last executing test programs:

2m58.195336157s ago: executing program 0 (id=86):
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000000)={0x84c2, 0x2, 0x9, 0xd, 0x602, 0x7be})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x8000)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000000), 0xd)

2m57.897089964s ago: executing program 0 (id=87):
socket$key(0xf, 0x3, 0x2)
openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0xad82, 0x0)
r0 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xe825, 0x3400, 0x1, 0x3c3}, &(0x7f0000000dc0)=<r1=>0x0, &(0x7f00000001c0)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r0, 0x847ba, 0x0, 0xe, 0x0, 0x0)

2m56.57733437s ago: executing program 0 (id=99):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000339000/0x1000)=nil, 0x800000})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)

2m56.260172768s ago: executing program 0 (id=103):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000003c0)='./bus\x00', 0xe, &(0x7f0000000240)={[{@resuid}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1df}}, {@stripe}, {@noblock_validity}]}, 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==")
syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000100)='./bus\x00', 0x2129c1b, 0x0, 0x4, 0x0, &(0x7f0000000100))
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c})
chdir(&(0x7f0000000140)='./file0\x00')
symlink(&(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000800)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
creat(&(0x7f0000005880)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x141)

2m55.669998816s ago: executing program 0 (id=111):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv4_newrule={0x24, 0x20, 0x301, 0x20, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000a}, [@FRA_FLOW={0x8, 0xb, 0x8}]}, 0x69}}, 0x4800)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="2800000021000100"], 0x28}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r1 = socket(0x10, 0x3, 0x0)
sendmmsg(r1, &(0x7f0000000000), 0x4000000000001f2, 0x0)

2m55.019927486s ago: executing program 0 (id=117):
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
writev(r0, &(0x7f0000000380)=[{&(0x7f0000000340)="7ae0c6d4ea38398e", 0x8}], 0x1)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], 0x0, 0x0, 0x1}}, 0x40)

2m54.502768538s ago: executing program 32 (id=117):
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
writev(r0, &(0x7f0000000380)=[{&(0x7f0000000340)="7ae0c6d4ea38398e", 0x8}], 0x1)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], 0x0, 0x0, 0x1}}, 0x40)

2m43.685237047s ago: executing program 2 (id=185):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x8080000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYBLOB="01000000000000002100004000000000ff"])
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2m43.379803468s ago: executing program 2 (id=189):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000280)="0f070f0010c4c17d5f1248b8ca178e1e60e035370f23d80f21f835400000700f23f826430f22e366b88f000f00d83ef346a4b805000000b9000000000f01c1b8010000000f01d944d0e0", 0x4a}], 0x1, 0x1, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2m43.064218092s ago: executing program 2 (id=192):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd7000fcdbdf250200000008000100", @ANYRES32=r3], 0x1c}}, 0x0)
writev(r0, &(0x7f0000000640)=[{&(0x7f0000000300)="7f6a1801597e95e4245ec8142d67481555104744cb9232db3f9d54", 0x1b}], 0x1)

2m42.025302973s ago: executing program 2 (id=198):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000002340), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x44000, 0x0)

2m41.029017656s ago: executing program 2 (id=207):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f00000000c0)='./file0\x00')
r0 = open(&(0x7f00000003c0)='.\x00', 0x100, 0x97)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x5385000)
getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8)

2m40.544033736s ago: executing program 2 (id=209):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'chacha20\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000480)="b19ccccf84f531d9ec214627c11430c1", 0x20)
r1 = accept$alg(r0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f00000009c0)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000}], 0x1, 0x24000040)
recvmmsg(r1, &(0x7f0000005cc0)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000380)=""/102, 0x66}], 0x1}, 0xb}], 0x1, 0x2120, 0x0)

2m39.978768252s ago: executing program 33 (id=209):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'chacha20\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000480)="b19ccccf84f531d9ec214627c11430c1", 0x20)
r1 = accept$alg(r0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f00000009c0)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000}], 0x1, 0x24000040)
recvmmsg(r1, &(0x7f0000005cc0)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000380)=""/102, 0x66}], 0x1}, 0xb}], 0x1, 0x2120, 0x0)

2m30.317464125s ago: executing program 4 (id=253):
modify_ldt$write2(0x11, &(0x7f0000000240)={0x0, 0x0, 0x400, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x40000}, 0x18)
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$setregs(0xd, r0, 0x20000000002, &(0x7f0000000040))
ptrace$cont(0x21, r0, 0x80000001, 0x4)

2m29.677721513s ago: executing program 4 (id=256):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000300)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x20, 0x0, &(0x7f0000000000)=[@request_death={0x400c630e, 0x0, 0x200000000000000}, @clear_death={0x400c630e}], 0xfc, 0x1000000, 0x0})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

2m28.951714063s ago: executing program 4 (id=259):
r0 = add_key$user(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000180)="8e", 0x1, 0xffffffffffffffff)
pipe2$watch_queue(&(0x7f0000000240)={<r1=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r0, r1, 0x0)
pipe2$watch_queue(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r0, r2, 0x17)
keyctl$KEYCTL_WATCH_KEY(0x20, r0, r1, 0x5)

2m28.543376887s ago: executing program 4 (id=260):
syz_mount_image$vfat(&(0x7f0000001800), &(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x18, &(0x7f0000000180)=ANY=[@ANYBLOB="00631dda01aef2456795dd9b2620df1c0f624854ea3dd5a00bd6df44035f5c3ae796fec6d633a0ffad0569794acfef7da01767fd4175f2cd82df769aa2ee7bfe3640554507d2e660c9f9e222a72e1e3e71145c480657d2864e5e276f028d64701ae31cde0ceaf408fdb05c0f4142da00e900000100000149e6d308cbe315789f4baffe39bbced9b1d421d2e290e9fc561a62225f002ee310e1fa7321000000000000d6231001a4b2d467825f3abb0c167e129cf1fa0e7854103f4bf2d3a0194983bc86cbd3d75ccef3c8ac4516dac102"], 0x4, 0x26d, &(0x7f00000005c0)="$eJzs281OE18Yx/EfL/8/CMJUURSM8YludDOBegUNgcTYRIPU+JKYDDLVpkNLOg2mxgg7t14HcenOxHgDbLwCF+7YuGRhHMNMLS2UqAuZaL+fzXnI4deck+dMcxadnXuvV8vF0C16dfX3mQalTe1KGfVrQIm+5tgf1/+r3aauTeQ/Xbxz/8HNXD4/v2i2kFu6njWz8Uvvn714c/lDffTu2/F3Q9rOPNr5kv28Pbk9tfNt6WkptFJolWrdPFuuVuvecuDbSiksu2a3A98LfStVQr/WMV8MqmtrDfMqK2MjazU/DM2rNKzsN6xetXqtYd4Tr1Qx13VtbET4mcLW4qKXS3sV+LNqtZw3J2n60ExhK5UFAQCAVHH/72Xc/3vB3v3/YfP57cT9HwAAAAAAAAAAAAAAAAAAAACAv8FuFDlRFDk/xv+k+A2fqPn3CUkjkkYlnZQ0JmlckiMpI+mUpNOSJiSdkXRW0qSkc5LOS5pq+6y094rDjur/AP3vCTz/vY3+97a2F3eHpdVX64X1QjIm87miSgrka0aOvsa9bErqhRv5+RmLZXRhdaOZ31gvDHTmZ+XsHZhu+dkkb535ofjctfJZOXsHrFs+2zU/rKtX2vKuHH18rKoCrcRncj//ctZs7lb+QH46/r9/nWstXfvnukfNJ/lfOB/RTNf+DGp6MN29Qwobz8teEPg1CgoKilaR9jcTjsN+09NeCQAAAAAAAAAAAAAAAADgdxzHzwnT3iMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAd9DwAA//+TC2AL")
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10)
syz_clone(0x1144280, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0)
r1 = creat(&(0x7f0000000040)='./file7\x00', 0x1a2)
fallocate(r1, 0x0, 0x9, 0x2000406)

2m27.308493987s ago: executing program 4 (id=264):
socket(0x10, 0x3, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0x21}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r1}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0xffff, 0x0, 0x0, 0x100}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_FWD_MASK={0x6, 0x9, 0x5}]}}}]}, 0x3c}}, 0x4048000)

2m26.466111501s ago: executing program 4 (id=267):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff})
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@multicast1, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x4f}}, {{@in6=@ipv4={'\x00', '\xff\xff', @empty}, 0x404d3, 0x2b}, 0x0, @in=@empty}}, 0xe8)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=@updpolicy={0xb8, 0x15, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x4e21, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8}, {0x0, 0xb}}}, 0xb8}}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

2m25.793260853s ago: executing program 34 (id=267):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff})
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@multicast1, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x4f}}, {{@in6=@ipv4={'\x00', '\xff\xff', @empty}, 0x404d3, 0x2b}, 0x0, @in=@empty}}, 0xe8)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=@updpolicy={0xb8, 0x15, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x4e21, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8}, {0x0, 0xb}}}, 0xb8}}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

2m14.327410132s ago: executing program 6 (id=327):
r0 = socket$netlink(0x10, 0x3, 0xa)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0x5, &(0x7f0000000000)=0x2, 0x4)
r1 = dup(r0)
r2 = open(&(0x7f0000000140)='./file1\x00', 0x109cc2, 0x5c)
ftruncate(r2, 0x200004)
sendfile(r1, r2, 0x0, 0x80001d00c0d1)

2m14.204318597s ago: executing program 6 (id=329):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x13, r0, 0x0)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd86)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
mq_timedreceive(r1, 0x0, 0x0, 0x7f, 0x0)

2m13.193367946s ago: executing program 6 (id=339):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7"], 0x0, 0x3, 0x0, 0x0, 0x41000}, 0x94)
ptrace(0x10, r0)
ptrace$setregs(0xd, r0, 0xfffffffffffffffc, &(0x7f00000003c0))
ptrace$getregset(0x4205, r0, 0x2, &(0x7f0000000080)={&(0x7f0000000000)=""/120, 0x78})
ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000740)={0x0})

2m12.845791814s ago: executing program 6 (id=342):
syz_mount_image$minix(&(0x7f00000000c0), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0032006c00ae1ecebf96fccb8a69f4a8ea113bda4a1e87a726a9dcf01d4bf4543b835eb2b9e6066dc6b060d90b6ca4385a4244aa53e0a0acaebd0c1dd5d380385e85b29008b29f2fb4a93ebe5ace1c105e684d1fd61659e8decea319f675e039904905a8130e2f3c8d5c7a22b4487a331c727612ff1ddd6aabd0e4ab29212632a15e835fac77a7c827"], 0x1, 0x174, &(0x7f0000000240)="$eJzs281uElEYgOFvAH/iysSdcWfV+lMGCpou9VKadmwap2qsmzYu9Aq8Bq/M3oALb0BMR8BEGCaRyAnyPKsvvEzmsDjM2UwAm6vzPLLIYutyvnP95udbWeoVASsySnz/HyMgnfZF6hUAaXx7EXEREV+/fziI9tbM8/myf5z01r3Z/inidmfcs/vx4I8++hLVZ7/69tzrb0z7w7l9++7k/o/icTyJnehGHr3oj/vh9PrhkqcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZVFt2mvvALrXh5XBa92n6l6v3afrXquw19UNuvVb178KY8XLRMYI7Wkvu/3bD/Ow37H0jn9Oz81X5ZFu8MBoNhOqT+ZwL+tfz9ydv89Ox85/hk/6g4Kl4P+8Nne4PB3tNeXp3s88Xne2B9/X7op14JAAAAAAAAAPC3dqP+3RoAAOD/sorXiVL/RgAAAAAAAAAAAAAAWHc/AwAA//8c7qwa")
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x1c, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]})
unlink(&(0x7f0000000080)='./file1\x00')

2m12.168057432s ago: executing program 6 (id=346):
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xd0, &(0x7f0000000000)=0x46, 0x4)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000000), 0xd)

2m11.471556161s ago: executing program 6 (id=347):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000006c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0xa, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000700)='rcu_utilization\x00', r0, 0x0, 0xffffffffffffffff}, 0x18)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

2m10.934422288s ago: executing program 35 (id=347):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000006c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0xa, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000700)='rcu_utilization\x00', r0, 0x0, 0xffffffffffffffff}, 0x18)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

39.622430372s ago: executing program 8 (id=962):
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000300), 0x40100001, 0x189002)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r2=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000002c0)={r2, <r3=>0x0, <r4=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000580)={0x0, 0x0, r3, r4, 0x3, 0x2, 0x3, 0x804, {0xac7a, 0x1, 0x7, 0x7d, 0xf4b, 0x1, 0x2, 0x5, 0x4132, 0x3f, 0x3000, 0x3, 0x3, 0xfffffffc, "fe1d00003413000000000020b42717e47f00000000000000000000ffff00"}})

39.498696091s ago: executing program 8 (id=963):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0xcf, 0x8b, 0xed, 0x20, 0xfd9, 0x25, 0x2940, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xca, 0xfb, 0x1a}}]}}]}}, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x44, &(0x7f0000000000)={0x20, 0x1, 0x1, "ce"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)

36.912011736s ago: executing program 8 (id=977):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000001100)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000001180)=""/4096, 0x1000}], 0x1}, 0x0)

36.795055566s ago: executing program 8 (id=979):
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000040)='./file1\x00', 0x8042, &(0x7f00000000c0)=ANY=[], 0x9, 0x68b, &(0x7f0000001100)="$eJzs3U1sHGf9B/DvbnbX3vz/Sp02SQOqRNRIBRGROLGSYi4NCKFIVKgqB8TRSpzGyiatHBc5EYLwfuDCoXeKRG5cQOIeVM7AqVcfKyFx6SmAxKKZnbXXL7F3ndhri88nmp3nmedlnuc3Mzu7s4oc4H/WtXNpPE4t1869uVzkVx7NdFYezdzpp5NMJKknjd4qtbtJ7aPkanpLPlNsrLqrPW0/HyzMvv3xpyuf9HKNainr17drt8mV+hYbH1ZLziQ5Uq2fwbr+rm/orzVyd7XVGRYBO9sPHIxbM0l3ne+eWivZ0fDXLXBg1Xr3zU0X9FRyNMlk9Tmgd1fs3bMPtYfjHgAAAADsgxd+WX6FPzbucQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBhUv39/1q11PvpM6n1//5/q9qWKn2oPR73AAAAAAAAAABgdN/8/w0bPvckT7KcY/18t1b+5v9qmTlRvv5f3s+9zGcx57OcuSxlKYu5mGSqLG+Wr63luaWlxYtDtLy02jIDLS8NOYP27icPAAAAAAAAAIdFY/QmP861td//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgIKglR3qrcjnRT0+l3kgymaRV1HuY/LWfPpB+/afBXPff3dKmao/3c0wAAAAwJi88yZMs51g/362V3/lPld/7J/N+7mYpC1lKJ/O5UT4L6H3rr688mumsPJq5Uyyb+/3qP0YaRtljes8ett7z6bJGOzezUG45n+t5N53cSL1sWTjdH8/W4/pRMabaG5UhR3ajWhcz/1WaI81qN2pD15wqI1KMqBeR6aptEY3j20dixKPT31M/9hdTX33yc+J5xny5t3r9t711MZ+fjxSTvbYxEpcGzr5T20ci+fwff/edW527tydu3jt3cKY0gomBJ2gbIzEzEImXh43ErcMaiUHTZSROruav5Rv5ds7lTN7KYhbyvcxlKfM5k69nLkcyV53PxevU9pG6ui731k4jaZXHpVm9iw4/pqXM5dWy7bEs5Ft5Nzcynyvlv0u5mNdzOZczO3CETw5x1ddHe6c9+4WBh8m/SNIert0+KAZ2fPXuNHjWT5fXwfF1W9ai9OLzvx81Plslin38pFofDBsjcXEgEi9tH4nflG8r9zp3by/emntvyP29Vq2L6+hnB+ouUZwvLxYHq8ytPzuKspc2lk324tWqfnHpla2/4xZlJ1fLdrpSW9VnuM09XSrLXt6ybKYsOz1Qtu7z1tXe5y0ADryjXzzaav+9/Zf2h+2ftm+135z82sSXJ15ppfnn5lca00deq79S+0M+zA/Wvv8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7d+/+g9tznc784oZEt9v94VOK9jDRTtLfkuzUqpmd6+xNopWkTDT6idH6mRiqcmvt6Lzx+2cZc3PUVslzCVSjOsnuP7j9z263u++HaYtEc5tzfi3RrWwq6g7VfGyJf3WfX4djfmMC9tyFpTvvXbh3/8GXFu7MvTP/zvzd2cuXZ6dnL1/524WbC5356d7ruEcJ7IW1m/64RwIAAAAAAAAAAAAMaz/+W8JTdv2ffZ4qAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcEhdOzdRpc5PF68rj2Y6xdJPr1Ysq9WT1L6f1D5Krqa3ZGqgu9rT9vPBwuzbH3+68kkv16iWsn59XbvmbmbxsFpyJsmRaj1o8hn6u16tdzWyUm11hkXAzvYDB+P23wAAAP//+B8RmQ==")
truncate(&(0x7f0000000080)='./file1\x00', 0xc1a)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x84022, 0x0)
truncate(&(0x7f0000000080)='./file1\x00', 0x637c)

36.35946264s ago: executing program 8 (id=981):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts-aes-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="adcd1a9a3fc36e961ed00fe41b0cd695", 0x20)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
read$alg(r1, &(0x7f00000012c0)=""/4109, 0x100d)
sendmsg$alg(r1, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000001200)=[{&(0x7f0000002300)="efc7", 0x2}], 0x1, 0x0, 0x0, 0x8801}, 0x4000001)

35.791807451s ago: executing program 8 (id=984):
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff1000/0x8000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff3000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0xa, 0x20002f7})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffe9}, {0xe, 0xffff}}}, 0x24}}, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x13)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)

35.167505972s ago: executing program 36 (id=984):
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff1000/0x8000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff3000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0xa, 0x20002f7})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffe9}, {0xe, 0xffff}}}, 0x24}}, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x13)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)

6.635576727s ago: executing program 9 (id=1147):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = io_uring_setup(0x7c41, &(0x7f0000000300)={0x0, 0x5065, 0x800, 0x0, 0x99})
io_uring_register$IORING_REGISTER_RING_FDS(r1, 0x14, &(0x7f0000001780), 0xa)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0)

5.828910406s ago: executing program 9 (id=1154):
r0 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00')
r1 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)={0xc0002009})
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x4, 0x0, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x9000, &(0x7f0000000140)={0x7, 0x70}, 0x20)

5.524099428s ago: executing program 9 (id=1156):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x4}, 0x4)
setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000180)={0xfffc, [0x5, 0xfffffffc], 0x306}, 0x10)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r1, 0x400455c8, 0x0)

2.960798137s ago: executing program 9 (id=1176):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
r1 = socket$caif_seqpacket(0x25, 0x5, 0x2)
sendmsg(r1, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x20048000)

2.778818134s ago: executing program 9 (id=1177):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000000)='./file1\x00', 0x98, &(0x7f0000000140)=ANY=[@ANYBLOB="6e6f6e756d7461696c3d302c636865636b3d7374726963742c756d61736b3d30303030303030303030303030303030303133363033302c756e695f786c6174653d312c756e695f786c6174653d302c666d61736b3d30303030303030303030303030303030303030303034302c757466383d302c6e6f6e756d7461696c3d302c73686f72746e616d653d77696e39352c73686f72746e616d653d6c6f7765722c73686f72746e616d653d77696e6e742c756e695f786c6174653d312c74696d655f6f66667365743d3078303030303030303030303030303166622c666c7573682c756e695f786c6174653d302c73686f72746e616d653d77696e39352c00208893fdd4787adad4209069"], 0x7, 0x2b0, &(0x7f0000000280)="$eJzs3T9vI0UYB+B3E3vtg8IuqBASK0FBdbpcS+MI5aQIVyAXQAEn7k5CsYV0J0XijzBX0dJQ8gmQkOj4EjQU9Ei0SHRccdKi9e7GTlg72QgnwD1Pk8ns/Gbe3YwTpfD4g5dmR/eyePD481+j309iZxSjeJLEMHai9mWcMvo6AID/sid5Hn/kpTa5JCL62ysLANiilb//Ny4U+GHrJQEAW/b2O+++uT8eH7yVZf24M/vqeFL8Z198La/vP4iPYhr341YM4mlEfqJs38nzfN7JCsN4dTY/nhTJ2fs/VfPv/x6xyO/FIIaLrtP5w/HBXlZayc+LOp6r1h8V+dsxiBca1j8cH9xuyMckjddeWan/Zgzi5w/j45jGvUURy/wXe1n2Rv7Nn5+9V5RX5JP58aS3GLeU717xjwYAAAAAAAAAAAAAAAAAAAAAgP+xm9XZOb1YnN9TdFXn7+w+Lb7pRlYbnj6fp8wn9URnzgea5/Ftfb7OrSzL8mrgMt+JFzvRuZ67BgAAAAAAAAAAAAAAAAAAgH+XR598enR3Or3/8B9p1KcB1G/rv+w8o5Wel6NhzDBOenrLJXeqZTfMHLv1mCRiYxnFjK2K756/+prGjXWp775v++j654/pXqLClo16dx3dTZqfYS/qnn69SX5cHZPGBddK113KW22/tPFS2voFkj6/aMw3jIlkU2Gv/1Y+uaonOXsX6eKpNsa7VaN8LTTtjVb7+e+/KxKndQAAAAAAAAAAAAAAAAAAwFYt3/TbcPHxmtAvh+WH/Mdwy9UBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwNVYfv5/i8a8Cl9gcBoPH13zLQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAM+CsAAP//yylfnw==")
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000440)=ANY=[@ANYBLOB="1201000006c055080a115014cb62010203010902120001fe0000000904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
openat(0xffffffffffffff9c, 0x0, 0x48041, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

2.191884092s ago: executing program 5 (id=1183):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x7, 0x6, 0xc}, 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0xb, 0x5, 0x7, 0x9, 0x1, 0xffffffffffffffff, 0xfffffffc}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x2a}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)

2.048030171s ago: executing program 7 (id=1186):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000b00)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-blowfish-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5", 0x4)
r1 = accept4(r0, 0x0, 0x0, 0x80800)
sendmmsg$alg(r1, &(0x7f0000000280)=[{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000080)="f703010010fff3be522ba800000000", 0xf}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba12", 0x11}], 0x2, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x2000847}], 0x1, 0x40800)
recvmmsg$unix(r1, &(0x7f0000005f80)=[{{0x0, 0x0, &(0x7f0000001240)=[{&(0x7f0000001040)=""/6, 0x6}, {&(0x7f0000001080)=""/27, 0x1b}], 0x2}}], 0x1, 0x40000000, 0x0)

1.950897598s ago: executing program 5 (id=1187):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = fanotify_init(0xf00, 0x0)
fanotify_mark(r1, 0x1, 0x5800003a, r0, 0x0)
creat(&(0x7f0000000000)='./bus\x00', 0x0)
read$FUSE(r1, &(0x7f0000004fc0)={0x2020}, 0x2020)

1.844036998s ago: executing program 7 (id=1189):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(0x3)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_int(r0, 0x0, 0x32, &(0x7f0000000f00)=0x1000000, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'veth0_macvtap\x00', <r1=>0x0})
sendmmsg$inet(r0, &(0x7f0000002240)=[{{&(0x7f0000000040)={0x2, 0x4e20, @broadcast}, 0x10, 0x0, 0x0, &(0x7f0000000200)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r1, @local, @loopback}}}, @ip_retopts={{0x10}}], 0x30}}], 0x1, 0x0)

1.814121845s ago: executing program 1 (id=1190):
prlimit64(0x0, 0xe, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000940)=ANY=[@ANYBLOB="58000000020601080000000000000000030000000900020073797a3100000000050001000700000005000500020000000c000780080006400000040111000300686173683a6e65742c6e657400000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)=ANY=[@ANYBLOB="50000000090601020000000000006ce6016000000900020073797a31000000000500010007000000280007800c00018008000140640101010c00148008000140ac1414bb0c00028008000140"], 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4)

1.725550124s ago: executing program 5 (id=1191):
r0 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
r1 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5\x00'/557, 0x1)
pwritev(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)='P', 0x1}], 0x1, 0x800000, 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x24002de8)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000480)={0x0, {}, 0x0, {}, 0xaca6, 0x9, 0xfffffffb, 0x9, "28f5c9ea1f1ae4be4111ab18d2da69bde58cd7af40fd150b70aac11c2e16bd5bba7663c435aff94793ddd7aae07ef35f17bf01933bdb6fd7ecdd91b59ca8d541", "07a9310978042a8bfe1406584a128d7469166f4f07b84819e7df4af14e1df82d", [0x6, 0x9]})

1.649684926s ago: executing program 3 (id=1192):
r0 = gettid()
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

1.649027654s ago: executing program 7 (id=1193):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
sendto$inet6(r0, 0x0, 0x0, 0x4c881, &(0x7f0000000540)={0xa, 0x4e24, 0x10, @mcast2}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000001480)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000080)='B', 0x1}], 0x1}}], 0x1, 0x400c404)
exit(0xfe)
sendmmsg$inet6(r0, &(0x7f0000001040)=[{{0x0, 0x0, &(0x7f0000000f80)=[{&(0x7f0000000b40)="91", 0x1}], 0x1}}], 0x1, 0x48c0)

1.580024701s ago: executing program 1 (id=1194):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x19, 0x4, 0x8, 0x5}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008900000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r3, r1}, 0x14)
syz_emit_ethernet(0xd81, &(0x7f0000002180)=ANY=[], 0x0)

1.395904435s ago: executing program 3 (id=1195):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r0, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8)
listen(r0, 0x3)
accept4(r0, 0x0, 0x0, 0x0)
shutdown(r0, 0x1)
setsockopt$sock_int(r0, 0x1, 0x20, &(0x7f0000000280)=0xfffff908, 0x4)

1.377205015s ago: executing program 5 (id=1196):
r0 = socket$unix(0x1, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r1=>0x0})
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r2, &(0x7f0000000200)={0x1d, r1}, 0x10)
sendmsg$can_bcm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="01000000d7fe"], 0x20000600}}, 0x0)
sendmsg$sock(r2, &(0x7f0000001940)={&(0x7f00000002c0)=@sco={0x1f, @none}, 0x80, &(0x7f0000000000), 0x5, &(0x7f00000008c0)=[@timestamping={{0x14}}], 0x18}, 0x0)

1.312045076s ago: executing program 1 (id=1197):
syz_mount_image$fuse(0x0, &(0x7f0000000300)='./file1\x00', 0x120c488, 0x0, 0x1, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x4028, 0x0, 0x1, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000200)='./bus\x00', 0x18d18d5, 0x0, 0xff, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file1\x00', 0x20400, 0x20)
fsync(r0)

1.198145924s ago: executing program 1 (id=1198):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000500000ac4010000060a0b04000000000000000002"], 0x1ec}}, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000010040), 0x0, 0xffffffffffffffff, 0x4}, 0x38)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0)
close(r0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$SIOCSIFHWADDR(r0, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random="000500000020"})

1.192533387s ago: executing program 5 (id=1199):
socket$nl_route(0x10, 0x3, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000024c0)=@newtaction={0x6c, 0x30, 0x48b, 0x0, 0x0, {}, [{0x58, 0x1, [@m_nat={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x3}, @multicast2, @remote}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x20008000}, 0x8000)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

1.096088198s ago: executing program 3 (id=1200):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
prctl$PR_SET_IO_FLUSHER(0x43, 0x0)
timer_delete(0x0)

1.081542208s ago: executing program 1 (id=1201):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0xffbe, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0xd, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084)

1.006769211s ago: executing program 3 (id=1202):
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
r0 = inotify_init1(0x800)
inotify_add_watch(r0, &(0x7f0000000280)='./file0\x00', 0x56000fc5)
r1 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100}, &(0x7f0000002000)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22})
io_uring_enter(r1, 0x48e9, 0x0, 0x2, 0x0, 0x0)

955.822797ms ago: executing program 5 (id=1203):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000380)='./file0\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000018bbdecde39739fcd1df176dde746ec834120600000000003b814e50a959736d6572462abc30ef5b65c70f73ecea54b5e5bea9836c319f653557e79a002208ce996dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e3686873600000000005493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1034e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc36160191acf5ae7469c82ab4145b595b987d75912a0fcd1c061835294cc0c618aba204f8adaa20c80108d356cd88cc86177056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6020d90ea79b8027cf75964dd86c2ed2b5e75779677aa8c76b848dd03dab190b5f02ec52830a17b01eaae1c3df076000000000000000000000000000083a48a6b926c668b9b90195018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac0111701b125cc6799c43aa4ff708dc4a00a6decad26f0378072a571da000000b1a6bdf03fd56697e348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0df04f20020ee84075b4e1a2ad43d1be1138de4668e7b6137545708790c501f1ed7f6a571d500000000000000"], 0x25, 0x55a8, &(0x7f00000014c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx64asumCJWPBPEEisWPIbWMASdogFiB1SkWcm0KQNtI3jqO3zSDNn5vj1mXdGlqUzYzmAZ9ZC+sdvSZyIIxExFxHHk8i3k3KJuBNxsRj7QkScjIjKPUtS5v9OHIyIoxFxYlK8qJmUL31xenzq/K9v//7t94cOHPvymx/29cSBffViRPRXi+3b/SJmnSLeKPONcTeP/XPjMq5uqdHPivzt9kpe4XZjc1wjj2c7xfhs9dZwEq/3Gs1J7HSv5/nVQXHA4bizWWfyhvRGYy3fb7VX8tgdZnnsbBTHXd8ovts2hqOiTqus90lePkajzVjk2+vt4nxWb+axORiV+aJu1mqvT+K4jOXhopn1Wvk8Vh7zIj8B3ukObq2n4/basJsN0vO1+ku1+oVqfS1rtUftc9VGv3XhXLrY6U2GVUftRv9iJ8s6vXatmfWX0sVOs1mt19PFS+2VbmOQ1uu1s7Uz1fNL5dbp9I2rH6S9Vro4ia91B7dG3d4wvZ6tpcU7ltLl2tmXl9JT9fS9K9fSa+9evnzl2vsfXfrw6qtX3nq9HHTftNLF5TPLy9X6mepyfekZOv9Py0k/wvknD07/9OPuLhsUdviAAbCz+/r/2N7/h/4fmLrd9P/9m+X+3vT/8TD9f0yz/5+0VPr//+5/K4/U/56YSv87H/r/PTx/2JXH6/8PTn0eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADM3M/zX72ZbywU+8fK/P/K1HPlfhIRlYi4+wBzcXBLzbmyzvwO4+e3zeG7JPIKk2McKpejEXGxXP78/15fBQAAAHh6fX3n5OdFt16sFvZ7QsxScdOmcvzjKdVLImJ+4ZcpVatMVs9PqVj++T4Q61Oqlt/AOjylYsUttwPTqvZQ5raEw/eEpAiVmU4HAACYia2dwGy7EAAAAGbps3999ZWZzYMZS2LzUebms+D8l/f/PBA8Mlnd3fbjfgAAAOBJkuz3BAAAAIA9l/f//v8PAAAAnm7F//8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBf7NzPjdpAFAfgZ4OB/FNQlHtayQ3KSAk55hgoIE1QAmkhDVADkXJICStYYc8ieRek1TLGWvR9ku2d8ernGeDyxtIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXfpbree/f375dWnObn+ZPLMBAAAATtlW63n9x7Rpv0v9H1LXp9QuIqKMiFO1+yBGrcxByqnO/H/1aAx/IuqEQ/84HW8j4ms67j52/SkAAADA7dosV7OmWm9OaQngX7+j4kqaRZvy/bdMeUVEVNP/mdLKw+lzprD69z2MH5nS6gWsSaawZsltePreKNdD2gaty8NMFvWXWLfKbp4LAAD0qV0JnKlCAAAAuAHf+x4A1/C0tC+Op+N7xnFzSS8E37RaAAAAwCtU9D0AAAAAoHN1/d/N/n+TF+3/V9j/DwAAALJr9v8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgS9tqPd8sV7Nz9xfPzNntL5NvRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9+zPOwqEQBiEwd71ncnc/7DSoKGxSRUIH39jMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABvfveX/xNT40wy99pYeh5J1k6NrVNj79w4+sP4+jUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsT8vKRACQRAFc8b/Tvr+h5UEPYMIEdDwqKIWDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBf97pf/E1PjTDJ32lg6HknWrhpbV429B42jB+Pt3wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsW//vm1UcQDA3/lspylUhIAiEUAFdYCFpm5p6YoQKGLgT0CKUqcEXAptBlpFlCxsKHMXBAsSQkigsOV/6NxIXcrWIUOQmBiC7lf6nJgmpO05TT8f6fl9/Xx5P86Wla/fHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQWX83vNIo4zR7GCviqu32xuJsVq9tqzOry3cms5LFyUjVeuz1+mZ/oL0aPzk+MbyJAAAAcFgc2/WItMrvQwh3WyvTWd0Yy/P/VnVMlvP/UHaVlG3b8/61jcUj5UuTVf7/x+/3XtwaaCzNx8k6nZvvdU/tnEpz38t8wj236xHN/Mznv72k+RvS+HDphfVWfj6T727der+dhyN1zBYA2I+TVV0G1f9DWd0Z5sQAeGo0o8S7yv/TseHOCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAO60vhmSpOQgiTzftxZm1jcXZQ/c3yncnVspy7eXM57jProhVCmJvvdU/VuJaDqzqb1z+b6fW6V65eqzs4HkIY8NKNvf15Wk7/P49phxD6Wk68NKCfj/cw1rZ+dgTlxzPUew5Hs/XtenDS15LsOOHvbRaG8QGoK2iU78/jGGK09ve9P6g+e4++5//zXTLyaL6SAAA41FplyTLRu62V6awtGQ9h88f+/P+NKA59ef/mjaKleL4a5f/3Pjl3Ox4rzv87Na3vSTC1cOmLqavXrr81f2nmYvdi9/O3T3fe6Zw5f/bs+an8t5KpudDwiwkAAAAPoV2WOP8fHbD/fzSKwwP2/4st4SL///L7ztfxWKn8f6D7m37DngkAAMDTqL0VPf/a338lA45I2u3w1czCwpVO8bj1/HTxWOt092mkLHH+n44Pe1YAAABAHdaXkr79/wtRHB6w/x9f///szy//GveZFtcWXA4hdE/OXu5dqG85B1r/Tb8/pY/jRuV8oPawVwoAAMCwjJYl3v9vjWf5f2PrkodGCOHNEyH8U97DH/aY/6cffPtLPFZ8/f+ZWld58DQmivOR1xMhNCeGPSMAAAAOsyNlyZL9P1sr05/+dvSjtuv/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOr2bwAAAP//aR4tAA==")
syz_open_procfs(0x0, &(0x7f0000000240)='net/kcm\x00')
r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
sendfile(r1, r0, &(0x7f0000002080)=0x64, 0x23b)
unlinkat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x200)

892.457789ms ago: executing program 3 (id=1204):
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f0000000540)={0x44, &(0x7f00000005c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000280)={[{@max_batch_time={'max_batch_time', 0x3d, 0x4}}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@user_xattr}, {@errors_remount}, {@nombcache}]}, 0x1, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
creat(&(0x7f0000000000)='./file2\x00', 0x149)
lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000080)=ANY=[], 0xfe37, 0x0)
listxattr(&(0x7f0000000080)='./file1\x00', 0x0, 0x0)
listxattr(&(0x7f0000000140)='./file1\x00', 0x0, 0x0)

889.762713ms ago: executing program 9 (id=1205):
iopl(0x3)
r0 = gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = timerfd_create(0x0, 0x0)
readv(r1, &(0x7f00000009c0)=[{&(0x7f0000000200)=""/33, 0x21}], 0x1)

832.834644ms ago: executing program 1 (id=1206):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x4}]}, 0x10)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
bind$inet6(r1, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r1, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

648.696747ms ago: executing program 7 (id=1207):
r0 = socket$pptp(0x18, 0x1, 0x2)
r1 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
io_uring_setup(0x1de0, &(0x7f00000000c0)={0x0, 0x45d5, 0x2})
ioctl$MON_IOCX_MFETCH(r1, 0xc0109207, &(0x7f0000000c40)={0x0, 0xfe72})
ioctl$MON_IOCX_GETX(r1, 0x80089203, &(0x7f0000000a40)={0x0, 0x0})
close_range(r0, 0xffffffffffffffff, 0x0)

424.082956ms ago: executing program 7 (id=1208):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
r1 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000040)=0x80000004, 0x4)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4625, 0x7, @loopback}, 0x1c)
listen(r1, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

394.256869ms ago: executing program 7 (id=1209):
syz_mount_image$xfs(&(0x7f0000009700), &(0x7f0000009740)='./file0\x00', 0x4000000, &(0x7f0000000040)={[{@filestreams}, {@sysvgroups}, {@noalign}, {@nolazytime}, {@inode32}, {@discard}, {@prjquota}, {@inode64}, {@gquota}, {@nolargeio}, {@nodiscard}]}, 0x1, 0x975c, &(0x7f000001c600)="$eJzs/QWcbXWhuP/PgUM3giBSUmKSEqJIhyJKihKCtKSACCgdSqigCCjd3d2d0t3d3R3/14EDKj5wvd/f/V+8Ps/zYmbPjlnz2Z/3Wou9Z83Ze6n5FptrYGDMgfd6//RvXbTbvcstPtpC6528y+Bb9t5x4SeGXjz8eydjzTH0dM6hp3MNDAwMGrqcQe9dNnj2k04eZmDwwJD//taoI408zKgDAyMPPTt0OQMzv3cyyiHv3+6dD8UDnXTIj9vhvY93G23IQoZ8sczyb609MDAw4t99/5BxTftPd1TaUnPOP9/frD5wG2bo1YP+dt27p4Pf+xjlgIGBUfYb+Oj1Y8hth/u77/3fbMjPHHPygSXu/QR+9v+5lppz/gU/5D9kWxx26GUzD9nGP7wNGvvwer7jYms8NnQKBw2duMF/t718Euv9/1NLzTnfQgMfvR0PLDzvpo++8+5+c/A8AwOD5x0YGDzfwMDg+T9pj/qf6RNd+aqqquoTac65ZhjynH2YDz0eGPH9x7X0uPCyN6d7cGBg8MLvPU8cvPz7zwWrqqqqqqqq6t+zOeeaYW54/j/mxz3/n/TMbcbq+X9VVVVVVVXV/50WnHOuGYY81//Q8//xP+75/7OPH33we3/7P8fM733X25/snaiqqqqqqqqqj22+BfH5/6Qf9/z/ipMmvbrn/1VVVVVVVVX/d1r0nXfe2fzvXmdv6MVTv389Pf8/+5G7l/3EBlxVVVVVVVVV/+3efuqMc/72mu8TD3zo9d7fbejvBQYdd961135iA/33aNA//z5ki096TP9fG+I84hGTDgysvcQnPZT6BPo/81r19f+X8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/cR9x/P+D1/8/+4QV338v+M9POcOtZ/ztO9997//BCy/41Jaf0NA/if5Tj/8PrD5oYGCo75irDwwMLDznootPPTAwcMatM0w5xcAH180y5LrZxh723TeIf/+ficw7Fi94i8neOx2yogyM88Eyjnt3+Qu+s/+wgz40iL9rrFMOPni1pV6Z8cOnU330/Rjmg69GO/nx9/8tyzAfutGIH/HN7y///fvyYeehY596yNin2WCtdadZf+NNvrL6WiusuvKqK6896/QzTTfjrLPONNM0q6y+5srTvvf5o+Zs0nc/z/2vzNmoH56zp+b8+zn78H37qDmb9OPn7N0l7nr5iN96f84G/zfnbO6Pn7NJVx/6g8aaY7iB5d+dm0EDA2PNM9zARkPOTDfCwMBY8w697fhDbvuNsYcZGNj5b3d0yFcjfLAODtpiyG2Wmm+xud7bTQ0M/O30b33E+9kPP3Tkcww9nXPo6Vzv/ZgxB/62Kg6e/aSThxkyF/8wHaOONPIwow4MjDz07NDlDMz63snIZ75/u494n/UPDfTdl1nZ4b2PdxttYGBglCFfTLzC2dsOmfr/hfdp/3/6//8/ec0y6IP1cdDQj6G3ec9rzvkX/NvPencahszdsEMvm3mIyf/wW9v/Q/803klHHJj0Y8b7Ma+L8260fq15xrhb/U+9Lg6Nd/yPGe/HvI7vR453yQf3eOy9Rf2PjfdD+7qF3v08x7+yrxv4+H3dsLSAla+a6MP7uu989BD/YXf5/hyN8KEbfdS+bvy9JtliyPLn+Ph93UJDxj7cP+zrhhkYGGvu9/d1Q3Z88w03sPOQM9MPOTP/cAOHDTkzw7tnRho4b8iZr664zporDblggX9eD6Ye9A9/oAnb2Xwf2s4G/d19H/Shv+8c/N7pKAe8/x5OH7HfHDT0bv2X+wpab8f8mPF+zPtP4TwPuWyl40cc93/q/adovCN+/Hg/6v2yP3K8O7189r3/w+P9YDsb7u+ma4F/ZTub9B+3syF3cdi/2zL+1cdhK8Ht3/t6/A+WtuFmj3/wmGK4Dy33v3pMscDHb2djrv6h79t+v4FBHzc38/8rczPhP+2Dtvz7uflXH29NPfl71w/7MXMzwqzLTfX+3Az/35yb+f+7czPHwLD/ODeDB+YdGBiYYuj+Yb5/ZW7G//i5+VfXm5Hh9u99vfIHF82z4xGXvD83H56L/2pu5vvvzs2kH6w3U7x73WTDDAw//MBGK2ywwXrTvff5/bPTv/f547fBef6VuRzzf2YuJxj8UXP5t1V11AevPuC/2Ab/aZ/+/vLn+e/O5cAHczmw+oc3lvp3rd//ucvfXf7u8neXv7v83eUv7iOO/3/w+v+7jznbLkN/uTHc1ZOMt90nPd5PuP/o4/9Dff/h+P92401y9TADH1z3scdn37vNv+Xx2ZnfOxnlkPdv9+HjgzzQjz4+u9+sM2/zv3R89v+p97fVf+H3cO3/3eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/uI+4vj/tO//HcAj0y3y/NADocM9sfXSi3zS4/2E+48+/j/U9x+O/y+y9NZPDDPwwXUfe/z/vds4jv/f/8Z8O/07H/9/f1vt+H/9F+XvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/uI+4vj/HO//HcDRR++xyft/D3DjWDuc8UmP9xPuP/X4f+//7639v7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y1/c0OP/Ax96e8vvt15gcPz//3Yf4b9I/pjFf9H8MYv/YvljFv/F88cs/kvkj1n8l8wfs/j/IH/M4r9U/pjF/4f5Yxb/H+WPWfyXzh+z+C+TP2bxXzZ/zOK/XP6Yxf/H+WMW/+Xzxyz+K+SPWfx/kj9m8V8xf8ziv1L+mMV/5fwxi/8q+WMW/1Xzxyz+q+WPWfxXzx+z+P80f8ziv0b+mMV/zfwxi/9a+WMW/7Xzxyz+6+SPWfzXzR+z+P8sf8ziv17+mMV//fwxi/8G+WMW/5/nj1n8N8wfs/j/In/M4r9R/pjFf+P8MYv/JvljFv9f5o9Z/H+VP2bx3zR/zOK/Wf6YxX/z/DGL/xb5Yxb/LfPHLP5b5Y9Z/LfOH7P4b5M/ZvHfNn/M4r9d/pjF/9f5Yxb/3+SPWfy3zx+z+O+QP2bx3zF/zOK/U/6Yxf+3+WMW/9/lj1n8f58/ZvHfOX/M4r9L/pjF/w/5Yxb/P+aPWfx3zR+z+P8pf8ziv1v+mMV/9/wxi/8e+WMW/z/nj1n8/5I/ZvHfM3/M4r9X/pjFf+/8MYv/PvljFv9988cs/vvlj1n8988fs/gfkD9m8T8wf8zif1D+mMX/4Pwxi/8h+WMW/0Pzxyz+h+WPWfwPzx+z+B+RP2bxPzJ/zOJ/VP6Yxf/o/DGL/zH5Yxb/Y/PHLP7H5Y9Z/I/PH7P4n5A/ZvE/MX/M4n9S/pjF/+T8MYv/KfljFv9T88cs/qflj1n8T88fs/ifkT9m8T8zf8zif1b+mMX/7Pwxi/85+WMW/3Pzxyz+5+WPWfzPzx+z+F+QP2bxvzB/zOJ/Uf6Yxf/i/DGL/yX5Yxb/S/PHLP6X5Y9Z/C/PH7P4X5E/ZvH/a/6Yxf/K/DGL/1X5Yxb/q/PHLP7X5I9Z/K/NH7P4X5c/ZvG/Pn/M4n9D/pjF/8b8MYv/TfljFv+b88cs/rfkj1n8b80fs/jflj9m8b89f8zif0f+mMX/zvwxi/9d+WMW/7vzxyz+9+SPWfzvzR+z+N+XP2bxvz9/zOL/QP6Yxf/B/DGL/0P5Yxb/h/PHLP6P5I9Z/B/NH7P4P5Y/ZvF/PH/M4v9E/pjF/8n8MYv/U/ljFv+n88cs/s/kj1n8n80fs/g/lz9m8X8+f8zi/0L+mMX/xfwxi/9L+WMW/5fzxyz+r+SPWfxfzR+z+L+WP2bxfz1/zOL/Rv6Yxf/N/DGL/1v5Yxb/t/PHLP7v5I9J/AcN5I9Z/Aflj1n8h8kfs/gPmz9m8R+cP2bxHy5/zOI/fP6YxX+E/DGL/4j5Yxb/kfLHLP4j549Z/EfJH7P4j5o/ZvEfLX/M4j96/pjFf4z8MYv/mPljFv+x8scs/mPnj1n8P5U/ZvEfJ3/M4j9u/pjF/9P5Yxb/8fLHLP7j549Z/D+TP2bxnyB/zOL/2fwxi/+E+WMW/4nyxyz+E+ePWfwnyR+z+E+aP2bx/1z+mMV/svf9R/yExvVvmsV/8rZ/zOI/Rf6YxX/K/DGL/1T5Yxb/z+ePWfynzh+z+H8hf8zi/8X8MYv/l/LHLP5fzh+z+H8lf8zi/9X8MYv/NPljFv9p88cs/tPlj1n8p88fs/jPkD9m8Z8xf8zi/7X8MYv/TPljFv+Z88cs/rPkj1n8Z80fs/h/PX/M4j9b/pjF/xv5Yxb/b+aPWfxnzx+z+H8rf8ziP0f+mMV/zvwxi/9c+WMW/7nzxyz+8+SPWfznzR+z+M+XP2bxnz9/zOK/QP6YxX/B/DGL/7fzxyz+38kfs/gvlD9m8f9u/pjFf+H8MYv/9/LHLP7fzx+z+C+SP2bxXzR/zOK/WP6YxX/x/DGL/xL5Yxb/JfPHLP4/yB+z+C+VP2bx/2H+mMX/R/ljFv+l88cs/svkj1n8l80fs/gvlz9m8f9x/pjFf/n8MYv/CvljFv+f5I9Z/FfMH7P4r5Q/ZvFfOX/M4r9K/pjFf9X8MYv/avljFv/V88cs/j/NH7P4r5E/ZvFfM3/M4r9W/pjFf+38MYv/OvljFv9188cs/j/LH7P4r5c/ZvFfP3/M4r9B/pjF/+f5Yxb/DfPHLP6/yB+z+G+UP2bx3zh/zOK/Sf6Yxf+X+WMW/1/lj1n8N80fs/hvlj9m8d88f8ziv0X+mMV/y/wxi/9W+WMW/63zxyz+2+SPWfy3zR+z+G+XP2bx/3X+mMX/N/ljFv/t88cs/jvkj1n8d8wfs/jvlD9m8f9t/pjF/3f5Yxb/3+ePWfx3zh+z+O+SP2bx/0P+mMX/j/ljFv9d88cs/n/KH7P475Y/ZvHfPX/M4r9H/pjF/8/5Yxb/v+SPWfz3zB+z+O+VP2bx3zt/zOK/T/6YxX/f/DGL/375Yxb//fPHLP4H5I9Z/A/MH7P4H5Q/ZvE/OH/M4n9I/pjF/9B/9H/4f31c/6ZZ/A9r+8cs/ofnj1n8j8gfs/gfmT9m8T8qf8zif3T+mMX/mPwxi/+x+WMW/+Pyxyz+x+ePWfxPyB+z+J+YP2bxPyl/zOJ/cv6Yxf+U/DGL/6n5Yxb/0/LHLP6n549Z/M/IH7P4n5k/ZvE/K3/M4n92/pjF/5z8MYv/ufljFv/z8scs/ufnj1n8L8gfs/hfmD9m8b8of8zif3H+mMX/kvwxi/+l+WMW/8vyxyz+l+ePWfyvyB+T+L9b/v+cxH/QlfljFv+r8scs/lfnj1n8r8kfs/hfmz9m8b8uf8zif33+mMX/hvwxi/+N+WMW/5vyxyz+N+ePWfxvyR+z+N+aP2bxvy1/zOJ/e/6Yxf+O/DGL/535Yxb/u/LHLP53549Z/O/JH7P435s/ZvG/L3/M4n9//pjF/4H8MYv/g/ljFv+H8scs/g/nj1n8H8kfs/g/mj9m8X8sf8zi/3j+mMX/ifwxi/+T+WMW/6fyxyz+T+ePWfyfyR+z+D+bP2bxfy5/zOL/fP6Yxf+F/DGL/4v5Yxb/l/LHLP4v549Z/F/JH7P4v5o/ZvF/Lf/h6UKL/+v5Yxb/N/LHLP5v5o9Z/N/KH7P4v50/ZvF/J39M4v/ul/n/cxb/QfljFv9h8scs/sPmj1n8B+ePWfyHyx+z+A+fP2bxHyF/zOI/Yv6YxX+k/DGL/8j5Yxb/UfLHLP6j5o9Z/EfLH7P4j54/ZvEfI3/M4j9m/pjFf6z8MYv/2PljFv9P5Y9Z/MfJH7P4j5s/ZvH/dP6YxX+8/DGL//j5Yxb/z+SPWfwnyB+z+H82f8ziP2H+mMV/ovwxi//E+WMW/0nyxyz+k+aPWfw/lz9m8Z8sf8ziP3n+mMV/ivwxi/+U+WMW/6nyxyz+n88fs/hPnT9m8f9C/pjF/4v5Yxb/L+WPWfy/nD9m8f9K/pjF/6v5Yxb/afLHLP7T5o8Numi34QYGBv7j/afLH7Ns/9Pnj1n8Z8gfs/jPmD9m8f9a/pjFf6b8MYv/zPljFv9Z8scs/rPmj1n8v54/ZvGfLX/M4v+N/DGL/zfzxyz+s+ePWfy/lT9m8Z8jf8ziP2f+mMV/rvwxi//c+WMW/3nyxyz+8+aPWfznyx+z+M+fP2bxXyB/zOK/YP6Yxf/b+WMW/+/kj1n8F8ofs/h/N3/M4r9w/pjF/3v5Yxb/7+ePWfwXyR+z+C+aP2bxXyx/zOK/eP6YxX+J/DGL/5L5Yxb/H+SPWfyXyh+z+P8wf8zi/6P8MYv/0vljFv9l8scs/svmj1n8l8sfs/j/OH/M4r98/pjFf4X8MYv/T/LHLP4r5o9Z/FfKH7P4r5w/ZvFfJX/M4r9q/pjFf7X8MYv/6vljFv+f5o9Z/NfIH7P4r5k/ZvFfK3/M4r92/pjFf538MYv/uvljFv+f5Y9Z/NfLH7P4r58/ZvHfIH/M4v/z/DGL/4b5Yxb/X+SPWfw3yh+z+G+cP2bx3yR/zOL/y/wxi/+v8scs/pvmj1n8N8sfs/hvnj9m8d8if8ziv2X+mMV/q/wxi//W+WMW/23yxyz+2+aPWfy3yx+z+P86f8zi/5v8MYv/9vljFv8d8scs/jvmj1n8d8ofs/j/Nn/M4v+7/DGL/+/zxyz+O+ePWfx3yR+z+P8hf8zi/8f8MYv/rvljFv8/5Y9Z/HfLH7P4754/ZvHfI3/M4v/n/DGL/1/yxyz+e+aPWfz3yh+z+O+dP2bx3yd/zOK/b/6YxX+//DGL//75Yxb/A/LHLP4H5o9Z/A/KH7P4H5w/ZvE/JH/M4n9o/pjF/7D8MYv/4fljFv8j8scs/kfmj1n8j8ofs/gfnT9m8T8mf8zif2z+mMX/uPwxi//x+WMW/xPyxyz+J+aPWfxPyh+z+J+cP2bxPyV/zOJ/av6Yxf+0/DGL/+n5Yxb/M/LHLP5n5o9Z/M/KH7P4n50/ZvE/J3/M4n9u/pjF/7z8MYv/+fljFv8L8scs/hfmj1n8L8ofs/hfnD9m8b8kf8zif2n+mMX/svwxi//l+WMW/yvyxyz+f80fs/hfmT9m8b8qf8zif3X+mMX/mvwxi/+1+WMW/+vyxyz+1+ePWfxvyB+z+N+YP2bxvyl/zOJ/c/6Yxf+W/DGL/635Yxb/2/LHLP63549Z/O/IH7P435k/ZvG/K3/M4n93/pjF/578MYv/vfljFv/78scs/vfnj1n8H8gfs/g/mD9m8X8of8zi/3D+mMX/kfwxi/+j+WMW/8fyxyz+j+ePWfyfyB+z+D+ZP2bxfyp/zOL/dP6Yxf+Z/DGL/7P5Yxb/5/LHLP7P549Z/F/IH7P4v5g/ZvF/KX/M4v9y/pjF/5X8MYv/q/ljFv/X8scs/q/nj1n838gfs/i/mT9m8X8rf8zi/3b+mMX/nfwxif+wA/ljFv9B+WMW/2Hyxyz+w+aPWfwH549Z/IfLH7P4D58/ZvEfIX/M4j9i/pjFf6T8MYv/yPljFv9R8scs/qPmj1n8R8sfs/iPnj9m8R8jf8ziP2b+mMV/rPwxi//Y+WMW/0/lj1n8x8kfs/iPmz9m8f90/pjFf7z8MYv/+PljFv/P5I9Z/CfIH7P4fzZ/zOI/Yf6YxX+i/DGL/8T5Yxb/SfLHLP6T5o9Z/D+XP2bxnyx/zOI/ef6YxX+K/DGL/5T5Yxb/qfLHLP6fzx+z+E+dP2bx/0L+mMX/i/ljFv8v5Y9Z/L+cP2bx/0r+mMX/q/ljFv9p8scs/tPmj1n8p8sfs/hPnz9m8Z8hf8ziP2P+mMX/a/ljFv+Z8scs/jPnj1n8Z8kfs/jPmj9m8f96/pjFf7b8MYv/N/LHLP7fzB+z+M+eP2bx/1b+mMV/jvwxi/+c+WMW/7nyxyz+c+ePWfznyR+z+M+bP2bxny9/zOI/f/6YxX+B/DGL/4L5Yxb/b+ePWfy/kz9m8V8of8zi/938MYv/wvljFv/v5Y9Z/L+fP2bxXyR/zOK/aP6YxX+x/DGL/+L5Yxb/JfLHLP5L5o9Z/H+QP2bxXyp/zOL/w/wxi/+P8scs/kvnj1n8l8kfs/gvmz9m8V8uf8zi/+P8MYv/8vljFv8V8scs/j/JH7P4r5g/ZvFfKX/M4r9y/pjFf5X8MYv/qvljFv/V8scs/qvnj1n8f5o/ZvFfI3/M4r9m/pjFf638MYv/2vljFv918scs/uvmj1n8f5Y/ZvFfL3/M4r9+/pjFf4P8MYv/z/PHLP4b5o9Z/H+RP2bx3yh/zOK/cf6YxX+T/DGL/y/zxyz+v8ofs/hvmj9m8d8sf8ziv3n+mMV/i/wxi/+W+WMW/63yxyz+W+ePWfy3yR+z+G+bP2bx3y5/zOL/6/wxi/9v8scs/tvnj1n8d8gfs/jvmD9m8d8pf8zi/9v8MYv/7/LHLP6/zx+z+O+cP2bx3yV/zOL/h/wxi/8f88cs/rvmj1n8/5Q/ZvHfLX/M4r97/pjFf4/8MYv/n/PHLP5/yR+z+O+ZP2bx3yt/zOK/d/6YxX+f/DGL/775Yxb//fLHLP77549Z/A/IH7P4H5g/ZvE/KH/M4n9w/pjF/5D8MYv/ofljFv/D8scs/ofnj1n8j8gfs/gfmT9m8T8qf8zif3T+mMX/mPwxi/+x+WMW/+Pyxyz+x+ePWfxPyB+z+J+YP2bxPyl/zOJ/cv6Yxf+U/DGL/6n5Yxb/0/LHLP6n549Z/M/IH7P4n5k/ZvE/K3/M4n92/pjF/5z8MYv/ufljFv/z8scs/ufnj1n8L8gfs/hfmD9m8b8of8zif3H+mMX/kvwxi/+l+WMW/8vyxyz+l+ePWfyvyB+z+P81f8zif2X+mMX/qvwxi//V+WMW/2vyxyz+1+aPWfyvyx+z+F+fP2bxvyF/zOJ/Y/6Yxf+m/DGL/835Yxb/W/LHLP635o9Z/G/LH7P4354/ZvG/I3/M4n9n/pjF/678MYv/3fljFv978scs/vfmj1n878sfs/jfnz9m8X8gf8zi/2D+mMX/ofwxi//D+WMW/0fyxyz+j+aPWfwfyx+z+D+eP2bxfyJ/zOL/ZP6Yxf+p/DGL/9P5Yxb/Z/LHLP7P5o9Z/J/LH7P4P58/ZvF/IX/M4v9i/pjF/6X8MYv/y/ljFv9X8scs/q/mj1n8X8sfs/i/nj9m8X8jf8zi/2b+mMX/rfwxi//b+WMW/3fyxyT+gwfyxyz+g/LHLP7D5I9Z/IfNH7P4D84fs/gPlz9m8R8+f8ziP0L+mMV/xPwxi/9I+WMW/5Hzxyz+o+SPWfxHzR+z+I+WP2bxHz1/zOI/Rv6YxX/M/DGL/1j5Yxb/sfPHLP6fyh+z+I+TP2bxHzd/zOL/6fwxi/94+WMW//Hzxyz+n8kfs/hPkD9m8f9s/pjFf8L8MYv/RPljFv+J88cs/pPkj1n8J80fs/h/Ln/M4j9Z/pjFf/L8MYv/FPljFv8p88cs/lPlj1n8P58/ZvGfOn/M4v+F/DGL/xfzxyz+X8ofs/h/OX/M4v+V/DGL/1fzxyz+0+SPWfynzR+z+E+XP2bxnz5/zOI/Q/6YxX/G/DGL/9fyxyz+M+WPWfxnzh+z+M+SP2bxnzV/zOL/9fwxi/9s+WMW/2/kj1n8v5k/ZvGfPX/M4v+t/DGL/xz5Yxb/OfPHLP5z5Y9Z/OfOH7P4z5M/ZvGfN3/M4j9f/pjFf/78MYv/AvljFv8F88cs/t/OH7P4fyd/zOK/UP6Yxf+7+WMW/4Xzxyz+38sfs/h/P3/M4r9I/pjFf9H8MYv/YvljFv/F88cs/kvkj1n8l8wfs/j/IH/M4r9U/pjF/4f5Yxb/H+WPWfyXzh+z+C+TP2bxXzZ/zOK/XP6Yxf/H+WMW/+Xzxyz+K+SPWfx/kj9m8V8xf8ziv1L+mMV/5fwxi/8q+WMW/1Xzxyz+q+WPWfxXzx+z+P80f8ziv0b+mMV/zfwxi/9a+WMW/7Xzxyz+6+SPWfzXzR+z+P8sf8ziv17+mMV//fwxi/8G+WMW/5/nj1n8N8wfs/j/In/M4r9R/pjFf+P8MYv/JvljFv9f5o9Z/H+VP2bx3zR/zOK/Wf6YxX/z/DGL/xb5Yxb/LfPHLP5b5Y9Z/LfOH7P4b5M/ZvHfNn/M4r9d/pjF/9f5Yxb/3+SPWfy3zx+z+O+QP2bx3zF/zOK/U/6Yxf+3+WMW/9/lj1n8f58/ZvHfOX/M4r9L/pjF/w/5Yxb/P+aPWfx3zR+z+P8pf8ziv1v+mMV/9/wxi/8e+WMW/z/nj1n8/5I/ZvHfM3/M4r9X/pjFf+/8MYv/PvljFv9988cs/vvlj1n8988fs/gfkD9m8T8wf8zif1D+mMX/4Pwxi/8h+WMW/0Pzxyz+h+WPWfwPzx+z+B+RP2bxPzJ/zOJ/VP6Yxf/o/DGL/zH5Yxb/Y/PHLP7H5Y9Z/I/PH7P4n5A/ZvE/MX/M4n9S/pjF/+T8MYv/KfljFv9T88cs/qflj1n8T88fs/ifkT9m8T8zf8zif1b+mMX/7Pwxi/85+WMW/3Pzxyz+5+WPWfzPzx+z+F+QP2bxvzB/zOJ/Uf6Yxf/i/DGL/yX5Yxb/S/PHLP6X5Y9Z/C/PH7P4X5E/ZvH/a/6Yxf/K/DGL/1X5Yxb/q/PHLP7X5I9Z/K/NH7P4X5c/ZvG/Pn/M4n9D/pjF/8b8MYv/TfljFv+b88cs/rfkj1n8b80fs/jflj9m8b89f8zif0f+mMX/zvwxi/9d+WMW/7vzxyz+9+SPWfzvzR+z+N+XP2bxvz9/zOL/QP6Yxf/B/DGL/0P5Yxb/h/PHLP6P5I9Z/B/NH7P4P5Y/ZvF/PH/M4v9E/pjF/8n8MYv/U/ljFv+n88cs/s/kj1n8n80fs/g/lz9m8X8+f8zi/0L+mMX/xfwxi/9L+WMW/5fzxyz+r+SPWfxfzR+z+L+WP2bxfz1/zOL/Rv6Yxf/N/DGL/1v5Yxb/t/PHLP7v5I9J/IcbyB+z+A/KH7P4D5M/ZvEfNn/M4j84f8ziP1z+mMV/+Pwxi/8I+WMW/xHzxyz+I+WPWfxHzh+z+I+SP2bxHzV/zOI/Wv6YxX/0/DGL/xj5Yxb/MfPHLP5j5Y9Z/MfOH7P4fyp/zOI/Tv6YxX/c/DGL/6fzxyz+4+WPWfzHzx+z+H8mf8ziP0H+mMX/s/ljFv8J88cs/hPlj1n8J84fs/hPkj9m8Z80f8zi/7n8MYv/ZPljFv/J88cs/lPkj1n8p8wfs/hPlT9m8f98/pjFf+r8MYv/F/LHLP5fzB+z+H8pf8zi/+X8MYv/V/LHLP5fzR+z+E+TP2bxnzZ/zOI/Xf6YxX/6/DGL/wz5Yxb/GfPHLP5fyx+z+M+UP2bxnzl/zOI/S/6YxX/W/DGL/9fzxyz+s+WPWfy/kT9m8f9m/pjFf/b8MYv/t/LHLP5z5I9Z/OfMH7P4z5U/ZvGfO3/M4j9P/pjFf978MYv/fPljFv/588cs/gvkj1n8F8wfs/h/O3/M4v+d/DGL/0L5Yxb/7+aPWfwXzh+z+H8vf8zi//38MYv/IvljFv9F88cs/ovlj1n8F88fs/gvkT9m8V8yf8zi/4P8MYv/UvljFv8f5o9Z/H+UP2bxXzp/zOK/TP6YxX/Z/DGL/3L5Yxb/H+ePWfyXzx+z+K+QP2bx/0n+mMV/xfwxi/9K+WMW/5Xzxyz+q+SPWfxXzR+z+K+WP2bxXz1/zOL/0/wxi/8a+WMW/zXzxyz+a+WPWfzXzh+z+K+TP2bxXzd/zOL/s/wxi/96+WMW//Xzxyz+G+SPWfx/nj9m8d8wf8zi/4v8MYv/RvljFv+N88cs/pvkj1n8f5k/ZvH/Vf6YxX/T/DGL/2b5Yxb/zfPHLP5b5I9Z/LfMH7P4b5U/ZvHfOn/M4r9N/pjFf9v8MYv/dvljFv9f549Z/H+TP2bx3z5/zOK/Q/6YxX/H/DGL/075Yxb/3+aPWfx/lz9m8f99/pjFf+f8MYv/LvljFv8/5I9Z/P+YP2bx3zV/zOL/p/wxi/9u+WMW/93zxyz+e+SPWfz/nD9m8f9L/pjFf8/8MYv/XvljFv+988cs/vvkj1n8980fs/jvlz9m8d8/f8zif0D+mMX/wPwxi/9B+WMW/4Pzxyz+h+SPWfwPzR+z+B+WP2bxPzx/zOJ/RP6Yxf/I/DGL/1H5Yxb/o/PHLP7H5I9Z/I/NH7P4H5c/ZvE/Pn/M4n9C/pjF/8T8MYv/SfljFv+T88cs/qfkj1n8T80fs/iflj9m8T89f8zif0b+mMX/zPwxi/9Z+WMW/7Pzxyz+5+SPWfzPzR+z+J+XP2bxPz9/zOJ/Qf6Yxf/C/DGL/0X5Yxb/i/PHLP6X5I9Z/C/NH7P4X5Y/ZvG/PH/M4n9F/pjF/6/5Yxb/K/PHLP5X5Y9Z/K/OH7P4X5M/ZvG/Nn/M4n9d/pjF//r8MYv/DfljFv8b88cs/jflj1n8b84fs/jfkj9m8b81f8zif1v+mMX/9vwxi/8d+WMW/zvzxyz+d+WPWfzvzh+z+N+TP2bxvzd/zOJ/X/6Yxf/+/DGL/wP5Yxb/B/PHLP4P5Y9Z/B/OH7P4P5I/ZvF/NH/M4v9Y/pjF//H8MYv/E/ljFv8n88cs/k/lj1n8n84fs/g/kz9m8X82f8zi/1z+mMX/+fwxi/8L+WMW/xfzxyz+L+WPWfxfzh+z+L+SP2bxfzV/zOL/Wv6Yxf/1/DGL/xv5Yxb/N/PHLP5v5Y9Z/N/OH7P4v5M/JvEffiB/zOI/KH/M4j9M/pjFf9j8MYv/4Pwxi/9w+WMW/+Hzxyz+I+SPWfxHzB+z+I+UP2bxHzl/zOI/Sv6YxX/U/DGL/2j5Yxb/0fPHLP5j5I9Z/MfMH7P4j5U/ZvEfO3/M4v+p/DGL/zj5Yxb/cfPHLP6fzh+z+I+XP2bxHz9/zOL/mfwxi/8E+WMW/8/mj1n8J8wfs/hPlD9m8Z84f8ziP0n+mMV/0vwxi//n8scs/pPlj1n8J88fs/hPkT9m8Z8yf8ziP1X+mMX/8/ljFv+p88cs/l/IH7P4fzF/zOL/pfwxi/+X88cs/l/JH7P4fzV/zOI/Tf6YxX/a/DGL/3T5Yxb/6fPHLP4z5I9Z/GfMH7P4fy1/zOI/U/6YxX/m/DGL/yz5Yxb/WfPHLP5fzx+z+M+WP2bx/0b+mMX/m/ljFv/Z88cs/t/KH7P4z5E/ZvGfM3/M4j9X/pjFf+78MYv/PPljFv9588cs/vPlj1n8588fs/gvkD9m8V8wf8zi/+38MYv/d/LHLP4L5Y9Z/L+bP2bxXzh/zOL/vfwxi//388cs/ovkj1n8F80fs/gvlj9m8V88f8ziv0T+mMV/yfwxi/8P8scs/kvlj1n8f5g/ZvH/Uf6YxX/p/LH/UP9BH7Iefpn8sf9Q/3f7++1/2fwxi/9y+WMW/x/nj1n8l88fs/ivkD9m8f9J/pjFf8X8sUEXDRo6M//Z/ivlj1m2/5Xzxyz+q+SPWfxXzR+z+K+WP2bxXz1/zOL/0/wxi/8a+WMW/zXzxyz+a+WPWfzXzh+z+K+TP2bxXzd/zOL/s/wxi/96+WMW//Xzxyz+G+SPWfx/nj9m8d8wf8zi/4v8MYv/RvljFv+N88cs/pvkj1n8f5k/ZvH/Vf6YxX/T/DGL/2b5Yxb/zfPHLP5b5I9Z/LfMH7P4b5U/ZvHfOn/M4r9N/pjFf9v8MYv/dvljFv9f549Z/H+TP2bx3z5/zOK/Q/6YxX/H/DGL/075Yxb/3+aPWfx/lz9m8f99/pjFf+f8MYv/LvljFv8/5I9Z/P+YP2bx3zV/zOL/p/wxi/9u+WMW/93zxyz+e+SPWfz/nD9m8f9L/pjFf8/8MYv/XvljFv+988cs/vvkj1n8980fs/jvlz9m8d8/f8zif0D+mMX/wPwxi/9B+WMW/4Pzxyz+h+SPWfwPzR+z+B+WP2bxPzx/zOJ/RP6Yxf/I/DGL/1H5Yxb/o/PHLP7H5I9Z/I/NH7P4H5c/ZvE/Pn/M4n9C/pjF/8T8MYv/SfljFv+T88cs/qfkj1n8T80fs/iflj9m8T89f8zif0b+mMX/zPwxi/9Z+WMW/7Pzxyz+5+SPWfzPzR+z+J+XP2bxPz9/zOJ/Qf6Yxf/C/DGL/0X5Yxb/i/PHLP6X5I9Z/C/NH7P4X5Y/ZvG/PH/M4n9F/pjF/6/5Yxb/K/PHLP5X5Y9Z/K/OH7P4X5M/ZvG/Nn/M4n9d/pjF//r8MYv/DfljFv8b88cs/jflj1n8b84fs/jfkj9m8b81f8zif1v+mMX/9vwxi/8d+WMW/zvzxyz+d+WPWfzvzh+z+N+TP2bxvzd/zOJ/X/6Yxf/+/DGL/wP5Yxb/B/PHLP4P5Y9Z/B/OH7P4P5I/ZvF/NH/M4v9Y/pjF//H8MYv/E/ljFv8n88cs/k/lj1n8n84fs/g/kz9m8X82f8zi/1z+mMX/+fwxi/8L+WMW/xfzHxgJLrP4v5Q/ZvF/OX/M4v9K/pjF/9X8MYv/a/ljFv/X88cs/m/kj1n838wfs/i/lT9m8X87f8zi/07+mMR/hIH8MYv/oPwxi/8w+WMW/2Hzxyz+g/PHLP7D5Y9Z/IfPH7P4j5A/ZvEfMX/M4j9S/pjFf+T8MYv/KPljFv9R88cs/qPlj1n8R88fs/iPkT9m8R8zf8ziP1b+QxvxH85Z/MfOH7P4fyp/zOI/Tv6YxX/c/DGL/6fzxyz+4+WPWfzHzx+z+H8mf8ziP0H+mMX/s/ljFv8J88cs/hPlj1n8J84fs/hPkj9m8Z80f8zi/7n8MYv/ZPljFv/J88cs/lPkj1n8p8wfs/hPlT9m8f98/pjFf+r8MYv/F/LHLP5fzB+z+H8pf8zi/+X8MYv/V/LHLP5fzR+z+E+TP2bxnzZ/zOI/Xf6YxX/6/DGL/wz5Yxb/GfPHLP5fyx+z+M+UP2bxnzl/zOI/S/6YxX/W/DGL/9fzxyz+s+WPWfy/kT9m8f9m/pjFf/b8MYv/t/LHLP5z5I9Z/OfMH7P4z5U/ZvGfO3/M4j9P/pjFf978MYv/fPljFv/588cs/gvkj1n8F8wfs/h/O3/M4v+d/DGL/0L5Yxb/7+aPWfwXzh+z+H8vf8zi//38MYv/IvljFv9F88cs/ovlj1n8F88fs/gvkT9m8V8yf8zi/4P8MYv/UvljFv8f5o9Z/H+UP2bxXzp/zOK/TP6YxX/Z/DGL/3L5Yxb/H+ePWfyXzx+z+K+QP2bx/0n+mMV/xfwxi/9K+WMW/5Xzxyz+q+SPWfxXzR+z+K+WP2bxXz1/zOL/0/wxi/8a+WMW/zXzxyz+a+WPWfzXzh+z+K+TP2bxXzd/zOL/s/wxi/96+WMW//Xzxyz+G+SPWfx/nj9m8d8wf8zi/4v8MYv/RvljFv+N88cs/pvkj1n8f5k/ZvH/Vf6YxX/T/DGL/2b5Yxb/zfPHLP5b5I9Z/LfMH7P4b5U/ZvHfOn/M4r9N/pjFf1v0b42w+G+XNmbx/3X+mMX/N/ljFv/t88cs/jvkj1n8d3zP/613Pqlx/Ztm8d+p7R+z+P82f8zi/7v8MYv/7/PHLP47549Z/HfJH7P4/yF/zOL/x/wxi/+u+WMW/z/lj1n8d8sfs/jvnj9m8d8jf8zi/+f8MYv/X/LHLP575o9Z/PfKH7P4750/ZvHfJ3/M4r9v/pjFf7/8MYv//vljFv8D8scs/gfmj1n8D8ofs/gfnD9m8T8kf8zif2j+mMX/sPwxi//h+WMW/yPyxyz+R+aPWfyPyh+z+B+dP2bxPyZ/zOJ/bP6Yxf+4/DGL//H5Yxb/E/LHLP4n5o9Z/E/KH7P4n5w/ZvE/JX/M4n9q/pjF/7T8MYv/6fljFv8z8scs/mfmj1n8z8ofs/ifnT9m8T8nf8zif27+mMX/vPwxi//5+WMW/wvyxyz+F+aPWfwvyh+z+F+cP2bxvyR/zOJ/af6Yxf+y/DGL/+X5Yxb/K/LHLP5/zR+z+F+ZP2bxvyp/zOJ/df6Yxf+a/DGL/7X5Yxb/6/LHLP7X549Z/G/IH7P435g/ZvG/KX/M4n9z/pjF/5b8MYv/rfljFv/b8scs/rfnj1n878gfs/jfmT9m8b8rf8zif3f+mMX/nvwxi/+9+WMW//vyxyz+9+ePWfwfyB+z+D+YP2bxfyh/zOL/cP6Yxf+R/DGL/6P5Yxb/x/LHLP6P549Z/J/IH7P4P5k/ZvF/Kn/M4v90/pjF/5n8MYv/s/ljFv/n8scs/s/nj1n8X8gfs/i/mD9m8X8pf8zi/3L+mMX/lfwxi/+r+WMW/9fyxyz+r+ePWfzfyB+z+L+ZP2bxfyt/zOL/dv6Yxf+d/DGJ/4gD+WMW/0H5Yxb/YfLHLP7D5o9Z/Afnj1n8h8sfs/gPnz9m8R8hf8ziP2L+mMV/pPwxi//I+WMW/1Hyxyz+o+aPWfxHyx+z+I+eP2bxHyN/zOI/Zv6YxX+s/DGL/9j5Yxb/T+WPWfzHyR+z+I+bP2bx/3T+mMV/vPwxi//4+WMW/8/kj1n8J8gfs/h/Nn/M4j9h/pjFf6L8MYv/xPljFv9J8scs/pPmj1n8P5c/ZvGfLH/M4j95/pjFf4r8MYv/lPljFv+p8scs/p/PH7P4T50/ZvH/Qv6Yxf+L+WMW/y/lj1n8v5w/ZvH/Sv6Yxf+r+WMW/2nyxyz+0+aPWfynyx+z+E+fP2bxnyF/zOI/Y/6Yxf9r+WMW/5nyxyz+M+ePWfxnyR+z+M+aP2bx/3r+mMV/tvwxi/838scs/t/MH7P4z54/ZvH/Vv6YxX+O/DGL/5z5Yxb/ufLHLP5z549Z/OfJH7P4z5s/ZvGfL3/M4j9//pjFf4H8MYv/gvljFv9v549Z/L+TP2bxXyh/zOL/3fwxi//C+WMW/+/lj1n8v58/ZvFfJH/M4r9o/pjFf7H8MYv/4vljFv8l8scs/kvmj1n8f5A/ZvFfKn/M4v/D/DGL/4/yxyz+S+ePWfyXyR+z+C+bP2bxXy5/zOL/4/wxi//y+WMW/xXyxyz+P8kfs/ivmD9m8V8pf8ziv3L+mMV/lfwxi/+q+WMW/9Xyxyz+q+ePWfx/mj9m8V8jf8ziv2b+mMV/rfwxi//a+WMW/3Xyxyz+6+aPWfx/lj9m8V8vf8ziv37+mMV/g/wxi//P88cs/hvmj1n8f5E/ZvHfKH/M4r9x/pjFf5P8MYv/L/PHLP6/yh+z+G+aP2bx3yx/zOK/ef6YxX+L/DGL/5b5Yxb/rfLHLP5b549Z/LfJH7P4b5s/ZvHfLn/M4v/r/DGL/2/yxyz+2+ePWfx3yB+z+O+YP2bx3yl/zOL/2/wxi//v8scs/r/PH7P475w/ZvHfJX/M4v+H/DGL/x/zxyz+u+aPWfz/lD9m8d8tf8ziv3v+mMV/j/wxi/+f88cs/n/JH7P475k/ZvHfK3/M4r93/pjFf5/8MYv/vvljFv/98scs/vvnj1n8D8gfs/gfmD9m8T8of8zif3D+mMX/kPwxi/+h+WMW/8Pyxyz+h+ePWfyPyB+z+B+ZP2bxPyp/zOJ/dP6Yxf+Y/DGL/7H5Yxb/4/LHLP7H549Z/E/IH7P4n5g/ZvE/KX/M4n9y/pjF/5T8MYv/qfljFv/T8scs/qfnj1n8z8gfs/ifmT9m8T8rf8zif3b+mMX/nPwxi/+5+WMW//Pyxyz+5+ePWfwvyB+z+F+YP2bxvyh/zOJ/cf6Yxf+S/DGL/6X5Yxb/y/LHLP6X549Z/K/IH7P4/zV/zOJ/Zf6Yxf+q/DGL/9X5Yxb/a/LHLP7X5o9Z/K/LH7P4X58/ZvG/IX/M4n9j/pjF/6b8MYv/zfljFv9b8scs/rfmj1n8b8sfs/jfnj9m8b8jf8zif2f+mMX/rvwxi//d+WMW/3vyxyz+9+aPWfzvyx+z+N+fP2bxfyB/zOL/YP6Yxf+h/DGL/8P5Yxb/R/LHLP6P5o9Z/B/LH7P4P54/ZvF/In/M4v9k/pjF/6n8MYP/oMEDIz6dP2bwH7L9P5M/ZvF/Nn/M4v9c/pjF//n8MYv/C/ljFv8X88cs/i/lj1n8X84fs/i/kj9m8X81f8zi/1r+mMX/9fwxi/8b+WMW/zfzxyz+b+WPWfzfzh+z+L+TPybxH2kgf8ziPyh/zOI/TP6YxX/Y/DGL/+D8MYv/cPljFv/h88cs/iPkj1n8R8wfs/iPlD9m8R85f8ziP0r+mMV/1Pwxi/9o+WMW/9Hzxyz+Y+SPWfzHzB+z+I+VP2bxHzt/zOL/qfwxi/84+WMW/3Hzxyz+n84fs/iPlz9m8R8/f8zi/5n8MYv/BPljFv/P5o9Z/CfMH7P4T5Q/ZvGfOH/M4j9J/pjFf9L8MYv/5/LHLP6T5Y9Z/CfPH7P4T5E/ZvGfMn/M4j9V/pjF//P5Yxb/qfPHLP5fyB+z+H8xf8zi/6X8MYv/l/PHLP5fyR+z+H81f8ziP03+mMV/2oGBzT+pIf07Z/Gfru0fs/hPnz9m8Z8hf8ziP2P+mMX/a/ljFv+Z8scs/jPnj1n8Z8kfs/jPmj9m8f96/pjFf7b8MYv/N/LHLP7fzB+z+M+eP2bx/1b+mMV/jvwxi/+c+WMW/7nyxyz+c+ePWfznyR+z+M+bP2bxny9/zOI/f/6YxX+B/DGL/4L5Yxb/b+ePWfy/kz9m8V8of8zi/938MYv/wvljFv/v5Y9Z/L+fP2bxXyR/zOK/aP6YxX+x/DGL/+L5Yxb/JfLHLP5L5o9Z/H+QP2bxXyp/zOL/w/wxi/+P8scs/kvnj1n8l8kfs/gvmz9m8V8uf8zi/+P8MYv/8vljFv8V8scs/j/JH7P4r5g/ZvFfKX/M4r9y/pjFf5X8MYv/qvljFv/V8scs/qvnj1n8f5o/ZvFfI3/M4r9m/pjFf638MYv/2vljFv918scs/uvmj1n8f5Y/ZvFfL3/M4r9+/pjFf4P8MYv/z/PHLP4b5o9Z/H+RP2bx3yh/zOK/cf6YxX+T/DGL/y/zxyz+v8ofs/hvmj9m8d8sf8ziv3n+mMV/i/wxi/+W+WMW/63yxyz+W+ePWfy3yR+z+G+bP2bx3y5/zOL/6/wxi/9v8scs/tvnj1n8d8gfs/jvmD9m8d8pf8zi/9v8MYv/7/LHLP6/zx+z+O+cP2bx3yV/zOL/h/wxi/8f88cs/rvmj1n8/5Q/ZvHfLX/M4r97/pjFf4/8MYv/n/PHLP5/yR+z+O+ZP2bx3yt/zOK/d/6YxX+f/DGL/775Yxb//fLHLP77549Z/A/IH7P4H5g/ZvE/KH/M4n9w/pjF/5D8MYv/ofljFv/D8scs/ofnj1n8j8gfs/gfmT9m8T8qf8zif3T+mMX/mPwxi/+x+WMW/+Pyxyz+x+ePWfxPyB+z+J+YP2bxPyl/zOJ/cv6Yxf+U/DGL/6n5Yxb/0/LHLP6n549Z/M/IH7P4n5k/ZvE/K3/M4n92/pjF/5z8MYv/ufljFv/z8scs/ufnj1n8L8gfs/hfmD9m8b8of8zif3H+mMX/kvwxi/+l+WMW/8vyxyz+l+ePWfyvyB+z+P81f8zif2X+mMX/qvwxi//V+WMW/2vyxyz+1+aPWfyvyx+z+F+fP2bxvyF/zOJ/Y/6Yxf+m/DGL/835Yxb/W/LHLP635o9Z/G/LH7P4354/ZvG/I3/M4n9n/pjF/678MYv/3fljFv978scs/vfmj1n878sfs/jfnz9m8X8gf8zi/2D+mMX/ofwxi//D+WMW/0fyxyz+j+aPWfwfyx+z+D+eP2bxfyJ/zOL/ZP6Yxf+p/DGL/9P5Yxb/Z/LHLP7P5o9Z/J/LH7P4P58/ZvF/IX/M4v9i/pjF/6X8MYv/y/ljFv9X8scs/q/mj1n8X8sfs/i/nj9m8X8jf8zi/2b+mMX/rfwxi//b+WMW/3fyxyT+Iw/kj1n8B+WPWfyHyR+z+A+bP2bxH5w/ZvEfLn/M4j98/pjFf4T8MYv/iPljFv+R8scs/iPnj1n8R8kfs/iPmj9m8R8tf8ziP3r+mMV/jPwxi/+Y+WMW/7Hyxyz+Y+ePWfw/lT9m8R8nf8ziP27+mMX/0/ljFv/x8scs/uPnj1n8P5M/ZvGfIH/M4v/Z/DGL/4T5Yxb/ifLHLP4T549Z/CfJH7P4T5o/ZvH/XP6YxX+y/DGL/+T5Yxb/KfLHLP5T5o9Z/KfKH7P4fz5/zOI/df6Yxf8L+WMW/y/mj1n8v5Q/ZvH/cv6Yxf8r+WMW/6/mj1n8p8kfs/hPmz9m8Z8uf8ziP33+mMV/hvwxi/+M+WMW/6/lj1n8Z8ofs/jPnD9m8Z8lf8ziP2v+mMX/6/ljFv/Z8scs/t/IH7P4fzN/zOI/e/6Yxf9b+WMW/znyxyz+c+aPWfznyh+z+M+dP2bxnyd/zOI/b/6YxX++/DGL//z5Yxb/BfLHLP4L5o9Z/L+dP2bx/07+mMV/ofwxi/9388cs/gvnj1n8v5c/ZvH/fv6YxX+R/DGL/6L5Yxb/xfLHLP6L549Z/JfIH7P4L5k/ZvH/Qf6YxX+p/DGL/w/zxyz+P8ofs/gvnT9m8V8mf8ziv2z+mMV/ufwxi/+P88cs/svnj1n8V8gfs/j/JH/M4r9i/pjFf6X8MYv/yvljFv9V8scs/qvmj1n8V8sfs/ivnj9m8f9p/pjFf438MYv/mvljFv+18scs/mvnj1n818kfs/ivmz9m8f9Z/pjFf738MYv/+vljFv8N8scs/j/PH7P4b5g/ZvH/Rf6YxX+j/DGL/8b5Yxb/TfLHLP6/zB+z+P8qf8ziv2n+mMV/s/wxi//m+WMW/y3yxyz+W+aPWfy3yh+z+G+dP2bx3yZ/zOK/bf6YxX+7/DGL/6/zxyz+v8kfs/hvnz9m8d8hf8ziv2P+mMV/p/wxi/9v88cs/r/LH7P4/z5/zOK/c/6YxX+X/DGL/x/yxyz+f8wfs/jvmj9m8f9T/pjFf7f8MYv/7vljFv898scs/n/OH7P4/yV/zOK/Z/6YxX+v/DGL/975Yxb/ffLHLP775o9Z/PfLH7P4758/ZvE/IH/M4n9g/pjF/6D8MYv/wfljFv9D8scs/ofmj1n8D8sfs/gfnj9m8T8if8zif2T+mMX/qPwxi//R+WMW/2Pyxyz+x+aPWfyPyx+z+B+fP2bxPyF/zOJ/Yv6Yxf+k/DGL/8n5Yxb/U/LHLP6n5o9Z/E/LH7P4n54/ZvE/I3/M4n9m/pjF/6z8MYv/2fljFv9z8scs/ufmj1n8z8sfs/ifnz9m8b8gf8zif2H+mMX/ovwxi//F+WMW/0vyxyz+l+aPWfwvyx+z+F+eP2bxvyJ/zOL/1/wxi/+V+WMW/6vyxyz+V+ePWfyvyR+z+F+bP2bxvy5/zOJ/ff6Yxf+G/DGL/435Yxb/m/LHLP43549Z/G/JH7P435o/ZvG/LX/M4n97/pjF/478MYv/nfljFv+78scs/nfnj1n878kfs/jfmz9m8b8vf8zif3/+mMX/gfwxi/+D+WMW/4fyxyz+D+ePWfwfyR+z+D+aP2bxfyx/zOL/eP6Yxf+J/DGL/5P5Yxb/p/LHLP5P549Z/J/JH7P4P5s/ZvF/Ln/M4v98/pjF/4X8MYv/i/ljFv+X8scs/i/nj1n8X8kfs/i/mj9m8X8tf8zi/3r+mMX/jfwxi/+b+WMW/7fyxyz+b+ePWfzfyR+T+I8ykD9m8R+UP2bxHyZ/zOI/bP6YxX9w/pjFf7j8MYv/8PljFv8R8scs/iPmj1n8R8ofs/iPnD9m8R8lf8ziP2r+mMV/tPwxi//o+WMW/zHyxyz+Y+aPWfzHyh+z+I+dP2bx/1T+mMV/nPwxi/+4+WMW/0/nj1n8x8sfs/iPnz9m8f9M/pjFf4L8MYv/Z/PHLP4T5o9Z/CfKH7P4T5w/ZvGfJH/M4j9p/pjF/3P5Yxb/yfLHLP6T549Z/KfIH7P4T5k/ZvGfKn/M4v/5/DGL/9T5Yxb/L+SPWfy/mD9m8f9S/pjF/8v5Yxb/r+SPWfy/mj9m8Z8mf8ziP23+mMV/uvwxi//0+WMW/xnyxyz+M+aPWfy/lj9m8Z8pf8ziP3P+mMV/lvwxi/+s+WMW/6/nj1n8Z8sfs/h/I3/M4v/N/DGL/+z5Yxb/b+WPWfznyB+z+M+ZP2bxnyt/zOI/d/6YxX+e/DGL/7z5Yxb/+fLHLP7z549Z/BfIH7P4L5g/ZvH/dv6Yxf87+WMW/4Xyxyz+380fs/gvnD9m8f9e/pjF//v5Yxb/RfLHLP6L5o9Z/BfLH7P4L54/ZvFfIn/M4r9k/pjF/wf5Yxb/pfLHLP4/zB+z+P8of8ziv3T+mMV/mfwxi/+y+WMW/+Xyxyz+P84fs/gvnz9m8V8hf8zi/5P8MYv/ivljFv+V8scs/ivnj1n8V8kfs/ivmj9m8V8tf8ziv3r+mMX/p/ljFv818scs/mvmj1n818ofs/ivnT9m8V8nf8ziv27+mMX/Z/ljFv/18scs/uvnj1n8N8gfs/j/PH/M4r9h/pjF/xf5Yxb/jfLHLP4b549Z/DfJH7P4/zJ/zOL/q/wxi/+m+WMW/83yxyz+m+ePWfy3yB+z+G+ZP2bx3yp/zOK/df6YxX+b/DGL/7b5Yxb/7fLHLP6/zh+z+P8mf8ziv33+mMV/h/wxi/+O+WMW/53yxyz+v80fs/j/Ln/M4v/7/DGL/875Yxb/XfLHLP5/yB+z+P8xf8ziv2v+mMX/T/ljFv/d8scs/rvnj1n898gfs/j/OX/M4v+X/DGL/575Yxb/vfLHLP57549Z/PfJH7P475s/ZvHfL3/M4r9//pjF/4D8MYv/gfljFv+D8scs/gfnj1n8D8kfs/gfmj9m8T8sf8zif3j+mMX/iPwxi/+R+WMW/6Pyxyz+R+ePWfyPyR+z+B+bP2bxPy5/zOJ/fP6Yxf+E/DGL/4n5Yxb/k/LHLP4n549Z/E/JH7P4n5o/ZvE/LX/M4n96/pjF/4z8MYv/mflj7/sPjDgw8J/sf1b+mGX7Pzt/zOJ/Tv6Yxf/c/DGL/3n5Yxb/8/PHLP4X5I9Z/C/MH7P4X5Q/ZvG/OH/M4n9J/pjF/9L8MYv/ZfljFv/L88cs/lfkj1n8/5o/ZvG/Mn/M4n9V/pjF/+r8MYv/NfljFv9r88cs/tflj1n8r88fs/jfkD9m8b8xf8zif1P+mMX/5vwxi/8t+WMW/1vzxyz+t+WPWfxvzx+z+N+RP2bxvzN/zOJ/V/6Yxf/u/DGL/z35Yxb/e/PHLP735Y9Z/O/PH7P4P5A/ZvF/MH/M4v9Q/pjF/+H8MYv/I/ljFv9H88cs/o/ljzn8k/+oHP4DozzRWoBZ/J/MH7P4P5U/ZvF/On/M4v9M/pjF/9n8MYv/c/ljFv/n88cs/i/kj1n8X8wfs/i/lD9m8X85f8zi/0r+mMX/1fwxi/9r+WMW/9fzxyz+b+SPWfzfzB+z+L+VP2bxfzt/zOL/Tv6YxH/Ugfwxi/+g/DGL/zD5Yxb/YfPHLP6D88cs/sPlj1n8h88fs/iPkD9m8R8xf8ziP1L+mMV/5Pwxi/8o+WMW/1Hzxyz+o+WPWfxHzx+z+I+RP2bxHzN/zOI/Vv6YxX/s/DGL/6fyxyz+4+SPWfzHzR+z+H86f8ziP17+mMV//Pwxi/9n8scs/hPkj1n8P5s/ZvGfMH/M4j9R/pjFf+L8MYv/JPljFv9J88cs/p/LH7P4T5Y/ZvGfPH/M4j9F/pjFf8r8MYv/VPljFv/P549Z/KfOH7P4fyF/zOL/xfwxi/+X8scs/l/OH7P4fyV/zOL/1fwxi/80+WMW/2nzxyz+0+WPWfynzx+z+M+QP2bxnzF/zOL/tfwxi/9M+WMW/5nzxyz+s+SPWfxnzR+z+H89f8ziP1v+mMX/G/ljFv9v5o9Z/GfPH7P4fyt/zOI/R/6YxX/O/DGL/1z5Yxb/ufPHLP7z5I9Z/OfNH7P4z5c/ZvGfP3/M4r9A/pjFf8H8MYv/t/PHLP7fyR+z+C+UP2bx/27+mMV/4fwxi//38scs/t/PH7P4L5I/ZvFfNH/M4r9Y/pjFf/H8MYv/EvljFv8l88cs/j/IH7P4L5U/ZvH/Yf6Yxf9H+WMW/6Xzxyz+y+SPWfyXzR+z+C+XP2bx/3H+mMV/+fwxi/8K+WMW/5/kj1n8V8wfs/ivZPT/F+6wxX9lo/+/kMV/lfwxi/+q+WMW/9Xyxyz+q+ePWfx/mj9m8V8jf8ziv2b+mMV/rfwxi//a+WMW/3Xyxyz+6+aPWfx/lj9m8V8vf8ziv37+mMV/g/wxi//P88cs/hvmj1n8f5E/ZvHfKH/M4r9x/pjFf5P8MYv/L/PHLP6/yh+z+G+aP2bx3yx/zOK/ef6YxX+L/DGL/5b5Yxb/rfLHLP5b549Z/LfJH7P4b5s/ZvHfLn/M4v/r/DGL/2/yxyz+2+ePWfx3yB+z+O+YP2bx3yl/zOL/2/wxi//v8scs/r/PH7P475w/ZvHfJX/M4v+H/DGL/x/zxyz+u+aPWfz/lD9m8d8tf8ziv3v+mMV/j/wxi/+f88cs/n/JH7P475k/ZvHfK3/M4r93/pjFf5/8MYv/vvljFv/98scs/vvnj1n8D8gfs/gfmD9m8T8of8zif3D+mMX/kPwxi/+h+WMW/8Pyxyz+h+ePWfyPyB+z+B+ZP2bxPyp/zOJ/dP6Yxf+Y/DGL/7H5Yxb/4/LHLP7H549Z/E/IH7P4n5g/ZvE/KX/M4n9y/pjF/5T8MYv/qfljFv/T8scs/qfnj1n8z8gfs/ifmT9m8T8rf8zif3b+mMX/nPwxi/+5+WMW//Pyxyz+5+ePWfwvyB+z+F+YP2bxvyh/zOJ/cf6Yxf+S/DGL/6X5Yxb/y/LHLP6X549Z/K/IH7P4/zV/zOJ/Zf6Yxf+q/DGL/9X5Yxb/a/LHLP7X5o9Z/K/LH7P4X58/ZvG/IX/M4n9j/pjF/6b8MYv/zfljFv9b8scs/rfmj1n8b8sfs/jfnj9m8b8jf8zif2f+mMX/rvwxi//d+WMW/3vyxyz+9+aPWfzvyx+z+N+fP2bxfyB/zOL/YP6Yxf+h/DGL/8P5Yxb/R/LHLP6P5o9Z/B/LH7P4P54/ZvF/In/M4v9k/pjF/6n8MYv/0/ljFv9n8scs/s/mj1n8n8sfs/g/nz9m8X8hf8zi/2L+mMX/pfwxi//L+WMW/1fyxyz+r+aPWfxfyx+z+L+eP2bxfyN/zOL/Zv6Yxf+t/DGL/9v5Yxb/d/LHJP6jDeSPWfwH5Y9Z/IfJH7P4D5s/ZvEfnD9m8R8uf8ziP3z+mMV/hPwxi/+I+WMW/5Hyxyz+I+ePWfxHyR+z+I+aP2bxHy1/zOI/ev6YxX+M/DGL/5j5Yxb/sfLHLP5j549Z/D+VP2bxHyd/zOI/bv6Yxf/T+WMW//Hyxyz+4+ePWfw/kz9m8Z8gf8zi/9n8MYv/hPljFv+J8scs/hPnj1n8J8kfs/hPmj9m8f9c/pjFf7L8MYv/5PljFv8p8scs/lPmj1n8p8ofs/h/Pn/M4j91/pjF/wv5Yxb/L+aPWfy/lD9m8f9y/pjF/yv5Yxb/r+aPWfynyR+z+E+bP2bxny5/zOI/ff6YxX+G/DGL/4z5Yxb/r+WPWfxnyh+z+M+cP2bxnyV/7B/8h1425ic8pv9PfYT/rPljlu3/6/ljFv/Z8scs/t/IH7P4fzN/zOI/e/6Yxf9b+WMW/znyxyz+c+aPWfznyh+z+M+dP2bxnyd/zOI/b/6YxX++/DGL//z5Yxb/BfLHLP4L5o9Z/L+dP2bx/07+mMV/ofwxi/9388cs/gvnj1n8v5c/ZvH/fv6YxX+R/DGL/6L5Yxb/xfLHLP6L549Z/JfIH7P4L5k/ZvH/Qf6YxX+p/DGL/w/zxyz+P8ofs/gvnT9m8V8mf8ziv2z+mMV/ufwxi/+P88cs/svnj1n8V8gfs/j/JH/M4r9i/pjFf6X8MYv/yvljFv9V8scs/qvmj1n8V8sfs/ivnj9m8f9p/pjFf438MYv/mvljFv+18scs/mvnj1n818kfs/ivmz9m8f9Z/pjFf738MYv/+vljFv8N8scs/j/PH7P4b5g/ZvH/Rf6YxX+j/DGL/8b5Yxb/TfLHLP6/zB+z+P8qf8ziv2n+mMV/s/wxi//m+WMW/y3yxyz+W+aPWfy3yh+z+G+dP2bx3yZ/zOK/bf6YxX+7/DGL/6/zxyz+v8kfs/hvnz9m8d8hf8ziv2P+mMV/p/wxi/9v88cs/r/LH7P4/z5/zOK/c/6YxX+X/LH/VP8RP+T/h/yx/1T/gQ/5/zF/zOK/a/6Yxf9P+WMW/93yxyz+u+ePWfz3yB+z+P85f8zi/5f8MYv/nvljFv+98scs/nvnj1n898kfs/jvmz9m8d8vf8ziv3/+mMX/gPwxi/+B+WMW/4Pyxyz+B+ePWfwPyR+z+B+aP2bxPyx/zOJ/eP6Yxf+I/DGL/5H5Yxb/o/LHLP5H549Z/I/JH7P4H5s/ZvE/Ln/M4n98/pjF/4T8MYv/ifljFv+T8scs/ifnj1n8T8kfs/ifmj9m8T8tf8zif3r+mMX/jPwxi/+Z+WMW/7Pyxyz+Z+ePWfzPyR+z+J+bP2bxPy9/zOJ/fv6Yxf+C/DGL/4X5Yxb/i/LHLP4X549Z/C/JH7P4X5o/ZvG/LH/M4n95/pjF/4r8MYv/X/PHLP5X5o9Z/K/KH7P4X50/ZvG/Jn/M4n9t/pjF/7r8MYv/9fljFv8b8scs/jfmj1n8b8ofs/jfnD9m8b8lf8zif2v+mMX/tvwxi//t+WMW/zvyxyz+d+aPWfzvyh+z+N+dP2bxvyd/zOJ/b/6Yxf++/DGL//35Yxb/B/LHLP4P5o9Z/B/KH7P4P5w/ZvF/5MP+W/wvj+vfNIv/o23/mMX/sfwxi//j+WMW/yfyxyz+T+aPWfyfyh+z+D+dP2bxfyZ/zOL/bP6Yxf+5/DGL//P5Yxb/F/LHLP4v5o9Z/F/KH7P4v5w/ZvF/JX/M4v9q/pjF/7X8MYv/6/ljFv838scs/m/mj1n838ofs/i/nT9m8X8nf0ziP/pA/pjFf1D+mMV/mPwxi/+w+WMW/8H5Yxb/4fLHLP7D549Z/EfIH7P4j5g/ZvEfKX/M4j9y/pjFf5T8MYv/qPljFv/R8scs/qPnj1n8x8gfs/iPmT9m8R8rf8ziP3b+mMX/U/ljFv9x8scs/uPmj1n8P50/ZvEfL3/M4j9+/pjF/zP5Yxb/CfLHLP6fzR+z+E+YP2bxnyh/zOI/cf6YxX+S/DGL/6T5Yxb/z+WPWfwnyx+z+E+eP2bxnyJ/zOI/Zf6YxX+q/DGL/+fzxyz+U+ePWfy/kD9m8f9i/pjF/0v5Yxb/L+ePWfy/kj9m8f9q/pjFf5r8MYv/tPljFv/p8scs/tPnj1n8Z8gfs/jPmD9m8f9a/pjFf6b8MYv/zPljFv9Z8scs/rPmj1n8v54/ZvGfLX/M4v+N/DGL/zfzxyz+s+ePWfy/lT9m8Z8jf8ziP2f+mMV/rvwxi//c+WMW/3nyxyz+8+aPWfznyx+z+M+fP2bxXyB/zOK/YP6Yxf/b+WMW/+/kj1n8F8ofs/h/N3/M4r9w/pjF/3v5Yxb/7+ePWfwXyR+z+C+aP2bxXyx/zOK/eP6YxX+J/DGL/5L5Yxb/H+SPWfyXyh+z+P8wf8zi/6P8MYv/0vljFv9l8scs/svmj1n8l8sfs/j/OH/M4r98/pjFf4X8MYv/T/LHLP4r5o9Z/FfKH7P4r5w/ZvFfJX/M4r9q/pjFf7X8MYv/6vljFv+f5o9Z/NfIH7P4r5k/ZvFfK3/M4r92/pjFf538MYv/uvljFv+f5Y9Z/NfLH7P4r58/ZvHfIH/M4v/z/DGL/4b5Yxb/X+SPWfw3yh+z+G+cP2bx3yR/zOL/y/wxi/+v8scs/pvmj1n8N8sfs/hvnj9m8d8if8ziv2X+mMV/q/wxi//W+WMW/23yxyz+2+aPWfy3yx+z+P86f8zi/5v8MYv/9vljFv8d8scs/jvmj1n8d8ofs/j/Nn/M4v+7/DGL/+/zxyz+O+ePWfx3yR+z+P8hf8zi/8f8MYv/rvljFv8/5Y9Z/HfLH7P4754/ZvHfI3/M4v/n/DGL/1/yxyz+e+aPWfz3yh+z+O+dP2bx3yd/zOK/b/6YxX+//DGL//75Yxb/A/LHLP4H5o9Z/A/KH7P4H5w/ZvE/JH/M4n9o/pjF/7D8MYv/4fljFv8j8scs/kfmj1n8j8ofs/gfnT9m8T8mf8zif2z+mMX/uPwxi//x+WMW/xPyxyz+J+aPWfxPyh+z+J+cP2bxPyV/zOJ/av6Yxf+0/DGL/+n5Yxb/M/LHLP5n5o9Z/M/KH7P4n50/ZvE/J3/M4n9u/pjF/7z8MYv/+fljFv8L8scs/hfmj1n8L8ofs/hfnD9m8b8kf8zif2n+mMX/svwxi//l+WMW/yvyxyz+f80fs/hfmT9m8b8qf8zif3X+mMX/mvwxi/+1+WMW/+vyxyz+1+ePWfxvyB+z+N+YP2bxvyl/zOJ/c/6Yxf+W/DGL/635Yxb/2/LHLP63549Z/O/IH7P435k/ZvG/K3/M4n93/pjF/578MYv/vfljFv/78scs/vfnj1n8H8gfs/g/mD9m8X8of8zi/3D+mMX/kfwxi/+j+WMW/8fyxyz+j+ePWfyfyB+z+D+ZP2bxfyp/zOL/dP6Yxf+Z/DGL/7P5Yxb/5/LHLP7P549Z/F/IH7P4v5g/ZvF/KX/M4v9y/pjF/5X8MYv/q/ljFv/X8scs/q/nj1n838gfs/i/mT9m8X8rf8zi/3b+mMX/nfwxif8YA/ljFv9B+WMW/2Hyxyz+w+aPWfwH549Z/IfLH7P4D58/ZvEfIX/M4j9i/pjFf6T8MYv/yPljFv9R8scs/qPmj1n8R8sfs/iPnj9m8R8jf8ziP2b+mMV/rPwxi//Y+WMW/0/lj1n8x8kfs/iPmz9m8f90/pjFf7z8MYv/+PljFv/P5I9Z/CfIH7P4fzZ/zOI/Yf6YxX+i/DGL/8T5Yxb/SfLHLP6T5o9Z/D+X//+PnbsP97qu7zj+454sZ592Xeo122UXGnNtRiKjUQtRUTzenDLRzHuEw01yIzcSYApstFLHpkvdLNjEwjFnq5Y43Fx3KxqWNVsjtlY5xbUwxhwsMmfsOnAOwdnbc+182ffr8v14/ME5v9/x/Ut5Xi9/Py+uq1CW/sP0D2Xpf5z+oSz9j9c/lKX/a/UPZek/XP9Qlv6/oH8oS/8T9A9l6f+L+oey9H+d/qEs/X9J/1CW/r+sfyhL/xP1D2Xp/3r9Q1n6j9A/lKX/G/QPZel/kv6hLP1H6h/K0v9k/UNZ+o/SP5Sl/6/oH8rSf7T+oSz936h/KEv/X9U/lKX/GP1DWfq/Sf9Qlv5v1j+Upf+v6R/K0v8t+oey9B+rfyhL/1P0D2XpP07/UJb+p+ofytL/NP1DWfqfrn8oS//x+oey9D9D/1CW/mfqH8rSf4L+oSz9z9I/lKV/m/6hLP3P1j+Upf85+oey9D9X/1CW/ufpH8rSv13/UJb+b9U/lKX/2/QPZel/vv6hLP3frn8oS/8L9A9l6T9R/1CW/hfqH8rS/yL9Q1n6v0P/UJb+F+sfytL/nfqHsvS/RP9Qlv6X6h/K0v8y/UNZ+l+ufyhL/yv0D2Xpf6X+oSz9r9I/lKX/JP1DWfpfrX8oS//J+oey9J+ifyhL/w79Q1n6T9U/lKX/NP1DWfpP1z+Upf8M/UNZ+r9L/1CW/tfoH8rSf6b+oSz9Z+kfytJ/tv6hLP3n6B/K0v9a/UNZ+s/VP5Sl/zz9Q1n6z9c/lKX/Av1DWfpfp38oS/+F+oey9H+3/qEs/RfpH8rSf7H+oSz9l+gfytL/ev1DWfq/R/9Qlv436B/K0v9G/UNZ+i/VP5Sl/zL9Q1n6L9c/lKX/r+sfytL/N/QPZem/Qv9Qlv7v1T+Upf9v6h/K0v99+oey9H+//qEs/W/SP5Sl/836h7L0v0X/UJb+v6V/KEv/lfqHsvT/bf1DWfr/jv6hLP1v1T+Upf9t+oey9P9d/UNZ+n9A/1CW/rfrH8rS/w79Q1n636l/KEv/39M/lKX/7+sfytL/Lv1DWfp/UP9Qlv4f0j+Upf8q/UNZ+q/WP5Sl/x/oH8rS/w/1D2Xpf7f+oSz91+gfytL/Hv1DWfp/WP9Qlv4f0T+Upf9a/UNZ+t+rfyhL/z/SP5Sl/zr9Q1n6/7H+oSz979M/lKX/n+gfytL/fv1DWfp/VP9Qlv5/qn8oS/+P6R/K0v/j+oey9P+E/qEs/f9M/1CW/p/UP5Sl/wP6h7L0X69/KEv/B/UPZen/5/qHsvTfoH8oS/+H9A9l6f8X+oey9P9L/UNZ+j+sfyhL/7/SP5Sl/6f0D2Xp/2n9Q1n6f0b/UJb+n9U/lKX/5/QPZen/1/qHsvT/vP6hLP2/oH8oS/+N+oey9P+i/qEs/f9G/1CW/pv0D2Xp/4j+oSz9v6R/KEv/L+sfytL/Uf1DWfp/Rf9Qlv5f1T+Upf/f6h/K0v8x/UNZ+n9N/1CW/n+nfyhL/6/rH8rS/+/1D2Xpv1n/UJb+39A/lKX/Fv1DWfr/g/6hLP3/Uf9Qlv7f1D+Upf8/6R/K0v9b+oey9P+2/qEs/b+jfyhL/8f1D2Xp/8/6h7L0f0L/UJb+T+ofytJ/q/6hLP2f0j+Upf+/6B/K0v+7+oey9P9X/UNZ+n9P/1CW/tv0D2Xp/7T+oSz9v69/KEv/7fqHsvT/N/1DWfrv0D+Upf+/6x/K0v8Z/UNZ+v+H/qEs/XfqH8rSf5f+oSz9/1P/UJb+P9A/lKX/bv1DWfr/UP9Qlv7P6h/K0v9H+oey9H9O/1CW/v+lfyhL/+f1D2Xp/2P9Q1n679E/lKT/K1v6h7L076d/KEv//vqHsvQfoH8oS/+B+oey9B+kfyhL/8H6h7L0H6J/KEv/ofqHsvR/mf6hLP0P0z+Upf/L9Q9l6f8K/UNZ+h+ufyhL/5/RP5Sl/xH6h15y/QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP6/mb94yTWTZs7smOcb3/jGN/u/ebH/zQQAAPxf+8mH/hf77wQAAAAAAAAAAAAAAAAAAADyauL/TuzF/mcEAAAAAAAAAAAAAICfdm3tp24f0O+gpwYc+ODnH+3Y+3XU7ounr137YOn+2vXjc4KX7H/ggz179uxZ/czY8V0Ph7Rarc7/tVd2PR7a87jz9Zcdu+rofY/KuM/f+fgVEw8/d9762wZ+Y/Ut7U8P2vvsoNZVU2fM7HhD/1arnD6otajzwUn9Wq1y5qDWrZ0PRnY+mDCota7zwcl7H7ys9ZnOB6+fPGfmlM4nzqr8ewYvFW3ty1oDDlps66B/Gxy4/2XHPjG9+2svL9n9agNbXfsftv5LR/X4WbcX2H/365dTe+6/z/+AwAvq2/6f3dL9tZeX/B/v/x/etHtJ9LMX3n/365fT7B/qE3z+P2ijPT/39/j8/5rgJfffnzJ00+2d+2+78L5Xdz018H/z+f8nr19O77n//gd9/u/8HD+++/P/kFarnHGIvx2QSlv78u29vf/3vv+BP9fjpt+B+7/nK1tf0bn/e59rreh6alAf9z++t/f/m3r8vQJ909a+Zk+P9/8+7L81PHjJ/fvftv7wvZ//t94/+cgDftaX/Z/Rc/8jFsy6dsT8xUtOnDFr0rSOaR2zx4wcfdKoMWNGjx6x9xPBvl8P8TcFkji09//WYT1u+rVaHfvvN953y/jO/e94aMVHup4a2sf9n9nr+/9rvP9DaFj/1uDBrUWTFiyYd9K+X7sfjtz3676/LNh/H/77/7gTuv6y7j8z7NdqHb3/fvgVY4Z07v/6uWVD11OD+7j/Cb3uf9zBf1YJ9M0hvv9P6XFz0P5P2Xbjws79H/+DV23teqqv//1/Vq/7v9v7PxyKtvZWrW+infs/ecjys6tdlzZ//gf1aWL/x+68dVe163K2/UN9mtj/xJVvvrradTnH/qE+Tez/wVlXrqx2Xc61f6hPE/t//md3HVPtupxn/1CfJvb/2HefWlvturTbP9Snif1/8K72k6tdl7faP9Snif2feN0Px1a7Lm+zf6hPE/uf+vIL1lW7LufbP9Snif2fvee0I6tdl7fbP9Snif33W/69ZdWuywX2D/VpYv9PTlo5p9p1mWj/UJ8m9r/u2OHPVrsuF9o/1KeJ/a94+o0Tql2Xi+wf6tPE/r96x6rHql2Xd9g/1KeJ/X/isletqnZdLrZ/qE8T+//RsIcOq3Zd3mn/UJ8m9r9587oHql2XS+wf6tPE/levGzCs2nW51P6hPk3sf+lZ0x6tdl0us3+oTxP7HzX6y5dWuy6X2z/Up4n9H/25bz1V7bpcYf9Qnyb2f8HDC+dXuy5X2j/Up4n9Lzzm4z+udl2usn+oTxP7f0vHMdOrXZdJ9g/1aWL/5bbDNle7LlfbP9Snif1fsmPNuGrXZbL9Q32a2P+GI77wsWrXZYr9Q32a2P/OubPHVLsuHfYP9Wli/99579L3VbsuU+0f6tPE/m9/7uul2nWZZv9Qnyb2v23kJZdVuy7T7R/q08T+15z7zCPVrssM+4f6NLH/lRseX1DturzL/qE+Tex/48Zznqh2Xa6xf6hPE/s/fviIw6tdl5n2D/VpYv9zLl7xoWrXZZb9Q32a2P/p99/x2mrXZbb9Q32a2P/Qr439ZLXrMsf+oT5N7P/TY9//qWrX5Vr7h/o0sf9d4447odp1mWv/UJ8m9r/lgZF3Vrsu8+wf6tPE/j/wyF0Vr8t8+4f6NLH/ua97fke167LA/qE+Tez/TRMvWlztulxn/1CfJvZ/5N0Tvljtuiy0f6hPE/u//NvfP7/adXm3/UN9mtj/cUdd/epq12WR/UN9mtj/9Bmbbq52XRbbP9Snif2PX71lVLXrssT+oT5N7P+IJ+ffU+26XG//UJ8m9r99wFHnVbsu77F/qE8T+7/3hoe/We263GD/UJ8m9n/zTR/tqHZdbrR/qE8T+//s7sE7q12XpfYPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/zQ4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsAPHAgAAAADC/K2D6N0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICjAAAA//8mu+jL")
creat(&(0x7f0000000a80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x19f)
mkdirat(0xffffffffffffff9c, &(0x7f0000001dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4, 0x1)
rename(&(0x7f0000001800)='./file0\x00', &(0x7f0000001080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
symlink(&(0x7f0000000280)='.\x02\x00', &(0x7f00000002c0)='.\x02\x00')

0s ago: executing program 3 (id=1210):
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)

kernel console output (not intermixed with test programs):

pfx_call_rcu+0x10/0x10
[  191.366075][ T7332]  ? radix_tree_delete_item+0x2b6/0x400
[  191.366098][ T7332]  gfs2_kill_sb+0x5c/0x430
[  191.366119][ T7332]  ? shrinker_free+0x2ce/0x3e0
[  191.366138][ T7332]  deactivate_locked_super+0xbc/0x130
[  191.366158][ T7332]  cleanup_mnt+0x425/0x4c0
[  191.366175][ T7332]  ? lockdep_hardirqs_on+0x9c/0x150
[  191.366196][ T7332]  task_work_run+0x1d4/0x260
[  191.366215][ T7332]  ? __pfx_task_work_run+0x10/0x10
[  191.366235][ T7332]  ? exit_to_user_mode_loop+0x55/0x4f0
[  191.366259][ T7332]  exit_to_user_mode_loop+0xff/0x4f0
[  191.366278][ T7332]  ? rcu_is_watching+0x15/0xb0
[  191.366306][ T7332]  do_syscall_64+0x2e9/0xfa0
[  191.366328][ T7332]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  191.366345][ T7332]  ? clear_bhb_loop+0x60/0xb0
[  191.366365][ T7332]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  191.366382][ T7332] RIP: 0033:0x7fdd253909f7
[  191.366397][ T7332] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  191.366411][ T7332] RSP: 002b:00007fff14ecb278 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  191.366430][ T7332] RAX: 0000000000000000 RBX: 00007fdd25411d7d RCX: 00007fdd253909f7
[  191.366442][ T7332] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff14ecb330
[  191.366453][ T7332] RBP: 00007fff14ecb330 R08: 0000000000000000 R09: 0000000000000000
[  191.366463][ T7332] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff14ecc3c0
[  191.366475][ T7332] R13: 00007fdd25411d7d R14: 000000000002ead9 R15: 00007fff14ecc400
[  191.366506][ T7332]  </TASK>
[  191.615313][ T7332] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  191.655750][ T8357] macvtap0: left promiscuous mode
[  191.770143][ T8385] loop5: detected capacity change from 0 to 32768
[  191.786101][ T8385] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.603 (8385)
[  191.818104][ T8385] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  191.847593][ T8385] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm
[  191.873608][ T1164] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  191.887683][ T8381] loop3: detected capacity change from 0 to 40427
[  191.893411][ T1164] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  191.919921][ T8381] F2FS-fs (loop3): build fault injection rate: 771
[  191.965230][ T1164] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  192.004978][ T8381] F2FS-fs (loop3): invalid crc value
[  192.030180][ T1164] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  192.140704][ T8385] BTRFS info (device loop5): rebuilding free space tree
[  192.158051][ T8406] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  192.234551][ T8385] BTRFS info (device loop5): disabling free space tree
[  192.264955][ T8385] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  192.335963][ T8385] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  192.404362][ T8381] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  192.439116][ T8385] BTRFS info (device loop5): enabling ssd optimizations
[  192.448268][ T8381] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  192.476581][ T8385] BTRFS info (device loop5): turning on sync discard
[  192.503774][ T8385] BTRFS info (device loop5): force clearing of disk cache
[  192.596136][   T30] audit: type=1800 audit(1762433600.673:60): pid=8385 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.603" name="file1" dev="loop5" ino=260 res=0 errno=0
[  192.685938][   T30] audit: type=1800 audit(1762433600.743:61): pid=8429 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.603" name="file1" dev="loop5" ino=260 res=0 errno=0
[  192.789008][ T5822] syz-executor: attempt to access beyond end of device
[  192.789008][ T5822] loop3: rw=2049, sector=45096, nr_sectors = 24 limit=40427
[  192.855958][ T5822] CPU: 1 UID: 0 PID: 5822 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  192.855985][ T5822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  192.855996][ T5822] Call Trace:
[  192.856004][ T5822]  <TASK>
[  192.856012][ T5822]  dump_stack_lvl+0x189/0x250
[  192.856043][ T5822]  ? __pfx_dump_stack_lvl+0x10/0x10
[  192.856068][ T5822]  ? __pfx_queue_work_on+0x10/0x10
[  192.856088][ T5822]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  192.856110][ T5822]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  192.856145][ T5822]  f2fs_handle_critical_error+0x37c/0x540
[  192.856180][ T5822]  f2fs_write_end_io+0x886/0xb60
[  192.856220][ T5822]  __submit_merged_bio+0x27a/0x6a0
[  192.856253][ T5822]  __submit_merged_write_cond+0x255/0x530
[  192.856287][ T5822]  f2fs_write_data_pages+0x261d/0x3000
[  192.856348][ T5822]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  192.856391][ T5822]  ? is_bpf_text_address+0x292/0x2b0
[  192.856410][ T5822]  ? is_bpf_text_address+0x26/0x2b0
[  192.856470][ T5822]  ? stack_trace_save+0x9c/0xe0
[  192.856490][ T5822]  ? __pfx_stack_trace_save+0x10/0x10
[  192.856535][ T5822]  ? __lock_acquire+0xab9/0xd20
[  192.856567][ T5822]  ? do_raw_spin_lock+0x121/0x290
[  192.856600][ T5822]  ? do_raw_spin_unlock+0x122/0x240
[  192.856618][ T5822]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  192.856638][ T5822]  do_writepages+0x32e/0x550
[  192.856676][ T5822]  ? do_raw_spin_unlock+0x122/0x240
[  192.856700][ T5822]  filemap_fdatawrite+0x199/0x240
[  192.856724][ T5822]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  192.856808][ T5822]  ? do_raw_spin_unlock+0x122/0x240
[  192.856832][ T5822]  f2fs_sync_dirty_inodes+0x31f/0x830
[  192.856870][ T5822]  f2fs_write_checkpoint+0x93e/0x2440
[  192.856887][ T5822]  ? stack_depot_save_flags+0x40/0x860
[  192.856944][ T5822]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  192.857013][ T5822]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  192.857031][ T5822]  ? kfree+0x19a/0x6d0
[  192.857068][ T5822]  kill_f2fs_super+0x2cc/0x6d0
[  192.857096][ T5822]  ? __pfx_kill_f2fs_super+0x10/0x10
[  192.857138][ T5822]  ? shrinker_free+0x2ce/0x3e0
[  192.857163][ T5822]  deactivate_locked_super+0xbc/0x130
[  192.857186][ T5822]  cleanup_mnt+0x425/0x4c0
[  192.857205][ T5822]  ? lockdep_hardirqs_on+0x9c/0x150
[  192.857230][ T5822]  task_work_run+0x1d4/0x260
[  192.857274][ T5822]  ? __pfx_task_work_run+0x10/0x10
[  192.857300][ T5822]  ? exit_to_user_mode_loop+0x55/0x4f0
[  192.857326][ T5822]  exit_to_user_mode_loop+0xff/0x4f0
[  192.857346][ T5822]  ? rcu_is_watching+0x15/0xb0
[  192.857375][ T5822]  do_syscall_64+0x2e9/0xfa0
[  192.857399][ T5822]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  192.857416][ T5822]  ? clear_bhb_loop+0x60/0xb0
[  192.857444][ T5822]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  192.857460][ T5822] RIP: 0033:0x7f6b235909f7
[  192.857478][ T5822] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  192.857492][ T5822] RSP: 002b:00007ffc6a275b78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  192.857512][ T5822] RAX: 0000000000000000 RBX: 00007f6b23611d7d RCX: 00007f6b235909f7
[  192.857523][ T5822] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc6a275c30
[  192.857534][ T5822] RBP: 00007ffc6a275c30 R08: 0000000000000000 R09: 0000000000000000
[  192.857544][ T5822] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc6a276cc0
[  192.857556][ T5822] R13: 00007f6b23611d7d R14: 000000000002f08a R15: 00007ffc6a276d00
[  192.857593][ T5822]  </TASK>
[  192.857600][ T5822] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  193.231970][ T5822] CPU: 1 UID: 0 PID: 5822 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  193.231994][ T5822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  193.232004][ T5822] Call Trace:
[  193.232012][ T5822]  <TASK>
[  193.232019][ T5822]  dump_stack_lvl+0x189/0x250
[  193.232053][ T5822]  ? __pfx_dump_stack_lvl+0x10/0x10
[  193.232077][ T5822]  ? __pfx_queue_work_on+0x10/0x10
[  193.232098][ T5822]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  193.232119][ T5822]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  193.232151][ T5822]  f2fs_handle_critical_error+0x37c/0x540
[  193.232184][ T5822]  f2fs_write_end_io+0x886/0xb60
[  193.232224][ T5822]  __submit_merged_bio+0x27a/0x6a0
[  193.232253][ T5822]  __submit_merged_write_cond+0x255/0x530
[  193.232284][ T5822]  f2fs_write_data_pages+0x261d/0x3000
[  193.232343][ T5822]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  193.232377][ T5822]  ? is_bpf_text_address+0x292/0x2b0
[  193.232396][ T5822]  ? is_bpf_text_address+0x26/0x2b0
[  193.232459][ T5822]  ? stack_trace_save+0x9c/0xe0
[  193.232478][ T5822]  ? __pfx_stack_trace_save+0x10/0x10
[  193.232524][ T5822]  ? __lock_acquire+0xab9/0xd20
[  193.232555][ T5822]  ? do_raw_spin_lock+0x121/0x290
[  193.232588][ T5822]  ? do_raw_spin_unlock+0x122/0x240
[  193.232607][ T5822]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  193.232626][ T5822]  do_writepages+0x32e/0x550
[  193.232665][ T5822]  ? do_raw_spin_unlock+0x122/0x240
[  193.232689][ T5822]  filemap_fdatawrite+0x199/0x240
[  193.232712][ T5822]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  193.232795][ T5822]  ? do_raw_spin_unlock+0x122/0x240
[  193.232818][ T5822]  f2fs_sync_dirty_inodes+0x31f/0x830
[  193.232856][ T5822]  f2fs_write_checkpoint+0x93e/0x2440
[  193.232873][ T5822]  ? stack_depot_save_flags+0x40/0x860
[  193.232928][ T5822]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  193.232998][ T5822]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  193.233015][ T5822]  ? kfree+0x19a/0x6d0
[  193.233052][ T5822]  kill_f2fs_super+0x2cc/0x6d0
[  193.233080][ T5822]  ? __pfx_kill_f2fs_super+0x10/0x10
[  193.233120][ T5822]  ? shrinker_free+0x2ce/0x3e0
[  193.233145][ T5822]  deactivate_locked_super+0xbc/0x130
[  193.233168][ T5822]  cleanup_mnt+0x425/0x4c0
[  193.233188][ T5822]  ? lockdep_hardirqs_on+0x9c/0x150
[  193.233213][ T5822]  task_work_run+0x1d4/0x260
[  193.233236][ T5822]  ? __pfx_task_work_run+0x10/0x10
[  193.233260][ T5822]  ? exit_to_user_mode_loop+0x55/0x4f0
[  193.233288][ T5822]  exit_to_user_mode_loop+0xff/0x4f0
[  193.233307][ T5822]  ? rcu_is_watching+0x15/0xb0
[  193.233336][ T5822]  do_syscall_64+0x2e9/0xfa0
[  193.233359][ T5822]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  193.233376][ T5822]  ? clear_bhb_loop+0x60/0xb0
[  193.233398][ T5822]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  193.233415][ T5822] RIP: 0033:0x7f6b235909f7
[  193.233429][ T5822] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  193.233443][ T5822] RSP: 002b:00007ffc6a275b78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  193.233468][ T5822] RAX: 0000000000000000 RBX: 00007f6b23611d7d RCX: 00007f6b235909f7
[  193.233479][ T5822] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc6a275c30
[  193.233489][ T5822] RBP: 00007ffc6a275c30 R08: 0000000000000000 R09: 0000000000000000
[  193.233499][ T5822] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc6a276cc0
[  193.233510][ T5822] R13: 00007f6b23611d7d R14: 000000000002f08a R15: 00007ffc6a276d00
[  193.233547][ T5822]  </TASK>
[  193.233555][ T5822] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  193.360435][ T6307] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  193.366448][ T5822] CPU: 1 UID: 0 PID: 5822 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  193.366473][ T5822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  193.366484][ T5822] Call Trace:
[  193.366491][ T5822]  <TASK>
[  193.366498][ T5822]  dump_stack_lvl+0x189/0x250
[  193.366531][ T5822]  ? __pfx_dump_stack_lvl+0x10/0x10
[  193.366554][ T5822]  ? __pfx_queue_work_on+0x10/0x10
[  193.366575][ T5822]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  193.366595][ T5822]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  193.366636][ T5822]  f2fs_handle_critical_error+0x37c/0x540
[  193.366667][ T5822]  f2fs_write_end_io+0x886/0xb60
[  193.366703][ T5822]  __submit_merged_bio+0x27a/0x6a0
[  193.366735][ T5822]  __submit_merged_write_cond+0x255/0x530
[  193.366765][ T5822]  f2fs_write_data_pages+0x261d/0x3000
[  193.366815][ T5822]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  193.366845][ T5822]  ? is_bpf_text_address+0x292/0x2b0
[  193.366864][ T5822]  ? is_bpf_text_address+0x26/0x2b0
[  193.366909][ T5822]  ? stack_trace_save+0x9c/0xe0
[  193.366928][ T5822]  ? __pfx_stack_trace_save+0x10/0x10
[  193.366966][ T5822]  ? __lock_acquire+0xab9/0xd20
[  193.366994][ T5822]  ? do_raw_spin_lock+0x121/0x290
[  193.367022][ T5822]  ? do_raw_spin_unlock+0x122/0x240
[  193.367039][ T5822]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  193.367057][ T5822]  do_writepages+0x32e/0x550
[  193.367091][ T5822]  ? do_raw_spin_unlock+0x122/0x240
[  193.367113][ T5822]  filemap_fdatawrite+0x199/0x240
[  193.367136][ T5822]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  193.367204][ T5822]  ? do_raw_spin_unlock+0x122/0x240
[  193.367222][ T5822]  f2fs_sync_dirty_inodes+0x31f/0x830
[  193.367251][ T5822]  f2fs_write_checkpoint+0x93e/0x2440
[  193.367266][ T5822]  ? stack_depot_save_flags+0x40/0x860
[  193.367309][ T5822]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  193.367364][ T5822]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  193.367380][ T5822]  ? kfree+0x19a/0x6d0
[  193.367414][ T5822]  kill_f2fs_super+0x2cc/0x6d0
[  193.367439][ T5822]  ? __pfx_kill_f2fs_super+0x10/0x10
[  193.367474][ T5822]  ? shrinker_free+0x2ce/0x3e0
[  193.367497][ T5822]  deactivate_locked_super+0xbc/0x130
[  193.367518][ T5822]  cleanup_mnt+0x425/0x4c0
[  193.367536][ T5822]  ? lockdep_hardirqs_on+0x9c/0x150
[  193.367560][ T5822]  task_work_run+0x1d4/0x260
[  193.367581][ T5822]  ? __pfx_task_work_run+0x10/0x10
[  193.367604][ T5822]  ? exit_to_user_mode_loop+0x55/0x4f0
[  193.367635][ T5822]  exit_to_user_mode_loop+0xff/0x4f0
[  193.367655][ T5822]  ? rcu_is_watching+0x15/0xb0
[  193.367683][ T5822]  do_syscall_64+0x2e9/0xfa0
[  193.367705][ T5822]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  193.367721][ T5822]  ? clear_bhb_loop+0x60/0xb0
[  193.367741][ T5822]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  193.367757][ T5822] RIP: 0033:0x7f6b235909f7
[  193.367772][ T5822] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  193.367786][ T5822] RSP: 002b:00007ffc6a275b78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  193.367803][ T5822] RAX: 0000000000000000 RBX: 00007f6b23611d7d RCX: 00007f6b235909f7
[  193.367815][ T5822] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc6a275c30
[  193.367825][ T5822] RBP: 00007ffc6a275c30 R08: 0000000000000000 R09: 0000000000000000
[  193.367836][ T5822] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc6a276cc0
[  193.367846][ T5822] R13: 00007f6b23611d7d R14: 000000000002f08a R15: 00007ffc6a276d00
[  193.367877][ T5822]  </TASK>
[  193.367884][ T5822] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  193.593782][ T8440] overlayfs: invalid redirect ((null))
[  194.123541][ T8430] loop7: detected capacity change from 0 to 32768
[  194.250035][ T8449] loop1: detected capacity change from 0 to 64
[  194.353424][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  194.361920][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  195.544154][ T8470] loop1: detected capacity change from 0 to 32768
[  195.558653][ T8470] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.618 (8470)
[  195.564962][ T8465] loop7: detected capacity change from 0 to 32768
[  195.593734][ T8470] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  195.609665][ T8470] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  195.626251][ T5916] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  195.678222][ T8470] BTRFS info (device loop1): rebuilding free space tree
[  195.727015][ T8470] BTRFS info (device loop1): disabling free space tree
[  195.741594][ T8470] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  195.763907][ T8470] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  195.802075][ T8470] BTRFS info (device loop1): enabling ssd optimizations
[  195.806749][ T5916] usb 6-1: Using ep0 maxpacket: 16
[  195.824219][ T8470] BTRFS info (device loop1): turning on async discard
[  195.838052][ T5916] usb 6-1: config 0 has an invalid interface number: 214 but max is 0
[  195.846210][ T8470] BTRFS info (device loop1): force clearing of disk cache
[  195.856363][ T5916] usb 6-1: config 0 has no interface number 0
[  195.866121][ T5916] usb 6-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  195.884108][ T8470] BTRFS info (device loop1): enabling auto defrag
[  195.901432][ T5916] usb 6-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  195.902780][ T8470] BTRFS info (device loop1): max_inline set to 4096
[  195.921170][ T5916] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  195.961784][ T5916] usb 6-1: Product: syz
[  195.973422][ T5916] usb 6-1: Manufacturer: syz
[  195.986193][ T5916] usb 6-1: SerialNumber: syz
[  196.009822][ T5916] usb 6-1: config 0 descriptor??
[  196.445147][ T5823] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  196.585671][ T8515] loop7: detected capacity change from 0 to 512
[  196.651186][ T8481] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  196.755047][ T5930] gfs2: fsid=syz:syz.0: file system withdrawn
[  196.760982][ T7332] gfs2: fsid=syz:syz.0: warning: assertion "gfs2_log_is_empty(sdp)" failed - function = gfs2_make_fs_ro, file = fs/gfs2/super.c, line = 564
[  196.779745][ T8481] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  196.806136][ T7332] CPU: 0 UID: 0 PID: 7332 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  196.806161][ T7332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  196.806171][ T7332] Call Trace:
[  196.806178][ T7332]  <TASK>
[  196.806185][ T7332]  dump_stack_lvl+0x189/0x250
[  196.806216][ T7332]  ? __pfx_dump_stack_lvl+0x10/0x10
[  196.806239][ T7332]  ? __pfx__printk+0x10/0x10
[  196.806274][ T7332]  ? do_raw_spin_unlock+0x122/0x240
[  196.806297][ T7332]  gfs2_assert_warn_i+0x194/0x2c0
[  196.806335][ T7332]  gfs2_make_fs_ro+0x2f5/0x300
[  196.806355][ T7332]  ? __pfx_gfs2_make_fs_ro+0x10/0x10
[  196.806376][ T7332]  ? do_raw_spin_lock+0x121/0x290
[  196.806393][ T7332]  ? __pfx_autoremove_wake_function+0x10/0x10
[  196.806419][ T7332]  ? do_raw_spin_unlock+0x122/0x240
[  196.806440][ T7332]  gfs2_put_super+0x220/0x860
[  196.806462][ T7332]  ? __pfx_gfs2_put_super+0x10/0x10
[  196.806477][ T7332]  generic_shutdown_super+0x135/0x2c0
[  196.806500][ T7332]  kill_block_super+0x44/0x90
[  196.806522][ T7332]  deactivate_locked_super+0xbc/0x130
[  196.806542][ T7332]  cleanup_mnt+0x425/0x4c0
[  196.806559][ T7332]  ? lockdep_hardirqs_on+0x9c/0x150
[  196.806582][ T7332]  task_work_run+0x1d4/0x260
[  196.806602][ T7332]  ? __pfx_task_work_run+0x10/0x10
[  196.806625][ T7332]  ? exit_to_user_mode_loop+0x55/0x4f0
[  196.806649][ T7332]  exit_to_user_mode_loop+0xff/0x4f0
[  196.806668][ T7332]  ? rcu_is_watching+0x15/0xb0
[  196.806692][ T7332]  do_syscall_64+0x2e9/0xfa0
[  196.806713][ T7332]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  196.806729][ T7332]  ? clear_bhb_loop+0x60/0xb0
[  196.806750][ T7332]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  196.806766][ T7332] RIP: 0033:0x7fdd253909f7
[  196.806781][ T7332] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  196.806796][ T7332] RSP: 002b:00007fff14ecb278 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  196.806815][ T7332] RAX: 0000000000000000 RBX: 00007fdd25411d7d RCX: 00007fdd253909f7
[  196.806827][ T7332] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff14ecb330
[  196.806837][ T7332] RBP: 00007fff14ecb330 R08: 0000000000000000 R09: 0000000000000000
[  196.806848][ T7332] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff14ecc3c0
[  196.806859][ T7332] R13: 00007fdd25411d7d R14: 000000000002ead9 R15: 00007fff14ecc400
[  196.806891][ T7332]  </TASK>
[  196.848746][ T5916] input: syz syz as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.214/input/input10
[  197.237153][ T8521] team_slave_0: entered promiscuous mode
[  197.243310][ T8521] team_slave_1: entered promiscuous mode
[  197.294838][ T8521] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  197.329293][ T8530] loop1: detected capacity change from 0 to 128
[  197.356011][ T5931] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  197.367990][ T5916] usb 6-1: USB disconnect, device number 8
[  197.404291][ T8528] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  197.469007][ T8532] syz.1.638: attempt to access beyond end of device
[  197.469007][ T8532] loop1: rw=2049, sector=145, nr_sectors = 16 limit=128
[  197.529987][ T5931] usb 9-1: Using ep0 maxpacket: 32
[  197.552527][ T5931] usb 9-1: config 0 has an invalid interface number: 184 but max is 0
[  197.575357][ T8532] syz.1.638: attempt to access beyond end of device
[  197.575357][ T8532] loop1: rw=2049, sector=169, nr_sectors = 8 limit=128
[  197.595467][ T5931] usb 9-1: config 0 has no interface number 0
[  197.617307][ T5931] usb 9-1: config 0 interface 184 has no altsetting 0
[  197.628578][ T8532] syz.1.638: attempt to access beyond end of device
[  197.628578][ T8532] loop1: rw=2049, sector=185, nr_sectors = 8 limit=128
[  197.659410][ T5931] usb 9-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  197.662806][ T8532] syz.1.638: attempt to access beyond end of device
[  197.662806][ T8532] loop1: rw=2049, sector=201, nr_sectors = 8 limit=128
[  197.670569][ T5931] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  197.710977][ T8536] loop3: detected capacity change from 0 to 512
[  197.712934][ T5931] usb 9-1: Product: syz
[  197.718863][ T8532] syz.1.638: attempt to access beyond end of device
[  197.718863][ T8532] loop1: rw=2049, sector=217, nr_sectors = 8 limit=128
[  197.722440][ T5931] usb 9-1: Manufacturer: syz
[  197.738424][ T8536] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  197.779688][ T8532] syz.1.638: attempt to access beyond end of device
[  197.779688][ T8532] loop1: rw=2049, sector=233, nr_sectors = 8 limit=128
[  197.802325][ T5931] usb 9-1: SerialNumber: syz
[  197.824795][ T5931] usb 9-1: config 0 descriptor??
[  197.828306][ T8536] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  197.843697][ T8532] syz.1.638: attempt to access beyond end of device
[  197.843697][ T8532] loop1: rw=2049, sector=249, nr_sectors = 8 limit=128
[  197.848101][ T8536] ext4 filesystem being mounted at /133/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  197.874900][ T5931] smsc75xx v1.0.0
[  197.880707][ T8532] syz.1.638: attempt to access beyond end of device
[  197.880707][ T8532] loop1: rw=2049, sector=265, nr_sectors = 8 limit=128
[  197.894289][ T8532] syz.1.638: attempt to access beyond end of device
[  197.894289][ T8532] loop1: rw=2049, sector=281, nr_sectors = 8 limit=128
[  197.927935][ T8532] syz.1.638: attempt to access beyond end of device
[  197.927935][ T8532] loop1: rw=2049, sector=297, nr_sectors = 8 limit=128
[  197.980889][ T8536] EXT4-fs (loop3): shut down requested (2)
[  198.054514][ T8544] loop5: detected capacity change from 0 to 1024
[  198.139456][ T8544] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  198.179103][ T5822] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  198.196664][ T8551] input: syz0 as /devices/virtual/input/input11
[  198.210358][ T8544] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4193: comm syz.5.642: Allocating blocks 385-513 which overlap fs metadata
[  198.353999][ T8543] EXT4-fs (loop5): pa ffff888055fcf488: logic 16, phys. 129, len 24
[  198.363916][ T8543] EXT4-fs error (device loop5): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 8
[  198.524578][ T6307] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  198.730646][ T8567] loop7: detected capacity change from 0 to 2048
[  198.873269][ T5931] smsc75xx 9-1:0.184 (unnamed net_device) (uninitialized): EEPROM read operation timeout
[  198.904656][ T8573] syzkaller1: entered promiscuous mode
[  198.924464][ T8573] syzkaller1: entered allmulticast mode
[  198.985085][ T8575] loop7: detected capacity change from 0 to 2048
[  199.077895][ T5931] smsc75xx 9-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  199.113954][ T8577] loop3: detected capacity change from 0 to 1024
[  199.135965][ T5931] smsc75xx 9-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  199.148652][ T8577] EXT4-fs: Ignoring removed nomblk_io_submit option
[  199.150387][ T5931] smsc75xx 9-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  199.226384][ T5931] smsc75xx 9-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  199.238271][ T8577] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  199.277323][ T8577] System zones: 0-1, 3-36
[  199.287361][ T5931] smsc75xx 9-1:0.184: probe with driver smsc75xx failed with error -71
[  199.304148][ T8577] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  199.368412][ T5931] usb 9-1: USB disconnect, device number 3
[  199.599657][ T8584] capability: warning: `syz.3.655' uses 32-bit capabilities (legacy support in use)
[  199.741462][ T5822] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  200.061490][ T8569] loop5: detected capacity change from 0 to 32768
[  200.128751][ T8569] XFS (loop5): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  200.193476][ T8590] atomic_op ffff888077afa198 conn xmit_atomic 0000000000000000
[  200.307513][ T8581] loop1: detected capacity change from 0 to 131072
[  200.321005][ T8601] netlink: 'syz.8.661': attribute type 15 has an invalid length.
[  200.328863][ T8601] netlink: 24 bytes leftover after parsing attributes in process `syz.8.661'.
[  200.355937][ T8569] XFS (loop5): Ending clean mount
[  200.361244][ T8581] F2FS-fs (loop1): invalid crc value
[  200.443019][ T8581] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  200.460001][ T8581] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  200.720430][ T6307] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  200.802408][ T8608] loop3: detected capacity change from 0 to 4096
[  201.217188][ T5916] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  201.435163][ T8623] loop7: detected capacity change from 0 to 128
[  201.457848][ T5916] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  201.485037][ T5916] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  201.529195][ T5916] usb 9-1: Product: syz
[  201.534894][ T5916] usb 9-1: Manufacturer: syz
[  201.553457][ T5839] Bluetooth: hci0: command 0x0406 tx timeout
[  201.556864][ T5916] usb 9-1: SerialNumber: syz
[  201.561492][ T5843] Bluetooth: hci1: command 0x0406 tx timeout
[  201.676511][ T5931] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  201.713985][ T8630] loop3: detected capacity change from 0 to 128
[  201.770561][ T8630] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  201.823009][ T8630] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  201.856309][ T5931] usb 6-1: Using ep0 maxpacket: 32
[  201.878089][ T5931] usb 6-1: unable to get BOS descriptor or descriptor too short
[  201.898552][ T5931] usb 6-1: config 9 has an invalid interface number: 183 but max is 0
[  201.927000][ T5931] usb 6-1: config 9 has no interface number 0
[  201.933286][   T13] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  201.947717][ T5931] usb 6-1: config 9 interface 183 has no altsetting 0
[  201.964659][ T5931] usb 6-1: New USB device found, idVendor=1011, idProduct=3198, bcdDevice=d6.ee
[  201.983633][ T5931] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  202.002503][ T5931] usb 6-1: Product: syz
[  202.028762][ T5931] usb 6-1: Manufacturer: syz
[  202.033408][ T5931] usb 6-1: SerialNumber: syz
[  202.293520][ T5931] option 6-1:9.183: GSM modem (1-port) converter detected
[  202.356919][ T5931] usb 6-1: USB disconnect, device number 9
[  202.381252][ T5931] option 6-1:9.183: device disconnected
[  202.620212][ T5916] cdc_ncm 9-1:1.0: MAC-Address: 42:42:42:42:42:42
[  202.781975][ T8642] loop1: detected capacity change from 0 to 32768
[  202.843259][ T8642] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.678 (8642)
[  202.915248][ T5916] cdc_ncm 9-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.8-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[  203.010252][ T5916] usb 9-1: USB disconnect, device number 4
[  203.015108][ T8648] loop7: detected capacity change from 0 to 65536
[  203.033108][ T8642] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  203.077472][ T5916] cdc_ncm 9-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.8-1, CDC NCM (NO ZLP)
[  203.126040][ T8642] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  203.146134][ T5902] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  203.336144][ T5902] usb 4-1: Using ep0 maxpacket: 8
[  203.349897][ T5902] usb 4-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d
[  203.395029][ T5902] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  203.417961][ T5902] usb 4-1: Product: syz
[  203.430786][ T5902] usb 4-1: Manufacturer: syz
[  203.439926][ T8642] BTRFS info (device loop1): enabling ssd optimizations
[  203.451005][ T5902] usb 4-1: SerialNumber: syz
[  203.456406][ T8642] BTRFS info (device loop1): turning on async discard
[  203.463339][ T8642] BTRFS info (device loop1): enabling free space tree
[  203.491671][ T5902] usb 4-1: config 0 descriptor??
[  203.511066][ T5902] gspca_main: sonixj-2.14.0 probing 0c45:613e
[  203.570525][ T5931] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  203.718294][   T30] audit: type=1326 audit(1762433611.803:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8672 comm="syz.8.684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd2538f6c9 code=0x7fc00000
[  203.764192][ T5823] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  203.767823][ T5931] usb 6-1: config index 0 descriptor too short (expected 45, got 36)
[  203.784674][ T5931] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  203.797769][ T5931] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  203.811140][ T5931] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  203.823867][ T5931] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  203.856731][ T5931] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  203.893731][ T5931] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  203.930835][ T5931] usb 6-1: config 0 descriptor??
[  203.943573][ T8654] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  204.375453][ T5931] plantronics 0003:047F:FFFF.0009: reserved main item tag 0xd
[  204.409273][ T5931] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  204.479609][   T30] audit: type=1326 audit(1762433612.563:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8672 comm="syz.8.684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdd2538f6c9 code=0x7fc00000
[  204.694210][ T8693] batadv0: entered promiscuous mode
[  204.719745][ T8691] batadv0: left promiscuous mode
[  204.731044][ T5902] gspca_sonixj: reg_w1 err -71
[  204.776410][ T5902] sonixj 4-1:0.0: probe with driver sonixj failed with error -71
[  204.804021][  T793] usb 6-1: USB disconnect, device number 10
[  204.811950][ T5902] usb 4-1: USB disconnect, device number 8
[  204.939554][ T8696] block nbd1: NBD_DISCONNECT
[  204.969725][ T8696] block nbd1: Send disconnect failed -32
[  205.009401][ T8696] block nbd1: Send disconnect failed -32
[  205.043571][ T8694] block nbd1: Disconnected due to user request.
[  205.063046][ T8694] block nbd1: shutting down sockets
[  205.280349][ T8703] loop1: detected capacity change from 0 to 256
[  205.329767][ T8703] exfat: Deprecated parameter 'utf8'
[  205.335148][ T8703] exfat: Deprecated parameter 'namecase'
[  205.452758][ T8708] warning: `syz.7.699' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  205.476023][ T8703] exFAT-fs (loop1): failed to load upcase table (idx : 0x00012153, chksum : 0xc3dffc2e, utbl_chksum : 0xe619d30d)
[  205.667234][ T8712] netlink: 'syz.5.701': attribute type 15 has an invalid length.
[  205.700811][ T8712] netlink: 24 bytes leftover after parsing attributes in process `syz.5.701'.
[  206.006016][  T793] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  206.189786][  T793] usb 8-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  206.213523][ T8730] block nbd0: server does not support multiple connections per device.
[  206.223397][  T793] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  206.226942][ T8730] block nbd0: shutting down sockets
[  206.267281][  T793] usb 8-1: config 0 descriptor??
[  206.940102][ T8727] loop3: detected capacity change from 0 to 32768
[  207.032032][ T8727] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  207.041532][ T5931] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  207.086599][ T8738] loop5: detected capacity change from 0 to 32768
[  207.107313][ T8738] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.711 (8738)
[  207.208190][ T5931] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  207.217278][ T8738] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  207.223065][ T5931] usb 9-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  207.258261][ T5931] usb 9-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  207.287777][ T8727] XFS (loop3): Ending clean mount
[  207.288237][ T5931] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  207.302213][ T8738] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm
[  207.311571][ T8738] BTRFS warning (device loop5): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  207.344295][ T5931] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  207.359802][ T5931] usb 9-1: Product: syz
[  207.366341][ T5931] usb 9-1: Manufacturer: syz
[  207.373305][ T5931] usb 9-1: SerialNumber: syz
[  207.490081][ T5822] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  207.512254][ T8738] BTRFS info (device loop5): rebuilding free space tree
[  207.521033][  T793] usb 8-1: Cannot set autoneg
[  207.531873][  T793] MOSCHIP usb-ethernet driver 8-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  207.580122][ T8738] BTRFS info (device loop5): disabling free space tree
[  207.602722][ T8738] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  207.605918][  T793] usb 8-1: USB disconnect, device number 8
[  207.620174][ T5931] usblp 9-1:1.0: usblp0: USB Unidirectional printer dev 5 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  207.641852][ T8738] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  207.691186][ T8738] BTRFS info (device loop5): enabling ssd optimizations
[  207.708701][ T8738] BTRFS info (device loop5): enabling disk space caching
[  207.716292][ T8738] BTRFS info (device loop5): force clearing of disk cache
[  207.729159][ T8738] BTRFS info (device loop5): enabling auto defrag
[  207.754455][ T8738] BTRFS info (device loop5): max_inline set to 0
[  207.814548][   T43] usb 9-1: USB disconnect, device number 5
[  207.827616][   T43] usblp0: removed
[  207.978055][   T13] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared)
[  208.081617][ T6307] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  208.344344][ T8780] loop7: detected capacity change from 0 to 4096
[  208.501673][ T8783] syzkaller1: entered promiscuous mode
[  208.547635][ T8783] syzkaller1: entered allmulticast mode
[  208.597983][ T8789] overlayfs: failed to clone upperpath
[  209.319530][ T8785] loop1: detected capacity change from 0 to 32768
[  209.411597][ T8785] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.721 (8785)
[  209.468674][ T8785] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  209.496034][ T8785] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  209.504883][ T8785] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  209.844647][ T8785] BTRFS info (device loop1): rebuilding free space tree
[  209.906095][ T8785] BTRFS info (device loop1): disabling free space tree
[  209.926120][ T8785] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  209.955937][ T8785] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  210.049631][ T8785] BTRFS info (device loop1): enabling ssd optimizations
[  210.077612][ T8785] BTRFS info (device loop1): enabling disk space caching
[  210.105383][ T8785] BTRFS info (device loop1): force clearing of disk cache
[  210.130853][ T8785] BTRFS info (device loop1): enabling auto defrag
[  210.162467][ T8785] BTRFS info (device loop1): max_inline set to 0
[  210.174045][ T8788] loop8: detected capacity change from 0 to 32768
[  210.219119][ T8788] XFS (loop8): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  210.276802][   T30] audit: type=1800 audit(1762433618.363:64): pid=8785 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.721" name="file1" dev="loop1" ino=260 res=0 errno=0
[  210.333350][ T8788] XFS (loop8): Ending clean mount
[  210.400152][ T7033] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared)
[  210.668106][ T5823] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  210.750687][ T7332] XFS (loop8): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  210.880100][ T8835] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  211.425012][ T8850] netlink: 8 bytes leftover after parsing attributes in process `syz.7.739'.
[  211.452070][ T8850] netlink: 4 bytes leftover after parsing attributes in process `syz.7.739'.
[  211.524632][ T1164] netdevsim netdevsim7 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  211.545033][ T8850] netlink: 8 bytes leftover after parsing attributes in process `syz.7.739'.
[  211.554407][ T1164] netdevsim netdevsim7 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  211.563899][ T8850] netlink: 4 bytes leftover after parsing attributes in process `syz.7.739'.
[  211.596695][ T1164] netdevsim netdevsim7 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  211.619458][ T1164] netdevsim netdevsim7 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  212.053283][ T8871] loop1: detected capacity change from 0 to 2048
[  212.084878][ T8871] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  212.105797][ T8871] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  212.335668][ T8881] netlink: 64 bytes leftover after parsing attributes in process `syz.1.751'.
[  212.759650][ T5930] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  212.946655][ T5930] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  212.968876][ T5930] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  213.020219][ T5930] usb 9-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  213.039986][ T5930] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  213.058844][ T5930] usb 9-1: config 0 descriptor??
[  213.386628][ T5931] usb 6-1: new full-speed USB device number 11 using dummy_hcd
[  213.480782][ T5930] cm6533_jd 0003:0D8C:0022.000A: unknown main item tag 0x0
[  213.499604][ T5930] cm6533_jd 0003:0D8C:0022.000A: unknown main item tag 0x0
[  213.514762][ T5930] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/0003:0D8C:0022.000A/input/input13
[  213.560269][ T5931] usb 6-1: config 1 has an invalid interface number: 105 but max is 0
[  213.574186][ T5930] cm6533_jd 0003:0D8C:0022.000A: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.8-1/input0
[  213.589572][ T5931] usb 6-1: config 1 has no interface number 0
[  213.596667][ T5931] usb 6-1: config 1 interface 105 has no altsetting 0
[  213.607774][ T5931] usb 6-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  213.623082][ T5931] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  213.631341][ T5931] usb 6-1: Product: syz
[  213.635521][ T5931] usb 6-1: Manufacturer: syz
[  213.640439][ T5931] usb 6-1: SerialNumber: syz
[  213.728135][  T793] usb 9-1: USB disconnect, device number 6
[  213.811461][ T8919] fido_id[8919]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.8/usb9/report_descriptor': No such file or directory
[  214.546114][ T5931] aqc111 6-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -32
[  214.807762][ T5931] aqc111 6-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[  214.862315][ T8940] loop8: detected capacity change from 0 to 1024
[  214.906036][ T5931] aqc111 6-1:1.105 eth17: register 'aqc111' at usb-dummy_hcd.5-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 40:ca:e0:e2:4d:8d
[  214.951361][ T5931] usb 6-1: USB disconnect, device number 11
[  214.965092][ T5931] aqc111 6-1:1.105 eth17: unregister 'aqc111' usb-dummy_hcd.5-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter
[  214.980187][ T8925] loop1: detected capacity change from 0 to 32768
[  215.025268][ T8925] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.770 (8925)
[  215.081113][ T8925] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  215.103278][ T8942] bio_check_eod: 1 callbacks suppressed
[  215.103295][ T8942] syz.8.777: attempt to access beyond end of device
[  215.103295][ T8942] loop8: rw=0, sector=201326592, nr_sectors = 2 limit=1024
[  215.119166][ T8925] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  215.169116][ T8927] loop7: detected capacity change from 0 to 32768
[  215.178854][ T8942] Buffer I/O error on dev loop8, logical block 100663296, async page read
[  215.196971][ T5931] aqc111 6-1:1.105 eth17 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  215.208288][ T8927] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.771 (8927)
[  215.225663][ T8942] hfsplus: unable to mark blocks free: error -5
[  215.246335][ T5931] aqc111 6-1:1.105 eth17 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  215.266072][ T5931] aqc111 6-1:1.105 eth17 (unregistered): Failed to write(0x61) reg index 0x0000: -19
[  215.287247][ T8940] syz.8.777: attempt to access beyond end of device
[  215.287247][ T8940] loop8: rw=0, sector=201326592, nr_sectors = 2 limit=1024
[  215.314128][ T8927] BTRFS error: failed to open device for path /dev/loop7 with flags 0x23: -13
[  215.360442][ T8942] hfsplus: can't free extent: start 133, count 1
[  215.385456][ T8940] Buffer I/O error on dev loop8, logical block 100663296, async page read
[  215.418483][ T8940] hfsplus: unable to mark blocks free: error -5
[  215.476361][ T8925] BTRFS info (device loop1): enabling ssd optimizations
[  215.483387][ T8925] BTRFS info (device loop1): turning on async discard
[  215.497554][ T8940] hfsplus: can't free extent: start 0, count 1
[  215.533833][ T8925] BTRFS info (device loop1): enabling free space tree
[  215.599659][    C1] vcan0: j1939_tp_rxtimer: 0xffff8880564cfc00: rx timeout, send abort
[  215.928241][ T5823] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  215.971581][ T8973] loop5: detected capacity change from 0 to 4096
[  216.099825][    C1] vcan0: j1939_tp_rxtimer: 0xffff8880564cc800: rx timeout, send abort
[  216.110904][    C1] vcan0: j1939_tp_rxtimer: 0xffff8880564cfc00: abort rx timeout. Force session deactivation
[  216.237929][ T8979] 8021q: adding VLAN 0 to HW filter on device bond1
[  216.295524][ T8979] bridge0: port 3(bond1) entered blocking state
[  216.339931][ T8979] bridge0: port 3(bond1) entered disabled state
[  216.406626][ T8979] bond1: entered allmulticast mode
[  216.481051][ T8979] bond1: entered promiscuous mode
[  216.608814][    C1] vcan0: j1939_tp_rxtimer: 0xffff8880564cc800: abort rx timeout. Force session deactivation
[  216.803886][ T9003] ntfs3(loop5): mft corrupted
[  216.817154][ T9004] sch_tbf: burst 2 is lower than device syzkaller0 mtu (1514) !
[  216.872428][ T8973] ntfs3(loop5): mft corrupted
[  217.200800][ T9013] loop8: detected capacity change from 0 to 16
[  217.496439][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  217.498469][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  217.499439][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  217.499689][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  217.499743][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  217.502283][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  217.502377][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  217.502576][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  217.646212][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  217.802356][ T9013] erofs (device loop8): mounted with root inode @ nid 36.
[  217.992404][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  218.596704][ T9016] loop5: detected capacity change from 0 to 32768
[  218.638120][ T9016] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.792 (9016)
[  218.758404][ T9016] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  218.789171][ T9016] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm
[  219.027987][ T9058] netlink: 8 bytes leftover after parsing attributes in process `syz.1.803'.
[  219.084782][ T9058] netlink: 8 bytes leftover after parsing attributes in process `syz.1.803'.
[  219.115173][ T9016] BTRFS info (device loop5): enabling ssd optimizations
[  219.159370][ T9016] BTRFS info (device loop5): turning on async discard
[  219.186144][ T9016] BTRFS info (device loop5): enabling free space tree
[  219.306058][ T5916] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  219.497781][ T5916] usb 4-1: Using ep0 maxpacket: 8
[  219.508010][ T5916] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  219.521608][ T6307] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  219.533546][ T5916] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  219.550687][ T5916] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  219.569877][ T5916] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  219.595556][ T5916] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  219.640864][ T5916] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  219.652720][ T5916] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  219.911963][ T5916] usb 4-1: usb_control_msg returned -32
[  219.926587][ T5916] usbtmc 4-1:16.0: can't read capabilities
[  220.313096][ T9093] loop7: detected capacity change from 0 to 512
[  220.863973][ T9077] loop1: detected capacity change from 0 to 32768
[  220.920320][ T9077] btrfs: Deprecated parameter 'usebackuproot'
[  220.956583][ T9077] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  221.037393][ T9077] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.808 (9077)
[  221.075288][ T9077] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  221.111162][ T9077] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm
[  221.334447][ T9077] BTRFS info (device loop1): rebuilding free space tree
[  221.434862][ T9077] BTRFS info (device loop1): allowing degraded mounts
[  221.452318][ T9077] BTRFS info (device loop1): enabling ssd optimizations
[  221.464230][ T9077] BTRFS info (device loop1): turning on flush-on-commit
[  221.471903][ T9077] BTRFS info (device loop1): enabling free space tree
[  221.490038][ T9077] BTRFS info (device loop1): force clearing of disk cache
[  221.498704][ T9077] BTRFS info (device loop1): trying to use backup root at mount time
[  221.508723][ T9077] BTRFS info (device loop1): use zstd compression, level 3
[  221.822011][ T5823] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  222.123601][ T9146] loop8: detected capacity change from 0 to 256
[  222.270045][ T9148] loop7: detected capacity change from 0 to 2048
[  222.884786][ T9158] netlink: 'syz.5.837': attribute type 1 has an invalid length.
[  222.920392][ T9158] netlink: 'syz.5.837': attribute type 4 has an invalid length.
[  222.928755][ T9158] netlink: 9462 bytes leftover after parsing attributes in process `syz.5.837'.
[  223.914717][ T9192] netlink: 'syz.1.848': attribute type 1 has an invalid length.
[  223.937510][ T9192] netlink: 'syz.1.848': attribute type 2 has an invalid length.
[  224.739793][  T793] libceph: connect (1)[c::]:6789 error -101
[  224.770150][  T793] libceph: mon0 (1)[c::]:6789 connect error
[  224.799364][ T5916] libceph: connect (1)[c::]:6789 error -101
[  224.810022][ T5916] libceph: mon0 (1)[c::]:6789 connect error
[  224.833156][  T793] libceph: connect (1)[c::]:6789 error -101
[  224.840832][  T793] libceph: mon0 (1)[c::]:6789 connect error
[  224.922692][ T9207] loop8: detected capacity change from 0 to 32768
[  224.944672][ T9207] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.856 (9207)
[  225.015663][ T9207] BTRFS info (device loop8): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  225.038149][ T9207] BTRFS info (device loop8): using sha256 (sha256-lib) checksum algorithm
[  225.088817][ T5916] libceph: connect (1)[c::]:6789 error -101
[  225.103064][ T5916] libceph: mon0 (1)[c::]:6789 connect error
[  225.109741][  T793] libceph: connect (1)[c::]:6789 error -101
[  225.116330][  T793] libceph: mon0 (1)[c::]:6789 connect error
[  225.225193][ T9207] BTRFS info (device loop8): rebuilding free space tree
[  225.272786][ T9207] BTRFS info (device loop8): disabling free space tree
[  225.292963][ T9207] BTRFS info (device loop8): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  225.311002][ T9207] BTRFS info (device loop8): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  225.338031][ T9207] BTRFS info (device loop8): setting nodatasum
[  225.347739][ T9207] BTRFS info (device loop8): setting nodatacow
[  225.360700][ T9207] BTRFS info (device loop8): turning off barriers
[  225.366556][ T5931] usb 8-1: new full-speed USB device number 9 using dummy_hcd
[  225.376313][ T9207] BTRFS info (device loop8): force clearing of disk cache
[  225.479229][ T9218] ceph: No mds server is up or the cluster is laggy
[  225.479229][ T9213] ceph: No mds server is up or the cluster is laggy
[  225.578347][ T5931] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  225.606905][ T7332] BTRFS info (device loop8): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  225.622500][ T5931] usb 8-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  225.669018][ T5931] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  225.707459][ T9099] usbtmc 4-1:16.0: usb_control_msg returned -110
[  225.727681][ T5931] usb 8-1: config 0 descriptor??
[  225.736496][ T9230] raw-gadget.1 gadget.7: fail, usb_ep_enable returned -22
[  225.802947][    T9] usb 4-1: USB disconnect, device number 9
[  225.857167][ T5902] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  226.054657][ T5902] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  226.103427][ T5902] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  226.192515][ T5902] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  226.210760][ T5931] elan 0003:04F3:0755.000B: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.7-1/input0
[  226.262351][ T5902] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  226.316950][ T5902] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  226.331126][ T9265] loop8: detected capacity change from 0 to 1024
[  226.359376][ T9265] EXT4-fs: Ignoring removed nomblk_io_submit option
[  226.391381][ T5902] usb 2-1: config 0 descriptor??
[  226.435071][ T9265] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  226.492838][ T9265] System zones: 0-1, 3-36
[  226.538080][ T9265] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  226.700691][ T7332] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  226.851009][ T5902] plantronics 0003:047F:FFFF.000C: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  226.947840][ T5931] usb 8-1: USB disconnect, device number 9
[  227.078545][ T9276] loop3: detected capacity change from 0 to 4096
[  227.147126][ T9276] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[  227.150142][ T5835] Bluetooth: hci3: command 0x0406 tx timeout
[  227.170916][ T9276] ntfs3(loop3): Failed to load $Extend (-22).
[  227.186251][ T9276] ntfs3(loop3): Failed to initialize $Extend.
[  227.287811][ T5195] udevd[5195]: worker [6321] terminated by signal 33 (Unknown signal 33)
[  227.297007][ T5195] udevd[5195]: worker [6321] failed while handling '/devices/virtual/block/loop3'
[  227.343875][ T5902] usb 2-1: USB disconnect, device number 13
[  227.769012][ T9275] loop5: detected capacity change from 0 to 32768
[  227.791246][ T9280] loop7: detected capacity change from 0 to 32768
[  227.826205][ T9275] ERROR: (device loop5): diAllocAG: numfree > numinos
[  227.826205][ T9275] 
[  227.888103][ T9275] ialloc: diAlloc returned -5!
[  228.319508][ T9302] capability: warning: `syz.1.890' uses deprecated v2 capabilities in a way that may be insecure
[  228.428113][ T9306] loop8: detected capacity change from 0 to 128
[  228.493868][ T9306] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  228.505437][ T9308] loop7: detected capacity change from 0 to 2048
[  228.521925][ T9306] ext4 filesystem being mounted at /80/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  228.545506][ T9313] GUP no longer grows the stack in syz.3.894 (9313): 200000004000-20000000a000 (200000002000)
[  228.557712][ T9313] CPU: 1 UID: 0 PID: 9313 Comm: syz.3.894 Not tainted syzkaller #0 PREEMPT(full) 
[  228.557738][ T9313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  228.557749][ T9313] Call Trace:
[  228.557758][ T9313]  <TASK>
[  228.557765][ T9313]  dump_stack_lvl+0x189/0x250
[  228.557798][ T9313]  ? __pfx_dump_stack_lvl+0x10/0x10
[  228.557821][ T9313]  ? __pfx__printk+0x10/0x10
[  228.557839][ T9313]  ? find_vma+0xe7/0x160
[  228.557874][ T9313]  __get_user_pages+0x2463/0x29f0
[  228.557928][ T9313]  get_user_pages_remote+0x2f1/0xac0
[  228.557950][ T9313]  ? __pfx_mtree_load+0x10/0x10
[  228.557980][ T9313]  ? __pfx_get_user_pages_remote+0x10/0x10
[  228.558006][ T9313]  ? __access_remote_vm+0x367/0x7d0
[  228.558036][ T9313]  __access_remote_vm+0x211/0x7d0
[  228.558072][ T9313]  ? __pfx___access_remote_vm+0x10/0x10
[  228.558101][ T9313]  ? alloc_pages_noprof+0xbe/0x190
[  228.558125][ T9313]  proc_pid_cmdline_read+0x430/0x810
[  228.558152][ T9313]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  228.558174][ T9313]  ? rw_verify_area+0x2a6/0x4d0
[  228.558200][ T9313]  vfs_readv+0x5aa/0x850
[  228.558215][ T9313]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  228.558250][ T9313]  ? __pfx_vfs_readv+0x10/0x10
[  228.558282][ T9313]  ? __fget_files+0x2a/0x420
[  228.558310][ T9313]  ? __fget_files+0x3a0/0x420
[  228.558331][ T9313]  ? __fget_files+0x2a/0x420
[  228.558363][ T9313]  __x64_sys_preadv+0x197/0x2a0
[  228.558389][ T9313]  ? __pfx___x64_sys_preadv+0x10/0x10
[  228.558415][ T9313]  ? do_syscall_64+0xbe/0xfa0
[  228.558440][ T9313]  do_syscall_64+0xfa/0xfa0
[  228.558461][ T9313]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  228.558478][ T9313]  ? clear_bhb_loop+0x60/0xb0
[  228.558498][ T9313]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  228.558513][ T9313] RIP: 0033:0x7f6b2358f6c9
[  228.558529][ T9313] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  228.558545][ T9313] RSP: 002b:00007f6b24491038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  228.558564][ T9313] RAX: ffffffffffffffda RBX: 00007f6b237e5fa0 RCX: 00007f6b2358f6c9
[  228.558576][ T9313] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003
[  228.558586][ T9313] RBP: 00007f6b23611f91 R08: 0000000000000000 R09: 0000000000000000
[  228.558597][ T9313] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000
[  228.558606][ T9313] R13: 00007f6b237e6038 R14: 00007f6b237e5fa0 R15: 00007ffc6a2768e8
[  228.558638][ T9313]  </TASK>
[  229.158044][ T7332] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  229.692055][ T9323] loop7: detected capacity change from 0 to 32768
[  229.700979][ T9323] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.898 (9323)
[  229.747038][ T9323] BTRFS info (device loop7): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  229.773106][ T9323] BTRFS info (device loop7): using blake2b (blake2b-256-lib) checksum algorithm
[  229.816030][ T9323] workqueue: max_active 2097158 requested for btrfs-worker is out of range, clamping between 1 and 2048
[  229.856320][ T9323] workqueue: max_active 2097158 requested for btrfs-delalloc is out of range, clamping between 1 and 2048
[  229.892669][ T9323] workqueue: max_active 2097158 requested for btrfs-endio is out of range, clamping between 1 and 2048
[  229.945120][ T9323] workqueue: max_active 2097158 requested for btrfs-endio-meta is out of range, clamping between 1 and 2048
[  230.022396][ T9323] workqueue: max_active 2097158 requested for btrfs-rmw is out of range, clamping between 1 and 2048
[  230.069166][ T9323] workqueue: max_active 2097158 requested for btrfs-endio-write is out of range, clamping between 1 and 2048
[  230.128848][ T9356] loop1: detected capacity change from 0 to 2048
[  230.162578][ T9356] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  230.242868][ T9323] BTRFS info (device loop7): enabling ssd optimizations
[  230.257670][ T9356] UDF-fs: warning (device loop1): udf_truncate_tail_extent: Too long extent after EOF in inode 1368: i_size: 0 lbcount: 1536 extent 57+1536
[  230.284525][ T9323] BTRFS info (device loop7): using spread ssd allocation scheme
[  230.329057][ T9323] BTRFS info (device loop7): turning off barriers
[  230.336134][ T9323] BTRFS info (device loop7): enabling free space tree
[  230.355330][ T9323] BTRFS info (device loop7): force zlib compression, level 3
[  230.402373][ T9323] BTRFS info (device loop7 state M): resize thread pool 2097158 -> 4
[  230.485946][    T9] usb 6-1: new full-speed USB device number 12 using dummy_hcd
[  230.592385][ T6983] BTRFS info (device loop7): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  230.676379][    T9] usb 6-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  230.687334][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  230.744608][    T9] usb 6-1: Product: syz
[  230.753941][    T9] usb 6-1: Manufacturer: syz
[  230.759931][    T9] usb 6-1: SerialNumber: syz
[  230.774066][    T9] usb 6-1: config 0 descriptor??
[  231.214982][    T9] airspy 6-1:0.0: Board ID: 00
[  231.220103][    T9] airspy 6-1:0.0: Firmware version: 
[  231.272003][   T30] audit: type=1326 audit(1762433639.353:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9389 comm="syz.7.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f751578f6c9 code=0x7ffc0000
[  231.346067][   T30] audit: type=1326 audit(1762433639.353:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9389 comm="syz.7.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f751578f6c9 code=0x7ffc0000
[  231.410782][   T30] audit: type=1326 audit(1762433639.383:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9389 comm="syz.7.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f751578f6c9 code=0x7ffc0000
[  231.454822][   T30] audit: type=1326 audit(1762433639.383:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9389 comm="syz.7.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f751578f6c9 code=0x7ffc0000
[  231.472083][ T9373] loop3: detected capacity change from 0 to 32768
[  231.498505][ T9373] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.913 (9373)
[  231.511785][   T30] audit: type=1326 audit(1762433639.383:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9389 comm="syz.7.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f751578f6c9 code=0x7ffc0000
[  231.539888][   T30] audit: type=1326 audit(1762433639.383:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9389 comm="syz.7.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=244 compat=0 ip=0x7f751578f6c9 code=0x7ffc0000
[  231.560942][ T9396] netlink: 4 bytes leftover after parsing attributes in process `syz.1.921'.
[  231.562595][ T9373] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  231.587699][ T9373] BTRFS info (device loop3): using blake2b (blake2b-256-lib) checksum algorithm
[  231.602417][   T30] audit: type=1326 audit(1762433639.383:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9389 comm="syz.7.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f751578f6c9 code=0x7ffc0000
[  231.641940][   T30] audit: type=1326 audit(1762433639.383:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9389 comm="syz.7.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f751578f6c9 code=0x7ffc0000
[  231.802689][ T9373] BTRFS info (device loop3): enabling ssd optimizations
[  231.823178][ T9373] BTRFS info (device loop3): turning on async discard
[  231.832226][ T9373] BTRFS info (device loop3): enabling free space tree
[  231.840333][ T9373] BTRFS info (device loop3): use zstd compression, level 3
[  231.876439][ T9417] netlink: 4 bytes leftover after parsing attributes in process `syz.7.925'.
[  231.899981][   T30] audit: type=1326 audit(1762433639.973:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9382 comm="syz.8.919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd2538f6c9 code=0x7fc00000
[  232.018090][ T5930] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  232.041101][ T5822] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  232.053026][    T9] airspy 6-1:0.0: usb_control_msg() failed -71 request 0f
[  232.089604][    T9] airspy 6-1:0.0: Registered as swradio24
[  232.095377][    T9] airspy 6-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  232.176318][    T9] usb 6-1: USB disconnect, device number 12
[  232.228623][ T5930] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  232.263531][ T5930] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  232.294794][ T5930] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  232.357204][ T5930] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  232.382429][ T5930] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  232.393884][ T5930] usb 2-1: config 0 descriptor??
[  232.844272][ T5930] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  233.341816][  T793] usb 2-1: USB disconnect, device number 14
[  235.172847][   T30] audit: type=1326 audit(1762433643.253:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9469 comm="syz.1.946" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbe9258f6c9 code=0x0
[  235.239846][ T9477] loop7: detected capacity change from 0 to 256
[  235.623736][ T9459] loop5: detected capacity change from 0 to 40427
[  235.682212][ T9459] F2FS-fs (loop5): invalid crc value
[  236.012673][ T1164] netdevsim netdevsim7 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  236.029832][ T9459] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  236.078407][ T9459] F2FS-fs (loop5): Start checkpoint disabled!
[  236.091807][ T1164] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  236.096946][ T9459] F2FS-fs (loop5): f2fs_disable_checkpoint() finish, err:0
[  236.143485][ T9459] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  236.533851][ T1164] netdevsim netdevsim7 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  236.566705][ T1164] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  236.617467][ T9492] netlink: 20 bytes leftover after parsing attributes in process `syz.1.955'.
[  236.650040][ T1164] netdevsim netdevsim7 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  236.684474][ T5835] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  236.696804][ T5835] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  236.707634][ T5835] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  236.714792][ T1164] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  236.716146][ T9496] netlink: 20 bytes leftover after parsing attributes in process `syz.1.955'.
[  236.739788][ T5835] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  236.766432][ T5835] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  236.989976][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  236.989994][   T30] audit: type=1800 audit(1762433645.073:76): pid=9459 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.941" name="file1" dev="loop5" ino=10 res=0 errno=0
[  237.020297][ T9459] syz.5.941: attempt to access beyond end of device
[  237.020297][ T9459] loop5: rw=2049, sector=45096, nr_sectors = 2160 limit=40427
[  237.079789][ T9459] syz.5.941: attempt to access beyond end of device
[  237.079789][ T9459] loop5: rw=2049, sector=47256, nr_sectors = 408 limit=40427
[  237.082882][ T9505] loop1: detected capacity change from 0 to 64
[  237.132709][ T1164] netdevsim netdevsim7 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  237.153811][ T1164] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  237.514663][   T44] kworker/u8:3: attempt to access beyond end of device
[  237.514663][   T44] loop5: rw=2049, sector=47664, nr_sectors = 8 limit=40427
[  237.570947][   T44] CPU: 1 UID: 0 PID: 44 Comm: kworker/u8:3 Not tainted syzkaller #0 PREEMPT(full) 
[  237.570973][   T44] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  237.570983][   T44] Workqueue: writeback wb_workfn (flush-7:5)
[  237.571010][   T44] Call Trace:
[  237.571018][   T44]  <TASK>
[  237.571026][   T44]  dump_stack_lvl+0x189/0x250
[  237.571057][   T44]  ? __pfx_dump_stack_lvl+0x10/0x10
[  237.571082][   T44]  ? __pfx_queue_work_on+0x10/0x10
[  237.571104][   T44]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  237.571125][   T44]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  237.571161][   T44]  f2fs_handle_critical_error+0x37c/0x540
[  237.571195][   T44]  f2fs_write_end_io+0x886/0xb60
[  237.571236][   T44]  __submit_merged_bio+0x27a/0x6a0
[  237.571269][   T44]  __submit_merged_write_cond+0x255/0x530
[  237.571304][   T44]  f2fs_write_data_pages+0x261d/0x3000
[  237.571365][   T44]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  237.571402][   T44]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  237.571465][   T44]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  237.571506][   T44]  ? trace_f2fs_writepages+0x7f/0x200
[  237.571533][   T44]  ? f2fs_write_node_pages+0x478/0x6e0
[  237.571564][   T44]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  237.571605][   T44]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  237.571624][   T44]  do_writepages+0x32e/0x550
[  237.571656][   T44]  ? reacquire_held_locks+0x127/0x1d0
[  237.571678][   T44]  ? writeback_sb_inodes+0x3bc/0x1950
[  237.571717][   T44]  __writeback_single_inode+0x143/0x12d0
[  237.571741][   T44]  ? do_raw_spin_unlock+0x122/0x240
[  237.571765][   T44]  writeback_sb_inodes+0x984/0x1950
[  237.571827][   T44]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  237.571905][   T44]  ? rcu_is_watching+0x15/0xb0
[  237.571942][   T44]  wb_writeback+0x43b/0xaf0
[  237.571974][   T44]  ? queue_io+0x3c1/0x590
[  237.572000][   T44]  ? __pfx_wb_writeback+0x10/0x10
[  237.572034][   T44]  ? _raw_spin_unlock_irq+0x23/0x50
[  237.572061][   T44]  wb_workfn+0x409/0xef0
[  237.572100][   T44]  ? __pfx_wb_workfn+0x10/0x10
[  237.572126][   T44]  ? __lock_acquire+0xab9/0xd20
[  237.572163][   T44]  ? process_one_work+0x868/0x15d0
[  237.572192][   T44]  ? _raw_spin_unlock_irq+0x23/0x50
[  237.572217][   T44]  ? process_one_work+0x868/0x15d0
[  237.572236][   T44]  process_one_work+0x94a/0x15d0
[  237.572256][   T44]  ? __lock_acquire+0xab9/0xd20
[  237.572305][   T44]  ? __pfx_process_one_work+0x10/0x10
[  237.572339][   T44]  ? assign_work+0x3a1/0x410
[  237.572367][   T44]  worker_thread+0x9b0/0xee0
[  237.572424][   T44]  kthread+0x711/0x8a0
[  237.572445][   T44]  ? __pfx_worker_thread+0x10/0x10
[  237.572461][   T44]  ? __pfx_kthread+0x10/0x10
[  237.572480][   T44]  ? _raw_spin_unlock_irq+0x23/0x50
[  237.572498][   T44]  ? lockdep_hardirqs_on+0x9c/0x150
[  237.572518][   T44]  ? __pfx_kthread+0x10/0x10
[  237.572536][   T44]  ret_from_fork+0x599/0xb30
[  237.572561][   T44]  ? __pfx_ret_from_fork+0x10/0x10
[  237.572597][   T44]  ? __switch_to_asm+0x39/0x70
[  237.572612][   T44]  ? __switch_to_asm+0x33/0x70
[  237.572627][   T44]  ? __pfx_kthread+0x10/0x10
[  237.572645][   T44]  ret_from_fork_asm+0x1a/0x30
[  237.572686][   T44]  </TASK>
[  237.572694][   T44] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  237.726159][    T9] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  237.928140][ T1164] bond1: left allmulticast mode
[  237.942575][ T9521] loop3: detected capacity change from 0 to 1024
[  237.949498][ T1164] bond1: left promiscuous mode
[  237.954556][ T1164] bridge0: port 3(bond1) entered disabled state
[  237.990316][ T1164] bridge_slave_1: left allmulticast mode
[  237.997848][ T1164] bridge_slave_1: left promiscuous mode
[  238.003665][ T1164] bridge0: port 2(bridge_slave_1) entered disabled state
[  238.018248][ T1164] bridge_slave_0: left allmulticast mode
[  238.023946][ T1164] bridge_slave_0: left promiscuous mode
[  238.029830][ T1164] bridge0: port 1(bridge_slave_0) entered disabled state
[  238.092095][ T9521] hfsplus: keylen 65060 too large
[  238.120208][ T9521] hfsplus: xattr search failed
[  238.136037][    T9] usb 9-1: Using ep0 maxpacket: 32
[  238.137907][  T793] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  238.145726][    T9] usb 9-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  238.176148][    T9] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  238.202203][    T9] usb 9-1: config 0 descriptor??
[  238.300997][  T793] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  238.330458][  T793] usb 2-1: config 0 has no interface number 0
[  238.358380][  T793] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  238.385528][  T793] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  238.396245][  T793] usb 2-1: Product: syz
[  238.400537][  T793] usb 2-1: Manufacturer: syz
[  238.405143][  T793] usb 2-1: SerialNumber: syz
[  238.436878][  T793] usb 2-1: config 0 descriptor??
[  238.456771][    T9] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  238.480573][    T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  238.507465][    T9] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  238.524320][    T9] usb 9-1: media controller created
[  238.545433][ T9525] loop3: detected capacity change from 0 to 512
[  238.572653][ T9527] loop5: detected capacity change from 0 to 128
[  238.590625][ T9525] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  238.609916][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  238.643070][ T9527] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  238.655756][ T9525] EXT4-fs (loop3): 1 orphan inode deleted
[  238.672308][ T9525] EXT4-fs (loop3): 1 truncate cleaned up
[  238.681040][  T793] usb 2-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  238.706983][ T9527] ext4 filesystem being mounted at /148/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  238.709760][  T793] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  238.734962][ T9525] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  238.755602][  T793] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  238.771233][  T793] usb 2-1: media controller created
[  238.785024][ T9525] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  238.792449][  T793] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  238.837159][ T5830] Bluetooth: hci4: command tx timeout
[  238.874775][ T6307] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  238.895218][  T793] i2c i2c-2: ec100: i2c rd failed=-32 reg=33
[  238.970258][ T5822] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  239.045564][ T9533] input: syz0 as /devices/virtual/input/input14
[  239.346411][    T9] az6027: usb out operation failed. (-71)
[  239.377389][    T9] stb0899_attach: Driver disabled by Kconfig
[  239.383523][    T9] az6027: no front-end attached
[  239.383523][    T9] 
[  239.404955][    T9] az6027: usb out operation failed. (-71)
[  239.479633][    T9] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  239.538540][    T9] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.8/usb9/9-1/input/input15
[  239.632380][    T9] dvb-usb: schedule remote query interval to 400 msecs.
[  239.654962][ T1164] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  239.655915][    T9] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  239.712240][ T1164] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  239.724977][    T9] usb 9-1: USB disconnect, device number 7
[  239.757600][ T1164] bond0 (unregistering): Released all slaves
[  240.228656][ T9557] loop8: detected capacity change from 0 to 1024
[  240.681968][ T1164] bond1 (unregistering): Released all slaves
[  240.694616][  T793] usb 2-1: USB disconnect, device number 15
[  240.696364][    T9] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  240.893185][ T9493] chnl_net:caif_netlink_parms(): no params data found
[  240.906956][   T43] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  240.915921][ T5830] Bluetooth: hci4: command tx timeout
[  241.097731][   T43] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  241.114093][   T43] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  241.124436][   T43] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  241.135150][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  241.157360][ T9561] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  241.186715][   T43] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  241.430407][  T979] usb 4-1: USB disconnect, device number 10
[  241.542780][ T9493] bridge0: port 1(bridge_slave_0) entered blocking state
[  241.573282][ T9493] bridge0: port 1(bridge_slave_0) entered disabled state
[  241.593729][ T9493] bridge_slave_0: entered allmulticast mode
[  241.609992][ T9493] bridge_slave_0: entered promiscuous mode
[  241.643069][ T9493] bridge0: port 2(bridge_slave_1) entered blocking state
[  241.654483][ T9493] bridge0: port 2(bridge_slave_1) entered disabled state
[  241.666323][ T9493] bridge_slave_1: entered allmulticast mode
[  241.685152][ T9493] bridge_slave_1: entered promiscuous mode
[  242.044069][ T9493] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  242.090044][ T5835] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  242.106396][ T5835] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  242.115797][ T5835] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  242.121963][ T9493] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  242.150001][ T5835] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  242.159728][ T5835] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  242.220361][ T1164] hsr_slave_0: left promiscuous mode
[  242.274375][ T1164] hsr_slave_1: left promiscuous mode
[  242.289061][ T1164] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  242.307711][ T1164] batman_adv: batadv0: Removing interface: batadv_slave_0
[  242.320964][ T1164] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  242.337186][ T1164] batman_adv: batadv0: Removing interface: batadv_slave_1
[  242.354820][ T1164] team_slave_0: left promiscuous mode
[  242.360797][ T1164] team_slave_1: left promiscuous mode
[  242.386544][ T1164] veth1_macvtap: left promiscuous mode
[  242.395955][ T1164] veth0_macvtap: left promiscuous mode
[  242.401864][ T1164] veth1_vlan: left promiscuous mode
[  242.407974][ T1164] veth0_vlan: left promiscuous mode
[  242.534546][   T10] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  242.640150][ T5930] usb 6-1: new full-speed USB device number 13 using dummy_hcd
[  242.709655][   T10] usb 4-1: Using ep0 maxpacket: 32
[  242.718065][   T10] usb 4-1: config 0 has an invalid interface number: 182 but max is 0
[  242.728645][   T10] usb 4-1: config 0 has no interface number 0
[  242.734800][   T10] usb 4-1: config 0 interface 182 has no altsetting 0
[  242.746547][   T10] usb 4-1: New USB device found, idVendor=05e9, idProduct=0009, bcdDevice=73.db
[  242.755762][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  242.764356][   T10] usb 4-1: Product: syz
[  242.768792][   T10] usb 4-1: Manufacturer: syz
[  242.773546][   T10] usb 4-1: SerialNumber: syz
[  242.789263][   T10] usb 4-1: config 0 descriptor??
[  242.799827][ T5930] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  242.811541][   T10] hub 4-1:0.182: bad descriptor, ignoring hub
[  242.818599][ T5930] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  242.827741][   T10] hub 4-1:0.182: probe with driver hub failed with error -5
[  242.854242][ T5930] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  242.868216][ T5930] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  242.876458][ T5930] usb 6-1: Product: syz
[  242.880677][ T5930] usb 6-1: Manufacturer: syz
[  242.885410][ T5930] usb 6-1: SerialNumber: syz
[  242.995272][ T5830] Bluetooth: hci4: command tx timeout
[  243.031210][   T10] kaweth 4-1:0.182: Firmware present in device.
[  243.115674][ T5930] usb 6-1: 0:2 : does not exist
[  243.128268][ T5930] usb 6-1: 5:0: failed to get current value for ch 0 (-22)
[  243.190013][ T1164] team0 (unregistering): Port device team_slave_1 removed
[  243.192139][ T5930] usb 6-1: USB disconnect, device number 13
[  243.232650][   T10] kaweth 4-1:0.182: Statistics collection: 0
[  243.242529][   T10] kaweth 4-1:0.182: Multicast filter limit: 0
[  243.251976][   T10] kaweth 4-1:0.182: MTU: 0
[  243.257023][   T10] kaweth 4-1:0.182: Read MAC address 00:00:00:00:00:00
[  243.269153][ T6000] udevd[6000]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  243.317151][ T1164] team0 (unregistering): Port device team_slave_0 removed
[  243.793439][ T9608] loop5: detected capacity change from 0 to 512
[  243.851552][ T9608] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  243.886365][ T9608] ext4 filesystem being mounted at /160/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  244.075197][   T30] audit: type=1804 audit(1762433652.153:77): pid=9613 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.995" name="/newroot/160/file2/file1" dev="loop5" ino=15 res=1 errno=0
[  244.154534][ T6307] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  244.292188][ T5830] Bluetooth: hci2: command tx timeout
[  244.406748][   T10] kaweth 4-1:0.182: kaweth interface created at eth21
[  244.478704][ T9493] team0: Port device team_slave_0 added
[  244.496638][ T9493] team0: Port device team_slave_1 added
[  244.497102][   T10] usb 4-1: USB disconnect, device number 11
[  244.832929][ T9493] batman_adv: batadv0: Adding interface: batadv_slave_0
[  244.847438][ T9493] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  244.875014][ T9493] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  244.946539][   T30] audit: type=1800 audit(1762433653.013:78): pid=9636 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1002" name="bus" dev="tmpfs" ino=895 res=0 errno=0
[  245.003897][ T9493] batman_adv: batadv0: Adding interface: batadv_slave_1
[  245.026046][ T9493] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  245.070839][ T5830] Bluetooth: hci4: command tx timeout
[  245.096112][ T9493] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  245.299184][ T9493] hsr_slave_0: entered promiscuous mode
[  245.328234][ T9493] hsr_slave_1: entered promiscuous mode
[  245.387152][ T9493] debugfs: 'hsr0' already exists in 'hsr'
[  245.392925][ T9493] Cannot create hsr debugfs directory
[  245.651664][ T9654] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1009'.
[  245.790344][ T9660] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  246.295904][   T10] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  246.353227][ T5830] Bluetooth: hci2: command tx timeout
[  246.456651][ T9680] loop5: detected capacity change from 0 to 128
[  246.499276][ T9683] netlink: 'syz.1.1016': attribute type 4 has an invalid length.
[  246.516620][   T10] usb 4-1: Using ep0 maxpacket: 32
[  246.527863][ T9680] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256
[  246.556835][   T10] usb 4-1: config 0 has an invalid interface number: 67 but max is 0
[  246.575741][   T10] usb 4-1: config 0 has no interface number 0
[  246.589633][   T10] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  246.604516][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  246.625921][   T10] usb 4-1: Product: syz
[  246.631778][   T10] usb 4-1: Manufacturer: syz
[  246.639226][ T9680] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  246.655896][   T10] usb 4-1: SerialNumber: syz
[  246.660267][ T1164] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  246.674938][   T10] usb 4-1: config 0 descriptor??
[  246.712436][   T10] smsc95xx v2.0.0
[  246.723867][   T10] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  246.756386][   T10] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -22
[  247.038167][ T1164] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  247.092382][ T9690] loop1: detected capacity change from 0 to 512
[  247.152592][ T9589] chnl_net:caif_netlink_parms(): no params data found
[  247.175677][ T9690] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  247.286863][ T5963] usb 4-1: USB disconnect, device number 12
[  247.288895][ T9690] EXT4-fs (loop1): 1 truncate cleaned up
[  247.314639][ T1164] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  247.369417][ T9690] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  247.622276][ T5823] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  247.840936][ T1164] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  248.041876][ T9711] loop1: detected capacity change from 0 to 4096
[  248.129067][ T9718] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  248.352680][ T9589] bridge0: port 1(bridge_slave_0) entered blocking state
[  248.376084][ T9589] bridge0: port 1(bridge_slave_0) entered disabled state
[  248.383389][ T9589] bridge_slave_0: entered allmulticast mode
[  248.400372][ T9589] bridge_slave_0: entered promiscuous mode
[  248.436131][ T5830] Bluetooth: hci2: command tx timeout
[  248.445330][ T9589] bridge0: port 2(bridge_slave_1) entered blocking state
[  248.466057][ T9589] bridge0: port 2(bridge_slave_1) entered disabled state
[  248.473346][ T9589] bridge_slave_1: entered allmulticast mode
[  248.488142][ T9589] bridge_slave_1: entered promiscuous mode
[  248.565055][ T9695] loop5: detected capacity change from 0 to 32768
[  248.631661][ T9695] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  248.656372][ T9589] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  248.814905][ T9695] XFS (loop5): Ending clean mount
[  248.866431][ T9589] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  248.974714][ T6307] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  249.357265][ T9589] team0: Port device team_slave_0 added
[  249.365503][ T9589] team0: Port device team_slave_1 added
[  249.850162][ T9745] loop3: detected capacity change from 0 to 32768
[  249.878940][ T9745] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1026 (9745)
[  250.019977][ T9759] loop5: detected capacity change from 0 to 40427
[  250.032870][ T9759] F2FS-fs (loop5): build fault injection rate: 771
[  250.042338][ T9745] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  250.056081][ T9759] F2FS-fs (loop5): invalid crc value
[  250.099189][ T9745] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  250.132739][ T1164] bridge_slave_1: left allmulticast mode
[  250.141918][ T1164] bridge_slave_1: left promiscuous mode
[  250.164022][ T9745] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  250.164639][ T1164] bridge0: port 2(bridge_slave_1) entered disabled state
[  250.196254][ T9759] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  250.220962][ T9759] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  250.246298][ T1164] bridge_slave_0: left allmulticast mode
[  250.255331][ T1164] bridge_slave_0: left promiscuous mode
[  250.281324][ T1164] bridge0: port 1(bridge_slave_0) entered disabled state
[  250.295109][ T6307] syz-executor: attempt to access beyond end of device
[  250.295109][ T6307] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  250.396272][ T6307] CPU: 1 UID: 0 PID: 6307 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  250.396299][ T6307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  250.396324][ T6307] Call Trace:
[  250.396332][ T6307]  <TASK>
[  250.396339][ T6307]  dump_stack_lvl+0x189/0x250
[  250.396371][ T6307]  ? __pfx_dump_stack_lvl+0x10/0x10
[  250.396395][ T6307]  ? __pfx_queue_work_on+0x10/0x10
[  250.396416][ T6307]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  250.396437][ T6307]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  250.396470][ T6307]  f2fs_handle_critical_error+0x37c/0x540
[  250.396503][ T6307]  f2fs_write_end_io+0x886/0xb60
[  250.396540][ T6307]  __submit_merged_bio+0x27a/0x6a0
[  250.396572][ T6307]  __submit_merged_write_cond+0x255/0x530
[  250.396604][ T6307]  f2fs_write_data_pages+0x261d/0x3000
[  250.396619][ T6307]  ? __lock_acquire+0xab9/0xd20
[  250.396682][ T6307]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  250.396745][ T6307]  ? __mod_zone_page_state+0xd7/0x140
[  250.396781][ T6307]  ? folios_put_refs+0x58b/0x670
[  250.396816][ T6307]  ? __lock_acquire+0xab9/0xd20
[  250.396846][ T6307]  ? do_raw_spin_lock+0x121/0x290
[  250.396876][ T6307]  ? do_raw_spin_unlock+0x122/0x240
[  250.396895][ T6307]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  250.396913][ T6307]  do_writepages+0x32e/0x550
[  250.396946][ T6307]  ? do_raw_spin_unlock+0x122/0x240
[  250.396967][ T6307]  filemap_fdatawrite+0x199/0x240
[  250.396990][ T6307]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  250.397063][ T6307]  ? do_raw_spin_unlock+0x122/0x240
[  250.397086][ T6307]  f2fs_sync_dirty_inodes+0x31f/0x830
[  250.397121][ T6307]  f2fs_write_checkpoint+0x93e/0x2440
[  250.397138][ T6307]  ? stack_depot_save_flags+0x40/0x860
[  250.397189][ T6307]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  250.397301][ T6307]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  250.397329][ T6307]  ? kfree+0x19a/0x6d0
[  250.397360][ T6307]  kill_f2fs_super+0x2cc/0x6d0
[  250.397380][ T6307]  ? __pfx_kill_f2fs_super+0x10/0x10
[  250.397417][ T6307]  ? shrinker_free+0x2ce/0x3e0
[  250.397442][ T6307]  deactivate_locked_super+0xbc/0x130
[  250.397465][ T6307]  cleanup_mnt+0x425/0x4c0
[  250.397483][ T6307]  ? lockdep_hardirqs_on+0x9c/0x150
[  250.397509][ T6307]  task_work_run+0x1d4/0x260
[  250.397531][ T6307]  ? __pfx_task_work_run+0x10/0x10
[  250.397555][ T6307]  ? exit_to_user_mode_loop+0x55/0x4f0
[  250.397581][ T6307]  exit_to_user_mode_loop+0xff/0x4f0
[  250.397619][ T6307]  ? rcu_is_watching+0x15/0xb0
[  250.397650][ T6307]  do_syscall_64+0x2e9/0xfa0
[  250.397673][ T6307]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  250.397689][ T6307]  ? clear_bhb_loop+0x60/0xb0
[  250.397710][ T6307]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  250.397726][ T6307] RIP: 0033:0x7f2e333909f7
[  250.397743][ T6307] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  250.397761][ T6307] RSP: 002b:00007ffc53d7b0a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  250.397781][ T6307] RAX: 0000000000000000 RBX: 00007f2e33411d7d RCX: 00007f2e333909f7
[  250.397794][ T6307] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc53d7b160
[  250.397804][ T6307] RBP: 00007ffc53d7b160 R08: 0000000000000000 R09: 0000000000000000
[  250.397814][ T6307] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc53d7c1f0
[  250.397825][ T6307] R13: 00007f2e33411d7d R14: 000000000003d15d R15: 00007ffc53d7c230
[  250.397859][ T6307]  </TASK>
[  250.397867][ T6307] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  250.576226][ T5830] Bluetooth: hci2: command tx timeout
[  250.627868][ T9745] BTRFS info (device loop3): rebuilding free space tree
[  250.773443][ T9745] BTRFS info (device loop3): disabling free space tree
[  250.780623][ T9745] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  250.791390][ T9745] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  250.826826][ T9745] BTRFS info (device loop3): setting nodatasum
[  250.833259][ T9745] BTRFS info (device loop3): setting nodatacow
[  250.846182][ T9745] BTRFS info (device loop3): enabling ssd optimizations
[  250.889938][ T9745] BTRFS info (device loop3): using spread ssd allocation scheme
[  250.925709][ T9745] BTRFS info (device loop3): turning off barriers
[  250.943170][ T9745] BTRFS info (device loop3): enabling disk space caching
[  250.981496][ T9745] BTRFS info (device loop3): force clearing of disk cache
[  251.079682][   T30] audit: type=1800 audit(1762433659.163:79): pid=9745 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1026" name="file1" dev="loop3" ino=260 res=0 errno=0
[  251.154833][ T5822] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  251.492466][ T9795] loop5: detected capacity change from 0 to 64
[  251.560373][ T9795] hfs: inconsistency in B*Tree (1,0,2,2,3)
[  252.292484][   T30] audit: type=1326 audit(1762433660.373:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9817 comm="syz.3.1037" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6b2358f6c9 code=0x0
[  252.504766][ T1164] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  252.517551][ T1164] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  252.530236][ T1164] bond0 (unregistering): Released all slaves
[  252.557350][ T9589] batman_adv: batadv0: Adding interface: batadv_slave_0
[  252.572138][ T9589] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  252.653713][ T9589] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  252.681142][ T9589] batman_adv: batadv0: Adding interface: batadv_slave_1
[  252.688303][ T9589] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  252.720093][ T9589] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  252.736807][ T9493] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  252.827561][ T9493] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  252.839334][ T9493] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  252.878559][ T9493] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  252.898479][ T9589] hsr_slave_0: entered promiscuous mode
[  252.908503][ T9589] hsr_slave_1: entered promiscuous mode
[  252.914959][ T9589] debugfs: 'hsr0' already exists in 'hsr'
[  252.921384][ T9589] Cannot create hsr debugfs directory
[  253.041817][ T1164] hsr_slave_0: left promiscuous mode
[  253.050698][ T1164] hsr_slave_1: left promiscuous mode
[  253.057073][ T1164] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  253.064563][ T1164] batman_adv: batadv0: Removing interface: batadv_slave_0
[  253.073683][ T1164] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  253.081249][ T1164] batman_adv: batadv0: Removing interface: batadv_slave_1
[  253.098251][ T1164] veth1_macvtap: left promiscuous mode
[  253.103967][ T1164] veth0_macvtap: left promiscuous mode
[  253.110257][ T1164] veth1_vlan: left promiscuous mode
[  253.116193][ T1164] veth0_vlan: left promiscuous mode
[  253.775920][  T979] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  253.956055][  T979] usb 6-1: Using ep0 maxpacket: 32
[  253.969833][  T979] usb 6-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  254.011500][  T979] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  254.021841][  T979] usb 6-1: Product: syz
[  254.026486][  T979] usb 6-1: Manufacturer: syz
[  254.031220][  T979] usb 6-1: SerialNumber: syz
[  254.052700][  T979] usb 6-1: config 0 descriptor??
[  254.075436][  T979] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  254.713355][ T1164] team0 (unregistering): Port device team_slave_1 removed
[  254.803336][ T1164] team0 (unregistering): Port device team_slave_0 removed
[  255.099896][  T979] gspca_stk1135: reg_w 0x7 err -71
[  255.106867][  T979] gspca_stk1135: serial bus timeout: status=0x00
[  255.123676][  T979] gspca_stk1135: Sensor write failed
[  255.137439][  T979] gspca_stk1135: serial bus timeout: status=0x00
[  255.144236][  T979] gspca_stk1135: Sensor write failed
[  255.152777][  T979] gspca_stk1135: serial bus timeout: status=0x00
[  255.160871][  T979] gspca_stk1135: Sensor read failed
[  255.166417][  T979] gspca_stk1135: serial bus timeout: status=0x00
[  255.172778][  T979] gspca_stk1135: Sensor read failed
[  255.178681][  T979] gspca_stk1135: Detected sensor type unknown (0x0)
[  255.185410][  T979] gspca_stk1135: serial bus timeout: status=0x00
[  255.197130][  T979] gspca_stk1135: Sensor read failed
[  255.202395][  T979] gspca_stk1135: serial bus timeout: status=0x00
[  255.209658][  T979] gspca_stk1135: Sensor read failed
[  255.214990][  T979] gspca_stk1135: serial bus timeout: status=0x00
[  255.222586][  T979] gspca_stk1135: Sensor write failed
[  255.228465][  T979] gspca_stk1135: serial bus timeout: status=0x00
[  255.234823][  T979] gspca_stk1135: Sensor write failed
[  255.240813][  T979] stk1135 6-1:0.0: probe with driver stk1135 failed with error -71
[  255.288780][  T979] usb 6-1: USB disconnect, device number 14
[  255.792727][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  255.802156][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  255.962073][ T9879] loop1: detected capacity change from 0 to 32768
[  256.019299][ T9879] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  256.101663][ T9879] XFS (loop1): Ending clean mount
[  256.204734][ T5823] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  256.940591][ T9493] 8021q: adding VLAN 0 to HW filter on device bond0
[  257.191393][ T5903] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0
[  257.198037][ T9493] 8021q: adding VLAN 0 to HW filter on device team0
[  257.215763][ T9589] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  257.230981][ T5903] hid-generic 0000:0000:0000.000E: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  257.479508][ T9589] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  257.603332][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  257.610576][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  257.681256][ T9589] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  257.839972][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  257.847223][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  257.972667][ T9589] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  257.980407][ T9922] loop1: detected capacity change from 0 to 2048
[  258.051178][ T9922] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  258.388635][ T9493] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  258.705152][ T9589] 8021q: adding VLAN 0 to HW filter on device bond0
[  258.812580][ T9589] 8021q: adding VLAN 0 to HW filter on device team0
[  258.892637][ T1164] bridge0: port 1(bridge_slave_0) entered blocking state
[  258.899907][ T1164] bridge0: port 1(bridge_slave_0) entered forwarding state
[  259.141912][ T1164] bridge0: port 2(bridge_slave_1) entered blocking state
[  259.149152][ T1164] bridge0: port 2(bridge_slave_1) entered forwarding state
[  259.164282][ T9961] kvm: Disabled LAPIC found during irq injection
[  259.361593][ T9493] 8021q: adding VLAN 0 to HW filter on device batadv0
[  259.394876][ T9589] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  259.589665][ T9951] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  259.599068][   T10] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  259.610569][ T9951] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  259.748280][ T9951] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  259.762177][ T9951] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  259.796006][   T10] usb 2-1: Using ep0 maxpacket: 16
[  259.827158][   T10] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 11
[  259.844334][   T10] usb 2-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0
[  259.867332][   T10] usb 2-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0
[  259.887755][   T10] usb 2-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0
[  259.926837][   T10] usb 2-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0
[  259.941336][   T10] usb 2-1: config 1 interface 0 has no altsetting 0
[  259.966300][   T10] usb 2-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77
[  259.975382][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  259.999696][ T9589] 8021q: adding VLAN 0 to HW filter on device batadv0
[  260.004426][ T9951] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  260.015228][   T10] ums-sddr09 2-1:1.0: USB Mass Storage device detected
[  260.030250][ T9951] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  260.107682][ T9951] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  260.131791][ T9951] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  260.164443][ T9951] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  260.184689][ T9951] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  260.195623][ T9493] veth0_vlan: entered promiscuous mode
[  260.210452][ T9493] veth1_vlan: entered promiscuous mode
[  260.230863][   T10] scsi host1: usb-storage 2-1:1.0
[  260.360472][ T9493] veth0_macvtap: entered promiscuous mode
[  260.390600][ T9493] veth1_macvtap: entered promiscuous mode
[  260.430281][   T10] usb 2-1: USB disconnect, device number 16
[  260.499701][ T9493] batman_adv: batadv0: Interface activated: batadv_slave_0
[  260.562652][ T9493] batman_adv: batadv0: Interface activated: batadv_slave_1
[  260.650731][T10005] netlink: 'syz.5.1076': attribute type 34 has an invalid length.
[  260.674569][   T12] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  260.686159][    T9] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  260.720326][   T12] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  260.768465][   T12] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  260.810386][   T12] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  260.900920][    T9] usb 4-1: Using ep0 maxpacket: 8
[  260.953055][    T9] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  260.972566][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  261.018349][    T9] pvrusb2: Hardware description: Terratec Grabster AV400
[  261.048370][    T9] pvrusb2: **********
[  261.052402][    T9] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  261.066162][ T1164] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  261.088964][ T1164] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  261.107654][    T9] pvrusb2: Important functionality might not be entirely working.
[  261.121439][    T9] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  261.132150][ T9589] veth0_vlan: entered promiscuous mode
[  261.156230][    T9] pvrusb2: **********
[  261.205735][ T9589] veth1_vlan: entered promiscuous mode
[  261.217241][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  261.235130][ T2343] pvrusb2: Invalid write control endpoint
[  261.254353][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  261.263387][ T9589] veth0_macvtap: entered promiscuous mode
[  261.325663][ T9589] veth1_macvtap: entered promiscuous mode
[  261.421990][T10001] pvrusb2: Invalid write control endpoint
[  261.442952][ T2343] pvrusb2: Invalid write control endpoint
[  261.454617][   T10] usb 4-1: USB disconnect, device number 13
[  261.474957][ T9589] batman_adv: batadv0: Interface activated: batadv_slave_0
[  261.501361][ T2343] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  261.520690][ T2343] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  261.534506][ T9589] batman_adv: batadv0: Interface activated: batadv_slave_1
[  261.546934][ T2343] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  261.582242][ T2343] pvrusb2: Device being rendered inoperable
[  261.609770][   T36] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  261.624313][   T36] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  261.646017][ T2343] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  261.658968][   T36] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  261.687489][ T2343] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  261.701767][   T36] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  261.758132][ T2343] pvrusb2: Attached sub-driver cx25840
[  261.785928][ T2343] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  261.852392][ T2343] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  262.000680][T10033] tipc: Started in network mode
[  262.030445][T10033] tipc: Node identity ac14140f, cluster identity 4711
[  262.060511][T10033] tipc: New replicast peer: 255.255.255.255
[  262.076829][T10033] tipc: Enabled bearer <udp:syz2>, priority 10
[  262.118918][ T1164] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  262.141316][ T1164] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  262.247559][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  262.272426][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  262.592187][T10025] loop1: detected capacity change from 0 to 32768
[  262.654815][T10025] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  262.669098][T10059] loop9: detected capacity change from 0 to 128
[  262.850443][T10025] XFS (loop1): Ending clean mount
[  262.904857][T10025] XFS (loop1): Quotacheck needed: Please wait.
[  262.959266][ T5195] udevd[5195]: worker [6077] terminated by signal 33 (Unknown signal 33)
[  262.990434][ T5195] udevd[5195]: worker [6077] failed while handling '/devices/virtual/block/loop1'
[  263.033254][T10025] XFS (loop1): Quotacheck: Done.
[  263.120601][T10042] loop5: detected capacity change from 0 to 32768
[  263.188303][ T5833] tipc: Node number set to 2886997007
[  263.195003][   T12] Bluetooth: (null): Invalid header checksum
[  263.229806][ T8671]  loop5: p1 p3 < >
[  263.263665][ T5823] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  263.297785][   T12] Bluetooth: (null): Invalid header checksum
[  263.343998][T10042]  loop5: p1 p3 < >
[  263.396619][   T36] Bluetooth: (null): Invalid header checksum
[  263.506329][   T12] Bluetooth: (null): Invalid header checksum
[  263.584196][ T5833] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  263.617982][ T9544] Bluetooth: (null): Invalid header checksum
[  263.730511][ T9544] Bluetooth: (null): Invalid header checksum
[  263.808644][ T5833] usb 8-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0
[  263.842997][   T36] Bluetooth: (null): Invalid header checksum
[  263.874383][ T5833] usb 8-1: config 0 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 7
[  263.949830][   T36] Bluetooth: (null): Invalid header checksum
[  263.956009][ T5833] usb 8-1: config 0 interface 0 has no altsetting 0
[  263.962654][ T5833] usb 8-1: New USB device found, idVendor=06cb, idProduct=73f4, bcdDevice= 0.00
[  263.996705][ T5833] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  264.041707][ T5833] usb 8-1: config 0 descriptor??
[  264.114264][ T5879] udevd[5879]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory
[  264.117149][ T8671] udevd[8671]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory
[  264.219099][ T8671] udevd[8671]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory
[  264.231059][ T6000] udevd[6000]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory
[  264.484457][ T5833] hid (null): unknown global tag 0xc
[  264.514060][ T5833] itetech 0003:06CB:73F4.000F: unknown main item tag 0x1
[  264.517291][T10072] loop9: detected capacity change from 0 to 32768
[  264.543515][ T5833] itetech 0003:06CB:73F4.000F: unknown global tag 0xc
[  264.562025][ T5833] itetech 0003:06CB:73F4.000F: item 0 1 1 12 parsing failed
[  264.579068][ T5833] itetech 0003:06CB:73F4.000F: probe with driver itetech failed with error -22
[  264.693142][ T5833] usb 8-1: USB disconnect, device number 10
[  264.890623][T10072] JBD2: Ignoring recovery information on journal
[  265.130305][T10072] ocfs2: Mounting device (7,9) on (node local, slot 0) with ordered data mode.
[  265.223392][T10072] OCFS2: ERROR (device loop9): int ocfs2_xattr_find_entry(struct inode *, int, const char *, struct ocfs2_xattr_search *): corrupted xattr entries
[  265.223464][T10072] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  265.265910][T10072] OCFS2: File system is now read-only.
[  265.497414][ T9589] ocfs2: Unmounting device (7,9) on (node local)
[  265.548407][T10127] loop3: detected capacity change from 0 to 512
[  265.577022][T10127] EXT4-fs: Ignoring removed nobh option
[  265.610167][T10127] EXT4-fs (loop3): Test dummy encryption mode enabled
[  265.668176][T10127] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #15: comm syz.3.1105: iget: bad i_size value: -3674898675588399094
[  265.764203][T10133] loop1: detected capacity change from 0 to 512
[  265.851135][T10127] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.1105: couldn't read orphan inode 15 (err -117)
[  265.941805][T10127] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  266.005686][T10133] EXT4-fs error (device loop1): ext4_iget_extra_inode:5071: inode #15: comm syz.1.1107: corrupted in-inode xattr: invalid ea_ino
[  266.123979][T10133] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.1107: couldn't read orphan inode 15 (err -117)
[  266.188934][ T9544] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm kworker/u8:10: bg 0: block 5: invalid block bitmap
[  266.194675][T10133] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  266.246942][ T9544] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[  266.272488][ T9544] EXT4-fs (loop3): This should not happen!! Data will be lost
[  266.272488][ T9544] 
[  266.298276][ T9544] EXT4-fs (loop3): Total free blocks count 0
[  266.304304][ T9544] EXT4-fs (loop3): Free/Dirty block details
[  266.375923][ T9544] EXT4-fs (loop3): free_blocks=0
[  266.381011][ T9544] EXT4-fs (loop3): dirty_blocks=1
[  266.421034][ T9544] EXT4-fs (loop3): Block reservation details
[  266.446522][ T9544] EXT4-fs (loop3): i_reserved_data_blocks=1
[  266.478325][ T5822] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  266.491253][ T5823] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  267.114475][T10173] loop7: detected capacity change from 0 to 512
[  267.158784][T10173] EXT4-fs (loop7): write access unavailable, skipping orphan cleanup
[  267.182586][T10173] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  267.285938][ T5916] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  267.456413][ T5916] usb 4-1: Using ep0 maxpacket: 32
[  267.480884][ T5916] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  267.516469][ T5916] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  267.547678][ T5916] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  267.578347][ T5916] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  267.619831][ T5916] usb 4-1: config 0 descriptor??
[  267.775942][T10086] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  267.946289][T10086] usb 6-1: Using ep0 maxpacket: 8
[  267.956131][T10086] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 15
[  267.971724][T10086] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  267.995909][T10086] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  268.008297][T10086] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  268.032094][T10086] usb 6-1: New USB device found, idVendor=077d, idProduct=04aa, bcdDevice=5b.d8
[  268.054501][ T5916] savu 0003:1E7D:2D5A.0010: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0
[  268.073800][T10086] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  268.084465][ T9493] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  268.155923][T10086] usb 6-1: Product: syz
[  268.164117][T10086] usb 6-1: Manufacturer: syz
[  268.173819][T10086] usb 6-1: SerialNumber: syz
[  268.201707][T10086] usb 6-1: config 0 descriptor??
[  268.231209][T10184] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  268.484342][T10086] powermate: Expected payload of 3--6 bytes, found 1024 bytes!
[  268.523301][T10086] input: Griffin SoundKnob as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input16
[  268.552970][T10221] loop7: detected capacity change from 0 to 256
[  268.613232][T10223] netlink: 'syz.1.1129': attribute type 4 has an invalid length.
[  268.787336][    C0] powermate: config urb returned -71
[  268.795927][    C0] powermate: config urb returned -71
[  268.801793][    C0] powermate: config urb returned -71
[  268.808418][    C0] powermate: config urb returned -71
[  268.818338][    C0] powermate 6-1:0.0: powermate_irq - usb_submit_urb failed with result: -19
[  268.827393][T10086] usb 6-1: USB disconnect, device number 15
[  268.888790][ T5888] usb 4-1: USB disconnect, device number 14
[  269.329310][T10246] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1135'.
[  269.412011][T10217] loop9: detected capacity change from 0 to 32768
[  269.467946][T10217] XFS (loop9): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  269.702850][T10266] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1139'.
[  269.738727][T10266] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1139'.
[  269.778695][T10217] XFS (loop9): Ending clean mount
[  269.877516][T10217] XFS (loop9): Quotacheck needed: Please wait.
[  270.017794][T10276] loop3: detected capacity change from 0 to 1024
[  270.074909][T10217] XFS (loop9): Quotacheck: Done.
[  270.095130][T10279] loop1: detected capacity change from 0 to 512
[  270.145513][   T12] hfsplus: b-tree write err: -5, ino 4
[  270.238649][T10279] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  270.333498][ T9589] XFS (loop9): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  270.435490][ T5823] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  270.456039][ T5888] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  270.665970][ T5888] usb 6-1: Using ep0 maxpacket: 16
[  270.688887][ T5888] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  270.713876][ T5888] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  270.724567][ T5888] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  270.752260][ T5888] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  270.775613][ T5888] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  270.827969][ T5888] usb 6-1: config 0 descriptor??
[  271.042592][T10302] loop1: detected capacity change from 0 to 4096
[  271.054882][T10302] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512).
[  271.201247][T10302] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  271.231209][T10302] ntfs3(loop1): mft corrupted
[  271.272227][T10302] ntfs3(loop1): Failed to load $Extend (-22).
[  271.309914][ T5888] input: HID 045e:07da as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:045E:07DA.0011/input/input17
[  271.312932][T10302] ntfs3(loop1): Failed to initialize $Extend.
[  271.375311][ T5888] microsoft 0003:045E:07DA.0011: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0
[  271.457160][   T43] usb 6-1: USB disconnect, device number 16
[  271.597741][T10317] fido_id[10317]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/6-1/report_descriptor': No such file or directory
[  272.398669][T10342] loop5: detected capacity change from 0 to 1024
[  272.416629][T10342] EXT4-fs: Ignoring removed bh option
[  272.482722][T10342] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  272.653723][T10342] EXT4-fs error (device loop5): ext4_xattr_inode_iget:441: comm syz.5.1163: inode #4: comm syz.5.1163: iget: illegal inode #
[  272.701210][T10342] EXT4-fs (loop5): Remounting filesystem read-only
[  272.732086][T10342] EXT4-fs warning (device loop5): ext4_xattr_block_set:2195: inode #19: comm syz.5.1163: dec ref error=-30
[  272.855770][ T6307] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  272.893360][T10359] syzkaller1: entered promiscuous mode
[  272.908205][T10347] loop1: detected capacity change from 0 to 32768
[  272.913115][T10359] syzkaller1: entered allmulticast mode
[  272.976128][T10347] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1164 (10347)
[  273.005298][T10347] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  273.052688][T10347] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  273.075914][T10347] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  273.268023][T10347] BTRFS info (device loop1): rebuilding free space tree
[  273.320093][T10347] BTRFS info (device loop1): disabling free space tree
[  273.346170][T10347] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  273.390040][T10347] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  273.419048][T10347] BTRFS info (device loop1): enabling ssd optimizations
[  273.445885][T10347] BTRFS info (device loop1): enabling disk space caching
[  273.457600][T10347] BTRFS info (device loop1): force clearing of disk cache
[  273.475077][T10347] BTRFS info (device loop1): enabling auto defrag
[  273.495368][T10347] BTRFS info (device loop1): max_inline set to 0
[  273.632901][   T36] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared)
[  273.678990][T10361] loop3: detected capacity change from 0 to 32768
[  273.709660][ T5830] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  273.715564][ T5843] Bluetooth: hci5: command 0x1003 tx timeout
[  273.795285][   T30] audit: type=1800 audit(1762433681.873:81): pid=10347 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1164" name="file1" dev="loop1" ino=260 res=0 errno=0
[  273.872514][T10361] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  273.917191][ T5823] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  274.033742][T10361] XFS (loop3): Ending clean mount
[  274.082993][T10400] loop7: detected capacity change from 0 to 512
[  274.101272][   T30] audit: type=1804 audit(1762433682.183:82): pid=10361 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1170" name="/newroot/246/file1/file1" dev="loop3" ino=6150 res=1 errno=0
[  274.245498][   T30] audit: type=1804 audit(1762433682.183:83): pid=10361 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1170" name="/newroot/246/file1/file1" dev="loop3" ino=6150 res=1 errno=0
[  274.251519][T10404] loop9: detected capacity change from 0 to 256
[  274.427539][ T5822] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  274.593395][T10410] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only
[  274.623736][T10410] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  274.738994][   T43] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  274.955107][   T43] usb 10-1: Using ep0 maxpacket: 8
[  274.976436][   T43] usb 10-1: config 254 has an invalid interface number: 119 but max is 0
[  274.987312][   T43] usb 10-1: config 254 has no interface number 0
[  274.993789][   T43] usb 10-1: too many endpoints for config 254 interface 119 altsetting 29: 221, using maximum allowed: 30
[  275.068635][   T43] usb 10-1: config 254 interface 119 altsetting 29 has 0 endpoint descriptors, different from the interface descriptor's value: 221
[  275.123685][   T43] usb 10-1: config 254 interface 119 has no altsetting 0
[  275.158627][   T43] usb 10-1: New USB device found, idVendor=110a, idProduct=1450, bcdDevice=62.cb
[  275.174158][   T43] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  275.205923][   T43] usb 10-1: Product: syz
[  275.216116][   T43] usb 10-1: Manufacturer: syz
[  275.255903][   T43] usb 10-1: SerialNumber: syz
[  275.318132][T10432] loop7: detected capacity change from 0 to 16384
[  275.406442][T10432] loop7: detected capacity change from 16384 to 16297
[  275.486847][   T43] mxuport 10-1:254.119: mxuport_send_ctrl_data_urb - usb_control_msg failed (-71)
[  275.506833][   T43] mxuport 10-1:254.119: mxuport_send_ctrl_data_urb - usb_control_msg failed (-71)
[  275.552857][   T43] mxuport 10-1:254.119: probe with driver mxuport failed with error -71
[  275.613018][   T43] usb 10-1: USB disconnect, device number 2
[  275.900280][T10455] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1201'.
[  275.918469][T10455] netlink: 9 bytes leftover after parsing attributes in process `syz.1.1201'.
[  276.121933][T10461] loop3: detected capacity change from 0 to 512
[  276.141834][T10461] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  276.204131][T10461] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  276.287980][T10461] EXT4-fs (loop3): 1 truncate cleaned up
[  276.295715][T10461] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  276.326383][T10461] EXT4-fs error (device loop3): ext4_xattr_block_list:766: inode #15: comm syz.3.1204: corrupted xattr block 33: invalid header
[  276.352170][T10461] EXT4-fs (loop3): Remounting filesystem read-only
[  276.633208][T10459] loop5: detected capacity change from 0 to 40427
[  276.646220][T10459] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  276.669125][T10459] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  276.692008][T10459] F2FS-fs (loop5): invalid crc value
[  276.834109][T10459] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  276.851393][T10459] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  276.862403][T10459] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  276.896304][ T5822] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  276.906344][T10459] ==================================================================
[  276.906366][T10459] BUG: KASAN: slab-use-after-free in __list_lru_walk_one+0xfb/0x420
[  276.906396][T10459] Read of size 8 at addr ffff888055f55078 by task syz.5.1203/10459
[  276.906411][T10459] 
[  276.906421][T10459] CPU: 1 UID: 0 PID: 10459 Comm: syz.5.1203 Not tainted syzkaller #0 PREEMPT(full) 
[  276.906439][T10459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  276.906451][T10459] Call Trace:
[  276.906458][T10459]  <TASK>
[  276.906465][T10459]  dump_stack_lvl+0x189/0x250
[  276.906486][T10459]  ? rcu_is_watching+0x15/0xb0
[  276.906507][T10459]  ? __kasan_check_byte+0x12/0x40
[  276.906529][T10459]  ? __pfx_dump_stack_lvl+0x10/0x10
[  276.906551][T10459]  ? rcu_is_watching+0x15/0xb0
[  276.906574][T10459]  ? lock_release+0x4b/0x3e0
[  276.906596][T10459]  ? __virt_addr_valid+0x1c8/0x5c0
[  276.906613][T10459]  ? __virt_addr_valid+0x4a5/0x5c0
[  276.906629][T10459]  print_report+0xca/0x240
[  276.906649][T10459]  ? __list_lru_walk_one+0xfb/0x420
[  276.906668][T10459]  kasan_report+0x118/0x150
[  276.906688][T10459]  ? __list_lru_walk_one+0xfb/0x420
[  276.906711][T10459]  __list_lru_walk_one+0xfb/0x420
[  276.906733][T10459]  ? __pfx_gfs2_qd_isolate+0x10/0x10
[  276.906754][T10459]  ? __pfx_gfs2_qd_isolate+0x10/0x10
[  276.906771][T10459]  list_lru_walk_one+0x3c/0x50
[  276.906790][T10459]  gfs2_qd_shrink_scan+0x155/0x330
[  276.906809][T10459]  ? list_lru_count_one+0x27/0x2c0
[  276.906827][T10459]  ? __pfx_gfs2_qd_shrink_scan+0x10/0x10
[  276.906841][T10459]  ? list_lru_count_one+0x27/0x2c0
[  276.906861][T10459]  do_shrink_slab+0x6ef/0x1110
[  276.906883][T10459]  ? shrink_slab+0x129/0x10d0
[  276.906900][T10459]  shrink_slab+0xd74/0x10d0
[  276.906917][T10459]  ? shrink_slab+0x129/0x10d0
[  276.906938][T10459]  ? __pfx_shrink_slab+0x10/0x10
[  276.906960][T10459]  ? mem_cgroup_iter+0x3b/0x460
[  276.906979][T10459]  ? mem_cgroup_iter+0x3e7/0x460
[  276.906995][T10459]  ? mem_cgroup_iter+0x3b/0x460
[  276.907011][T10459]  drop_slab+0x14e/0x290
[  276.907032][T10459]  drop_caches_sysctl_handler+0xc7/0x170
[  276.907049][T10459]  proc_sys_call_handler+0x4cb/0x700
[  276.907073][T10459]  ? __pfx_proc_sys_call_handler+0x10/0x10
[  276.907096][T10459]  ? __asan_memset+0x22/0x50
[  276.907123][T10459]  iter_file_splice_write+0x975/0x10e0
[  276.907161][T10459]  ? __pfx_iter_file_splice_write+0x10/0x10
[  276.907184][T10459]  ? rcu_read_lock_any_held+0xb3/0x120
[  276.907214][T10459]  ? __pfx_iter_file_splice_write+0x10/0x10
[  276.907238][T10459]  direct_splice_actor+0x101/0x160
[  276.907267][T10459]  splice_direct_to_actor+0x5a8/0xcc0
[  276.907307][T10459]  ? __pfx_direct_splice_actor+0x10/0x10
[  276.907331][T10459]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  276.907360][T10459]  do_splice_direct+0x181/0x270
[  276.907384][T10459]  ? __pfx_do_splice_direct+0x10/0x10
[  276.907408][T10459]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  276.907428][T10459]  ? rw_verify_area+0x255/0x4d0
[  276.907450][T10459]  do_sendfile+0x4da/0x7e0
[  276.907470][T10459]  ? __pfx_do_sendfile+0x10/0x10
[  276.907491][T10459]  __se_sys_sendfile64+0xd9/0x190
[  276.907516][T10459]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  276.907541][T10459]  ? do_syscall_64+0xbe/0xfa0
[  276.907563][T10459]  do_syscall_64+0xfa/0xfa0
[  276.907584][T10459]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  276.907601][T10459]  ? clear_bhb_loop+0x60/0xb0
[  276.907620][T10459]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  276.907637][T10459] RIP: 0033:0x7f2e3338f6c9
[  276.907652][T10459] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  276.907668][T10459] RSP: 002b:00007f2e342af038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  276.907686][T10459] RAX: ffffffffffffffda RBX: 00007f2e335e5fa0 RCX: 00007f2e3338f6c9
[  276.907699][T10459] RDX: 0000200000002080 RSI: 0000000000000003 RDI: 0000000000000006
[  276.907711][T10459] RBP: 00007f2e33411f91 R08: 0000000000000000 R09: 0000000000000000
[  276.907722][T10459] R10: 000000000000023b R11: 0000000000000246 R12: 0000000000000000
[  276.907732][T10459] R13: 00007f2e335e6038 R14: 00007f2e335e5fa0 R15: 00007ffc53d7be18
[  276.907753][T10459]  </TASK>
[  276.907760][T10459] 
[  277.312710][T10459] Allocated by task 8314:
[  277.317042][T10459]  kasan_save_track+0x3e/0x80
[  277.321729][T10459]  __kasan_slab_alloc+0x6c/0x80
[  277.326571][T10459]  kmem_cache_alloc_noprof+0x37d/0x700
[  277.332022][T10459]  qd_alloc+0x50/0x250
[  277.336166][T10459]  gfs2_quota_init+0x762/0x1200
[  277.341004][T10459]  gfs2_make_fs_rw+0x143/0x220
[  277.345757][T10459]  gfs2_fill_super+0x1c02/0x2270
[  277.350770][T10459]  get_tree_bdev_flags+0x40e/0x4d0
[  277.355972][T10459]  gfs2_get_tree+0x51/0x1e0
[  277.360477][T10459]  vfs_get_tree+0x92/0x2b0
[  277.364905][T10459]  do_new_mount+0x302/0xa10
[  277.369678][T10459]  __se_sys_mount+0x313/0x410
[  277.374487][T10459]  do_syscall_64+0xfa/0xfa0
[  277.378998][T10459]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  277.384885][T10459] 
[  277.387198][T10459] Freed by task 23:
[  277.390993][T10459]  kasan_save_track+0x3e/0x80
[  277.395665][T10459]  kasan_save_free_info+0x46/0x50
[  277.400683][T10459]  __kasan_slab_free+0x5c/0x80
[  277.405446][T10459]  kmem_cache_free+0x19b/0x690
[  277.410209][T10459]  gfs2_qd_dealloc+0x70/0xe0
[  277.414805][T10459]  rcu_core+0xcab/0x1770
[  277.419066][T10459]  handle_softirqs+0x286/0x870
[  277.423820][T10459]  run_ksoftirqd+0x9b/0x100
[  277.428313][T10459]  smpboot_thread_fn+0x542/0xa60
[  277.433327][T10459]  kthread+0x711/0x8a0
[  277.437393][T10459]  ret_from_fork+0x599/0xb30
[  277.441968][T10459]  ret_from_fork_asm+0x1a/0x30
[  277.446723][T10459] 
[  277.449080][T10459] Last potentially related work creation:
[  277.454862][T10459]  kasan_save_stack+0x3e/0x60
[  277.459616][T10459]  kasan_record_aux_stack+0xbd/0xd0
[  277.464809][T10459]  call_rcu+0x157/0x9c0
[  277.468954][T10459]  gfs2_quota_sync+0x30c/0x460
[  277.473711][T10459]  gfs2_make_fs_ro+0x152/0x300
[  277.478458][T10459]  gfs2_put_super+0x220/0x860
[  277.483120][T10459]  generic_shutdown_super+0x135/0x2c0
[  277.488479][T10459]  kill_block_super+0x44/0x90
[  277.493144][T10459]  deactivate_locked_super+0xbc/0x130
[  277.498679][T10459]  cleanup_mnt+0x425/0x4c0
[  277.503206][T10459]  task_work_run+0x1d4/0x260
[  277.507784][T10459]  exit_to_user_mode_loop+0xff/0x4f0
[  277.513146][T10459]  do_syscall_64+0x2e9/0xfa0
[  277.517764][T10459]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  277.523658][T10459] 
[  277.525971][T10459] The buggy address belongs to the object at ffff888055f55000
[  277.525971][T10459]  which belongs to the cache gfs2_quotad of size 272
[  277.540132][T10459] The buggy address is located 120 bytes inside of
[  277.540132][T10459]  freed 272-byte region [ffff888055f55000, ffff888055f55110)
[  277.554010][T10459] 
[  277.556330][T10459] The buggy address belongs to the physical page:
[  277.562735][T10459] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x55f55
[  277.571486][T10459] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  277.578595][T10459] page_type: f5(slab)
[  277.582566][T10459] raw: 00fff00000000000 ffff88801cb24500 dead000000000122 0000000000000000
[  277.591176][T10459] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000
[  277.599760][T10459] page dumped because: kasan: bad access detected
[  277.606181][T10459] page_owner tracks the page as allocated
[  277.611902][T10459] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x52c50(GFP_NOFS|__GFP_RECLAIMABLE|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 8314, tgid 8312 (syz.8.584), ts 191076173081, free_ts 190078502860
[  277.632644][T10459]  post_alloc_hook+0x240/0x2a0
[  277.637407][T10459]  get_page_from_freelist+0x2365/0x2440
[  277.642953][T10459]  __alloc_frozen_pages_noprof+0x181/0x370
[  277.648746][T10459]  alloc_pages_mpol+0x232/0x4a0
[  277.653586][T10459]  allocate_slab+0x96/0x350
[  277.658084][T10459]  ___slab_alloc+0xf56/0x1990
[  277.662751][T10459]  __slab_alloc+0x65/0x100
[  277.667157][T10459]  kmem_cache_alloc_noprof+0x40f/0x700
[  277.672695][T10459]  qd_alloc+0x50/0x250
[  277.676754][T10459]  gfs2_quota_init+0x762/0x1200
[  277.681592][T10459]  gfs2_make_fs_rw+0x143/0x220
[  277.686348][T10459]  gfs2_fill_super+0x1c02/0x2270
[  277.691286][T10459]  get_tree_bdev_flags+0x40e/0x4d0
[  277.696566][T10459]  gfs2_get_tree+0x51/0x1e0
[  277.701061][T10459]  vfs_get_tree+0x92/0x2b0
[  277.705466][T10459]  do_new_mount+0x302/0xa10
[  277.709959][T10459] page last free pid 5195 tgid 5195 stack trace:
[  277.716269][T10459]  __free_frozen_pages+0xbc8/0xd30
[  277.721376][T10459]  __put_partials+0x146/0x170
[  277.726050][T10459]  put_cpu_partial+0x1f2/0x2e0
[  277.730812][T10459]  __slab_free+0x2b9/0x390
[  277.735225][T10459]  qlist_free_all+0x97/0x140
[  277.739886][T10459]  kasan_quarantine_reduce+0x148/0x160
[  277.745331][T10459]  __kasan_slab_alloc+0x22/0x80
[  277.750171][T10459]  kmem_cache_alloc_noprof+0x37d/0x700
[  277.755646][T10459]  getname_flags+0xb8/0x540
[  277.760152][T10459]  do_sys_openat2+0xbc/0x1c0
[  277.764731][T10459]  __x64_sys_openat+0x138/0x170
[  277.769568][T10459]  do_syscall_64+0xfa/0xfa0
[  277.774199][T10459]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  277.780083][T10459] 
[  277.782390][T10459] Memory state around the buggy address:
[  277.788004][T10459]  ffff888055f54f00: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[  277.796053][T10459]  ffff888055f54f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  277.804105][T10459] >ffff888055f55000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  277.812147][T10459]                                                                 ^
[  277.820111][T10459]  ffff888055f55080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  277.828164][T10459]  ffff888055f55100: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  277.836219][T10459] ==================================================================
[  277.845549][T10459] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  277.852773][T10459] CPU: 1 UID: 0 PID: 10459 Comm: syz.5.1203 Not tainted syzkaller #0 PREEMPT(full) 
[  277.862136][T10459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  277.872189][T10459] Call Trace:
[  277.875467][T10459]  <TASK>
[  277.878385][T10459]  dump_stack_lvl+0x99/0x250
[  277.882973][T10459]  ? __asan_memcpy+0x40/0x70
[  277.887585][T10459]  ? __pfx_dump_stack_lvl+0x10/0x10
[  277.893125][T10459]  ? __pfx__printk+0x10/0x10
[  277.897885][T10459]  vpanic+0x237/0x6d0
[  277.902114][T10459]  ? __pfx_vpanic+0x10/0x10
[  277.906610][T10459]  panic+0xb9/0xc0
[  277.910317][T10459]  ? __pfx_panic+0x10/0x10
[  277.914732][T10459]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  277.920614][T10459]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  277.926519][T10459]  ? __list_lru_walk_one+0xfb/0x420
[  277.931715][T10459]  check_panic_on_warn+0x89/0xb0
[  277.936658][T10459]  ? __list_lru_walk_one+0xfb/0x420
[  277.941862][T10459]  end_report+0x78/0x160
[  277.946095][T10459]  kasan_report+0x129/0x150
[  277.950588][T10459]  ? __list_lru_walk_one+0xfb/0x420
[  277.955779][T10459]  __list_lru_walk_one+0xfb/0x420
[  277.960799][T10459]  ? __pfx_gfs2_qd_isolate+0x10/0x10
[  277.966075][T10459]  ? __pfx_gfs2_qd_isolate+0x10/0x10
[  277.971349][T10459]  list_lru_walk_one+0x3c/0x50
[  277.976104][T10459]  gfs2_qd_shrink_scan+0x155/0x330
[  277.981205][T10459]  ? list_lru_count_one+0x27/0x2c0
[  277.986304][T10459]  ? __pfx_gfs2_qd_shrink_scan+0x10/0x10
[  277.991928][T10459]  ? list_lru_count_one+0x27/0x2c0
[  277.997033][T10459]  do_shrink_slab+0x6ef/0x1110
[  278.001796][T10459]  ? shrink_slab+0x129/0x10d0
[  278.006461][T10459]  shrink_slab+0xd74/0x10d0
[  278.010958][T10459]  ? shrink_slab+0x129/0x10d0
[  278.015655][T10459]  ? __pfx_shrink_slab+0x10/0x10
[  278.020609][T10459]  ? mem_cgroup_iter+0x3b/0x460
[  278.025464][T10459]  ? mem_cgroup_iter+0x3e7/0x460
[  278.030431][T10459]  ? mem_cgroup_iter+0x3b/0x460
[  278.035273][T10459]  drop_slab+0x14e/0x290
[  278.039524][T10459]  drop_caches_sysctl_handler+0xc7/0x170
[  278.045146][T10459]  proc_sys_call_handler+0x4cb/0x700
[  278.050534][T10459]  ? __pfx_proc_sys_call_handler+0x10/0x10
[  278.056427][T10459]  ? __asan_memset+0x22/0x50
[  278.061027][T10459]  iter_file_splice_write+0x975/0x10e0
[  278.066523][T10459]  ? __pfx_iter_file_splice_write+0x10/0x10
[  278.072410][T10459]  ? rcu_read_lock_any_held+0xb3/0x120
[  278.077896][T10459]  ? __pfx_iter_file_splice_write+0x10/0x10
[  278.083848][T10459]  direct_splice_actor+0x101/0x160
[  278.088955][T10459]  splice_direct_to_actor+0x5a8/0xcc0
[  278.094435][T10459]  ? __pfx_direct_splice_actor+0x10/0x10
[  278.100093][T10459]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  278.106089][T10459]  do_splice_direct+0x181/0x270
[  278.110943][T10459]  ? __pfx_do_splice_direct+0x10/0x10
[  278.116310][T10459]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  278.122217][T10459]  ? rw_verify_area+0x255/0x4d0
[  278.127077][T10459]  do_sendfile+0x4da/0x7e0
[  278.131490][T10459]  ? __pfx_do_sendfile+0x10/0x10
[  278.136421][T10459]  __se_sys_sendfile64+0xd9/0x190
[  278.141447][T10459]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  278.147079][T10459]  ? do_syscall_64+0xbe/0xfa0
[  278.151751][T10459]  do_syscall_64+0xfa/0xfa0
[  278.156304][T10459]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  278.162361][T10459]  ? clear_bhb_loop+0x60/0xb0
[  278.167027][T10459]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  278.172913][T10459] RIP: 0033:0x7f2e3338f6c9
[  278.177324][T10459] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  278.197006][T10459] RSP: 002b:00007f2e342af038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  278.205440][T10459] RAX: ffffffffffffffda RBX: 00007f2e335e5fa0 RCX: 00007f2e3338f6c9
[  278.213412][T10459] RDX: 0000200000002080 RSI: 0000000000000003 RDI: 0000000000000006
[  278.221402][T10459] RBP: 00007f2e33411f91 R08: 0000000000000000 R09: 0000000000000000
[  278.229631][T10459] R10: 000000000000023b R11: 0000000000000246 R12: 0000000000000000
[  278.237592][T10459] R13: 00007f2e335e6038 R14: 00007f2e335e5fa0 R15: 00007ffc53d7be18
[  278.245747][T10459]  </TASK>
[  278.249758][T10459] Kernel Offset: disabled
[  278.254076][T10459] Rebooting in 86400 seconds..