last executing test programs:

2m34.673036518s ago: executing program 0 (id=84):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @broadcast})
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0xb, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xffec}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x0, 0x1, {0xfffffff9, 0x2, 0x1}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
r5 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd25, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {0xfff6, 0x1}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000}, 0x44010)
sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001740)=@newqdisc={0x48, 0x28, 0x4ee4e6a52ff56541, 0x4002, 0xfffffdfc, {0x0, 0x0, 0x0, r4, {0x10}, {}, {0xa, 0x3}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0xa4, '\x00', 0x567c4e8f, 0x1ff, 0x7, 0x7}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40098}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r7)
sendmsg$TIPC_CMD_ENABLE_BEARER(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x300000000000000}, 0x4000000)

2m34.086337408s ago: executing program 0 (id=86):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0a000000bbbb00bbbbbbaaaaaaaaaabb86dd6d0020000008110000000000000000000070000000000000ff"], 0x42)

2m33.843782182s ago: executing program 0 (id=88):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @broadcast})
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0xb, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xffec}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x0, 0x1, {0xfffffff9, 0x2, 0x1}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001740)=@newqdisc={0x48, 0x28, 0x4ee4e6a52ff56541, 0x4002, 0xfffffdfc, {0x0, 0x0, 0x0, r4, {0x10}, {}, {0xa, 0x3}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0xa4, '\x00', 0x567c4e8f, 0x1ff, 0x7, 0x7}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40098}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r5)
sendmsg$TIPC_CMD_ENABLE_BEARER(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x2000000000000000}, 0x4000000)

2m33.210073846s ago: executing program 0 (id=95):
r0 = syz_mount_image$btrfs(&(0x7f0000000200), &(0x7f0000005600)='./file0\x00', 0x800, &(0x7f0000000040), 0x0, 0x559e, &(0x7f0000005680)="$eJzs3X9sVeX9B/BzWwoN+C39jhUYfxAgBoMkyJYtjqB4MQa24eKlgsKcCEQlBivYRDcYqUWSZcaghU4EF5GQaDJjscM/FMywy7CMZfzY5hZjs4JSaZZsAzVrHDG69N77XO49l9tembNOXy/SnvPcz3me+9yT88d9X/qcGwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAURUcSc9+d0f3i0ZE1X77/Hz+e+OjGn4zfvX/roVvu23T/gjMjbto5a1nf+mlN8zdsbDjS/PS+ObdGUSLdL5Htf9u136q/88bbvlsdBly+MLOtrS31lJmuJzON4QUP9vcr/FkRRVFVbIDK7PbV7E5FwQC53cbiAQf0Tuui6O7J8ya1dT01bklyYU/xS6df9VBPYKhkr6ue89dSMv27InZErp136SUKLtFM//gF96m8CADgY5mZSm9yb0ezb3Fz7eZ4PdZOxtotsXZ4h9CS37gYmXGHl5rnpHh9iOaZzESFESXnGatnz3+unYr3j7VjUeNjzLPw0GykqS41z7Wx+lDNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCzZOzxo2tWtD2y575fdtQceff9OVc+8KWOw22LT4y8eunKHWum/HTWsr7105rmb9jYcKT56X1zbo2i2nS/RKZ74kTL5b9NjZ3fvXfcG427n6vpq8yOG7bD8g6OXg87s0ZH0cq8Sk8Y9q81UZQqLKSb0Y7iwl3pnW+HAgAAAJ8nX0n/rsi1M3GwqqCdSKfJRPpfkAmL77Quiu6ePG9SW9dT45YkF/Zc/HipEuMlLzherl17/ieRF4xD/I2Pd74eDm0sGmdg8RHjef7SMWPefmty/eSvT5v7xA3PjOru+r8nZ2xJ/bGu5oUrru+tf/a6ovxfO3D+D2dO/gcAAOA/If/HxxnYYPn/jqVTt7z+i2Grft3a8MTB+h1/bv3OMzsXneq54Ud9L09N3v7o1UX5f1LBUxbl/zDjkP8roovL/wAAAPBZ9t/O/8micQY2WP5vONM3+wcHX6vr+PucxXt+9dAVi8+e/tv8U7t3DV9zR8v6uoeuLMr/M8vL/8Pypx0e/F2Y8OrRUTSz/JMKAAAAFAj/737+o4WQ1zOfHMTz+rX/vKp5380ffPMbD97zpzff/s2xA7MnrdteN/PgyzfVf1j5ve3dRfk/WV7+r/p0Xi4AAABQhuePrpw773jPucfPvtB18vDu3pMznjyzrqnvdOslLatXbTr2WlH+T5WX/0cMzcsBAAAALuDeO59bsfnVl/oe2H/X2Ck9FVc1XpK4ZduOqU0TPuq8tPfy7VuL8v/y8vL/yOw2u/Ih06kz/BVC6+goqu7fWZspHIparskVAAAAgE9IyOlbP1ixbOzOsb3jj59+rObQG4dn/2Vt55yN13RXdW/uXNZ4WdH9AkJiL3X//3Cng7D+v+D+f0Xr//MKmbv+zXZjAAAAAL6Iitfzh9vjZ765oNT375e7/n9J3cQTiba33lv11XMHzo1ZsP/7129aV9/be8+El37/wz9M/6i6KP83l5f/K/O3n+T3/wEAAMBF+F/7/r+lReMMbLD7/zdV9DWsWrd3+uota7csTCw7UH3qwdV731+w5l9Tb36+qea6A0X5v6W8/B+2o/JfXkc4P5tGR9H4/p3s3QR/Hqa7OlZor8orZE58rMeNoUe20D4ir5C2Ntbja6OjaHL/TnOs8P+h0BIrnK3JFnbFCsdCIXs95Ap7YoWOcKVtq8lON154MRSyCyzawwqKUbklEbEe75Xq0V+4YI+u3JMDAAB8oYTwnM2yVYXNKB5l2xODHTBysAMqBjugcrADhsUOiB9Y6vFoeWEhPH575yMbNjVMSb7y8NzHfvbms40T9j1+WV3v5g9f2XbvxJ3TW6YW5f9d5eX/cCqGZzal1v9HYf1/9nsNc+v/l4dCbazQHgqp+B0DUuE5MmH34fActalsj7PjcwUAAAD4XAufC1QO8TwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/s3evcdJVd0JAj/d9INumqaNE9GMk3TUgGakaWwNw+AoaoxGRZpZddxkNBBoEGmE8FgFURtQZxziZ3ztrJnoCAoiu+qHGFeDwUhcxIw6iWLiA/Cxjq7r+h6VGM2E/XTfOkXVrS67EFDa+X7/6DpVv/O89eg69946FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/xjuPfjlk4YunP0PHzace8nqqqmL/kfH6Mv+cNW3vvjUPy5b9G9h/i9GnLll3kEXHjd/wbR/6Vi++ogzQmjtKleWFC977oqvPtS613HP3jFw48wbb63fUpWpNxMP/Tr/lGfuXBxbfbF/CHeXhVCRDgypSwKVmft1sb5960LYI2wLZEu01SYl0g2HB2pCWBK2BbJVra4JoS4ncMqG+++7vDNxTU0IXwkhVKfbeKY6aaMmHRhUlQRq04HpFUngt1sT2cBPypMA7LD4Zsi+6Fe15mdo6L5ckddf5U7r2KcrPbw+MdFQPN/rR+3iTuWoSj/QukNPW0F17BIFb4+13m294N1WsJ2v8LTlfpHKfEPZui1UHcontk0aP6d9dnykPDQ19SlW0y56np9+e/6E7Un3mtdh7EDDTnkdXvrYiun9lo2+9OrNvxqz4ayaA3a0m0/lbNLc9K5WHTKvuV7zPEajfJ70grdfwbekRl+6Qghbzz17xtfnTDz7iD63PLnu1QcfrNty9pwFvzhz4nmLLj55w7/Pf6lg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MvFmfzM0BAACg1+gNe01Xnv/6X73+/bWtMxed/u23Dj73w71afz3i/gFVB7yxrqn1/I2ff6Vg/t9Y2vH/eMi/Lne0a0MY1ZVYNCCEvbseTwIrY3e+OyCEL3elWvMDR6UCa0PYpytxULaqVIm+sURjKvByfSYwKhVYHwOtqcDyGLgiFbg4BlalAhNiYG0qcHQMhCn54/hqfWYcJQdqYmBcshFXxbMQ3qmPraW21aZsVQAAADtJZnZYmX8351yHHc0Qp5eranrKEM/ALpqhOlVDegabnVYVraGipxrKe6ohO+6Ojx5+Qc1lPdVccBpGWX6GG9f85X2LXjzsC2P3mvj5xUMvmPKz8eGst++uerx5yYtv7XvEzesK5v/NHz3/r+6mI2UFx/9DGNv1N+Yuz0Tas/FxrXkZAAAAgB1w0R//xR61Lw85oGHT+2X3zl/7xKMrfrl5j1NOf3/c8a//8PCaxnsL5v+jSjv/P+4T6ZOTOTwSd0NMHRBCc34gqXZkYSA56t0vEwAAAIDeIHs8PnssfErmNjlFOz2fLszfup3544H/Ud3m//09/7P2jq3/+mLZBd89d0TNgKX/9GrHhBNOPvqW47/1zj4VB/yyvGD+31ra+f+1+bdJJ9bHXlw9IIS+OYEHYy87A10aY+D5I/MDmfGvjxtgcawqc2JCtqrFscS4GGhOBZYUK/FotsTe+YHMk5VtfFF2HFMyJXICAAAA8ImLuwPicfl4/n/LGSNO++vvzfrbha88eN7qCy75q+Ed80eedP/THzbMvXJp2PTmEQXz/3Hbd/5/1zy44PT+9n4hDK0IoU/6hwGP1CYLA8ZAXVkmcW9tUlefdFULa0MY2TmwdFUvZNb/r0ivMfh4TVJVDOy93y1vD+pMLKsJYWhu4IlvLz2sMzEnFcg2flpNCF/qHG268bv6Jo1Xphu/tm8IX8wJZKua0DeEzsaq0lX9r+rMdQzSVa2qDmHPnEC2quHVIcwNAPRW8X/pxNwHZ82dN3V8e3vbzF2YiDvxa8KkKe1tTROmt0+sLtKniak+561jtKBwTKVe+mZTZo2ixSsnV5aSzv5QsDm3rcyO/IIzBzP345ehyq5xHlKZd7clPeQD9y9sIuR8lSo25PJdPOTa3Eq2PYkF9cf8VaFf6DtnVtvMpvPGz549c1jyt9TshyR/43GmZFsNS2+r2u76VsLLo+hyWSkfd1sNyq1k6OxpM4bOmjtvyJRp4ye3TW47p+XQP2sZMXz410YM7RxUc/K3h5EO6q7m1Ei3Li1xWDtxpF+oyKnkk/jQkJCQ6G2J/f7L5odH77n+nOt/9tqPz+/3zdPu3fvImT889KqpD1Xve/ji24ccWDD/n/HR8//4qRM/+DPrMxQ7/t8QD/Mnj287zD8uBpaUevy/odjR/OyJAY2pQEcMdDjMDwAAwGdD3B0Z92bGndKbb1m/buOSlrk/aHin5dY17Utvuum+U39y58ATvjQ47LXhuhM+VzD/7yjt9/87af3/7NL1JxRb5v+gWKK52Pr/6WX+s+v/dxRb/z+9zH92/f8ln8L6/3OygdQmecf6/wAAwGfBJ7f+f4/L+6cvEFCQocfl/dMXCCjI0OMy/qVeIGC71/9f8+Bff6Wq35g7/qTlN/WXvPZ39xzWeuS6zTP/5Etb10+877qxt6wpmP9fUdr838L9AAAAsPv4z5ddU3H02Xff0bJu6sZxbw5+98m3lgzq80HF0Q+3j3xh4Bu3nlcw/19S2vz/k1//LxQ7/7+xWKC12MKA1v8DAACglyq2/t89Q1sa/zCm/x+eHvab5Q/ePPqnj/z898v3+/mJPyvfZ8Gxz8+8bFLB/H9VafP/eNpFeV7u2JsP65M17UJ6Tbs367M/GQAAAIDeoTw0NVWWmDdvYdSjPn6bT2eWAv2odK7vvXLt2ZtfmH7c46ev+7uaEwbvOWHaBasa/2b4gXd+ftQley7ddGrB/H9tafP/vN9lXPrYiun9lo2+9MOrN/9qzIazag7YdvwfAAAA2HVK3S8BAAAAAAAAAAAAAAB8+s7tWHzhI8uOfe+bt//F/kcseXXwbXcd+Lsh/V664qoHJq1648zJXy/4/X8Y21Wu2O//43X/4u8L/igvd2y15/X/MvdPOfH2uV1LFj5SH8L+uYGpC6fuETLX5h+cG7jvjIMGdiYWpkusefbolzoT30kHjh/yuS2dicNTgXFxkcR90oF4VcUt/VOBuLzi4+lA3B6r0oGqTOCy/sk4ytLb6pW6ZFuVpbfVxroQBuQEstvq7rqkjbL0AK9JBbID/F46EAd4ciZQnu7V7f2SXsVAXSx6Q7+kVwAA7Lbit8DKMGlKe1tz/Aofb79QkX8b5S1ZtqCw2rISm9+UWZps8crJlaWk+6S/i2671nhlqO4cwrCCr6u5Wcq6Rrlzaulh0/1RkSH3tNpbeZFyadu76aqKj6gmGVHThOntEyt7HHhLz1kOqegxy7CCyU5ulvKuTVpCLSX0pYQRlbhtSuhyvF8empr6pHL9eQw2hDw9vSJK/b1+7jp/xV4FuXluO/TKt758zE+f++CfP/9E/2+cVnP7rO+/e+KvX7//wEOOuG5C05otBfP/htLm/9W549qSuRhAR7yy3sgBIYwrcUQAAADw2XfbRbfecfr09a9MWlvx5GOPTS0fc3rl1vl3zp93ycZ7Fx9/2cErdjR+2Fm//f5vBu//b89e9dJPR+7zwA03/58nD3v8z3//8I8eeqduZZ+x7xXM/xtLm//HPViZQ8HJ3o618fr/iwaE0HVp/YYksDIO97sDQvhyV6o1lkguqH9CLNGcBFbGHSYHxRLjWvOr6hsDq1KBl+szgbWpwPoYyOyluCVkduVcWR/CYV2psfklZsQSDanAmBhoTAWaYqA5FegfA6NSgdf6ZwKtqcDDMRCm5G+rH/fPbCsAAIDtkZlnVebfDel53qqKnjKU9ZShtqcM5T1lqO4pQ7FRxPt3xAyVqZNXynIyVaZrrUnVUpAhXgx/u/tVkCE8mp8zXbCg6Xj+QfZ8g7L8DFf+4NlT1w+e/tDqzcd8beBt/zhkz4Obp9e9t+CGp3475pzrnv/TQQXz/+bS5v+1+bdJ6+vj/H/b9f+SwIOxe1fHU8cbY+D5I/MDmR0D6+Nkd3G2qtZMicykfXEsMSoGGlOBGTEwKhUYNzYTWDIwP5CZaWcbX5RtfEqmRE4AAAAAPnFxB0HcTRPn/zce9YOr3x8wccuyeTPvH9vyxMmjv3H1XT+6d/9ld767YvCAce99p2D+P6q0+X9sr19uYxfH3rzYP4S7y7b1JhsYUpcE4n6Muvjz+H3rQtgjZwdHtkRbbVKiKtVweKAm+YV6Vbqq1TXJGgPx/ikb7r/v8s7ENTUhfCVn70u2jWeqkzZq0oFBVUmgNh2YXpEE4p6fbOAn5UkAdlh2r2B8QWVOdclq6L5ckdffZ+WaoOnhFewD7SZfd7+52lWq0w9k9qlmbd/TVlAdu0TB22Otd1tvfLc1eLflfpHKfEPZui1UHcontk0aP6d9dnwk95esBXbR85z7K9VS0jvhddjx8Xvbs+p0B5pTHx/N3Zfr/nVYFqu79LEV0/stG33p1Zt/NWbDWTUHlNyNIuIPhX+05X9XPpWzeXe16pB5zfW6z5NWnye98d9Ao6cthHDZ9cfsu+TdX+/33A3Pnbqu7Maxr/7lrHs2Lf+bysNHrXv/yaGjLy+Y/7eWNv+vSN12+V3cmLMGhHBgzsZ9JG7+YwYkn4M5geRTcs/CQHLI/V/ri35yAgAAwM6W3d2R3V8wJXObnBCenicX5m/dzvxxf8WobvOX2u9j121cedLQN6474G8vOPGNv7/28Kceuv6ysnXL//vYD1avuXzxe08UzP/HffT8v2+qm47/O/7PLuL4f7d2913RfdMPdOzQruiC6tglHP/v1u7+bnP8v1uO/zv+3x3H/3vg+H+3dvenreBb0gxfujonwdff+fPfTbzpg7mN+x180lPPHDrxun+6quXuu0555b+de9601761uWD+P6O0+b/1/7pftC+7/t+4Yuv/zSi2/l+H9f8AAIBdqshCc+l5XsHqfQUZ0qv3FWTocYHAHpcYtP7fdq//t3Dkv1904Q+fb7n2nTvHXb5m07Fnvvr0utXPzFpx3Lnnv9V6112tBfP/jtLm//Hl0C+39d6y/l/j2CJVXREDMywMCAAAwO6o2A4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPl2HnvbO+5d8/R/aBv1ixc1/f+v/+7/P1q594JvfuGn4L6f86RllazZcM+LMLfMOuvC4+Qum/UvH8tVHnBHClK5yZUnxsueu+OpDrXsd9+wdAzfOvPHW+i3VmXorM7d/nJc7tvphfQhLch6pi4k36zvvbAuccuLtcys6E4/Uh7B/bmDqwql7dCaW14cwODdw3xkHDexMLEyXWPPs0S91Jr6TDhw/5HNbOhOHZwJl6e5e1z/pblm6u5f3D2FATiDb3bP751eVbeO4TKA83caKuqSNGKiLRa+tS9qIgfZYYkrfEIZWhNAnXdU/VydV9UlXdU91UlWfdFUXVYcwMoRQka7quaqkqor0yB+tSqqKgb33u+XtQZ2JpVUhDM0NPPHtpYd1JmamAtnG/1NVCF/qfMmkG/9xZdJ4Zbrx/1oZwhdDCFXpEu9VJCWq0iVeqAhhz5zAto1YEcLcwGdD/PSZmPvgrLnzpo5vb2+buQsTVZm2asKkKe1tTROmt0+sTvWpmLKc9NYFH3/sm96eP6HzdvHKyZWlpCsy5Sq7unxIZd7dlt2997FftbmVbHs+CuqP+atCv9B3zqy2mU3njZ89e+aw5G+p2Q9J/vbJRJNtNay3bKtBuZUMnT1txtBZc+cNmTJt/OS2yW3ntBz6Zy0jhg//2oihnYNqTv7ujJEu/eRH+oWKnEo+ife/hIREb0uU5326Ne/un+MFX/S3dbQyVHd9QBdMK3KzlHWNcmcM+qiPOeKP8zWlxxENK5g4FGQ5pOcsLQWTiW1ZapIsXV/rCiaHuTWVd23SeL88NDX1KbYdGvLv5m7e13dg8z6d2XSlpgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAA//8fSxmR")
chdir(&(0x7f0000000040)='./file0\x00')
ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r0, 0x4008941a, &(0x7f0000000080)=0x2)
r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r2 = accept4$unix(0xffffffffffffffff, &(0x7f00000000c0), &(0x7f0000000000)=0x6e, 0x40800)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000400)='./file3\x00', 0x40802, 0x4)
syz_clone3(&(0x7f00000006c0)={0x80000000, &(0x7f0000000440), &(0x7f0000000480)=<r4=>0x0, &(0x7f00000004c0), {0x1f}, &(0x7f00000005c0)=""/228, 0xe4, &(0x7f0000000500)=""/17, &(0x7f0000000540)=[0xffffffffffffffff, 0x0, 0x0], 0x3}, 0x58)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000740)={{{@in, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in=@dev}, 0x0, @in6=@empty}}, &(0x7f0000000840)=0xe8)
ioctl$sock_inet_SIOCSIFDSTADDR(r2, 0x8918, &(0x7f0000000d00)={'veth1_virt_wifi\x00', {0x2, 0x4e20, @rand_addr=0x64010102}})
read$FUSE(0xffffffffffffffff, &(0x7f0000004280)={0x2020, 0x0, 0x0, 0x0, <r6=>0x0}, 0x2020)
setxattr$system_posix_acl(0x0, &(0x7f0000000240)='system.posix_acl_default\x00', &(0x7f00000004c0)={{}, {}, [{0x2, 0x4}], {0x4, 0x2}, [{0x8, 0x2}, {0x8, 0x6, 0xffffffffffffffff}, {0x8, 0x5}, {0x8, 0x6}, {0x8, 0x2}, {0x8, 0x2}, {0x8, 0x4, r6}], {}, {0x20, 0x1}}, 0x64, 0x1)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x7)
statx(r0, &(0x7f0000000880)='./file3\x00', 0x6000, 0x200, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, <r8=>0x0})
r9 = getgid()
r10 = syz_clone(0x2180, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_procfs(r10, &(0x7f0000000140)='coredump_filter\x00')
statx(r0, &(0x7f00000009c0)='./file3\x00', 0x0, 0x0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, <r11=>0x0})
getresgid(&(0x7f0000000b00), &(0x7f0000000b40)=<r12=>0x0, &(0x7f0000000b80))
sendmsg$unix(r2, &(0x7f0000000cc0)={&(0x7f0000000140)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f00000001c0)=[{&(0x7f0000000240)="49e50514af67d9aeca19c6264a89a408adefffe5a9901c58cadd8e7c5f15ca1244a71b94b51c74d509c875cc23bf8bf9d1daff239c7f3a968ef54774e11705fe23b3ad0bf4f3f08da15c4fe3ba94a5d8cee6f66eb32a97ae0690963b91fd074fe7b146d636b9ddce203764cebcf5dcc15b6ef96d2c67a3d10feeaca5b91c6ab4cc48745409532ec200ab81cd", 0x8c}, {&(0x7f0000000300)="9beed340e75a2c5ce6eedd72a66e53931c03b9cbef8348c3aa23ec94f910f235bf5ffe1047ec56b184c264309484bb7f95bf41b17e0bbdeeb34beaca506d35b2387264ccf42120543eaa5ac6819367a585cad8e5e3cf967acc2de1a7feb07dc98b1d12025f117498d60844762a22b5d703dc95b8d1cd49ed2236efcdaaf69e5f18c4687ebd3c719da797784bcb02b468b3a154b7806fd648826472507a1c1457c97247c6d8c86c54a28333633fe4d056bd66e7a4ceb1bb476ea3c9262ef1dc027b42172e873d511d4183dfa7b81c57023c53245c1e4a8a47e837c8f4d0e1e305a654c3b53c1049aafeea86ee638ff840ca1010a88f", 0xf5}], 0x2, &(0x7f0000000bc0)=[@rights={{0x34, 0x1, 0x1, [r1, r0, r3, r0, r0, r1, r0, r1, r1]}}, @rights={{0x20, 0x1, 0x1, [r0, r1, r1, r1]}}, @cred={{0x1c, 0x1, 0x2, {r4, r5, r6}}}, @cred={{0x1c, 0x1, 0x2, {r7, r8, r9}}}, @cred={{0x1c, 0x1, 0x2, {r10, r11, r12}}}, @rights={{0x2c, 0x1, 0x1, [r1, r0, r0, r0, r1, r1, r1]}}, @rights={{0x18, 0x1, 0x1, [r0, r0]}}], 0x100, 0x8800}, 0x0)
fanotify_mark(0xffffffffffffffff, 0x1, 0x100018, 0xffffffffffffffff, 0x0)
sendmmsg(r1, &(0x7f0000009d40)=[{{&(0x7f0000001f80)=@sco, 0x80, &(0x7f00000034c0)=[{&(0x7f0000002000)="fb", 0x1}], 0x1}}], 0x1, 0x4004000)
creat(&(0x7f0000000580)='./file3\x00', 0x2)

2m31.625078467s ago: executing program 0 (id=102):
r0 = socket$inet6(0xa, 0x3, 0x3c)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x5000, 0x0, @loopback, 0x5}, 0x1c)
syz_open_dev$usbfs(&(0x7f0000000180), 0x9, 0x12080)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1)

2m30.80258783s ago: executing program 0 (id=105):
socket$nl_route(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = userfaultfd(0x80801)
mremap(&(0x7f00003cd000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f0000c9a000/0x2000)=nil)
close_range(r3, 0xffffffffffffffff, 0x0)

2m30.043193067s ago: executing program 32 (id=105):
socket$nl_route(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = userfaultfd(0x80801)
mremap(&(0x7f00003cd000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f0000c9a000/0x2000)=nil)
close_range(r3, 0xffffffffffffffff, 0x0)

1m18.906185506s ago: executing program 2 (id=263):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$bt_hci(r1, 0x84, 0x7f, &(0x7f0000000080)=""/4057, 0x0)
write$proc_mixer(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f00000000c0)='/sys/kernel/debug/sync/info\x00'}, 0x30)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = gettid()
syz_open_dev$sndpcmp(&(0x7f0000000480), 0x401, 0x4000)
syz_open_dev$dri(&(0x7f00000001c0), 0x5, 0x50000)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
io_uring_setup(0xab1, &(0x7f0000000080)={0x0, 0xdf4, 0x800, 0x0, 0x2})
writev(r3, &(0x7f0000000000)=[{&(0x7f00000004c0)='4', 0x1}], 0x1)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r2}, &(0x7f0000bbdffc))
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r2, 0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000240)='@[\x00'}, 0x30)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f0000000180)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc)
r4 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x80042, 0x0)
ioctl$PTP_PEROUT_REQUEST2(r4, 0x40043d0d, 0x0)

1m17.763642842s ago: executing program 2 (id=264):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000), r0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r2=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010028bd7000010000000f000000080034008000000108000300", @ANYRES32=r2], 0x2c}, 0x1, 0x0, 0x0, 0xc880}, 0x40000)

1m17.445913384s ago: executing program 2 (id=266):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000d00000000080000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000280)='netlink_extack\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="24000000190001002cbd700000c8c3532d"], 0x24}}, 0x0)

1m16.930144956s ago: executing program 2 (id=268):
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x210000, &(0x7f0000002f40)={[{@nodelalloc}, {@dioread_lock}, {@barrier_val={'barrier', 0x3d, 0x4}}, {@nolazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@errors_remount}, {@stripe={'stripe', 0x3d, 0x10}}, {@bh}, {@init_itable}]}, 0xfc, 0x56f, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hzcpouowmHWsduD24F19kCCIOxD/Adx+H/4B/xUAHQ0bRBxEiN73psjZp2i4z2fL5wG3Pyb23535z7vf2nNyEBDC0jqU/chEvR8Q3ScShlnX5yFYeW9tu9eH1mXRJol7/9M8kkuyx5vZJ9vtAVnkpIn79KuJkbnO71eWV+WK5XFrM6hO1hSsT1eWVU5cWinOludLlqenpM29NT737zts9i/X1839//8ndD898fXz1u5/vH76dxNk4mK1rjeMJ3GitHCv+m5VG4+yGDSd70NggSfp9AOzKSJbno5FeAw7FSJb1wPPvy4ioA0Mqkf8wpJrjgObcvkfz4GfGgw/WJkCN2Mda48+vvTYSextzo/2ryWMzo3S+O96D9tM2fvnjzu10ia1fh9jXpQ6wIzduRsTpfH7z9T/Jrn+7d7rx4vHWNrYxbP9/oJ/upuOfN9qN/3Lr459oM/450CZ3d6N7/ufu96CZjtLx33ttx7/rl67xkaz2QmPMN5pcvFQunY6IFyPiRNS73vo4s3qv3mld6/gvXdL2m2PB7Dju5/c8vs9ssVaMiLFdhvyYBzcjXsm3iz9Z7/+kTf+nz8f5bbZxtHTn1U7rusf/dNV/initbf8/6tZk6/uTE43zYaJ5Vmz2162jv3Vqv9/xp/2/f+v4x5PW+7XVnbfx495/Sp3W7fb8H0s+a5SbSXCtWKstTkaMJR9vfnzq0b7NenP7NP4Tx7e+/rU7/9PJ1+fbjP/WkVsdNx2E/p/dUf/vvHDvoy9+6NT+9vr/zUbpRPZIdv1rLztXtnuAT/r8AQAAAAAAwCDJRcTBSHKF9XIuVyisvb/jSOzPlSvV2smLlaXLs9H4rOx4jOaad7oPtbwfYjJ7P2yzPrWhPh0RhyPi25F9jXphplKe7XfwAAAAAAAAAAAAAAAAAAAAMCAOdPj8f+r3kX4fHfDUNb7YYE+/jwLoh65f+d+Lb3oCBlLX/AeeW/Ifhpf8h+El/2F4yX8YXvIfhpf8h+El/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCnzp87ly711YfXZ9L67NXlpfnK1VOzpep8YWFppjBTWbxSmKtU5sqlwkxlodvfK1cqVyanYunaRK1UrU1Ul1cuLFSWLtcuXFoozpUulEb/l6gAAAAAAAAAAAAAAAAAAADg2VJdXpkvlsulRYWOhfdjIA7jaQa4Zle75wclCoUOhZtZ9+5srz5elAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/8CAAD//4yLMZo=")
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000240)='./file0\x00')
rename(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file1\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x10)
fchown(r0, 0x0, 0x0)

1m15.764852664s ago: executing program 2 (id=271):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000180), r1)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000f00)={0x11, 0x7, 0x0, &(0x7f0000000800)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0, r4}, 0x18)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00030000000000001c0012800c0001006d6163766c616e000c000280080007004b4c000008000500", @ANYRES32=r5, @ANYBLOB="a0", @ANYRES8], 0x4c}}, 0x20004000)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x1, 0x803, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="440000001000030425bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="00040000000000001c0012800e000100697036677265746170000000080002800400120008000a00", @ANYRES32=r8], 0x44}, 0x1, 0x0, 0x0, 0x24000804}, 0x8000)

1m15.186216093s ago: executing program 2 (id=275):
r0 = syz_io_uring_setup(0x237, &(0x7f0000000480)={0x0, 0x8900, 0x400, 0x0, 0x2cf}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000600)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x0, @remote}}, 0x5, 0xe, 0x0, 0x6}, 0x9c)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB='3'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x24, 0x2007, @fd, 0x800, 0x0, 0x0, 0x18, 0x0, {0x2}})
io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0)

1m14.397039023s ago: executing program 33 (id=275):
r0 = syz_io_uring_setup(0x237, &(0x7f0000000480)={0x0, 0x8900, 0x400, 0x0, 0x2cf}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000600)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x0, @remote}}, 0x5, 0xe, 0x0, 0x6}, 0x9c)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB='3'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x24, 0x2007, @fd, 0x800, 0x0, 0x0, 0x18, 0x0, {0x2}})
io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0)

18.702397869s ago: executing program 3 (id=409):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000340)='./file0\x00', 0x0, &(0x7f0000000040)={[{@autodefrag}, {@clear_cache}, {@space_cache_v1}, {@max_inline={'max_inline', 0x3d, [0x2d]}}]}, 0xff, 0x50d4, &(0x7f00000051c0)="$eJzs3U+IVWUfB/Dnzjg6KDjXnbp48QW3wiQKRURDaFaYc82CosVMLYIQYVAwFy3EgpIWDgha4cJgWmR/nFVFC3GVBEEQBcEgzEKQdkIxGC6Ke8957pz7HO+5dyZ1TD+fmDnnOb/zPOeZy1nc783n3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhhJNz585V1bdemTm7Y2DP1Us3T+w8NTE6H0KtdbyW1yeeeuaFNw5MPD8cO0zuz7b1erchs67zWWN1x8Fmv86f10IIQ8kAg/l292Bp1OLu4fKAlfZfXNh25NbeXTPHxg9dOLp5qvyn0zS80hNYKfl9dW3xXhpr/R5Izmi3C7dereMWzfqnN9w9+SMAgCUZbbQ27bej+Vvcdvt4Wk/aY0l7OmnHdwjTxcZyZOOu7jbPLWl9heY5lkWFNd3mWU/q+evfbjeSekjbnVFjCfPsPDWPNMPd5jmV1FdqngAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD3k6c/+eJ6VX3rlZmzOwb2XL1088TOUxOj8yHUW8drWbn2xMLcwqa3dj/63e4vP/6zPn5yMO8Xt6sKJ4ff4s5jIyG8Xqhci8P+vj6ERmeh1QwflQtvtnaejQUAAAAeJJtavwfa7SwODnW0a600WWv9F2Vhcf/FhW1Hbu3dNXNs/NCFo5unlj9eo8t4Y7cdr92uL/7UCsE4xt90vMV6PPVwaZxq6Yhpnn959MPtVf1L+b9enf/jKyf/AwAA8G/I/+k41Xrl//nPX91X1b+U/7d0XLKU/+OMY/4fCMvL/wAAAHA/u9v5f6w0TrVe+f/r9/edrupfyv+j/eX/VcVpx4M/xgkfHAlhtNfUAQAAgC7i/3df/Ggh5vXsk4M0r7+49fpQ1Xil/D/WX/6vHBQAAAC4p34488jfVfVS/m/0l//X3NVZAwAAAEvxv/cmD1TVS/l/sr/8vzbf5isfsk7fx3+FcHokhOHmzlRWuBKmn2wXAAAAgDsk5vSXvt18tOq8Uv6fqn7+f3zSQVz/3/H8v9L6/0Ihe+rf4x4MAAAAwMOovJ4/Ph4/++aCbt+/3+/6/09//nVD1fVL+f94f/l/sLi9k9//BwAAAMvwX/v+v1dK41Tr9fz/t9/dsLT8P91f/o/bdcU/73J8fd4ZCWFjcyd/muBn8XIHk8LsUKHQ0kh6HIg98sLsmkKhZSrpsX0khP83d44nhQ2xMJ0UbqzPC+eTwk+xkN8P7cJXSeFyvNPOrM+nmxa+iYV8gcVsXEGxrr0kIunxR7cezcJte8y1Lw4AAPBQieE5z7JDnc2QRtnZWq8T1vY6YaDXCYO9TliVnJCe2O14mOwsxON//TL+XKhQyv/n+8v/8aVYnW26rf8Pcf1//r2G7fX/k7FQTwqzsdBInxjQiNfIwu4H8Rr1Rt7jxsZ2AQAAAB5o8XOBwRWeBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAPe/ceY8dVHw787PN61+vdDUHKQxYxL0N+ktdrOw7WLyCcVBEIpGQtov6DQtbYm9TxBhs/Co4s1RhUlCKEC66IQh+2RFSnEsgqbXmEEosqQVUtGoU2fziPpgWEKkGjFNclSiRX986c2bln9j78WNsbPh/Je8+933POzDn33vGcmblnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgt8PV373hy+3i7/jR1796U+8HXvjBbw6u/9I9ky+FMNV4vScL97zvzHNnrvvU7Ru+d/s3Hjk9fudDg3m5PB6W1v/05k8+F2v92bIQvt0TQn8aWDWSBQby5yOxvuUjIVwV5gJFiZnhrES64PDkUAhHwlygqOq7QyGMlAJ3PfPDJ75YTxweCuGdIYRauowXatkyhtLAysEsMJwGdvRngf89mykC3+nNAnDB4peh+NAfn2rOMD5/uRafv4GLtmKXV9q8vpgYb53vV7cu8EqVDKYvTF3Q21apjgVR+Xqc8G1bBN+2Sj8f8raVd6TyPZSzc6Fa6N06c+/mvbN74iu9YWKir1VNC/Q+n3pl/5ZzSS+az2FcgfGL8jm8//DNzw5+7I4XH3n98f2na19bfqGr2ap7F1ot5J+5RfM+RhttTxbB16+yl7TCTlcI4fSJk/vbxSvj//H24//4cY6PvU25Y62vjWZj8/jKSEy8PJqNzQEAAGDRWAxHTQdX/OtP29VXGf+v6O78fzzlnw/ms9aeCGFjI/HZsRCubbyeBR6Li/v4WAhvbaSmmgO3JoETIVzXSNxYVJWUWBJLrEgCvxjNAxuTwFMxMJUEHo2BQ0ngczFwPAlsiYETSeC2GAjbmtvx/0bzdnQdGIqB6awTj8erEH49GpeW9NVzRVUAAAAXST46HGh+WrrW4UIzxOHl8aFOGeIV2C0z1JIa0hFsMaxqWUN/pxp6O9VQtPtA++ZXau7pVHPlMoye5gz/c+qaHaGNyvh/sv34vzbPivRUzv+HyU2Nh5i7N4/MFhmmp5oyAAAAABfg9948vbldvDL+39jd9f/xmEhfKXM4GQ9DbB8LYbI5kFV7SzWQnfVemgcAAABgMSjOxxfnwrflj9kl2ul4upp/6hzzxxP/G+fNv+PH//J4u/WtjP+nurv+f7j5MVuJp+JafGUshCWlwI/iWtYDDSti4KX3Nwfy9j8VO+ALsar8woSiqi/EEtMxMJkEjrQq8XRR4trmQP5mFQv/bNGObXmJUgAAAAAuuXg4IJ6Xj9f/r/nbP3yyXbnK+H/63K7/b4yDK5f3zy4NYXV/CH3pDwNODmcTA8bASE+e+PvhrK6+tKqDwyHcUm9YWtV/5PP/96dzDP5kKKsqBq5927FXVtYTXx8KYXU58OxHj66vJ/YmgWLhvzsUwg311qYL/7sl2cIH0oU/vCSEt5QCRVVbloRQX9hgWtU/1PL7GKRVHa+FcHUpUFT1nloI+wIAi1X8v3Rr+cXd+x7cvnl2dmbXAibiQfyhcO+22ZmJLTtmt9ZarNPWZJ2b5jH6TLVN3d765vk4R9Hdx8a6SRc/FJwsLys/kF+5cjB/HneGBhrtXDvQ9HRd2uR3v726iFDalWrV5N4FbvJwuZK5N7FSf8w/GJaGJXt3z+ya+PTmPXt2rcn+dpt9bfY3nmfK+mpN2lfD861bFx+PltNlJc63r1aWK1m954Gdq3fve3DVtgc23zdz38wnNkyuW7vh5sn171ldb9Rk9rdDS1fOV3PS0rNHu2zWRWzp9f2lSi7FRkNCQmKxJQYH7jzVbvNTGf/vbD/+j1uduOHP52dodf5/PJ7mz16fO80/HQNHuj3/P97qbH5xYcCKJHAgBg44zQ8AAMAbQzwcGY9mxoPSB971wvvalauM/w909/v/izT/fzF1/YdaTfN/Yywx2Wr+/3Sa/2L+/wOt5v9Pp/kv5v8/chnm/99bBJIu+bX5/wEAgDeCSzf/f8fp/dMbBFQydJzeP71BQCVDx2n8u71BwDnP//83v1yzPrRRGf8f6m78b+J+AAAAuHJcc9sNP24Xr4z/j3Q3/r/08/+FVtf/r2gVmGo1MaD5/wAAAFikWs3/98xHdr6/XbnK+P94d+P/eNlFb1PuWOtro9mcdiGd0+7l0eInAwAAALA49IaJiYEu8zZNjHrr+S/zVJwKtE267NDnj53b7/9PdDf+b/pdxv2Hb3528GN3vPjaI68/vv907WvL587/AwAAAAun2+MSAAAAAAAAAAAAAADA5ffo1d+ad16AqPL7/7Cp8Xqr3//H+/413TTxTD4Z4IE4s/6XxkzzBwAAAAvroVtffTj+u+/Lf/Rf7fJWxv/j3Y3/4/0F8vvgZbfeOxHv//fZsRAat9YbzwKPxcV9fCyEtzZSU7FEdkO9D8USk1ngsThh4o2xxPRUc1VLYuB4EvjFaB44kQSeioH8KMWxeGPAPx4NYX0jtam5xM5YYjwJ3BkDK5LARAxMJoFlMbAxCfxyWR6YSgL/FAP5zQeLvvrWsryvAAAAzkU+zhpofhrScd7x/k4Zejpl6LiI4U4ZejtlqLXIEJ//dVyHgfJ8/HmG+NJAWutQUkslQ7wZ3vk3vZiu7+nmnGnByqL7YsHx5pwxw85/vukroY3K+H9Fd+P/y3j///Ru/htjYEUS2BkDG5PA9KY8cOSa5oD7/wMAAHBla3X//9G3/NWhduUq4//J7sb/8UDEm5tyx1o73/8/f37Xh7+5r7HKJ0dDeHs5sP3g9qvqiUdHQ3hXOfDE3Tc2Ru0H0xLff/G2n9cT96SBD65605l64r1JYDp20nVpIB5VObMsCcTu/UkaiP1xPA0M5oGHlmXt6En76j9Hsr7qSfvq1Eh2eUVP2lffHsmW0ZM28HASKBr4yTQQG3hHHuhN1+qbS7O1ioGRWPQvlhYXfQAAcGWKe4ED4d5tszOT6U94r+9vfoyabln+mWq1PV0u/vl4a/K7j411k+5L90VrRVUDoVZvwprK7mo5S0+jlRenlg5d9+YWTe50t/feFuVS59p1g61bNJS1aGLLjtmtAx0bvq5zlrX9HbOsqQx2yll6G13aRS1drEsXLeqyb7pY5fi8N0xM9CW5/n8MjocmnT4R3d6vr3yf/1afgnKeo5//91fb1VcZ/2/sbvwf27M0lD7On4u1/mxZCN/umTsaUQRWjWSB2NyRODxePhLCVaV+KErMDGclBpMFhyeHshHqYFrVd4eyYwzx+V3P/PCJL9YTh4dCeGfpvSqW8UItW8ZQGlg5mAWG08CO/iwQr/woAt/pzQJwwYqNQvxA5T91KYzPX67F5++Nck/QtHmVa6DmyTffNneh1NIX8muqCuf2tlWqY0FUvh4nfNsW47ct+LaVd6TyPZSzc6Fa6N06c+/mvbN74ivlPdmKBXqfy3up3aQvwufwwPmvbWe1dAUmk83H5Pzl5v8c9sTq7j9887ODH7vjxUdef3z/6drXlne9Gi3EgcKT//2mq8rdu9BqIf/MLbrtyZTtyWL8b2Dc2xZCOPTnQ59sF6+M/6e6G//3J48Nr8bO3D0WwrtLnXsydv/vjGXbwVIg20peXQ1kl9z/dLTllhMAAAAutuJwR3G8YFv+mP0gPB0nV/NPnWP+eLxi47z5u13v/U/+/mPt4pXx/3T78f+SZDWd/3f+nwXi/P+8rvRD0UvSFw5c0KHoSnUsCOf/53Wlf9uc/5+X8//O/8/H+f8OnP+f15X+tlX2knba6QohnL1+4OF28cr4f2d34//fsvn/09n8i/n/00n7i/n/p1vN/7+z1fz/B8z/DwAALKgWE82n47zK5PyVDOnk/JUMPUmGc7/FQMdp9M3/n87/f/DPbtkT2qiM/w90N/6PH4eR8tIXy/z/45talNi4qXl1i8ChGNjpjgEAAABcRvEAQbzovdsZJgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFhYd7x6ZnO7+Dt+9PWv3tT7gRd+8JuD6790z+RLIWxrvN6ThXved+a5M9d96vYN37v9G4+cHr/zoVpebiB/XN6UO9b62mgIR0qvjMTEy6P1J3OBuz78zX399cTJ0RDeXg5sP7j9qnri0dEQ3lUOPHH3jdfUEwfTEt9/8baf1xP3pIEPrnrTmXrivXmgJ13dP12WrW5PurpfXBbCWClQrO79y5qrKpbxgTzQmy7jL0eyZcTASCz68Ei2jBiYjSW2LQlhdX8IfWlV/1jLqupLq/peLauqL63qD2oh3BJC6E+r+rfBrKr+tOVPD2ZVxcC1bzv2ysp64uhgCKvLgWc/enR9PbErCRQL/8hgCDfUPzLpwr81kC18IF34nwyE8JZSoKhqeiCE+sIG06pO9GdVDaZVfaM/hKtLgaKqm/pD2Be4XOKGZGv5xd37Hty+eXZ2ZtcCJgbzZQ2Fe7fNzkxs2TG7tZasUys9pfTZz5x/259/Zf+WRuLuY2PdpIv1miyvy9NTlRfLz/vzpwONdq4daHq6brE0ebhcydybWKk/5h8MS8OSvbtndk18evOePbvWZH+7zb42+9uXR7O+WrNY+mpluZLVex7YuXr3vgdXbXtg830z9818YsPkurUbbp5c/57V9UZNZn8vRkuPXvqWXt9fquRSbDQkJCQWW6K3aes2eaVvxys7+nMrOhBqjQ10ZVhRztLTaOXFaPSt59Ha3Lk2ujIkqbRoTWXgUMmytnOWdZUxw1yWoSxLY1+wMjgs19Tb6NL4vDdMTPS16ofx5qfl7v3VBXTvqdh1XaYBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4P3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhR04FgAAAAAQ5m8dRs8GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXAoAAP//Qczu7Q==")
r0 = openat(0xffffffffffffff9c, &(0x7f00000003c0)='./file1\x00', 0x42, 0x18)
fallocate(r0, 0x0, 0x0, 0x8ffff)
r1 = openat(0xffffffffffffff9c, &(0x7f00000008c0)='.\x00', 0x40000, 0x1e4)
ioctl$BTRFS_IOC_SNAP_CREATE_V2(r1, 0x50009417, &(0x7f0000003480)={{r1}, 0x0, 0x2, @inherit={0x48, 0x0}, @subvolid=0x3})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x8000, 0x0)
ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000240)=ANY=[@ANYBLOB="66000000000000000000000000a5930200000000070000000004"])

14.887517155s ago: executing program 3 (id=421):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000dc3f6e4013080100083a000000010902120001000000000904"], 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000006c0)={0x24, &(0x7f00000004c0)={0x20, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f00000009c0)={0x44, &(0x7f0000000540)={0x40, 0x6, 0x1, "01"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000440)={0x24, &(0x7f0000000240)={0x40, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

12.185339699s ago: executing program 1 (id=426):
syz_mount_image$iso9660(&(0x7f0000000500), &(0x7f0000000540)='./file0\x00', 0x0, &(0x7f0000000040), 0x1, 0x530, &(0x7f0000000580)="$eJzs3d9P2+YawPHHFATNkaqjc46qCgF9S88kKtHMSVqqqFee8ya8rWNHtlPBVYVKqFBDV5VNGtz1ptuk7Y/o7f6Iaf/QtLtpd0y2ExpKSCi/wtD3E7Xvi/3Y72MT+ZFDbAsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDLrdh2wRLP+M0VdTS3Egb1AfO767t3oBkwroiV/JOpKbmVTbr1v4+zbyb/zctM9tOMTCXNlOz+6+a/H/93fKy7/ICELsT2zu6rtXa79fZES7fPPJ+LVtO+iQJTd2pamShQ5esislyNVNV4OlqNYl1XbqidOAjVgntPFcrlktL51aDp1yqOp7sTH90v2vaSepJvaCeMAv/LJ/nIXTaeZ/xaGpPMTmIeJW/EpyZWsXbqSm1stlulYUkmQYXjBBWHBRXtYrFQKBYLSw/LDx/Z9vihCfYn5FDE6N+0GK0zPoIDJzfWqf/iiRFfmrIiqu/LlYqEEkj9iPkd3fr/xeTgcXvrf7fK3/o4e1rS+j+XBsrcUfV/X/+czv+1LTuyK69kTdrSlpa8HVkmo3nVRIsvRiIJxEhdnHSK6kxRUpYlWRJbnsuyVCUSJVUx4omWSFYlklh0+o5yJRQtjsQSSChKFsSVe6KkIHuTZSmJEi15WZVAmuJLTSripGvZkM10v5cG5LgfVDhOUHFAEPUfp3emx2/gNPa69R8AAAAAAFxZVvrpe3L+PyGzIhOWVI2n7VGnBQAAAAAAzlD6l/+ZpJlIerNicf4PAAAAAMBVY8lc51OAnNzOet0rofgQAAAAAACAKyL9+/9c0uSS3m2xOP8HAAAAAOCq+eGoe+z/lk61LIkak9avf0gYTljvGiv/t7acZIazdS1b7tqna4yr09aNzkrSZmm885OrZ6zO3S/3b4L5e6fZGHavf+sMEpCf5E4Wc2c9a9e7c7JRclXj6bwbeI8L4jg3xmK9En/7evM7STf/R79+w5KNzXYr/+Lr9nqay7tkLe+2OjdQPHQfxQG5fCOzWcxs/y2eSC/E6Iyby8a1e7d/LFt87DPGfC/zWcx8LmtzB7d/KhmzkH/c3Y5Ptj7LYlJETrXl7+VuFnN34W7W9MmimD/qd9DZF8Xe/X+ifXGMLErDsiidMgsAGJWNIVXIOlz4T3CUu5jq/l4WspiF6fTAOj7d54huDzui26es678cegZS/xpbSMf9eX/cQjruh2SBD0eOG3lFS6be/Lm3t/VGbm7v7N7f3Fp72XrZel0slpbsB7b9sCgTG5vjLTtp2i2b2gMA6CN9xo4MesbO0AjrwZCz6v/sf6UgLy9E/trbW5fF9GqD9BsHfdea6/kawuKQs9ZczxNeFoec1eV6HvRyvFjqJADg6pkfUoePU/8Xh5x3H6zlg8+Oe2s5AAA4Hzq8Lrn4eysMTeN5oVwuOPGyVmHgPlWhqdS0Mn6sQ3fZ8WtaNcIgDtzASzrPTEVHKmo2GkEYq2oQqkYQmZX0ye+q8+j3SNcdPzZu1PC0E2nlBn7suLGqmMhVjeZXnomWdZguHDW0a6rGdWIT+CoKmqGr80pFWvcEmor2Y1M1SddXjdDUnXBVPQu8Zl2rio7c0DTiIFthdyzjV4Ownq42P+qdDQDAJbG9s/tqrd1uvT3Hzqi3EQAAHESVBgAAAAAAAAAAAAAAAAAAAADg8ruI6//+eZ3Jy5HGqDtjlyONnk73ptOXJZ/PTv4SpHHMzogPTADO3d8BAAD//5ogUB0=")
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

11.884885729s ago: executing program 1 (id=427):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f0000000280)='asymmetric\x00', 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000100)={0x0, 'veth0_to_batadv\x00', {0x1}, 0x2a})
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
unshare(0x40020000)
syz_emit_vhci(0x0, 0x0)

10.558211033s ago: executing program 4 (id=428):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
close(0x3)
socket$kcm(0x2b, 0x1, 0x0)
r3 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xa43d, 0x80, 0x2, 0x3b9}, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r3, 0x47f6, 0x0, 0x2, 0x0, 0x0)

10.111552509s ago: executing program 3 (id=429):
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x7, @remote}}}, 0x48)
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x2, 0x0)
ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000000)={0xe000003, 0x3ffffddc, &(0x7f0000000180), 0x9, 0x5000004})

8.172174854s ago: executing program 4 (id=430):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000340)='./file0\x00', 0x0, &(0x7f0000000040)={[{@autodefrag}, {@clear_cache}, {@space_cache_v1}, {@max_inline={'max_inline', 0x3d, [0x2d]}}]}, 0xff, 0x50d4, &(0x7f00000051c0)="$eJzs3U+IVWUfB/Dnzjg6KDjXnbp48QW3wiQKRURDaFaYc82CosVMLYIQYVAwFy3EgpIWDgha4cJgWmR/nFVFC3GVBEEQBcEgzEKQdkIxGC6Ke8957pz7HO+5dyZ1TD+fmDnnOb/zPOeZy1nc783n3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhhJNz585V1bdemTm7Y2DP1Us3T+w8NTE6H0KtdbyW1yeeeuaFNw5MPD8cO0zuz7b1erchs67zWWN1x8Fmv86f10IIQ8kAg/l292Bp1OLu4fKAlfZfXNh25NbeXTPHxg9dOLp5qvyn0zS80hNYKfl9dW3xXhpr/R5Izmi3C7dereMWzfqnN9w9+SMAgCUZbbQ27bej+Vvcdvt4Wk/aY0l7OmnHdwjTxcZyZOOu7jbPLWl9heY5lkWFNd3mWU/q+evfbjeSekjbnVFjCfPsPDWPNMPd5jmV1FdqngAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD3k6c/+eJ6VX3rlZmzOwb2XL1088TOUxOj8yHUW8drWbn2xMLcwqa3dj/63e4vP/6zPn5yMO8Xt6sKJ4ff4s5jIyG8Xqhci8P+vj6ERmeh1QwflQtvtnaejQUAAAAeJJtavwfa7SwODnW0a600WWv9F2Vhcf/FhW1Hbu3dNXNs/NCFo5unlj9eo8t4Y7cdr92uL/7UCsE4xt90vMV6PPVwaZxq6Yhpnn959MPtVf1L+b9enf/jKyf/AwAA8G/I/+k41Xrl//nPX91X1b+U/7d0XLKU/+OMY/4fCMvL/wAAAHA/u9v5f6w0TrVe+f/r9/edrupfyv+j/eX/VcVpx4M/xgkfHAlhtNfUAQAAgC7i/3df/Ggh5vXsk4M0r7+49fpQ1Xil/D/WX/6vHBQAAAC4p34488jfVfVS/m/0l//X3NVZAwAAAEvxv/cmD1TVS/l/sr/8vzbf5isfsk7fx3+FcHokhOHmzlRWuBKmn2wXAAAAgDsk5vSXvt18tOq8Uv6fqn7+f3zSQVz/3/H8v9L6/0Ihe+rf4x4MAAAAwMOovJ4/Ph4/++aCbt+/3+/6/09//nVD1fVL+f94f/l/sLi9k9//BwAAAMvwX/v+v1dK41Tr9fz/t9/dsLT8P91f/o/bdcU/73J8fd4ZCWFjcyd/muBn8XIHk8LsUKHQ0kh6HIg98sLsmkKhZSrpsX0khP83d44nhQ2xMJ0UbqzPC+eTwk+xkN8P7cJXSeFyvNPOrM+nmxa+iYV8gcVsXEGxrr0kIunxR7cezcJte8y1Lw4AAPBQieE5z7JDnc2QRtnZWq8T1vY6YaDXCYO9TliVnJCe2O14mOwsxON//TL+XKhQyv/n+8v/8aVYnW26rf8Pcf1//r2G7fX/k7FQTwqzsdBInxjQiNfIwu4H8Rr1Rt7jxsZ2AQAAAB5o8XOBwRWeBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAPe/ceY8dVHw787PN61+vdDUHKQxYxL0N+ktdrOw7WLyCcVBEIpGQtov6DQtbYm9TxBhs/Co4s1RhUlCKEC66IQh+2RFSnEsgqbXmEEosqQVUtGoU2fziPpgWEKkGjFNclSiRX986c2bln9j78WNsbPh/Je8+933POzDn33vGcmblnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgt8PV373hy+3i7/jR1796U+8HXvjBbw6u/9I9ky+FMNV4vScL97zvzHNnrvvU7Ru+d/s3Hjk9fudDg3m5PB6W1v/05k8+F2v92bIQvt0TQn8aWDWSBQby5yOxvuUjIVwV5gJFiZnhrES64PDkUAhHwlygqOq7QyGMlAJ3PfPDJ75YTxweCuGdIYRauowXatkyhtLAysEsMJwGdvRngf89mykC3+nNAnDB4peh+NAfn2rOMD5/uRafv4GLtmKXV9q8vpgYb53vV7cu8EqVDKYvTF3Q21apjgVR+Xqc8G1bBN+2Sj8f8raVd6TyPZSzc6Fa6N06c+/mvbN74iu9YWKir1VNC/Q+n3pl/5ZzSS+az2FcgfGL8jm8//DNzw5+7I4XH3n98f2na19bfqGr2ap7F1ot5J+5RfM+RhttTxbB16+yl7TCTlcI4fSJk/vbxSvj//H24//4cY6PvU25Y62vjWZj8/jKSEy8PJqNzQEAAGDRWAxHTQdX/OtP29VXGf+v6O78fzzlnw/ms9aeCGFjI/HZsRCubbyeBR6Li/v4WAhvbaSmmgO3JoETIVzXSNxYVJWUWBJLrEgCvxjNAxuTwFMxMJUEHo2BQ0ngczFwPAlsiYETSeC2GAjbmtvx/0bzdnQdGIqB6awTj8erEH49GpeW9NVzRVUAAAAXST46HGh+WrrW4UIzxOHl8aFOGeIV2C0z1JIa0hFsMaxqWUN/pxp6O9VQtPtA++ZXau7pVHPlMoye5gz/c+qaHaGNyvh/sv34vzbPivRUzv+HyU2Nh5i7N4/MFhmmp5oyAAAAABfg9948vbldvDL+39jd9f/xmEhfKXM4GQ9DbB8LYbI5kFV7SzWQnfVemgcAAABgMSjOxxfnwrflj9kl2ul4upp/6hzzxxP/G+fNv+PH//J4u/WtjP+nurv+f7j5MVuJp+JafGUshCWlwI/iWtYDDSti4KX3Nwfy9j8VO+ALsar8woSiqi/EEtMxMJkEjrQq8XRR4trmQP5mFQv/bNGObXmJUgAAAAAuuXg4IJ6Xj9f/r/nbP3yyXbnK+H/63K7/b4yDK5f3zy4NYXV/CH3pDwNODmcTA8bASE+e+PvhrK6+tKqDwyHcUm9YWtV/5PP/96dzDP5kKKsqBq5927FXVtYTXx8KYXU58OxHj66vJ/YmgWLhvzsUwg311qYL/7sl2cIH0oU/vCSEt5QCRVVbloRQX9hgWtU/1PL7GKRVHa+FcHUpUFT1nloI+wIAi1X8v3Rr+cXd+x7cvnl2dmbXAibiQfyhcO+22ZmJLTtmt9ZarNPWZJ2b5jH6TLVN3d765vk4R9Hdx8a6SRc/FJwsLys/kF+5cjB/HneGBhrtXDvQ9HRd2uR3v726iFDalWrV5N4FbvJwuZK5N7FSf8w/GJaGJXt3z+ya+PTmPXt2rcn+dpt9bfY3nmfK+mpN2lfD861bFx+PltNlJc63r1aWK1m954Gdq3fve3DVtgc23zdz38wnNkyuW7vh5sn171ldb9Rk9rdDS1fOV3PS0rNHu2zWRWzp9f2lSi7FRkNCQmKxJQYH7jzVbvNTGf/vbD/+j1uduOHP52dodf5/PJ7mz16fO80/HQNHuj3/P97qbH5xYcCKJHAgBg44zQ8AAMAbQzwcGY9mxoPSB971wvvalauM/w909/v/izT/fzF1/YdaTfN/Yywx2Wr+/3Sa/2L+/wOt5v9Pp/kv5v8/chnm/99bBJIu+bX5/wEAgDeCSzf/f8fp/dMbBFQydJzeP71BQCVDx2n8u71BwDnP//83v1yzPrRRGf8f6m78b+J+AAAAuHJcc9sNP24Xr4z/j3Q3/r/08/+FVtf/r2gVmGo1MaD5/wAAAFikWs3/98xHdr6/XbnK+P94d+P/eNlFb1PuWOtro9mcdiGd0+7l0eInAwAAALA49IaJiYEu8zZNjHrr+S/zVJwKtE267NDnj53b7/9PdDf+b/pdxv2Hb3528GN3vPjaI68/vv907WvL587/AwAAAAun2+MSAAAAAAAAAAAAAADA5ffo1d+ad16AqPL7/7Cp8Xqr3//H+/413TTxTD4Z4IE4s/6XxkzzBwAAAAvroVtffTj+u+/Lf/Rf7fJWxv/j3Y3/4/0F8vvgZbfeOxHv//fZsRAat9YbzwKPxcV9fCyEtzZSU7FEdkO9D8USk1ngsThh4o2xxPRUc1VLYuB4EvjFaB44kQSeioH8KMWxeGPAPx4NYX0jtam5xM5YYjwJ3BkDK5LARAxMJoFlMbAxCfxyWR6YSgL/FAP5zQeLvvrWsryvAAAAzkU+zhpofhrScd7x/k4Zejpl6LiI4U4ZejtlqLXIEJ//dVyHgfJ8/HmG+NJAWutQUkslQ7wZ3vk3vZiu7+nmnGnByqL7YsHx5pwxw85/vukroY3K+H9Fd+P/y3j///Ru/htjYEUS2BkDG5PA9KY8cOSa5oD7/wMAAHBla3X//9G3/NWhduUq4//J7sb/8UDEm5tyx1o73/8/f37Xh7+5r7HKJ0dDeHs5sP3g9qvqiUdHQ3hXOfDE3Tc2Ru0H0xLff/G2n9cT96SBD65605l64r1JYDp20nVpIB5VObMsCcTu/UkaiP1xPA0M5oGHlmXt6En76j9Hsr7qSfvq1Eh2eUVP2lffHsmW0ZM28HASKBr4yTQQG3hHHuhN1+qbS7O1ioGRWPQvlhYXfQAAcGWKe4ED4d5tszOT6U94r+9vfoyabln+mWq1PV0u/vl4a/K7j411k+5L90VrRVUDoVZvwprK7mo5S0+jlRenlg5d9+YWTe50t/feFuVS59p1g61bNJS1aGLLjtmtAx0bvq5zlrX9HbOsqQx2yll6G13aRS1drEsXLeqyb7pY5fi8N0xM9CW5/n8MjocmnT4R3d6vr3yf/1afgnKeo5//91fb1VcZ/2/sbvwf27M0lD7On4u1/mxZCN/umTsaUQRWjWSB2NyRODxePhLCVaV+KErMDGclBpMFhyeHshHqYFrVd4eyYwzx+V3P/PCJL9YTh4dCeGfpvSqW8UItW8ZQGlg5mAWG08CO/iwQr/woAt/pzQJwwYqNQvxA5T91KYzPX67F5++Nck/QtHmVa6DmyTffNneh1NIX8muqCuf2tlWqY0FUvh4nfNsW47ct+LaVd6TyPZSzc6Fa6N06c+/mvbN74ivlPdmKBXqfy3up3aQvwufwwPmvbWe1dAUmk83H5Pzl5v8c9sTq7j9887ODH7vjxUdef3z/6drXlne9Gi3EgcKT//2mq8rdu9BqIf/MLbrtyZTtyWL8b2Dc2xZCOPTnQ59sF6+M/6e6G//3J48Nr8bO3D0WwrtLnXsydv/vjGXbwVIg20peXQ1kl9z/dLTllhMAAAAutuJwR3G8YFv+mP0gPB0nV/NPnWP+eLxi47z5u13v/U/+/mPt4pXx/3T78f+SZDWd/3f+nwXi/P+8rvRD0UvSFw5c0KHoSnUsCOf/53Wlf9uc/5+X8//O/8/H+f8OnP+f15X+tlX2knba6QohnL1+4OF28cr4f2d34//fsvn/09n8i/n/00n7i/n/p1vN/7+z1fz/B8z/DwAALKgWE82n47zK5PyVDOnk/JUMPUmGc7/FQMdp9M3/n87/f/DPbtkT2qiM/w90N/6PH4eR8tIXy/z/45talNi4qXl1i8ChGNjpjgEAAABcRvEAQbzovdsZJgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFhYd7x6ZnO7+Dt+9PWv3tT7gRd+8JuD6790z+RLIWxrvN6ThXved+a5M9d96vYN37v9G4+cHr/zoVpebiB/XN6UO9b62mgIR0qvjMTEy6P1J3OBuz78zX399cTJ0RDeXg5sP7j9qnri0dEQ3lUOPHH3jdfUEwfTEt9/8baf1xP3pIEPrnrTmXrivXmgJ13dP12WrW5PurpfXBbCWClQrO79y5qrKpbxgTzQmy7jL0eyZcTASCz68Ei2jBiYjSW2LQlhdX8IfWlV/1jLqupLq/peLauqL63qD2oh3BJC6E+r+rfBrKr+tOVPD2ZVxcC1bzv2ysp64uhgCKvLgWc/enR9PbErCRQL/8hgCDfUPzLpwr81kC18IF34nwyE8JZSoKhqeiCE+sIG06pO9GdVDaZVfaM/hKtLgaKqm/pD2Be4XOKGZGv5xd37Hty+eXZ2ZtcCJgbzZQ2Fe7fNzkxs2TG7tZasUys9pfTZz5x/259/Zf+WRuLuY2PdpIv1miyvy9NTlRfLz/vzpwONdq4daHq6brE0ebhcydybWKk/5h8MS8OSvbtndk18evOePbvWZH+7zb42+9uXR7O+WrNY+mpluZLVex7YuXr3vgdXbXtg830z9818YsPkurUbbp5c/57V9UZNZn8vRkuPXvqWXt9fquRSbDQkJCQWW6K3aes2eaVvxys7+nMrOhBqjQ10ZVhRztLTaOXFaPSt59Ha3Lk2ujIkqbRoTWXgUMmytnOWdZUxw1yWoSxLY1+wMjgs19Tb6NL4vDdMTPS16ofx5qfl7v3VBXTvqdh1XaYBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4P3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhR04FgAAAAAQ5m8dRs8GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXAoAAP//Qczu7Q==")
r0 = openat(0xffffffffffffff9c, &(0x7f00000003c0)='./file1\x00', 0x42, 0x18)
fallocate(r0, 0x0, 0x0, 0x8ffff)
r1 = openat(0xffffffffffffff9c, &(0x7f00000008c0)='.\x00', 0x40000, 0x1e4)
ioctl$BTRFS_IOC_SNAP_CREATE_V2(r1, 0x50009417, &(0x7f0000003480)={{r1}, 0x0, 0x2, @inherit={0x48, 0x0}, @subvolid=0x3})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x8000, 0x0)
ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000240)=ANY=[@ANYBLOB="66000000000000000000000000a5930200000000070000000004"])

8.171921474s ago: executing program 3 (id=431):
syz_mount_image$ocfs2(&(0x7f0000004740), &(0x7f0000004780)='./file0\x00', 0x100000a, &(0x7f00000002c0)={[{@journal_async_commit}, {@heartbeat_none}, {@usrquota}, {@barrier={'barrier', 0x3d, 0x7}}, {@heartbeat_none}, {@inode64}]}, 0x1, 0x4703, &(0x7f0000004800)="$eJzs212IXFcBB/BzJ6vZpMl2P9ImafoxSQQXLcumT9X6ENeqjabNh7bVVFlnN9vN6uzMujujBYPUIIiCoARBxQ+qQulLLYiBvtQiFPxAWoVSUbS+iBSq4INBG+jKzNybnXtntneyk7S0/f2gnb3n3nPumf3vPXfOPZNCrHZqYaW4sFIsVYrV2ftXbil+rlquL86FwqvktT4/vbkSOcn+tXPkfR/4yD23hPCHY1/70Orq6mpoGA5dHWj7+fy/T8+2vyYKmTqNdru31vLH+iMv/fwtr3REnhMhhB0d/WrYFEL42C9C2BxCGInLRuPXLSGEbSGEKITw6G/+9ePBfrrQ5uy9Lzx37MzhfWemHn/smQvzR9c9MArhu+XdN88vvrh/023Pv+MynR4AAF7RB48fufvo5IHwZBSGzg10fl7fGb8mn4/vfNun7np4YG3/Kr3Z9CqGCgAAABlr8//h6OUu63XJylqyJPjEAyfufipa229i+/p26K4jt79/8kC8/ht17L81Lvrnezc111Cz677Z9d+RTP3u679r53n4q8/+svLWjfc/6V9y3uEQFSZS24XCxEQIx6Za27uirYVydaX2zvur9crJjZ/3jSKdf3b1fm1Bv9f8RzPV89b/d3/i8z/bMtDPOxgL2b/axnax80+ZLtL5rz+W/+RLUU/5j2Xq5eV/x9Pbz/9qcz/vIHtGLkU6/9aFuK/9gGJrAGjk/82B/Px3ZNrPy//7U+cePbGB7/80xpnhqNHXwdQI8HJcvs5XmMhI598KIjV0xr/I9a7//2XyvybTfl7+d1b/8bu/9XH/X2/8H5/qp803j3T+rSCKqSPWrv+RQv71f22m/bz8f3vqz89+sq97dWf+jf6Pu//3JJ1/fCNOD57N32Sv4//OTPt5+e8au++hhQ30+8Nb4n4ORWGs7Vun5xq3sKG19ermlKaxe2kDJ3kTSOff+q2lLp2h1kvz+h/OH/93ZdrPy/+hPV9/z+m+vv/bffyfNP73JJ3/lmbZpeT/Uib/3Zn28/L/4em//+W+yzz+N7YPyr8n6fy3duxfe/5T6Gn+d12mft7zn32jTz3y1z7m/0n/kvMmz3+S5xDjUev5D92l879q3eN6vf/vydTLu/6/9Z/nn97fz/gfDXoC0Id0/ttahV0mgL3mf32m/bz8v3DPlz/+pw3M/5qf+AaT/Nvm/5tb5UeN/z1J57+9VZj6x1APNv/fvP9Hnbn/N5P/DZn28/K/cGhi4CuX+f7f6P94l0fZdErnP7TucY38f9/D/f/GTL28/L+496cv3tzX5/8QJs31Nyyd/9XrHte8/gfz878pUy8v/+9849dPPNhH/9/eR12y+bfu9anLKf5s3uv8v5hpPy//H42fP7v/Csz/bnX/70k6/9aq+aXkn53/7820n5f/9478YHngCjz/uUP+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGzIavw6HqDCR2i4UJiZCGIu3d4Wt0Uzp5PRMuTr7mZUQdsTlxTAazZerM6Xy9EKlenJuulQuV2dDuCbevyMMRivlam16sbR07cW2tkSn5krLtZm5Ui2EsDMuvz5sT9qaWagtlpaaxyZ1ropKn61Xa6WJ+srccth9sXxbUj6/XK0vXXexrasL1eWlU6XK9MmF5XdPTk5Ohj0X+zwSzT1Qm6vUWr1t7W3USeoOR21vprn7hrbzfbpaX66Uys3yG9vqlKuzpXJbnZvazldbrldmS7W56XJ1Pjlfsa1u23tr7t4b7xsPI6n3l9TNOhi/3n7o+EePHz7Qsb8YpfOu1BfnJrd3/5sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4I3rydve9e0QwkBrqxBCOJj8EMX/pZy994Xnjp05vO/M1OOPPXNh/mi3YwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4PztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYuZ+XKro4DsBnxve+FkgpbYRcBoaI6E7Cgn4RSeU1smWb1kGtEjIoCgwjWhYEQVC7qCBoFVT+BVELl62qTS1aGERQMTqTlzvCDS90zHkeGM4Mc++ZLwzcO3M+hwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB+nN2x2JW1l3ZtXtq6+0PozM/9H0IYTZb3P+/tCD0hhK9fZk6HVdpCT1P/bybnxstXTX7v7R9/eH00WXv9xXeL63aHJB1qON6ZpOnQ0Nr736juDD6bHkxCSGMXQhQLY0/O1EIIHbELIYqfH+cvZr/v/8UuhCj6P9ztyu5/LXYhRLF196e+Wv6MR/Wcr18YbPzvb/UI3sYjOuvQ25NX3qVuauW9zN//k3zzPlgNsyeOvH8euwiimZ2bOhq7BgAA4O861yL/D1uW9+9fTkJPdzn3/9aU//c29b96/r/i3vYbYzNthRDbSmOT2fHwvnb63PhODVy9/bpmvKeq5P/VJv+vNvl/tcn/q03+X23yfzKv5P+V9PjmnsUXsYsgGvk/AABUz6HjE1P14ZHs5X/Tj85yXt+Xt/U8T39wa3rgUcO4kfzw33b42MSBg8Mj+X0vDwiurP+QLp39ns/3aG4Lk03zLlqt/9D7dGH+Wmf5E/U/nL9R1Fdc1/oPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAvdueehkEwCsPod1sRtdGqaMLCT4IPNDAiACnMaEAHEwZgIAQUMJBzlnuTZ3kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA5/tXeV18f2mM9Foj0lR22bV/jqfZz9y3w/I+e9y4FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZ24EAGAAAAQJi/dR7tBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4KkAAAD//8Oayzs=")
syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x43440, 0x0, 0x1, 0x0, &(0x7f0000000040))
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143041, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', r0, &(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)

7.962394815s ago: executing program 5 (id=432):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r2=>0x0})
bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {0x0, 0x0, 0x6}}, 0x18)
setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f00000003c0)="964a6c5176e84b4d7a", 0x9}], 0x1}, 0x4048081)
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=@newtfilter={0x24, 0x11, 0x1, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x74, r2, {0xfff3, 0x10}, {0xfff1, 0xb}, {0x2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x20000050)

7.184192484s ago: executing program 1 (id=433):
socket$can_j1939(0x1d, 0x2, 0x7)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
keyctl$reject(0x13, 0x0, 0x6, 0x201, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, 0x0, 0x0)
bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000080)={0x100}, 0x8)

6.764486037s ago: executing program 5 (id=434):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a385000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
socket$inet_udplite(0x2, 0x2, 0x88)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
keyctl$chown(0x4, 0x0, 0xee01, 0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
r3 = syz_io_uring_setup(0x10d4, &(0x7f0000000000)={0x0, 0x7f36, 0x0, 0x4, 0x34f}, &(0x7f00000000c0)=<r4=>0x0, &(0x7f0000000080)=<r5=>0x0)
socket$isdn(0x22, 0x3, 0x21)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000002c0)={0x1, &(0x7f0000000200)=[{0x32, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8})
io_uring_enter(r3, 0x47bc, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x30000000)
r8 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r8)
r9 = dup(r1)
write$UHID_INPUT(r9, &(0x7f0000001040)={0xe, {"a2e3ad21ed0d52f90b9b6e0987f70e06d038e7ff7fc6e5539b3248298b089b0708346d090890e0878f0e1ac6e7049b334a959bfc9a240d2567f3988f7ef319520100ffe8d1780700523c921b1b9b31070d075d0936cd3b78130daa61f94b61404d64aec1b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb056d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498be0800000000000000f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c088215ec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6f44ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d208001349b41db6efcffac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ec126c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b8247068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2a15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee53259289d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c1980778efa5ea567b7b7430acc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a0700d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8440daaa69bf5c8f4350aeae9ca1207e76061b28f27da19acc7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211c7847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7beddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c5409711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e781171e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e24919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b906ce2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf3f2aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7ae288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f00000000000000000000b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289d8523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c78e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d53588a0f9455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d664130bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7899484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e7c7b2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df06720ba2b26bbfcc807c8aabb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db38b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ea4cd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f031755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb24ee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1040}}, 0x1006)

6.450338068s ago: executing program 3 (id=435):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)={0xa4, 0x17, 0x1, 0x0, 0x25dfdbfc, {0x1d, 0xd601, 0x9}, [@nested={0x42, 0x1011, 0x0, 0x1, [@generic="9ed61b77d9f16a96c594a102000000d63c3391c4854d66a1452ed6b21920c796c4fb58a76f94a31b8a7bda7af3bdb2558b7f52ea522deab6b4c48907876c"]}, @nested={0x49, 0x12, 0x0, 0x1, [@generic="3b6f2811032d68bea0612044f47c2842b25577eb4bc530536d524d77b3181e856a5170416c6050e46d2e0d055c97c9e7f901000000af56eba9024644942e3645a3e6db0d11"]}]}, 0xa4}}, 0x2008010)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000000300)=""/102392, 0x18ff8)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10)
setsockopt$sock_int(r4, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r5, 0x10e, 0x1, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x5c, 0x2, 0x6, 0x3, 0x0, 0x0, {0x5, 0x0, 0x9}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_MAXELEM={0x8, 0x13, 0x0}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}]}, 0x5c}}, 0x20004000)
connect$inet(r4, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg$inet(r4, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf1c)

5.876743946s ago: executing program 4 (id=436):
fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f00000001c0)='source', &(0x7f0000000100)='%\xff:2\x82|\x9a\xe0\xadA\xde\xd5\x03\x00\x00\x00\xb7\xe5\xee:\xb5\x0e\xec\xe5\xdc\xe5\x8d?\x16BE\x8b\xe8)\xa9H\x99\x10\x02q\xf7\xd3\xc5*\x15\xdf_\xb2_`\x92|\x7f\xff9\xf7o$e&1\xfd\xea\xb0\xb0', 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e2793b10d105012000060102030109021200"], 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
read$FUSE(r0, &(0x7f0000000440)={0x2020}, 0x2020)
write$cgroup_pid(r0, &(0x7f00000000c0), 0x12)
r1 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x1, 0x0)
r3 = openat$cgroup_subtree(r2, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000300)=ANY=[@ANYBLOB='-cpu'], 0x5)
read$FUSE(r0, &(0x7f0000003b80)={0x2020}, 0x2020)

4.673002238s ago: executing program 5 (id=437):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x18, 0x3e, 0x107, 0x3, 0x0, {0x4, 0x7c}, [@nested={0x4, 0x142}]}, 0x18}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)

4.486294267s ago: executing program 5 (id=438):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback, 0x23}, 0x1c)
sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f0000003640)=[{&(0x7f0000000680)="4137a2", 0x3}], 0x1}}], 0x1, 0x4000001)
r1 = syz_io_uring_setup(0x378c, &(0x7f0000000380)={0x0, 0x4093, 0x10100, 0x10000003, 0x13a}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000200)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x4126}})
io_uring_enter(r1, 0x38c5, 0x2000000, 0x0, 0x0, 0x0)

4.475587898s ago: executing program 1 (id=439):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'team0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c000000100005ff04000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r2], 0x3c}}, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x85, 0x0, 0x0)

4.176002348s ago: executing program 1 (id=440):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
setresuid(0x0, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0xffff}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x5}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELCHAIN={0x30, 0x5, 0xa, 0x2915024094f4014f, 0x0, 0x0, {0x1, 0x0, 0x2000}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x4}]}], {0x14}}, 0xb8}}, 0x0)

4.175750698s ago: executing program 5 (id=441):
openat$dir(0xffffffffffffff9c, 0x0, 0x26040, 0x101)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0xe, &(0x7f00000001c0)={[{@noblock_validity}, {@jqfmt_vfsv0}]}, 0x1, 0x445, &(0x7f0000000b00)="$eJzs28+PE1UcAPDvTLeLCLgr4g9+qKto3PhjlwVUDh7UaOIBExM96HGzuxCksIZdEyFEwRg8GWPi3Xj0X/CkF2M8mXjVuyEhhgvgqWbaGbYtbdktLUX6+SQD78282fe+nXnte/PaAEbWVPZPErE1Iv6MiIl6trnAVP2/q5fPLly7fHYhiWr13X+SWrkrl88uFEWL87bkmek0Iv0iid1t6l05feb4fKWydCrPz66e+Gh25fSZF46dmD+6dHTp5P5Dhw4emHv5pf0v9iXOrE1Xdn26vGfnWx988/bhr5rib4mjT6a6HXy6Wu1zdcO1rSGdjA2xIWxIKSKyy1Wu9f+JKMXaxZuINz8fauOAgapWq9UtnQ+fqwJ3sSSa87o8jIrigz6b/xZb6yDg1cENP4bu0mv1CVAW99V8qx8ZizQvU26Z3/bTVES8f+7f77ItBvMcAgCgyU/Z+Of5duO/NB5qKHdfvjY0GRH3R8T2iHggInZExIMRtbIPR8QjG6y/dZHkxvFPerGnwNYpG/+9kq9tNY//itFfTJby3LZa/OXkyLHK0r78NZmO8qYsP9eljp/f+OPrTscax3/ZltVfjAXzdlwc29R8zuL86vytxNzo0vmIXWPt4k+urwQkEbEzInb1WMexZ3/Y0+nYzePvog/rTNXvI56pX/9z0RJ/Iem+Pjl7T1SW9s0Wd8WNfvv9wjud6r+l+Psgu/73tr3/r8c/mTSu165svI4Lf33ZcU7T6/0/nrxXS4/n+z6ZX109NRcxnhyuN7px//61c4t8UT6Lf3pv+/6/PdZeid0Rkd3Ej0bEYxHxeN72JyLiyYjY2yX+X19/6sPe4x+sLP7FDV3/tcR4tO5pnygd/+XHpkonb4j/Wvfrf7CWms73rOf9bz3t6u1uBgAAgP+fNCK2RpLOXE+n6cxM/fvyOyLSyvLK6nNHlj8+uVj/jcBklNPiSddEw/PQuXxaX8+fj4j6VwuK4wfy58bfljbX8jMLy5XFYQcPI25Lh/6f+bs07NYBA+f3WjC69H8YXfo/jC79H0ZXm/6/eRjtAG6/dp//nw2hHcDt19L/LfvBCDH/h9Gl/8Po0v9hJK1sjpv/SL5rovhLPZ5+1yaifEc0Y2CJSO+IZkgMKDHc9yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB++S8AAP///fHg0g==")
r3 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x143142, 0x40)
fcntl$setownex(r1, 0xf, 0x0)
pwritev2(r3, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)

1.212553008s ago: executing program 1 (id=442):
syz_mount_image$ocfs2(&(0x7f0000004740), &(0x7f0000004780)='./file0\x00', 0x100000a, &(0x7f0000000700)=ANY=[@ANYBLOB='journal_async_commit,heartbeat=none,usrquota,barrier=000000000\x000000000007,heartbeat=none,nointr,\x00'], 0x1, 0x4703, &(0x7f0000004800)="$eJzs212IXFcBB/BzJ6vZpMl2P9ImafoxSQQXLcumT9X6ENeqjabNh7bVVFlnN9vN6uzMujujBYPUIIiCoARBxQ+qQulLLYiBvtQiFPxAWoVSUbS+iBSq4INBG+jKzNybnXtntneyk7S0/f2gnb3n3nPumf3vPXfOPZNCrHZqYaW4sFIsVYrV2ftXbil+rlquL86FwqvktT4/vbkSOcn+tXPkfR/4yD23hPCHY1/70Orq6mpoGA5dHWj7+fy/T8+2vyYKmTqNdru31vLH+iMv/fwtr3REnhMhhB0d/WrYFEL42C9C2BxCGInLRuPXLSGEbSGEKITw6G/+9ePBfrrQ5uy9Lzx37MzhfWemHn/smQvzR9c9MArhu+XdN88vvrh/023Pv+MynR4AAF7RB48fufvo5IHwZBSGzg10fl7fGb8mn4/vfNun7np4YG3/Kr3Z9CqGCgAAABlr8//h6OUu63XJylqyJPjEAyfufipa229i+/p26K4jt79/8kC8/ht17L81Lvrnezc111Cz677Z9d+RTP3u679r53n4q8/+svLWjfc/6V9y3uEQFSZS24XCxEQIx6Za27uirYVydaX2zvur9crJjZ/3jSKdf3b1fm1Bv9f8RzPV89b/d3/i8z/bMtDPOxgL2b/axnax80+ZLtL5rz+W/+RLUU/5j2Xq5eV/x9Pbz/9qcz/vIHtGLkU6/9aFuK/9gGJrAGjk/82B/Px3ZNrPy//7U+cePbGB7/80xpnhqNHXwdQI8HJcvs5XmMhI598KIjV0xr/I9a7//2XyvybTfl7+d1b/8bu/9XH/X2/8H5/qp803j3T+rSCKqSPWrv+RQv71f22m/bz8f3vqz89+sq97dWf+jf6Pu//3JJ1/fCNOD57N32Sv4//OTPt5+e8au++hhQ30+8Nb4n4ORWGs7Vun5xq3sKG19ermlKaxe2kDJ3kTSOff+q2lLp2h1kvz+h/OH/93ZdrPy/+hPV9/z+m+vv/bffyfNP73JJ3/lmbZpeT/Uib/3Zn28/L/4em//+W+yzz+N7YPyr8n6fy3duxfe/5T6Gn+d12mft7zn32jTz3y1z7m/0n/kvMmz3+S5xDjUev5D92l879q3eN6vf/vydTLu/6/9Z/nn97fz/gfDXoC0Id0/ttahV0mgL3mf32m/bz8v3DPlz/+pw3M/5qf+AaT/Nvm/5tb5UeN/z1J57+9VZj6x1APNv/fvP9Hnbn/N5P/DZn28/K/cGhi4CuX+f7f6P94l0fZdErnP7TucY38f9/D/f/GTL28/L+496cv3tzX5/8QJs31Nyyd/9XrHte8/gfz878pUy8v/+9849dPPNhH/9/eR12y+bfu9anLKf5s3uv8v5hpPy//H42fP7v/Csz/bnX/70k6/9aq+aXkn53/7820n5f/9478YHngCjz/uUP+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGzIavw6HqDCR2i4UJiZCGIu3d4Wt0Uzp5PRMuTr7mZUQdsTlxTAazZerM6Xy9EKlenJuulQuV2dDuCbevyMMRivlam16sbR07cW2tkSn5krLtZm5Ui2EsDMuvz5sT9qaWagtlpaaxyZ1ropKn61Xa6WJ+srccth9sXxbUj6/XK0vXXexrasL1eWlU6XK9MmF5XdPTk5Ohj0X+zwSzT1Qm6vUWr1t7W3USeoOR21vprn7hrbzfbpaX66Uys3yG9vqlKuzpXJbnZvazldbrldmS7W56XJ1Pjlfsa1u23tr7t4b7xsPI6n3l9TNOhi/3n7o+EePHz7Qsb8YpfOu1BfnJrd3/5sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4I3rydve9e0QwkBrqxBCOJj8EMX/pZy994Xnjp05vO/M1OOPPXNh/mi3YwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4PztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYuZ+XKro4DsBnxve+FkgpbYRcBoaI6E7Cgn4RSeU1smWb1kGtEjIoCgwjWhYEQVC7qCBoFVT+BVELl62qTS1aGERQMTqTlzvCDS90zHkeGM4Mc++ZLwzcO3M+hwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB+nN2x2JW1l3ZtXtq6+0PozM/9H0IYTZb3P+/tCD0hhK9fZk6HVdpCT1P/bybnxstXTX7v7R9/eH00WXv9xXeL63aHJB1qON6ZpOnQ0Nr736juDD6bHkxCSGMXQhQLY0/O1EIIHbELIYqfH+cvZr/v/8UuhCj6P9ztyu5/LXYhRLF196e+Wv6MR/Wcr18YbPzvb/UI3sYjOuvQ25NX3qVuauW9zN//k3zzPlgNsyeOvH8euwiimZ2bOhq7BgAA4O861yL/D1uW9+9fTkJPdzn3/9aU//c29b96/r/i3vYbYzNthRDbSmOT2fHwvnb63PhODVy9/bpmvKeq5P/VJv+vNvl/tcn/q03+X23yfzKv5P+V9PjmnsUXsYsgGvk/AABUz6HjE1P14ZHs5X/Tj85yXt+Xt/U8T39wa3rgUcO4kfzw33b42MSBg8Mj+X0vDwiurP+QLp39ns/3aG4Lk03zLlqt/9D7dGH+Wmf5E/U/nL9R1Fdc1/oPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAvdueehkEwCsPod1sRtdGqaMLCT4IPNDAiACnMaEAHEwZgIAQUMJBzlnuTZ3kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA5/tXeV18f2mM9Foj0lR22bV/jqfZz9y3w/I+e9y4FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZ24EAGAAAAQJi/dR7tBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4KkAAAD//8Oayzs=")
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000140), 0x24, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)

978.363321ms ago: executing program 4 (id=443):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_DEL_PMKSA(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000580)={0x30, r1, 0x1, 0x70bd2d, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x9}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000004}, 0x10)

752.164794ms ago: executing program 4 (id=444):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f0000000a80)=ANY=[@ANYBLOB="020300020c000000fdffffffffdbdf2503000600002000000200000064010100000000000000000002000100000000000700fb0300000000030005000000000002000000ac1414aa00000000000000000100080000000000010014"], 0x60}, 0x1, 0x7}, 0x0)

121.947208ms ago: executing program 3 (id=445):
syz_usb_connect(0x5, 0x2f, &(0x7f0000000640)={{0x12, 0x1, 0x300, 0x25, 0x22, 0xa2, 0x20, 0x471, 0x304, 0x915e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1d, 0x1, 0x3, 0x4, 0xa0, 0xa, [{{0x9, 0x4, 0xa7, 0x0, 0x1, 0x81, 0x9b, 0x5b, 0x5, [], [{{0x9, 0x5, 0xd, 0x8, 0x0, 0x9, 0xb0, 0x5, [@generic={0x2, 0x9}]}}]}}]}}]}}, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0})

46.449585ms ago: executing program 5 (id=446):
socket$tipc(0x1e, 0x2, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0xc831, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x0, 0x0)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r4 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r5 = openat$binfmt(0xffffffffffffff9c, r4, 0x42, 0x1ff)
close(r5)
execveat$binfmt(0xffffffffffffff9c, r4, 0x0, 0x0, 0x0)
r6 = openat$binfmt(0xffffffffffffff9c, r4, 0x2, 0x0)
close(r6)
execveat$binfmt(0xffffffffffffff9c, r4, 0x0, 0x0, 0x0)

0s ago: executing program 4 (id=447):
socket(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x11, 0x3, 0x80000000)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
syz_usbip_server_init(0x4)
syz_usbip_server_init(0x1)
syz_usbip_server_init(0x2)
syz_usbip_server_init(0x1)
syz_usbip_server_init(0x1)
syz_usbip_server_init(0x5)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x1)
syz_usbip_server_init(0x0)
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff})
syz_usbip_server_init(0x5)
r1 = syz_io_uring_setup(0x42e6, &(0x7f0000000340)={0x0, 0x2b13, 0x10100, 0x0, 0x25c, 0x0, r0}, &(0x7f0000000180)=<r2=>0x0, &(0x7f0000000300)=<r3=>0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpu.stat\x00', 0x275a, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x18, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, {0x3}})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0))
write$UHID_CREATE2(r4, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_POLL_REMOVE={0x7, 0x49, 0x0, 0x0, 0x0, 0x12345})
io_uring_enter(r1, 0x7330, 0x0, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

mm syz-executor: Invalid inode table block 1 in block_group 0
[   97.101852][ T5894] IPVS: using max 17 ests per chain, 40800 per kthread
[   97.149872][ T5770] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5916: Corrupt filesystem
[   97.205319][  T786] usb 2-1: USB disconnect, device number 2
[   97.247807][ T5770] EXT4-fs error (device loop2): ext4_quota_off:7217: inode #3: comm syz-executor: mark_inode_dirty error
[   97.333481][ T5900] loop1: detected capacity change from 0 to 512
[   97.345442][ T5900] EXT4-fs: Ignoring removed nobh option
[   97.396341][ T5900] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   97.518225][ T5900] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #3: comm syz.1.10: corrupted inode contents
[   97.602606][ T5900] EXT4-fs error (device loop1): ext4_dirty_inode:6120: inode #3: comm syz.1.10: mark_inode_dirty error
[   97.637659][ T5900] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #3: comm syz.1.10: corrupted inode contents
[   97.720636][ T5900] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #3: comm syz.1.10: mark_inode_dirty error
[   97.741091][   T28] audit: type=1326 audit(1768141585.552:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5907 comm="syz.3.11" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6b98f8f749 code=0x0
[   97.763286][ T5900] Quota error (device loop1): write_blk: dquota write failed
[   97.770958][ T5900] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[   97.787928][ T5900] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.10: Failed to acquire dquot type 0
[   97.818210][ T5900] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #16: comm syz.1.10: corrupted inode contents
[   97.853572][ T5900] EXT4-fs error (device loop1): ext4_dirty_inode:6120: inode #16: comm syz.1.10: mark_inode_dirty error
[   97.880250][ T5909] netlink: 'syz.3.11': attribute type 6 has an invalid length.
[   97.890695][ T5900] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #16: comm syz.1.10: corrupted inode contents
[   97.931881][ T5900] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #16: comm syz.1.10: mark_inode_dirty error
[   97.962049][ T5900] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #16: comm syz.1.10: corrupted inode contents
[   97.994984][ T5900] EXT4-fs error (device loop1) in ext4_orphan_del:301: Corrupt filesystem
[   98.012420][ T5900] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #16: comm syz.1.10: corrupted inode contents
[   98.037159][ T5900] EXT4-fs error (device loop1): ext4_truncate:4294: inode #16: comm syz.1.10: mark_inode_dirty error
[   98.069153][ T5900] EXT4-fs error (device loop1) in ext4_process_orphan:343: Corrupt filesystem
[   98.100710][ T5900] EXT4-fs (loop1): 1 truncate cleaned up
[   98.113258][ T5900] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   98.128151][ T5900] ext4 filesystem being mounted at /2/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   98.249440][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   98.832915][ T5926] netlink: 8 bytes leftover after parsing attributes in process `syz.2.14'.
[   98.842169][ T5926] netlink: 8 bytes leftover after parsing attributes in process `syz.2.14'.
[   99.899758][ T5934] syzkaller0: entered promiscuous mode
[   99.938884][ T5934] syzkaller0: entered allmulticast mode
[   99.998765][ T5938] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore
[  100.008323][ T5938] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it.
[  100.027280][ T5938] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  100.172756][ T5942] loop2: detected capacity change from 0 to 4096
[  100.229107][ T5938] netlink: 8 bytes leftover after parsing attributes in process `syz.1.18'.
[  100.708204][ T5947] loop3: detected capacity change from 0 to 32768
[  100.715809][ T5947] xfs: Unknown parameter 'fowner'
[  100.729073][ T5785] I/O error, dev loop2, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  100.794118][ T5771] I/O error, dev loop3, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  100.937925][ T5940] loop2: detected capacity change from 0 to 512
[  100.987164][ T5940] EXT4-fs error (device loop2): __ext4_iget:5067: inode #2: block 600832: comm syz.2.16: invalid block
[  101.099265][ T5940] EXT4-fs (loop2): get root inode failed
[  101.159221][ T5940] EXT4-fs (loop2): mount failed
[  101.487976][ T5956] loop3: detected capacity change from 0 to 512
[  101.516603][ T5956] EXT4-fs: Ignoring removed nobh option
[  101.584948][ T5956] EXT4-fs error (device loop3): ext4_do_update_inode:5244: inode #3: comm syz.3.23: corrupted inode contents
[  101.640735][ T5963] loop0: detected capacity change from 0 to 512
[  101.665914][ T5956] EXT4-fs error (device loop3): ext4_dirty_inode:6120: inode #3: comm syz.3.23: mark_inode_dirty error
[  101.718359][ T5963] ext4: Unknown parameter 'noacl'
[  101.773021][ T5956] EXT4-fs error (device loop3): ext4_do_update_inode:5244: inode #3: comm syz.3.23: corrupted inode contents
[  101.837030][ T5956] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #3: comm syz.3.23: mark_inode_dirty error
[  101.864500][ T5956] Quota error (device loop3): write_blk: dquota write failed
[  101.882164][ T5956] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  101.907632][ T5956] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.23: Failed to acquire dquot type 0
[  101.968399][ T5956] EXT4-fs error (device loop3): ext4_do_update_inode:5244: inode #16: comm syz.3.23: corrupted inode contents
[  102.114375][ T5956] EXT4-fs error (device loop3): ext4_dirty_inode:6120: inode #16: comm syz.3.23: mark_inode_dirty error
[  102.404135][ T5956] EXT4-fs error (device loop3): ext4_do_update_inode:5244: inode #16: comm syz.3.23: corrupted inode contents
[  102.726058][ T5956] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #16: comm syz.3.23: mark_inode_dirty error
[  103.084087][ T5956] EXT4-fs error (device loop3): ext4_do_update_inode:5244: inode #16: comm syz.3.23: corrupted inode contents
[  103.101773][ T5956] EXT4-fs error (device loop3) in ext4_orphan_del:301: Corrupt filesystem
[  103.120877][ T5956] EXT4-fs error (device loop3): ext4_do_update_inode:5244: inode #16: comm syz.3.23: corrupted inode contents
[  103.150057][ T5956] EXT4-fs error (device loop3): ext4_truncate:4294: inode #16: comm syz.3.23: mark_inode_dirty error
[  103.231353][ T5956] EXT4-fs error (device loop3) in ext4_process_orphan:343: Corrupt filesystem
[  103.242792][ T5973] syzkaller0: entered promiscuous mode
[  103.248412][ T5973] syzkaller0: entered allmulticast mode
[  103.256640][ T5956] EXT4-fs (loop3): 1 truncate cleaned up
[  103.265020][ T5956] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  103.291908][ T5956] ext4 filesystem being mounted at /6/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  103.403062][ T5767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  103.842823][ T5983] netlink: 8 bytes leftover after parsing attributes in process `syz.0.26'.
[  103.852115][ T5983] netlink: 8 bytes leftover after parsing attributes in process `syz.0.26'.
[  105.130627][ T5992] loop3: detected capacity change from 0 to 32768
[  105.139007][ T5992] xfs: Unknown parameter 'fowner'
[  105.219105][ T5996] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  105.249577][ T5974] loop1: detected capacity change from 0 to 40427
[  105.261789][ T5785] I/O error, dev loop3, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  105.350473][ T5974] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x7ffff
[  105.403796][ T5974] F2FS-fs (loop1): Image doesn't support compression
[  105.422843][ T5974] F2FS-fs (loop1): Image doesn't support compression
[  105.445141][ T5996] netlink: 8 bytes leftover after parsing attributes in process `syz.0.31'.
[  105.588977][ T5974] F2FS-fs (loop1): invalid crc value
[  105.629893][ T5996] loop0: detected capacity change from 0 to 512
[  105.644324][ T6002] loop2: detected capacity change from 0 to 764
[  105.665810][ T5974] F2FS-fs (loop1): Found nat_bits in checkpoint
[  105.688665][ T6002] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  105.789516][ T5996] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  105.821716][ T5996] ext4 filesystem being mounted at /8/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  105.917348][ T5996] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[  105.980013][ T5996] netdevsim netdevsim0 netdevsim0: left promiscuous mode
[  106.047064][ T5974] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  106.107278][   T28] audit: type=1800 audit(1768141593.922:3): pid=5974 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.27" name="file1" dev="loop1" ino=10 res=0 errno=0
[  106.170368][ T5974] syz.1.27: attempt to access beyond end of device
[  106.170368][ T5974] loop1: rw=34817, sector=77824, nr_sectors = 128 limit=40427
[  106.259405][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.284954][ T5769] syz-executor: attempt to access beyond end of device
[  106.284954][ T5769] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  106.320896][ T5769] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  106.426263][ T6014] loop3: detected capacity change from 0 to 2048
[  106.471468][ T6014] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  106.815512][ T6021] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.37' sets config #0
[  106.860884][ T6018] loop0: detected capacity change from 0 to 4096
[  106.933507][ T6022] loop3: detected capacity change from 0 to 512
[  106.940875][ T6022] EXT4-fs: Ignoring removed nobh option
[  107.117339][ T6022] EXT4-fs error (device loop3): ext4_do_update_inode:5244: inode #3: comm syz.3.38: corrupted inode contents
[  107.163386][ T6022] EXT4-fs error (device loop3): ext4_dirty_inode:6120: inode #3: comm syz.3.38: mark_inode_dirty error
[  107.206195][ T6022] EXT4-fs error (device loop3): ext4_do_update_inode:5244: inode #3: comm syz.3.38: corrupted inode contents
[  107.262076][ T6022] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #3: comm syz.3.38: mark_inode_dirty error
[  107.316392][ T6022] Quota error (device loop3): write_blk: dquota write failed
[  107.327246][ T6022] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  107.338009][ T6022] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.38: Failed to acquire dquot type 0
[  107.354977][ T6022] EXT4-fs error (device loop3): ext4_do_update_inode:5244: inode #16: comm syz.3.38: corrupted inode contents
[  107.392022][ T6022] EXT4-fs error (device loop3): ext4_dirty_inode:6120: inode #16: comm syz.3.38: mark_inode_dirty error
[  107.428983][ T6022] EXT4-fs error (device loop3): ext4_do_update_inode:5244: inode #16: comm syz.3.38: corrupted inode contents
[  107.491574][ T6022] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #16: comm syz.3.38: mark_inode_dirty error
[  107.516360][ T6022] EXT4-fs error (device loop3): ext4_do_update_inode:5244: inode #16: comm syz.3.38: corrupted inode contents
[  107.578425][ T6022] EXT4-fs error (device loop3) in ext4_orphan_del:301: Corrupt filesystem
[  107.593230][ T6022] EXT4-fs error (device loop3): ext4_do_update_inode:5244: inode #16: comm syz.3.38: corrupted inode contents
[  107.613949][ T6032] process 'syz.1.36' launched './file2' with NULL argv: empty string added
[  107.624143][ T6022] EXT4-fs error (device loop3): ext4_truncate:4294: inode #16: comm syz.3.38: mark_inode_dirty error
[  107.646967][ T6022] EXT4-fs error (device loop3) in ext4_process_orphan:343: Corrupt filesystem
[  107.678743][ T6022] EXT4-fs (loop3): 1 truncate cleaned up
[  107.686165][ T6022] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  107.709231][ T6022] ext4 filesystem being mounted at /9/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  107.868457][ T5767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  108.035150][ T6041] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.043813][ T6041] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.057793][ T6041] bridge0: entered allmulticast mode
[  108.126822][ T6041] bridge_slave_1: left allmulticast mode
[  108.148112][ T6041] bridge_slave_1: left promiscuous mode
[  108.166685][ T6041] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.210539][ T6041] bridge_slave_0: left allmulticast mode
[  108.227014][ T6041] bridge_slave_0: left promiscuous mode
[  108.252940][ T6041] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.296839][ T6046] loop3: detected capacity change from 0 to 1024
[  108.409645][ T6043] netlink: 552 bytes leftover after parsing attributes in process `syz.3.40'.
[  108.490203][ T6043] bridge0: the hash_elasticity option has been deprecated and is always 16
[  108.593291][ T6043] Zero length message leads to an empty skb
[  108.843871][ T6056] syz.0.44 uses obsolete (PF_INET,SOCK_PACKET)
[  109.048557][ T6057] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  110.086033][ T6060] loop1: detected capacity change from 0 to 32768
[  110.093613][ T6060] xfs: Unknown parameter 'fowner'
[  112.270786][ T6073] loop1: detected capacity change from 0 to 512
[  112.279743][ T6073] EXT4-fs: Ignoring removed nobh option
[  112.311528][ T5152] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  112.352289][ T6073] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #3: comm syz.1.49: corrupted inode contents
[  112.404700][ T6073] EXT4-fs error (device loop1): ext4_dirty_inode:6120: inode #3: comm syz.1.49: mark_inode_dirty error
[  112.462847][ T6073] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #3: comm syz.1.49: corrupted inode contents
[  112.514747][ T6073] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #3: comm syz.1.49: mark_inode_dirty error
[  112.536569][ T5152] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  112.551681][ T5152] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  112.567780][ T6073] Quota error (device loop1): write_blk: dquota write failed
[  112.585648][ T5152] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  112.598241][ T6073] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  112.610314][ T6073] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.49: Failed to acquire dquot type 0
[  112.623580][ T5152] usb 4-1: config 0 descriptor??
[  112.633435][ T5152] pwc: Askey VC010 type 2 USB webcam detected.
[  112.670997][ T6073] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #16: comm syz.1.49: corrupted inode contents
[  112.711071][ T6073] EXT4-fs error (device loop1): ext4_dirty_inode:6120: inode #16: comm syz.1.49: mark_inode_dirty error
[  112.728194][ T6073] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #16: comm syz.1.49: corrupted inode contents
[  112.748860][ T6073] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #16: comm syz.1.49: mark_inode_dirty error
[  112.766795][ T6073] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #16: comm syz.1.49: corrupted inode contents
[  112.779511][ T6073] EXT4-fs error (device loop1) in ext4_orphan_del:301: Corrupt filesystem
[  112.795616][ T6073] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #16: comm syz.1.49: corrupted inode contents
[  112.810399][ T6073] EXT4-fs error (device loop1): ext4_truncate:4294: inode #16: comm syz.1.49: mark_inode_dirty error
[  112.812412][ T6065] loop0: detected capacity change from 0 to 32768
[  112.832499][ T6073] EXT4-fs error (device loop1) in ext4_process_orphan:343: Corrupt filesystem
[  112.846143][ T6073] EXT4-fs (loop1): 1 truncate cleaned up
[  112.860074][ T6073] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  112.884091][ T6065] (syz.0.46,6065,1):ocfs2_parse_options:1460 ERROR: Invalid heartbeat mount options
[  112.916578][ T6073] ext4 filesystem being mounted at /8/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  112.923340][ T6065] (syz.0.46,6065,1):ocfs2_fill_super:1178 ERROR: status = -22
[  113.056646][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.067203][ T5152] pwc: recv_control_msg error -32 req 02 val 2b00
[  113.098320][ T5152] pwc: recv_control_msg error -32 req 02 val 2700
[  113.126301][ T5152] pwc: recv_control_msg error -32 req 02 val 2c00
[  114.062160][ T6085] 9pnet: p9_errstr2errno: server reported unknown error _vlan
[  115.741388][    C0] sched: RT throttling activated
[  115.909567][ T6089] loop1: detected capacity change from 0 to 1024
[  115.920363][ T6089] EXT4-fs: Ignoring removed orlov option
[  115.957088][ T6089] EXT4-fs (loop1): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  116.110934][ T6089] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  116.128093][ T5152] pwc: recv_control_msg error -71 req 04 val 1300
[  116.172485][ T5152] pwc: recv_control_msg error -71 req 04 val 1400
[  116.228755][ T5152] pwc: recv_control_msg error -71 req 02 val 2000
[  116.251590][ T5152] pwc: recv_control_msg error -71 req 02 val 2100
[  116.281575][ T5152] pwc: recv_control_msg error -71 req 04 val 1500
[  116.308647][ T5152] pwc: recv_control_msg error -71 req 02 val 2500
[  116.322094][ T5152] pwc: recv_control_msg error -71 req 02 val 2400
[  116.337617][ T5152] pwc: recv_control_msg error -71 req 02 val 2600
[  116.367561][ T5152] pwc: recv_control_msg error -71 req 02 val 2900
[  116.403720][ T5152] pwc: recv_control_msg error -71 req 02 val 2800
[  116.432719][ T5152] pwc: recv_control_msg error -71 req 04 val 1100
[  116.461745][ T5152] pwc: recv_control_msg error -71 req 04 val 1200
[  116.512920][ T5152] pwc: Registered as video103.
[  116.559701][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  116.574245][ T5152] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input5
[  116.682990][ T5152] usb 4-1: USB disconnect, device number 2
[  117.421548][ T5152] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  118.042661][ T6118] syzkaller0: entered promiscuous mode
[  118.095199][ T6118] syzkaller0: entered allmulticast mode
[  118.132961][ T6122] loop0: detected capacity change from 0 to 512
[  118.159088][ T6122] EXT4-fs: Ignoring removed nobh option
[  118.171497][ T5152] usb 4-1: Using ep0 maxpacket: 32
[  118.182374][ T5152] usb 4-1: config 0 has an invalid interface number: 184 but max is 0
[  118.195429][ T5152] usb 4-1: config 0 has no interface number 0
[  118.211942][ T5152] usb 4-1: config 0 interface 184 has no altsetting 0
[  118.232318][ T5152] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  118.249362][ T5152] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  118.269747][ T5152] usb 4-1: Product: syz
[  118.284385][ T5152] usb 4-1: Manufacturer: syz
[  118.289062][ T5152] usb 4-1: SerialNumber: syz
[  118.317267][ T6122] EXT4-fs error (device loop0): ext4_do_update_inode:5244: inode #3: comm syz.0.60: corrupted inode contents
[  118.336808][ T5152] usb 4-1: config 0 descriptor??
[  118.343123][ T6122] EXT4-fs error (device loop0): ext4_dirty_inode:6120: inode #3: comm syz.0.60: mark_inode_dirty error
[  118.348229][ T6122] EXT4-fs error (device loop0): ext4_do_update_inode:5244: inode #3: comm syz.0.60: corrupted inode contents
[  118.377919][ T6122] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #3: comm syz.0.60: mark_inode_dirty error
[  118.404808][ T6122] Quota error (device loop0): write_blk: dquota write failed
[  118.439045][ T6122] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  118.450977][ T6122] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.60: Failed to acquire dquot type 0
[  118.464642][ T6122] EXT4-fs error (device loop0): ext4_do_update_inode:5244: inode #16: comm syz.0.60: corrupted inode contents
[  118.479410][ T6122] EXT4-fs error (device loop0): ext4_dirty_inode:6120: inode #16: comm syz.0.60: mark_inode_dirty error
[  118.498564][ T6122] EXT4-fs error (device loop0): ext4_do_update_inode:5244: inode #16: comm syz.0.60: corrupted inode contents
[  118.529976][ T6122] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #16: comm syz.0.60: mark_inode_dirty error
[  118.557048][ T6122] EXT4-fs error (device loop0): ext4_do_update_inode:5244: inode #16: comm syz.0.60: corrupted inode contents
[  118.579368][ T6122] EXT4-fs error (device loop0) in ext4_orphan_del:301: Corrupt filesystem
[  118.595759][ T6122] EXT4-fs error (device loop0): ext4_do_update_inode:5244: inode #16: comm syz.0.60: corrupted inode contents
[  118.629896][ T6099] Driver unsupported XDP return value 0 on prog  (id 11) dev N/A, expect packet loss!
[  118.651142][ T6134] loop2: detected capacity change from 0 to 2048
[  118.661571][ T6122] EXT4-fs error (device loop0): ext4_truncate:4294: inode #16: comm syz.0.60: mark_inode_dirty error
[  118.685264][ T6122] EXT4-fs error (device loop0) in ext4_process_orphan:343: Corrupt filesystem
[  118.733201][ T6122] EXT4-fs (loop0): 1 truncate cleaned up
[  118.751300][ T6134] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  118.795071][ T6122] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  118.813723][ T5152] smsc75xx v1.0.0
[  118.819061][ T5152] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71
[  118.841543][ T6122] ext4 filesystem being mounted at /17/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  118.884154][ T5152] smsc75xx: probe of 4-1:0.184 failed with error -71
[  118.931832][ T5152] usb 4-1: USB disconnect, device number 3
[  119.056223][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  119.193280][ T6149] loop0: detected capacity change from 0 to 1024
[  119.221593][ T6149] EXT4-fs: Ignoring removed oldalloc option
[  119.227625][ T6149] EXT4-fs: Ignoring removed bh option
[  119.251622][ T6149] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  119.286673][ T6151] netlink: 209844 bytes leftover after parsing attributes in process `syz.1.68'.
[  119.323533][ T6149] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  119.351613][ T5152] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[  119.749431][ T6159] Bluetooth: MGMT ver 1.22
[  120.543857][ T5152] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  120.564590][ T5152] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 255, setting to 64
[  120.575866][ T5152] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  120.590426][ T5152] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  120.601280][ T5152] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  120.838583][ T5152] usb 4-1: usb_control_msg returned -32
[  120.855616][ T5152] usbtmc 4-1:16.0: can't read capabilities
[  121.588458][   T28] audit: type=1800 audit(1768141609.402:4): pid=6166 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.63" name="bus" dev="loop2" ino=1436 res=0 errno=0
[  122.835431][ T6169] usbtmc 4-1:16.0: send_request_dev_dep_msg_in returned -90
[  122.846725][ T6169] usbtmc 4-1:16.0: usb_control_msg returned -32
[  122.937182][ T1196] usb 4-1: USB disconnect, device number 4
[  123.400424][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  123.590405][ T6173] syzkaller0: entered promiscuous mode
[  123.597418][ T6173] syzkaller0: entered allmulticast mode
[  123.645479][ T6171] loop2: detected capacity change from 0 to 32768
[  123.682358][ T6171] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.70 (6171)
[  123.746727][ T6171] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  123.789495][ T6171] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  123.811674][ T6171] BTRFS info (device loop2): force clearing of disk cache
[  123.841687][ T6171] BTRFS info (device loop2): enabling auto defrag
[  123.875085][ T6171] BTRFS info (device loop2): enabling ssd optimizations
[  123.904164][ T6171] BTRFS info (device loop2): max_inline at 0
[  123.910283][ T6171] BTRFS info (device loop2): enabling disk space caching
[  123.949253][ T6171] BTRFS info (device loop2): disk space caching is enabled
[  124.112465][ T6179] Cannot find add_set index 0 as target
[  124.206399][ T6194] syzkaller0: entered promiscuous mode
[  124.235832][ T6171] BTRFS info (device loop2): rebuilding free space tree
[  124.251691][ T6194] syzkaller0: entered allmulticast mode
[  124.257566][ T6200] loop3: detected capacity change from 0 to 2048
[  124.323091][ T6200]  loop3: p1 < > p3 p4 < >
[  124.330475][ T6194] tipc: Started in network mode
[  124.344135][ T6194] tipc: Node identity 42c23cee55fd, cluster identity 4711
[  124.352531][ T6200] loop3: p3 start 4284289 is beyond EOD, truncated
[  124.364190][ T6194] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  124.373875][ T6171] BTRFS info (device loop2): disabling free space tree
[  124.395947][ T6171] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  124.407955][ T6171] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  124.428182][ T5137]  loop3: p1 < > p3 p4 < >
[  124.446112][ T5137] loop3: p3 start 4284289 is beyond EOD, truncated
[  124.541778][ T6191] tipc: Resetting bearer <eth:syzkaller0>
[  124.556990][   T28] audit: type=1800 audit(1768141612.372:5): pid=6171 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.70" name="file1" dev="loop2" ino=260 res=0 errno=0
[  124.727496][ T6191] tipc: Disabling bearer <eth:syzkaller0>
[  124.803978][ T6208] loop0: detected capacity change from 0 to 2048
[  124.880177][ T6208] EXT4-fs (loop0): unsupported descriptor size 9
[  125.057649][ T6209] loop0: detected capacity change from 0 to 2048
[  125.100628][ T6209] EXT4-fs (loop0): unsupported descriptor size 9
[  125.140052][ T6208] netlink: 'syz.0.77': attribute type 10 has an invalid length.
[  125.202852][ T5770] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  125.214756][ T6212] loop1: detected capacity change from 0 to 512
[  125.294013][ T6212] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  125.322698][ T6208] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  125.335509][ T6212] ext4 filesystem being mounted at /18/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  125.355892][ T6209] netlink: 'syz.0.77': attribute type 10 has an invalid length.
[  125.474012][ T6218] netlink: 4 bytes leftover after parsing attributes in process `syz.0.80'.
[  125.839828][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  126.198683][ T6229] loop2: detected capacity change from 0 to 4096
[  126.228484][ T6229] ntfs3: loop2: Different NTFS sector size (2048) and media sector size (512).
[  126.291619][ T1196] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  126.304583][ T6229] ntfs3: loop2: failed to replay log file. Can't mount rw!
[  126.321598][    T9] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  126.491656][ T1196] usb 2-1: Using ep0 maxpacket: 8
[  126.506840][ T1196] usb 2-1: unable to get BOS descriptor or descriptor too short
[  126.525202][    T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  126.527251][ T1196] usb 2-1: config 4 interface 0 has no altsetting 0
[  126.550538][    T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[  126.555050][ T1196] usb 2-1: string descriptor 0 read error: -22
[  126.560010][    T9] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  126.575537][ T1196] usb 2-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  126.593993][    T9] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  126.600439][ T1196] usb 2-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3
[  126.608125][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  126.619747][    T9] usb 4-1: Product: syz
[  126.624342][    T9] usb 4-1: Manufacturer: syz
[  126.629060][    T9] usb 4-1: SerialNumber: syz
[  126.669800][ T1196] usb 2-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  126.706235][ T1196] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  126.733112][ T1196] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  126.747506][ T1196] usb 2-1: media controller created
[  126.789552][ T1196] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  126.874392][    T9] cdc_ncm 4-1:1.0: CDC Union missing and no IAD found
[  126.893069][ T1196] zl10353_read_register: readreg error (reg=127, ret==0)
[  126.909003][    T9] cdc_ncm 4-1:1.0: bind() failure
[  126.921215][ T6235] syzkaller0: entered promiscuous mode
[  126.947152][ T6235] syzkaller0: entered allmulticast mode
[  127.059618][ T1196] usb 2-1: USB disconnect, device number 3
[  127.069158][ T6237] loop2: detected capacity change from 0 to 512
[  127.082602][ T5152] usb 4-1: USB disconnect, device number 5
[  127.088378][ T6237] EXT4-fs: Ignoring removed nobh option
[  127.148308][ T6237] EXT4-fs error (device loop2): ext4_do_update_inode:5244: inode #3: comm syz.2.85: corrupted inode contents
[  127.163581][ T6237] EXT4-fs error (device loop2): ext4_dirty_inode:6120: inode #3: comm syz.2.85: mark_inode_dirty error
[  127.176131][ T6237] EXT4-fs error (device loop2): ext4_do_update_inode:5244: inode #3: comm syz.2.85: corrupted inode contents
[  127.189544][ T6237] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #3: comm syz.2.85: mark_inode_dirty error
[  127.206035][ T6237] Quota error (device loop2): write_blk: dquota write failed
[  127.217385][ T6237] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  127.246672][ T6237] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.85: Failed to acquire dquot type 0
[  127.274776][ T6237] EXT4-fs error (device loop2): ext4_do_update_inode:5244: inode #16: comm syz.2.85: corrupted inode contents
[  127.293081][ T6237] EXT4-fs error (device loop2): ext4_dirty_inode:6120: inode #16: comm syz.2.85: mark_inode_dirty error
[  127.307011][ T6237] EXT4-fs error (device loop2): ext4_do_update_inode:5244: inode #16: comm syz.2.85: corrupted inode contents
[  127.327749][ T6237] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #16: comm syz.2.85: mark_inode_dirty error
[  127.344998][ T6237] EXT4-fs error (device loop2): ext4_do_update_inode:5244: inode #16: comm syz.2.85: corrupted inode contents
[  127.358668][ T6237] EXT4-fs error (device loop2) in ext4_orphan_del:301: Corrupt filesystem
[  127.371194][ T6237] EXT4-fs error (device loop2): ext4_do_update_inode:5244: inode #16: comm syz.2.85: corrupted inode contents
[  127.384594][ T6237] EXT4-fs error (device loop2): ext4_truncate:4294: inode #16: comm syz.2.85: mark_inode_dirty error
[  127.401792][ T6237] EXT4-fs error (device loop2) in ext4_process_orphan:343: Corrupt filesystem
[  127.413349][ T6237] EXT4-fs (loop2): 1 truncate cleaned up
[  127.420488][ T6237] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  127.434692][ T6237] ext4 filesystem being mounted at /19/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  127.574527][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  127.643363][ T6244] syzkaller0: entered promiscuous mode
[  127.648924][ T6244] syzkaller0: entered allmulticast mode
[  127.715399][ T6248] netlink: 'syz.2.89': attribute type 1 has an invalid length.
[  127.732395][ T6248] netlink: 199820 bytes leftover after parsing attributes in process `syz.2.89'.
[  127.763198][ T6244] tipc: Started in network mode
[  127.768155][ T6244] tipc: Node identity 42783deeda27, cluster identity 4711
[  127.799926][ T6244] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  127.823115][ T6250] netlink: 8 bytes leftover after parsing attributes in process `syz.3.90'.
[  127.841545][ T6250] netlink: 8 bytes leftover after parsing attributes in process `syz.3.90'.
[  127.869514][ T6243] tipc: Resetting bearer <eth:syzkaller0>
[  127.981577][ T6243] tipc: Disabling bearer <eth:syzkaller0>
[  128.217192][ T6262] syzkaller0: entered promiscuous mode
[  128.231612][ T6262] syzkaller0: entered allmulticast mode
[  128.815132][ T6264] loop0: detected capacity change from 0 to 32768
[  128.844512][ T6264] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.95 (6264)
[  128.890461][ T6264] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  128.915595][ T6264] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  128.955894][ T6264] BTRFS info (device loop0): using free space tree
[  129.048272][ T6266] loop3: detected capacity change from 0 to 32768
[  129.091231][ T6264] BTRFS info (device loop0): enabling ssd optimizations
[  129.121769][ T6264] BTRFS info (device loop0): auto enabling async discard
[  129.384497][ T6295] netlink: 96 bytes leftover after parsing attributes in process `syz.2.100'.
[  129.714599][ T6299] loop2: detected capacity change from 0 to 1024
[  129.798174][ T6299] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  129.881752][ T6299] ext4 filesystem being mounted at /26/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  129.902952][ T6272] loop1: detected capacity change from 0 to 32768
[  130.096400][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  130.332595][ T6297] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  130.664208][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  130.824478][ T6304] syzkaller0: entered promiscuous mode
[  130.860701][ T6304] syzkaller0: entered allmulticast mode
[  131.004136][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.247440][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.499221][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.970215][   T12] tipc: Left network mode
[  132.075947][ T6320] loop3: detected capacity change from 0 to 4096
[  132.416404][ T5772] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  132.431491][ T5152] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  132.436468][ T5772] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  132.456355][ T5772] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  132.465850][ T5772] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  132.473962][ T5772] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  132.481529][ T5772] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  132.673783][ T5152] usb 2-1: config index 0 descriptor too short (expected 23569, got 27)
[  132.686413][ T5152] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  132.700435][ T5152] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  132.731055][ T5152] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  132.747089][ T5152] usb 2-1: Manufacturer: syz
[  132.793435][ T5152] usb 2-1: config 0 descriptor??
[  133.002192][ T5152] rc_core: IR keymap rc-hauppauge not found
[  133.031969][ T5152] Registered IR keymap rc-empty
[  133.038970][ T5152] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  133.085259][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  133.092130][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  133.108592][ T5152] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input6
[  133.139383][    C1] igorplugusb 2-1:0.0: Error: urb status = -32
[  133.150816][ T5152] usb 2-1: USB disconnect, device number 4
[  134.765504][ T5082] Bluetooth: hci3: command tx timeout
[  135.881102][ T6326] chnl_net:caif_netlink_parms(): no params data found
[  136.072876][   T12] bond0: (slave wlan1): Releasing backup interface
[  136.571474][ T1196] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  136.657276][ T6326] bridge0: port 1(bridge_slave_0) entered blocking state
[  136.679377][ T6326] bridge0: port 1(bridge_slave_0) entered disabled state
[  136.705748][ T6326] bridge_slave_0: entered allmulticast mode
[  136.724675][ T6386] input: syz1 as /devices/virtual/input/input7
[  136.734868][ T6326] bridge_slave_0: entered promiscuous mode
[  136.753790][ T1196] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  136.777982][ T1196] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  136.792791][ T1196] usb 4-1: config 0 descriptor??
[  136.811756][ T1196] cp210x 4-1:0.0: cp210x converter detected
[  136.821632][ T5082] Bluetooth: hci3: command tx timeout
[  136.836998][   T12] hsr_slave_0: left promiscuous mode
[  136.860218][   T12] hsr_slave_1: left promiscuous mode
[  136.877559][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  136.928127][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  136.974995][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  137.008114][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  137.019614][   T12] bridge_slave_1: left allmulticast mode
[  137.031211][   T12] bridge_slave_1: left promiscuous mode
[  137.040791][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  137.051601][ T1196] cp210x 4-1:0.0: failed to get vendor val 0x370b size 1: -121
[  137.059243][ T1196] cp210x 4-1:0.0: querying part number failed
[  137.108820][ T1196] usb 4-1: cp210x converter now attached to ttyUSB0
[  137.141935][   T12] bridge_slave_0: left allmulticast mode
[  137.157954][   T12] bridge_slave_0: left promiscuous mode
[  137.179570][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  137.262618][ T5842] usb 4-1: USB disconnect, device number 7
[  137.287533][   T12] veth1_macvtap: left promiscuous mode
[  137.296410][ T5842] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  137.312134][   T12] veth0_macvtap: left promiscuous mode
[  137.318462][   T12] veth1_vlan: left promiscuous mode
[  137.324077][ T5842] cp210x 4-1:0.0: device disconnected
[  137.374061][   T12] veth0_vlan: left promiscuous mode
[  137.801336][ T6392] loop2: detected capacity change from 0 to 32768
[  137.978258][ T6392] JBD2: Ignoring recovery information on journal
[  138.213000][ T6392] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  138.568844][ T5770] ocfs2: Unmounting device (7,2) on (node local)
[  138.874146][   T12] team0 (unregistering): Port device team_slave_1 removed
[  138.904777][ T5082] Bluetooth: hci3: command tx timeout
[  139.176926][   T12] team0 (unregistering): Port device team_slave_0 removed
[  139.340471][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  139.522843][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  140.203857][   T12] bond0 (unregistering): Released all slaves
[  140.299063][ T6326] bridge0: port 2(bridge_slave_1) entered blocking state
[  140.306669][ T6326] bridge0: port 2(bridge_slave_1) entered disabled state
[  140.314686][ T6326] bridge_slave_1: entered allmulticast mode
[  140.322228][ T6326] bridge_slave_1: entered promiscuous mode
[  140.496838][ T6326] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  140.527185][ T6326] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  140.707625][ T6326] team0: Port device team_slave_0 added
[  140.759849][ T6326] team0: Port device team_slave_1 added
[  140.973235][ T6432] random: crng reseeded on system resumption
[  140.981562][ T5082] Bluetooth: hci3: command tx timeout
[  141.034066][ T6433] autofs4:pid:6433:autofs_fill_super: called with bogus options
[  141.956549][ T6326] batman_adv: batadv0: Adding interface: batadv_slave_0
[  141.999463][ T6326] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  142.061438][ T6326] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  142.095030][ T6326] batman_adv: batadv0: Adding interface: batadv_slave_1
[  142.119705][ T6447] netlink: 40 bytes leftover after parsing attributes in process `syz.3.134'.
[  142.121955][ T6326] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  142.155572][ T6326] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  142.317784][ T6326] hsr_slave_0: entered promiscuous mode
[  142.338823][ T6452] loop3: detected capacity change from 0 to 2048
[  142.376656][ T6326] hsr_slave_1: entered promiscuous mode
[  142.399408][ T6326] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  142.463869][ T6326] Cannot create hsr debugfs directory
[  142.477908][ T6452] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  142.545459][ T6452] EXT4-fs error (device loop3): ext4_ext_precache:627: inode #2: comm syz.3.135: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 5(5)
[  142.716540][ T5767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  143.260944][ T6326] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  143.296594][ T6326] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  143.332575][ T6326] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  143.362243][ T6326] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  143.448903][ T6458] loop1: detected capacity change from 0 to 32768
[  143.580455][ T6458] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  143.643715][ T6326] 8021q: adding VLAN 0 to HW filter on device bond0
[  143.709705][ T6326] 8021q: adding VLAN 0 to HW filter on device team0
[  143.729793][ T1142] bridge0: port 1(bridge_slave_0) entered blocking state
[  143.737095][ T1142] bridge0: port 1(bridge_slave_0) entered forwarding state
[  143.803585][ T6458] XFS (loop1): Ending clean mount
[  143.815255][ T1142] bridge0: port 2(bridge_slave_1) entered blocking state
[  143.822510][ T1142] bridge0: port 2(bridge_slave_1) entered forwarding state
[  144.286747][ T5769] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  144.469702][ T6326] 8021q: adding VLAN 0 to HW filter on device batadv0
[  144.641488][ T5842] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  144.779264][ T6511] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  144.854312][ T5842] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  144.871499][ T5842] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  144.888261][ T6511] syzkaller0: entered promiscuous mode
[  144.894343][ T5842] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  144.899287][ T6511] syzkaller0: entered allmulticast mode
[  144.916050][ T6511] tipc: Resetting bearer <eth:syzkaller0>
[  144.920607][ T5842] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  144.951814][ T5842] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  144.965318][ T6510] tipc: Resetting bearer <eth:syzkaller0>
[  144.984002][ T5842] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  145.013518][ T5842] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  145.032050][ T5842] usb 4-1: Product: syz
[  145.036294][ T5842] usb 4-1: Manufacturer: syz
[  145.057949][ T5842] cdc_wdm 4-1:1.0: skipping garbage
[  145.089590][ T5842] cdc_wdm 4-1:1.0: skipping garbage
[  145.107595][ T5842] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  145.117233][ T5842] cdc_wdm 4-1:1.0: Unknown control protocol
[  145.290214][    C1] cdc_wdm 4-1:1.0: unknown notification 100 received: index 27951 len 21321
[  145.505024][ T5152] usb 4-1: USB disconnect, device number 8
[  147.880446][ T6554] loop2: detected capacity change from 0 to 64
[  150.293943][ T6510] tipc: Disabling bearer <eth:syzkaller0>
[  150.402338][    T9] tipc: Node number set to 390020334
[  150.587246][ T6326] veth0_vlan: entered promiscuous mode
[  150.657672][ T6326] veth1_vlan: entered promiscuous mode
[  150.869682][ T6580] loop3: detected capacity change from 0 to 512
[  150.919713][ T6580] EXT4-fs (loop3): Test dummy encryption mode enabled
[  150.927661][ T6580] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  150.990144][ T6580] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802e01c, mo2=0102]
[  150.999838][ T6580] EXT4-fs (loop3): orphan cleanup on readonly fs
[  151.027645][ T6580] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm syz.3.152: bg 0: block 361: padding at end of block bitmap is not set
[  151.054213][ T6580] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6637: Corrupt filesystem
[  151.071519][ T6580] EXT4-fs error (device loop3): ext4_clear_blocks:883: inode #11: comm syz.3.152: attempt to clear invalid blocks 33619980 len 1
[  151.092030][  T786] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  151.111917][ T6580] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.152: invalid indirect mapped block 1811939328 (level 0)
[  151.128439][ T6580] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.152: invalid indirect mapped block 2185560079 (level 1)
[  151.153565][ T6580] EXT4-fs (loop3): 1 truncate cleaned up
[  151.171091][ T6580] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[  151.244535][ T6580] EXT4-fs warning (device loop3): dx_probe:893: inode #2: comm syz.3.152: dx entry: limit 0 != root limit 125
[  151.256432][ T6580] EXT4-fs warning (device loop3): dx_probe:966: inode #2: comm syz.3.152: Corrupt directory, running e2fsck is recommended
[  151.555874][ T6580] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[  151.576729][  T786] usb 3-1: Using ep0 maxpacket: 32
[  151.637305][ T6326] veth0_macvtap: entered promiscuous mode
[  151.659811][  T786] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  151.729999][ T6326] veth1_macvtap: entered promiscuous mode
[  151.736692][  T786] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  151.809070][  T786] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  151.842861][  T786] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  151.918310][  T786] usb 3-1: config 0 descriptor??
[  151.966639][  T786] hub 3-1:0.0: USB hub found
[  152.006290][ T6326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  152.084814][ T6326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  152.135483][ T6326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  152.194540][ T6326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  152.215875][  T786] hub 3-1:0.0: 29 ports detected
[  152.235186][  T786] hub 3-1:0.0: insufficient power available to use all downstream ports
[  152.267089][ T6326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  152.310481][ T6326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  152.365723][ T6326] batman_adv: batadv0: Interface activated: batadv_slave_0
[  152.438825][ T6326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  152.504800][ T6326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  152.561441][ T6326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  152.630805][ T6326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  152.685418][ T6326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  152.734119][  T786] usb 3-1: USB disconnect, device number 2
[  152.742107][ T6326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  152.762751][ T6326] batman_adv: batadv0: Interface activated: batadv_slave_1
[  152.918287][ T6326] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  152.981625][ T6326] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  153.028657][ T6326] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  153.051939][ T6326] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  153.219938][ T6575] loop1: detected capacity change from 0 to 32768
[  153.285657][ T6575] (syz.1.153,6575,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  153.320077][   T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  153.344174][   T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  153.374237][ T6575] (syz.1.153,6575,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  153.494412][ T6595] loop2: detected capacity change from 0 to 512
[  153.524054][ T6575] JBD2: Ignoring recovery information on journal
[  153.538489][ T6595] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  153.569117][ T1142] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  153.630388][ T1142] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  153.779376][ T6595] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2872: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  153.815091][ T6575] JBD2: journal reset failed
[  153.846041][ T6575] (syz.1.153,6575,1):ocfs2_journal_load:1167 ERROR: Failed to load journal!
[  153.870828][ T6575] (syz.1.153,6575,1):ocfs2_check_volume:2432 ERROR: ocfs2 journal load failed! -4
[  153.881192][ T6595] EXT4-fs (loop2): 1 truncate cleaned up
[  153.903823][ T6595] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  154.774680][ T6612] loop1: detected capacity change from 0 to 128
[  154.919149][ T6612] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  154.961652][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  154.988839][ T6615] loop4: detected capacity change from 0 to 256
[  155.029971][ T6615] exFAT-fs (loop4): failed to load upcase table (idx : 0x00011a39, chksum : 0xd7c18d7b, utbl_chksum : 0xe619d30d)
[  155.057925][ T6612] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  155.255091][ T6619] loop2: detected capacity change from 0 to 47
[  155.267051][ T6612] overlayfs: failed to create directory ./file0/work (errno: 28); mounting read-only
[  155.339782][ T6612] overlayfs: failed to get uuid (/bus, err=-95); falling back to uuid=null.
[  155.524585][ T6623] loop4: detected capacity change from 0 to 64
[  155.746101][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  155.784409][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  155.841599][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  155.849100][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  155.907680][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  155.926450][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  155.966172][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  155.991735][  T786] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  156.002341][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  156.040520][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  156.060875][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  156.083708][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  156.091277][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  156.113772][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  156.141441][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  156.169440][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  156.190067][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  156.231545][  T786] usb 3-1: config 0 has no interfaces?
[  156.237113][  T786] usb 3-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  156.256779][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  156.301878][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  156.309493][  T786] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  156.321439][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  156.328902][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  156.352768][  T786] usb 3-1: config 0 descriptor??
[  156.389054][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  156.411421][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  156.434140][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  156.454654][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  156.640435][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  156.648702][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  156.656224][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  156.665461][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  156.680182][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  156.687949][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  156.700340][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  156.714989][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  156.753532][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  156.761017][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  156.780007][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  156.789592][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  156.807819][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  156.845241][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  156.891134][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  156.911580][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  156.929795][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  156.969123][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  157.021508][ T5813] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  157.039898][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  157.066539][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  157.097453][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  157.149878][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  157.221061][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  157.228814][ T5813] usb 2-1: Using ep0 maxpacket: 8
[  157.285225][    T8] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[  157.314778][ T5813] usb 2-1: config 0 has an invalid interface number: 107 but max is 0
[  157.355665][ T5813] usb 2-1: config 0 has no interface number 0
[  157.385064][ T5813] usb 2-1: New USB device found, idVendor=a257, idProduct=2013, bcdDevice=54.48
[  157.404043][    T8] hid-generic 0000:0000:0003.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  157.417109][ T5813] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  157.461885][ T5813] usb 2-1: config 0 descriptor??
[  157.563134][ T5152] usb 3-1: USB disconnect, device number 3
[  157.706379][ T6657] fido_id[6657]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  158.388864][ T6668] netlink: 8 bytes leftover after parsing attributes in process `syz.3.168'.
[  159.557332][ T5152] usb 2-1: USB disconnect, device number 5
[  160.441563][ T1196] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  160.523281][ T6674] loop3: detected capacity change from 0 to 40427
[  160.548652][ T6674] F2FS-fs (loop3): build fault injection attr: rate: 174, type: 0x7ffff
[  160.642794][ T1196] usb 3-1: Using ep0 maxpacket: 8
[  160.668507][ T1196] usb 3-1: config 0 has an invalid interface number: 107 but max is 0
[  160.711455][ T1196] usb 3-1: config 0 has no interface number 0
[  160.748154][ T1196] usb 3-1: New USB device found, idVendor=a257, idProduct=2013, bcdDevice=54.48
[  160.817646][ T1196] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  160.852179][ T1196] usb 3-1: config 0 descriptor??
[  160.953379][ T6709] netlink: 56 bytes leftover after parsing attributes in process `syz.4.177'.
[  162.389556][ T1196] usb 3-1: USB disconnect, device number 4
[  163.526101][ T6760] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  163.548867][ T6762] loop4: detected capacity change from 0 to 1024
[  163.908241][ T6768] netlink: 28 bytes leftover after parsing attributes in process `syz.2.196'.
[  163.932525][   T12] hfsplus: b-tree write err: -5, ino 4
[  164.181184][ T6769] hub 9-0:1.0: USB hub found
[  164.268951][ T6769] hub 9-0:1.0: 1 port detected
[  164.591472][ T5082] Bluetooth: hci1: command 0x0401 tx timeout
[  165.201297][ T6771] loop4: detected capacity change from 0 to 32768
[  165.316560][ T6771] XFS (loop4): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  165.581945][ T6771] XFS (loop4): Starting recovery (logdev: internal)
[  165.755880][ T6771] XFS (loop4): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xd0, xfs_cntbt block 0x8 
[  165.828435][ T6771] XFS (loop4): Unmount and run xfs_repair
[  165.871601][ T6771] XFS (loop4): First 128 bytes of corrupted metadata buffer:
[  165.942238][ T6771] 00000000: 41 42 54 43 00 00 00 03 ff ff ff ff ff ff ff ff  ABTC............
[  165.996888][ T6771] 00000010: 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00 10  ................
[  166.046152][ T6771] 00000020: ed 37 bf 6e 74 ea 4e 01 af ba 5f ee 27 4b 0f 3a  .7.nt.N..._.'K.:
[  166.100057][ T6771] 00000030: 00 00 00 00 ea d5 90 f3 00 00 00 07 00 00 00 01  ................
[  166.128909][ T6771] 00000040: 00 00 0b fe 00 00 00 02 00 00 0c 20 00 00 13 e0  ........... ....
[  166.151488][ T6771] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  166.179304][ T6771] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  166.201188][ T6771] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  166.223679][ T6771] XFS (loop4): Filesystem has been shut down due to log error (0x2).
[  166.441663][ T6771] XFS (loop4): Please unmount the filesystem and rectify the problem(s).
[  166.455699][ T6771] XFS (loop4): log mount/recovery failed: error -74
[  166.508812][ T6771] XFS (loop4): log mount failed
[  168.558617][ T6812] loop1: detected capacity change from 0 to 512
[  168.614248][ T6812] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2
[  168.698038][ T6818] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  168.726050][ T6812] EXT4-fs (loop1): 1 truncate cleaned up
[  168.835093][ T6812] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  169.423666][ T6812] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000.
[  169.630557][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  170.061595][ T5152] usb 4-1: new full-speed USB device number 9 using dummy_hcd
[  170.191636][ T6839] netlink: 56 bytes leftover after parsing attributes in process `syz.2.211'.
[  170.221246][ T6839] netlink: 56 bytes leftover after parsing attributes in process `syz.2.211'.
[  170.254160][ T6840] netlink: 56 bytes leftover after parsing attributes in process `syz.2.211'.
[  170.293550][ T5152] usb 4-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  170.314227][ T5152] usb 4-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  170.365280][ T5152] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  170.382205][   T27] usb 2-1: new full-speed USB device number 6 using dummy_hcd
[  170.410577][ T5152] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  170.443688][ T5152] usbtmc 4-1:16.0: bulk endpoints not found
[  170.463959][ T6845] netlink: 56 bytes leftover after parsing attributes in process `syz.2.212'.
[  170.596211][   T28] audit: type=1326 audit(1768141658.412:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6847 comm="syz.2.213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f473d78f749 code=0x7ffc0000
[  170.627623][   T27] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  170.644127][   T28] audit: type=1326 audit(1768141658.412:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6847 comm="syz.2.213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f473d78f749 code=0x7ffc0000
[  170.648755][   T27] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  170.703585][   T28] audit: type=1326 audit(1768141658.412:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6847 comm="syz.2.213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f473d78f749 code=0x7ffc0000
[  170.721584][   T27] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  170.755988][   T28] audit: type=1326 audit(1768141658.412:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6847 comm="syz.2.213" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f473d78f749 code=0x0
[  170.758364][   T27] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  171.047664][   T27] usb 2-1: usb_control_msg returned -32
[  171.062118][   T27] usbtmc 2-1:16.0: can't read capabilities
[  171.249181][ T6863] loop6: detected capacity change from 0 to 524288000
[  171.342226][ T6862] (unnamed net_device) (uninitialized): option ad_user_port_key: invalid value (36551)
[  171.425485][ T6863] netlink: 388 bytes leftover after parsing attributes in process `syz.4.214'.
[  171.437189][ T6862] (unnamed net_device) (uninitialized): option ad_user_port_key: allowed values 0 - 1023
[  173.861212][ T5813] usb 4-1: USB disconnect, device number 9
[  174.285058][ T5842] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  174.732362][ T5842] usb 3-1: too many configurations: 9, using maximum allowed: 8
[  175.202318][ T5842] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  175.365775][ T5842] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  175.571807][ T5842] usb 3-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  175.660429][ T5842] usb 3-1: config 0 interface 0 has no altsetting 0
[  175.679097][ T5842] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  175.708862][ T1196] usb 2-1: USB disconnect, device number 6
[  175.750096][ T5842] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  175.810638][ T5842] usb 3-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  175.855029][ T5842] usb 3-1: config 0 interface 0 has no altsetting 0
[  175.873074][ T5842] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  175.901618][ T5842] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  175.923709][ T5842] usb 3-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  175.957373][ T5842] usb 3-1: config 0 interface 0 has no altsetting 0
[  175.971602][ T5813] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  175.993688][ T5842] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  176.021070][ T5842] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  176.037445][ T5842] usb 3-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  176.053721][ T5842] usb 3-1: config 0 interface 0 has no altsetting 0
[  176.068210][ T5842] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  176.088780][ T5842] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  176.110379][ T5842] usb 3-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  176.175013][ T5842] usb 3-1: config 0 interface 0 has no altsetting 0
[  176.192196][ T5842] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  176.209546][ T5842] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  176.222427][ T5813] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  176.233246][ T5842] usb 3-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  176.255659][ T5813] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  176.263172][ T5842] usb 3-1: config 0 interface 0 has no altsetting 0
[  176.274286][ T5813] usb 4-1: Product: syz
[  176.278533][ T5813] usb 4-1: Manufacturer: syz
[  176.284593][ T5842] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  176.293516][ T5813] usb 4-1: SerialNumber: syz
[  176.321411][ T5842] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  176.337401][ T5813] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  176.375628][ T5842] usb 3-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  176.393756][ T5842] usb 3-1: config 0 interface 0 has no altsetting 0
[  176.409235][ T5842] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  176.412893][  T786] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  176.460173][ T5842] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  176.499463][ T5842] usb 3-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  176.555136][ T5842] usb 3-1: config 0 interface 0 has no altsetting 0
[  176.582975][ T5842] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  176.616303][ T5842] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  176.661282][ T5842] usb 3-1: Product: syz
[  176.674601][ T5842] usb 3-1: Manufacturer: syz
[  176.690086][ T5842] usb 3-1: SerialNumber: syz
[  176.706341][ T5842] usb 3-1: config 0 descriptor??
[  176.777223][ T5842] yurex 3-1:0.0: Could not find endpoints
[  177.056307][    T8] usb 3-1: USB disconnect, device number 5
[  177.341801][ T6926] bridge0: port 3(gretap0) entered blocking state
[  177.348448][ T6926] bridge0: port 3(gretap0) entered disabled state
[  177.355842][ T6926] gretap0: entered allmulticast mode
[  177.362944][ T6926] gretap0: entered promiscuous mode
[  177.368875][ T6926] bridge0: port 3(gretap0) entered blocking state
[  177.376574][ T6926] bridge0: port 3(gretap0) entered forwarding state
[  184.611211][  T786] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[  184.814071][ T5813] usb 4-1: USB disconnect, device number 10
[  184.834495][  T786] ath9k_htc: Failed to initialize the device
[  184.902001][ T5813] usb 4-1: ath9k_htc: USB layer deinitialized
[  185.946264][ T6945] loop3: detected capacity change from 0 to 128
[  188.495823][ T6953] netlink: 28 bytes leftover after parsing attributes in process `syz.4.226'.
[  188.702021][ T6964] loop2: detected capacity change from 0 to 512
[  188.745694][ T6964] EXT4-fs: Ignoring removed bh option
[  188.810090][ T6964] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  188.871011][ T6964] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2249: inode #15: comm syz.2.232: corrupted in-inode xattr: e_value size too large
[  188.942551][ T6948] hub 9-0:1.0: USB hub found
[  188.949424][ T6948] hub 9-0:1.0: 1 port detected
[  189.063398][ T6964] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.232: couldn't read orphan inode 15 (err -117)
[  189.132474][ T6964] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  189.287478][ T6964] EXT4-fs warning (device loop2): dx_probe:833: inode #2: comm syz.2.232: Unrecognised inode hash code 4
[  189.354129][ T6964] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.232: Corrupt directory, running e2fsck is recommended
[  190.552252][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  191.042475][ T5842] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  191.211525][    T8] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  191.245381][ T5842] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  191.280834][ T5842] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  191.309470][ T5842] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  191.325841][ T5842] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  191.372768][ T6983] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  191.409743][ T5842] usb 2-1: Quirk or no altest; falling back to MIDI 1.0
[  191.431464][    T8] usb 4-1: Using ep0 maxpacket: 8
[  191.438903][    T8] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[  191.481978][    T8] usb 4-1: config 179 has no interface number 0
[  191.512069][    T8] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  191.561582][    T8] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  191.609373][    T8] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  191.654155][    T8] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  191.695493][    T8] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  191.715470][    T8] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  191.735064][ T5813] usb 2-1: USB disconnect, device number 7
[  191.752996][ T1196] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  191.761520][    T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  191.794018][ T6989] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  191.963067][ T1196] usb 5-1: Using ep0 maxpacket: 8
[  192.064328][ T1196] usb 5-1: unable to get BOS descriptor or descriptor too short
[  192.083550][ T1196] usb 5-1: unable to read config index 0 descriptor/start: -71
[  192.091196][ T1196] usb 5-1: can't read configurations, error -71
[  192.130610][    T8] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input8
[  192.336944][ T6989] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  192.348233][ T6989] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  192.580808][ T5842] usb 4-1: USB disconnect, device number 11
[  192.580825][    C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  192.580961][    C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  193.904883][ T7023] loop2: detected capacity change from 0 to 16
[  194.373633][ T7023] erofs: (device loop2): erofs_read_superblock: invalid sb_extslots 4192 (more than a fs block)
[  194.512321][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  194.518701][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  195.254987][ T7050] syzkaller0: entered promiscuous mode
[  195.260548][ T7050] syzkaller0: entered allmulticast mode
[  195.560736][ T7049] netlink: 28 bytes leftover after parsing attributes in process `syz.3.247'.
[  195.795508][ T7058] hub 9-0:1.0: USB hub found
[  195.834858][ T7058] hub 9-0:1.0: 1 port detected
[  195.909749][ T7060] loop4: detected capacity change from 0 to 2048
[  197.045629][ T7069] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  197.171616][ T7072] netlink: 8 bytes leftover after parsing attributes in process `syz.1.253'.
[  197.205319][ T7072] netlink: 4 bytes leftover after parsing attributes in process `syz.1.253'.
[  197.345028][ T7044] loop2: detected capacity change from 0 to 32768
[  197.365417][   T28] audit: type=1800 audit(1768141685.172:10): pid=7075 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.251" name="file1" dev="loop4" ino=2097152 res=0 errno=0
[  197.475541][ T7044] ocfs2: Slot 0 on device (7,2) was already allocated to this node!
[  197.491760][   T28] audit: type=1800 audit(1768141685.202:11): pid=7060 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.251" name="file1" dev="loop4" ino=2097152 res=0 errno=0
[  197.512511][    C0] vkms_vblank_simulate: vblank timer overrun
[  197.551879][ T7044] JBD2: Ignoring recovery information on journal
[  197.715908][ T7044] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  198.027931][    C0] vcan0: j1939_tp_txtimer: 0xffff88805cfb5c00: tx aborted with unknown reason: -2
[  198.039750][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805cfb5000: 0x00000: (250) Any other reason (if a Connection Abort reason is identified that is not listed in the table use code 250)
[  198.059239][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805cfb5c00: 0x00000: (250) Any other reason (if a Connection Abort reason is identified that is not listed in the table use code 250)
[  198.201795][ T5770] ocfs2: Unmounting device (7,2) on (node local)
[  199.275846][ T7089] loop1: detected capacity change from 0 to 32768
[  199.302170][ T7089] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.257 (7089)
[  199.449138][ T7089] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  199.508338][ T7089] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  199.551080][ T7089] BTRFS info (device loop1): using free space tree
[  199.814574][ T7089] BTRFS info (device loop1): enabling ssd optimizations
[  199.871097][ T7089] BTRFS info (device loop1): auto enabling async discard
[  199.996784][ T7099] loop2: detected capacity change from 0 to 40427
[  200.192930][ T7099] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  200.233978][ T7099] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  200.252565][ T7099] F2FS-fs (loop2): invalid crc value
[  200.330909][ T7099] F2FS-fs (loop2): Found nat_bits in checkpoint
[  200.890838][ T7089] BTRFS info (device loop1): balance: start -s
[  200.905119][ T7089] BTRFS info (device loop1): left=0, need=98304, flags=2
[  200.944563][ T7089] BTRFS info (device loop1): space_info SYSTEM has 0 free, is not full
[  200.953632][ T7089] BTRFS info (device loop1): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0
[  200.967349][ T7089] BTRFS info (device loop1): global_block_rsv: size 1441792 reserved 1441792
[  200.976788][ T7089] BTRFS info (device loop1): trans_block_rsv: size 0 reserved 0
[  200.984691][ T7089] BTRFS info (device loop1): chunk_block_rsv: size 0 reserved 0
[  200.992645][ T7089] BTRFS info (device loop1): delayed_block_rsv: size 0 reserved 0
[  201.000510][ T7089] BTRFS info (device loop1): delayed_refs_rsv: size 0 reserved 0
[  202.149971][ T7089] BTRFS info (device loop1): relocating block group 1048576 flags system
[  202.215502][ T7089] BTRFS info (device loop1): balance: canceled
[  202.419174][ T5769] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  203.733587][ T7150] netlink: 8 bytes leftover after parsing attributes in process `syz.2.264'.
[  203.886968][ T7155] usb usb1: usbfs: process 7155 (syz.3.265) did not claim interface 0 before use
[  204.658671][ T7166] loop2: detected capacity change from 0 to 1024
[  204.717590][ T7166] EXT4-fs: Ignoring removed bh option
[  204.812110][ T7166] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  205.080678][ T7166] EXT4-fs error (device loop2): ext4_find_dest_de:2115: inode #12: block 7: comm syz.2.268: bad entry in directory: rec_len is too small for name_len - offset=16, inode=14, rec_len=40, size=56 fake=0
[  205.430327][ T7166] EXT4-fs (loop2): Remounting filesystem read-only
[  206.028442][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  206.148280][ T3469] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.245824][ T5813] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  206.359703][ T3469] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.444609][ T5813] usb 2-1: Using ep0 maxpacket: 32
[  206.472743][ T5813] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  206.495896][ T3469] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.509964][ T5813] usb 2-1: New USB device found, idVendor=2040, idProduct=d900, bcdDevice=a9.2c
[  206.525962][ T5813] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  206.551757][ T5813] usb 2-1: Product: syz
[  206.556051][ T5813] usb 2-1: Manufacturer: syz
[  206.565186][ T5813] usb 2-1: SerialNumber: syz
[  206.586580][ T7190] loop4: detected capacity change from 0 to 32768
[  206.614743][ T5813] usb 2-1: config 0 descriptor??
[  206.620823][ T7190] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz.4.272 (7190)
[  206.642859][ T5813] dw2102: su3000_identify_state
[  206.661934][ T3469] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.673163][ T5813] dvb-usb: found a 'Hauppauge MAX S2 or WinTV NOVA HD USB2.0' in warm state.
[  206.700021][ T5813] dw2102: su3000_power_ctrl: 1, initialized 0
[  206.710697][ T7190] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  206.724393][ T5813] dvb-usb: bulk message failed: -22 (2/0)
[  206.746657][ T7190] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  206.772797][ T5813] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  206.783053][ T7190] BTRFS info (device loop4): setting nodatacow, compression disabled
[  206.801686][ T7190] BTRFS info (device loop4): force clearing of disk cache
[  206.809682][ T5813] dvbdev: DVB: registering new adapter (Hauppauge MAX S2 or WinTV NOVA HD USB2.0)
[  206.851471][ T5813] usb 2-1: media controller created
[  206.857287][ T5813] dvb-usb: bulk message failed: -22 (6/0)
[  206.873395][ T7190] BTRFS info (device loop4): enabling ssd optimizations
[  206.880415][ T7190] BTRFS info (device loop4): using spread ssd allocation scheme
[  206.907700][ T5813] dw2102: i2c transfer failed.
[  206.921978][ T7192] dw2102: i2c wr: len=66 is too big!
[  206.921978][ T7192] 
[  206.929994][ T7190] BTRFS info (device loop4): turning off barriers
[  206.944941][ T5813] dvb-usb: bulk message failed: -22 (6/0)
[  206.954923][ T7190] BTRFS info (device loop4): disabling free space tree
[  206.981611][ T5813] dw2102: i2c transfer failed.
[  206.986493][ T5813] dvb-usb: bulk message failed: -22 (6/0)
[  206.992479][ T7190] BTRFS info (device loop4): not using ssd optimizations
[  206.999747][ T7190] BTRFS info (device loop4): not using spread ssd allocation scheme
[  207.011894][ T5813] dw2102: i2c transfer failed.
[  207.016756][ T5813] dvb-usb: bulk message failed: -22 (6/0)
[  207.047107][ T5813] dw2102: i2c transfer failed.
[  207.072294][ T5813] dvb-usb: bulk message failed: -22 (6/0)
[  207.078131][ T5813] dw2102: i2c transfer failed.
[  207.105700][ T5813] dvb-usb: bulk message failed: -22 (6/0)
[  207.137208][ T5813] dw2102: i2c transfer failed.
[  207.171510][ T5813] dvb-usb: MAC address: 02:02:02:02:02:02
[  207.209877][ T5813] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  207.257151][ T5813] dvb-usb: bulk message failed: -22 (3/0)
[  207.271468][ T5813] dw2102: command 0x0e transfer failed.
[  207.279103][ T5813] dvb-usb: bulk message failed: -22 (3/0)
[  207.290036][ T7190] BTRFS info (device loop4): rebuilding free space tree
[  207.291531][ T5813] dw2102: command 0x0e transfer failed.
[  207.369833][ T7190] BTRFS info (device loop4): disabling free space tree
[  207.384816][ T7190] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  207.413342][ T7190] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  207.569250][ T7217] loop3: detected capacity change from 0 to 256
[  207.662038][ T5813] dvb-usb: bulk message failed: -22 (3/0)
[  207.711406][ T5813] dw2102: command 0x0e transfer failed.
[  207.717055][ T5813] dvb-usb: bulk message failed: -22 (3/0)
[  207.778849][ T5813] dw2102: command 0x0e transfer failed.
[  207.808381][ T5813] dvb-usb: bulk message failed: -22 (1/0)
[  207.856462][ T5813] dw2102: command 0x51 transfer failed.
[  208.099467][ T5813] DVB: Unable to find symbol ds3000_attach()
[  208.133196][ T5813] dvb-usb: no frontend was attached by 'Hauppauge MAX S2 or WinTV NOVA HD USB2.0'
[  208.286698][ T5772] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  208.298446][ T5772] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  208.321636][ T5772] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  208.339444][ T5772] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  208.356456][ T5772] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  208.376479][ T5772] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  208.461534][ T5813] rc_core: IR keymap rc-su3000 not found
[  208.491459][ T5813] Registered IR keymap rc-empty
[  208.508379][ T5813] rc rc0: Hauppauge MAX S2 or WinTV NOVA HD USB2.0 as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0
[  208.565028][ T5813] input: Hauppauge MAX S2 or WinTV NOVA HD USB2.0 as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0/input9
[  208.642577][ T5813] dvb-usb: schedule remote query interval to 150 msecs.
[  208.675758][ T5813] dw2102: su3000_power_ctrl: 0, initialized 1
[  208.686950][ T6326] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  208.706267][ T5813] dvb-usb: Hauppauge MAX S2 or WinTV NOVA HD USB2.0 successfully initialized and connected.
[  208.740409][ T5813] usb 2-1: USB disconnect, device number 8
[  208.833561][  T786] dvb-usb: bulk message failed: -22 (1/0)
[  208.839668][  T786] dw2102: i2c transfer failed.
[  209.142094][ T5813] dvb-usb: Hauppauge MAX S2 or WinTV NOVA HD USB2. successfully deinitialized and disconnected.
[  209.213102][ T7240] loop4: detected capacity change from 0 to 8
[  209.366574][ T7223] loop1: detected capacity change from 0 to 32768
[  209.420284][ T7223] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 scanned by syz.1.278 (7223)
[  209.472162][ T7223] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  209.491555][ T7223] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  209.501075][ T7223] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  209.527796][ T7223] BTRFS info (device loop1): use zstd compression, level 3
[  209.535456][ T7223] BTRFS info (device loop1): using free space tree
[  209.849093][ T7223] BTRFS info (device loop1): enabling ssd optimizations
[  209.888089][ T7223] BTRFS info (device loop1): auto enabling async discard
[  210.062431][ T7264] usb usb7: usbfs: process 7264 (syz.3.282) did not claim interface 0 before use
[  210.107267][   T28] audit: type=1800 audit(1768141697.922:12): pid=7223 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.278" name="file1" dev="loop1" ino=260 res=0 errno=0
[  210.122236][ T5152] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  210.182078][ T3469] hsr_slave_0: left promiscuous mode
[  210.251441][ T3469] hsr_slave_1: left promiscuous mode
[  210.327067][ T3469] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  210.344974][ T3469] batman_adv: batadv0: Removing interface: batadv_slave_0
[  210.374416][ T3469] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  210.391522][ T3469] batman_adv: batadv0: Removing interface: batadv_slave_1
[  210.408324][ T5152] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  210.421508][   T51] Bluetooth: hci1: command tx timeout
[  210.433528][ T3469] bridge_slave_1: left allmulticast mode
[  210.439985][ T3469] bridge_slave_1: left promiscuous mode
[  210.448136][ T5152] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  210.463131][ T3469] bridge0: port 2(bridge_slave_1) entered disabled state
[  210.491620][ T5152] usb 5-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00
[  210.517272][ T3469] bridge_slave_0: left allmulticast mode
[  210.523651][ T3469] bridge_slave_0: left promiscuous mode
[  210.532042][ T5152] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  210.551701][ T3469] bridge0: port 1(bridge_slave_0) entered disabled state
[  210.566687][ T5152] usb 5-1: config 0 descriptor??
[  210.640549][ T5769] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  210.669375][ T3469] veth1_macvtap: left promiscuous mode
[  210.675197][ T3469] veth0_macvtap: left promiscuous mode
[  210.681053][ T3469] veth1_vlan: left promiscuous mode
[  210.686674][ T3469] veth0_vlan: left promiscuous mode
[  210.809080][ T5152] usbhid 5-1:0.0: can't add hid device: -71
[  210.847245][ T5152] usbhid: probe of 5-1:0.0 failed with error -71
[  210.895705][ T5152] usb 5-1: USB disconnect, device number 4
[  211.559890][ T7274] loop4: detected capacity change from 0 to 2048
[  211.628572][ T7274] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  211.943964][   T51] Bluetooth: hci0: command 0x0406 tx timeout
[  211.943991][ T5782] Bluetooth: hci2: command 0x0406 tx timeout
[  212.417997][ T3469] team0 (unregistering): Port device team_slave_1 removed
[  212.507390][ T5772] Bluetooth: hci1: command tx timeout
[  213.206048][ T7293] ceph: No mds server is up or the cluster is laggy
[  213.232684][ T1196] libceph: connect (1)[c::]:6789 error -101
[  213.253135][ T1196] libceph: mon0 (1)[c::]:6789 connect error
[  213.451045][ T3469] team0 (unregistering): Port device team_slave_0 removed
[  213.552543][ T3469] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  213.645160][ T3469] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  214.600577][ T5772] Bluetooth: hci1: command tx timeout
[  215.144512][ T3469] bond0 (unregistering): Released all slaves
[  215.325775][ T7267] macvtap1: entered promiscuous mode
[  215.331276][ T7267] macvtap1: entered allmulticast mode
[  215.337888][ T7267] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode
[  215.358085][ T7267] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode
[  215.379716][ T7267] team0: Device macvtap1 failed to register rx_handler
[  215.397695][ T7267] mac80211_hwsim hwsim3 wlan1: left allmulticast mode
[  215.407110][ T7267] mac80211_hwsim hwsim3 wlan1: left promiscuous mode
[  215.810116][ T7309] loop3: detected capacity change from 0 to 256
[  216.661691][ T5772] Bluetooth: hci1: command tx timeout
[  217.156612][ T7311] loop1: detected capacity change from 0 to 40427
[  217.178780][ T7311] F2FS-fs (loop1): heap/no_heap options were deprecated
[  217.185944][ T7311] F2FS-fs (loop1): build fault injection attr: rate: 19, type: 0x7ffff
[  217.246902][ T5785] I/O error, dev loop1, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  218.048225][ T7319] loop1: detected capacity change from 0 to 40427
[  218.075172][ T7319] F2FS-fs (loop1): invalid crc value
[  218.103206][ T7319] F2FS-fs (loop1): Found nat_bits in checkpoint
[  218.209533][ T7319] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  219.956980][ T7228] chnl_net:caif_netlink_parms(): no params data found
[  222.143448][ T7228] bridge0: port 1(bridge_slave_0) entered blocking state
[  222.150813][ T7228] bridge0: port 1(bridge_slave_0) entered disabled state
[  222.235165][ T7228] bridge_slave_0: entered allmulticast mode
[  222.267036][ T7228] bridge_slave_0: entered promiscuous mode
[  222.334341][ T7228] bridge0: port 2(bridge_slave_1) entered blocking state
[  222.391775][ T7228] bridge0: port 2(bridge_slave_1) entered disabled state
[  222.471789][ T7228] bridge_slave_1: entered allmulticast mode
[  222.640715][ T7228] bridge_slave_1: entered promiscuous mode
[  223.096519][ T7228] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  223.285208][ T7228] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  223.409445][ T7228] team0: Port device team_slave_0 added
[  223.428285][ T7369] netlink: 204 bytes leftover after parsing attributes in process `syz.1.301'.
[  223.452907][ T7228] team0: Port device team_slave_1 added
[  223.541847][ T7369] netlink: 72 bytes leftover after parsing attributes in process `syz.1.301'.
[  223.565658][ T7369] netlink: 24 bytes leftover after parsing attributes in process `syz.1.301'.
[  223.816699][ T7228] batman_adv: batadv0: Adding interface: batadv_slave_0
[  223.848772][ T7228] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  223.899471][ T7228] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  224.046242][ T7228] batman_adv: batadv0: Adding interface: batadv_slave_1
[  224.080978][ T7228] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  224.107016][    C1] vkms_vblank_simulate: vblank timer overrun
[  224.319441][ T7228] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  224.371280][ T7228] hsr_slave_0: entered promiscuous mode
[  224.379245][ T7228] hsr_slave_1: entered promiscuous mode
[  224.386213][ T7228] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  224.398513][ T7228] Cannot create hsr debugfs directory
[  224.714959][ T7358] loop4: detected capacity change from 0 to 32768
[  224.836215][ T7358] JBD2: Ignoring recovery information on journal
[  224.993839][ T7387] loop1: detected capacity change from 0 to 1024
[  225.029605][ T7358] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  225.444955][ T6326] ocfs2: Unmounting device (7,4) on (node local)
[  225.520117][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  225.566657][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  225.600617][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  225.639990][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  225.661263][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  225.680041][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  225.701755][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  225.735755][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  225.745244][ T7228] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  225.766419][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  225.788852][ T7228] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  225.795315][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  225.821489][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  225.833041][ T5842] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  225.871463][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  225.871893][ T7228] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  225.889404][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  225.923035][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  225.923825][ T7228] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  225.940522][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  225.965186][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  225.981883][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  226.001784][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  226.028573][ T5842] usb 2-1: config 0 has no interfaces?
[  226.038048][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  226.046454][ T5842] usb 2-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  226.072183][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  226.079733][ T5842] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  226.091384][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  226.113038][ T5842] usb 2-1: config 0 descriptor??
[  226.121777][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  226.129344][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  226.177571][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  226.221892][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  226.240296][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  226.260256][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  226.304028][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  226.330699][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  226.367528][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  226.400473][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  226.416343][ T7228] 8021q: adding VLAN 0 to HW filter on device bond0
[  226.437612][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  226.479037][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  226.494094][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  226.510031][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  226.522878][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  226.534990][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  226.543146][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  226.553783][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  226.566170][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  226.577000][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  226.595999][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  226.604724][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  226.617367][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  226.630326][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  226.657023][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  226.757292][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  226.773491][ T5152] hid-generic 0000:0000:0003.0002: unknown main item tag 0x0
[  226.799089][ T5152] hid-generic 0000:0000:0003.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  226.817354][  T786] usb 2-1: USB disconnect, device number 9
[  227.043705][ T7228] 8021q: adding VLAN 0 to HW filter on device team0
[  227.276595][ T1142] bridge0: port 1(bridge_slave_0) entered blocking state
[  227.283811][ T1142] bridge0: port 1(bridge_slave_0) entered forwarding state
[  227.343994][ T7423] fido_id[7423]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  227.389554][ T1142] bridge0: port 2(bridge_slave_1) entered blocking state
[  227.396862][ T1142] bridge0: port 2(bridge_slave_1) entered forwarding state
[  227.641498][ T7429] netlink: 'syz.1.312': attribute type 8 has an invalid length.
[  228.529343][ T7228] 8021q: adding VLAN 0 to HW filter on device batadv0
[  230.031081][   T28] audit: type=1326 audit(1768141717.842:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7499 comm="syz.1.322" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4ae558f749 code=0x0
[  230.248391][ T7502] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  231.018571][ T7228] veth0_vlan: entered promiscuous mode
[  231.075422][ T7228] veth1_vlan: entered promiscuous mode
[  231.129536][ T7228] veth0_macvtap: entered promiscuous mode
[  231.150119][ T7228] veth1_macvtap: entered promiscuous mode
[  231.283926][ T7228] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  231.375661][ T7228] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.396461][ T7228] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  231.421480][ T7228] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.459045][ T7228] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  231.502848][ T7228] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.516280][ T7228] batman_adv: batadv0: Interface activated: batadv_slave_0
[  231.534447][ T7228] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  231.551110][ T7228] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.561959][ T7228] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  231.576929][ T7228] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.590796][ T7228] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  231.602969][ T7228] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.654636][ T7228] batman_adv: batadv0: Interface activated: batadv_slave_1
[  231.686411][ T7228] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  231.695559][ T7228] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  231.712601][ T7228] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  231.721754][ T7228] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  231.899214][ T7521] loop1: detected capacity change from 0 to 256
[  232.055013][ T7447] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  232.068411][ T7521] FAT-fs (loop1): Directory bread(block 64) failed
[  232.090515][ T7447] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  232.102093][ T7521] FAT-fs (loop1): Directory bread(block 65) failed
[  232.136149][ T7521] FAT-fs (loop1): Directory bread(block 66) failed
[  232.171605][ T7521] FAT-fs (loop1): Directory bread(block 67) failed
[  232.178310][ T7521] FAT-fs (loop1): Directory bread(block 68) failed
[  232.237607][ T7521] FAT-fs (loop1): Directory bread(block 69) failed
[  232.280634][ T7521] FAT-fs (loop1): Directory bread(block 70) failed
[  232.313353][ T7444] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  232.324642][ T7521] FAT-fs (loop1): Directory bread(block 71) failed
[  232.358790][ T7521] FAT-fs (loop1): Directory bread(block 72) failed
[  232.365662][ T7444] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  232.391564][ T7521] FAT-fs (loop1): Directory bread(block 73) failed
[  232.539022][ T7526] loop3: detected capacity change from 0 to 1024
[  232.744344][ T7528] mmap: syz.3.328 (7528): VmData 176009216 exceed data ulimit 33554432. Update limits or use boot option ignore_rlimit_data.
[  233.164006][ T7536] 9pnet_fd: Insufficient options for proto=fd
[  234.296975][ T7549] fuse: Bad value for 'fd'
[  234.479687][ T7551] loop4: detected capacity change from 0 to 256
[  234.634406][ T7551] exFAT-fs (loop4): failed to load upcase table (idx : 0x00011e5d, chksum : 0x63a11b78, utbl_chksum : 0xe619d30d)
[  234.949209][ T7541] loop5: detected capacity change from 0 to 32768
[  234.974553][ T7541] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 scanned by syz.5.331 (7541)
[  235.153103][ T7541] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  235.153228][ T7541] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm
[  235.153294][ T7541] BTRFS info (device loop5): setting nodatacow, compression disabled
[  235.153325][ T7541] BTRFS info (device loop5): force clearing of disk cache
[  235.153345][ T7541] BTRFS info (device loop5): enabling ssd optimizations
[  235.153360][ T7541] BTRFS info (device loop5): using spread ssd allocation scheme
[  235.153379][ T7541] BTRFS info (device loop5): turning off barriers
[  235.153405][ T7541] BTRFS info (device loop5): disabling free space tree
[  235.153432][ T7541] BTRFS info (device loop5): not using ssd optimizations
[  235.153448][ T7541] BTRFS info (device loop5): not using spread ssd allocation scheme
[  235.514311][ T7564] comedi comedi2: aio_aio12_8: I/O port conflict (0x4000cf5,32)
[  236.511773][ T7579] loop3: detected capacity change from 0 to 2048
[  236.934567][ T7541] BTRFS info (device loop5): rebuilding free space tree
[  237.063499][ T7579] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  238.884582][ T7541] BTRFS info (device loop5): disabling free space tree
[  238.912411][ T7541] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  238.931407][ T7541] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  239.142441][ T7228] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  239.832414][ T7593] netlink: 'syz.5.344': attribute type 2 has an invalid length.
[  240.542833][ T7581] loop3: detected capacity change from 0 to 40427
[  240.568448][ T7581] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x7ffff
[  240.598374][ T7581] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x2
[  240.616724][ T7581] F2FS-fs (loop3): Image doesn't support compression
[  240.637584][ T7581] F2FS-fs (loop3): Image doesn't support compression
[  240.685034][ T7581] F2FS-fs (loop3): invalid crc value
[  240.726146][ T7581] F2FS-fs (loop3): Found nat_bits in checkpoint
[  240.759847][ T7583] loop1: detected capacity change from 0 to 40427
[  240.804229][ T7583] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x1f52010)
[  240.861506][ T7583] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock
[  240.923009][ T7581] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  240.951871][ T7583] F2FS-fs (loop1): Unrecognized mount option "fault_injection=-0000000000000001262" or missing value
[  241.051704][ T7581] F2FS-fs (loop3): Can't flush 8 in 0 for SEGS_PER_SEC 1 != 1
[  241.152591][ T5767] syz-executor: attempt to access beyond end of device
[  241.152591][ T5767] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  241.202327][ T5767] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  245.545296][ T7624] loop5: detected capacity change from 0 to 32768
[  245.571796][ T7624] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop5 scanned by syz.5.353 (7624)
[  245.658806][ T7624] BTRFS info (device loop5): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  245.722188][ T7624] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm
[  245.764656][ T7624] BTRFS info (device loop5): enabling auto defrag
[  245.783687][ T7624] BTRFS info (device loop5): force clearing of disk cache
[  245.808097][ T7624] BTRFS info (device loop5): enabling disk space caching
[  245.827799][ T7624] BTRFS info (device loop5): max_inline at 0
[  245.849553][ T7624] BTRFS info (device loop5): disk space caching is enabled
[  245.925600][ T7624] BTRFS info (device loop5): enabling ssd optimizations
[  245.932925][ T7624] BTRFS info (device loop5): auto enabling async discard
[  245.946585][ T7624] BTRFS info (device loop5): rebuilding free space tree
[  246.028797][ T7624] BTRFS info (device loop5): disabling free space tree
[  246.036735][ T7624] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  246.046624][ T7624] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  246.488112][ T7652] loop3: detected capacity change from 0 to 128
[  246.567652][ T7652] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  246.591498][ T7228] BTRFS info (device loop5): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  246.607846][ T7652] ext4 filesystem being mounted at /90/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  246.953657][   T28] audit: type=1326 audit(1768141734.772:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7657 comm="syz.4.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0af78f749 code=0x7ffc0000
[  246.991777][ T5152] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  247.261124][   T28] audit: type=1326 audit(1768141734.792:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7657 comm="syz.4.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0af78f749 code=0x7ffc0000
[  247.750657][   T28] audit: type=1326 audit(1768141734.792:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7657 comm="syz.4.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fc0af78f749 code=0x7ffc0000
[  247.805014][   T28] audit: type=1326 audit(1768141734.792:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7657 comm="syz.4.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0af78f749 code=0x7ffc0000
[  247.828882][   T28] audit: type=1326 audit(1768141734.792:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7657 comm="syz.4.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0af78f749 code=0x7ffc0000
[  247.861439][ T5152] usb 2-1: Using ep0 maxpacket: 32
[  247.881156][   T28] audit: type=1326 audit(1768141734.872:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7657 comm="syz.4.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc0af78f749 code=0x7ffc0000
[  247.921570][ T5152] usb 2-1: config 0 has an invalid interface number: 85 but max is 0
[  247.929747][ T5152] usb 2-1: config 0 has no interface number 0
[  247.951629][ T5152] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  247.971468][   T28] audit: type=1326 audit(1768141734.872:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7657 comm="syz.4.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0af78f749 code=0x7ffc0000
[  248.001408][ T5152] usb 2-1: config 0 interface 85 has no altsetting 0
[  248.022169][ T5842] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  248.037574][ T5152] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  248.047079][ T5152] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  248.061733][   T28] audit: type=1326 audit(1768141734.872:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7657 comm="syz.4.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0af78f749 code=0x7ffc0000
[  248.091434][ T5152] usb 2-1: Product: syz
[  248.095687][ T5152] usb 2-1: Manufacturer: syz
[  248.100330][ T5152] usb 2-1: SerialNumber: syz
[  248.137670][ T5152] usb 2-1: config 0 descriptor??
[  248.142666][   T28] audit: type=1326 audit(1768141734.932:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7657 comm="syz.4.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fc0af78f749 code=0x7ffc0000
[  248.142720][   T28] audit: type=1326 audit(1768141734.942:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7657 comm="syz.4.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0af78f749 code=0x7ffc0000
[  248.198461][ T5842] usb 4-1: device descriptor read/64, error -71
[  248.621635][ T5842] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  249.104183][ T5152] appletouch 2-1:0.85: Geyser mode initialized.
[  249.114251][ T5152] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.85/input/input10
[  249.201694][ T5842] usb 4-1: device descriptor read/64, error -71
[  249.284756][ T5152] usb 2-1: USB disconnect, device number 10
[  249.323584][ T5152] appletouch 2-1:0.85: input: appletouch disconnected
[  249.333931][ T5842] usb usb4-port1: attempt power cycle
[  249.350698][ T7672] syzkaller0: entered promiscuous mode
[  249.356424][ T7672] syzkaller0: entered allmulticast mode
[  249.586961][ T5767] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  252.660177][ T7682] loop5: detected capacity change from 0 to 40427
[  252.700050][ T7682] F2FS-fs (loop5): build fault injection attr: rate: 0, type: 0x35f7
[  252.742293][ T7682] F2FS-fs (loop5): build fault injection attr: rate: 690, type: 0x7ffff
[  252.756086][ T7682] F2FS-fs (loop5): Image doesn't support compression
[  252.791289][ T7682] F2FS-fs (loop5): invalid crc value
[  252.803454][   T28] kauditd_printk_skb: 2 callbacks suppressed
[  252.803471][   T28] audit: type=1800 audit(1768141740.622:26): pid=7702 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.371" name="file1" dev="overlay" ino=333 res=0 errno=0
[  252.811003][ T7682] F2FS-fs (loop5): Found nat_bits in checkpoint
[  252.830090][    C1] vkms_vblank_simulate: vblank timer overrun
[  253.134470][ T7682] F2FS-fs (loop5): Start checkpoint disabled!
[  253.179797][ T7682] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  253.681124][ T7712] netlink: 4 bytes leftover after parsing attributes in process `syz.5.375'.
[  254.007372][ T7721] loop1: detected capacity change from 0 to 256
[  254.158025][ T7721] FAT-fs (loop1): Directory bread(block 64) failed
[  254.204242][ T7721] FAT-fs (loop1): Directory bread(block 65) failed
[  254.231439][ T7721] FAT-fs (loop1): Directory bread(block 66) failed
[  254.248821][ T7721] FAT-fs (loop1): Directory bread(block 67) failed
[  254.268775][ T7721] FAT-fs (loop1): Directory bread(block 68) failed
[  254.291632][ T7721] FAT-fs (loop1): Directory bread(block 69) failed
[  254.311518][ T7721] FAT-fs (loop1): Directory bread(block 70) failed
[  254.318122][ T7721] FAT-fs (loop1): Directory bread(block 71) failed
[  254.355501][ T7721] FAT-fs (loop1): Directory bread(block 72) failed
[  254.375704][ T7721] FAT-fs (loop1): Directory bread(block 73) failed
[  254.460693][ T7721] syz.1.377: attempt to access beyond end of device
[  254.460693][ T7721] loop1: rw=524288, sector=1736, nr_sectors = 32 limit=256
[  254.529499][ T7721] syz.1.377: attempt to access beyond end of device
[  254.529499][ T7721] loop1: rw=0, sector=1736, nr_sectors = 8 limit=256
[  254.637474][   T28] audit: type=1800 audit(1768141742.422:27): pid=7721 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.377" name="file0" dev="loop1" ino=1048603 res=0 errno=0
[  255.013844][ T7739] netlink: 72 bytes leftover after parsing attributes in process `syz.1.382'.
[  255.362137][ T7738] loop5: detected capacity change from 0 to 4096
[  256.104116][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  256.125317][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  256.420853][ T7751] syzkaller0: entered allmulticast mode
[  256.432999][ T7751] syzkaller0: entered promiscuous mode
[  256.459599][ T7738] EXT4-fs (loop5): Test dummy encryption mode enabled
[  256.480684][ T7751] syzkaller0 (unregistering): left allmulticast mode
[  256.490421][ T7738] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  256.498853][ T7751] syzkaller0 (unregistering): left promiscuous mode
[  256.510629][ T7738] System zones: 0-5
[  256.556792][ T7738] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  257.119919][ T7763] binder: 7762:7763 ioctl 400c620e 200000000580 returned -22
[  257.746951][ T7771] loop1: detected capacity change from 0 to 4096
[  257.822097][ T7773] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  257.890398][ T7771] NILFS error (device loop1): nilfs_check_page: bad entry in directory #2: disallowed inode number - offset=128, inode=5, rec_len=24, name_len=5
[  258.002390][ T7771] Remounting filesystem read-only
[  258.193598][ T5082] Bluetooth: hci3: command 0x0406 tx timeout
[  258.321038][ T7228] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  258.541426][ T5889] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  258.751555][ T5889] usb 2-1: Using ep0 maxpacket: 16
[  258.809236][ T5889] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  258.855095][ T5889] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  258.883817][ T5889] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  258.945018][ T5889] usb 2-1: Product: syz
[  258.958674][ T5889] usb 2-1: Manufacturer: syz
[  258.980169][ T5889] usb 2-1: SerialNumber: syz
[  259.009843][ T5889] usb 2-1: config 0 descriptor??
[  259.118994][ T5889] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  259.140683][ T5889] em28xx 2-1:0.0: DVB interface 0 found: bulk
[  259.765561][ T5889] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[  260.462838][ T5889] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  260.516096][ T5889] em28xx 2-1:0.0: board has no eeprom
[  261.011427][ T5889] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  261.028747][ T5889] em28xx 2-1:0.0: dvb set to bulk mode.
[  261.044098][    T9] em28xx 2-1:0.0: Binding DVB extension
[  261.957322][ T7803] em28xx 2-1:0.0: writing to i2c device at 0xfe00 failed (error=-5)
[  262.410354][    T9] em28xx 2-1:0.0: Registering input extension
[  262.522768][    T8] usb 2-1: USB disconnect, device number 11
[  262.529754][    T8] em28xx 2-1:0.0: Disconnecting em28xx
[  262.569494][    T8] em28xx 2-1:0.0: Closing input extension
[  262.655749][    T8] em28xx 2-1:0.0: Freeing device
[  262.679968][ T7819] loop1: detected capacity change from 0 to 512
[  263.254988][ T7819] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  263.461139][ T7819] ext4 filesystem being mounted at /104/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  263.646039][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  263.965262][ T7831] mmap: syz.1.411 (7831) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  264.466061][ T7825] loop3: detected capacity change from 0 to 32768
[  264.501889][ T7825] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 scanned by syz.3.409 (7825)
[  264.555812][ T7825] BTRFS info (device loop3): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  264.576603][ T7825] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  264.611504][ T7825] BTRFS info (device loop3): enabling auto defrag
[  264.677978][ T7825] BTRFS info (device loop3): force clearing of disk cache
[  264.698246][ T7825] BTRFS info (device loop3): enabling disk space caching
[  264.726399][ T7825] BTRFS info (device loop3): max_inline at 0
[  264.743605][ T7825] BTRFS info (device loop3): disk space caching is enabled
[  265.606852][ T7825] BTRFS info (device loop3): enabling ssd optimizations
[  265.653484][ T7825] BTRFS info (device loop3): auto enabling async discard
[  265.722907][ T7825] BTRFS info (device loop3): rebuilding free space tree
[  265.775985][ T7825] BTRFS info (device loop3): disabling free space tree
[  265.790271][ T7838] loop4: detected capacity change from 0 to 32768
[  265.811473][ T7825] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  265.841229][ T7825] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  265.895877][ T7838] (syz.4.414,7838,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  265.963386][ T7838] (syz.4.414,7838,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  266.063624][ T7838] JBD2: Ignoring recovery information on journal
[  266.111995][ T5889] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  266.200895][ T7838] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  266.219652][   T28] audit: type=1804 audit(1768141754.032:28): pid=7869 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.409" name="/newroot/107/file0/file1" dev="loop3" ino=260 res=1 errno=0
[  266.335510][ T5889] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  266.361400][ T5889] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  266.406021][ T5889] usb 2-1: config 0 descriptor??
[  266.418922][ T5889] cp210x 2-1:0.0: cp210x converter detected
[  266.437191][ T7873] loop5: detected capacity change from 0 to 64
[  266.462739][ T5767] BTRFS info (device loop3): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  266.705054][ T6326] ocfs2: Unmounting device (7,4) on (node local)
[  266.869199][ T7228] Trying to free block not in datazone
[  267.047237][ T5889] cp210x 2-1:0.0: failed to get vendor val 0x000e size 678: -71
[  267.061458][ T5889] cp210x 2-1:0.0: GPIO initialisation failed: -71
[  267.103772][ T5889] usb 2-1: cp210x converter now attached to ttyUSB0
[  267.171517][ T5889] usb 2-1: USB disconnect, device number 12
[  267.204268][ T5889] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  267.247721][ T5889] cp210x 2-1:0.0: device disconnected
[  267.259006][ T7879] netlink: 8 bytes leftover after parsing attributes in process `syz.4.422'.
[  267.564659][ T1196] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  268.653711][ T7886] lo speed is unknown, defaulting to 1000
[  268.662035][ T7886] lo speed is unknown, defaulting to 1000
[  268.676240][ T7886] lo speed is unknown, defaulting to 1000
[  268.689362][ T7886] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  268.711113][ T7886] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  268.947985][ T7886] lo speed is unknown, defaulting to 1000
[  268.955956][ T7886] lo speed is unknown, defaulting to 1000
[  268.964822][ T7886] lo speed is unknown, defaulting to 1000
[  268.973347][ T7886] lo speed is unknown, defaulting to 1000
[  268.980686][ T7886] lo speed is unknown, defaulting to 1000
[  269.299581][ T7892] loop1: detected capacity change from 0 to 164
[  269.838899][ T1196] usb 4-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  269.891497][ T1196] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  270.750011][ T1196] usb 4-1: config 0 descriptor??
[  271.029960][ T1196] usb 4-1: can't set config #0, error -71
[  271.046297][ T7896] lo speed is unknown, defaulting to 1000
[  271.115528][ T1196] usb 4-1: USB disconnect, device number 15
[  273.486302][ T7911] netlink: 4 bytes leftover after parsing attributes in process `syz.5.432'.
[  273.886068][ T7908] loop3: detected capacity change from 0 to 32768
[  273.916965][ T7908] (syz.3.431,7908,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  273.981648][ T7908] (syz.3.431,7908,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  274.028420][ T7908] JBD2: Ignoring recovery information on journal
[  274.173738][ T7908] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  274.313970][ T7909] loop4: detected capacity change from 0 to 32768
[  274.384149][ T7909] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop4 scanned by syz.4.430 (7909)
[  274.458728][ T7909] BTRFS info (device loop4): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  274.474732][ T7909] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  274.483677][ T7909] BTRFS info (device loop4): enabling auto defrag
[  274.490144][ T7909] BTRFS info (device loop4): force clearing of disk cache
[  274.498578][ T7909] BTRFS info (device loop4): enabling disk space caching
[  274.505813][ T7909] BTRFS info (device loop4): max_inline at 0
[  274.513905][ T7909] BTRFS info (device loop4): disk space caching is enabled
[  274.720703][ T7909] BTRFS info (device loop4): enabling ssd optimizations
[  274.766401][ T7909] BTRFS info (device loop4): auto enabling async discard
[  274.806502][ T7909] BTRFS info (device loop4): rebuilding free space tree
[  274.852366][ T7908] syz.3.431 (7908) used greatest stack depth: 17808 bytes left
[  274.853470][ T7909] BTRFS info (device loop4): disabling free space tree
[  274.896858][ T7909] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  274.920889][ T7909] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  274.953224][ T5767] ocfs2: Unmounting device (7,3) on (node local)
[  275.286280][   T28] audit: type=1804 audit(1768141763.102:29): pid=7937 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.430" name="/newroot/72/file0/file1" dev="loop4" ino=260 res=1 errno=0
[  275.469298][ T6326] BTRFS info (device loop4): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  276.041770][ T1196] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  276.279453][ T1196] usb 5-1: Using ep0 maxpacket: 16
[  276.309346][ T1196] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  276.379322][ T1196] usb 5-1: config 0 has no interfaces?
[  276.413680][ T1196] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  276.469687][ T1196] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  276.494763][ T1196] usb 5-1: Product: syz
[  276.523529][ T1196] usb 5-1: Manufacturer: syz
[  276.528202][ T1196] usb 5-1: SerialNumber: syz
[  276.585577][ T1196] usb 5-1: config 0 descriptor??
[  276.835608][ T5842] usb 5-1: USB disconnect, device number 5
[  277.036606][ T7953] 8021q: adding VLAN 0 to HW filter on device batadv1
[  277.072363][ T7953] team0: Port device batadv1 added
[  277.649080][ T7960] loop5: detected capacity change from 0 to 512
[  279.204563][ T7960] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  280.242238][ T7960] EXT4-fs (loop5): 1 truncate cleaned up
[  280.249317][ T7960] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  281.087276][ T7966] loop1: detected capacity change from 0 to 32768
[  281.120823][ T7966] (syz.1.442,7966,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  281.167599][ T7966] (syz.1.442,7966,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  281.286786][ T7228] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  281.322998][ T7966] JBD2: Ignoring recovery information on journal
[  281.410826][ T7966] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  281.458699][ T7966] 
[  281.461105][ T7966] ======================================================
[  281.468154][ T7966] WARNING: possible circular locking dependency detected
[  281.475219][ T7966] syzkaller #0 Not tainted
[  281.479840][ T7966] ------------------------------------------------------
[  281.486895][ T7966] syz.1.442/7966 is trying to acquire lock:
[  281.492814][ T7966] ffff88805901c2d8 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5){+.+.}-{3:3}, at: ocfs2_reserve_suballoc_bits+0x165/0x4360
[  281.506113][ T7966] 
[  281.506113][ T7966] but task is already holding lock:
[  281.513512][ T7966] ffff88805ef986f8 (&oi->ip_xattr_sem){++++}-{3:3}, at: ocfs2_xattr_set+0x410/0x11f0
[  281.523076][ T7966] 
[  281.523076][ T7966] which lock already depends on the new lock.
[  281.523076][ T7966] 
[  281.533517][ T7966] 
[  281.533517][ T7966] the existing dependency chain (in reverse order) is:
[  281.542578][ T7966] 
[  281.542578][ T7966] -> #5 (&oi->ip_xattr_sem){++++}-{3:3}:
[  281.550584][ T7966]        down_read+0x46/0x2e0
[  281.555309][ T7966]        ocfs2_init_acl+0x2fa/0x720
[  281.560563][ T7966]        ocfs2_mknod+0x12e5/0x20f0
[  281.565733][ T7966]        ocfs2_create+0x196/0x410
[  281.570807][ T7966]        path_openat+0x1277/0x3190
[  281.576015][ T7966]        do_filp_open+0x1c5/0x3d0
[  281.581092][ T7966]        do_sys_openat2+0x12c/0x1c0
[  281.586345][ T7966]        __x64_sys_openat+0x139/0x160
[  281.591773][ T7966]        do_syscall_64+0x55/0xb0
[  281.596780][ T7966]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  281.603241][ T7966] 
[  281.603241][ T7966] -> #4 (jbd2_handle){++++}-{0:0}:
[  281.610593][ T7966]        start_this_handle+0x1e9d/0x20c0
[  281.616298][ T7966]        jbd2__journal_start+0x2bb/0x5b0
[  281.621982][ T7966]        jbd2_journal_start+0x2a/0x40
[  281.627399][ T7966]        ocfs2_start_trans+0x376/0x6c0
[  281.630672][ T7987] vhci_hcd vhci_hcd.0: pdev(4) rhport(2) sockfd(17)
[  281.632891][ T7966]        ocfs2_fileattr_set+0x302/0x7d0
[  281.639492][ T7987] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  281.645051][ T7966]        vfs_fileattr_set+0x846/0xaf0
[  281.657950][ T7966]        do_vfs_ioctl+0x135a/0x1bb0
[  281.663199][ T7966]        __se_sys_ioctl+0x83/0x170
[  281.668350][ T7966]        do_syscall_64+0x55/0xb0
[  281.673326][ T7966]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  281.679786][ T7966] 
[  281.679786][ T7966] -> #3 (&journal->j_trans_barrier){.+.+}-{3:3}:
[  281.688350][ T7966]        down_read+0x46/0x2e0
[  281.693069][ T7966]        ocfs2_start_trans+0x36a/0x6c0
[  281.698585][ T7966]        ocfs2_fileattr_set+0x302/0x7d0
[  281.704183][ T7966]        vfs_fileattr_set+0x846/0xaf0
[  281.709598][ T7966]        do_vfs_ioctl+0x135a/0x1bb0
[  281.714843][ T7966]        __se_sys_ioctl+0x83/0x170
[  281.719997][ T7966]        do_syscall_64+0x55/0xb0
[  281.724974][ T7966]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  281.731431][ T7966] 
[  281.731431][ T7966] -> #2 (sb_internal#3){.+.+}-{0:0}:
[  281.738975][ T7966]        ocfs2_start_trans+0x26b/0x6c0
[  281.744486][ T7966]        ocfs2_mknod+0xe47/0x20f0
[  281.749562][ T7966]        ocfs2_create+0x196/0x410
[  281.754807][ T7966]        path_openat+0x1277/0x3190
[  281.756339][ T7987] vhci_hcd vhci_hcd.0: Device attached
[  281.759956][ T7966]        do_filp_open+0x1c5/0x3d0
[  281.759987][ T7966]        do_sys_openat2+0x12c/0x1c0
[  281.775735][ T7966]        __x64_sys_openat+0x139/0x160
[  281.781159][ T7966]        do_syscall_64+0x55/0xb0
[  281.786131][ T7966]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  281.792592][ T7966] 
[  281.792592][ T7966] -> #1 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#6){+.+.}-{3:3}:
[  281.803168][ T7966]        down_write+0x97/0x1f0
[  281.807979][ T7966]        ocfs2_reserve_local_alloc_bits+0x126/0x24b0
[  281.814700][ T7966]        ocfs2_reserve_clusters_with_limit+0x1bf/0xba0
[  281.815054][ T7987] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(19)
[  281.821589][ T7966]        ocfs2_mknod+0xdee/0x20f0
[  281.828202][ T7987] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  281.833240][ T7966]        ocfs2_create+0x196/0x410
[  281.843296][ T7983] vhci_hcd vhci_hcd.0: pdev(4) rhport(1) sockfd(14)
[  281.845906][ T7966]        path_openat+0x1277/0x3190
[  281.852505][ T7983] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  281.857646][ T7966]        do_filp_open+0x1c5/0x3d0
[  281.870313][ T7966]        do_sys_openat2+0x12c/0x1c0
[  281.875563][ T7966]        __x64_sys_openat+0x139/0x160
[  281.880987][ T7966]        do_syscall_64+0x55/0xb0
[  281.885968][ T7966]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  281.892447][ T7966] 
[  281.892447][ T7966] -> #0 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5){+.+.}-{3:3}:
[  281.903054][ T7966]        __lock_acquire+0x2ddb/0x7c80
[  281.908473][ T7966]        lock_acquire+0x197/0x410
[  281.913556][ T7966]        down_write+0x97/0x1f0
[  281.918366][ T7966]        ocfs2_reserve_suballoc_bits+0x165/0x4360
[  281.924834][ T7966]        ocfs2_reserve_new_metadata_blocks+0x404/0x940
[  281.931738][ T7966]        ocfs2_init_xattr_set_ctxt+0x2f8/0x6e0
[  281.937947][ T7966]        ocfs2_xattr_set+0xb6d/0x11f0
[  281.939125][ T7983] vhci_hcd vhci_hcd.0: Device attached
[  281.943345][ T7966]        ocfs2_set_acl+0x4e1/0x590
[  281.943377][ T7966]        ocfs2_iop_set_acl+0x1ab/0x2a0
[  281.943404][ T7966]        vfs_set_acl+0x803/0xa60
[  281.943431][ T7966]        do_set_acl+0xf5/0x180
[  281.943456][ T7966]        path_setxattr+0x39f/0x550
[  281.954062][ T7987] vhci_hcd vhci_hcd.0: Device attached
[  281.959514][ T7966]        __x64_sys_setxattr+0xbb/0xd0
[  281.959542][ T7966]        do_syscall_64+0x55/0xb0
[  281.989755][ T7983] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  281.990170][ T7966]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  282.004743][ T7966] 
[  282.004743][ T7966] other info that might help us debug this:
[  282.004743][ T7966] 
[  282.015010][ T7966] Chain exists of:
[  282.015010][ T7966]   &ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5 --> jbd2_handle --> &oi->ip_xattr_sem
[  282.015010][ T7966] 
[  282.030804][ T7966]  Possible unsafe locking scenario:
[  282.030804][ T7966] 
[  282.031691][  T786] usb 41-3: new low-speed USB device number 2 using vhci_hcd
[  282.038260][ T7966]        CPU0                    CPU1
[  282.038266][ T7966]        ----                    ----
[  282.038272][ T7966]   lock(&oi->ip_xattr_sem);
[  282.038290][ T7966]                                lock(jbd2_handle);
[  282.066538][ T7983] vhci_hcd vhci_hcd.0: pdev(4) rhport(4) sockfd(21)
[  282.067674][ T7966]                                lock(&oi->ip_xattr_sem
[  282.074273][ T7983] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  282.088702][ T7966] );
[  282.091231][ T7966]   lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5);
[  282.092358][ T7983] vhci_hcd vhci_hcd.0: Device attached
[  282.098547][ T7966] 
[  282.098547][ T7966]  *** DEADLOCK ***
[  282.098547][ T7966] 
[  282.098555][ T7966] 3 locks held by syz.1.442/7966:
[  282.098567][ T7966]  #0: ffff888053432418 (sb_writers#21
[  282.107584][ T7987] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  282.112207][ T7966] ){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[  282.112250][ T7966]  #1: ffff88805ef989d8 (&type->i_mutex_dir_key#13){+.+.}-{3:3}, at: vfs_set_acl+0x37a/0xa60
[  282.112314][ T7966]  #2: ffff88805ef986f8 (&oi->ip_xattr_sem){++++}-{3:3}, at: ocfs2_xattr_set+0x410/0x11f0
[  282.112370][ T7966] 
[  282.112370][ T7966] stack backtrace:
[  282.112403][ T7966] CPU: 1 PID: 7966 Comm: syz.1.442 Not tainted syzkaller #0
[  282.112422][ T7966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  282.112443][ T7966] Call Trace:
[  282.112464][ T7966]  <TASK>
[  282.112480][ T7966]  dump_stack_lvl+0x16c/0x230
[  282.112515][ T7966]  ? load_image+0x3b0/0x3b0
[  282.112542][ T7966]  ? show_regs_print_info+0x20/0x20
[  282.112580][ T7966]  ? print_circular_bug+0x12b/0x1a0
[  282.112607][ T7966]  check_noncircular+0x2bd/0x3c0
[  282.112632][ T7966]  ? look_up_lock_class+0x75/0x140
[  282.112659][ T7966]  ? print_deadlock_bug+0x5d0/0x5d0
[  282.112682][ T7966]  ? lockdep_lock+0xe0/0x220
[  282.112708][ T7966]  ? _find_first_zero_bit+0xd3/0x100
[  282.112743][ T7966]  __lock_acquire+0x2ddb/0x7c80
[  282.112777][ T7966]  ? ocfs2_get_system_file_inode+0x1e3/0x7b0
[  282.112801][ T7966]  ? __lock_acquire+0x7c80/0x7c80
[  282.112823][ T7966]  ? verify_lock_unused+0x140/0x140
[  282.112851][ T7966]  ? __mutex_unlock_slowpath+0x1a2/0x6a0
[  282.112872][ T7966]  ? do_raw_spin_lock+0x121/0x2c0
[  282.112897][ T7966]  ? mutex_unlock+0x10/0x10
[  282.247584][ T7983] vhci_hcd vhci_hcd.0: pdev(4) rhport(1) sockfd(28)
[  282.248092][ T7966]  lock_acquire+0x197/0x410
[  282.253297][ T7983] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  282.258934][ T7966]  ? ocfs2_reserve_suballoc_bits+0x165/0x4360
[  282.267533][ T7993] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  282.268472][ T7966]  ? ocfs2_get_system_file_inode+0x1f1/0x7b0
[  282.307473][ T7966]  ? __might_sleep+0xe0/0xe0
[  282.312130][ T7966]  ? read_lock_is_recursive+0x20/0x20
[  282.317568][ T7966]  ? ocfs2_fast_symlink_read_folio+0x530/0x530
[  282.323778][ T7966]  ? check_noncircular+0x175/0x3c0
[  282.328950][ T7966]  ? verify_lock_unused+0x140/0x140
[  282.329408][ T7983] vhci_hcd vhci_hcd.0: Device attached
[  282.334187][ T7966]  down_write+0x97/0x1f0
[  282.334222][ T7966]  ? ocfs2_reserve_suballoc_bits+0x165/0x4360
[  282.334255][ T7966]  ? down_read_killable+0x340/0x340
[  282.334281][ T7966]  ocfs2_reserve_suballoc_bits+0x165/0x4360
[  282.334317][ T7966]  ? mark_lock+0x94/0x320
[  282.365623][ T7966]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  282.371650][ T7966]  ? lock_chain_count+0x20/0x20
[  282.376541][ T7966]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  282.382513][ T7966]  ? ocfs2_block_group_search+0x470/0x470
[  282.388288][ T7966]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  282.394228][ T7966]  ? _raw_spin_unlock+0x40/0x40
[  282.399121][ T7966]  ? stack_trace_save+0x9c/0xe0
[  282.404013][ T7966]  ? stack_trace_snprint+0xf0/0xf0
[  282.409168][ T7966]  ? __stack_depot_save+0x560/0x630
[  282.414419][ T7966]  ? kasan_set_track+0x5f/0x70
[  282.419226][ T7966]  ? kasan_set_track+0x4e/0x70
[  282.424035][ T7966]  ? __kasan_kmalloc+0x8f/0xa0
[  282.428841][ T7966]  ? ocfs2_reserve_new_metadata_blocks+0x114/0x940
[  282.435418][ T7966]  ? ocfs2_init_xattr_set_ctxt+0x2f8/0x6e0
[  282.441284][ T7966]  ? ocfs2_xattr_set+0xb6d/0x11f0
[  282.446354][ T7966]  ? ocfs2_set_acl+0x4e1/0x590
[  282.451172][ T7966]  ? ocfs2_iop_set_acl+0x1ab/0x2a0
[  282.456344][ T7966]  ? vfs_set_acl+0x803/0xa60
[  282.461000][ T7966]  ? do_set_acl+0xf5/0x180
[  282.465509][ T7966]  ? path_setxattr+0x39f/0x550
[  282.470348][ T7966]  ? __x64_sys_setxattr+0xbb/0xd0
[  282.475425][ T7966]  ? do_syscall_64+0x55/0xb0
[  282.480067][ T7966]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  282.486217][ T7966]  ocfs2_reserve_new_metadata_blocks+0x404/0x940
[  282.492607][ T7966]  ? ocfs2_init_steal_slots+0x160/0x160
[  282.498205][ T7966]  ? ocfs2_xattr_block_set+0x2b40/0x2b40
[  282.503891][ T7966]  ocfs2_init_xattr_set_ctxt+0x2f8/0x6e0
[  282.509583][ T7966]  ? ocfs2_xattr_set+0xb33/0x11f0
[  282.512082][ T7991] vhci_hcd: connection closed
[  282.514641][ T7966]  ? ocfs2_prepare_refcount_xattr+0xf20/0xf20
[  282.514674][ T7966]  ? ocfs2_truncate_log_needs_flush+0x135/0x2e0
[  282.525669][ T7988] vhci_hcd: connection reset by peer
[  282.531693][ T7966]  ? ocfs2_remove_btree_range+0x1480/0x1480
[  282.531723][ T7966]  ? down_write+0x162/0x1f0
[  282.531744][ T7966]  ? down_read_killable+0x340/0x340
[  282.531767][ T7966]  ? up_write+0x1c3/0x410
[  282.549970][ T7984] vhci_hcd: connection closed
[  282.552778][ T7966]  ocfs2_xattr_set+0xb6d/0x11f0
[  282.552823][ T7966]  ? __ocfs2_xattr_set_handle+0xf10/0xf10
[  282.560622][   T11] vhci_hcd: stop threads
[  282.561857][ T7966]  ? __kasan_kmalloc+0x8f/0xa0
[  282.561885][ T7966]  ? ocfs2_set_acl+0x11e/0x590
[  282.561914][ T7966]  ? ocfs2_iop_set_acl+0x1ab/0x2a0
[  282.566788][   T11] vhci_hcd: release socket
[  282.572535][ T7966]  ? vfs_set_acl+0x803/0xa60
[  282.572574][ T7966]  ? path_setxattr+0x39f/0x550
[  282.572601][ T7966]  ? do_syscall_64+0x55/0xb0
[  282.572653][ T7966]  ? ocfs2_set_acl+0x11e/0x590
[  282.593301][ T7994] vhci_hcd: connection closed
[  282.596026][ T7966]  ? rcu_is_watching+0x15/0xb0
[  282.624488][ T7966]  ? ocfs2_set_acl+0x11e/0x590
[  282.627609][   T11] vhci_hcd: disconnect device
[  282.629293][ T7966]  ? __kmalloc+0xe2/0x240
[  282.629327][ T7966]  ? ocfs2_inode_lock_atime+0x4e0/0x4e0
[  282.643965][ T7966]  ocfs2_set_acl+0x4e1/0x590
[  282.646236][   T11] vhci_hcd: stop threads
[  282.648602][ T7966]  ocfs2_iop_set_acl+0x1ab/0x2a0
[  282.657882][ T7966]  ? ocfs2_xattr_get+0x220/0x220
[  282.662888][ T7966]  ? evm_inode_set_acl+0xbb/0x410
[  282.667982][ T7966]  ? down_read_killable+0x340/0x340
[  282.672748][   T11] vhci_hcd: release socket
[  282.673226][ T7966]  ? evm_revalidate_status+0x4f/0xb0
[  282.683012][ T7966]  ? posix_acl_valid+0x352/0x3d0
[  282.688013][ T7966]  vfs_set_acl+0x803/0xa60
[  282.692504][ T7966]  do_set_acl+0xf5/0x180
[  282.693737][   T11] vhci_hcd: disconnect device
[  282.696789][ T7966]  path_setxattr+0x39f/0x550
[  282.706133][ T7966]  ? simple_xattrs_free+0x150/0x150
[  282.711394][ T7966]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  282.717416][ T7966]  ? lock_chain_count+0x20/0x20
[  282.719785][   T11] vhci_hcd: stop threads
[  282.722295][ T7966]  __x64_sys_setxattr+0xbb/0xd0
[  282.722326][ T7966]  do_syscall_64+0x55/0xb0
[  282.722346][ T7966]  ? clear_bhb_loop+0x40/0x90
[  282.722370][ T7966]  ? clear_bhb_loop+0x40/0x90
[  282.745435][ T7966]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  282.751386][ T7966] RIP: 0033:0x7f4ae558f749
[  282.753731][   T11] vhci_hcd: release socket
[  282.755909][ T7966] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  282.755939][ T7966] RSP: 002b:00007f4ae637b038 EFLAGS: 00000246
[  282.770101][ T7997] vhci_hcd: connection closed
[  282.779966][ T7966]  ORIG_RAX: 00000000000000bc
[  282.779979][ T7966] RAX: ffffffffffffffda RBX: 00007f4ae57e5fa0 RCX: 00007f4ae558f749
[  282.779994][ T7966] RDX: 0000200000000140 RSI: 0000200000002a40 RDI: 0000200000002a00
[  282.780008][ T7966] RBP: 00007f4ae5613f91 R08: 0000000000000000 R09: 0000000000000000
[  282.780020][ T7966] R10: 0000000000000024 R11: 0000000000000246 R12: 0000000000000000
[  282.780031][ T7966] R13: 00007f4ae57e6038 R14: 00007f4ae57e5fa0 R15: 00007ffd99fa6e58
[  282.780056][ T7966]  </TASK>
[  282.811784][   T11] vhci_hcd: disconnect device
[  282.850620][ T7976] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(11)
[  282.857274][ T7976] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  282.859303][   T11] vhci_hcd: stop threads
[  282.868970][ T7976] vhci_hcd vhci_hcd.0: Device attached
[  282.869267][ T7990] vhci_hcd vhci_hcd.0: pdev(4) rhport(7) sockfd(3)
[  282.875713][ T7977] vhci_hcd: connection closed
[  282.881090][ T7990] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  282.881388][ T5152] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  282.888005][ T7979] vhci_hcd vhci_hcd.0: port 0 already used
[  282.895147][ T7990] vhci_hcd vhci_hcd.0: Device attached
[  282.914729][   T11] vhci_hcd: release socket
[  282.919649][   T11] vhci_hcd: disconnect device
[  282.925354][   T11] vhci_hcd: stop threads
[  282.930100][   T11] vhci_hcd: release socket
[  282.935339][   T11] vhci_hcd: disconnect device
[  282.945976][   T11] vhci_hcd: stop threads
[  282.958292][   T11] vhci_hcd: release socket
[  282.967562][   T11] vhci_hcd: disconnect device
[  282.992377][ T5769] ocfs2: Unmounting device (7,1) on (node local)
[  283.101407][ T5152] usb 4-1: Using ep0 maxpacket: 32
[  283.110292][ T5152] usb 4-1: unable to get BOS descriptor or descriptor too short
[  283.124469][ T5152] usb 4-1: config 3 has an invalid interface number: 167 but max is 0
[  283.134803][ T5152] usb 4-1: config 3 has no interface number 0
[  283.147747][ T5152] usb 4-1: config 3 interface 167 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[  283.178205][ T5152] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=91.5e
[  283.190528][ T5152] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  283.208131][ T5152] usb 4-1: Product: syz
[  283.217001][ T5152] usb 4-1: Manufacturer: syz
[  283.226478][ T5152] usb 4-1: SerialNumber: syz
[  283.415029][ T7999] vhci_hcd: connection closed
[  283.415343][ T7453] vhci_hcd: stop threads
[  283.424917][ T7453] vhci_hcd: release socket
[  283.437675][ T7453] vhci_hcd: disconnect device
[  283.467540][ T5152] usb 4-1: USB disconnect, device number 16
[  287.241490][  T786] vhci_hcd: vhci_device speed not set
[  288.593522][ T5841] usb usb42-port1: attempt power cycle
[  289.233035][ T5841] usb usb42-port1: unable to enumerate USB device