJzTkZAAAAgC3w1sADvvydsq/NfeH3jwz75K+vfez1lQ9/dO8zb1v7/Bk/+NZ3au4fnTf/H1Hc+f9xn0iPrMxhVdwNMbUuhMbcQKrag/MDqaPevdIBAAAA6A4yx+Mzx8Jb07epU7ST8+n8/M2bmT8e+B/Raf7131p2/Y6feGT2Q7W3zXhqw+NfWTl64bEz3xh05dmP7HvoQU+N/Gze/L+5uPP/q3NvU514MPbi8roQemYFHoq9bA906BcDLxyaG0iP/8G4AS6KVaVPTMhUdVEsMSEGGhOBJYVKPJYpsWtuIP1kZRo/NzOO1nSJrAAAAAC87+LugHhcPp7/v2LBXZf9x41/umzVgUtnnzz98de+V1H5zknL7zyxzwX39li008hJefP/CZt3/n/HPDjv9P62XiEMKQuhR/KHAauqUwsDxkBNSTpxT3Wqrh7JqhZUh3Bw+8CSVb2YXv+/LLnG4JNVqapiYNf+N60f0J64oSqEIdmBNeOXHtCemJMIZBr/YlUIH28fbbLxn/RMNV6ebPyqniHskRXIVDWpZwjtjVUkq7q/Mn0dg2RVyytD2CkrkKlqWGUIcwMA3VX8Xzo5+8FZc+dNndjW1jJzGybiTvyqMKW1raVh0vS2yZUF+jQ50eecdYzOyR9TsZe++V16jaLVx0ytKyad+aFgY3Zb6R35eWcOpu/HL0PlHeNsKs+5u39yyPvuld9EyPoqVWjIpdt4yNXZlWx6EvPqj/krQq/Qc86slpkNZ0ycPXvm0NTfYrM3pf7G40ypbTU0ua2qO+tbES+PgstlJbzXbTUgu5Ihs6fNGDJr7rzBrdMmntxycstpwz7VNKxp6P5NjUPaB5X+28VIB3RWc2Kk7ywtclhbcaS7l2VV8n58aEhISHS3xE2Xj39m0UcXV3538UmXPHH++WefcvrOt1057ft9p48fdOXnlkz9et78f8a7z//jp0784E+vz1Do+H99PMyfenzTYf4JMbCk2OP/9YWO5mdODOiXCMyPgfkO8wMAAPDhEHdHxr2Zcad07SvfOP1/Tjii9NA/HP2LpqGDdrnw1qkDbnx94+kf23vekmvLKvKv/ze/uN//b6X1/zNL1x9VaJn/gbFEY6H1/5PL/GfW/59faP3/5DL/mfX/l3wA6//PyQQSm+TP1v8HAAA+DN6/9f+7XN4/eYGAvAxdLu+fvEBAXoYul/Ev9gIBm73+/89/XrbDx47YrW/ZF56YuNedB/7mpGkP7vKjUVev+3RT/TfPWPPzZXnz/0uKm/9buB8AAAC2Hyfs+6UBC14a8vVzpj/ww8Ezdn7purOfH3HPL4/75MYxfddVr+v76bz5/5Li5v/v//p/odD5//0KBZoLLQxo/T8AAAC6qULr//3t42d987p+O24Y1O/M29+6emrJ8L2fO/XXbRc9NOrwj435xyWTrs2b/y8vbv4fT7sozckde/N2bWpNu5Bc025dbeYnAwAAANA9lIaGhvIi8+YsjDryvbf5dHop0HdLZ9vtE6vWnHvvdX8fcvP5C9Ydf3rtQUf+oeyQOydf99KCU/boX/Pc2rz5/8ri5v85v8tYdWHvsYsfPWr427fWDb+hz6CFGzcd/wcAAAC2nWL3SwAAAAAAAAAAAAAAAB+8Y1b95Kz/+uWY4+4cNu/qR3d+/OT//PqsM1on/aLtiHUHPLv0hk/tk/f7/zCuo1yh3//H6/7F3xf0yckdW+16/b/0/WNHL5vbsWThqtoQ9soOTF0wdYeQvjb/PtmBFScO3KU9sSBZ4u7nDnu5PXFSMnDk4B03tCc+kwhMiIsk7pYMxKsqbuidCMTlFZ9MBuL2WJ4MVKQDF/ZOjaMkua3+UJPaViXJbfV0TQh1WYHMtrqjJtVGSXKAVyQCmQF+LRmIAxybDpQme7WsV6pXMVATiy7uleoVAADbrfgtsDxMaW1raYxf4ePt7mW5t1HOkmXn5FdbUmTzv0svTbb6mKl1xaR7JL+LbrrWeHmobB/C0Lyvq9lZSjpGuXVq6WLT9Skw5K5WeystUC5pczddReERVaVG1DBpetvk8i4Hvn/XWZrKuswyNG+yk52ltGOTFlFLEX0pYkRFbpsiuhzvl4aGhh6JXMNjsD7k6OoVUezv9bPX+Sv0KsjOs3zUQQOOW/bcgRMWPXnQtKnhI5e9M2Li5FmHXPHiU0vnjxw0oUfe/L++uPl/Zfa4NqQvBjA/Xlnv4LoQJhQ5IgAAAPjwO+W05y674P5LX32hecDL04dcuuK3c6+aV1Z783mHP3336W+OX3jSlsYHDHtj6Kl3/ebcjU2jHrqy99X3X7PTkXU//H/Vvea+tWLQmy/cvVfe/L9fcfP/uAcrfSg4tbdjZbz+/7l1IXRcWr8+Fbg5DverdSHs2ZFqjiVSF9Q/KpZoTAVujjtMBsYSE5pzq+oZA8sTgVdr04GVicCDMZDeS3FTSO/KubQ2hAM6UuNyS8yIJeoTgaNjoF8i0BADjYlA7xgYkQi83jsdaE4EHo2B0Jq7rW7tnd5WAAAAmyM9zyrPvRuS87zlZV1lKOkqQ3VXGUq7ylDZVYZCo4j3fxwzlCdOXinJylSerLUqUUtehngx/M3uV16G8FhuzmTBvKbj+QeZ8w1KcjNccWbF9Dc/33/R8UPGrB/ftPhzc38a/uHtOW9d8OYvz6977pqNJXnz/8bi5v/Vubep1h+M8/9N1/9LBR6K3bs8njreLwZeODQ3kN4x8GCc7F6Uqao5XSI9ab8olhgRA/0SgRkxMCIRmDAuHViyS24gPdPONH5upvHWdImsAAAAALzv4g6CuJsmzv+fXTv+iWnjf3vQZX1nLzx/+VFffvrXx736i3t73v3d/osebitZuzpv/j+iuPl/bK9XdmPnxd6s7R3CHSWbepMJDK5JBeJ+jJr48/i+NSHskLWDI1OipTpVoiLRcHigKvUL9YpkVXdVpdYYiPePfeK+FRe3J66oCmHvrL0vmTaerUy1UZUMDKhIBaqTgellqUDc85MJ3FmaCsAWy+wVjC+o9KkuGfWdlyvw+vuwXBM0Oby8faCd5OvsN1fbSmXygfQ+1YzNe9ryqmObyHt7rPRu647vtnrvtuwvUulvKO9sClWG0sktUybOaZsdH8n+JWuebfQ8Z/9KtZj0Vngdzn/vve1aZbIDjYmPj8bOy3X+OiyJ1a26sPfYxY8eNfzWuuE39Bm0cGPR3Sgg/lB45rCr6rM377ZWGdKvuW73edLs86Q7/hvo52kLIYy7d+xFjYfcuHDSiP7X73xH7fDLvzT4lkMbnx1XM2eXw8e89sV5efP/5uLm/2WJ2w4b48acVRfCvlkbd1Xc/KPqUp+DWYHUp+RO+YHUIfeXagt+cgIAAMDWltndkdlf0Jq+TZ0Qnpwn5+dv3sz8cX/FiE7zF9vv/lecsnL0hAN/23f8XoccvM9Zdy04er+/Tbz+tT9Wj5z0wPd+tfr6vPn/hHef//dMdNPxf8f/2UYc/+/U9r4rumfygflbtCs6rzq2Ccf/O7W9v9sc/++U4/+O/3fG8f8uOP7fqe39acv7ljTDl64Qwr9f/vm/vX3Pbv02LC393pQH5vU//rLvL1r2k52f+efH/mn69H33/FXe/H9GcfN/6/91vmhfZv2/CYXW/5tRaP2/+db/AwAAtqkCC80l53l5q/flZUiu3peXocsFArtcYtD6f5u9/t+L/3Lpgr2mjv3GiWc9dnDvR+tHrRkz6O8nvbrnmuuevHLoIyf8/dt58//5xc3/48uhV3br3WX9v37jClR1SQzMsDAgAAAA26NCOwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4YJ31xynnjVjw+J+ap39l/fLx32nd8fGHprzefMQPRy87es0pu5xyb581hz1z5s6j1p7zyuhFt5y691shtHaUK0kVLzn0r+saBo8e03fR7dcMXvrIwL9UpustT99+NCd3bPXt2hCWZD1SExPratvvbAocO3rZ3LL2xKraEPbKDkxdMHWH9sSNtSHskx1YceLAXdoTC5Il7n7usJfbEyclA0cO3nFDe+Iz6UBJsrv/1jvV3ZJkdy/uHUJdViDT3VN751aVaeOIdKA02cZ3a1JtxEBNLHpVTaqNGGiLJVp7hjCkLIQeyaoeqUxV1SNZ1U8rU1X1SFZ1dmUIB4cQypJVPV+RqqosOfLHKlJVxcCu/W9aP6A9sbQihCHZgTXjlx7QnpiZCGQaP6YihI+3v2SSjd9anmq8PNn4v5aHsEcIoSJZ4s2yVImKZIkXy0LYKSuwaSOWhTA38OEQP30mZz84a+68qRPb2lpmbsNERbqtqjClta2lYdL0tsmViT4VUpKVfuec9z72360/a1L77epjptYVky5Llyvv6HJTec7d/bf33sd+VWdXsun5yKs/5q8IvULPObNaZjacMXH27JlDU3+Lzd6U+tsjHU1tq6HdZVsNyK5kyOxpM4bMmjtvcOu0iSe3nNxy2rBPNQ1rGrp/U+OQ9kGl/26NkS59/0e6e1lWJe/H+19CQqK7JUpzPt0at/fP8bwv+ps6Wh4qOz6g86YV2VlKOka5NQY98j2O+L18TelyREPzJg55WZq6zrJ/3mRiU5aqVJaOr3V5k8Psmko7Nmm8XxoaGnoU2g71uXezN+8bW7B5n05vumLTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwv+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwLAAAAAAgzN86jJ4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAD//+GI8JI=")
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000f4)
r1 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
pwritev2(r1, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x6a000}], 0x1, 0x7000, 0x0, 0x3)

848.858429ms ago: executing program 1 (id=1074):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0x0, 0x80000)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000000)={0x0, 0x3000, 0x0, r2})
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000080)={0x5002, 0x3000, 0x8, r2})

551.756293ms ago: executing program 4 (id=1066):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10)
r1 = socket$inet(0x2, 0x6, 0x0)
shutdown(r1, 0x0)
recvmmsg(r1, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)

345.519526ms ago: executing program 5 (id=1067):
syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x800, &(0x7f0000000300)=ANY=[@ANYRES16=0x0, @ANYRES32=0x0, @ANYRES32, @ANYRESHEX, @ANYRES8=0x0, @ANYRESOCT=0x0, @ANYRESHEX], 0x1, 0x677, &(0x7f0000000640)="$eJzs3c9vHGf9B/D3rB07m/abumnS5osq1WokQEQkdqwUzIWAEMqhQlU5cLYSJ7GySYvjIrdC1OHntYf+AeXgC+ICEvdIhQMXuPWGfKyExKUXzAEtmtlZe7Neu+s28W7g9Ypmn2fmmXnm83yenf0xVrQB/mddPZ/JByly9fyr6+X61uZCa2tz4U63nmQ6yUYymaSRpPhnu93+MLmSFDvdFH3lHu+vLL7+0SdbH3fWJuul2r9x0HF96v02+jZvdLfNJpmoy8/hof6ufe7+ip3IryQ5V5cwcseStB/ywz8/vdPSozno6ONHEiPweBWd980ev6seZ5IT9YVefg7ovvM2jj7C4UwPuV//JwgAAAB40gzzHfiZ7WxnvTh5BOEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAf4WN3d//L+ql0a3Ppuj+/v9UvS11fby8dLjdHzyuOAAAAAAAAADgCL20ne2s52R3vV1Uf/N/uVo5XT0+lbdyL8tZzYWsZylrWctq5pPM9HQ0tb60trY6P8SRlwYeeelTAp2uy+ajGTcAAAAAAAAAjLWJQx/x01zd/fs/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACMgyKZ6BQp7vdsnkljMsnxJFPlho3kr936k+zBqAMAAACAI/DMdraznpPd9XaR00mer+4BHM9buZu1rGQtrSznenVfoPOtv7G1udDa2ly4Uy57+/3WPw4VRtVjOvceBp/5bLVHMzeyUm25kGt5I61cT6M6snS2jqfba19c98uYim/Whozsel2WI3+vLvd491CD3c/U7jQMY6bKyLGdjMzVsZXZeLY7M4Nn6JCz03+m+TR27vyc7jtT3x2hz5TzE3VZjueX++V8JPozcann2ff8wTlPvvSH3/5grq6Pz5CGM1GX7eqxuTcTCz2ZeGGYTNxq3b1968a9809aJvaYqzJxZmf9ar6b7+d8ZvNaVrOSH2Upa1nObL5T1ZbqyS967p/uk6krD6299mmRTNXP0M5kHS6ml6tjT2Yl38sbuZ7lvFL9u5T5fC2XczmLPTN85uAZbpZXfWOfq779fwODP/fl7sFJflWXR2x68OYyr8/25LX3NXemauvdspulUwdn6bO8Nk5+oa6U5/hZXY6H/kzM92TiuYMz8evqZeVe6+7t1VtLbw53ulPv1ZXyOvrFWL2kls+XU+VkVWsPPzvKtucGts1Xbad32hp72s7stHWu1I19r9Sp+jPc3p4uVW0vDGxbqNrO9rQN+rwFwNg78ZUTU82/N//S/KD58+at5qvHvz399ekXp3Lsj8e+MTk38cXGi8Xv80F+crgvngAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwGD33n7n9lKrtbzaV2m32+/u0zT2lcz+7alybAOauj9n9gjO9e8hd/7/p5OxSMtIK/9qt9v1lmKffX7zp7FJVLvWWr45FvGMojLa1yXg8bu4dufNi/fefuerK3eWbi7fXL67ePny4tzi5VcWLt5YaS3PdR5HHSXwOOy+6Y86EgAAAAAAAAAAAGBYR/HfCUY9RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODJdvV8Jh+kyPzchblyfWtzoVUu3frunpNJGkmKHyfFh8mVdJbM9HRX7Hee91cWX//ok62Pd/ua7O7fOOi44WzUS2aTTHTK+4+qv2t1eaDioCEUOyMsE3aumzgYtf8EAAD//1HnC5Q=")
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
link(&(0x7f0000001240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000007c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
sync()
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000003c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x800000, 0x0, 0xb7, 0x0, &(0x7f00000003c0))

231.604777ms ago: executing program 4 (id=1068):
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
eventfd(0x4)
r0 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0xec25, 0x0, 0x0, 0x40000333}, &(0x7f00000006c0)=<r1=>0x0, &(0x7f00000001c0)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x6007, @fd_index=0x4, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001800)=""/211, 0xd3}], 0x1})
io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0)

0s ago: executing program 4 (id=1069):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f00000001c0)=[{0x6}]})
openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x80082, 0x0)
r0 = syz_io_uring_setup(0x156f, &(0x7f0000000380)={0x0, 0x5885, 0x0, 0xfffffffd, 0x216}, &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

roduct: syz
[  100.134989][ T4352] usb 4-1: Manufacturer: syz
[  100.149873][ T4352] usb 4-1: SerialNumber: syz
[  100.163488][ T4767] XFS (loop1): Mounting V5 Filesystem
[  100.273114][ T4800] netlink: 64 bytes leftover after parsing attributes in process `syz.0.156'.
[  100.325941][ T4767] XFS (loop1): Ending clean mount
[  100.341644][ T4767] XFS (loop1): Quotacheck needed: Please wait.
[  100.456228][ T4767] XFS (loop1): Quotacheck: Done.
[  100.599933][ T4352] usb 4-1: 0:2 : does not exist
[  100.721176][ T4259] XFS (loop1): Unmounting Filesystem
[  101.211803][ T4352] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[  101.294533][ T4352] usb 4-1: USB disconnect, device number 2
[  101.462992][ T4806] loop4: detected capacity change from 0 to 32768
[  101.471149][ T4808] loop0: detected capacity change from 0 to 40427
[  101.484335][ T4808] F2FS-fs (loop0): invalid crc value
[  101.528995][ T4806] XFS (loop4): Mounting V5 Filesystem
[  101.531054][ T4808] F2FS-fs (loop0): Found nat_bits in checkpoint
[  101.599647][ T4808] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  101.599711][ T4806] XFS (loop4): Ending clean mount
[  101.635442][ T4806] XFS (loop4): Quotacheck needed: Please wait.
[  101.673930][ T4806] XFS (loop4): Quotacheck: Done.
[  101.819310][ T4262] syz-executor: attempt to access beyond end of device
[  101.819310][ T4262] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  101.823110][ T4260] XFS (loop4): Unmounting Filesystem
[  102.716853][ T4853] Bluetooth: MGMT ver 1.22
[  102.886326][ T4858] program syz.4.177 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  102.944915][   T14] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  103.144733][   T14] usb 2-1: Using ep0 maxpacket: 16
[  103.145599][ T4868] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  103.168819][   T14] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00
[  103.208167][   T14] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  103.234935][   T14] usb 2-1: Product: syz
[  103.251037][   T14] usb 2-1: Manufacturer: syz
[  103.268283][   T14] usb 2-1: SerialNumber: syz
[  103.299296][   T14] usb 2-1: config 0 descriptor??
[  103.307772][   T14] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected
[  103.348644][   T14] usb 2-1: Detected FT232H
[  103.376700][ T4871] loop4: detected capacity change from 0 to 64
[  103.514521][   T14] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  103.613577][ T4871] minix_free_block (loop4:2): bit already cleared
[  103.630577][ T4871] minix_free_block (loop4:3): bit already cleared
[  103.643136][ T4871] minix_free_block (loop4:4): bit already cleared
[  103.805814][ T4878] process 'syz.0.187' launched './file1' with NULL argv: empty string added
[  103.963470][   T14] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  104.177563][   T14] usb 2-1: USB disconnect, device number 3
[  104.230576][ T4890] loop4: detected capacity change from 0 to 128
[  104.231498][   T14] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  104.257397][   T14] ftdi_sio 2-1:0.0: device disconnected
[  104.355020][ T4890] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  104.394889][ T4890] ext4 filesystem being mounted at /39/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  104.673527][ T4260] EXT4-fs (loop4): unmounting filesystem.
[  104.723854][ T4900] loop3: detected capacity change from 0 to 1024
[  104.788577][ T4902] netlink: 20 bytes leftover after parsing attributes in process `syz.2.196'.
[  104.870714][ T4900] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  105.162393][ T4909] loop1: detected capacity change from 0 to 4096
[  105.240720][ T4909] ntfs: volume version 3.1.
[  105.287273][ T4250] EXT4-fs (loop3): unmounting filesystem.
[  105.448325][ T4919] netlink: 'syz.2.206': attribute type 39 has an invalid length.
[  106.174807][ T4938] input: syz0 as /devices/virtual/input/input7
[  106.624201][ T4922] loop3: detected capacity change from 0 to 40427
[  106.704545][ T4922] F2FS-fs (loop3): Found nat_bits in checkpoint
[  106.904827][ T4922] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  106.931846][ T4931] loop0: detected capacity change from 0 to 32768
[  106.988519][ T4931] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.211 (4931)
[  107.110822][ T4931] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  107.111345][ T4922] F2FS-fs (loop3): Inconsistent error blkaddr:5633, sit bitmap:0
[  107.122017][ T4931] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  107.139314][ T4931] BTRFS info (device loop0): setting nodatacow, compression disabled
[  107.155116][ T4922] CPU: 0 PID: 4922 Comm: syz.3.205 Not tainted 6.1.134-syzkaller #0
[  107.163168][ T4922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  107.173265][ T4922] Call Trace:
[  107.176592][ T4922]  <TASK>
[  107.179557][ T4922]  dump_stack_lvl+0x1e3/0x2cb
[  107.184299][ T4922]  ? nf_tcp_handle_invalid+0x647/0x647
[  107.189894][ T4922]  ? __filemap_get_folio+0x150/0xe80
[  107.195241][ T4922]  ? f2fs_get_next_page_offset+0x6c0/0x6c0
[  107.201114][ T4922]  f2fs_is_valid_blkaddr+0xc5d/0x1270
[  107.206554][ T4922]  f2fs_get_read_data_page+0x4ec/0x8c0
[  107.212071][ T4922]  ? f2fs_get_block+0x1b0/0x1b0
[  107.216988][ T4922]  f2fs_find_data_page+0x99/0x380
[  107.222154][ T4922]  f2fs_readdir+0x5c3/0xc30
[  107.226716][ T4922]  ? __might_sleep+0xb0/0xb0
[  107.228873][ T4941] mmap: syz.4.215 (4941) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  107.231366][ T4922]  ? f2fs_fill_dentries+0xd60/0xd60
[  107.248450][ T4922]  ? __mutex_lock+0x2f7/0xd80
[  107.253180][ T4922]  ? iterate_dir+0x10a/0x560
[  107.257842][ T4922]  ? __fdget_pos+0x2ba/0x360
[  107.262503][ T4922]  ? common_file_perm+0x17d/0x1d0
[  107.267584][ T4922]  ? fsnotify_perm+0x439/0x590
[  107.272412][ T4922]  iterate_dir+0x224/0x560
[  107.276885][ T4922]  ? f2fs_fill_dentries+0xd60/0xd60
[  107.282109][ T4922]  __se_sys_getdents+0x1eb/0x4c0
[  107.287107][ T4922]  ? __x64_sys_getdents+0x80/0x80
[  107.292151][ T4922]  ? fillonedir+0x4c0/0x4c0
[  107.296682][ T4922]  ? syscall_enter_from_user_mode+0x2e/0x230
[  107.302684][ T4922]  ? lockdep_hardirqs_on+0x94/0x130
[  107.307908][ T4922]  ? syscall_enter_from_user_mode+0x2e/0x230
[  107.313917][ T4922]  do_syscall_64+0x3b/0x80
[  107.318368][ T4922]  ? clear_bhb_loop+0x45/0xa0
[  107.323077][ T4922]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  107.328989][ T4922] RIP: 0033:0x7f8cad38e969
[  107.333413][ T4922] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  107.353032][ T4922] RSP: 002b:00007f8cae1ee038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[  107.361461][ T4922] RAX: ffffffffffffffda RBX: 00007f8cad5b5fa0 RCX: 00007f8cad38e969
[  107.369442][ T4922] RDX: 00000000000000b8 RSI: 0000200000001fc0 RDI: 0000000000000004
[  107.377420][ T4922] RBP: 00007f8cad410ab1 R08: 0000000000000000 R09: 0000000000000000
[  107.385401][ T4922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  107.393403][ T4922] R13: 0000000000000000 R14: 00007f8cad5b5fa0 R15: 00007ffc1ac1fe78
[  107.401395][ T4922]  </TASK>
[  107.404739][ T4931] BTRFS info (device loop0): enabling auto defrag
[  107.411254][ T4931] BTRFS info (device loop0): max_inline at 0
[  107.430181][ T4962] F2FS-fs (loop3): Inconsistent error blkaddr:5633, sit bitmap:0
[  107.445937][ T4931] BTRFS info (device loop0): using free space tree
[  107.455680][ T4962] CPU: 1 PID: 4962 Comm: syz.3.205 Not tainted 6.1.134-syzkaller #0
[  107.463724][ T4962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  107.473908][ T4962] Call Trace:
[  107.477221][ T4962]  <TASK>
[  107.480189][ T4962]  dump_stack_lvl+0x1e3/0x2cb
[  107.484918][ T4962]  ? nf_tcp_handle_invalid+0x647/0x647
[  107.490866][ T4962]  ? f2fs_get_next_page_offset+0x6c0/0x6c0
[  107.496747][ T4962]  f2fs_is_valid_blkaddr+0xc5d/0x1270
[  107.502186][ T4962]  f2fs_get_read_data_page+0x4ec/0x8c0
[  107.507702][ T4962]  ? f2fs_get_block+0x1b0/0x1b0
[  107.512612][ T4962]  ? PageHeadHuge+0x8e/0x1c0
[  107.517258][ T4962]  f2fs_find_data_page+0x99/0x380
[  107.522320][ T4962]  f2fs_readdir+0x5c3/0xc30
[  107.526862][ T4962]  ? __might_sleep+0xb0/0xb0
[  107.531533][ T4962]  ? f2fs_fill_dentries+0xd60/0xd60
[  107.536787][ T4962]  ? __mutex_lock+0x9c5/0xd80
[  107.541520][ T4962]  ? iterate_dir+0x10a/0x560
[  107.546164][ T4962]  ? __mutex_lock+0x53c/0xd80
[  107.550891][ T4962]  ? __fdget_pos+0x2ba/0x360
[  107.555539][ T4962]  ? common_file_perm+0x17d/0x1d0
[  107.560619][ T4962]  ? fsnotify_perm+0x439/0x590
[  107.565429][ T4962]  iterate_dir+0x224/0x560
[  107.569909][ T4962]  ? f2fs_fill_dentries+0xd60/0xd60
[  107.575161][ T4962]  __se_sys_getdents+0x1eb/0x4c0
[  107.580163][ T4962]  ? __x64_sys_getdents+0x80/0x80
[  107.585235][ T4962]  ? fillonedir+0x4c0/0x4c0
[  107.589797][ T4962]  ? syscall_enter_from_user_mode+0x2e/0x230
[  107.595830][ T4962]  ? lockdep_hardirqs_on+0x94/0x130
[  107.601089][ T4962]  ? syscall_enter_from_user_mode+0x2e/0x230
[  107.607216][ T4962]  do_syscall_64+0x3b/0x80
[  107.611680][ T4962]  ? clear_bhb_loop+0x45/0xa0
[  107.616409][ T4962]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  107.622349][ T4962] RIP: 0033:0x7f8cad38e969
[  107.626799][ T4962] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  107.646446][ T4962] RSP: 002b:00007f8cae1cd038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[  107.654917][ T4962] RAX: ffffffffffffffda RBX: 00007f8cad5b6080 RCX: 00007f8cad38e969
[  107.662936][ T4962] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  107.670954][ T4962] RBP: 00007f8cad410ab1 R08: 0000000000000000 R09: 0000000000000000
[  107.678955][ T4962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  107.687046][ T4962] R13: 0000000000000001 R14: 00007f8cad5b6080 R15: 00007ffc1ac1fe78
[  107.695072][ T4962]  </TASK>
[  108.258288][ T4987] loop4: detected capacity change from 0 to 1024
[  108.400097][ T4262] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  108.509991][ T4987] hfsplus: xattr searching failed
[  108.681784][ T4970] loop1: detected capacity change from 0 to 32768
[  108.727473][ T4970] XFS: ikeep mount option is deprecated.
[  108.953241][ T4970] XFS (loop1): Mounting V5 Filesystem
[  109.182100][ T4970] XFS (loop1): Ending clean mount
[  109.233220][ T4970] XFS (loop1): Quotacheck needed: Please wait.
[  109.320386][ T4970] XFS (loop1): Quotacheck: Done.
[  109.639314][ T4259] XFS (loop1): Unmounting Filesystem
[  110.775755][ T4997] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  110.964670][ T4997] usb 2-1: Using ep0 maxpacket: 8
[  110.971866][ T4997] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  111.015014][ T4997] usb 2-1: config 0 has no interface number 0
[  111.025735][ T4997] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  111.044695][ T4997] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  111.062771][ T4997] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  111.083900][ T4997] usb 2-1: config 0 descriptor??
[  111.116683][   T22] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  111.139882][ T4997] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  111.314927][   T22] usb 4-1: Using ep0 maxpacket: 32
[  111.337022][   T22] usb 4-1: config index 0 descriptor too short (expected 35577, got 27)
[  111.343840][ T4997] usb 2-1: USB disconnect, device number 4
[  111.389345][   T22] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  111.412255][   T22] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  111.428509][   T27] audit: type=1326 audit(1745489908.665:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5079 comm="syz.2.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f638ad2ab39 code=0x7ffc0000
[  111.472183][   T22] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92
[  111.505867][   T22] usb 4-1: config 1 has no interface number 0
[  111.530914][ T5063] loop0: detected capacity change from 0 to 40427
[  111.534004][   T27] audit: type=1326 audit(1745489908.665:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5079 comm="syz.2.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f638ad2ab39 code=0x7ffc0000
[  111.565557][   T22] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  111.571874][   T27] audit: type=1326 audit(1745489908.665:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5079 comm="syz.2.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f638ad2ab39 code=0x7ffc0000
[  111.611265][   T27] audit: type=1326 audit(1745489908.665:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5079 comm="syz.2.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f638ad2ab39 code=0x7ffc0000
[  111.615876][   T22] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  111.663561][   T27] audit: type=1326 audit(1745489908.665:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5079 comm="syz.2.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f638ad2ab39 code=0x7ffc0000
[  111.696060][   T27] audit: type=1326 audit(1745489908.665:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5079 comm="syz.2.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f638ad2ab39 code=0x7ffc0000
[  111.704441][ T5063] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  111.721243][   T27] audit: type=1326 audit(1745489908.665:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5079 comm="syz.2.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f638ad2ab39 code=0x7ffc0000
[  111.765500][   T22] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found
[  111.775466][ T5063] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  111.894765][   T27] audit: type=1326 audit(1745489908.685:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5079 comm="syz.2.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f638ad2ab39 code=0x7ffc0000
[  111.960372][   T22] snd_usb_pod 4-1:1.1: set_interface failed
[  111.971716][   T22] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected
[  112.000706][   T22] snd_usb_pod: probe of 4-1:1.1 failed with error -71
[  112.011909][ T5063] F2FS-fs (loop0): Found nat_bits in checkpoint
[  112.115048][   T22] usb 4-1: USB disconnect, device number 3
[  112.151536][   T27] audit: type=1326 audit(1745489908.685:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5079 comm="syz.2.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f638ad8e969 code=0x7ffc0000
[  112.290480][   T27] audit: type=1326 audit(1745489908.685:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5079 comm="syz.2.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f638ad8e969 code=0x7ffc0000
[  112.398683][ T5063] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  112.425920][ T5063] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  112.528125][ T5094] loop4: detected capacity change from 0 to 512
[  112.560110][ T5094] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  112.647710][ T5094] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -13
[  112.713740][ T5094] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.260: invalid indirect mapped block 2683928664 (level 1)
[  112.741420][ T5094] EXT4-fs (loop4): Remounting filesystem read-only
[  112.766102][ T5063] support for the xor transformation has been removed.
[  112.801858][ T5094] EXT4-fs (loop4): 1 truncate cleaned up
[  112.814758][ T5094] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  112.967813][ T4262] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix.
[  112.967843][ T4262] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix.
[  113.001252][ T4262] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix.
[  113.016300][ T4262] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix.
[  113.024244][ T4262] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix.
[  113.088814][ T4262] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix.
[  113.109807][ T4262] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix.
[  113.119329][ T4260] EXT4-fs (loop4): unmounting filesystem.
[  113.693794][ T5126] loop1: detected capacity change from 0 to 256
[  113.747397][ T5126] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6e84b2e, utbl_chksum : 0xe619d30d)
[  113.795473][ T3582] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  113.985706][ T3582] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  114.001324][ T3582] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  114.021923][ T3582] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  114.044271][ T3582] usb 5-1: config 0 interface 0 has no altsetting 0
[  114.058901][ T5134] loop0: detected capacity change from 0 to 512
[  114.078421][ T3582] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  114.111200][ T3582] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  114.142108][ T3582] usb 5-1: config 0 interface 0 has no altsetting 0
[  114.159888][ T3582] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  114.180599][ T3582] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  114.201892][ T3582] usb 5-1: config 0 interface 0 has no altsetting 0
[  114.211140][ T5134] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  114.220678][ T5134] ext4 filesystem being mounted at /56/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  114.234119][ T3582] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  114.244111][ T3582] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  114.255608][ T3582] usb 5-1: config 0 interface 0 has no altsetting 0
[  114.275603][ T3582] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  114.294782][ T3582] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  114.306811][ T3582] usb 5-1: config 0 interface 0 has no altsetting 0
[  114.327614][ T3582] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  114.344714][ T3582] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  114.367565][ T3582] usb 5-1: config 0 interface 0 has no altsetting 0
[  114.407996][ T4262] EXT4-fs (loop0): unmounting filesystem.
[  114.415065][ T3582] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  114.423998][ T3582] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  114.454717][ T3582] usb 5-1: config 0 interface 0 has no altsetting 0
[  114.472871][ T3582] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  114.494809][ T3582] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  114.510235][ T3582] usb 5-1: config 0 interface 0 has no altsetting 0
[  114.536703][ T3582] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  114.565278][ T3582] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  114.594362][ T3582] usb 5-1: Product: syz
[  114.604352][ T3582] usb 5-1: Manufacturer: syz
[  114.629146][ T3582] usb 5-1: SerialNumber: syz
[  114.650738][ T3582] usb 5-1: config 0 descriptor??
[  114.705197][ T3582] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0
[  114.975404][ T3582] usb 5-1: USB disconnect, device number 2
[  115.008887][ T3582] yurex 5-1:0.0: USB YUREX #0 now disconnected
[  115.044510][ T5152] input: syz0 as /devices/virtual/input/input8
[  115.145984][ T4300] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  115.161846][ T5154] Bluetooth: hci0: service_discovery: expected 4 bytes, got 7 bytes
[  115.339789][ T4300] usb 1-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  115.359544][ T4300] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  115.387982][ T4300] usb 1-1: Product: syz
[  115.394188][ T4300] usb 1-1: Manufacturer: syz
[  115.399311][ T4300] usb 1-1: SerialNumber: syz
[  115.431982][ T4300] usb 1-1: config 0 descriptor??
[  115.728612][ T5167] program syz.1.291 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  115.771891][ T4300] usb 1-1: USB disconnect, device number 3
[  115.864202][ T5169] loop3: detected capacity change from 0 to 2048
[  115.963405][ T5169] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  116.139310][ T4250] EXT4-fs (loop3): unmounting filesystem.
[  117.003265][ T5212] netlink: 'syz.4.309': attribute type 1 has an invalid length.
[  117.264802][ T4997] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  117.362062][ T5222] loop0: detected capacity change from 0 to 128
[  117.411238][ T5222] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256
[  117.454723][ T4997] usb 2-1: Using ep0 maxpacket: 16
[  117.464036][ T4997] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  117.498858][ T4997] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  117.529116][ T4997] usb 2-1: Product: syz
[  117.531727][ T5222] UDF-fs: error (device loop0): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40)
[  117.533317][ T4997] usb 2-1: Manufacturer: syz
[  117.533337][ T4997] usb 2-1: SerialNumber: syz
[  117.555173][ T4997] r8152-cfgselector 2-1: config 0 descriptor??
[  117.736010][ T5230] loop3: detected capacity change from 0 to 256
[  117.776825][ T5230] exfat: Deprecated parameter 'utf8'
[  117.808289][ T4997] r8152-cfgselector 2-1: Unknown version 0x0000
[  117.921224][ T5236] loop0: detected capacity change from 0 to 512
[  118.009622][ T5236] __quota_error: 295 callbacks suppressed
[  118.009644][ T5236] Quota error (device loop0): do_check_range: Getting dqdh_entries 1536 out of range 0-14
[  118.028357][ T5236] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  118.040522][ T4997] r8152-cfgselector 2-1: Unknown version 0x0000
[  118.049050][ T4997] r8152-cfgselector 2-1: USB disconnect, device number 5
[  118.056496][ T5236] EXT4-fs error (device loop0): ext4_acquire_dquot:6802: comm syz.0.322: Failed to acquire dquot type 1
[  118.126114][ T5236] EXT4-fs (loop0): 1 truncate cleaned up
[  118.158173][ T5236] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  118.193239][ T5236] ext4 filesystem being mounted at /63/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  118.337016][ T5236] EXT4-fs (loop0): re-mounted. Quota mode: writeback.
[  118.386029][ T5236] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended
[  118.412963][ T5250] device syzkaller1 entered promiscuous mode
[  118.452873][ T5236] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.322: bg 0: block 248: padding at end of block bitmap is not set
[  118.480592][ T5236] Quota error (device loop0): write_blk: dquota write failed
[  118.499295][ T5236] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  118.515967][ T5236] EXT4-fs error (device loop0): ext4_acquire_dquot:6802: comm syz.0.322: Failed to acquire dquot type 1
[  118.530960][ T5236] EXT4-fs (loop0): re-mounted. Quota mode: writeback.
[  118.566750][ T5236] syz.0.322 (5236) used greatest stack depth: 19872 bytes left
[  118.588216][ T4262] EXT4-fs error (device loop0): ext4_readdir:263: inode #2: block 3: comm syz-executor: path /63/file0: bad entry in directory: rec_len % 4 != 0 - offset=92, inode=2164260880, rec_len=231, size=4096 fake=0
[  118.760689][ T5257] loop1: detected capacity change from 0 to 256
[  119.014894][ T4299] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  119.120098][   T33] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  119.226514][ T4299] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  119.255391][ T4299] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  119.272671][ T4299] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  119.287798][ T4299] usb 3-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  119.297435][ T4299] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  119.317411][ T4299] usb 3-1: config 0 descriptor??
[  119.327751][   T33] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  119.457569][   T33] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  119.677656][   T33] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  119.810587][ T4299] acrux 0003:1A34:0802.0001: hidraw0: USB HID v0.00 Device [HID 1a34:0802] on usb-dummy_hcd.2-1/input0
[  119.849641][ T4299] acrux 0003:1A34:0802.0001: no inputs found
[  119.881817][ T4299] acrux 0003:1A34:0802.0001: Failed to enable force feedback support, error: -19
[  120.057024][ T5277] loop1: detected capacity change from 0 to 8192
[  120.107300][ T5277] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  120.129557][ T5277] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal
[  120.134519][ T4299] usb 3-1: USB disconnect, device number 3
[  120.161616][ T5277] REISERFS (device loop1): using ordered data mode
[  120.241622][ T5277] reiserfs: using flush barriers
[  120.250927][ T4269] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  120.262798][ T4269] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  120.276970][ T4269] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  120.284137][ T5277] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  120.305107][ T4269] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  120.313197][ T5277] REISERFS (device loop1): checking transaction log (loop1)
[  120.323049][ T4269] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  120.330583][ T4269] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  120.334023][ T5277] REISERFS (device loop1): Using r5 hash to sort names
[  120.431508][ T5294] loop3: detected capacity change from 0 to 512
[  120.436289][ T5277] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  120.455057][ T5294] EXT4-fs: Ignoring removed nobh option
[  120.486392][ T5294] fscrypt (loop3, inode 2): Error -61 getting encryption context
[  120.496310][ T5294] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -61
[  120.508754][ T5294] EXT4-fs error (device loop3): ext4_orphan_get:1400: inode #13: comm syz.3.347: casefold flag without casefold feature
[  120.523385][ T5294] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.347: couldn't read orphan inode 13 (err -117)
[  120.557689][ T5294] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  120.585649][ T5294] fscrypt (loop3, inode 2): Error -61 getting encryption context
[  120.750038][ T4250] EXT4-fs (loop3): unmounting filesystem.
[  121.494158][ T5287] chnl_net:caif_netlink_parms(): no params data found
[  121.935021][ T5307] loop4: detected capacity change from 0 to 40427
[  121.954941][ T4258] Bluetooth: hci4: command 0x0405 tx timeout
[  121.968102][ T5307] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  121.976227][ T5307] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  122.000790][ T5307] F2FS-fs (loop4): invalid crc value
[  122.021935][ T5307] F2FS-fs (loop4): Found nat_bits in checkpoint
[  122.131166][ T5307] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  122.139651][ T5307] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  122.243898][ T5287] bridge0: port 1(bridge_slave_0) entered blocking state
[  122.261937][ T5287] bridge0: port 1(bridge_slave_0) entered disabled state
[  122.311661][ T5287] device bridge_slave_0 entered promiscuous mode
[  122.347018][ T5287] bridge0: port 2(bridge_slave_1) entered blocking state
[  122.380634][ T5287] bridge0: port 2(bridge_slave_1) entered disabled state
[  122.405812][   T27] audit: type=1800 audit(1745489919.645:460): pid=5336 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.350" name="file0" dev="loop4" ino=456 res=0 errno=0
[  122.434749][ T4258] Bluetooth: hci3: command 0x0409 tx timeout
[  122.452968][ T5324] loop1: detected capacity change from 0 to 32768
[  122.462970][ T5287] device bridge_slave_1 entered promiscuous mode
[  122.518690][ T5324] XFS (loop1): Mounting V5 Filesystem
[  122.716176][ T5324] XFS (loop1): Ending clean mount
[  122.724978][ T5324] XFS (loop1): Quotacheck needed: Please wait.
[  122.757169][   T27] audit: type=1326 audit(1745489919.995:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5346 comm="syz.3.358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cad38e969 code=0x7ffc0000
[  122.815172][   T27] audit: type=1326 audit(1745489919.995:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5346 comm="syz.3.358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f8cad38e969 code=0x7ffc0000
[  122.858072][ T5324] XFS (loop1): Quotacheck: Done.
[  122.913712][ T4559] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  122.950801][ T5287] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  122.965698][   T27] audit: type=1326 audit(1745489919.995:463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5346 comm="syz.3.358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cad38e969 code=0x7ffc0000
[  122.970805][ T4559] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  123.044327][   T27] audit: type=1326 audit(1745489919.995:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5346 comm="syz.3.358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cad38e969 code=0x7ffc0000
[  123.105056][   T33] device hsr_slave_0 left promiscuous mode
[  123.135435][   T33] device hsr_slave_1 left promiscuous mode
[  123.164828][   T27] audit: type=1326 audit(1745489920.015:465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5346 comm="syz.3.358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f8cad38e969 code=0x7ffc0000
[  123.189378][   T33] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  123.204775][   T33] batman_adv: batadv0: Removing interface: batadv_slave_0
[  123.253082][   T27] audit: type=1326 audit(1745489920.015:466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5346 comm="syz.3.358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cad38e969 code=0x7ffc0000
[  123.284701][   T33] device bridge_slave_1 left promiscuous mode
[  123.293747][   T33] bridge0: port 2(bridge_slave_1) entered disabled state
[  123.326059][ T4259] XFS (loop1): Unmounting Filesystem
[  123.347838][   T27] audit: type=1326 audit(1745489920.015:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5346 comm="syz.3.358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cad38e969 code=0x7ffc0000
[  123.380417][   T33] device bridge_slave_0 left promiscuous mode
[  123.388978][   T33] bridge0: port 1(bridge_slave_0) entered disabled state
[  123.439073][   T27] audit: type=1326 audit(1745489920.025:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5346 comm="syz.3.358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7f8cad38e969 code=0x7ffc0000
[  123.543562][   T27] audit: type=1326 audit(1745489920.025:469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5346 comm="syz.3.358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cad38e969 code=0x7ffc0000
[  123.587713][   T33] device veth1_macvtap left promiscuous mode
[  123.616871][   T33] device veth0_macvtap left promiscuous mode
[  123.624358][   T33] device veth1_vlan left promiscuous mode
[  123.665527][   T27] audit: type=1326 audit(1745489920.025:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5346 comm="syz.3.358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cad38e969 code=0x7ffc0000
[  123.689499][   T33] device veth0_vlan left promiscuous mode
[  123.741258][   T27] audit: type=1326 audit(1745489920.035:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5346 comm="syz.3.358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=197 compat=0 ip=0x7f8cad38e969 code=0x7ffc0000
[  123.865314][   T27] audit: type=1326 audit(1745489920.035:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5346 comm="syz.3.358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cad38e969 code=0x7ffc0000
[  124.080404][   T27] audit: type=1326 audit(1745489920.035:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5346 comm="syz.3.358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cad38e969 code=0x7ffc0000
[  124.515059][ T4258] Bluetooth: hci3: command 0x041b tx timeout
[  124.560927][ T5386] loop1: detected capacity change from 0 to 512
[  124.592910][ T5386] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  124.638280][ T5386] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[  124.670777][ T5386] EXT4-fs (loop1): warning: checktime reached, running e2fsck is recommended
[  124.698760][ T5386] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002]
[  124.709257][ T5386] System zones: 0-2, 18-18, 34-34
[  124.729791][ T5386] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1086: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  124.797705][ T5386] EXT4-fs (loop1): 1 truncate cleaned up
[  124.824004][ T5386] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  124.991952][ T4259] EXT4-fs (loop1): unmounting filesystem.
[  125.166332][   T33] team0 (unregistering): Port device team_slave_1 removed
[  125.244121][   T33] team0 (unregistering): Port device team_slave_0 removed
[  125.275753][ T5396] loop1: detected capacity change from 0 to 1024
[  125.308171][   T33] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  125.322587][ T5396] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  125.374172][ T5396] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3841: comm syz.1.370: Allocating blocks 385-513 which overlap fs metadata
[  125.415778][   T33] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  125.456386][ T5395] EXT4-fs (loop1): pa ffff888073b38b60: logic 16, phys. 129, len 24
[  125.472207][ T5395] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 8
[  125.540417][ T4259] EXT4-fs (loop1): unmounting filesystem.
[  125.782531][ T5402] loop1: detected capacity change from 0 to 1024
[  126.247914][   T33] bond0 (unregistering): Released all slaves
[  126.330615][ T5287] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  126.361256][ T5406] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  126.595104][ T4258] Bluetooth: hci3: command 0x040f tx timeout
[  126.653179][ T5287] team0: Port device team_slave_0 added
[  126.678175][ T5287] team0: Port device team_slave_1 added
[  126.779599][ T5287] batman_adv: batadv0: Adding interface: batadv_slave_0
[  126.793703][ T5287] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  126.827777][ T5287] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  126.859460][ T5287] batman_adv: batadv0: Adding interface: batadv_slave_1
[  126.901998][ T5287] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  126.935150][ T4333] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  127.011985][ T5287] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  127.140705][ T4333] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  127.167208][ T4333] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  127.179867][ T5287] device hsr_slave_0 entered promiscuous mode
[  127.184765][ T4333] usb 3-1: Product: syz
[  127.190478][ T4333] usb 3-1: Manufacturer: syz
[  127.197528][ T5287] device hsr_slave_1 entered promiscuous mode
[  127.200677][ T4333] usb 3-1: SerialNumber: syz
[  127.225943][ T4333] usb 3-1: config 0 descriptor??
[  127.236057][ T5287] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  127.275478][ T5287] Cannot create hsr debugfs directory
[  127.337971][ T5434] loop1: detected capacity change from 0 to 256
[  127.414916][ T4240] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  127.597087][ T5438] sctp: [Deprecated]: syz.4.382 (pid 5438) Use of struct sctp_assoc_value in delayed_ack socket option.
[  127.597087][ T5438] Use struct sctp_sack_info instead
[  127.619964][ T4240] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  127.643188][ T4240] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  127.671496][ T4333] usb 3-1: Firmware: major: 0, minor: 105, hardware type: UNKNOWN (35)
[  127.692786][ T4240] usb 4-1: config 0 descriptor??
[  127.873151][ T4333] usb 3-1: failed to fetch extended address, random address set
[  127.891811][ T4333] usb 3-1: atusb_probe: initialization failed, error = -524
[  127.902155][ T5287] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  127.910723][ T4333] atusb: probe of 3-1:0.0 failed with error -524
[  127.928701][ T4240] usb 4-1: Cannot read MAC address
[  127.936998][ T4240] MOSCHIP usb-ethernet driver: probe of 4-1:0.0 failed with error -71
[  127.943360][ T5287] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  127.968960][ T4333] usb 3-1: USB disconnect, device number 4
[  127.987753][ T4240] usb 4-1: USB disconnect, device number 4
[  128.046391][ T5287] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  128.113985][ T5287] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  128.341795][ T5287] 8021q: adding VLAN 0 to HW filter on device bond0
[  128.367914][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  128.383167][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  128.398436][ T5287] 8021q: adding VLAN 0 to HW filter on device team0
[  128.423234][ T4542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  128.479462][ T4542] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  128.515918][ T4542] bridge0: port 1(bridge_slave_0) entered blocking state
[  128.523081][ T4542] bridge0: port 1(bridge_slave_0) entered forwarding state
[  128.626020][ T4542] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  128.664934][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  128.673800][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  128.685194][ T4258] Bluetooth: hci3: command 0x0419 tx timeout
[  128.697525][   T33] bridge0: port 2(bridge_slave_1) entered blocking state
[  128.704741][   T33] bridge0: port 2(bridge_slave_1) entered forwarding state
[  128.733695][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  128.756060][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  128.781731][ T4571] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  128.807996][ T4571] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  128.829071][ T4571] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  128.911033][ T4571] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  128.935036][ T4571] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  128.961076][ T5465] loop1: detected capacity change from 0 to 4096
[  128.962692][ T4571] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  129.038654][ T4571] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  129.040448][ T5465] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  129.110944][ T5287] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  129.136036][ T4259] EXT4-fs (loop1): unmounting filesystem.
[  129.171712][ T5287] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  129.240566][ T4564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  129.265380][ T4564] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  129.339545][ T5466] device syzkaller1 entered promiscuous mode
[  129.711899][ T5490] loop1: detected capacity change from 0 to 16
[  129.793724][ T5490] erofs: (device loop1): mounted with root inode @ nid 36.
[  129.958311][ T4564] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  129.977815][ T4564] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  129.995982][ T4240] usb 3-1: new full-speed USB device number 5 using dummy_hcd
[  130.055868][ T5287] 8021q: adding VLAN 0 to HW filter on device batadv0
[  130.199166][ T4240] usb 3-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  130.225234][ T4240] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  130.267996][ T4240] usb 3-1: config 0 descriptor??
[  130.306667][ T4240] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  130.482554][ T4240] gp8psk: usb in 128 operation failed.
[  130.716525][ T4240] gp8psk: usb in 146 operation failed.
[  130.722073][ T4240] gp8psk: failed to get FW version
[  130.756546][ T4240] gp8psk: FPGA Version = 30
[  130.957942][ T4240] gp8psk: usb in 138 operation failed.
[  130.963487][ T4240] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  131.004678][ T4240] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[  131.077430][ T5535] device syzkaller1 entered promiscuous mode
[  131.083713][ T4240] usb 3-1: USB disconnect, device number 5
[  131.203404][ T4542] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  131.222933][ T4542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  131.315741][ T4542] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  131.326758][ T4542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  131.378872][ T5287] device veth0_vlan entered promiscuous mode
[  131.387546][ T4542] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  131.406861][ T4542] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  131.438572][ T5287] device veth1_vlan entered promiscuous mode
[  131.533308][ T5546] loop4: detected capacity change from 0 to 256
[  131.580773][ T5546] exFAT-fs (loop4): bogus sector size bits : 0
[  131.604473][ T5287] device veth0_macvtap entered promiscuous mode
[  131.634913][ T5546] exFAT-fs (loop4): failed to read boot sector
[  131.641257][ T5546] exFAT-fs (loop4): failed to recognize exfat type
[  131.657002][ T4571] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  131.666011][ T4571] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  131.687082][ T5546] exFAT-fs (loop4): bogus sector size bits : 0
[  131.693355][ T5546] exFAT-fs (loop4): failed to read boot sector
[  131.725742][ T4571] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  131.745084][ T5546] exFAT-fs (loop4): failed to recognize exfat type
[  131.787108][ T4571] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  131.847377][ T5287] device veth1_macvtap entered promiscuous mode
[  131.877438][ T4571] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  131.886578][ T4571] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  131.940397][ T5287] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  131.952546][ T5287] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  131.963903][ T5287] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  131.975774][ T5287] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  132.007010][ T5557] loop1: detected capacity change from 0 to 64
[  132.010788][ T5287] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  132.024160][ T5287] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  132.047198][ T5287] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  132.063947][ T5287] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  132.078269][ T5287] batman_adv: batadv0: Interface activated: batadv_slave_0
[  132.108564][ T5287] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  132.114750][ T4997] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  132.122100][ T5287] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  132.138276][ T5287] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  132.150315][ T5287] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  132.161419][ T5287] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  132.174434][ T5287] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  132.186550][ T5287] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  132.217222][ T5287] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  132.230216][ T5287] batman_adv: batadv0: Interface activated: batadv_slave_1
[  132.253121][ T4571] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  132.276297][ T4571] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  132.309795][ T4571] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  132.331071][ T4571] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  132.348064][ T4997] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  132.371186][ T4997] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  132.402412][ T4997] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  132.423720][ T5287] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  132.428236][ T4997] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  132.456257][ T5287] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  132.482812][ T4997] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  132.484797][ T5287] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  132.537817][ T4997] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  132.553999][ T5287] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  132.568370][ T4997] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  132.579652][ T5568] netlink: 136 bytes leftover after parsing attributes in process `syz.1.419'.
[  132.603677][ T4997] usb 4-1: Product: syz
[  132.625410][ T4997] usb 4-1: Manufacturer: syz
[  132.643731][ T4997] cdc_wdm 4-1:1.0: skipping garbage
[  132.664225][ T4997] cdc_wdm 4-1:1.0: skipping garbage
[  132.720404][ T4997] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  132.744818][ T4997] cdc_wdm 4-1:1.0: Unknown control protocol
[  132.758898][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  132.766042][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  132.807623][ T4542] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  132.861214][ T4542] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  132.967251][ T4559] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  132.990730][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  132.997631][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  133.004733][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  133.005436][ T4559] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  133.011350][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  133.012190][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  133.032310][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  133.045367][ T4559] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  133.055281][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  133.062288][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  133.069642][ T4298] usb 4-1: USB disconnect, device number 5
[  133.118869][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  133.524521][ T5595] Zero length message leads to an empty skb
[  133.799427][ T4298] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  134.019297][ T4298] usb 2-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  134.039229][ T4298] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.041263][ T5609] loop3: detected capacity change from 0 to 2048
[  134.075644][ T4298] usb 2-1: config 0 descriptor??
[  134.090505][ T5617] netlink: 80 bytes leftover after parsing attributes in process `syz.5.434'.
[  134.104097][ T4298] gspca_main: cpia1-2.14.0 probing 0813:0001
[  134.135482][ T5609] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=4096, location=4096
[  134.185097][ T5609] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found!
[  134.206973][ T5609] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found!
[  134.233600][ T5609] UDF-fs: Scanning with blocksize 512 failed
[  134.263676][ T5609] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[  134.278509][ T5609] UDF-fs: Scanning with blocksize 1024 failed
[  134.315332][ T5609] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
[  134.348115][ T5609] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[  134.363246][ T5609] UDF-fs: Scanning with blocksize 2048 failed
[  134.384291][ T5609] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  134.442645][ T5609] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
[  134.473893][ T5609] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[  134.490743][ T5609] UDF-fs: Scanning with blocksize 4096 failed
[  134.507337][ T5609] UDF-fs: warning (device loop3): udf_fill_super: No partition found (1)
[  134.517544][ T4298] cpia1 2-1:0.0: unexpected state after lo power cmd: 00
[  134.814935][ T3582] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  135.006720][ T3582] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  135.046301][ T3582] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  135.075032][ T3582] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  135.091741][ T3582] usb 5-1: Product: syz
[  135.104694][ T3582] usb 5-1: Manufacturer: syz
[  135.109533][ T3582] usb 5-1: SerialNumber: syz
[  135.150469][ T3582] usb 5-1: selecting invalid altsetting 1
[  135.164187][ T4298] gspca_cpia1: usb_control_msg 05, error -71
[  135.193048][ T4298] cpia1 2-1:0.0: unexpected systemstate: 00
[  135.227184][ T4298] usb 2-1: USB disconnect, device number 6
[  135.581691][ T3582] cdc_ncm 5-1:1.0: failed GET_NTB_PARAMETERS
[  135.595594][ T3582] cdc_ncm 5-1:1.0: bind() failure
[  135.641821][ T3582] usb 5-1: USB disconnect, device number 3
[  135.805001][   T22] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  135.849178][ T5656] capability: warning: `syz.1.443' uses deprecated v2 capabilities in a way that may be insecure
[  136.004725][   T22] usb 4-1: Using ep0 maxpacket: 16
[  136.011890][   T22] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  136.068580][   T22] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  136.106384][   T22] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  136.138697][   T22] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  136.158499][   T22] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  136.194220][   T22] usb 4-1: Product: syz
[  136.221433][   T22] usb 4-1: Manufacturer: syz
[  136.261088][   T22] usb 4-1: SerialNumber: syz
[  136.549318][   T22] usb 4-1: 2:1 : format type 0 is detected, processed as PCM
[  136.575684][   T22] usb 4-1: 2:1: cannot set freq 9338507 to ep 0x82
[  136.714082][   T22] usb 4-1: USB disconnect, device number 6
[  137.059687][ T5694] loop1: detected capacity change from 0 to 2048
[  137.107406][ T4368] udevd[4368]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  137.265258][ T5694] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  137.316211][ T5694] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  137.425017][ T5694] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 3 with error 28
[  137.494690][ T5694] EXT4-fs (loop1): This should not happen!! Data will be lost
[  137.494690][ T5694] 
[  137.557280][ T5694] EXT4-fs (loop1): Total free blocks count 0
[  137.593823][ T5694] EXT4-fs (loop1): Free/Dirty block details
[  137.632757][ T5694] EXT4-fs (loop1): free_blocks=2415919104
[  137.652328][ T5712] loop5: detected capacity change from 0 to 2048
[  137.669192][ T5694] EXT4-fs (loop1): dirty_blocks=16
[  137.689548][ T5694] EXT4-fs (loop1): Block reservation details
[  137.724737][ T5694] EXT4-fs (loop1): i_reserved_data_blocks=1
[  137.741579][ T5712] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  137.921952][ T4259] EXT4-fs (loop1): unmounting filesystem.
[  138.198431][ T5725] device syzkaller1 entered promiscuous mode
[  138.544863][ T4333] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  138.642513][ T5738] rdma_op ffff88805523f1f0 conn xmit_rdma 0000000000000000
[  138.744846][ T4333] usb 6-1: Using ep0 maxpacket: 32
[  138.752113][ T4333] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  138.794035][ T4333] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  138.844876][ T4333] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  138.894736][ T4333] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  138.918334][ T4333] usb 6-1: config 0 descriptor??
[  138.962769][ T5748] netlink: 'syz.3.471': attribute type 12 has an invalid length.
[  139.024890][ T5748] netlink: 'syz.3.471': attribute type 2 has an invalid length.
[  139.053408][ T5748] netlink: 'syz.3.471': attribute type 7 has an invalid length.
[  139.093032][ T5748] netlink: 'syz.3.471': attribute type 10 has an invalid length.
[  139.111353][ T5748] netlink: 'syz.3.471': attribute type 2 has an invalid length.
[  139.138177][ T5748] netlink: 'syz.3.471': attribute type 1 has an invalid length.
[  139.169088][ T5748] netlink: 'syz.3.471': attribute type 5 has an invalid length.
[  139.184304][ T5754] loop1: detected capacity change from 0 to 256
[  139.212438][ T5748] netlink: 64 bytes leftover after parsing attributes in process `syz.3.471'.
[  139.286343][ T5754] FAT-fs (loop1): Directory bread(block 64) failed
[  139.296127][ T5754] FAT-fs (loop1): Directory bread(block 65) failed
[  139.302895][ T5754] FAT-fs (loop1): Directory bread(block 66) failed
[  139.320601][ T5754] FAT-fs (loop1): Directory bread(block 67) failed
[  139.329117][ T5754] FAT-fs (loop1): Directory bread(block 68) failed
[  139.342054][ T5754] FAT-fs (loop1): Directory bread(block 69) failed
[  139.352243][ T5754] FAT-fs (loop1): Directory bread(block 70) failed
[  139.384767][ T5754] FAT-fs (loop1): Directory bread(block 71) failed
[  139.391643][ T5754] FAT-fs (loop1): Directory bread(block 72) failed
[  139.422045][ T5754] FAT-fs (loop1): Directory bread(block 73) failed
[  139.426926][ T4333] savu 0003:1E7D:2D5A.0002: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.5-1/input0
[  139.521581][ T5759] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  139.762747][ T4298] usb 6-1: USB disconnect, device number 2
[  139.842670][ T4559] kworker/u4:21: attempt to access beyond end of device
[  139.842670][ T4559] loop1: rw=1, sector=1224, nr_sectors = 12 limit=256
[  140.265063][ T5777] xt_CT: No such helper "snmp"
[  140.303888][ T5786] loop9: detected capacity change from 0 to 8
[  140.317056][ T5786] Dev loop9: unable to read RDB block 8
[  140.337850][ T5786]  loop9: unable to read partition table
[  140.343694][ T5786] loop9: partition table beyond EOD, truncated
[  140.358406][ T5786] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5)
[  140.525549][ T5791] loop5: detected capacity change from 0 to 128
[  140.559858][ T5791] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  140.624029][ T5791] ext4 filesystem being mounted at /10/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  140.720745][ T5801] device batadv_slave_1 entered promiscuous mode
[  140.766549][ T5800] device batadv_slave_1 left promiscuous mode
[  140.784676][ T5791] overlayfs: upper fs needs to support d_type.
[  140.928089][ T5287] EXT4-fs (loop5): unmounting filesystem.
[  141.114308][ T5813] loop5: detected capacity change from 0 to 1024
[  141.197183][ T5813] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  141.479363][ T5287] EXT4-fs (loop5): unmounting filesystem.
[  141.597491][ T5832] rdma_op ffff8880761731f0 conn xmit_rdma 0000000000000000
[  141.699171][   T22] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  141.758358][ T4300] usb 4-1: new full-speed USB device number 7 using dummy_hcd
[  141.830697][ T5838] loop1: detected capacity change from 0 to 1024
[  141.868458][ T5838] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  141.874267][ T5841] sp0: Synchronizing with TNC
[  141.894774][   T22] usb 3-1: Using ep0 maxpacket: 32
[  141.904150][   T22] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  141.907390][ T5838] ext4 filesystem being mounted at /99/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  141.916097][   T22] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  141.936205][   T22] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  141.945610][   T22] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  141.965679][   T22] usb 3-1: config 0 descriptor??
[  141.976699][ T4300] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  141.989674][ T5838] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.509: bg 0: block 393: padding at end of block bitmap is not set
[  142.004060][ T4300] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[  142.014322][ T4300] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  142.028488][ T5838] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6170: Corrupt filesystem
[  142.046492][ T4300] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  142.064734][ T4300] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  142.072838][ T4300] usb 4-1: Product: syz
[  142.095002][ T4300] usb 4-1: Manufacturer: syz
[  142.099792][ T4300] usb 4-1: SerialNumber: syz
[  142.120778][ T4300] usb 4-1: selecting invalid altsetting 1
[  142.218522][ T4259] EXT4-fs (loop1): unmounting filesystem.
[  142.342161][ T5851] loop5: detected capacity change from 0 to 512
[  142.378582][ T5851] EXT4-fs (loop5): Test dummy encryption mode enabled
[  142.400402][   T22] savu 0003:1E7D:2D5A.0003: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0
[  142.405017][ T5851] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  142.450981][ T5851] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  142.509827][ T5851] EXT4-fs (loop5): 1 truncate cleaned up
[  142.521228][ T5851] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  142.712977][ T4333] usb 3-1: USB disconnect, device number 6
[  142.755614][ T4300] usb 4-1: selecting invalid altsetting 1
[  142.761439][ T4300] cdc_ncm 4-1:1.0: bind() failure
[  142.953702][ T4300] usb 4-1: USB disconnect, device number 7
[  143.169294][ T5851] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni"
[  143.367304][ T5287] EXT4-fs (loop5): unmounting filesystem.
[  143.510519][ T5884] netlink: 'syz.2.525': attribute type 1 has an invalid length.
[  143.532839][ T5884] netlink: 'syz.2.525': attribute type 2 has an invalid length.
[  143.654976][ T5884] netlink: 'syz.2.525': attribute type 1 has an invalid length.
[  144.538740][ T5915] loop4: detected capacity change from 0 to 512
[  144.575041][ T5915] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  144.654020][ T5915] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  144.717610][ T5915] ext4 filesystem being mounted at /126/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  144.757738][ T5902] loop1: detected capacity change from 0 to 32768
[  144.781788][ T5902] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.532 (5902)
[  144.863461][ T5902] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  144.913378][ T5902] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  144.954265][ T5902] BTRFS info (device loop1): setting nodatacow, compression disabled
[  144.980685][ T5902] BTRFS info (device loop1): enabling auto defrag
[  145.038844][ T5902] BTRFS info (device loop1): max_inline at 0
[  145.056241][ T4260] EXT4-fs (loop4): unmounting filesystem.
[  145.069202][ T5902] BTRFS info (device loop1): using free space tree
[  145.908568][ T5965] loop5: detected capacity change from 0 to 2048
[  145.969899][ T5965] UDF-fs: error (device loop5): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  146.002630][ T5965] UDF-fs: error (device loop5): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  146.059983][ T5965] UDF-fs: error (device loop5): udf_read_tagged: tag checksum failed, block 160: 0x0b != 0xd4
[  146.072732][ T5965] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  146.298913][ T5977] vcan0: tx drop: invalid sa for name 0x0000000000000001
[  146.314367][ T4259] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  146.411260][   T22] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  146.614720][   T22] usb 5-1: Using ep0 maxpacket: 32
[  146.634130][   T22] usb 5-1: config 0 has an invalid interface number: 184 but max is 0
[  146.651366][   T22] usb 5-1: config 0 has no interface number 0
[  146.657693][   T22] usb 5-1: config 0 interface 184 has no altsetting 0
[  146.685265][   T22] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  146.704637][   T22] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  146.712759][   T22] usb 5-1: Product: syz
[  146.728909][   T22] usb 5-1: Manufacturer: syz
[  146.733578][   T22] usb 5-1: SerialNumber: syz
[  146.755869][   T22] usb 5-1: config 0 descriptor??
[  146.764466][   T22] smsc75xx v1.0.0
[  147.376031][   T22] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  147.403577][   T22] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  147.626364][   T22] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  147.650011][   T22] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  147.660585][   T22] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  147.676496][   T22] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  147.686965][   T22] smsc75xx: probe of 5-1:0.184 failed with error -71
[  147.718192][   T22] usb 5-1: USB disconnect, device number 4
[  148.062184][ T6025] loop5: detected capacity change from 0 to 1024
[  148.081391][ T6025] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  148.120921][ T6025] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  148.153595][ T6025] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  148.380581][ T5287] EXT4-fs (loop5): unmounting filesystem.
[  148.733912][ T6044] loop3: detected capacity change from 0 to 2048
[  148.797500][ T6044] EXT4-fs: Ignoring removed orlov option
[  148.814705][ T6044] EXT4-fs: Ignoring removed nomblk_io_submit option
[  148.908141][ T6044] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  149.719883][ T6078] loop1: detected capacity change from 0 to 2048
[  149.786622][ T5702] udevd[5702]: incorrect nilfs2 checksum on /dev/loop1
[  149.786869][ T6078] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[  149.821778][ T6078] NILFS (loop1): mounting unchecked fs
[  149.934457][ T6078] NILFS (loop1): recovery complete
[  150.006927][ T6090] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  150.219567][ T6093] device syzkaller1 entered promiscuous mode
[  150.305852][ T6060] loop5: detected capacity change from 0 to 40427
[  150.341111][ T6060] F2FS-fs (loop5): build fault injection attr: rate: 690, type: 0x3ffff
[  150.382299][ T6060] F2FS-fs (loop5): build fault injection attr: rate: 0, type: 0x2
[  150.409054][ T6060] F2FS-fs (loop5): invalid crc value
[  150.473206][ T6060] F2FS-fs (loop5): Found nat_bits in checkpoint
[  150.622000][ T6060] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  150.736455][ T6103] loop4: detected capacity change from 0 to 256
[  150.791721][ T6103] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  150.884217][ T6060] syz.5.591: attempt to access beyond end of device
[  150.884217][ T6060] loop5: rw=2049, sector=53248, nr_sectors = 256 limit=40427
[  150.921055][   T27] audit: type=1800 audit(1745489948.155:474): pid=6103 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.593" name="file1" dev="loop4" ino=1048620 res=0 errno=0
[  150.946546][ T6103] exFAT-fs (loop4): hint_cluster is invalid (17)
[  151.071124][ T6112] exFAT-fs (loop4): error, broken FAT chain.
[  151.116819][ T6112] exFAT-fs (loop4): Filesystem has been set read-only
[  151.159412][ T6112] exFAT-fs (loop4): error, failed to bmap (inode : ffff88806fe31b60 iblock : 64, err : -5)
[  151.414856][ T5996] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  151.604838][ T5996] usb 3-1: Using ep0 maxpacket: 8
[  151.614181][ T5996] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  151.645352][ T5996] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  151.673779][ T5996] usb 3-1: Product: syz
[  151.680363][ T5996] usb 3-1: Manufacturer: syz
[  151.689843][ T5996] usb 3-1: SerialNumber: syz
[  151.719668][ T6130] device bond0 entered promiscuous mode
[  151.739823][ T5996] usb 3-1: config 0 descriptor??
[  151.747542][ T6130] device bond_slave_0 entered promiscuous mode
[  151.769056][ T6130] device bond_slave_1 entered promiscuous mode
[  151.975707][ T5996] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  152.196761][ T6149] netlink: 64 bytes leftover after parsing attributes in process `syz.3.606'.
[  152.383688][ T5996] dvb_usb_rtl28xxu: probe of 3-1:0.0 failed with error -71
[  152.416644][ T5996] usb 3-1: USB disconnect, device number 7
[  152.995051][ T6028] EXT4-fs error (device loop3): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 2: invalid block bitmap
[  153.704528][ T6163] loop5: detected capacity change from 0 to 32768
[  153.814487][ T6156] loop4: detected capacity change from 0 to 40427
[  153.880810][ T6156] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  153.899011][ T6184] loop1: detected capacity change from 0 to 8192
[  153.916403][ T6156] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  153.960878][ T6163] XFS (loop5): Mounting V5 Filesystem
[  153.993138][ T6184] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  154.014932][ T6184] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal
[  154.039014][ T6184] REISERFS (device loop1): using ordered data mode
[  154.057360][ T6156] F2FS-fs (loop4): Found nat_bits in checkpoint
[  154.126040][ T6163] XFS (loop5): Ending clean mount
[  154.131848][ T6184] reiserfs: using flush barriers
[  154.152884][ T6163] XFS (loop5): Quotacheck needed: Please wait.
[  154.156178][ T6184] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  154.219449][ T6163] XFS (loop5): Quotacheck: Done.
[  154.231329][ T6210] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  154.245144][ T6184] REISERFS (device loop1): checking transaction log (loop1)
[  154.300143][ T6156] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  154.401859][ T6156] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  154.411736][ T6156] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  154.525459][ T5287] XFS (loop5): Unmounting Filesystem
[  154.564226][ T6184] REISERFS (device loop1): Using tea hash to sort names
[  154.593050][ T6184] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  154.698663][ T6156] syz.4.607: attempt to access beyond end of device
[  154.698663][ T6156] loop4: rw=2049, sector=77824, nr_sectors = 520 limit=40427
[  154.791398][ T6219] syz.4.607: attempt to access beyond end of device
[  154.791398][ T6219] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  155.698826][ T6249] loop5: detected capacity change from 0 to 128
[  155.854779][ T4240] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  155.901840][ T6249] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  155.956970][ T6249] ext4 filesystem being mounted at /35/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  156.044865][ T4240] usb 3-1: Using ep0 maxpacket: 16
[  156.058370][ T4240] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00
[  156.087966][ T4240] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  156.106972][ T4240] usb 3-1: Product: syz
[  156.118327][ T4240] usb 3-1: Manufacturer: syz
[  156.130263][ T4240] usb 3-1: SerialNumber: syz
[  156.159087][ T4240] usb 3-1: config 0 descriptor??
[  156.202211][ T4240] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected
[  156.235445][ T4240] usb 3-1: Detected FT232H
[  156.380944][ T4240] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  156.434094][ T6262] loop4: detected capacity change from 0 to 1024
[  156.497264][ T6262] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  156.577489][ T6242] loop1: detected capacity change from 0 to 32768
[  156.651937][ T5287] EXT4-fs (loop5): unmounting filesystem.
[  156.690718][ T6242] XFS (loop1): Mounting V5 Filesystem
[  156.696327][ T4260] EXT4-fs (loop4): unmounting filesystem.
[  156.800013][ T4240] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  156.816867][ T6285] loop4: detected capacity change from 0 to 16
[  156.860811][ T6285] erofs: (device loop4): mounted with root inode @ nid 36.
[  156.942976][ T6242] XFS (loop1): Starting recovery (logdev: internal)
[  157.019439][ T4997] usb 3-1: USB disconnect, device number 8
[  157.041637][ T6242] XFS (loop1): Ending recovery (logdev: internal)
[  157.087548][ T4997] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  157.104933][ T6292] validate_nla: 1 callbacks suppressed
[  157.104953][ T6292] netlink: 'syz.3.637': attribute type 39 has an invalid length.
[  157.164163][ T4997] ftdi_sio 3-1:0.0: device disconnected
[  157.446053][ T4259] XFS (loop1): Unmounting Filesystem
[  158.956981][ T6306] loop4: detected capacity change from 0 to 32768
[  159.043852][ T6306] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.643 (6306)
[  159.114090][ T6306] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  159.180352][ T6306] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  159.211013][ T6306] BTRFS info (device loop4): setting nodatacow, compression disabled
[  159.253160][ T6306] BTRFS info (device loop4): enabling auto defrag
[  159.280520][ T6306] BTRFS info (device loop4): max_inline at 0
[  159.302549][ T6306] BTRFS info (device loop4): using free space tree
[  160.100625][ T4260] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  161.467981][ T6424] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 64993
[  161.600243][ T6387] loop1: detected capacity change from 0 to 40427
[  161.643954][ T6387] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  161.664070][ T6387] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  161.799626][ T6387] F2FS-fs (loop1): Found nat_bits in checkpoint
[  161.989909][ T6434] netlink: 8 bytes leftover after parsing attributes in process `syz.4.675'.
[  162.032652][ T6387] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  162.046921][ T6387] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  162.254849][ T6387] support for the xor transformation has been removed.
[  162.353814][ T4259] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[  162.353836][ T4259] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[  162.414205][ T4259] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[  162.447715][ T4259] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[  162.470048][ T4259] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[  162.484400][ T6452] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  162.517966][ T4259] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[  162.517996][ T4259] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[  163.586858][ T6474] netlink: 48 bytes leftover after parsing attributes in process `syz.2.691'.
[  164.170657][ T6483] loop5: detected capacity change from 0 to 32768
[  164.189181][ T6483] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop5 scanned by syz.5.694 (6483)
[  164.213631][ T6483] BTRFS info (device loop5): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  164.233517][ T6483] BTRFS info (device loop5): using blake2b (blake2b-256-generic) checksum algorithm
[  164.244390][ T6483] BTRFS info (device loop5): using free space tree
[  164.530312][ T6483] BTRFS info (device loop5): enabling ssd optimizations
[  164.545802][ T6510] input: syz0 as /devices/virtual/input/input11
[  164.997276][ T5287] BTRFS info (device loop5): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  165.524443][ T6532] loop4: detected capacity change from 0 to 2048
[  165.654371][ T6532] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  166.185822][ T4260] EXT4-fs (loop4): unmounting filesystem.
[  166.194967][ T3582] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  166.404823][ T3582] usb 4-1: Using ep0 maxpacket: 16
[  166.415515][ T3582] usb 4-1: config 0 has no interfaces?
[  166.424763][ T3582] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  166.452538][ T3582] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  166.489439][ T3582] usb 4-1: Manufacturer: syz
[  166.512450][ T6563] Dead loop on virtual device ip6_vti0, fix it urgently!
[  166.526676][ T3582] usb 4-1: config 0 descriptor??
[  166.560848][ T6563] Dead loop on virtual device ip6_vti0, fix it urgently!
[  166.587240][ T6563] Dead loop on virtual device ip6_vti0, fix it urgently!
[  166.615322][ T6563] Dead loop on virtual device ip6_vti0, fix it urgently!
[  166.633569][ T6563] Dead loop on virtual device ip6_vti0, fix it urgently!
[  166.651379][ T6563] Dead loop on virtual device ip6_vti0, fix it urgently!
[  166.874206][ T6552] loop5: detected capacity change from 0 to 32768
[  166.895584][ T6547] device lo entered promiscuous mode
[  166.916011][ T6547] device tunl0 entered promiscuous mode
[  166.924349][ T6552] XFS: ikeep mount option is deprecated.
[  166.943878][ T6547] device gre0 entered promiscuous mode
[  166.969651][ T6547] device gretap0 entered promiscuous mode
[  166.976190][ T6547] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  167.013488][ T4240] usb 4-1: USB disconnect, device number 8
[  167.045048][ T6552] XFS (loop5): Mounting V5 Filesystem
[  167.161673][ T6552] XFS (loop5): Ending clean mount
[  167.174368][ T6552] XFS (loop5): Quotacheck needed: Please wait.
[  167.257519][ T6552] XFS (loop5): Quotacheck: Done.
[  167.364791][ T3582] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  167.483724][ T5287] XFS (loop5): Unmounting Filesystem
[  167.585943][ T3582] usb 2-1: Using ep0 maxpacket: 16
[  167.593300][ T3582] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  167.634721][ T3582] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  167.667479][ T3582] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  167.713517][ T6596] netlink: 8 bytes leftover after parsing attributes in process `syz.3.732'.
[  167.718324][ T3582] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  167.744633][ T3582] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  167.753001][ T3582] usb 2-1: Product: syz
[  167.757498][ T3582] usb 2-1: Manufacturer: syz
[  167.762174][ T3582] usb 2-1: SerialNumber: syz
[  167.797789][ T6596] device macvtap0 entered promiscuous mode
[  167.807282][ T6596] device macvtap0 left promiscuous mode
[  168.016126][ T3582] usb 2-1: 2:1 : format type 0 is detected, processed as PCM
[  168.036924][ T3582] usb 2-1: 2:1: cannot set freq 9338507 to ep 0x82
[  168.147434][ T3582] usb 2-1: USB disconnect, device number 7
[  168.457875][ T4655] udevd[4655]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  168.466073][ T6611] loop4: detected capacity change from 0 to 128
[  168.505968][ T6611] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  168.559335][ T6611] UDF-fs: error (device loop4): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40)
[  168.740727][ T4240] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  168.944900][ T4240] usb 4-1: Using ep0 maxpacket: 32
[  168.951950][ T4240] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  168.996305][ T4240] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  169.011838][ T6623] loop1: detected capacity change from 0 to 256
[  169.023570][ T4240] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  169.036849][ T4240] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  169.065997][ T6623] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  169.068066][ T4240] usb 4-1: config 0 descriptor??
[  169.087987][ T6622] loop5: detected capacity change from 0 to 2048
[  169.115972][ T6623] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  169.170448][ T6630] input: syz0 as /devices/virtual/input/input12
[  169.183677][ T4333] kernel read not supported for file /dsp1 (pid: 4333 comm: kworker/0:8)
[  169.215156][ T6622] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  169.221334][ T6623] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  169.498973][ T5287] EXT4-fs (loop5): unmounting filesystem.
[  169.512406][ T6632] loop4: detected capacity change from 0 to 2048
[  169.515167][ T4240] savu 0003:1E7D:2D5A.0004: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0
[  169.613490][ T6632] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  169.725152][ T6632] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  169.745030][ T6632] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 3 with error 28
[  169.825587][ T6632] EXT4-fs (loop4): This should not happen!! Data will be lost
[  169.825587][ T6632] 
[  169.842254][ T6632] EXT4-fs (loop4): Total free blocks count 0
[  169.855444][ T6632] EXT4-fs (loop4): Free/Dirty block details
[  169.875125][ T6632] EXT4-fs (loop4): free_blocks=2415919104
[  169.899233][ T6632] EXT4-fs (loop4): dirty_blocks=16
[  169.912097][ T5995] usb 4-1: USB disconnect, device number 9
[  169.935283][ T6632] EXT4-fs (loop4): Block reservation details
[  170.012210][ T6632] EXT4-fs (loop4): i_reserved_data_blocks=1
[  170.221924][ T4260] EXT4-fs (loop4): unmounting filesystem.
[  170.571965][ T6660] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  170.645271][ T4298] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  170.835041][ T4298] usb 3-1: Using ep0 maxpacket: 32
[  170.843127][ T4298] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  170.855743][ T4298] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  170.865643][ T4298] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  170.874801][ T4298] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  170.884977][ T4298] usb 3-1: config 0 descriptor??
[  171.275361][ T4333] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  171.328444][ T4298] savu 0003:1E7D:2D5A.0005: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0
[  171.469086][ T4333] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  171.473085][ T6680] loop4: detected capacity change from 0 to 256
[  171.488334][ T4333] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  171.535799][ T4333] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  171.559612][ T4333] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  171.573823][ T4333] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  171.596396][ T4333] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  171.607709][ T4333] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  171.615820][ T4333] usb 2-1: Product: syz
[  171.620143][ T4333] usb 2-1: Manufacturer: syz
[  171.629772][ T3582] usb 3-1: USB disconnect, device number 9
[  171.669070][ T4333] cdc_wdm 2-1:1.0: skipping garbage
[  171.687741][ T4333] cdc_wdm 2-1:1.0: skipping garbage
[  171.701492][ T4333] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  171.723331][ T4333] cdc_wdm 2-1:1.0: Unknown control protocol
[  171.918294][    C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  171.925922][    C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  171.933394][    C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  171.940049][    C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  171.963414][    C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  171.970098][    C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  171.986295][    C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  171.992969][    C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  171.999130][    C0] cdc_wdm 2-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1
[  172.015404][ T4333] usb 2-1: USB disconnect, device number 8
[  172.286577][ T6698] loop4: detected capacity change from 0 to 4096
[  172.309487][ T6701] loop5: detected capacity change from 0 to 2048
[  172.398067][ T6701] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  172.411841][ T6698] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  172.483538][ T6701] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  172.498881][ T6701] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 3 with error 28
[  172.513318][ T6701] EXT4-fs (loop5): This should not happen!! Data will be lost
[  172.513318][ T6701] 
[  172.530193][ T6701] EXT4-fs (loop5): Total free blocks count 0
[  172.536887][ T6701] EXT4-fs (loop5): Free/Dirty block details
[  172.543057][ T6701] EXT4-fs (loop5): free_blocks=2415919104
[  172.551408][ T6701] EXT4-fs (loop5): dirty_blocks=16
[  172.557165][ T6701] EXT4-fs (loop5): Block reservation details
[  172.567393][ T6701] EXT4-fs (loop5): i_reserved_data_blocks=1
[  172.670673][ T6696] EXT4-fs error (device loop4): ext4_do_update_inode:5224: inode #15: comm syz.4.775: corrupted inode contents
[  172.704159][ T5287] EXT4-fs (loop5): unmounting filesystem.
[  172.720589][ T6696] EXT4-fs error (device loop4): ext4_dirty_inode:6089: inode #15: comm syz.4.775: mark_inode_dirty error
[  172.734126][ T6696] EXT4-fs error (device loop4): ext4_do_update_inode:5224: inode #15: comm syz.4.775: corrupted inode contents
[  172.744899][ T4298] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  172.753961][ T6696] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #15: comm syz.4.775: mark_inode_dirty error
[  172.766598][ T6696] EXT4-fs error (device loop4): ext4_do_update_inode:5224: inode #15: comm syz.4.775: corrupted inode contents
[  172.782943][ T6696] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #15: comm syz.4.775: mark_inode_dirty error
[  172.815832][ T6696] EXT4-fs error (device loop4): ext4_do_update_inode:5224: inode #15: comm syz.4.775: corrupted inode contents
[  172.885139][ T6696] EXT4-fs error (device loop4): ext4_truncate:4311: inode #15: comm syz.4.775: mark_inode_dirty error
[  172.918311][ T6696] EXT4-fs error (device loop4): ext4_evict_inode:290: comm syz.4.775: couldn't truncate inode 15 (err -117)
[  172.959032][ T4298] usb 3-1: Using ep0 maxpacket: 16
[  172.972232][ T4298] usb 3-1: config 0 has no interfaces?
[  173.000605][ T4298] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  173.014417][ T4260] EXT4-fs (loop4): unmounting filesystem.
[  173.058765][ T4298] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  173.085373][ T4298] usb 3-1: Manufacturer: syz
[  173.111413][ T4298] usb 3-1: config 0 descriptor??
[  173.205613][ T6729] loop5: detected capacity change from 0 to 64
[  173.394276][ T6703] device lo entered promiscuous mode
[  173.394921][ T4333] usb 2-1: new full-speed USB device number 9 using dummy_hcd
[  173.413202][ T6703] device tunl0 entered promiscuous mode
[  173.422061][ T6703] device gre0 entered promiscuous mode
[  173.441465][ T6703] device gretap0 entered promiscuous mode
[  173.453527][ T6703] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  173.493800][ T3582] usb 3-1: USB disconnect, device number 10
[  173.564930][ T4298] usb 5-1: new full-speed USB device number 5 using dummy_hcd
[  173.596678][ T4333] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  173.628265][ T4333] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  173.644248][ T4333] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  173.655303][ T4333] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  173.757093][ T4298] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  173.791952][ T4298] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  173.802818][ T4298] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  173.812049][ T4298] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  173.828707][ T6746] input: syz0 as /devices/virtual/input/input13
[  173.852903][ T4298] usb 5-1: config 0 descriptor??
[  173.902370][ T4333] usb 2-1: usb_control_msg returned -32
[  173.908446][ T4333] usbtmc 2-1:16.0: can't read capabilities
[  174.240267][ T6754] loop5: detected capacity change from 0 to 1024
[  174.278689][ T6754] EXT4-fs: Ignoring removed orlov option
[  174.294876][ T6754] EXT4-fs: Ignoring removed nomblk_io_submit option
[  174.304285][ T4298] savu 0003:1E7D:2D5A.0006: hiddev1,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.4-1/input0
[  174.331565][ T6754] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  174.388580][ T6754] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=8843c118, mo2=0002]
[  174.450506][ T6754] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  174.557972][ T4298] usb 5-1: USB disconnect, device number 5
[  174.747185][ T5287] EXT4-fs (loop5): unmounting filesystem.
[  174.873414][ T6773] loop5: detected capacity change from 0 to 256
[  175.333902][ T6783] input: syz0 as /devices/virtual/input/input14
[  175.922532][ T4534] kworker/u4:12: attempt to access beyond end of device
[  175.922532][ T4534] loop5: rw=1, sector=256, nr_sectors = 288 limit=256
[  175.947227][ T4534] kworker/u4:12: attempt to access beyond end of device
[  175.947227][ T4534] loop5: rw=1, sector=608, nr_sectors = 416 limit=256
[  175.972136][ T4534] kworker/u4:12: attempt to access beyond end of device
[  175.972136][ T4534] loop5: rw=1, sector=1056, nr_sectors = 2280 limit=256
[  175.996923][ T4534] kworker/u4:12: attempt to access beyond end of device
[  175.996923][ T4534] loop5: rw=1, sector=3336, nr_sectors = 1632 limit=256
[  176.162479][ T4303] usb 2-1: USB disconnect, device number 9
[  176.512645][ T6790] loop4: detected capacity change from 0 to 32768
[  176.663262][ T6790] XFS (loop4): Mounting V5 Filesystem
[  176.901483][ T6790] XFS (loop4): Ending clean mount
[  176.924277][ T6790] XFS (loop4): Quotacheck needed: Please wait.
[  177.023376][ T6790] XFS (loop4): Quotacheck: Done.
[  177.092717][   T27] audit: type=1800 audit(1745489975.317:475): pid=6790 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.811" name="file2" dev="loop4" ino=9287 res=0 errno=0
[  177.212997][ T4260] XFS (loop4): Unmounting Filesystem
[  177.432305][ T6823] input: syz0 as /devices/virtual/input/input15
[  177.510738][ T6808] loop1: detected capacity change from 0 to 40427
[  177.557292][ T6808] F2FS-fs (loop1): build fault injection attr: rate: 771, type: 0x3ffff
[  177.604520][ T6808] F2FS-fs (loop1): invalid crc value
[  177.652924][ T6808] F2FS-fs (loop1): Found nat_bits in checkpoint
[  177.764590][ T6808] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  177.774736][ T4303] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  177.865377][ T6808] F2FS-fs (loop1) : inject page alloc in f2fs_grab_cache_page of f2fs_get_read_data_page+0xf6/0x8c0
[  177.896786][ T6808] syz.1.819: attempt to access beyond end of device
[  177.896786][ T6808] loop1: rw=2049, sector=53248, nr_sectors = 272 limit=40427
[  177.989794][ T4303] usb 6-1: Using ep0 maxpacket: 32
[  178.002460][ T4303] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  178.028144][ T4303] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  178.053950][ T4303] usb 6-1: config 0 descriptor??
[  178.070087][ T4298] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  178.268700][ T4298] usb 4-1: Using ep0 maxpacket: 32
[  178.283814][ T4303] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  178.283837][ T4298] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  178.315968][ T4303] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  178.337454][ T4303] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  178.346580][ T4298] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  178.354679][ T4303] usb 6-1: media controller created
[  178.380757][ T4298] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  178.399081][ T4303] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  178.404904][ T4298] usb 4-1: Product: syz
[  178.424860][ T4298] usb 4-1: Manufacturer: syz
[  178.429517][ T4298] usb 4-1: SerialNumber: syz
[  178.461935][ T4298] usb 4-1: config 0 descriptor??
[  178.481018][ T6833] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  178.789835][ T4298] usb 4-1: USB disconnect, device number 10
[  178.978537][ T6857] loop4: detected capacity change from 0 to 4096
[  179.059927][ T6857] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  179.143129][ T4303] az6027: usb out operation failed. (-71)
[  179.150342][ T4303] stb0899_attach: Driver disabled by Kconfig
[  179.170668][ T4303] az6027: no front-end attached
[  179.170668][ T4303] 
[  179.189235][ T4303] az6027: usb out operation failed. (-71)
[  179.203987][ T4260] EXT4-fs (loop4): unmounting filesystem.
[  179.212865][ T4303] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  179.229717][ T4303] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input16
[  179.289300][ T4303] dvb-usb: schedule remote query interval to 400 msecs.
[  179.301205][ T4303] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  179.320449][ T4303] usb 6-1: USB disconnect, device number 3
[  179.409891][ T4303] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  179.718500][ T6876] device syzkaller1 entered promiscuous mode
[  180.062167][ T6882] loop4: detected capacity change from 0 to 4096
[  180.487361][ T6901] loop5: detected capacity change from 0 to 1024
[  180.645598][ T5702] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  181.434918][ T4333] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  181.647884][ T4333] usb 5-1: config 1 has an invalid descriptor of length 113, skipping remainder of the config
[  181.662370][ T4333] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[  181.692153][ T4333] usb 5-1: config 1 has no interface number 0
[  181.717123][ T4333] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  181.764862][ T6944] loop1: detected capacity change from 0 to 512
[  181.779118][ T4333] usb 5-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  181.810109][ T4333] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0xD has invalid maxpacket 56298, setting to 1024
[  181.816379][ T6944] EXT4-fs (loop1): Test dummy encryption mode enabled
[  181.828945][ T4333] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0xD has invalid maxpacket 1024
[  181.846893][ T4333] usb 5-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  181.867462][ T6944] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  181.879870][ T4333] usb 5-1: New USB device found, idVendor=35b4, idProduct=a4a1, bcdDevice= 0.40
[  181.907068][ T4333] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  181.915614][ T4333] usb 5-1: Product: syz
[  181.919937][ T4333] usb 5-1: Manufacturer: syz
[  181.925122][ T4303] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  181.925473][ T4333] usb 5-1: SerialNumber: syz
[  181.982157][ T6944] EXT4-fs (loop1): 1 truncate cleaned up
[  181.988507][ T6944] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  182.115021][ T4303] usb 4-1: Using ep0 maxpacket: 32
[  182.122984][ T4303] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  182.166490][ T4259] EXT4-fs (loop1): unmounting filesystem.
[  182.173734][ T4303] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  182.180510][ T6921] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  182.209107][ T4303] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  182.255375][ T4303] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  182.324493][ T4303] usb 4-1: config 0 descriptor??
[  182.440828][ T6958] xt_CT: No such helper "snmp"
[  182.764137][ T4303] savu 0003:1E7D:2D5A.0007: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0
[  182.815893][ T6921] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  182.824391][ T4333] cdc_ncm 5-1:1.1: bind() failure
[  183.042624][ T4333] usb 4-1: USB disconnect, device number 11
[  183.106288][ T4303] usb 5-1: USB disconnect, device number 6
[  183.207041][ T6982] loop5: detected capacity change from 0 to 2048
[  183.239707][ T6982] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  183.879498][ T6995] loop5: detected capacity change from 0 to 512
[  183.944863][ T6995] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  184.006446][ T6995] EXT4-fs (loop5): invalid journal inode
[  184.025947][ T6995] EXT4-fs (loop5): can't get journal size
[  184.106871][ T6995] EXT4-fs (loop5): 1 truncate cleaned up
[  184.157623][ T6995] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  184.531955][ T5287] EXT4-fs (loop5): unmounting filesystem.
[  184.542710][ T7012] loop4: detected capacity change from 0 to 512
[  184.627015][ T7017] netlink: 8 bytes leftover after parsing attributes in process `syz.1.901'.
[  184.652249][ T7012] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e042c11c, mo2=0002]
[  184.660974][ T7012] System zones: 0-2, 18-18, 34-34
[  184.668019][ T7017] netlink: 4 bytes leftover after parsing attributes in process `syz.1.901'.
[  184.733810][ T7012] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.900: bg 0: block 248: padding at end of block bitmap is not set
[  184.793625][ T7012] Quota error (device loop4): write_blk: dquota write failed
[  184.811022][ T7012] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  184.832352][ T7012] EXT4-fs error (device loop4): ext4_acquire_dquot:6802: comm syz.4.900: Failed to acquire dquot type 1
[  184.856314][ T7012] EXT4-fs (loop4): 1 truncate cleaned up
[  184.876836][ T7012] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  184.901042][ T7012] ext4 filesystem being mounted at /193/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  184.986251][ T7024] loop5: detected capacity change from 0 to 4096
[  185.024458][ T7024] ntfs3: loop5: Different NTFS' sector size (1024) and media sector size (512)
[  185.356251][   T27] audit: type=1800 audit(1745489983.587:476): pid=7012 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.900" name="file1" dev="loop4" ino=15 res=0 errno=0
[  185.440839][ T7012] syz.4.900 (7012) used greatest stack depth: 19808 bytes left
[  185.476644][ T7040] netlink: 32 bytes leftover after parsing attributes in process `syz.3.910'.
[  185.536827][ T4260] EXT4-fs (loop4): unmounting filesystem.
[  185.548512][ T4553] Quota error (device loop4): do_check_range: Getting block 0 out of range 1-5
[  185.566209][ T4553] EXT4-fs error (device loop4): ext4_release_dquot:6825: comm kworker/u4:19: Failed to release dquot type 1
[  185.587985][ T4298] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  185.790216][ T4298] usb 2-1: Using ep0 maxpacket: 8
[  185.816690][ T4298] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  185.846257][ T4298] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  185.854321][ T4298] usb 2-1: Product: syz
[  185.887074][ T4298] usb 2-1: Manufacturer: syz
[  185.902118][ T4298] usb 2-1: SerialNumber: syz
[  185.914428][ T4298] usb 2-1: config 0 descriptor??
[  185.948272][ T7048] loop5: detected capacity change from 0 to 4096
[  186.020422][ T7053] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  186.054958][   T27] audit: type=1800 audit(1745489984.287:477): pid=7048 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.914" name="file1" dev="loop5" ino=15 res=0 errno=0
[  186.140633][ T4298] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  186.156970][ T7056] input: syz0 as /devices/virtual/input/input17
[  186.197846][ T7057] netlink: 104 bytes leftover after parsing attributes in process `syz.3.917'.
[  186.522606][ T7061] xt_hashlimit: size too large, truncated to 1048576
[  186.552022][ T4298] dvb_usb_rtl28xxu: probe of 2-1:0.0 failed with error -32
[  186.568775][ T4298] usb 2-1: USB disconnect, device number 10
[  186.646437][ T7045] loop4: detected capacity change from 0 to 32768
[  186.671873][ T7045] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 scanned by syz.4.911 (7045)
[  186.699444][ T7045] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  186.713327][ T7045] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm
[  186.726604][ T7045] BTRFS info (device loop4): using free space tree
[  186.735028][ T4333] usb 3-1: new full-speed USB device number 11 using dummy_hcd
[  186.906100][ T7045] BTRFS info (device loop4): enabling ssd optimizations
[  186.936462][ T4333] usb 3-1: config 0 has no interfaces?
[  186.942016][ T4333] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  186.964609][ T4333] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  186.992777][ T4333] usb 3-1: config 0 descriptor??
[  187.406846][ T7086] loop1: detected capacity change from 0 to 8192
[  188.228782][ T4298] usb 3-1: USB disconnect, device number 11
[  188.251905][ T4260] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  188.804818][ T5986] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  188.841115][ T7098] "syz.5.926" (7098) uses obsolete ecb(arc4) skcipher
[  188.988849][ T7100] loop4: detected capacity change from 0 to 64
[  189.004871][ T5986] usb 3-1: Using ep0 maxpacket: 16
[  189.012885][ T5986] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  189.058500][ T5986] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  189.097942][ T5986] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  189.119898][ T5986] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  189.138873][ T5986] usb 3-1: Product: syz
[  189.143308][ T5986] usb 3-1: Manufacturer: syz
[  189.152663][ T5986] usb 3-1: SerialNumber: syz
[  189.607717][ T5986] usb 3-1: 0:2 : does not exist
[  189.852872][ T7116] loop5: detected capacity change from 0 to 256
[  189.902122][ T7116] exFAT-fs (loop5): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d)
[  189.960259][ T7116] exFAT-fs (loop5): error, invalid access to FAT free cluster (entry 0x00000008)
[  189.998593][ T7116] exFAT-fs (loop5): error, failed to bmap (inode : ffff88805428a1e0 iblock : 8, err : -5)
[  190.014046][ T7116] exFAT-fs (loop5): error, invalid access to FAT free cluster (entry 0x00000008)
[  190.024137][ T7116] exFAT-fs (loop5): error, invalid access to FAT free cluster (entry 0x00000008)
[  190.217616][ T5986] usb 3-1: 5:0: failed to get current value for ch 0 (-22)
[  190.275922][ T5986] usb 3-1: USB disconnect, device number 12
[  190.543839][ T5702] udevd[5702]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  191.231065][ T4996] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  191.337529][ T7145] loop1: detected capacity change from 0 to 1024
[  191.426503][ T4996] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  191.444642][ T4996] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  191.454649][ T4996] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  191.484956][ T7145] hfsplus: xattr searching failed
[  191.517548][ T4996] usb 3-1: New USB device found, idVendor=0738, idProduct=a2c5, bcdDevice=1e.ce
[  191.554783][ T4996] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  191.562887][ T4996] usb 3-1: Product: syz
[  191.596313][ T4996] usb 3-1: Manufacturer: syz
[  191.600975][ T4996] usb 3-1: SerialNumber: syz
[  191.626718][ T4996] usb 3-1: config 0 descriptor??
[  191.659561][ T4996] xpad 3-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[  191.697430][ T4996] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input18
[  191.789064][ T7136] loop4: detected capacity change from 0 to 32768
[  191.898139][ T5986] usb 3-1: USB disconnect, device number 13
[  191.931807][ T7154] device bond0 entered promiscuous mode
[  191.943924][ T7154] device bond_slave_0 entered promiscuous mode
[  191.954357][ T7154] device bond_slave_1 entered promiscuous mode
[  191.956367][ T5986] xpad 3-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  192.094531][ T7136] XFS (loop4): Mounting V5 Filesystem
[  192.188123][ T7136] XFS (loop4): Ending clean mount
[  192.206359][ T7136] XFS (loop4): Quotacheck needed: Please wait.
[  192.279240][ T7136] XFS (loop4): Quotacheck: Done.
[  192.604986][ T4260] XFS (loop4): Unmounting Filesystem
[  193.204777][ T5994] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  193.404794][ T5994] usb 4-1: Using ep0 maxpacket: 8
[  193.411975][ T5994] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  193.430835][ T5994] usb 4-1: config 0 has no interface number 0
[  193.451117][ T5994] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  193.494685][ T5994] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  193.528138][ T5994] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  193.561577][ T5994] usb 4-1: config 0 descriptor??
[  193.580286][ T7192] loop5: detected capacity change from 0 to 4096
[  193.600289][ T5994] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  193.663615][ T7192] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  193.879109][ T5287] EXT4-fs (loop5): unmounting filesystem.
[  194.200013][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  194.212294][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  194.794802][ T7204] loop1: detected capacity change from 0 to 40427
[  194.843659][ T5995] usb 4-1: USB disconnect, device number 12
[  194.894324][ T7204] F2FS-fs (loop1): Found nat_bits in checkpoint
[  195.029546][ T7204] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  195.199639][ T4259] syz-executor: attempt to access beyond end of device
[  195.199639][ T4259] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  195.292383][ T7240] loop5: detected capacity change from 0 to 512
[  195.373440][ T7240] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  195.411891][ T7240] ext4 filesystem being mounted at /122/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  195.454677][  T128] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  195.598944][ T4997] hid-generic 0000:0004:0000.0008: unknown main item tag 0x0
[  195.624662][ T4997] hid-generic 0000:0004:0000.0008: unknown main item tag 0x0
[  195.632125][ T4997] hid-generic 0000:0004:0000.0008: unknown main item tag 0x0
[  195.650523][ T5287] EXT4-fs (loop5): unmounting filesystem.
[  195.688882][  T128] usb 5-1: Using ep0 maxpacket: 32
[  195.699399][  T128] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  195.726559][ T4997] hid-generic 0000:0004:0000.0008: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  195.736246][  T128] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  195.751294][  T128] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  195.761007][  T128] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  195.773046][  T128] usb 5-1: config 0 descriptor??
[  196.212392][  T128] savu 0003:1E7D:2D5A.0009: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.4-1/input0
[  196.305900][ T5994] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  196.487144][  T128] usb 5-1: USB disconnect, device number 7
[  196.494805][ T5994] usb 2-1: Using ep0 maxpacket: 32
[  196.503970][ T5994] usb 2-1: config 0 has an invalid interface number: 51 but max is 0
[  196.513075][ T5994] usb 2-1: config 0 has no interface number 0
[  196.553072][ T5994] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  196.563272][ T5994] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  196.571539][ T5994] usb 2-1: Product: syz
[  196.576304][ T5994] usb 2-1: Manufacturer: syz
[  196.581066][ T5994] usb 2-1: SerialNumber: syz
[  196.597278][ T5994] usb 2-1: config 0 descriptor??
[  196.620045][ T5994] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  196.827254][ T5994] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  196.876991][ T5994] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  197.164739][   T27] audit: type=1326 audit(1745489995.387:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7257 comm="syz.2.986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f638ad8e969 code=0x7fc00000
[  197.250069][    C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71
[  197.251076][ T4996] usb 2-1: USB disconnect, device number 11
[  197.306529][ T4996] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  197.329657][ T7277] loop5: detected capacity change from 0 to 4096
[  197.358056][ T7277] ntfs3: loop5: Different NTFS' sector size (4096) and media sector size (512)
[  197.374810][ T4996] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  197.412945][ T4996] quatech2 2-1:0.51: device disconnected
[  197.624826][  T128] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  197.840441][  T128] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  197.869989][  T128] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  197.905378][  T128] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  197.913073][ T7285] loop4: detected capacity change from 0 to 32768
[  197.935355][  T128] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  197.967372][  T128] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  197.984965][ T7285] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.998 (7285)
[  197.997102][  T128] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  197.997135][  T128] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  197.997158][  T128] usb 3-1: Product: syz
[  197.997174][  T128] usb 3-1: Manufacturer: syz
[  198.033353][  T128] cdc_wdm 3-1:1.0: skipping garbage
[  198.058636][  T128] cdc_wdm 3-1:1.0: skipping garbage
[  198.078531][  T128] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  198.106033][  T128] cdc_wdm 3-1:1.0: Unknown control protocol
[  198.141250][ T7285] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  198.208066][ T7285] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  198.237608][ T7285] BTRFS info (device loop4): setting nodatacow, compression disabled
[  198.269624][ T7285] BTRFS info (device loop4): enabling auto defrag
[  198.305782][ T7285] BTRFS info (device loop4): max_inline at 0
[  198.312709][    C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  198.319354][    C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  198.331558][ T4333] usb 3-1: USB disconnect, device number 14
[  198.344666][ T7285] BTRFS info (device loop4): using free space tree
[  198.414452][ T7296] loop1: detected capacity change from 0 to 4096
[  198.858185][ T7287] loop5: detected capacity change from 0 to 40427
[  198.907780][ T7287] F2FS-fs (loop5): build fault injection attr: rate: 690, type: 0x3ffff
[  198.933265][ T7287] F2FS-fs (loop5): invalid crc value
[  198.990921][ T7287] F2FS-fs (loop5): Found nat_bits in checkpoint
[  199.054832][ T5995] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  199.196816][ T7287] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  199.250780][ T5995] usb 4-1: config 0 has an invalid interface number: 255 but max is 0
[  199.277866][ T5995] usb 4-1: config 0 has no interface number 0
[  199.284039][ T5995] usb 4-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30
[  199.361044][ T4260] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  199.367593][ T7287] syz.5.999: attempt to access beyond end of device
[  199.367593][ T7287] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  199.372619][ T5995] usb 4-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  199.433985][ T5995] usb 4-1: config 0 interface 255 has no altsetting 0
[  199.448226][ T5995] usb 4-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b
[  199.461147][ T5995] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  199.481975][ T5995] usb 4-1: config 0 descriptor??
[  199.502241][ T5995] ums-realtek 4-1:0.255: USB Mass Storage device detected
[  199.799851][ T4994] usb 4-1: USB disconnect, device number 13
[  200.354856][ T5994] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  200.564732][ T5994] usb 2-1: Using ep0 maxpacket: 16
[  200.572525][ T5994] usb 2-1: config 0 has an invalid interface number: 8 but max is 0
[  200.584797][ T5986] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  200.594689][ T5994] usb 2-1: config 0 has no interface number 0
[  200.613437][ T5994] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  200.634628][ T5994] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  200.656786][ T5994] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  200.681771][ T5994] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  200.701122][ T5994] usb 2-1: Product: syz
[  200.705715][ T5994] usb 2-1: SerialNumber: syz
[  200.723109][ T5994] usb 2-1: config 0 descriptor??
[  200.733857][ T5994] cm109 2-1:0.8: invalid payload size 0, expected 4
[  200.750172][ T7339] loop4: detected capacity change from 0 to 32768
[  200.758574][ T5994] input: CM109 USB driver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.8/input/input19
[  200.774724][ T5986] usb 6-1: Using ep0 maxpacket: 16
[  200.786669][ T5986] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  200.810320][ T5986] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  200.865412][ T7339] XFS (loop4): Mounting V5 Filesystem
[  200.876694][ T5986] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  200.908488][ T5986] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  200.951142][ T5986] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  200.982576][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90
[  201.044782][ T5986] usb 6-1: Product: syz
[  201.049019][ T5986] usb 6-1: Manufacturer: syz
[  201.053642][ T5986] usb 6-1: SerialNumber: syz
[  201.075965][ T7339] XFS (loop4): Starting recovery (logdev: internal)
[  201.133436][ T7339] XFS (loop4): Ending recovery (logdev: internal)
[  201.234911][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  201.245441][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  201.255041][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  201.262553][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  201.269902][ T4994] usb 2-1: USB disconnect, device number 12
[  201.294307][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -2
[  201.303688][ T4994] cm109 2-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  201.326866][ T5986] usb 6-1: 2:1 : format type 0 is detected, processed as PCM
[  201.362959][ T5986] usb 6-1: 2:1: cannot set freq 9338507 to ep 0x82
[  201.391262][ T4260] XFS (loop4): Unmounting Filesystem
[  201.396987][ T4258] Bluetooth: hci1: command 0x0406 tx timeout
[  201.403439][ T4258] Bluetooth: hci4: command 0x0406 tx timeout
[  201.409877][ T4257] Bluetooth: hci2: command 0x0406 tx timeout
[  201.409898][ T4269] Bluetooth: hci0: command 0x0406 tx timeout
[  201.476791][ T5986] usb 6-1: USB disconnect, device number 4
[  201.738282][ T4655] udevd[4655]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  202.336685][ T7382] loop5: detected capacity change from 0 to 8192
[  202.360354][ T7382] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  202.376580][ T7382] REISERFS (device loop5): found reiserfs format "3.6" with non-standard journal
[  202.386732][ T7382] REISERFS (device loop5): using ordered data mode
[  202.393521][ T7382] reiserfs: using flush barriers
[  202.407177][ T7382] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  202.425002][ T7382] REISERFS (device loop5): checking transaction log (loop5)
[  202.506842][ T4992] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  202.640477][    C1] vxcan0: j1939_tp_rxtimer: 0xffff88805875bc00: rx timeout, send abort
[  202.652417][    C1] vxcan0: j1939_xtp_rx_abort_one: 0xffff88805875bc00: 0x40000: (3) A timeout occurred and this is the connection abort to close the session.
[  202.672391][ T7382] REISERFS (device loop5): Using tea hash to sort names
[  202.705181][ T7382] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage.
[  202.715619][ T4992] usb 2-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  202.733962][ T4992] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  202.764087][ T4992] usb 2-1: config 0 descriptor??
[  202.798250][ T4992] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  202.989752][ T4992] gp8psk: usb in 128 operation failed.
[  202.996261][ T4992] gp8psk: usb in 137 operation failed.
[  203.015926][ T4992] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  203.063496][ T4992] dvbdev: DVB: registering new adapter (Genpix SkyWalker-1 DVB-S receiver)
[  203.093015][ T4992] usb 2-1: media controller created
[  203.126988][ T7390] ALSA: mixer_oss: invalid OSS volume ' 1000000) max_states_per_insn 0'
[  203.181909][ T4992] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  203.251985][ T4992] gp8psk_fe: Frontend attached
[  203.266745][ T4992] usb 2-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)...
[  203.296542][ T4992] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered.
[  203.662325][ T4992] gp8psk: usb in 137 operation failed.
[  203.668152][ T4992] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully initialized and connected.
[  203.705553][ T4992] gp8psk: found Genpix USB device pID = 203 (hex)
[  203.724799][ T4992] usb 2-1: USB disconnect, device number 13
[  203.860766][ T5994] hid-generic 0000:0004:0000.000A: unknown main item tag 0x0
[  203.873044][ T5994] hid-generic 0000:0004:0000.000A: unknown main item tag 0x0
[  203.889149][ T7409] sctp: [Deprecated]: syz.2.1037 (pid 7409) Use of int in max_burst socket option deprecated.
[  203.889149][ T7409] Use struct sctp_assoc_value instead
[  203.912345][ T5994] hid-generic 0000:0004:0000.000A: unknown main item tag 0x0
[  203.937865][ T5994] hid-generic 0000:0004:0000.000A: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  203.955058][ T4992] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully deinitialized and disconnected.
[  204.303311][ T7399] loop4: detected capacity change from 0 to 32768
[  204.390488][ T7399] jfs_readdir: bad index table
[  204.733735][ T7428] loop1: detected capacity change from 0 to 256
[  204.831690][ T5702] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  205.504150][ T4250] EXT4-fs (loop3): unmounting filesystem.
[  205.678913][ T7449] "syz.4.1054" (7449) uses obsolete ecb(arc4) skcipher
[  205.755011][ T7449] syz.4.1054 sent an empty control message without MSG_MORE.
[  205.859524][ T4542] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.046876][ T4542] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.233663][ T4542] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.246712][ T7456] loop4: detected capacity change from 0 to 16
[  206.306057][ T7456] erofs: (device loop4): mounted with root inode @ nid 36.
[  206.331625][ T7447] loop1: detected capacity change from 0 to 32768
[  206.397535][ T7456] overlayfs: failed to get redirect (-117)
[  206.474664][ T5995] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  206.487945][ T4542] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.535772][ T7447] JBD2: Ignoring recovery information on journal
[  206.673967][ T4269] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  206.689027][ T5995] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  206.700123][ T4269] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  206.709670][ T4269] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  206.718146][ T4269] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  206.726026][ T5995] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  206.736927][ T5995] usb 6-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00
[  206.747744][ T4269] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  206.756371][ T5995] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  206.764688][ T4269] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  206.774404][ T5995] usb 6-1: config 0 descriptor??
[  206.834272][ T7447] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  206.897880][ T7462] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1061'.
[  207.192428][ T5995] sony 0003:054C:024B.000B: unexpected long global item
[  207.215344][ T5995] sony 0003:054C:024B.000B: parse failed
[  207.221072][ T5995] sony: probe of 0003:054C:024B.000B failed with error -22
[  207.298813][ T7447] (syz.1.1053,7447,1):ocfs2_rename:1687 ERROR: status = -39
[  207.394641][ T5994] usb 6-1: USB disconnect, device number 5
[  207.836592][ T4259] ocfs2: Unmounting device (7,1) on (node local)
[  207.859524][ T7458] chnl_net:caif_netlink_parms(): no params data found
[  208.224477][ T7493] loop5: detected capacity change from 0 to 1024
[  208.366891][   T27] audit: type=1326 audit(1745490006.597:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7499 comm="syz.4.1069" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ffa51d8e969 code=0x0
[  208.552710][ T7493] ------------[ cut here ]------------
[  208.559043][ T7493] kernel BUG at fs/hfsplus/bnode.c:618!
[  208.565075][ T7493] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[  208.571186][ T7493] CPU: 1 PID: 7493 Comm: syz.5.1067 Not tainted 6.1.134-syzkaller #0
[  208.579272][ T7493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  208.589336][ T7493] RIP: 0010:hfsplus_bnode_put+0x507/0x510
[  208.595082][ T7493] Code: 82 ff e9 bf fe ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c f3 fe ff ff 4c 89 ef e8 c3 3e 82 ff e9 e6 fe ff ff e8 59 df 2a ff <0f> 0b e8 52 df 2a ff 0f 0b 55 41 57 41 56 41 54 53 41 89 f7 49 89
[  208.614716][ T7493] RSP: 0018:ffffc9000c1bf310 EFLAGS: 00010287
[  208.620883][ T7493] RAX: ffffffff825f6d47 RBX: ffff88802f1c7d80 RCX: 0000000000080000
[  208.628863][ T7493] RDX: ffffc900055b9000 RSI: 0000000000008fb6 RDI: 0000000000008fb7
[  208.636866][ T7493] RBP: 0000000000000000 R08: ffffffff825f68bc R09: ffffed1005e38fb1
[  208.644847][ T7493] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88802f1c7d00
[  208.652823][ T7493] R13: dffffc0000000000 R14: dffffc0000000000 R15: ffff88807989c000
[  208.660802][ T7493] FS:  00007fe6f32e36c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  208.669738][ T7493] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  208.676334][ T7493] CR2: 00007f1a855b7bac CR3: 0000000063a99000 CR4: 00000000003506e0
[  208.684320][ T7493] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  208.692296][ T7493] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  208.700275][ T7493] Call Trace:
[  208.703559][ T7493]  <TASK>
[  208.706499][ T7493]  hfsplus_bmap_alloc+0x58c/0x630
[  208.711564][ T7493]  ? hfsplus_bmap_reserve+0x4e0/0x4e0
[  208.716975][ T7493]  ? memcpy+0x3c/0x60
[  208.720981][ T7493]  ? hfsplus_bnode_read+0xe5/0x1e0
[  208.726120][ T7493]  hfs_bnode_split+0xda/0x1100
[  208.730907][ T7493]  ? hfsplus_bnode_dump+0x57e/0x6a0
[  208.736116][ T7493]  ? hfsplus_bnode_read+0xe5/0x1e0
[  208.741241][ T7493]  ? hfsplus_bnode_read+0x197/0x1e0
[  208.746453][ T7493]  ? hfsplus_bnode_read_u16+0x95/0x110
[  208.751924][ T7493]  ? hfs_btree_inc_height+0xdb0/0xdb0
[  208.757313][ T7493]  ? hfs_find_1st_rec_by_cnid+0x3c0/0x3c0
[  208.763068][ T7493]  hfsplus_brec_insert+0x3a2/0xdd0
[  208.768207][ T7493]  ? hfsplus_asc2uni+0x6ba/0xbb0
[  208.773710][ T7493]  ? hfsplus_brec_keylen+0x310/0x310
[  208.779038][ T7493]  ? memcpy+0x3c/0x60
[  208.783038][ T7493]  ? hfsplus_bnode_read+0x197/0x1e0
[  208.788258][ T7493]  hfsplus_rename_cat+0x652/0x1090
[  208.793431][ T7493]  ? hfsplus_subfolders_dec+0x110/0x110
[  208.798998][ T7493]  ? number+0xb5a/0xf80
[  208.803195][ T7493]  ? vsprintf+0x30/0x30
[  208.807375][ T7493]  hfsplus_link+0x3a9/0x840
[  208.811901][ T7493]  ? hfsplus_create+0x30/0x30
[  208.816597][ T7493]  ? rwsem_write_trylock+0x166/0x210
[  208.821900][ T7493]  ? clear_nonspinnable+0x60/0x60
[  208.826965][ T7493]  ? inode_permission+0xf7/0x450
[  208.831914][ T7493]  vfs_link+0x65e/0x810
[  208.836117][ T7493]  do_linkat+0x352/0x750
[  208.840404][ T7493]  ? fsnotify_link+0x220/0x220
[  208.845181][ T7493]  ? strncpy_from_user+0x1f9/0x360
[  208.850304][ T7493]  ? getname_flags+0x1f9/0x4f0
[  208.855074][ T7493]  ? lockdep_hardirqs_on+0x94/0x130
[  208.860293][ T7493]  __x64_sys_link+0x82/0x90
[  208.864807][ T7493]  do_syscall_64+0x3b/0x80
[  208.869241][ T7493]  ? clear_bhb_loop+0x45/0xa0
[  208.874019][ T7493]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  208.879926][ T7493] RIP: 0033:0x7fe6f238e969
[  208.884348][ T7493] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  208.904002][ T7493] RSP: 002b:00007fe6f32e3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000056
[  208.912435][ T7493] RAX: ffffffffffffffda RBX: 00007fe6f25b5fa0 RCX: 00007fe6f238e969
[  208.920422][ T7493] RDX: 0000000000000000 RSI: 00002000000007c0 RDI: 0000200000001240
[  208.928404][ T7493] RBP: 00007fe6f2410ab1 R08: 0000000000000000 R09: 0000000000000000
[  208.936379][ T7493] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  208.944359][ T7493] R13: 0000000000000000 R14: 00007fe6f25b5fa0 R15: 00007ffe4a0c0f78
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  208.952347][ T7493]  </TASK>
[  208.955370][ T7493] Modules linked in:
[  208.970303][ T4258] Bluetooth: hci1: command 0x0409 tx timeout
[  208.986520][ T7493] ---[ end trace 0000000000000000 ]---
[  209.037390][ T7458] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.090347][ T7458] bridge0: port 1(bridge_slave_0) entered disabled state
[  209.106995][ T7493] RIP: 0010:hfsplus_bnode_put+0x507/0x510
[  209.112802][ T7493] Code: 82 ff e9 bf fe ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c f3 fe ff ff 4c 89 ef e8 c3 3e 82 ff e9 e6 fe ff ff e8 59 df 2a ff <0f> 0b e8 52 df 2a ff 0f 0b 55 41 57 41 56 41 54 53 41 89 f7 49 89
[  209.132517][    C0] vkms_vblank_simulate: vblank timer overrun
[  209.154691][ T7458] device bridge_slave_0 entered promiscuous mode
[  209.268642][ T7493] RSP: 0018:ffffc9000c1bf310 EFLAGS: 00010287
[  209.275220][ T7493] RAX: ffffffff825f6d47 RBX: ffff88802f1c7d80 RCX: 0000000000080000
[  209.283241][ T7493] RDX: ffffc900055b9000 RSI: 0000000000008fb6 RDI: 0000000000008fb7
[  209.292117][ T7493] RBP: 0000000000000000 R08: ffffffff825f68bc R09: ffffed1005e38fb1
[  209.300216][ T7493] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88802f1c7d00
[  209.309047][ T7493] R13: dffffc0000000000 R14: dffffc0000000000 R15: ffff88807989c000
[  209.317195][ T7493] FS:  00007fe6f32e36c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  209.328720][ T7493] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  209.364968][ T7493] CR2: 00007fe6f32a1d58 CR3: 0000000063a99000 CR4: 00000000003506e0
[  209.373014][ T7493] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  209.404947][ T7493] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  209.412988][ T7493] Kernel panic - not syncing: Fatal exception
[  209.419325][ T7493] Kernel Offset: disabled
[  209.423660][ T7493] Rebooting in 86400 seconds..