last executing test programs: 17.410392939s ago: executing program 1 (id=760): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x40, 0xfd, 0x7ffc0002}]}) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) syz_usb_connect(0x0, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x8e, 0xc6, 0x1e, 0x40, 0x7c9, 0x12, 0xc2f4, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0xcb, 0x8e, 0x2f, 0x0, [], [{{0x9, 0x5, 0xf}}, {{0x9, 0x5, 0xd}}, {{0x9, 0x5, 0x9}}]}}]}}]}}, 0x0) r0 = io_uring_setup(0x801952, &(0x7f0000000a80)={0x0, 0xc3d7, 0x8000, 0x0, 0x2b0}) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000080)=0x200000000) r2 = dup2(r1, r1) preadv2(r2, &(0x7f0000000880)=[{&(0x7f0000000100)=""/199, 0xc7}], 0x1, 0x7, 0x3, 0x1) close_range(r0, 0xffffffffffffffff, 0x0) r3 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) pwritev(r3, &(0x7f0000001600)=[{&(0x7f00000012c0)="7a2eb2aa0eb305e5a5abc4", 0xb}], 0x1, 0x2, 0x3) setsockopt$llc_int(0xffffffffffffffff, 0x10c, 0x4, &(0x7f0000000000)=0x3, 0x4) r4 = open(&(0x7f0000000040)='./bus\x00', 0x60142, 0x0) fallocate(r4, 0x11, 0x0, 0x8800000) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000080)={'ip6tnl0\x00', &(0x7f00000001c0)={'ip6gre0\x00', 0x0, 0x4, 0x3, 0xff, 0x5, 0x51, @loopback, @mcast1, 0x7, 0x7856, 0x0, 0x800}}) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f0000000280)=ANY=[@ANYBLOB="9feb010018a7146ae100000048000000480000000300000002000000050000841de300000900000003000000ec00000006000000000000008100000010000000030000004c4d00000b0000000300000004000000010000000100000080000000003000"], &(0x7f0000000300)=""/205, 0x63, 0xcd, 0x0, 0x9b3, 0x0, @void, @value}, 0x28) bpf$TOKEN_CREATE(0x24, &(0x7f00000004c0)={0x0, r3}, 0x8) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', 0x0}) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=@ipv6_newroute={0x38, 0x18, 0x1, 0x70bd2c, 0x0, {}, [@RTA_OIF={0x8, 0x4, r6}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x8}, @RTA_ENCAP={0xc, 0x16, 0x0, 0x1, @SEG6_LOCAL_ACTION={0x8, 0x1, 0x7}}]}, 0x38}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000580)='virtio_transport_recv_pkt\x00', 0xffffffffffffffff, 0x0, 0x8a2}, 0x18) mremap(&(0x7f0000000000/0x9000)=nil, 0x200003, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil) 13.330788553s ago: executing program 1 (id=773): io_uring_setup(0x1fcb, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f00000000c0)={0xa, 0x0, 0x0, @dev, 0x27}, 0x1c, 0x0}, 0xb00) 12.267009136s ago: executing program 1 (id=778): syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f0000000240)={[{@treelog}, {@nodatacow}, {@max_inline={'max_inline', 0x3d, [0x6d, 0x33, 0x78, 0x39, 0x65, 0x36]}}, {@nossd_spread}, {@nodatasum}, {@nobarrier}, {@flushoncommit}, {@noautodefrag}, {@ref_verify}, {@noenospc_debug}, {@subvolid={'subvolid', 0x3d, 0x69}}, {@commit={'commit', 0x3d, 0x3}}, {@subvol={'subvol', 0x3d, '.-'}}, {@nobarrier}, {@max_inline={'max_inline', 0x3d, [0x38, 0x36, 0x38, 0x35, 0x32, 0x25]}}]}, 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r0, 0x0) truncate(&(0x7f0000000900)='./file1\x00', 0xbf39) syz_mount_image$msdos(&(0x7f0000000940), &(0x7f0000001cc0)='.\x00', 0x1a4a438, &(0x7f00000008c0)=ANY=[], 0xb, 0x0, &(0x7f0000000000)) syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000000040)='./file2\x00', 0x8, &(0x7f00000001c0)={[{@barrier}, {@nossd_spread}, {@ref_verify}, {@compress_algo={'compress', 0x3d, 'no'}}, {@clear_cache}, {@noacl}, {@noenospc_debug}, {@nodatacow}, {@nospace_cache}]}, 0x1, 0x55ae, &(0x7f000000ac40)="$eJzs3X9snHUdB/DnruvaFdeWMOuArGwDJFtEOjdNCCR2bNNpYTnphE3I+gNH0DmtY8NVCCtinIERijWMwQoLbn9MEYqucyiJBewqul8IJtNFBbPFNWOkOBExYTG9u+d299zaHhMpwuu1tM/zvc/z/d73njx/3PvW73MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEHwx+N3TL/t3roJ26+ru++8a85e+2D3kuMX3rq1avND20v2dTz31aNVq1qPLF1w0/2JpkfW93d3BkEs2S+W7t9w2fwrr69vuKI0HLDxc6ltZeVQT5nq+mKqMTbnwcF+uT9NQRAURwYoSm/npXfiOQNkdlfkDzisayf1tE4dP69x28qujc8uu3xL/ktnUOloT2C0pK+rgyeupdrk73jkiEw769KL5Vyiqf7RC+4deREAwFtSk0huMm9H029xM+22aD3Sro202yPt8B1Ce3bjVKTGHTvUPCdH66M0z9pUVCgZcp6Revr8Z9qJaP9IOxI13sI8cw9NR5rSoebZEqmP1jwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k0uuH5m/d49D7/8ldbf/u7h17/16sePrGq8ZaC7/qJ1ix/v2PG9vx2tWtV6ZOmCm+5PND2yvr+7Mwgqk/1iqe6xZ6ri8ZkDddseu6e3puFDC9cUpccNt2OyDg72hzsXVwRBc1blYDhsf3kQJHILyWawIb/wpeTOZ8ICAAAA7yVnJn/HM+1UHCzOaceSaTKW/BdKhcVrJ/W0Th0/r3Hbyq6Nzy67fMupj5cYYrzak46XaVee+IllBeMw/kbHO1EPD12RN87woiNG8/zpx/qnNdfdUHrl7gsWzphdv+XS4CfTD3csX3TfhBfHL9nXXpOX/yuHz//hmZP/AQAA+G/I/9FxhjdS/m+uqZh0cOp3ix67rur44fkP/Lyz7/kn4w8VD3Q//dLYcbf9cnVe/p+c85R5+T+ccZj/48Gp5X8AAAB4N/tf5//avHGGN1L+/8X+zZ//98pvTDk84187Xnj69xdvnVI+/7WyGTe8+cSCVxp2tf0pL//XFJb/x2RPO3xwVzjhZRVBUFP4SQUAAAByhP/vfuKjhTCvpz45iOb1y+4qe3LXG+tvjJ/V8o8zFvfPqv7i7tVf37ApNrChc92O5XNX5OX/2sLyf/E783IBAACAAvxm+y13V395ydYtew7N2XFnYvPYS+a+uuennVf1vXwsUfT8zX15+T9RWP4vGZ2XAwAAAJzEU+MmPnfo0UNfm7177YS9q9rmPD5t3+qFD/xz9t+veOnPxzddWJ6X/xsLy/9l6W165UOq087wrxA6KoKgdHCnJVXoC9o/mSkAAAAAb5Mwpzc1revduX7MrNfOPvzDNSuW/2rvpd++a2P1zQd+XXX7ucf2996Yl/9bhr//f3ing3D9f879//LW/2cVUnf9u8SNAQAAAHg/yl/PH94eP/XNBUN9/36h6/8/euaBko7m8ysnx7dVz3rig31Xra1+fVHHRZ/YfusbH46V//VTefm/rbD8X5S9fTu//w8AAABOwf/b9/8tzhtneCPd/79v3DPnrPnsPT+o/WbZU+e+eXfzd9oPTj9v87QzPlJ0fvecmX/4fl7+by8s/4fb07JfXk94fm6vCIKJgzvpuwluDae7LFLoKs4qpE58pEd92CNd6CrJKiS1RHp8rCIIpgzutEUKp4eF9khhoDxd2BQp7A0L6eshU3g0UugJr7R7y9PTjRZ+FhbSCyy6whUUp2WWRER6HBuqx2DhpD0OZJ4cAADgfSUMz+ksW5zbDKJRtis20gFlIx0QH+mAopEOGBM5IHrgUI8HjbmF8PEfz+1e+so1D9b1Xt1w9KzZe5bc0faBnkW9O7/wo55z/nL1Cws/nZf/NxWW/8NTMTa1GWr9fxCu/09/r2Fm/X9jWKiMFLrCQiJ6x4BE+BypsHtn+ByViXSPgYmZAgAAALynhZ8LFI3yPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sHfvcVJVd4LATzf9oJum6YgBY4ygRkR3aZomGEQcUXRXo4tNJKtjhtAIjXZoAwq4YsyKr3GV6GLUmBjZwY+jJg6r+CDqRIXoiElGJfE5Kz4HnciqS9BR45gs++m+dYqqW112IaC0+/3+0XWqfud569F17r11LgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/P/hsiX3Nrw58H9965ffW/f697409TdTD9m8y19uqHt3yDlPbT5ocN0tbw1asPCNtklnXtsyffk1G1YuDaGlq1xZUrzsoUHl5aP/cMxdt13xcNO0wVPOrcrUm4mHfp1/yjN3Loytvto/hLvLQqhIB0bUJYHKzP26WN8edSF8LmwJZEu01SYl0g2Hh2tCWBa2BLJV3VsTQl1OYMoTD666rDNxVU0I+4YQqtNtvFCdtFGTDgyrSgK16cCciiTw/uZENnBPeRKArVHV3YPxzZB90a9oyc/Q0H1lRV5/lR+3czuZ9PD6xERD8XxvHbaDO5Wj4Lls2aanrduXBttdwdtjtXdbL3i3FWznJZ623C9SmW8om7eEqkP5zLZZ0xd0zI+PlIfGxj7FatpBz/O6TefM2Jp0r3kdxg40bJfX4QO1k+ove3viwStP/uPp+85fO3Vbu/lczibNTe9o1SHzmus1z2M04dP7PNm8LYW3r539aSv4ljTUl64QwvF/+nzZM3Ne2n3jB6+eOPH2Fy6+etrCa6ZMfHbQL8b+47W73D3t8oL5f8NHz//jyznelufljq1+WJ/MzeMjdTGxsT6ZmwMAAECv0Rv2mn519KsvnfrQ3YteXH5cxXfH/eqk3eorzv5+x/G7rhz/xUuvbH98l4L5/9DSjv/HQ/51uaNdHcKErsQFA0LYrevxJPCz2J2TB4SwV1eqJT9wWCqwOoQvdCX2z1aVKtE3lhiaCvy+PhOYkAqsiYGWVODGGFiSClwYAytSgRkxsDoVODwGQnv+OA6oz4yj5EBNDLQmG3FFPAvhnfrYWmpbrctWBQAAsJ1kZoeV+XdzznXY1gxxermipqcM8QzsohmqUzWkZ7DZaVXRGip6qqG8pxqy41700cMvqLmsp5oLTsMoy8/w4ZDvlA+YuPeP7rpxxE3NL0787rtjj//Kn998d/X+//Tf7zln/nUHFMz/mz56/l/dTUfKCo7/hzC562/MXZ6JdGTjrS15GQAAAIBtcNVjS5+84YCj/s99L99355euvaF89dVf/7+vbLxg71HHDS/r+3ffXlEw/59Q2vn/cZ9In5zM4dG4G2L2gBCa8gNJtQcXBpKj3v0yAQAAAOgNssfjs8fC2zO3ySna6fl0Yf6WrcwfD/xP6Db/5Zv++tkvX/vkiQuH7bPhiv925gdlnx/7u12OXTvy8bf2HPYPDX0Lz/9vKe38/9r826QTa2IvrhwQQt+cwCOxl52BLkNj4OVD8wOZ8a+JG2BxrCpzYkK2qsWxRGsMNKUCy4qV+G22xG75gcyTlW38guw42jMlcgIAAADwiYu7A+Jx+Xj+/z2TD/jS/oNeGvPinvcufG3C0hNOrf3hPrfs+vqAjkljDpxwyBHPFMz/W7fu/P+ueXDB6f0d/UIYWRFCn/QPAx6tTRYGjIG6skzi/tqkrj7pqs6rDWF858DSVb2SWf+/Ir3G4BM1SVUxsNveP900rDNxQ00II3MDz3zz+jGdifmpQLbxb9SEMKRztOnGV/ZNGq9MN35N3xD2zAlkqzq5bwidjVWlq3qwOnMdg3RVt1WHMDAnkK3qwOoQFgYAeqn4r3Rm7oPzFp49e3pHR9sZOzAR9+HXhFntHW2NM+Z0zKwu0qeZqT7nLWN0XuGYSr3yzfOZJYqmDrl9eCnp7O8Em3LbyuzHLzhxMHM/fheq7Bpnc2Xe3dHpIQ/fp7CJkPNNqtiQy3fwkGtzK9nyJBbUH/NXhX6h74J5bWc0njV9/vwzRiV/S83enPyNh5mSbTUqva1qu+tbCS+PoqtlpXzcbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/PQx1v+6qTg118/Uljms7DnX3ipxKPolPDQkJid6WmL6k7PwJ0359/7f2WHPaWSft8fd7zBxx0l9d/pu5JzYeMvlX1//l2oL5/9yPnv/HT534yZ9Zn6HY8f+GeJg/eXzLYf7WGFhW6vH/hmJH87MnBgxNBRbFwCKH+QEAAPhsiLsj497MuFf6urp/uvvImTMOef+XJ0y5+m/Hjjv1rPX7Nlx89bFL/sP6d5asOuLtgvn/otJ+/7+d1v/PLl3/tWLL/O8fSzQVW/8/vcx/dv3/RcXW/08v859d/3/Zp7D+/4JsILVJ3rH+PwAA8Fnwya3/3+Py/ukLBBRk6HF5//QFAgoy9LiMf6kXCNjq9f/ndPxF7aDL54w7dMTcHz+yau8lA2/70vMTf73P0oNG3LvylvdG3Vow/19S2vzfwv0AAACw83jol32/ffG7w+5/6pH3jyy79Lcbbzr+r9oOOOQPA5tPmXx0zfdv+reC+f+y0ub/n/z6f6HY+f9DiwVaii0MaP0/AAAAeqli6//dPPDloavnj7jxsZ+/ectLrb+YOf61f7fkB1+ZPqzp5jXrftMwY33B/H9FafP/eNpFeV7u2JsP65M17UJ6TbuN9dmfDAAAAEDvUB4aGytLzJu3MuphH7/NdZmlQD8qnevp+watWlD+0FVl1Rt/cMm0QxrPPfbMOUdetP77tU/+pHZqY/UZBfP/1aXN//N+l/FA7aT6y96eePCHK0/+4+n7zl87dcvxfwAAAGDHKXW/BAAAAAAAAAAAAAAA8Ol7qnXpQR+MOvqNmXuN+tM3jn3hB4u/+M1H/ubaP5/588Pv26t987ApBb//D5O7yhX7/X+87l/8fcGuebljqz2v/5e5P+WYWxd2LVn4aH0I++QGZp8/+3Mhc23+/XIDq6buP7gzcX66xH0vHv5aZ2JaOnDUiF3e60yMTwVa4yKJX0gH4lUV3+ufCsTlFZ9MB+L2WJEOVGUCl/RPxlGW3lYb6pJtVZbeVs/VhTAgJ5DdVnfXJW2UpQd4VSqQHeDp6UAc4KRMoDzdq1v7Jb2KgbpY9G/6Jb0CAGCnFb8FVoZZ7R1tTfErfLzdvSL/Nspbsuy8wmrLSmz++czSZFOH3D68lHSf9HfRLdcarwzVnUMYVfB1NTdLWdcot08tPWy6XYsMuafV3sqLlEvb2k1XVXxENcmIGmfM6ZhZ2ePAR/ecpbmixyyjCiY7uVnKuzZpCbWU0JcSRlTitimhy/F+eWhs7JPKNS4GG0Kenl4Rpf5eP3edv2Kvgtw8f1tz7aV9Bvd5/9/GX/TQgwMqO06d3HbR7o/988BRM3/8wwdbr/l9wfy/obT5f3XuuN7LXAxgUbyy3sEDQmgtcUQAAADw2fc/z11+x4lz1myYtbri2d/9bnb5cSdWbj7nrnPOvui5+xcfdcm/v3lb4yvKntp04hubzvrrN37ylesePuulw2ecddekdYesb6u+8bt/sfzUIQXz/6Glzf/jHqzMoeBkb8fqeP3/CwaE0HVp/YYk8LM43JMHhLBXV6ollkguqP+1WKIpCfws7jDZP5Zobcmvqm8MrEgFfl+fCaxOBdbEQGYvxU9DZlfOFfUhjOlKTc4vMTeWaEgFjouBoalAYww0pQL9Y2BCKvBm/0ygJRX4xxgI7fnb6s7+mW0FAACwNTLzrMr8uyE9z1tR0VOGsp4y1PaUobynDNU9ZSg2inj/jpihMnXySllOpsp0rTWpWgoyxIvhb3W/CjKE3+bnTBcsaDqef5A936AsP8O4H97RetDX5v1408U/evzIAy88csmVb196dL/BVz77v9vP7dd/U23B/L+ptPl/bf5t0vqaOP/fcv2/JPBI7N6V8dTxoTHw8qH5gcyOgTVxsrs4W1VLpkRm0r44lpgQA0NTgbkxMCEVaJ2cCSwbnB/IzLSzjV+Qbbw9UyInAAAAAJ+4uIMg7qaJ8/+V48I7exz5fvPuVw6cO+7xR847YnrNrtU1/zx+7dLxl1Y/tF/fgvn/hNLm/7G9frmNXRh782r/EO4u29KbbGBEXRKI+zHq4s/j96gL4XM5OziyJdpqkxJVqYbDwzXJL9Sr0lXdW5OsMRDvT3niwVWXdSauqglh35y9L9k2XqhO2qhJB4ZVJYHadGBORRKIe36ygXvKkwBss+xewfiCypzqktXQfbkir7/PyjVB08Mr2AfaTb7ufnO1o1SnH8jsU83auqetoDp2iIK3x2rvtt74bmvwbsv9IpX5hrJ5S6g6lM9smzV9Qcf8+EjuL1kL7KDnOfdXqqWkt8PrcNHH723PqtMdaEp9fDR1X67712FZrO6B2kn1l7098eCVJ//x9H3nr51acjeKiD8UPvjWuQc8l7N5d7TqkHnN9brPkxafJ73x38BQT1sIYfkFs5584l/ef75iffN/OXDs8tvefGz5Tw56YNaIL2y45Msb33r3qIL5f0tp8/+K1G2XD+LGnDcghOE5G/fRuPknDkg+B3MCyafkwMJAcsh9fX3RT04AAADY3rK7O7L7C9ozt8kJ4el5cmH+lq3MH/dXTOg2f6n9HjjmH7536FWvf+Pr63e//NGlT637T2++csS0Qx/Y9PSKla83H/v5pwvm/60fPf/vm+qm4/+O/7ODOP7frZ19V3Tf9AOLtmlXdEF17BCO/3drZ3+3Of7fLcf/Hf/vjuP/PXD8v1s7+9NW8C1pri9dIYTWATfc/ova6cP7XXHOt2as/fnT7zSNe6Hu3KPv/B+HLw7XnLfqzwXz/7mlzf+t/9f9on3Z9f9ai63/N7fY+n+LrP8HAADsUEUWmkvP8wpW7yvIkF69ryBDjwsE9rjEoPX/tnr9v9qTzj7plfq39rpm4u3/+c7pFz5/0onP7tvn+RNuP+GmkVcPf+nLGwrm/4tKm//Hl0O/3NZ7y/p/QycXqWpJDMy1MCAAAAA7o2I7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPh0rXhw8Rc3L97noJue/fxNh//rsjWz9v7VAZtHjzm5cfjigWVX/t2/vDVowcI32iadeW3L9OXXbFi5NIT2rnJlSfGyhwaVl4/+wzF33XbFw03TBk85tzpTb2Xm9ot5uWOrH9aHsCznkbqY2FjfeWdLYMoxty6s6Ew8Wh/CPrmB2efP/lxn4sb6EPbLDayauv/gzsT56RL3vXj4a52JaenAUSN2ea8zMT4TKEt397r+SXfL0t29rH8IA3IC2e5+u39+Vdk2/mMmUJ5u4+a6pI0YqItFf1SXtBEDHbFEe98QRlaE0Cdd1a+rk6r6pKv6++qkqj7pqv5rdQjjQwgV6aperEqqqkiPfG1VUlUM7Lb3TzcN60wsqwphZG7gmW9eP6YzcXoqkG3861UhDOl8yaQbv6Myabwy3fhVlSHsGUKoSpf414qkRFW6xCsVIQzMCWQbP7UihIWBz4T44TMz98F5C8+ePb2jo+2MHZioyrRVE2a1d7Q1zpjTMbM61adiynLSm8/7+GN/ftM5Mzpvpw65fXgp6YpMucquLjdX5t0dvbP3PvarNreSLc9HQf0xf1XoF/oumNd2RuNZ0+fPP2NU8rfU7M3J3z6ZaLKtRvWWbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/22Oo13/yQ929IqeST+IDQEJCorclyvM+3Zp29g/ygi/6WzpaGaq7PqALphW5Wcq6Rrk9Bn3Yxxzxx/me0uOIRhVMHAqyNPecZXTBZGJLlpokS9f3uoLJYW5N5V2bNN4vD42NfYpth4b8u7mb961t2LzrMpuu1DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD/2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBYAAAAAECYv3UYPRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlwIAAP//WKHPZA==") creat(&(0x7f0000000100)='./file1\x00', 0xe0) socket(0x1e, 0x4, 0x0) socket(0x2, 0x80805, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) dup(r1) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000006c0)={0x0, 0x0, 0x2, {0x0, 0x1}, {0x46, 0xea}, @rumble={0x636, 0x2}}) r2 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x822b01) write$char_usb(r2, &(0x7f0000000040)="e2", 0x12d8) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) r3 = fcntl$getown(r2, 0x9) prlimit64(r3, 0x0, &(0x7f0000000100)={0x40c0, 0x6}, &(0x7f0000000180)) socket$packet(0x11, 0x2, 0x300) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)) socket$nl_generic(0x10, 0x3, 0x10) socket$alg(0x26, 0x5, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001300)) 11.259849118s ago: executing program 3 (id=784): r0 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_SIOCETHTOOL(r0, 0x8993, &(0x7f0000000080)={'bond0\x00', &(0x7f00000000c0)=@ethtool_channels={0x1}}) 10.190905984s ago: executing program 3 (id=788): io_uring_setup(0x1fcb, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f00000000c0)={0xa, 0x0, 0x0, @dev, 0x27}, 0x1c, 0x0}, 0xb00) 10.1112828s ago: executing program 2 (id=790): capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000080)) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) fsetxattr(r0, &(0x7f0000000080)=@known='trusted.overlay.upper\x00', 0x0, 0x0, 0x0) fgetxattr(r0, &(0x7f0000000000)=@known='trusted.overlay.upper\x00', 0x0, 0xffde) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) r2 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r2, &(0x7f0000001200)=[{&(0x7f0000000080)="580000001400add427323b472545b45602117fffffff810000400e227f000001925aa80020007b00090080007f000006e809000000ff0000f03ac71002000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) 9.171027549s ago: executing program 2 (id=792): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x200000005c831, 0xffffffffffffffff, 0x0) 9.169601758s ago: executing program 3 (id=793): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0xfffffffffffffff5}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet(0x2, 0x2, 0x1) sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x4010) setsockopt$inet_int(r3, 0x0, 0x2, &(0x7f0000000000)=0x9, 0x4) sendmsg$inet(r3, &(0x7f0000000600)={&(0x7f0000000040)={0x2, 0xffff, @local}, 0x10, &(0x7f0000000240)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f00000004c0)="1ed8b7f9d457", 0x6}], 0x2, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000007000000890b040a0101027f00000100000000001c000000000000000000000008"], 0x40}, 0x20000000) syz_mount_image$xfs(&(0x7f0000009740), &(0x7f0000009780)='./file1\x00', 0x0, &(0x7f00000006c0)={[{@gquota}, {@nolargeio}, {@uqnoenforce}]}, 0x1, 0x9793, &(0x7f0000012f40)="$eJzs3QeYJHWhcP1Z2CVnUBFFUVExEiWIKEFAJEhUUECQLDkoQUkiEhQFAUVAcs4555xzzjnnnPmeZXeVux7Q+373ffF6znme3Zmurq6p/v+6qmamerqXnGexOQcGxhgY1hQDI3fzHXMutPGOc16+9057njzFWBNMPnzy8BtMOvzipIOGfxxlYGBglOHLGT5t7EdOOHGUgcHvTP97Y4851qBxBwamG35x9uEfZxr2YeJHR8z39kiNvKKD/nZx0PbD/r3T+EO/xNBPlr7pgrMHBgYmeNfth95kmn+4o9KWnGPeef5u9Te3oVZDhn/+7n+jDfs38f0DAxPfM8CPj3fPO+gDuEtDv+YEOz4wxrofwNf+X9eSc8w730j+Q7fFUYdPm2noNj7yNmhs5Mf5TavMuvvwIXzn8TYwMHQX91+2lf8VLTnHPAsMvPd+fuChscY7/e139ptjPzMwMPazAwNjPzcwMPbzAwNjvzAwMPaLH7RL/f9rjjmnn3Po9j7i8nD2EY/lCehxsffqL+w1MDAw+rB5xn5r2PFinClGHBOqqqrq37s55px+Ljj+j/F+x/+ttp7jlo7/VVVV/3ubb445px96HB/p+D/O+x3/v3vDDWsM+93/7DMNu9VbH+ydqKqqqv9W88yHx/8J3u/4P/4O1+3X8b+qqup/b4su+M7xf5yRjv+TvN/xf43577h0+Hwjvm94812LfOf5Y8Onv/6u6aO+a/pr75o+5F3Leff8o71r+ivvmj7GwMDYjwyf/sbfJ4/9zNDb/ONyxn7p78/HmXTwu6a//K7po71r+ivD12no9NHfNf3Nd80/xt+njzP0vymGf91X32eoq6qq/m1adPp55hp41/Psh08e8cR+fF7o0UdvfecHtb5VVVVVVVVV9d/vrSdPO+vvf/P9iYF3/e3q3/6GdfjvBQYdc84113xgK/rv0aB//H3IFh/0Ov3/bajzGIdNMTCw1hIf9KrUB9D/mr9Vr/8r5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+4t7j/P/f/v5/4J4v7jB81lkmu+Pexf5+y0kHVhv+2c13zLnQah/Aun8A/aee/x9YbdDAwHDfCYZaLjTHootPNTAwsNi9d0w248Dfrpt56HWzTjTqO3/MOTAw1Tv/D5n0PZY8/F0W3nlzh0n+toxj3ln+fG/vO+qgkVbiXc129n0HrrrkyzOM/PHz730//vb+Eku9tO+UI/6WZZSRZhrjPW48Yvkj7svIzsPXfaqh6z71BmuuM/X6G2/yldXWXH6VlVZZaa3pppt2hulnnGG6r80y9cqrrbHSNMP+f48xG/bWFaP+K2M2zshj9uQc7x6zke/bhCcdiGP2j+/q8V8W8c4Sz53toctGjNngf3HMRny9Ud9/zKZYbfgXmnRgyMBy7wzNoIGBSQcPGdho6IVpRx8YmHTI8HknHTrvNyYaZWBgx7/f0UHDX2x02DyDthg6z7/Z+5bMMnxENh0x38ivsz7yiv6z9y05fpxd7hjpfUv+b/V/dPz/B6+ZB/1toEa8AcLweYZ5fcDvM/EP6zvF4HcOcu+1vu/zujjvRI+vNVd9dIn/qdfFofUd533W931ex+8913eqaZ/eY9ii/sfWd6R93QLDrvxX9nUD77+vG5Vuv9KVk4+8r5v/vVfxv2zHI8Zo9JFmeq993Y7zn7v50OUPvP++boHVhr94wN/3daMMDEw66oh93dAd32hDBnYcemG6oRdGHzJwyNAL079zYcyBc4Ze+OoKa6+x4qB3XmZg+HKnGbrc2ScaNGwDuvHAVUff5e23Bw9fl5fG/q/rOvzxMcW7j+dzTDR8MIffdsRyh846YrmvbDPsutGGL/fl/8ZyR9yW1nfSM4ddN/rw5b4y0nKHvM9yR9z2H7aHqQb9lyeqwv7mA31fI9p+x3if9X2f1+HGx9s77lMu+9D/wOtwD3qv9R38/uv7Xu8b8p7r+9hlj+/zP/W64fQ4u2fvYY+VMYY/zt78bzx+R9x25P3YsBcCGbbbH+Nf2Y9N8Q/7sS1HHWWkwX5X7/V97oow//At4m9LW/GAl1cbMfZDRlruP/s+9133ZRDsxyYY6ee5QZvvMzCIxvyRNZ7f8K2d33/Mhwz8158tRoz5iNu+35iP/q+M+cfff8xH/j75vcZ8qs8Mu37ISOv/7jFfZLfZbxwx5qONtNx/Nuajv/+x4x/HfGBgCI35jpMNG7f325++15iPuO2IMR/6dWadaPDA3AMDA1MOH/PR/pUxn/R/5nE+Fsw/7POV/jbpmRkX/vKIMR95jP/ZmI/23xzzze752+N8yneu+/QoA6ONNrDR8htssN60w/4fcXG6Yf/zvuiZFYeN8/sdS9/LaMRt32+7GPyvGE3wLxkN+mdGkw1+L6O/b1qjHrjos/+n+6LB/12jc3hfdMq8w8bt/b4veq8xH3FbOg5O8q7bj/xz6Pu8fhbep3fGZ/5tR/y89+/w+lkjft79X/n6WSN+J7nayDv5+lfr9//u8neXv7v83eUv7j3O/08x4vz/2+Ps/+HhP3QOuXLmW2b/oNf3A+4/+vz/cN//cv5/9ltmvnLoj1bDr3vf87PD5vm3PD8707APEz86Yr6Rzw+OvKL/7Pzs3rtucOX/o/Oz/0eN2Fb/hZ+L2/+7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v8xb3H+f9pRjwP4MHFF/re8BOhQzad9shNP+j1/YD7jz7/P9z3v5z/3/TIaTcdZeBv173v+f9h8zjO/9+34ObL/Duf/x+xrXb+v/5J+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/uPc4/z/7iOcBHD7b3J8d8XyA67fbd48Pen0/4P5Tz//3/v/e2v+7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v8xQ0//z8w0tskLtzjAoPz//+7ew//RfLHLP6L5o9Z/BfLH7P4L54/ZvFfIn/M4v/9/DGL/w/yxyz+S+aPWfyXyh+z+P8wf8zi/6P8MYv/0vljFv9l8scs/svmj1n8f5w/ZvFfLn/M4r98/pjF/yf5Yxb/FfLHLP4r5o9Z/FfKH7P4r5w/ZvFfJX/M4r9q/pjFf7X8MYv/T/PHLP6r549Z/NfIH7P4r5k/ZvFfK3/M4r92/pjFf538MYv/uvljFv/18scs/uvnj1n8N8gfs/j/LH/M4v/z/DGL/4b5Yxb/jfLHLP4b549Z/DfJH7P4/yJ/zOL/y/wxi/+m+WMW/83yxyz+m+ePWfy3yB+z+G+ZP2bx/1X+mMV/q/wxi/+v88cs/lvnj1n8f5M/ZvHfJn/M4r9t/pjFf7v8MYv/9vljFv/f5o9Z/H+XP2bx3yF/zOL/+/wxi/8f8scs/jvmj1n8d8ofs/j/MX/M4r9z/pjFf5f8MYv/rvljFv8/5Y9Z/P+cP2bx3y1/zOL/l/wxi//u+WMW/z3yxyz+e+aPWfz/mj9m8d8rf8ziv3f+mMV/n/wxi/+++WMW//3yxyz+++ePWfwPyB+z+B+YP2bxPyh/zOJ/cP6Yxf+Q/DGL/6H5Yxb/w/LHLP6H549Z/I/IH7P4H5k/ZvE/Kn/M4n90/pjF/5j8MYv/sfljFv/j8scs/sfnj1n8T8gfs/ifmD9m8T8pf8zif3L+mMX/lPwxi/+p+WMW/9Pyxyz+p+ePWfzPyB+z+J+ZP2bxPyt/zOJ/dv6Yxf+c/DGL/7n5Yxb/8/LHLP7n549Z/C/IH7P4X5g/ZvG/KH/M4n9x/pjF/5L8MYv/pfljFv/L8scs/pfnj1n8r8gfs/hfmT9m8b8qf8zif3X+mMX/mvwxi/+1+WMW/+vyxyz+1+ePWfxvyB+z+N+YP2bxvyl/zOJ/c/6Yxf+W/DGL/635Yxb/2/LHLP63549Z/O/IH7P435k/ZvG/K3/M4n93/pjF/578MYv/vfljFv/78scs/vfnj1n8H8gfs/g/mD9m8X8of8zi/3D+mMX/kfwxi/+j+WMW/8fyxyz+j+ePWfyfyB+z+D+ZP2bxfyp/zOL/dP6Yxf+Z/DGL/7P5Yxb/5/LHLP7P549Z/F/IH7P4v5g/ZvF/KX/M4v9y/pjF/5X8MYv/q/ljFv/X8scs/q/nj1n838gfs/i/mT9m8X8rf8zi/3b+mMR/0ED+mMV/UP6YxX+U/DGL/6j5Yxb/wfljFv8h+WMW/9Hyxyz+o+ePWfzHyB+z+I+ZP2bxHyt/zOI/dv6YxX+c/DGL/7j5Yxb/8fLHLP7j549Z/CfIH7P4T5g/ZvGfKH/M4j9x/pjFf5L8MYv/h/LHLP4fzh+z+H8kf8ziP2n+mMX/o/ljFv/J8scs/h/LH7P4fzx/zOI/ef6Yxf8T+WMW/0/mj1n8p8gfs/h/Kn/M4v/p/DGL/2fyxyz+U+aPWfw/mz9m8f9c/pjF//P5Yxb/qfLHLP5fyB+z+H8xf8zi/6X8MYv/l/PHLP5fyR+z+H81f8ziP3X+mMV/mvwxi/+0+WMW/+nyxyz+0+ePWfxnyB+z+H8tf8ziP2P+mMV/pvwxi//M+WMW/1nyxyz+X88fs/jPmj9m8f9G/pjFf7b8MYv/N/PHLP7fyh+z+M+eP2bxnyN/zOI/Z/6YxX+u/DGL/7fzxyz+c+ePWfznyR+z+M+bP2bx/07+mMV/vvwxi/9388cs/vPnj1n8F8gfs/gvmD9m8V8of8zi/738MYv/wvljFv9F8scs/ovmj1n8F8sfs/gvnj9m8V8if8zi//38MYv/D/LHLP5L5o9Z/JfKH7P4/zB/zOL/o/wxi//S+WMW/2Xyxyz+y+aPWfx/nD9m8V8uf8ziv3z+mMX/J/ljFv8V8scs/ivmj1n8V8ofs/ivnD9m8V8lf8ziv2r+mMV/tfwxi/9P88cs/qvnj1n818gfs/ivmT9m8V8rf8ziv3b+mMV/nfwxi/+6+WMW//Xyxyz+6+ePWfw3yB+z+P8sf8zi//P8MYv/hvljFv+N8scs/hvnj1n8N8kfs/j/In/M4v/L/DGL/6b5Yxb/zfLHLP6b549Z/LfIH7P4b5k/ZvH/Vf6YxX+r/DGL/6/zxyz+W+ePWfx/kz9m8d8mf8ziv23+mMV/u/wxi//2+WMW/9/mj1n8f5c/ZvHfIX/M4v/7/DGL/x/yxyz+O+aPWfx3yh+z+P8xf8ziv3P+mMV/l/wxi/+u+WMW/z/lj1n8/5w/ZvHfLX/M4v+X/DGL/+75Yxb/PfLHLP575o9Z/P+aP2bx3yt/zOK/d/6YxX+f/DGL/775Yxb//fLHLP77549Z/A/IH7P4H5g/ZvE/KH/M4n9w/pjF/5D8MYv/ofljFv/D8scs/ofnj1n8j8gfs/gfmT9m8T8qf8zif3T+mMX/mPwxi/+x+WMW/+Pyxyz+x+ePWfxPyB+z+J+YP2bxPyl/zOJ/cv6Yxf+U/DGL/6n5Yxb/0/LHLP6n549Z/M/IH7P4n5k/ZvE/K3/M4n92/pjF/5z8MYv/ufljFv/z8scs/ufnj1n8L8gfs/hfmD9m8b8of8zif3H+mMX/kvwxi/+l+WMW/8vyxyz+l+ePWfyvyB+z+F+ZP2bxvyr/d7fliE8s/lfnj1n8r8kfs/hfmz9m8b8uf8zif33+mMX/hvwxi/+N+WMW/5vyxyz+N+ePWfxvyR+z+N+aP2bxvy1/zOJ/e/6Yxf+O/DGL/535Yxb/u/LHLP53549Z/O/JH7P435s/ZvG/L3/M4n9//pjF/4H8MYv/g/ljFv+H8scs/g/nj1n8H8kfs/g/mj9m8X8sf8zi/3j+mMX/ifwxi/+T+WMW/6fyxyz+T+ePWfyfyR+z+D+bP2bxfy5/zOL/fP6Yxf+F/DGL/4v5Yxb/l/LHLP4v549Z/F/JH7P4v5o/ZvF/LX/M4v96/pjF/438MYv/m/ljFv+38scs/m/nj0n83/k0/3/M4j8of8ziP0r+mMV/1Pwxi//g/DGL/5D8MYv/aPljFv/R88cs/mPkj1n8x8wfs/iPlT9m8R87f8ziP07+mMV/3Pwxi/94+WMW//Hzxyz+E+SPWfwnzB+z+E+UP2bxnzh/zOI/Sf6Yxf9D+WMW/w/nj1n8P5I/ZvGfNH/M4v/R/DGL/2T5Yxb/j+WPWfw/nj9m8Z88f8zi/4n8MYv/J/PHLP5T5I9Z/D+VP2bx/3T+mMX/M/ljFv8p88cs/p/NH7P4fy5/zOL/+fwxi/9U+WMW/y/kj1n8v5g/ZvH/Uv6Yxf/L+WMW/6/kj1n8v5o/ZvGfOn/M4j9N/pjFf9r8MYv/dPljFv/p88cs/jPkj1n8v5Y/ZvGfMX/M4j9T/pjFf+b8MYv/LPljFv+v549Z/GfNH7P4fyN/zOI/W/6Yxf+b+WMW/2/lj1n8Z88fs/jPkT9m8Z8zf8ziP1f+mMX/2/ljFv+588cs/vPkj1n8580fs/h/J3/M4j9f/pjF/7v5Yxb/+fPHLP4L5I9Z/BfMH7P4L5Q/ZvH/Xv6YxX/h/DGL/yL5YxL/eo8k/qMs1vaPWfwXzx+z+C+RP2bx/37+mMX/B/ljFv8l88cs/kvlj1n8f5g/ZvH/Uf6YxX/p/DGL/zL5Yxb/ZfPHLP4/zh+z+C+XP2bxXz5/zOL/k/wxi/8K+WMW/xXzxyz+K+WPWfxXzh+z+K+SP2bxXzV/zOK/Wv6Yxf+n+WMW/9Xzxyz+a+SPWfzXzB+z+K+VP2bxXzt/zOK/Tv6YxX/d/DGL/3r5Yxb/9fPHLP4b5I9Z/H+WP2bx/3n+mMV/w/wxi/9G+WMW/43zxyz+m+SPWfx/kT9m8f9l/pjFf9P8MYv/ZvljFv/N88cs/lvkj1n8t8wfs/j/Kn/M4r9V/pjF/9f5Yxb/rfPHLP6/yR+z+G+TP2bx3zZ/zOK/Xf6YxX/7/DGL/2/zxyz+v8sfs/jvkD9m8f99/pjF/w/5Yxb/HfPHLP475Y9Z/P+YP2bx3zl/zOK/S/6YxX/X/DGL/5/yxyz+f84fs/jvlj9m8f9L/pjFf/f8MYv/HvljFv8988cs/n/NH7P475U/ZvHfO3/M4r9P/pjFf9/8MYv/fvljFv/988cs/gfkj1n8D8wfs/gflD9m8T84f8zif0j+mMX/0Pwxi/9h+WMW/8Pzxyz+R+SPWfyPzB+z+B+VP2bxPzp/zOJ/TP6Yxf/Y/DGL/3H5Yxb/4/PHLP4n5I9Z/E/MH7P4n5Q/ZvE/OX/M4n9K/pjF/9T8MYv/afljFv/T88cs/mfkj1n8z8wfs/iflT9m8T87f8zif07+mMX/3Pwxi/95+WMW//Pzxyz+F+SPWfwvzB+z+F+UP2bxvzh/zOJ/Sf6Yxf/S/DGL/2X5Yxb/y/PHLP5X5I9Z/K/MH7P4X5U/ZvG/On/M4n9N/pjF/9r8MYv/dfljFv/r88cs/jfkj1n8b8wfs/jflD9m8b85f8zif0v+mMX/1vwxi/9t+WMW/9vzxyz+d+SPWfzvzB+z+N+VP2bxvzt/zOJ/T/6Yxf/e/DGL/335Yxb/+/PHLP4P5I9Z/B/MH7P4P5Q/ZvF/OH/M4v9I/pjF/9H8MYv/Y/ljFv/H88cs/k/kj1n8n8wfs/g/lT9m8X86f8zi/0z+mMX/2fwxi/9z+WMW/+fzxyz+L+SPWfxfzB+z+L+UP2bxfzl/zOL/Sv6Yxf/V/DGL/2v5Yxb/1/PHLP5v5I9Z/N/MH3vHf9DAf7z/W/ljlu3/7fwxif+oA/ljFv9B+WMW/1Hyxyz+o+aPWfwH549Z/Ifkj1n8R8sfs/iPnj9m8R8jf8ziP2b+mMV/rPwxi//Y+WMW/3Hyxyz+4+aPWfzHyx+z+I+fP2bxnyB/zOI/Yf6YxX+i/DGL/8T5Yxb/SfLHLP4fyh+z+H84f8zi/5H8MYv/pPljFv+P5o9Z/CfLH7P4fyx/zOL/8fwxi//k+WMW/0/kj1n8P5k/ZvGfIn/M4v+p/DGL/6fzxyz+n8kfs/hPmT9m8f9s/pjF/3P5Yxb/z+ePWfynyh+z+H8hf8zi/8X8MYv/l/LHLP5fzh+z+H8lf8zi/9X8MYv/1PljFv9p8scs/tPmj1n8p8sfs/hPnz9m8Z8hf8zi/7X8MYv/jPljFv+Z8scs/jPnj1n8Z8kfs/h/PX/M4j9r/pjF/xv5Yxb/2fLHLP7fzB+z+H8rf8ziP3v+mMV/jvwxi/+c+WMW/7nyxyz+384fs/jPnT9m8Z8nf8ziP2/+mMX/O/ljFv/58scs/t/NH7P4z58/ZvFfIH/M4r9g/pjFf6H8MYv/9/LHLP4L549Z/BfJH7P4L5o/ZvFfLH/M4r94/pjFf4n8MYv/9/PHLP4/yB+z+C+ZP2bxXyp/zOL/w/wxi/+P8scs/kvnj1n8l8kfs/gvmz9m8f9x/pjFf7n8MYv/8vljFv+f5I9Z/FfIH7P4r5g/ZvFfKX/M4r9y/pjFf5X8MYv/qvljFv/V8scs/j/NH7P4r54/ZvFfI3/M4r9m/pjFf638MYv/2vljFv918scs/uvmj1n818sfs/ivnz9m8d8gf8zi/7P8MYv/z/PHLP4b5o9Z/DfKH7P4b5w/ZvHfJH/M4v+L/DGL/y/zxyz+m+aPWfw3yx+z+G+eP2bx3yJ/zOK/Zf6Yxf9X+WMW/63yxyz+v84fs/hvnT9m8f9N/pjFf5v8MYv/tvljFv/t8scs/tvnj1n8f5s/ZvH/Xf6YxX+H/DGL/+/zxyz+f8gfs/jvmD9m8d8pf8zi/8f8MYv/zvljFv9d8scs/rvmj1n8/5Q/ZvH/c/6YxX+3/DGL/1/yxyz+u+ePWfz3yB+z+O+ZP2bx/2v+mMV/r/wxi//e+WMW/33yxyz+++aPWfz3yx+z+O+fP2bxPyB/zOJ/YP6Yxf+g/DGL/8H5Yxb/Q/LHLP6H5o9Z/A9T+b89/r86p8X/cJX/v57F/4j8MYv/kfljFv+j8scs/kfnj1n8j8kfs/gfmz9m8T8uf8zif3z+mMX/hPwxi/+J+WMW/5Pyxyz+J+ePWfxPyR+z+J+aP2bxPy1/zOJ/ev6Yxf+M/DGL/5n5Yxb/s/LHLP5n549Z/M/JH7P4n5s/ZvE/L3/M4n9+/pjF/4L8MYv/hfljFv+L8scs/hfnj1n8L8kfs/hfmj9m8b8sf8zif3n+mMX/ivwxi/+V+WMW/6vyxyz+V+ePWfyvyR+z+F+bP2bxvy5/zOJ/ff6Yxf+G/DGL/435Yxb/m/LHLP43549Z/G/JH7P435o/ZvG/LX/M4n97/pjF/478MYv/nfljFv+78scs/nfnj1n878kfs/jfmz9m8b8vf8zif3/+mMX/gfwxi/+D+WMW/4fyxyz+D+ePWfwfyR+z+D+aP2bxfyx/zOL/eP6Yxf+J/DGL/5P5Yxb/p/LHLP5P549Z/J/JH7P4P5s/ZvF/Ln/M4v98/pjF/4X8MYv/i/ljFv+X8scs/i/nj1n8X8kfs/i/mj9m8X8tf8zi/3r+mMX/jfwxi/+b+WMW/7fyxyz+b+ePSfwHD+SPWfwH5Y9Z/EfJH7P4j5o/ZvEfnD9m8R+SP2bxHy1/zOI/ev6YxX+M/DGL/5j5Yxb/sfLHLP5j549Z/MfJH7P4j5s/ZvEfL3/M4j9+/pjFf4L8MYv/hPljFv+J8scs/hPnj1n8J8kfs/h/KH/M4v/h/DGL/0fyxyz+k+aPWfw/mj9m8Z8sf8zi/7H8MYv/x/PHLP6T549Z/D+RP2bx/2T+mMV/ivwxi/+n8scs/p/OH7P4fyZ/zOI/Zf6Yxf+z+WMW/8/lj1n8P58/ZvGfKn/M4v+F/DGL/xfzxyz+X8of+8/2H2vE1MFfzh/7z/b/W4O/kj9m8f9q/pjFf+r8MYv/NPlj/8n+Q/4+dfC0+WP/yf7v3v6nyx+z+E+fP2bxnyF/zOL/tfwxi/+M+WMW/5nyxyz+M+ePWfxnyR+z+H89f8ziP2v+mMX/G/ljFv/Z8scs/t/MH7P4fyt/zOI/e/6YxX+O/DGL/5z5Yxb/ufLHLP7fzh+z+M+dP2bxnyd/zOI/b/6Yxf87+WMW//nyxyz+380fs/jPnz9m8V8gf8ziv2D+mMV/ofwxi//38scs/gvnj1n8F8kfs/gvmj9m8V8sf8ziv3j+mMV/ifwxi//388cs/j/IH7P4L5k/ZvFfKn/M4v/D/DGL/4/yxyz+S+ePWfyXyR+z+C+bP2bx/3H+mMV/ufwxi//y+WMW/5/kj1n8V8gfs/ivmD9m8V8pf8ziv3L+mMV/lfwxi/+q+WMW/9Xyxyz+P80fs/ivnj9m8V8jf8ziv2b+mMV/rfwxi//a+WMW/3Xyxyz+6+aPWfzXyx+z+K+fP2bx3yB/zOL/s/wxi//P88cs/hvmj1n8N8ofs/hvnD9m8d8kf8zi/4v8MYv/L/PHLP6b5o9Z/DfLH7P4b54/ZvHfIn/M4r9l/pjF/1f5Yxb/rfLHLP6/zh+z+G+dP2bx/03+mMV/m/wxi/+2+WMW/+3yxyz+2+ePWfx/mz9m8f9d/pjFf4f8MYv/7/PHLP5/yB+z+O+YP2bx3yl/zOL/x/wxi//O+WMW/13yxyz+u+aPWfz/lD9m8f9z/pjFf7f8MYv/X/LHLP67549Z/PfIH7P475k/ZvH/a/6YxX+v/DGL/975Yxb/ffLHLP77Sv1H/yfXW/z3k/r/syz+++ePWfwPyB+z+B+YP2bxPyh/zOJ/cP6Yxf+Q/DGL/6H5Yxb/w/LHLP6H549Z/I/IH7P4H5k/ZvE/Kn/M4n90/pjF/5j8MYv/sfljFv/j8scs/sfnj1n8T8gfs/ifmD9m8T8pf8zif3L+mMX/lPwxi/+p+WMW/9Pyxyz+p+ePWfzPyB+z+J+ZP2bxPyt/zOJ/dv6Yxf+c/DGL/7n5Yxb/8/LHLP7n549Z/C/IH7P4X5g/ZvG/KH/M4n9x/pjF/5L8MYv/pfljFv/L8scs/pfnj1n8r8gfs/hfmT9m8b8qf8zif3X+mMX/mvwxi/+1Q+/rth/USv37ZvG/ru0fs/hfnz9m8b8hf8zif2P+mMX/pvwxi//N+WMW/1vyxyz+t+aPWfxvyx+z+N+eP2bxvyN/zOJ/Z/6Yxf+u/DGL/935Yxb/e/LHLP735o9Z/O/LH7P4358/ZvF/IH/M4v9g/pjF/6H8MYv/w/ljFv9H8scs/o/mj1n8H8sfs/g/nj9m8X8if8zi/2T+mMX/qfwxi//T+WMW/2fyxyz+z+aPWfyfyx+z+D+fP2bxfyF/zOL/Yv6Yxf+l/DGL/8v5Yxb/V/LHLP6v5o9Z/F/LH7P4v54/ZvF/I3/M4v9m/pjF/638MYv/2/ljEv8hA/ljFv9B+WMW/1Hyxyz+o+aPWfwH549Z/Ifkj1n8R8sfs/iPnj9m8R8jf8ziP2b+mMV/rPwxi//Y+WMW/3Hyxyz+4+aPWfzHyx+z+I+fP2bxnyB/zOI/Yf6YxX+i/DGL/8T5Yxb/SfLHLP4fyh+z+H84f8zi/5H8MYv/pPljFv+P5o9Z/CfLH7P4fyx/zOL/8fwxi//k+WMW/0/kj1n8P5k/ZvGfIn/M4v+p/DGL/6fzxyz+n8kfs/hPmT9m8f9s/pjF/3P5Yxb/z+ePWfynyh+z+H8hf8zi/8X8MYv/l/LHLP5fzh+z+H8lf8zi/9X8MYv/1PljFv9p8scs/tPmj1n8p8sfs/hPnz9m8Z8hf8zi/7X8MYv/jPljFv+Z8scs/jPnj1n8Z8kfs/h/PX/M4j9r/pjF/xv5Yxb/2fLHLP7fzB+z+H8rf8ziP3v+mMV/jvwxi/+c+WMW/7nyxyz+384fs/jPnT9m8Z8nf8ziP2/+mMX/O/ljFv/58scs/t/NH7P4z58/ZvFfIH/M4r9g/pjFf6H8MYv/9/LHLP4L549Z/BfJH7P4L5o/ZvFfLH/M4r94/pjFf4n8MYv/9/PHLP4/yB+z+C+ZP2bxXyp/zOL/w/wxi/+P8scs/kvnj1n8l8kfs/gvmz9m8f9x/pjFf7n8MYv/8vljFv+f5I9Z/FfIH7P4r5g/ZvFfKX/M4r9y/pjFf5X8MYv/qvljFv/V8scs/j/NH7P4r54/ZvFfI3/M4r9m/pjFf638MYv/2vljFv918scs/uvmj1n818sfs/ivnz9m8d8gf8zi/7P8MYv/z/PHLP4b5o9Z/DfKH7P4b5w/ZvHfJH/M4v+L/DGL/y/zxyz+m+aPWfw3yx+z+G+eP2bx3yJ/zOK/Zf6Yxf9X+WMW/63yxyz+v84fs/hvnT9m8f9N/pjFf5v8MYv/tvljFv/t8scs/tvnj1n8f5s/ZvH/Xf6YxX+H/DGL/+/zxyz+f8gfs/jvmD9m8d8pf8zi/8f8MYv/zvljFv9d8scs/rvmj1n8/5Q/ZvH/c/6YxX+3/DGL/1/yxyz+u+ePWfz3yB+z+O+ZP2bx/2v+mMV/r/wxi//e+WMW/33yxyz+++aPWfz3yx+z+O+fP2bxPyB/zOJ/YP6Yxf+g/DGL/8H5Yxb/Q/LHLP6H5o9Z/A/LH7P4H54/ZvE/In/M4n9k/pjF/6j8MYv/0fljFv9j8scs/sfmj1n8j8sfs/gfnz9m8T8hf8zif2L+mMX/pPwxi//J+WMW/1Pyxyz+p+aPWfxPyx+z+J+eP2bxPyN/zOJ/Zv6Yxf+s/DGL/9n5Yxb/c/LHLP7n5o9Z/M/LH7P4n58/ZvG/IH/M4n9h/pjF/6L8MYv/xfljFv9L8scs/pfmj1n8L8sfs/hfnj9m8b8if8zif2X+mMX/qvwxi//V+WMW/2vyxyz+1+aPWfyvyx+z+F+fP2bxvyF/zOJ/Y/6Yxf+m/DGL/835Yxb/W/LHLP635o9Z/G/LH7P4354/ZvG/I3/M4n9n/pjF/678MYv/3fljFv978scs/vfmj1n878sfs/jfnz9m8X8gf8zi/2D+mMX/ofwxi//D+WMW/0fyxyz+j+aPWfwfyx+z+D8+0AOAsvg/ET9m8X8yf8zi/1T+mMX/6fwxi/8z+WMW/2fzxyz+z+WPWfyfzx+z+L+QP2bxfzF/zOL/Uv6Yxf/l/DGL/yv5Yxb/V/PHLP6v5Y9Z/F/PH7P4v5E/ZvF/M3/M4v9W/pjF/+38MYn/aAP5Yxb/QfljFv9R8scs/qPmj1n8B+ePWfyH5I9Z/EfLH7P4j54/ZvEfI3/M4j9m/pjFf6z8MYv/2PljFv9x8scs/uPmj1n8x8sfs/iPnz9m8Z8gf8ziP2H+mMV/ovwxi//E+WMW/0nyxyz+H8ofs/h/OH/M4v+R/DGL/6T5Yxb/j+aPWfwnyx+z+H8sf8zi//H8MYv/5PljFv9P5I9Z/D+ZP2bxnyJ/zOL/qfwxi/+n88cs/p/JH7P4T5k/ZvH/bP6Yxf9z+WMW/8/nj1n8p8ofs/h/IX/M4v/F/DGL/5fyxyz+X84fs/h/JX/M4v/V/DGL/9T5Yxb/afLHLP7T5o9Z/KfLH7P4T58/ZvGfIX/M4v+1/DGL/4z5Yxb/mfLHLP4z549Z/GfJH7P4fz1/zOI/a/6Yxf8b+WMW/9nyxyz+38wfs/h/K3/M4j97/pjFf478MYv/nPljFv+58scs/t/OH7P4z50/ZvGfJ3/M4j9v/pjF/zv5Yxb/+fLHLP7fzR+z+M+fP2bxXyB/zOK/YP6YxX+h/DGL//fyxyz+C+ePWfwXyR+z+C+aP2bxXyx/zOK/eP6YxX+J/DGL//fzxyz+P8gfs/gvmT9m8V8qf8zi/8P8MYv/j/LHLP5L549Z/JfJH7P4L5s/ZvH/cf6YxX+5/DGL//L5Yxb/n+SPWfxXyB+z+K+YP2bxXyl/zOK/cv6YxX+V/DGL/6r5Yxb/1fLHLP4/zR+z+K+eP2bxXyN/zOK/Zv6YxX+t/DGL/9r5Yxb/dfLHLP7r5o9Z/NfLH7P4r58/ZvHfIH/M4v+z/DGL/8/zxyz+G+aPWfw3yh+z+G+cP2bx3yR/zOL/i/wxi/8v88cs/pvmj1n8N8sfs/hvnj9m8d8if8ziv2X+mMX/V/ljFv+t8scs/r/OH7P4b50/ZvH/Tf6YxX+b/DGL/7b5Yxb/7fLHLP7b549Z/H+bP2bx/13+mMV/h/wxi//v88cs/n/IH7P475g/ZvHfKX/M4v/H/DGL/875Yxb/XfLHLP675o9Z/P+UP2bx/3P+mMV/t/wxi/9f8scs/rvnj1n898gfs/jvmT9m8f9r/pjFf6/8MYv/3vljFv998scs/vvmj1n898sfs/jvnz9m8T8gf8zif2D+mMX/oPwxi//B+WMW/0Pyxyz+h+aPWfwPyx+z+B+eP2bxPyJ/zOJ/ZP6Yxf+o/DGL/9H5Yxb/Y/LHLP7H5o9Z/I/LH7P4H58/ZvE/IX/M4n9i/pjF/6T8MYv/yfljFv9T8scs/qfmj1n8T8sfs/ifnj9m8T8jf8zif2b+mMX/rPwxi//Z+WMW/3Pyxyz+5+aPWfzPyx+z+J+fP2bxvyB/zOJ/Yf6Yxf+i/DGL/8X5Yxb/S/LHLP6X5o9Z/C/LH7P4X54/ZvG/In/M4n9l/pjF/6r8MYv/1fljFv9r8scs/tfmj1n8r8sfs/hfnz9m8b8hf8zif2P+mMX/pvwxi//N+WMW/1vyxyz+t+aPWfxvyx+z+N+eP2bxvyN/zOJ/Z/6Yxf+u/DGL/935Yxb/e/LHLP735o9Z/O/LH7P4358/ZvF/IH/M4v9g/pjF/6H8MYv/w/ljFv9H8scs/o/mj1n8H8sfs/g/nj9m8X8if8zi/2T+mMX/qfwxi//T+WMW/2fyxyz+z+aPWfyfyx+z+D+fP2bxfyF/zOL/Yv6Yxf+l/DGL/8v5Yxb/V/LHLP6v5o9Z/F/LH7P4v54/ZvF/I3/M4v9m/pjF/638MYv/2/ljEv/RB/LHLP6D8scs/qPkj1n8R80fs/gPzh+z+A/JH7P4j5Y/ZvEfPX/M4j9G/pjFf8z8MYv/WPljFv+x88cs/uPkj1n8x80fs/iPlz9m8R8/f8ziP0H+mMV/wvwxi/9E+WMW/4nzxyz+k+SPWfw/lD9m8f9w/pjF/yP5Yxb/SfPHLP4fzR+z+E+WP2bx/1j+mMX/4/ljFv/J88cs/p/IH7P4fzJ/zOI/Rf6Yxf9T+WMW/0/nj1n8P5M/ZvGfMn/M4v/Z/DGL/+fyxyz+n88fs/hPlT9m8f9C/pjF/4v5Yxb/L+WPWfy/nD9m8f9K/pjF/6v5Yxb/qfPHLP7T5I9Z/KfNH7P4T5c/ZvGfPn/M4j9D/pjF/2v5Yxb/GfPHLP4z5Y9Z/GfOH7P4z5I/ZvH/ev6YxX/W/DGL/zfyxyz+s+WPWfy/mT9m8f9W/pjFf/b8MYv/HPljFv8588cs/nPlj1n8v50/ZvGfO3/M4j9P/pjFf978MYv/d/LHLP7z5Y9Z/L+bP2bxnz9/zOK/QP6YxX/B/DGL/0L5Yxb/7+WPWfwXzh+z+C+SP2bxXzR/zOK/WP6YxX/x/DGL/xL5Yxb/7+ePWfx/kD9m8V8yf8ziv1T+mMX/h/ljFv8f5Y9Z/JfOH7P4L5M/ZvFfNn/M4v/j/DGL/3L5Yxb/5fPHLP4/yR+z+K+QP2bxXzF/zOK/Uv6YxX/l/DGL/yr5Yxb/VfPHLP6r5Y9Z/H+aP2bxXz1/zOK/Rv6YxX/N/DGL/1r5Yxb/tfPHLP7r5I9Z/NfNH7P4r5c/ZvFfP3/M4r9B/pjF/2f5Yxb/n+ePWfw3zB+z+G+UP2bx3zh/zOK/Sf6Yxf8X+WMW/1/mj1n8N80fs/hvlj9m8d88f8ziv0X+mMV/y/wxi/+v8scs/lvlj1n8f50/ZvHfOn/M4v+b/DGL/zb5Yxb/bfPHLP7b5Y9Z/LfPH7P4/zZ/zOL/u/wxi/8O+WMW/9/nj1n8/5A/ZvHfMX/M4r9T/pjF/4/5Yxb/nfPHLP675I9Z/HfNH7P4/yl/zOL/5/wxi/9u+WMW/7/kj1n8d88fs/jvkT9m8d8zf8zi/9f8MYv/XvljFv+988cs/vvkj1n8980fs/jvlz9m8d8/f8zif0D+mMX/wPwxi/9B+WMW/4Pzxyz+h+SPWfwPzR+z+B+WP2bxPzx/zOJ/RP6Yxf/I/DGL/1H5Yxb/o/PHLP7H5I9Z/I/NH7P4H5c/ZvE/Pn/M4n9C/pjF/8T8MYv/SfljFv+T88cs/qfkj1n8T80fs/iflj9m8T89f8zif0b+mMX/zPwxi/9Z+WMW/7Pzxyz+5+SPWfzPzR+z+J+XP2bxPz9/zOJ/Qf6Yxf/C/DGL/0X5Yxb/i/PHLP6X5I9Z/C/NH7P4X5Y/ZvG/PH/M4n9F/pjF/8r8MYv/VfljFv+r88cs/tfkj1n8r80fs/hflz9m8b8+f8zif0P+mMX/xvwxi/9N+WMW/5vzxyz+t+SPWfxvzR+z+N+WP2bxvz1/zOJ/R/6Yxf/O/DGL/135Yxb/u/PHLP735I9Z/O/NH7P435c/ZvG/P3/M4v9A/pjF/8H8MYv/Q/ljFv+H88cs/o/kj1n8H80fs/g/lj9m8X88f8zi/0T+mMX/yfwxi/9T+WMW/6fzxyz+z+SPWfyfzR+z+D+XP2bxfz5/zOL/Qv6Yxf/F/DGL/0v5Yxb/l/PHLP6v5I9Z/F/NH7P4v5Y/ZvF/PX/M4v9G/pjF/838MYv/W/ljFv+388ck/mMM5I9Z/Aflj1n8R8kfs/iPmj9m8R+cP2bxH5I/ZvEfLX/M4j96/pjFf4z8MYv/mPljFv+x8scs/mPnj1n8x8kfs/iPmz9m8R8vf8ziP37+mMV/gvwxi/+E+WMW/4nE/m9v/t7XWfwnFvu/Xxb/SfLHLP4fyh+z+H84f8zi/5H8MYv/pPljFv+P5o9Z/CfLH7P4fyx/zOL/8fwxi//k+WMW/0/kj1n8P5k/ZvGfIn/M4v+p/DGL/6fzxyz+n8kfs/hPmT9m8f9s/pjF/3P5Yxb/z+ePWfynyh+z+H8hf8zi/8X8MYv/l/LHLP5fzh+z+H8lf8zi/9X8MYv/1PljFv9p8scs/tPmj1n8p8sfs/hPnz9m8Z8hf8zi/7X8MYv/jPljFv+Z8scs/jPnj1n8Z8kfs/h/PX/M4j9r/pjF/xv5Yxb/2fLHLP7fzB+z+H8rf8ziP3v+mMV/jvwxi/+c+WMW/7nyxyz+384fs/jPnT9m8Z8nf8ziP2/+mMX/O/ljFv/58scs/t/NH7P4z58/ZvFfIH/M4r9g/pjFf6H8MYv/9/LHLP4L549Z/BfJH7P4L5o/ZvFfLH/M4r94/pjFf4n8MYv/9/PHLP4/yB+z+C+ZP2bxXyp/zOL/w/wxi/+P8scs/kvnj1n8l8kfs/gvmz9m8f9x/pjFf7n8MYv/8vljFv+f5I9Z/FfIH7P4r5g/ZvFfKX/M4r9y/pjFf5X8MYv/qvljFv/V8scs/j/NH7P4r54/ZvFfI3/M4r9m/pjFf638MYv/2vljFv918scs/uvmj1n818sfs/ivnz9m8d8gf8zi/7P8MYv/z/PHLP4b5o9Z/DfKH7P4b5w/ZvHfJH/M4v+L/DGL/y/zxyz+m+aPWfw3yx+z+G+eP2bx3yJ/zOK/Zf6Yxf9X+WMW/63yxyz+v84fs/hvnT9m8f9N/pjFf5v8MYv/tvljFv/t8scs/tvnj1n8f5s/ZvH/Xf6YxX+H/DGL/+/zxyz+f8gfs/jvmD9m8d8pf8zi/8f8MYv/zvljFv9d8scs/rvmj1n8/5Q/ZvH/c/6YxX+3/DGL/1/yxyz+u+ePWfz3yB+z+O+ZP2bx/2v+mMV/r/wxi//e+WMW/33yxyz+++aPWfz3yx+z+O+fP2bxPyB/zOJ/YP6Yxf+g/DGL/8H5Yxb/Q/LHLP6H5o9Z/A/LH7P4H54/ZvE/In/M4n9k/pjF/6j8MYv/0fljFv9j8scs/sfmj1n8j8sfs/gfnz9m8T8hf8zif2L+mMX/pPwxi//J+WMW/1Pyxyz+p+aPWfxPyx+z+J+eP2bxPyN/zOJ/Zv6Yxf+s/DGL/9n5Yxb/c/LHLP7n5o9Z/M/LH7P4n58/ZvG/IH/M4n9h/pjF/6L8MYv/xfljFv9L8scs/pfmj1n8L8sfs/hfnj9m8b8if8zif2X+mMX/qvwxi//V+WMW/2vyxyz+1+aPWfyvyx+z+F+fP2bxvyF/zOJ/Y/6Yxf+m/DGL/835Yxb/W/LHLP635o9Z/G/LH7P4354/ZvG/I3/M4n9n/pjF/678MYv/3fljFv978scs/vfmj1n878sfs/jfnz9m8X8gf8zi/2D+mMX/ofwxi//D+WMW/0fyxyz+j+aPWfwfyx+z+D+eP2bxfyJ/zOL/ZP6Yxf+p/DGL/9P5Yxb/Z/LHLP7P5o9Z/J/LH7P4P58/ZvF/IX/M4v9i/pjF/6X8MYv/y/ljFv9X8scs/q/mj1n8X8sfs/i/nj9m8X8jf8zi/2b+mMX/rfwxi//b+WMS/zEH8scs/oPyxyz+o+SPWfxHzR+z+A/OH7P4D8kfs/iPlj9m8R89f8ziP0b+mMV/zPwxi/9Y+WMW/7Hzxyz+4+SPWfzHzR+z+I+XP2bxHz9/zOI/Qf6YxX/C/DGL/0T5Yxb/ifPHLP6T5I9Z/D+UP2bx/3D+mMX/I/ljFv9J88cs/h/NH7P4T5Y/ZvH/WP6Yxf/j+WMW/8nzxyz+n8gfs/h/Mn/M4j9F/pjF/1P5Yxb/T+ePWfw/kz9m8Z8yf8zi/9n8MYv/5/LHLP6fzx+z+E+VP2bx/0L+mMX/i/ljFv8v5Y9Z/L+cP2bx/0r+mMX/q/ljFv+p88cs/tPkj1n8p80fs/hPlz9m8Z8+f8ziP0P+mMX/a/ljFv8Z88cs/jPlj1n8Z84fs/jPkj9m8f96/pjFf9b8MYv/N/LHLP6z5Y9Z/L+ZP2bx/1b+mMV/9vwxi/8c+WMW/znzxyz+c+WPWfy/nT9m8Z87f8ziP0/+mMV/3vwxi/938scs/vPlj1n8v5s/ZvGfP3/M4r9A/pjFf8H8MYv/QvljFv/v5Y9Z/BfOH7P4L5I/ZvFfNH/M4r9Y/pjFf/H8MYv/EvljFv/v549Z/H+QP2bxXzJ/zOK/VP6Yxf+H+WMW/x/lj1n8l84fs/gvkz9m8V82f8zi/+P8MYv/cvljFv/l88cs/j/JH7P4r5A/ZvFfMX/M4r9S/pjFf+X8MYv/KvljFv9V88cs/qvlj1n8f5o/ZvFfPX/M4r9G/pjFf838MYv/WvljFv+188cs/uvkj1n8180fs/ivlz9m8V8/f8ziv0H+mMX/Z/ljFv+f549Z/DfMH7P4b5Q/ZvHfOH/M4r9J/pjF/xf5Yxb/X+aPWfw3zR+z+G+WP2bx3zx/zOK/Rf6YxX/L/DGL/6/yxyz+W+WPWfx/nT9m8d86f8zi/5v8MYv/NvljFv9t88cs/tvlj1n8t88fs/j/Nn/M4v+7/DGL/w75Yxb/3+ePWfz/kD9m8d8xf8ziv1P+mMX/j/ljFv+d88cs/rvkj1n8d80fs/j/KX/M4v/n/DGL/275Yxb/v+SPWfx3zx+z+O+RP2bx3zN/zOL/1/wxi/9e+WMW/73zxyz+++SPWfz3zR+z+O+XP2bx3z9/zOJ/QP6Yxf/A/DGL/0H5Yxb/g/PHLP6H5I9Z/A/NH7P4H5Y/ZvE/PH/M4n9E/pjF/8j8MYv/UfljFv+j88cs/sfkj1n8j80fs/gflz9m8T8+f8zif0L+mMX/xPwxi/9J+WMW/5Pzxyz+p+SPWfxPzR+z+J+WP2bxPz1/zOJ/Rv6Yxf/M/DGL/1n5Yxb/s/PHLP7n5I9Z/M/NH7P4n5c/ZvE/P3/M4n9B/pjF/8L8MYv/RfljFv+L88cs/pfkj1n8L80fs/hflj9m8b88f8zif0X+mMX/yvwxi/9V+WMW/6vzxyz+1+SPWfyvzR+z+F+XP2bxvz5/zOJ/Q/6Yxf/G/DGL/035Yxb/m/PHLP635I9Z/G/NH7P435Y/ZvG/PX/M4n9H/pjF/878MYv/XfljFv+788cs/vfkj1n8780fs/jflz9m8b8/f8zi/0D+mMX/wfwxi/9D+WMW/4fzxyz+j+SPWfwfzR+z+D+WP2bxfzx/zOL/RP6Yxf/J/DGL/1P5Yxb/p/PHLP7P5I9Z/J/NH7P4P5c/ZvF/Pn/M4v9C/pjF/8X8MYv/S/ljFv+X88cs/q/kj1n8X80fs/i/lj9m8X89f8zi/0b+mMX/zfwxi/9b+WMW/7fzxyT+Yw3kj1n8B+WPWfxHyR+z+I+aP2bxH5w/ZvEfkj9m8R8tf8ziP3r+mMV/jPwxi/+Y+WMW/7Hyxyz+Y+ePWfzHyR+z+I+bP2bxHy9/zOI/fv6YxX+C/DGL/4T5Yxb/ifLHLP4T549Z/CfJH7P4fyh/zOL/4fwxi/9H8scs/pPmj1n8P5o/ZvGfLH/M4v+x/DGL/8fzxyz+k+ePWfw/kT9m8f9k/pjFf4r8MYv/p/LHLP6fzh+z+H8mf8ziP2X+mMX/s/ljFv/P5Y9Z/D+fP2bxnyp/zOL/hfwxi/8X88cs/l/KH7P4fzl/zOL/lfwxi/9X88cs/lPnj1n8p8kfs/hPmz9m8Z8uf8ziP33+mMV/hvwxi//X8scs/jPmj1n8Z8ofs/jPnD9m8Z8lf8zi//X8MYv/rPljFv9v5I9Z/GfLH7P4fzN/zOL/rfwxi//s+WMW/znyxyz+c+aPWfznyh+z+H87f8ziP3f+mMV/nvwxi/+8+WMW/+/kj1n858sfs/h/N3/M4j9//pjFf4H8MYv/gvljFv+F8scs/t/LH7P4L5w/ZvFfJH/M4r9o/pjFf7H8MYv/4vljFv8l8scs/t/PH7P4/yB/zOK/ZP6YxX+p/DGL/w/zxyz+P8ofs/gvnT9m8V8mf8ziv2z+mMX/x/ljFv/l8scs/svnj1n8f5I/ZvFfIX/M4r9i/pjFf6X8MYv/yvljFv9V8scs/qvmj1n8V8sfs/j/NH/M4r96/pjFf438MYv/mvljFv+18scs/mvnj1n818kfs/ivmz9m8V8vf8ziv37+mMV/g/wxi//P8scs/j/PH7P4b5g/ZvHfSOY/+r84n8V/Y5n/v5rFf5P8MYv/L/LHLP6/zB+z+G+aP2bx3yx/zOK/ef6YxX+L/DGL/5b5Yxb/X+WPWfy3yh+z+P86f8ziv3X+mMX/N/ljFv9t8scs/tvmj1n8t8sfs/hvnz9m8f9t/pjF/3f5Yxb/HfLHLP6/zx+z+P8hf8ziv2P+mMV/p/wxi/8f88cs/jvnj1n8d8kfs/jvmj9m8f9T/pjF/8/5Yxb/3fLHLP5/yR+z+O+eP2bx3yN/zOK/Z/6Yxf+v+WMW/73yxyz+e+ePWfz3yR+z+O+bP2bx3y9/zOK/f/6Yxf+A/DGL/4H5Yxb/g/LHLP4H549Z/A/JH7P4H5o/ZvE/LH/M4n94/pjF/4j8MYv/kfljFv+j8scs/kfnj1n8j8kfs/gfmz9m8T8uf8zif3z+mMX/hPwxi/+J+WMW/5Pyxyz+J+ePWfxPyR+z+J+aP2bxPy1/zOJ/ev6Yxf+M/DGL/5n5Yxb/s/LHLP5n549Z/M/JH7P4n5s/ZvE/L3/M4n9+/pjF/4L8MYv/hfljFv+L8scs/hfnj1n8L8kfs/hfmj9m8b8sf8zif3n+mMX/ivwxi/+V+WMW/6vyxyz+V+ePWfyvyR+z+F+bP2bxvy5/zOJ/ff6Yxf+G/DGL/435Yxb/m/LHLP43549Z/G/JH7P435o/ZvG/LX/M4n97/pjF/478MYv/nfljFv+78scs/nfnj1n878kfs/jfmz9m8b8vf8zif3/+mMX/gfwxi/+D+WMW/4fyxyz+D+ePWfwfyR+z+D+aP2bxfyx/zOL/eP6Yxf+J/DGL/5P5Yxb/p/LHLP5P549Z/J/JH7P4P5s/ZvF/Ln/M4v98/pjF/4X8MYv/i/ljFv+X8scs/i/nj1n8X8kfs/i/mj9m8X8tf8zi/3r+mMX/jfwxi/+b+WMW/7fyxyz+b+ePSfzHHsgfs/gPyh+z+I+SP2bxHzV/zOI/OH/M4j8kf8ziP1r+mMV/9Pwxi/8Y+WMW/zHzxyz+Y+WPWfzHzh+z+I+TP2bxHzd/zOI/Xv6YxX/8/DGL/wT5Yxb/CfPHLP4T5Y9Z/CfOH7P4T5I/ZvH/UP6Yxf/D+WMW/4/kj1n8J80fs/h/NH/M4j9Z/pjF/2P5Yxb/j+ePWfwnzx+z+H8if8zi/8n8MYv/FPljFv9P5Y9Z/D+dP2bx/0z+mMV/yvwxi/9n88cs/p/LH7P4fz5/zOI/Vf6Yxf8L+WMW/y/mj1n8v5Q/ZvH/cv6Yxf8r+WMW/6/mj1n8p84fs/hPkz9m8Z82f8ziP13+mMV/+vwxi/8M+WMW/6/lj1n8Z8wfs/jPlD9m8Z85f8ziP0v+mMX/6/ljFv9Z88cs/t/IH7P4z5Y/ZvH/Zv6Yxf9b+WMW/9nzxyz+c+SPWfznzB+z+M+VP2bx/3b+mMV/7vwxi/88+WMW/3nzxyz+38kfs/jPlz9m8f9u/pjFf/78MYv/AvljFv8F88cs/gvlj1n8v5c/ZvFfOH/M4r9I/pjFf9H8MYv/YvljFv/F88cs/kvkj1n8v58/ZvH/Qf6YxX/J/DGL/1L5Yxb/H+aPWfx/lD9m8V86f8ziv0z+mMV/2fwxi/+P88cs/svlj1n8l88fs/j/JH/M4r9C/pjFf8X8MYv/SvljFv+V88cs/qvkj1n8V80fs/ivlj9m8f9p/pjFf/X8MYv/GvljFv8188cs/mvlj1n8184fs/ivkz9m8V83f8ziv17+mMV//fwxi/8G+WMW/5/lj1n8f54/ZvHfMH/M4r9R/pjFf+P8MYv/JvljFv9f5I9Z/H+ZP2bx3zR/zOK/Wf6YxX/z/DGL/xb5Yxb/LfPHLP6/yh+z+G+VP2bx/3X+mMV/6/wxi/9v8scs/tvkj1n8t80fs/hvlz9m8d8+f8zi/9v8MYv/7/LHLP475I9Z/H+fP2bx/0P+mMV/x/wxi/9O+WMW/z/mj1n8d84fs/jvkj9m8d81f8zi/6f8MYv/n/PHLP675Y9Z/P+SP2bx3z1/zOK/R/6YxX/P/DGL/1/zxyz+e+WPWfz3zh+z+O+TP2bx3zd/zOK/X/6YxX///DGL/wH5Yxb/A/PHLP4H5Y9Z/A/OH7P4H5I/ZvE/NH/M4n9Y/pjF//D8MYv/EfljFv8j88cs/kflj1n8j84fs/gfkz9m8T82f8zif1z+mMX/+Pwxi/8J+WMW/xPzxyz+J+WPWfxPzh+z+J+SP2bxPzV/zOJ/Wv6Yxf/0/DGL/xn5Yxb/M/PHLP5n5Y9Z/M/OH7P4n5M/ZvE/N3/M4n9e/pjF//z8MYv/BfljFv8L88cs/hflj1n8L84fs/hfkj9m8b80f8zif1n+mMX/8vwxi/8V+WMW/yvzxyz+V+WPWfyvzh+z+F+TP2bxvzZ/zOJ/Xf6Yxf/6/DGL/w35Yxb/G/PHLP435Y9Z/G/OH7P435I/ZvG/NX/M4n9b/pjF//b8MYv/HfljFv8788cs/nflj1n8784fs/jfkz9m8b83f8zif1/+mMX//vwxi/8D+WMW/wfzxyz+D+WPWfwfzh+z+D+SP2bxfzR/zOL/WP6Yxf/x/DGL/xP5Yxb/J/PHLP5P5Y9Z/J/OH7P4P5M/ZvF/Nn/M4v9c/pjF//n8MYv/C/ljFv8X88cs/i/lj1n8X84fs/i/kj9m8X81f8zi/1r+mMX/9fwxi/8b+WMW/zfzxyz+b+WPWfzfzh+T+I8zkD9m8R+UP2bxHyV/zOI/av6YxX9w/pjFf0j+mMV/tPwxi//o+WMW/zHyxyz+Y+aPWfzHyh+z+I+dP2bxHyd/zOI/bv6YxX+8/DGL//j5Yxb/CfLHLP4T5o9Z/CfKH7P4T5w/ZvGfJH/M4v+h/DGL/4ff0/+tt99++//Nqv07ZvH/SNs/ZvGfNH/M4v/R/DGL/2T5Yxb/j+WPWfw/nj9m8Z88f8zi/4n8MYv/J/PHLP5T5I9Z/D+VP2bx/3T+mMX/M/ljFv8p88cs/p/NH7P4fy5/zOL/+fwxi/9U+WMW/y/kj1n8v5g/ZvH/Uv6Yxf/L+WMW/6/kj1n8v5o/ZvGfOn/M4j9N/pjFf9r8MYv/dPljFv/p88cs/jPkj1n8v5Y/ZvGfMX/M4j9T/pjFf+b8MYv/LPljFv+v549Z/GfNH7P4fyN/zOI/W/6Yxf+b+WMW/2/lj1n8Z88fs/jPkT9m8Z8zf8ziP1f+mMX/2/ljFv+588cs/vPkj1n8580fs/h/J3/M4j9f/pjF/7v5Yxb/+fPHLP4L5I9Z/BfMH7P4L5Q/ZvH/Xv6YxX/h/DGL/yL5Yxb/RfPHLP6L5Y9Z/BfPH7P4L5E/ZvH/fv6Yxf8H+WMW/yXzxyz+S+WPWfx/mD9m8f9R/pjFf+n8MYv/MvljFv9l88cs/j/OH7P4L5c/ZvFfPn/M4v+T/DGL/wr5Yxb/FfPHLP4r5Y9Z/FfOH7P4r5I/ZvFfNX/M4r9a/pjF/6f5Yxb/1fPHLP5r5I9Z/NfMH7P4r5U/ZvFfO3/M4r9O/pjFf938MYv/evljFv/188cs/hvkj1n8f5Y/ZvH/ef6YxX/D/DGL/0b5Yxb/jfPHLP6b5I9Z/H+RP2bx/2X+mMV/0/wxi/9m+WMW/83zxyz+W+SPWfy3zB+z+P8qf8ziv1X+mMX/1/ljFv+t88cs/r/JH7P4b5M/ZvHfNn/M4r9d/pjFf/v8MYv/b/PHLP6/yx+z+O+QP2bx/33+mMX/D/ljFv8d88cs/jvlj1n8/5g/ZvHfOX/M4r9L/pjFf9f8MYv/n/LHLP5/zh+z+O+WP2bx/0v+mMV/9/wxi/8e+WMW/z3zxyz+f80fs/jvlT9m8d87f8ziv0/+mMV/3/wxi/9++WMW//3zxyz+B+SPWfwPzB+z+B+UP2bxPzh/zOJ/SP6Yxf/Q/DGL/2H5Yxb/w/PHLP5H5I9Z/I/MH7P4H5U/ZvE/On/M4n9M/pjF/9j8MYv/cfljFv/j88cs/ifkj1n8T8wfs/iflD9m8T85f8zif0r+mMX/1Pwxi/9p+WMW/9Pzxyz+Z+SPWfzPzB+z+J+VP2bxPzt/zOJ/Tv6Yxf/c/DGL/3n5Yxb/8/PHLP4X5I9Z/C/MH7P4X5Q/ZvG/OH/M4n9J/pjF/9L8MYv/ZfljFv/L88cs/lfkj1n8r8wfs/hflT9m8b86f8zif03+mMX/2vwxi/91+WMW/+vzxyz+N+SPWfxvzB+z+N+UP2bxvzl/zOJ/S/6Yxf/W/DGL/235Yxb/2/PHLP535I9Z/O/MH7P435U/ZvG/O3/M4n9P/pjF/978MYv/ffljFv/788cs/g/kj1n8H8x/aINGHgOL/0P5Yxb/h/PHLP6P5I9Z/B/NH7P4P5Y/ZvF/PH/M4v9E/pjF/8n8MYv/U/ljFv+n88cs/s/kj1n8n80fs/g/lz9m8X8+f8zi/0L+mMX/xfwxi/9L+WMW/5fzxyz+r+SPWfxfzR+z+L+WP2bxfz1/zOL/Rv6Yxf/N/DGL/1v5Yxb/t/PHJP7jDuSPWfwH5Y9Z/EfJH7P4j5o/ZvEfnD9m8R+SP2bxHy1/zOI/ev6YxX+M/DGL/5j5Yxb/sfLHLP5j549Z/MfJH7P4j5s/ZvEfL3/M4j9+/pjFf4L8MYv/hPljFv+J8scs/hPnj1n8J8kfs/h/KH/M4v/h/DGL/0fyxyz+k+aPWfw/mj9m8Z8sf8zi/7H8MYv/x/PHLP6T549Z/D+RP2bx/2T+mMV/ivwxi/+n8scs/p/OH7P4fyZ/zOI/Zf6Yxf+z+WMW/8/lj1n8P58/ZvGfKn/M4v+F/DGL/xfzxyz+X8ofs/h/OX/M4v+V/DGL/1fzxyz+U+ePWfynyR+z+E+bP2bxny5/zOI/ff6YxX+G/DGL/9fyxyz+M+aPWfxnyh+z+M+cP2bxnyV/zOL/9fwxi/+s+WMW/2/kj1n8Z8sfs/h/M3/M4v+t/DGL/+z5Yxb/OfLHLP5z5o9Z/OfKH7P4fzt/zOI/d/6YxX+e/DGL/7z5Yxb/7+SPWfznyx+z+H83f8ziP3/+mMV/gfwxi/+C+WMW/4Xyxyz+38sfs/gvnD9m8V8kf8ziv2j+mMV/sfwxi//i+WMW/yXyxyz+388fs/j/IH/M4r9k/pjFf6n8MYv/D/PHLP4/yh+z+C+dP2bxXyZ/zOK/bP6Yxf/H+WMW/+Xyxyz+y+ePWfx/kj9m8V8hf8ziv2L+mMV/pfwxi//K+WMW/1Xyxyz+q+aPWfxXyx+z+P80f8ziv3r+mMV/jfwxi/+a+WMW/7Xyxyz+a+ePWfzXyR+z+K+bP2bxXy9/zOK/fv6YxX+D/DGL/8/yxyz+P88fs/hvmD9m8d8of8ziv3H+mMV/k/wxi/8v8scs/r/MH7P4b5o/ZvHfLH/M4r95/pjFf4v8MYv/lvljFv9f5Y9Z/LfKH7P4/zp/zOK/df6Yxf83+WMW/23yxyz+2+aPWfy3yx+z+G+fP2bx/23+mMX/d/ljFv8d8scs/r/PH7P4/yF/zOK/Y/6YxX+n/DGL/x/zxyz+O+ePWfx3yR+z+O+aP2bx/1P+mMX/z/ljFv/d8scs/n/JH7P4754/ZvHfI3/M4r9n/pjF/6/5Yxb/vfLHLP57549Z/PfJH7P475s/ZvHfL3/M4r9//pjF/4D8MYv/gfljFv+D8scs/gfnj1n8D8kfs/gfmj9m8T8sf8zif3j+mMX/iPwxi/+R+WMW/6Pyxyz+R+ePWfyPyR+z+B+bP2bxPy5/zOJ/fP6Yxf+E/DGL/4n5Yxb/k/LHLP4n549Z/E/JH7P4n5o/ZvE/LX/M4n96/pjF/4z8MYv/mfljFv+z8scs/mfnj1n8z8kfs/ifmz9m8T8vf8zif37+mMX/gvwxi/+F+WMW/4vyxyz+F+ePWfwvyR+z+F+aP2bxvyx/zOJ/ef6Yxf+K/DGL/5X5Yxb/q/LHLP5X549Z/K/JH7P4X5s/ZvG/Ln/M4n99/pjF/4b8MYv/jfljFv+b8scs/jfnj1n8b8kfs/jfmj9m8b8tf8zif3v+mMX/jvwxi/+d+WMW/7vyxyz+d+ePWfzvyR+z+N+bP2bxvy9/zOJ/f/6Yxf+B/DGL/4P5Yxb/h/LHLP4P549Z/B/JH7P4P5o/ZvF/LH/M4v94/pjF/4n8MYv/k/ljFv+n8scs/k/nj1n8n8kfs/g/mz9m8X8uf8zi/3z+mMX/hfwxi/+L+WMW/5fyxyz+L+ePWfxfyR+z+L+aP2bxfy1/zOL/ev6Yxf+N/DGL/5v5Yxb/t/LHLP5v549J/McbyB+z+A/KH7P4j5I/ZvEfNX/M4j84f8ziPyR/zOI/Wv6YxX/0/DGL/xj5Yxb/MfPHLP5j5Y9Z/MfOH7P4j5M/ZvEfN3/M4j9e/pjFf/z8MYv/BPljFv8J88cs/hPlj1n8J84fs/hPkj9m8f9Q/pjF/8P5Yxb/j+SPWfwnzR+z+H80f8ziP1n+mMX/Y/ljFv+P549Z/CfPH7P4fyJ/zOL/yfwxi/8U+WMW/0/lj1n8P50/ZvH/TP6YxX/K/DGL/2fzxyz+n8sfs/h/Pn/M4j9V/pjF/wv5Yxb/L+aPWfy/lD9m8f9y/pjF/yv5Yxb/r+aPWfynzh+z+E+TP2bxnzZ/zOI/Xf6YxX/6/DGL/wz5Yxb/r+WPWfxnzB+z+M+UP2bxnzl/zOI/S/6Yxf/r+WMW/1nzxyz+38gfs/jPlj9m8f9m/pjF/1v5Yxb/2fPHLP5z5I9Z/OfMH7P4z5U/ZvH/dv6YxX/u/DGL/zz5Yxb/efPHLP7fyR+z+M+XP2bx/27+mMV//vwxi/8C+WMW/wXzxyz+C+WPWfy/lz9m8V84f8ziv0j+mMV/0fwxi/9i+WMW/8Xzxyz+S+SPWfy/nz9m8f9B/pjFf8n8MYv/UvljFv8f5o9Z/H+UP2bxXzp/zOK/TP6YxX/Z/DGL/4/zxyz+y+WPWfyXzx+z+P8kf8ziv0L+mMV/xfwxi/9K+WMW/5Xzxyz+q+SPWfxXzR+z+K+WP2bx/2n+mMV/9fwxi/8a+WMW/zXzxyz+a+WPWfzXzh+z+K+TP2bxXzd/zOK/Xv6YxX/9/DGL/wb5Yxb/n+WPWfx/nj9m8d8wf8ziv1H+mMV/4/wxi/8m+WMW/1/kj1n8f5k/ZvHfNH/M4r9Z/pjFf/P8MYv/FvljFv8t88cs/r/KH7P4b5U/ZvH/df6YxX/r/DGL/2/yxyz+2+SPWfy3zR+z+G+XP2bx3z5/zOL/2/wxi//v8scs/jvkj1n8f58/ZvH/Q/6YxX/H/DGL/075Yxb/P+aPWfx3zh+z+O+SP2bx3zV/zOL/p/wxi/+f88cs/rvlj1n8/5I/ZvHfPX/M4r9H/pjFf8/8MYv/X/PHLP575Y9Z/PfOH7P475M/ZvHfN3/M4r9f/pjFf//8MYv/AfljFv8D88cs/gflj1n8D84fs/gfkj9m8T80f8zif1j+mMX/8Pwxi/8R+WMW/yPzxyz+R+WPWfyPzh+z+B+TP2bxPzZ/zOJ/XP6Yxf/4/DGL/wn5Yxb/E/PHLP4n5Y9Z/E/OH7P4n5I/ZvE/NX/M4n9a/pjF/3Sx/5D3uc7if4bY//2y+J+ZP2bxPyt/zOJ/dv6Yxf+c/DGL/7n5Yxb/8/LHLP7n549Z/C/IH7P4X5g/ZvG/KH/M4n9x/pjF/5L8MYv/pfljFv/L8scs/pfnj1n8r8gfs/hfmT9m8b8qf8zif3X+mMX/mvwxi/+1+WMW/+vyxyz+1+ePWfxvyB+z+N+YP2bxvyl/zOJ/c/6Yxf+W/DGL/635Yxb/2/LHLP63549Z/O/IH7P435k/ZvG/K3/M4n93/pjF/578MYv/vfljFv/78scs/vfnj1n8H8gfs/g/mD9m8X8of8zi/3D+mMX/kfwxi/+j+WMW/8fyxyz+j+ePWfyfyB+z+D+ZP2bxfyp/zOL/dP6Yxf+Z/DGL/7P5Yxb/5/LHLP7P549Z/F/IH7P4v5g/ZvF/KX/M4v9y/pjF/5X8MYv/q/ljFv/X8scs/q/nj1n838gfs/i/mT9m8X8rf8zi/3b+mMR//IH8MYv/oPwxi/8o+WMW/1Hzxyz+g/PHLP5D8scs/qPlj1n8R88fs/iPkT9m8R8zf8ziP1b+mMV/7Pwxi/84+WMW/3Hzxyz+4+WPWfzHzx+z+E+QP2bxnzB/zOI/Uf6YxX/i/DGL///HHj1lgWIYUAB8bV9jfcS2bdu2bdu2bdu2bdu2bSf/OXcFuTNbmOH9Ry3/I/iPWv5H9B+1/I/kP2r5H9l/1PI/iv+o5X9U/1HL/2j+o5b/0f1HLf9j+I9a/sf0H7X8j+U/avkf23/U8j+O/6jlf1z/Ucv/eP6jlv/x/Uct/xP4j1r+J/QftfxP5D9q+Z/Yf9TyP4n/qOV/Uv9Ry/9k/qOW/8n9Ry3/U/iPWv6n9B+1/E/lP2r5n9p/1PI/jf+o5X9a/1HL/3T+o5b/6f1HLf8z+I9a/mf0H7X8z+Q/avmf2X/U8j+L/6jlf1b/Ucv/bP6jlv/Z/Uct/3P4j1r+5/QftfzP5T9q+Z/bf9TyP4//qOV/Xv9Ry/98/qOW//n9Ry3/C/iPWv4X9B+1/C/kP2r5X9h/1PK/iP+o5X9R/1HL/2L+o5b/xf1HLf9L+I9a/pf0H7X8L+U/avlf2n/U8r+M/6jlf1n/Ucv/cv6jlv/l/Uct/yv4j1r+V/Qftfyv5D9q+V/Zf9Tyv4r/qOV/Vf9Ry/9q/qOW/9X9Ry3/a/iPWv7X9B+1/K/lP2r5X9t/1PK/jv+o5X9d/1HL/3r+o5b/9f1HLf8b+I9a/jf0H7X8b+Q/avnf2H/U8r+J/6jlf1P/Ucv/Zv6jlv/N/Uct/1v4j1r+t/Qftfxv5T9q+d/af9Tyv43/qOV/W/9Ry/92/qOW/+39Ry3/O/iPWv539B+1/O/kP2r539l/1PK/i/+o5X9X/1HL/27+o5b/3f1HLf97+I9a/vf0H7X87+U/avnf23/U8r+P/6jlf1//Ucv/fv6jlv/9/Uct/wf4j1r+D/Qftfwf5D9q+T/Yf9Tyf4j/qOX/UP9Ry/9h/qOW/8P9Ry3/R/iPWv6P9B+1/B/lP2r5P9p/1PJ/jP+o5f9Y/1HL/3H+o5b/4/1HLf8n+I9a/k/0H7X8n+Q/avk/2X/U8n+K/6jl/1T/Ucv/af6jlv/T/Uct/2f4j1r+z/Qftfyf5T9q+T/bf9Tyf47/qOX/XP9Ry/95/qOW//P9Ry3/F/iPWv4v9B+1/F/kP2r5v9h/1PJ/if+o5f9S/1HL/2X+o5b/y/1HLf9X+I9a/q/0H7X8X+U/avm/2n/U8n+N/6jl/1r/Ucv/df6jlv/r/Uct/zf4j1r+b/Qftfzf5D9q+b/Zf9Tyf4v/qOX/Vv9Ry/9t/qOW/9v9Ry3/d/iPWv7v9B+1/N/lP2r5v9t/1PJ/j/+o5f9e/1HL/33+o5b/+/1HLf8P+I9a/h/0H7X8P+Q/avl/2H/U8v+I/6jl/1H/Ucv/Y/6jlv/H/Uct/0/4j1r+n/Qftfw/5T9q+X/af9Ty/4z/qOX/Wf9Ry/9z/qOW/+f9Ry3/L/iPWv5f9B+1/L/kP2r5f9l/1PL/iv+o5f9V/1HL/2v+o5b/1/1HLf9v+I9a/t/0H7X8v+U/avl/23/U8v+O/6jl/13/Ucv/e/6jlv/3/Uct/x/4j1r+P/Qftfx/5D9q+f/Yf9Ty/4n/qOX/U/9Ry/9n/v9p4ICi/8/9Ry3/X/iPWv6/9B+1/H/lP2r5/9p/1PL/jf+o5f9b/1HL/3f+o5b/7/1HLf8/+I9a/n/0H7X8/+Q/avn/2X/U8v+L/6jl/1f/Ucv/b/6jlv/f/Uct/3/4j1r+//Qftfz/5T8q+R9ugP+o5f8//qOW///6j1r+/+c/avkf6D9q+f+//6jlfxD/Ucv/oP6jlv/B/Ect/4P7j1r+h/AftfwP6T9q+R/Kf9TyP7T/qOV/GP9Ry/+w/qN/3T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/s3e3sXmVhR/HT9d2T3/27+YcXkMGg003cWVrVyaDzYf6WDBVx2LABLKFlVEpzD0EN1CrQYnBGCYjQUTdpm4CiTHjxTABYSVRiVPROBENcQjqIqaGiYxoXGrutndp77XNetXr2ot9Pi/a+5zyO92WfHdO2ZoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQ0uZtt9ywtqOjbZMXXnjhxcCLU/07E5Daa9Gf6h8JAAAAAAAAAAAAAAAwkhzfTnSqf44AAAAAAHC6aWl9V3d11ZBT1YMP5vy8rfd906tXXr/n+cdXlt/3f/jyYS45YfBBT09Pz0vNXTP7DycVRVH6bNP7jydXjkvX7+y6fHvfUSh++2xz67btzQd3fuXrD8+dOn1Obe/Z2mLNde0dbUsmFEWori22lg4aqooiTKwttpcOGksHk2qL+0sHS3sPphQHSgcXXruhY13pxAmfGk47La2fLaqHFFsM+d1gcP+dXZt2ld+Pcsny1WqK/v7rmn+4t+JjZSP0X75+qKrsf8w/QWBEY+v/9oXl96Nc8oT7/6PtdauG+9jI/ZevHyboH9IZ5vl/SKO9z/t79s8Y4fl/7jCXHNj/9C8ru0r93/TLF+r7T9WczPN/6fP1HYXqyv4nDHn+Lz3H15Sf/ycVRagd5y8HnFZaWj/XPdr9v7L7of3XnFWxqRrc/9FVe6pL/R++64H395+qPan+B64faka5/1d95sDQHyswNi2tu3sq7v9j6L9YMMwlB/qfv/vYVaX+z9h5ZN+gj42l/9rK/hdvufETizdvu6W+/ca169vWt93U2NjQtHRZU+NFyxf3PhL0vR3nrwqcHsZ3/y+mVmyqiqJtYL/ow8teKvV/8Nx//K3/1OQx9j9x1Pv/c+7/MKzzJxQTJxZb127Zsqmh7235sLHvbd9/Nkz/J379P2L/88r/H7D8dXfpC/KB/W/e+dWPlPq/d9KqB/pPTRxj/5NG67/ztc8LRBjn/X9dxWZI/+2vfmddqf8/vXL8UP+psX79P3nU/ne5/8N4tLRW/IWf/7FS/6v/dXi4Pyc4CWGKP/+DdHL0v3XaL74Ztw5T9Q/p5Oh/6ea2yL9sG/5P/5BOjv5/taPqSNw6nKF/SCdH/1/rfnBj3DpM0z+kk6P//bMfeSpuHf5f/5BOjv6Pr59+Vdw61Okf0snR/2Vf2rs6bh2m6x/SydF/1SvTnohbhxn6h3Ry9F9fdfan4tbhdfqHdHL0f13nwy/GrcNM/UM6Ofr//M5fR36fTni9/iGdHP0/9cetO+LWYZb+IZ0c/b8wq70+bh3O1D+kk6P/+2944pG4dXiD/iGdHP0//a0PHotbh6B/SCdH/9949siauHWYrX9IJ0f/+xYe+0PcOpylf0gnR////ujVH4hbhzfqH9LJ0X/Yv/y7cetwtv4hnRz9X/HkXQ1x6zBH/5BOjv47V9x2Z9w6nKN/SCdH/03NC2fHrcO5+od0cvQ/489/vztuHebqH9LJ0f/H7ntv5b/7fZLCefqHdHL0f/OG1Y/GrcP5+od0cvS/ckbPBXHrME//kE6O/g8fve9HceswX/+QTo7+775zyRVx6/Am/UM6Ofr/wa3ndcetw5v1D+nk6P/l2jtujVuHBfqHdHL0/+Wf1SyLW4eF+od0cvT/44e+vytuHd6if0gnR/8vvu+xc+LW4QL9Qzo5+t998awvxq3DW/UP6eTo/93PbFwftw6L9A/p5Oh/8t7fH41bh3r9Qzo5+p+/6uCH4tbhQv1DOjn637Boze/i1mGx/iGdHP0/c+DpQ3HrsET/kE6O/nc89unmuHVo0D+kk6P/xy/r+E/cOjTqH9LJ0f8/m37y8bh1WKp/SCdH/2ce+vYX4tahSf+QTo7+r35w8sy4dbhI/5BOjv43XjP7e3HrsEz/kE6O/i+Z+9ClcevwNv1DOjn6f89fV9wctw4X6x/SydF/3T33PBe3Dsv1D+nk6H/etbdfE7cOl+gf0snR//Vz6p+MW4dL9Q/p5Oj/juMtC+LWYYX+IZ0c/Xfd9vy+uHVYqX9IJ0f/3Z98uS5uHd6uf0gnR/97p1x5b9w6vEP/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8lx04EAAAAAAA8n9thKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqirswIEMAAAAgDB/6zzaDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADATwEAAP///rjRtw==") r4 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) setsockopt$XDP_UMEM_COMPLETION_RING(r4, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r4, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r4, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000021850000007200000095"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0) openat(r7, &(0x7f00000000c0)='./file0\x00', 0x6a1c2, 0x50) faccessat(r7, &(0x7f0000000000)='./file0\x00', 0x5) bind$xdp(r4, &(0x7f0000000380)={0x2c, 0x0, r6, 0x800000}, 0x10) r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r8, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) 8.979595586s ago: executing program 2 (id=794): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000240)='nilfs2_transaction_transition\x00', r0, 0x0, 0xc0b}, 0x18) syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000400)='./file2\x00', 0x90, &(0x7f0000003280)=ANY=[], 0x4, 0xd9c, &(0x7f0000001dc0)="$eJzs3ctvXNX9APBzx544L35xiPnFTdPYJaW4j9gkWKW7GildoEqoEn8BSgMNNfQRugAFKWHRbSMh/oAiuu6izyyQIlap2LTqP4BYdZMiJNpGlcCV7XPG429memcc2+PxfD7SnTP3fs+955x53LlzXycBI6ux9ri4OF2l9Patty7emxn/9+qUmVaO2bXH8Ty2lFJqtuZLaTIsb2liPf3sk2uX2tPPc1qlC6lKVWt6evZua94jKaXraTbdTpPpuY9P3nzpg2eW3ztx48TFN+bu7EzrAQBgtNz73rs//fPj3712/D+/ObOUJlrTy/b5Uh4/mrf7l6r18Zy0/gdUbWnVNl4cCPnG89AI+cY65GsvpxnyjXcp/0BYbrNLvoma8sfapnVqNwyzjf/xVWN+03ijMT+//p981YdjB6r5V64sv3B1QBUFtt2nM3kXn8FgGLlh5dig10AA6+Jxw/tcj3sWHkxraeO9lX/36Ubn+WEb7PbnX/nDVf67N6xx2D779dNU2lW+R0fzeDyOMB7m6/f7X5YXj0c0e6xnt+MIw3J8oVs9x3a5HlvVrf7xc7FffSmn5XU4E+Lt35/4ng7Lewx0ds/+f4NhZIeVQa+AgD0rnje3kpV4PK8vxidq4gdr4odq4odr4kdq4jDKfvvqL9PNauN/fvxP3+/+sLKf7aGc/l+f9Yn7I/stP573268HLT+eTwx72ty/Tn/689t/ief/fx7O/z+bf0sn8wqi7C+M+9Vb5/6HC4MbXfI9HKrzUIf8a8+nNuerpjaWk9rWM/fVY3rzfMe65Tu9Od9kyHc4b4scDPWN2yeHw3xl+6OsV8vrNR7a2wztOBDqUd6Z4zk9GNpzvFu7wo7sAyFfMw8nQrumQrseCfP9f2hXNb25XXH/eanPyTA9Hicp+cLbdt/vUnwv4nUZj+b0zZy+k9P3c/pRh3JHUfk8djv/v3w+p1OzeuHK8uUn8nj5nN4Za06sTj+/y/UGHlyv1/9Mp83X/xxtTW822tcLxzamV+3rhckw/UKX6U/m8fJ79sOxQ2vT5y/9ePkH2914GHFXX3v9R88vL1/+mSeeeOJJ68mg10zATlt49eWfLFx97fVzV15+/sXLL15+5fwT3/7Wk089tbiwtlW/0L5tD+wvGz/6g64JAAAAAAAAAAAA0LPqUOfJOa27v225nrxcnx6vj2c4lPetfBrKfQzK9Z/d7utSrt88vgt1ZPvtxuVEg24j0Nk/3P/XYBjZYWXFXfyBvWHQ/f+V+x6W9Oi5vx1fHUq2u09vXl/G+xfCg9jr/c8pf3/1/9fq/6rn9V/oMWtya+X+7t6hv7YVm071Wn5sf7kP7FR/5f8+l19a81jqrfyVX4Xy441Ke/SHUP7hHsu/r/2nt1b+H3P55WWbO9tr+es1rhqb6xH3G5f7AMb9xsWfQvvLvf36bv8WO2q7lcuHUTYs/Uz2a1j6/+ymLLesB/PquXWcrtx/O/Z30G/9y32/y+/AI2H5Vc3vm/4/h1td/5/l87eg/0/Ydz50/M9gGNlhZWVloF2fjGq/K3vFoF//QW9DDrr8Qb/+dWL/n/H/Uuz/M8Zj/58xHvv/jPHYv1aMx/4/4+sZ+/+M8ZNhubF/0Oma+Bdq4qdq4l+siZ+uiV/59f+Oz9bMf6YmPlMTf7gm/mhN/GxN/Cs18cdq4o/XxOdq4vvdl3M6qu2HURb7jfT9h9FRjv90+/5P1cSB4RX7dY7f76/WxIHhVc7z8P2GEVR1vmNH3N9e9uO+mdN3cvp+Tj/asQqyG76W06/n9Bs5/WZOz+V0PqcLOdU35HD7xd9PnblZbZzndyzEez2fNF4PEO8Tc77H+sTjc/2ez3qyx3J2qvwtXg4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDQaa4+Li9NVSm/feuviP6e+8/3VKTOtHLNrj+N5bCml1EwpVXl8PCzv+sR6+tkn1y51Sqt0Ye2xjKdn77bmPbI6f5pNt9Nkeu7jkzdf+uCZ5fdO3Dhx8Y25OzvTegAAABgN/w0AAP//Wabmsg==") getsockopt$sock_int(0xffffffffffffffff, 0x1, 0x22, 0x0, &(0x7f0000000600)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000480)=@o_path={&(0x7f0000000340)='./file0\x00', 0x0, 0x4000, r2}, 0x18) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00'}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) capset(&(0x7f0000000000)={0x20071026}, &(0x7f0000000280)) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x54, r5, 0x1, 0x70bd27, 0x0, {}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x2, @loopback}}, {0x14, 0x2, @in={0x2, 0x4, @initdev={0xac, 0x1e, 0x0, 0x0}}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x80) 7.284544065s ago: executing program 1 (id=796): mkdir(&(0x7f0000000440)='./file1\x00', 0x2) mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota') r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000c40), r0) syz_open_dev$sg(0x0, 0x0, 0x8002) syz_open_dev$sg(&(0x7f0000007f00), 0x1, 0x48903) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$vim2m(0x0, 0x52cd, 0x2) socket$inet6_sctp(0xa, 0x1, 0x84) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x3ffa, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='contention_end\x00', 0xffffffffffffffff, 0x0, 0x7fffffc}, 0x18) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000002c0)=ANY=[@ANYBLOB="1800000056000106f50000870000000007"], 0x18}], 0x1}, 0x0) r6 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000480)={0x0, 0x1900, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="790004000000000000007e0000000800570009000000dbb81a0dcc11a9ec92c4959c167d3892a991f6caacc56c11583e9f448ab0f41cee8b851edb4611e2383d983bcac9ef02f5b8a76303a4d836015f41f3e78a7fe4bf6c22b667a7dd1657b24c38e1"], 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x0) r7 = openat$vmci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r7, 0x7a7, &(0x7f0000000040)=0x10000) ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r7, 0x7af, &(0x7f0000000000)={@local, 0x8}) 7.03145526s ago: executing program 4 (id=797): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x1000, 0x8, 0xd, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001100007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='rxrpc_call_complete\x00', r1}, 0x10) r2 = openat2(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)={0x8000}, 0x18) ioctl$BTRFS_IOC_SNAP_DESTROY(r2, 0x5000940f, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000001380), 0x0, 0x0) write$P9_RVERSION(r5, &(0x7f00000001c0)={0x15, 0x65, 0xffff, 0x0, 0x8, '9P2000.L'}, 0x15) r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_ABS_SETUP(r6, 0x401c5504, &(0x7f0000000340)={0x400000100002f}) write$uinput_user_dev(r6, &(0x7f0000000800)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000]}, 0x45c) r7 = socket(0x10, 0x3, 0x0) write(r7, &(0x7f0000000040)="240000001e005f031400ff01000000f80700b3586ff606c2e553797c080008e467dc0000", 0x24) ioctl$int_in(r7, 0x5452, &(0x7f0000000000)=0x7) recvmmsg(r7, &(0x7f0000005180), 0x400000000000166, 0x1a000, 0x0) r8 = openat$null(0xffffffffffffff9c, &(0x7f0000000080), 0x101140, 0x0) setsockopt$MRT6_ADD_MFC_PROXY(r8, 0x29, 0xd2, &(0x7f0000000200)={{0xa, 0x4e21, 0x1, @mcast1}, {0xa, 0x4e24, 0x761, @ipv4={'\x00', '\xff\xff', @private=0xa010100}, 0x1}, 0xffffffffffffffff, {[0x401, 0x5d2, 0x0, 0x800, 0xfffffff7, 0x7, 0x8, 0xc]}}, 0x5c) r9 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) r11 = syz_open_dev$vim2m(&(0x7f0000000140), 0x8, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r11, 0xc0285628, &(0x7f0000000240)={0x1, @win={{}, 0x1, 0x0, 0x0, 0x0, 0x0}}) write$binfmt_script(r10, &(0x7f0000000080), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r10, 0x0) mmap(&(0x7f0000048000/0x1000)=nil, 0x1000, 0x6, 0x31, 0xffffffffffffffff, 0x0) futex(&(0x7f000000cffc)=0x4, 0xb, 0x4, 0x0, &(0x7f0000000500), 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x3, [@var={0x2, 0x0, 0x0, 0x11, 0x3}]}, {0x0, [0x0]}}, 0x0, 0x2b, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0) sendmsg$ETHTOOL_MSG_PAUSE_GET(r4, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000001940)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r9, @ANYBLOB="01dfffffff0000000000210000000c00018008000100", @ANYRES32], 0x20}}, 0x0) 6.860615547s ago: executing program 0 (id=798): r0 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, &(0x7f0000000000)={0x0, 0x0, "ec9fe44d4dbe56a60274fcffffffffffffff14e315eeb406bfdd73835e57efa94b1a0275781c647aa7e3470c6028643b17832b10b386a6f73791011c26a9aa141f406e312295ee620a9a46577b9249b738fe7750bec83bf6ed5b67213fa7d6c0823fd154ed29ede1ff379742c3f0b46caa357d70ee438f901d7645c3f87e4b21482b76f2ad8eaac090272081f98fd2e3e5a63e008104df635e731a5bfcd942f4529517454618de595cd179445b4bdbf698b9986356f0ebf7d25a57774ef474f86a3ad24ae9f0bf94b99e6b87de5f79d383d05bb32701daed400785a49788f08caecc9e0c48a3740bbe6e1c1fd4f6cfdfe756bc00d08e36655c00"}) ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f00000006c0)={0x2, 0x0, 0x5, 0xff81, 0x2000, 0x7c, 0x0}) 6.566952796s ago: executing program 0 (id=799): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() syz_init_net_socket$ax25(0x3, 0x2, 0x7) connect$ax25(r1, 0x0, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0x55779000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r5) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r6, 0x0) r7 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r7, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r8 = accept(r5, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0xc000}, 0x10) recvfrom(r7, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0) 5.888048531s ago: executing program 1 (id=800): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000880)=ANY=[@ANYRES8=0x0, @ANYRESOCT, @ANYBLOB="0ef606bc2c9cfa4a17cd420813b8da8e9371c1108c47d1f2909e3a1a12ed140f6689f4045561e96865e8e8bda0f1baaca098263a01a672ed1f0c2f58683a5998a6821fb20c53b1c5c912f11867ed1aae504fc752e111829f8883595858bfdb8612925afd9e06a456b7598b55fd6333b3cacd0368407938afa58520950a5b6c94b3198847daa72e2e7f677a94a1262751a642ed4831860df90d215bbe8e19ef0e6127eb53596e1ff99b871aa5fe07342cc718aac538c86b992a856b01ec0f8200ccfd253260faeb5d7d53a4d7689bebd18aa62d2df24673433415da3516697db0824fbc6fa90016226fd53fb09fe4a9e2595536730ce6a59f960d6a33954a"], 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) fcntl$getownex(r1, 0x10, 0x0) ioctl$sock_FIOSETOWN(r1, 0x8901, &(0x7f0000000180)) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0xb, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_mount_image$erofs(&(0x7f0000000200), &(0x7f0000000100)='./file0\x00', 0x1000801, &(0x7f0000000140)=ANY=[], 0x2, 0x232, &(0x7f0000000500)="$eJzslbFrFEEUxr+Z3du7BA1YaGFzKQJGMHu7G5U0FrEXhETU8jCTcLrJhcsVSUBIsBHEWvwD7KwtUlnYaWVtoYJgYUobBUdmdvZ2Nrt78bhgk/eDm/vmzbyZN7Nv34IgiFPL1y8/Pz+/ubB8BcAZzKBu7N+dbA635n966dSMfLcx9fjAGmqohgGQMjO6x+zvAXi76AB7ybJSZt6vzb9acxkcM6Z/BxyXjb4LBj+NVWbeAgz3jfnhphycpjthRCzYg268stqJRaCaUDXRaudVLRefiv9wn2HFHFDtwKzxrZ3dR+0Y6CUiFqmoyXSfwlAqkpMBJUM5Mez+dHyLHDesK1DP697TJ/uq7xt7YN1fCI7Q6HkwLBm9gDp832+argit8190s/Wd5LEl7FXHXRSNUSaPL87N5SzTUEJl+HD3iVio055YGH/kkDn1kRdkJqu8XAqOEeGz8U+q4hjdizeLXl5xnYY5qLaIY16Sf9idHbUwOyUuHB68L3p9+29Je/IC5gLtoRfqoj5OxvGtUq/zOct0xSvj4awuCZUpkdQP5gKXrPrkWl+FVn99s7W1szvXWW+viTWxEUXz14OrQXAtaunanLR2uTtS/xq6Pk1a69cqaqXHPGy3+/1euA30e+GgHyWtlUxLb7o/tA/X9Y9j9reU6edFv3jph5Ll92Dmx/W/UrNObgKvCI4gCIIgCIIgCIIgCIIgCKKUX5ZuguHD1KAry3Gj23r4bwAAAP//c8NPrw==") prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x5, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = socket$caif_seqpacket(0x25, 0x5, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0xe40, 0xe54, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/7, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000007c0), 0xffffffffffffffff) sendmsg$IEEE802154_ADD_IFACE(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000400)=ANY=[@ANYBLOB="28000000b426640d6b20b7cb8a85743744e1661add95a7d78792677311006eb39f60da00f239a81e0d5e5b05c3517d36023e70407432cc2525f99fa00e4e982b0a519eeb6e1211f76410cfda34b3de704444ffda5a0980eccf2f8eb4d78247588b7ab457103e67cd", @ANYRES16=r4, @ANYBLOB="01002abd7000ffdbdf25210000000a0001007770616e330000000500200001000000"], 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x1) connect$caif(r3, &(0x7f0000000140), 0x18) r5 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff) keyctl$KEYCTL_MOVE(0x4, r5, r5, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x20) syz_mount_image$udf(&(0x7f0000002480), &(0x7f0000000340)='.\x02\x00', 0x200000, &(0x7f00000001c0)=ANY=[@ANYRESHEX=r0], 0x1, 0x495, &(0x7f0000000a40)="$eJzs29trHGUYx/HfM8luNttqt22aVil0VVCpWHPo0XjRQwwVekjTRqSoEJtNXJoT2VTaIlq88dYbb0REQUGqaEHEG6+0d/4BCoKgF16I4F54AEGQmX1nZ7LZtkn3kGz7/UC7k3eemXkP+8777s67AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0uGnD/X02mrnAgAANNOJ0yM9fYz/AADcVc7w+R8AAOBuYvL0g0yDI0U7HvxdkjqWn7lwcXRwqPphnRYc2RbE+/9SvX39u/fs3bc/fL358fV2n06ePnMoe2R2em4+VyjkxrOjM/lzs+O5ZZ+h1uMr7QwqIDt9/sL4xEQh27erf9Hui5lfO9Z1Zwb2dR/0wtjRwaGh07GY9sRtX32JG83wk/K0TabfH/7MTkjyVHtd3OK902idQSF2BoUYHRwKCjKVH5tZ8HcOhxXhubI6ybCOmtAWNemS/HxZsj6f2RLydFCm7l+KdlJSW1gPjwVfDN/4wPa6XP62+fl8QdKDaoE2W8M65OknmaY3pDS8+s2KJmuXp4sy/TlQtFPB/cDvT/5t89iz2WdmJmZjscPmelSrjw/NtMbvTSl5OhHc8Ys2stqZQdP5k6W3ZdryySvBvELBvHTDwL4nT/XHZxhbb3EeP3aXmz8uZ0xOuNhhGzbz6l8uAAAAAAAAAFKHefpepuLX2SgxY/Jij4xTKj0Yyq5OFgE0inl6R6ZTI8Xga/j4upS22PqeslZ/9tfY/HemjszOXZrPT768UHV/OnXopcLC/Ni56rvV6d9n2+Ipt1rHUqOEeUrK9PxfH1v5uqX7v1sKEOXmo6eiNTOpyusH75t7S+uZwmdIB85ujW9XzfIKno/61zTztCDT4U3b3FqVtJbUmUpxX8j0x/vbXZyX9DMfnjZTOuNEfirX48d+I9MH/4WxwbIorXOxm6PYXj/WZHrr+OLY9S62K4rt82OHZLr+YvXYLVFsvx/7hkxzv2XD2LQfu8PFdkexu87NTo1Xq0pgpfz+/7NM73VlLewb7aX339L+/2o0FlypPNEN+nyt/T8TS7vi+vVZv///vS3oy0H/96r3/zdl+vTL7S6u1PeSbv/G4P+o/z8n0+R3i2PTLnZTFNu77IptEX77b5fp6JZr5bpx7e9aIGq1ePvfX/nuaFD7b4ylZdx1O+pTdEgqXLp8fmxqKjfPRq0brkavrJX8rJGNHWsjG2yscGOVb0xoCn/8/9yfRX31Y3m+48Z/9zElmln981o0/g9UnqhB4/+mWNqAm40k2qXUwvRcYquUKly6/Hh+emwyN5mb2d2zt2fP7gO9B/YnkuHkLtqqua7uRH77fyvTv+uulj/vLp7/VZ//pytP1KD23xxLSy+ar9RcdLj2vyrTA9evlb+XuNn8P/z+59GHSq/l/tmg9u+KpWXcde+pT9EBAAAAAAAAAAAAAAAAoKUlzNOHMh19ot3C35otZ/3fkh+gNWj9V3csbbxJv1eouVIBoAV48vSuTI+oaK/7Ceul4/FX3NH+DwAA///WsSBT") rename(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') truncate(0x0, 0x20fffffffc) symlink(&(0x7f00000005c0)='.\x02\x00', &(0x7f00000000c0)='.\x02\x00') socket$packet(0x11, 0x3, 0x300) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) 5.887633999s ago: executing program 3 (id=801): syz_io_uring_submit(0x0, 0x0, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31}) io_uring_enter(0xffffffffffffffff, 0x7a98, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000100), 0x2, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000000000000000000018008001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f6ffffffb7020000080000007b03000000000000850000001000000095"], &(0x7f0000000000)='GPL\x00', 0xd, 0xfe7, &(0x7f0000001e00)=""/4071, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) munmap(&(0x7f0000002000/0x2000)=nil, 0x2000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x8, 0xf, &(0x7f0000000100)=ANY=[@ANYRES8=r0, @ANYRES32, @ANYBLOB="0000000000200000b706000014000000b703000000060000850000002f000000bf0900000000000055090100000000007b00000000000000bf91000000000000b702000000000000850000000c000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0xa, 0xff9, &(0x7f0000001e40)=""/4089, 0x40f00, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000) prctl$PR_SET_THP_DISABLE(0x44, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000001c0)='rpc_pipefs\x00', 0x186c3, 0x0) mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=f', @ANYRESHEX=r0, @ANYBLOB]) ioctl$VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, &(0x7f00000000c0)={0xf0f041, 0x800}) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xe, 0x8, &(0x7f00000031c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf7cf39e3100c8acaa47684f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d7559f3b14820ed58b15627c95aa0b784625704f07372c29184ff7f4a7c0000070015006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e000000000000041201baa80b0b8ed8fb1ec577c377f627daaf787a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bdeda7be586602d985430cea080000000000fb1a26abfb0767192361448279b05d96a703a660587a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aab926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb155481ef836eb0f8c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaed2b25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec0271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761036eafed1fb2b98b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe514283707c70600000000000000b7561301bb997316db01ee601f2c9659db9bc04f7089a660d8dcc3ae83169cf331efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a515d83129cd857c775f9e7d6101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbe3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562e00e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb2214209ed2d5d776e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b55ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f608ce27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e30400000000000000000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a95d32f46ed9bd1f00fb8191bbab2dc599dda61ee2010000294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bfe2777e808fcba821a00e8c5c39609ff854256cb490000000000c1fee30a3f7a85d1b2b458c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd210819203828b202779d386ed295f023c67d867014d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff00004043060000005dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df40600000000000000e9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f00000000010000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b0600b805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1202000000b59fed817072a0da60160761fd3dffda0f7c742eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7000000000000000542954c167dd9b4acd946ffffffffffffffff1389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c9e281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b630500163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6e452a31bde54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f700400fa0c61d5fe6d8ff353f631080405547d65375ae04f44f0c2543c772c5ccb137be7dc87746e1785a8214454d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b036e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e010000005a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb3985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1428c0805b4031a667e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a9cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab9100781b9912160a3fd2a2e74dd690c57bdfdc1f069f9491bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c1227c8bed10591958c906321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b863af34bac64c247672a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677ec97c5c568a89d6e36b165c39132a0f27080ece2a94c360b002c77f82662675a7713c7067081cac1599a998c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc215a18ca0265400abf38e90000000000000000008faf2cddffbfa66bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942ce18e57bb7f337df5435bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de286553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c03f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c872a4882d21db2046a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265441d513a1294b8439276394945d94a589708e32a1cb30a8b07b391201385e0b92ecbb7b13d7a87284164018ace6ce58a82c5de321452461089cdd69259f5390f5f508646a524490583c30630bedb47e158ad41c0a653e86a4f4f255cd2a6e95f33b586823aef5564d9de1f5bdd8c80e193f0597b8003860302cd243c00bc5a82c52afb115d16258d507937966bb89409d6d47b8b652d0761d7c72875ae1efb9bc7c6807c2d783e31fd9cd7e84d3d50d8fc44ab8ac9ccd2c0d42e3bd4c029241320446bbf47e23d1320de30fbdf7ed13f80c28fb5c13fccc2e3f73509bdcddad8a2fe48cdd61f2f43611704af64eed8b0cbbd08754f93b8f3d6347aad5cde1ccc5cbd5eaa87e52cea257c856a4af5243eeb5e89f0000000000000000f420df5e4c6d856b3d55e455c08110b2ef4255a38f81555e8e1f22d59c0bc3c9013e66a1f5bda1b695e1602c0afb5c35b2f68f3b151b1e869f40ff4d1bef5e926e1ff95f6321131e4cb797f53455a093a95e67605222d6acc29c46e5db1ef3b8b07e2169fb24ced4b3ae87ebeca06df93212e465bbd1a7e41df2e1a0d508f86cfc7a469ac682685c44692877d03c34c23a65d2677acc73b5d276fdebd685c9b7a079eae228d8426188cb19b083548f5f29e493ab079f33d1965dcbb165015c46998ad410d60cc65fcfa73bd65a43fc024455c4bf530d663976cf71490577251780ab6b1cf8d397444b5be575229f687a3d95ea6b2aa62fce8acb3d4a6a130b4fefa55d0c1d6f3fa448ee24e588e2965c9a442f0baf90923dda91a6850fb7b9c7f432b63001423fedcf053fa28024cc9a178a07042dabc07176fc524032c2edb340c9c18a83565c431aeb0c869683507255254430f90f61e4eca9c8fa98c000b35fec357ee1ebd08439bd95c1ab0753dfd2603d1608bd8c589a1e160000a6ee0ad13346e08738c2d7b00b5d121d918f1dc8bceded939fa8605b54b37cdfcea0bf2bc63e655dc04a2e50212ff89d6587d49896ce18916cf3adc12839c345ca91bb232b891fae2fdd68aaa38281c0feb2c107af3e080d6cdd1c6646ec6804d7e9960c02aa0db9eda24bbcb287fd2a890fa7f9d6ae0c0b1f8dd1603c9ea2f66b572276f96a28b5b6dd9f9bf6ad4bdaa2139b90faf1f40b0f141258578bd825daaaf718d21b7ac05fe5d1b699e5422ca341fe1c944f68fe3a6d783dcf30b0e09d7688f696883b61cb64464b04d351a0a69b0733c348049b0430ed40e200f4ff0000000000000000000000996bcc1b721b152c892fab887e7d20466d90c049c0fdf51dcc16d226a2619c6f47bc25b7f5df5c09fed638922ed127ab36aa7b0c58a2ce5894b1b0f5375d340d96b69b966b05daaf585121a9c7605ed8e9964eef1f14b74cbb2ccdadc6d0b77cf0492b75e1cd11bfdcfddde91b20366715ba0cbe1041be2a65c25d7ca15ef8b71bd2ab9a4294899a1964b0152518fc2ac15a728bcb9e2bc4b551dfdf9011a2a607bc39ad2c4d7c64dcf967724e9b63c397d5265ad3f1da4395a5a800d8845257dcbf210d4f00fe0bd3deed05e506736e6bb6d40ee6cb960bcdb33633ee87f82beb665a9a4c2d4d2b06479ade3a4cd6bba765c9f52b52a0bdd0849ab92baae3775570accb5a57ee9f0035fc6d3df4eebec2e7eb4ff863d3979a20f4428ddca471037b49d4fd130743a97faa02c293b721e52bf53d64c6585e138162331ef98792e1e9b21a6a084fb7b42c64062ef1323a8a65a8ed6038f274f28ff4f78136a1ef108efbe8c4f4e347d50dcdbc33bf3ade4c3a39d316061930d7dd39b8acdecc3f27830e3eda40e648328d95a9aee65a9dd09fd4e96d5b852025dc53ec3f30cc753e6a796084b4e34f521dbb230ae0f3b79142073d437e1fd22d3b7503ffa95b1d5c7740b0ecbfd35dc0f8af895583dfcc2689f6e02c2dd4b57f3dcac54f40da013eb221fa3d65de760576031052c25a96ed4b20230b36d46d3d3fd6bb1d77cc8a48a6b10fa0149e55ccde4a2b26cca2d1ca9191c74ab006a602543fc24d1283e353cfb917620000000024bf3eed258c02a591ec4cd295212d9a98d38745f6f6c4530900000000000000f184f239098bf32551c7cf454e2865974f6520112743f73c619c3cab5609e00178f7393e53462f31559220c026bbde09837bf1b3ffe748a3247c9569f0c5e99f4494f93e0fa1badca90c888616eca97bddabd8003fc12a084d4b11d841979e161b998ddda92f194c4ec7947b7b303be11e0962d429a2c542a28c4932e14c123dfe2b8ec47a11cce134fd6e42a9f4e00ab6de6b45"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000440)='io_uring_queue_async_work\x00', r2, 0x0, 0x4}, 0x18) syz_io_uring_setup(0x2bd, &(0x7f0000000540)={0x0, 0x4f5e, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x6, 0x0, 0x0}) 5.688212117s ago: executing program 2 (id=802): r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=ANY=[@ANYBLOB="0a00000016000000b30000007f"], 0x48) socket$inet6(0xa, 0x800000000000002, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x800002, &(0x7f0000000000)={[{@noblock_validity}, {@dioread_nolock}, {@errors_remount}, {@minixdf}, {@jqfmt_vfsv0}, {@usrjquota, 0x2e}], [], 0x22}, 0x84, 0x464, &(0x7f0000000ac0)="$eJzs3EtvG0UcAPD/bpq+S0Ipjz6AQEFEPJImLdADFxBIvSAhwaEcQ5pWpWmDmiDRKqIpQuWI+gmAIxKfgBNcEHACcYU7QqpQLgQOaNHau6lx7GAncZ3g30/aeGZ31jt/7449O2MngJ41lP9JIvZGxM8RMRARffUFhqoPS4vzk38uzk8mkWWv/57ku8Ufi/OTZdGkeNxTZIbTiPTDJA43OO7slasXJqanpy4X+dG5i++Mzl65+sz5ixPnps5NXRo/efLE8bHnnxt/dkPi3JfX9dD7M0cOnnrz5quTp2++9d0XeX33Fttr46gaXPcxh2Jo+TWp9/i6n31z2VeTTrZ1sSK0JW/r+enqr7T/geiL2ydvIF75oKuVAzoqy7Jsx4q1yz2AhQz4H0ui2zUAuqP8oM/vf8vlDnY/uu7Wi9UboDzupWKpbtkWaVGmv+7+diMNRcTphb8+yZdoOA4BALCxvsr7P0836v+lcV9NubuKuaHBiLg7IvZHxD0RcSAi7o2olL0/Ih5o8/hDdfmV/Z8fd60psBbl/b8Xirmtf/f/yt5fDPYVuX2V+PuTs+enp44Vr8lw9O/I82OrHOPrl3/6uNm22v5fviz1x2TZFyzq8du2ugG6MxNzE+uJudat65UxwGsr40+WZwKSiDgYEYfW8Pw7I+L8k58fabZ9RfyL83Xxr2ID5pmyzyKeqJ7/haiLv5SsPj85ujOmp46NllfFSt//cOO1ZsdfV/wbID//uxte/8vxDya187Wz7R/jxi8fNb2n+e/4G1//25M3Kuntxbr3JubmLo9FbE8WVq4fv71vmS/L5/EPH23c/vdH/P1psd/hiMgv4gcj4qGIeLio+yMR8WhEHF0l/m9feuzttcffWXn8Z9o6/+0n+i5882Wz47d2/k9UUsPFmlbe/1qt4HpeOwAAANgq0sp34JN0ZDmdpiMj1e/wH4jd6fTM7NxTZ2fevXSm+l35wehPy5GugZrx0LFibLjMj9flj1fGjbMsy3ZV8iOTM9OdmlMHWrOnSfvP/drX7doBHdfWPFqzX7QBW5Lfa0Lv0v6hd2n/0Lu0f+hdjdr/tYilVXe63rHqAHeQz3/oXdo/9C7tH3qX9g89aT2/618tsf9Ua4XLf0DYoWpsgUTf5qhG24lIN0U11pZIN0c1qokdEdFq4Wt3rKV0+Y0JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/wTAAD//7YA6Ok=") r1 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) getdents64(r1, 0x0, 0x0) getdents64(r1, 0xfffffffffffffffe, 0x29) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000a40), 0x111000, 0x0) r2 = socket$inet(0xa, 0x801, 0x84) connect$inet(r2, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r2, 0x8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r6 = syz_open_procfs(0x0, &(0x7f0000000180)='net/ip_vs\x00') preadv(r6, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0xc002a0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r7 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r0) sendmsg$NL80211_CMD_START_AP(r7, &(0x7f0000000580)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000300)={0x24, r8, 0x4, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_P2P_OPPPS={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x200400c4}, 0x0) accept4(r2, 0x0, 0x0, 0x0) r9 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x68040) ioctl$CEC_ADAP_S_LOG_ADDRS(r9, 0xc05c6104, &(0x7f00000000c0)={"740e00", 0x0, 0x8, 0x2, 0x1000002, 0x0, "00001000429ebdf2e4139d31074000", '\x00', '\x00\x00\x00N', "10004800", ["efa8ffffffff02e33f000201", "01000000000000000000bdff", "345e417e7fffff31fff200"]}) 4.823891771s ago: executing program 4 (id=803): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x14, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) write(0xffffffffffffffff, &(0x7f0000000000)="7ad1c1b5bd2eec291aa47b0f3ce058bba3ba2a9b189166704465fad04bf784bca451374dce157ff5aa0c772bd9a0663d6b524b9052a117af27554d7a50dfab92cbae4509bc866b254a7986bac9e03153fe383fa326da34441cf266dad31e6ae1997a08f1dda548d34326888a8af17b0433eb367ba51254c979bfddec22c85ea6272ad96db83b4fb8e011b478179a15719dfd7695a2fc4692ee0049678e3ad9d8ccae16ac8c3e37a7707c3573be98d18400ce4f88ad0f73828d2a5a969c810715b37402114fa42f21bf18ca4e5d2dfb7bfb6e4efe34bf86d0f031d60757aa18575ff306e1cd1ddb8126aa10284b84f4", 0xef) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x14, 0x2, 0x3, 0x3, 0x0, 0x0, {0x5, 0x0, 0x10}}, 0x14}}, 0x0) getsockopt(0xffffffffffffffff, 0x8, 0x2711, &(0x7f00000002c0)=""/4, &(0x7f0000000000)=0x4) r2 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c) shutdown(r2, 0x1) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r3, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000040)={r4, @in={{0x2, 0x4e20, @empty}}, 0x3b, 0x9, 0x81, 0x4, 0x20, 0x7fffffff, 0xff}, &(0x7f0000000140)=0x9c) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)={0x1c, 0x2, 0x3, 0x401, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) sendmsg$NFQNL_MSG_CONFIG(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$TOKEN_CREATE(0x24, &(0x7f0000000340)={0x0, r1}, 0x8) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x9fd, 0x84, 0x125, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r7}, 0x38) bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000800)={0x0, &(0x7f0000000840)=""/121, &(0x7f0000000680), &(0x7f0000000540), 0x6c, r7}, 0x38) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r8, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) setsockopt$sock_int(r8, 0x1, 0xf, &(0x7f0000000000)=0x8, 0x4) socket$inet6_tcp(0xa, 0x1, 0x0) 4.798216691s ago: executing program 0 (id=804): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000007c0)=ANY=[@ANYRESDEC=0x0, @ANYRES32=0x0, @ANYBLOB="a3da5698878f561c43d74dc20c6bd91dae1dccb8d32a5559fa02438149c6329ede46a20b9dd2c9acb1712b4a7f6df472b180c5fe74f200a05008b14a6d3c66f2edd6ae670d4242cfa785d4e8f255b3dcc2b9ff5b02e7dc668338ba0df9fba9e7856ebc012750e05bd6fbd8ae71149df274976aa218419b4cfb3315b2d98502ea9f1d7b1fa89cda7996fecbb32818ee8b15451c41ed3de29d74e5bc22ef926991c4d710b0dd5a4b48d93399cc9602", @ANYRES8], 0xc4}, 0x1, 0x0, 0x0, 0x88c5}, 0x4008805) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x4000000, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYRES32=r0], 0x80}}, 0x40) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_TYPE(r1, &(0x7f0000000200)={0x0, 0xfffffffffffffc6d, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYRES8], 0x38}, 0x1, 0x0, 0x0, 0x8004}, 0x0) sendmsg$NFT_MSG_GETSET(r1, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000000a0a01010000000000000000070000051c0011800900010068617368000000000c0002800800065e0000003c"], 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x4400) r2 = signalfd(0xffffffffffffffff, &(0x7f0000000140)={[0x2c]}, 0x8) r3 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r3, &(0x7f0000000440)={0x28, 0x0, 0x2710, @host}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000010840)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a030000000000000000000700fffd0900010073797a3100000000ac000000090a010400000000000000000700000008000a400000000008000640000000000900010073797a30000000000800054000000021740011800c000100636f756e74657200640002800c000140fffffffffffffc010c000240000000000000001f0c000240fffffffffffffbff0c00024000000000000000090c00014000000000000000120c00014000000000000000070c00024000000000000000020c0002400000000000000008380000000c0a01010000000000000000070000000900020073797a30000000000900020073797a30000000000c000380080000800400018020000000000a01010000000000000000070000000c0004400000000000000003b0000000000a010400000000000000000a0000010900010073797a30000000000800024000000000080002400000000175000600ea4bc47095703c01277b7d1e38bce7fc12c9d1b752f6f972dfcd16300c852737bf4d0b10c4b801019f600963bafc0519f7449c3898390c2397183aaa960e82b9989d75bbf4a308237796ed6c387b91666d4fd65fd991392fe6bc8488e81fc95a9b20336e441ee67794fe13ba0358a298150000000800024000000000a0000000050a010300000000000000000000000208000540ffffffff0900030073797a3000000000080007006e61740008000a400000000144000480140003007369743000000000000000000000000008000140000000031400030077673200000000000000000000000000080002405b3a871f0800014000000000090001"], 0x105d0}}, 0x0) listen(r3, 0x0) r5 = socket$vsock_stream(0x28, 0x1, 0x0) r6 = fsopen(&(0x7f0000000100)='cifs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000180)='user\x00', &(0x7f00000002c0)='\x00\x00E\x01\x00\x00\f\x01\x00\x00\x00\x00\x00\xc1~\x99l\xb7\xd6\xfc\xebw1hn\x1a\xc5\xef\xec,\xa1\xa0\x12\x1c\x7fn\a\\\xec\xd8\x94oh\x1d\xec\xf5jb\xe5\xb2\xa2e\xfd\x9c\xc4\xd22\x9c\xe97#(/\xb1\xe6\x03\xe1\xaa\x96\x92\x8b4}\xc1L\x1b\x9b\xe6n\x97\xc7\x06\xb2Y\xadQ\xa4c\x1b&\x0e?\xc0\x90\xaf\xb29\xf6>\xe1\xe8}D\f\xc1u\xab]$\x1b\x1bt\xda\x9eA\xd3\x1b\x12A\x82\xd5\xa8@\x1eIw\xb2y2F\xe8\xc7\x03e&\x98\"9\t\xe0\x81Pj\xee&\xae{P\xe8\xceL\xe1\xd1V\xc7\xeaF\xd54\x80\xb6%\xaf\xbbK\x85\x95\xf2\x1bG\xf1\xdaq:\xae\xe22\\~j~\xfe\x83\xbb>\xb0\x9b.\xa4\x95\x0eY\xb8j\xe1M\xf5\xa5\x87`\x04\xab\xf1\xc7[\xda{\r\x95\xa4\xea^\xfc\xa7\x8b\x85\xd1ld\xacK\x8aqd\x1d\xaa\x99\xeb\t|@\xd5p\x1d>+\x0e\xec\xe2\xcd\xdc\x8f\x01\xf7\xabH=z\xa5x\x1b\x9f\x95\xd1\x88k\x85L#\x99^p\x18\x98\xec6\xf69y\x052', 0x0) fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000080)='user\x00', &(0x7f00000000c0)='ocfs2\x00', 0x0) connect$vsock_stream(r5, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10) r7 = accept4(r3, 0x0, 0x0, 0x0) read$alg(r7, &(0x7f0000000340)=""/29, 0x1d) sendmmsg(r5, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000240)="7c220752098d1a03003fb4d50b17b9653538f559e8ca1a63dfa1a8f54135", 0x1e}], 0x1, &(0x7f0000000480)=ANY=[], 0x170}}], 0x1, 0x4804) recvmsg$kcm(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)=""/149, 0x95}], 0x1}, 0x40000097) r8 = syz_io_uring_setup(0x1f4, &(0x7f0000000380)={0x0, 0x364a, 0x0, 0x0, 0xfffffdfe}, &(0x7f0000000040)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r9, r10, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) r11 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r8, 0xf502, 0x0) getsockopt$inet6_tcp_buf(r11, 0x6, 0x1f, 0x0, &(0x7f0000000100)) ioctl$sock_SIOCETHTOOL(r11, 0x8946, &(0x7f0000000340)={'dvmrp1\x00', &(0x7f0000000300)=@ethtool_perm_addr={0x20, 0x3, "f4f7d3"}}) io_uring_enter(r8, 0x3516, 0x0, 0x0, 0x0, 0x0) signalfd(r2, &(0x7f0000002340), 0x8) 4.000634197s ago: executing program 4 (id=805): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002200)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) move_mount(r1, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x226) 3.855995205s ago: executing program 4 (id=806): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x12, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="560a0000000000007111160000000000180000000000000000000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) openat$ocfs2_control(0xffffffffffffff9c, 0x0, 0x1400, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f00000002c0)=@gcm_256={{0x304}, "e9bb07f400", "7d376431316d2e069b245c4113b4a67cde08bf5fa87e53dda73856be09fd4e45", "68faa2b5", "ffffffffffffffff"}, 0x38) sendmsg(r4, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[], 0x20}, 0x8040) r5 = syz_mount_image$btrfs(&(0x7f0000000000), &(0x7f00000015c0)='./bus\x00', 0x0, &(0x7f0000001600), 0x0, 0x559e, &(0x7f0000005680)="$eJzs3X9sVeX9B/BzWwoN+C39jhUYfxAgBoMkyJYtjqB4MQa24eKlgsKcCEQlBivYRDcYqUWSZcaghU4EF5GQaDJjscM/FMywy7CMZfzY5hZjs4JSaZZsAzVrHDG69N77XO49l9tembNOXy/SnvPcz3me+9yT88d9X/qcGwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAURUcSc9+d0f3i0ZE1X77/Hz+e+OjGn4zfvX/roVvu23T/gjMjbto5a1nf+mlN8zdsbDjS/PS+ObdGUSLdL5Htf9u136q/88bbvlsdBly+MLOtrS31lJmuJzON4QUP9vcr/FkRRVFVbIDK7PbV7E5FwQC53cbiAQf0Tuui6O7J8ya1dT01bklyYU/xS6df9VBPYKhkr6ue89dSMv27InZErp136SUKLtFM//gF96m8CADgY5mZSm9yb0ezb3Fz7eZ4PdZOxtotsXZ4h9CS37gYmXGHl5rnpHh9iOaZzESFESXnGatnz3+unYr3j7VjUeNjzLPw0GykqS41z7Wx+lDNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCzZOzxo2tWtD2y575fdtQceff9OVc+8KWOw22LT4y8eunKHWum/HTWsr7105rmb9jYcKT56X1zbo2i2nS/RKZ74kTL5b9NjZ3fvXfcG427n6vpq8yOG7bD8g6OXg87s0ZH0cq8Sk8Y9q81UZQqLKSb0Y7iwl3pnW+HAgAAAJ8nX0n/rsi1M3GwqqCdSKfJRPpfkAmL77Quiu6ePG9SW9dT45YkF/Zc/HipEuMlLzherl17/ieRF4xD/I2Pd74eDm0sGmdg8RHjef7SMWPefmty/eSvT5v7xA3PjOru+r8nZ2xJ/bGu5oUrru+tf/a6ovxfO3D+D2dO/gcAAOA/If/HxxnYYPn/jqVTt7z+i2Grft3a8MTB+h1/bv3OMzsXneq54Ud9L09N3v7o1UX5f1LBUxbl/zDjkP8roovL/wAAAPBZ9t/O/8micQY2WP5vONM3+wcHX6vr+PucxXt+9dAVi8+e/tv8U7t3DV9zR8v6uoeuLMr/M8vL/8Pypx0e/F2Y8OrRUTSz/JMKAAAAFAj/737+o4WQ1zOfHMTz+rX/vKp5380ffPMbD97zpzff/s2xA7MnrdteN/PgyzfVf1j5ve3dRfk/WV7+r/p0Xi4AAABQhuePrpw773jPucfPvtB18vDu3pMznjyzrqnvdOslLatXbTr2WlH+T5WX/0cMzcsBAAAALuDeO59bsfnVl/oe2H/X2Ck9FVc1XpK4ZduOqU0TPuq8tPfy7VuL8v/y8vL/yOw2u/Ih06kz/BVC6+goqu7fWZspHIparskVAAAAgE9IyOlbP1ixbOzOsb3jj59+rObQG4dn/2Vt55yN13RXdW/uXNZ4WdH9AkJiL3X//3Cng7D+v+D+f0Xr//MKmbv+zXZjAAAAAL6Iitfzh9vjZ765oNT375e7/n9J3cQTiba33lv11XMHzo1ZsP/7129aV9/be8+El37/wz9M/6i6KP83l5f/K/O3n+T3/wEAAMBF+F/7/r+lReMMbLD7/zdV9DWsWrd3+uota7csTCw7UH3qwdV731+w5l9Tb36+qea6A0X5v6W8/B+2o/JfXkc4P5tGR9H4/p3s3QR/Hqa7OlZor8orZE58rMeNoUe20D4ir5C2Ntbja6OjaHL/TnOs8P+h0BIrnK3JFnbFCsdCIXs95Ap7YoWOcKVtq8lON154MRSyCyzawwqKUbklEbEe75Xq0V+4YI+u3JMDAAB8oYTwnM2yVYXNKB5l2xODHTBysAMqBjugcrADhsUOiB9Y6vFoeWEhPH575yMbNjVMSb7y8NzHfvbms40T9j1+WV3v5g9f2XbvxJ3TW6YW5f9d5eX/cCqGZzal1v9HYf1/9nsNc+v/l4dCbazQHgqp+B0DUuE5MmH34fActalsj7PjcwUAAAD4XAufC1QO8TwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/s3evcdJVd0JAj/d9INumqaNE9GMk3TUgGakaWwNw+AoaoxGRZpZddxkNBBoEGmE8FgFURtQZxziZ3ztrJnoCAoiu+qHGFeDwUhcxIw6iWLiA/Cxjq7r+h6VGM2E/XTfOkXVrS67EFDa+X7/6DpVv/O89eg69946FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/xjuPfjlk4YunP0PHzace8nqqqmL/kfH6Mv+cNW3vvjUPy5b9G9h/i9GnLll3kEXHjd/wbR/6Vi++ogzQmjtKleWFC977oqvPtS613HP3jFw48wbb63fUpWpNxMP/Tr/lGfuXBxbfbF/CHeXhVCRDgypSwKVmft1sb5960LYI2wLZEu01SYl0g2HB2pCWBK2BbJVra4JoS4ncMqG+++7vDNxTU0IXwkhVKfbeKY6aaMmHRhUlQRq04HpFUngt1sT2cBPypMA7LD4Zsi+6Fe15mdo6L5ckddf5U7r2KcrPbw+MdFQPN/rR+3iTuWoSj/QukNPW0F17BIFb4+13m294N1WsJ2v8LTlfpHKfEPZui1UHcontk0aP6d9dnykPDQ19SlW0y56np9+e/6E7Un3mtdh7EDDTnkdXvrYiun9lo2+9OrNvxqz4ayaA3a0m0/lbNLc9K5WHTKvuV7zPEajfJ70grdfwbekRl+6Qghbzz17xtfnTDz7iD63PLnu1QcfrNty9pwFvzhz4nmLLj55w7/Pf6lg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MvFmfzM0BAACg1+gNe01Xnv/6X73+/bWtMxed/u23Dj73w71afz3i/gFVB7yxrqn1/I2ff6Vg/t9Y2vH/eMi/Lne0a0MY1ZVYNCCEvbseTwIrY3e+OyCEL3elWvMDR6UCa0PYpytxULaqVIm+sURjKvByfSYwKhVYHwOtqcDyGLgiFbg4BlalAhNiYG0qcHQMhCn54/hqfWYcJQdqYmBcshFXxbMQ3qmPraW21aZsVQAAADtJZnZYmX8351yHHc0Qp5eranrKEM/ALpqhOlVDegabnVYVraGipxrKe6ohO+6Ojx5+Qc1lPdVccBpGWX6GG9f85X2LXjzsC2P3mvj5xUMvmPKz8eGst++uerx5yYtv7XvEzesK5v/NHz3/r+6mI2UFx/9DGNv1N+Yuz0Tas/FxrXkZAAAAgB1w0R//xR61Lw85oGHT+2X3zl/7xKMrfrl5j1NOf3/c8a//8PCaxnsL5v+jSjv/P+4T6ZOTOTwSd0NMHRBCc34gqXZkYSA56t0vEwAAAIDeIHs8PnssfErmNjlFOz2fLszfup3544H/Ud3m//09/7P2jq3/+mLZBd89d0TNgKX/9GrHhBNOPvqW47/1zj4VB/yyvGD+31ra+f+1+bdJJ9bHXlw9IIS+OYEHYy87A10aY+D5I/MDmfGvjxtgcawqc2JCtqrFscS4GGhOBZYUK/FotsTe+YHMk5VtfFF2HFMyJXICAAAA8ImLuwPicfl4/n/LGSNO++vvzfrbha88eN7qCy75q+Ed80eedP/THzbMvXJp2PTmEQXz/3Hbd/5/1zy44PT+9n4hDK0IoU/6hwGP1CYLA8ZAXVkmcW9tUlefdFULa0MY2TmwdFUvZNb/r0ivMfh4TVJVDOy93y1vD+pMLKsJYWhu4IlvLz2sMzEnFcg2flpNCF/qHG268bv6Jo1Xphu/tm8IX8wJZKua0DeEzsaq0lX9r+rMdQzSVa2qDmHPnEC2quHVIcwNAPRW8X/pxNwHZ82dN3V8e3vbzF2YiDvxa8KkKe1tTROmt0+sLtKniak+561jtKBwTKVe+mZTZo2ixSsnV5aSzv5QsDm3rcyO/IIzBzP345ehyq5xHlKZd7clPeQD9y9sIuR8lSo25PJdPOTa3Eq2PYkF9cf8VaFf6DtnVtvMpvPGz549c1jyt9TshyR/43GmZFsNS2+r2u76VsLLo+hyWSkfd1sNyq1k6OxpM4bOmjtvyJRp4ye3TW47p+XQP2sZMXz410YM7RxUc/K3h5EO6q7m1Ei3Li1xWDtxpF+oyKnkk/jQkJCQ6G2J/f7L5odH77n+nOt/9tqPz+/3zdPu3fvImT889KqpD1Xve/ji24ccWDD/n/HR8//4qRM/+DPrMxQ7/t8QD/Mnj287zD8uBpaUevy/odjR/OyJAY2pQEcMdDjMDwAAwGdD3B0Z92bGndKbb1m/buOSlrk/aHin5dY17Utvuum+U39y58ATvjQ47LXhuhM+VzD/7yjt9/87af3/7NL1JxRb5v+gWKK52Pr/6WX+s+v/dxRb/z+9zH92/f8ln8L6/3OygdQmecf6/wAAwGfBJ7f+f4/L+6cvEFCQocfl/dMXCCjI0OMy/qVeIGC71/9f8+Bff6Wq35g7/qTlN/WXvPZ39xzWeuS6zTP/5Etb10+877qxt6wpmP9fUdr838L9AAAAsPv4z5ddU3H02Xff0bJu6sZxbw5+98m3lgzq80HF0Q+3j3xh4Bu3nlcw/19S2vz/k1//LxQ7/7+xWKC12MKA1v8DAACglyq2/t89Q1sa/zCm/x+eHvab5Q/ePPqnj/z898v3+/mJPyvfZ8Gxz8+8bFLB/H9VafP/eNpFeV7u2JsP65M17UJ6Tbs367M/GQAAAIDeoTw0NVWWmDdvYdSjPn6bT2eWAv2odK7vvXLt2ZtfmH7c46ev+7uaEwbvOWHaBasa/2b4gXd+ftQley7ddGrB/H9tafP/vN9lXPrYiun9lo2+9MOrN/9qzIazag7YdvwfAAAA2HVK3S8BAAAAAAAAAAAAAAB8+s7tWHzhI8uOfe+bt//F/kcseXXwbXcd+Lsh/V664qoHJq1648zJXy/4/X8Y21Wu2O//43X/4u8L/igvd2y15/X/MvdPOfH2uV1LFj5SH8L+uYGpC6fuETLX5h+cG7jvjIMGdiYWpkusefbolzoT30kHjh/yuS2dicNTgXFxkcR90oF4VcUt/VOBuLzi4+lA3B6r0oGqTOCy/sk4ytLb6pW6ZFuVpbfVxroQBuQEstvq7rqkjbL0AK9JBbID/F46EAd4ciZQnu7V7f2SXsVAXSx6Q7+kVwAA7Lbit8DKMGlKe1tz/Aofb79QkX8b5S1ZtqCw2rISm9+UWZps8crJlaWk+6S/i2671nhlqO4cwrCCr6u5Wcq6Rrlzaulh0/1RkSH3tNpbeZFyadu76aqKj6gmGVHThOntEyt7HHhLz1kOqegxy7CCyU5ulvKuTVpCLSX0pYQRlbhtSuhyvF8empr6pHL9eQw2hDw9vSJK/b1+7jp/xV4FuXluO/TKt758zE+f++CfP/9E/2+cVnP7rO+/e+KvX7//wEOOuG5C05otBfP/htLm/9W549qSuRhAR7yy3sgBIYwrcUQAAADw2XfbRbfecfr09a9MWlvx5GOPTS0fc3rl1vl3zp93ycZ7Fx9/2cErdjR+2Fm//f5vBu//b89e9dJPR+7zwA03/58nD3v8z3//8I8eeqduZZ+x7xXM/xtLm//HPViZQ8HJ3o618fr/iwaE0HVp/YYksDIO97sDQvhyV6o1lkguqH9CLNGcBFbGHSYHxRLjWvOr6hsDq1KBl+szgbWpwPoYyOyluCVkduVcWR/CYV2psfklZsQSDanAmBhoTAWaYqA5FegfA6NSgdf6ZwKtqcDDMRCm5G+rH/fPbCsAAIDtkZlnVebfDel53qqKnjKU9ZShtqcM5T1lqO4pQ7FRxPt3xAyVqZNXynIyVaZrrUnVUpAhXgx/u/tVkCE8mp8zXbCg6Xj+QfZ8g7L8DFf+4NlT1w+e/tDqzcd8beBt/zhkz4Obp9e9t+CGp3475pzrnv/TQQXz/+bS5v+1+bdJ6+vj/H/b9f+SwIOxe1fHU8cbY+D5I/MDmR0D6+Nkd3G2qtZMicykfXEsMSoGGlOBGTEwKhUYNzYTWDIwP5CZaWcbX5RtfEqmRE4AAAAAPnFxB0HcTRPn/zce9YOr3x8wccuyeTPvH9vyxMmjv3H1XT+6d/9ld767YvCAce99p2D+P6q0+X9sr19uYxfH3rzYP4S7y7b1JhsYUpcE4n6Muvjz+H3rQtgjZwdHtkRbbVKiKtVweKAm+YV6Vbqq1TXJGgPx/ikb7r/v8s7ENTUhfCVn70u2jWeqkzZq0oFBVUmgNh2YXpEE4p6fbOAn5UkAdlh2r2B8QWVOdclq6L5ckdffZ+WaoOnhFewD7SZfd7+52lWq0w9k9qlmbd/TVlAdu0TB22Otd1tvfLc1eLflfpHKfEPZui1UHcontk0aP6d9dnwk95esBXbR85z7K9VS0jvhddjx8Xvbs+p0B5pTHx/N3Zfr/nVYFqu79LEV0/stG33p1Zt/NWbDWTUHlNyNIuIPhX+05X9XPpWzeXe16pB5zfW6z5NWnye98d9Ao6cthHDZ9cfsu+TdX+/33A3Pnbqu7Maxr/7lrHs2Lf+bysNHrXv/yaGjLy+Y/7eWNv+vSN12+V3cmLMGhHBgzsZ9JG7+YwYkn4M5geRTcs/CQHLI/V/ri35yAgAAwM6W3d2R3V8wJXObnBCenicX5m/dzvxxf8WobvOX2u9j121cedLQN6474G8vOPGNv7/28Kceuv6ysnXL//vYD1avuXzxe08UzP/HffT8v2+qm47/O/7PLuL4f7d2913RfdMPdOzQruiC6tglHP/v1u7+bnP8v1uO/zv+3x3H/3vg+H+3dvenreBb0gxfujonwdff+fPfTbzpg7mN+x180lPPHDrxun+6quXuu0555b+de9601761uWD+P6O0+b/1/7pftC+7/t+4Yuv/zSi2/l+H9f8AAIBdqshCc+l5XsHqfQUZ0qv3FWTocYHAHpcYtP7fdq//t3Dkv1904Q+fb7n2nTvHXb5m07Fnvvr0utXPzFpx3Lnnv9V6112tBfP/jtLm//Hl0C+39d6y/l/j2CJVXREDMywMCAAAwO6o2A4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPl2HnvbO+5d8/R/aBv1ixc1/f+v/+7/P1q594JvfuGn4L6f86RllazZcM+LMLfMOuvC4+Qum/UvH8tVHnBHClK5yZUnxsueu+OpDrXsd9+wdAzfOvPHW+i3VmXorM7d/nJc7tvphfQhLch6pi4k36zvvbAuccuLtcys6E4/Uh7B/bmDqwql7dCaW14cwODdw3xkHDexMLEyXWPPs0S91Jr6TDhw/5HNbOhOHZwJl6e5e1z/pblm6u5f3D2FATiDb3bP751eVbeO4TKA83caKuqSNGKiLRa+tS9qIgfZYYkrfEIZWhNAnXdU/VydV9UlXdU91UlWfdFUXVYcwMoRQka7quaqkqor0yB+tSqqKgb33u+XtQZ2JpVUhDM0NPPHtpYd1JmamAtnG/1NVCF/qfMmkG/9xZdJ4Zbrx/1oZwhdDCFXpEu9VJCWq0iVeqAhhz5zAto1YEcLcwGdD/PSZmPvgrLnzpo5vb2+buQsTVZm2asKkKe1tTROmt0+sTvWpmLKc9NYFH3/sm96eP6HzdvHKyZWlpCsy5Sq7unxIZd7dlt2997FftbmVbHs+CuqP+atCv9B3zqy2mU3njZ89e+aw5G+p2Q9J/vbJRJNtNay3bKtBuZUMnT1txtBZc+cNmTJt/OS2yW3ntBz6Zy0jhg//2oihnYNqTv7ujJEu/eRH+oWKnEo+ife/hIREb0uU5326Ne/un+MFX/S3dbQyVHd9QBdMK3KzlHWNcmcM+qiPOeKP8zWlxxENK5g4FGQ5pOcsLQWTiW1ZapIsXV/rCiaHuTWVd23SeL88NDX1KbYdGvLv5m7e13dg8z6d2XSlpgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAA//8fSxmR") openat$vcsu(0xffffffffffffff9c, 0x0, 0x109000, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_START_SYNC(r5, 0x80089418, &(0x7f000001fa40)) r6 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x7d, 0x4102) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000071120f000000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6b, '\x00', 0x0, @cgroup_sock_addr=0x9, r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800, @void, @value}, 0x94) syz_io_uring_setup(0x3b, &(0x7f0000000040)={0x0, 0x2, 0x10100, 0x40000000, 0x2b5}, &(0x7f0000000000), &(0x7f0000000100)) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000140)) 3.648191533s ago: executing program 3 (id=807): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000001100)='./file1\x00', 0x0, &(0x7f00000003c0)={[{@inlinecrypt}, {@usrjquota}, {@errors_remount}, {@dioread_lock}, {@norecovery}, {@mblk_io_submit}, {@dax_always}, {@dax_never}, {@nombcache}, {}], [{@audit}]}, 0x43, 0x7bb, &(0x7f0000003000)="$eJzs3c9rG1ceAPDvyPLPZNdeWNjNngwLu4EQeZ31JruwsF72sCxsINCeemhiZMWklq1gySE2pk0ohV4KbemtveTcn5fSa38cemn/j5KQtk5o2h6Ky8iSLduSYyWWlDSfD0z0nuaN3vvOG7150YylAJ5Y4+k/mYhjEfFqEjFaez6JiP5qKhsxvVnu3vpaPl2S2Nh46pukWubu+lo+GrZJHallfh8Rn74UcSKzt97yyur8TLFYWKrlJyoLlyfKK6snLy3MzBXmCounJ6emTp3525nTDxXecGPmuy9Xj9567b9/fm/6xxd/9/4rnyUxHUdr6xrjOCzjMV7bJ/3pLtzhP4ddWc98+PwBCjUcAdlONoY2pR3TV+uVYzEaffv1z3A3WwYAdMoLEbHRSl/LNQDAYy3ZPP//q9ftAAC6pf45wN31tXx96e0nEt11+98RMTTUZE22ds1uqHoddORusuPKSBIRY4dQ/3hEvPXRs++kS3ToOiRAM9euR8SFsfG943+y556Fdv2l+dNzjZnxXSuNf9A9H6fzn783m/9ltuY/0WT+M9jkvfsg7v/+z9w8hGpaSud//2y4t+1eQ/w1Y3213K+qc77+5OKlYiEd234dEcejfzDNT+5Tx/E7P91pta5x/vft68+9ndafPm6XyNzMDu7cZnamMvMwMTe6fT3iD9lm8afj/2C1/5MW899ztfTAfer43z9efrPVujT+NN76sjf+ztq4EfGnpv2fbJVJ9r0/caJ6OEzUD4omPpiOkVb1j2e3+z9d0vrr/xfohrT/R/aPfyxpvF+zfOCX3rpb7Isbo5+0KtR4/DePv/nxP5A8XU3Xj72rM5XK0mTEQPL/vc+f2t62nq+XT+M//sfm7//6+Nfk+H8mff0LB9wR2Vtfv/vg8XdWGv9sW/3fdiKG7s33tar/YP0/tWObg4x/B23gg+43AAAAAAAAAAAAAAAAAAAAAAAAAGhHJiKORpLJbaUzmVxu8ze8fxsjmWKpXDlxsbS8OBvV38oei/5M/asuRxu+D3Wy9n349fypXfm/RsRvIuKNweFqPpcvFWd7HTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1Bxp8fv/qa8GdxXu60ULAYCOGHJiB4AnTZLN9roJAEC3DbVVerhj7QAAuqe98z8A8Evg/A8AT577nP93/xkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtOvc2bPpsvH9+lo+zc9eWVmeL105OVsoz+cWlvO5fGnpcm6uVJorFnL50kLLF7q2+VAslS5PxeLy1YlKoVyZKK+snl8oLS9Wzl9amJkrnC/0dy0yAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADi48srq/EyxWFiS6Eli/vPNfnhU2tNmIvlho+pRaU/XE3Fts/+6X3vS4SpiYHuUGO7N4AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwGPg5AAD//06AHk0=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) ioprio_set$pid(0x1, r1, 0x0) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) poll(0x0, 0x0, 0x5) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc1}, 0x0, 0x0, 0xfffffffffffffffe) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f00000004c0)={0x1f, 0xffff, 0x3}, 0x6) write(r4, &(0x7f0000000040)="05000000010001", 0x7) r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) lseek(r5, 0x851, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'bridge0\x00', 0x0}) socket$inet6(0xa, 0x80002, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14615}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xfffffffffffffe44}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r6}]}, 0x44}, 0x1, 0x0, 0x0, 0x4001}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x18, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="d40100002000000018000000000000000000000000000000950000000000000038720a013653e84c584fdd38a1990000df9e190a587bed507002e83640d72226cbc0"], 0x0, 0x5, 0x9c, &(0x7f0000000000)=""/156, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) syz_usb_connect(0x1, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d0918108ac051582588f0000000109022d00010000", @ANYRES32=0x0], 0x0) syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000200), 0x3, 0x570, &(0x7f0000000680)="$eJzs3V1rHFUYAOB3Nkm/tSmUoiIS6IWV2k2T+FFBsF6KFgt6X5dkGmo23ZLdlCYW2l7YG2+kCCIWxB/gvZfFP+CvKGihSAl64U1kNrPtNtnN52q2zvPAtOfMzObM2TPv2Xd2dtkACmsk+6cU8WLcjK+TiMNt2wYj3ziyst/So+uT2ZLE8vInfySR5Ota+yf5/wfzygsR8cuXESdLa9utLyzOVKrVdC6vjzZmr4zWFxZPXZqtTKfT6eXxiYkzb06Mv/P2Wz3r62vn//ru43sfnPnq+NK3Pz04cieJs3Eo39bejx242V4ZiZH8ORmKs6t2HOtBY/0k2e0DYFsG8jgfimwOOBwDedQD/383ImIZKKhE/ENBtfKA1rV9j66DnxkP31+5AFrb/8GV90ZiX/Pa6MBS8tSVUXa9O9yD9rM2fv797p1siQ3eh7jRg/YAWm7eiojTg4Nr578kn/+273TzzeP1rW6jaK8/sJvuZfnP653yn9Lj/Cc65D8HO8Tudmwc/6UHPWimqyz/e7dj/vt46hoeyGvPNXO+oeTipWp6OiKej4gTMbQ3q693P+fM0v3lbtva879sydpv5YL5cTwY3Pv0Y6YqjcpO+tzu4a2Il57kv0msmf/3NXPd1eOfPR/nN9nGsfTuK922bdz/dr3PgJd/jHi14/g/uaOVrH9/crR5Poy2zoq1/rx97Ndu7W+t/72Xjf+B9fs/nLTfr61vvY0f9v2ddtu23fN/T/Jps7wnX3et0mjMjUXsST5au378yWNb9db+Wf9PHF9//ut0/u+PiM822f/bR2933bUfxn9qS+O/9cL9D7/4vlv7mxv/N5qlE/mazcx/mz3AnTx3AAAAAAAA0G9KEXEoklL5cblUKpdXPt9xNA6UqrV64+TF2vzlqWh+V3Y4hkqtO92H2z4PMZZ/HrZVH19Vn4iIIxHxzcD+Zr08WatO7XbnAQAAAAAAAAAAAAAAAAAAoE8c7PL9/8xvA7t9dMC/zk9+Q3FtGP+9+KUnoC95/Yfi6hL/pgUoAIEOxSX+objEPxSX+IfiEv9QXOIfAAAAAAAAAAAAAAAAAAAAAAAAAAAAeur8uXPZsrz06PpkVp+6ujA/U7t6aiqtz5Rn5yfLk7W5K+XpWm26mpYna7Mb/b1qrXZlbDzmr4020npjtL6weGG2Nn+5ceHSbGU6vZAO/Se9AgAAAAAAAAAAAAAAAAAAgGdLfWFxplKtpnMKXQvvxW4fxucv7+ThSedRTto6uGJbTQz2yzAp9LSwyxMTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALT5JwAA//821zOC") 3.127848527s ago: executing program 0 (id=808): mkdir(0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x800400, &(0x7f0000000200)=ANY=[@ANYBLOB="68756765cb6716a53d6164766973652c6e6f777761702c007bf6cfbabc83e8c4b8839150263ed0985aec17676078a966eb2f0258ce0400cbed2838c49a1e5f1fd69e807afa885f2ba6113378b3bf370c82a31fe7a83ef635cd801e64bfa0e0acdc430097bfe07dffa7523425bd086599ca33855c9c94065629dd492573f2d34da6b1219cf5ee25ef350a779e07cf1329a8c4ecc0da9f78acffa50e10a23e3ba0f1bf36495b4ad0896abea12e0f1e3b69aff2f3adadde421f1d6c4b6bee416b9b81c36fcfe4bb49113c984b77ea"]) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x2}}, './file0\x00'}) setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x7, &(0x7f00000001c0)=0x8, 0x4) socket(0x840000000002, 0x3, 0x6) r1 = gettid() openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) dup(0xffffffffffffffff) timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x1, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f0000000480)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40300000}, 0xc, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB="4c000000c31e08e17622a2ff25922cabbb6b38f327005d8d616aeec7ff25af2027f5eccc50574183599135d122b73a0fef45ef415cb1cd5b8334e4b83839c679a5dc93ce9a59abd9097faa12377bb8d1280de84ddf5732b96185a74e08d41275b073b32f7f4153af9bc327fc281949a52e655321b5d62551bb501d8257b7a0fa1fc9e6124d81fc2ebae4ce60959d625bd5f7042ea93fd04516b9cb2d3285593e076e2b45c3edc8923d1ef23e5ceb482c5e86b11c164dccb233df861a1ead2d23", @ANYRES16=0x0, @ANYBLOB="000825bd7000ffdbdf25090000003800018008000b007369700014000300640101010000000000000000000000000600020032000000060004004e230000060002003c000000"], 0x4c}, 0x1, 0x0, 0x0, 0x24008800}, 0x400c801) ioctl$VIDIOC_DQEVENT(r2, 0x80885659, 0x0) 3.126762247s ago: executing program 2 (id=809): sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=ANY=[@ANYRES32, @ANYBLOB="0100000000000000000014000000080016"], 0x4c}}, 0x4000085) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) keyctl$join(0x1, &(0x7f0000000100)={'syz', 0x2}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2.232527393s ago: executing program 1 (id=810): bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x18, 0x28b, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1a000000, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket(0x1d, 0x2, 0x6) bind$can_j1939(r3, 0x0, 0x0) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e99925bd700003000000fc00000000000000000000000000000000000000000000000000000000c000000000ff3e000000000a", @ANYBLOB], 0xb8}}, 0x0) syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000080)=ANY=[@ANYBLOB="2a01000020000040b70800000000000003010902"], 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="65010000"], 0x188}}, 0x0) 1.786672431s ago: executing program 4 (id=811): mkdir(&(0x7f0000000440)='./file1\x00', 0x2) mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota') r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000c40), r0) syz_open_dev$sg(0x0, 0x0, 0x8002) syz_open_dev$sg(&(0x7f0000007f00), 0x1, 0x48903) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$vim2m(0x0, 0x52cd, 0x2) socket$inet6_sctp(0xa, 0x1, 0x84) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x3ffa, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='contention_end\x00', 0xffffffffffffffff, 0x0, 0x7fffffc}, 0x18) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000002c0)=ANY=[@ANYBLOB="1800000056000106f50000870000000007"], 0x18}], 0x1}, 0x0) r6 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000480)={0x0, 0x1900, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="790004000000000000007e0000000800570009000000dbb81a0dcc11a9ec92c4959c167d3892a991f6caacc56c11583e9f448ab0f41cee8b851edb4611e2383d983bcac9ef02f5b8a76303a4d836015f41f3e78a7fe4bf6c22b667a7dd1657b24c38e1"], 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x0) r7 = openat$vmci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r7, 0x7a7, &(0x7f0000000040)=0x10000) ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r7, 0x7af, &(0x7f0000000000)={@local, 0x8}) 1.274411372s ago: executing program 0 (id=812): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000240)='nilfs2_transaction_transition\x00', r0, 0x0, 0xc0b}, 0x18) r1 = socket$packet(0x11, 0x3, 0x300) getsockopt$sock_int(r1, 0x1, 0x22, 0x0, &(0x7f0000000600)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000480)=@o_path={&(0x7f0000000340)='./file0\x00', 0x0, 0x4000, r3}, 0x18) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00'}, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) capset(&(0x7f0000000000)={0x20071026}, &(0x7f0000000280)) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x54, r6, 0x1, 0x70bd27, 0x0, {}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x2, @loopback}}, {0x14, 0x2, @in={0x2, 0x4, @initdev={0xac, 0x1e, 0x0, 0x0}}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x80) 739.137021ms ago: executing program 2 (id=813): syz_open_dev$tty1(0xc, 0x4, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'aead\x00', 0x0, 0x0, 'aegis256-generic\x00'}, 0x58) getgroups(0x2, &(0x7f0000001080)=[0xee01, 0xffffffffffffffff]) keyctl$chown(0x4, 0x0, 0xee01, r1) 472.027353ms ago: executing program 4 (id=814): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000340)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x58) prlimit64(0x0, 0xe, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_mount_image$nilfs2(&(0x7f0000000a40), &(0x7f0000000a80)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00a717cf64394a00dc299b573660f498c4d99aac48af10923f703f53e58070c2bf4575228d0e471df7101ac03b8d48a1b0fc276e395f25b63e9a27cd2ab98888989eec154d97b4dbcf"], 0x1, 0xa09, &(0x7f0000001540)="$eJzs3UuMHEfdAPDq2Z31M5/H+WyyOCaxCSThkd14vZiHBXEUX7DiiFukiIvlOMHCMQhHgkQ52D5xI1FkrjzEKZcIEBK5ICsnLpGIJS45BQ4csIwUiQME7EW7WzU7+/eMemZt73h2fj+ptqa6aqaqZ3t6erq7qhIwthpLf+fnp6uULr3z5tG/P/y3LYtLnmiXaC39nexINVNKVU5Phtf7cGI5vv7Raye7xVWaW/pb0umZa+3nbkspnU/70uXUSnsuXXnjvbmnj184dnH/+28dvnpn1h4AAMbLty4fnt/9lz/dv/Pjtx84kja1l5fj81ZOb8/H/UfygX85/m+k1emqI3SaCuUmc2iEchNdynXW0wzlJnvUPxVet9mj3Kaa+ic6lnVbbxhlZTtupaoxsyrdaMzMLP8mT0u/66eqmbOnz7xwbkgNBW67fz6YUtonCMI4hoUdw94DASyL1wtvcj6eWbg17Veb7K/+a082uj8fboP13v7VP1r1/+qCPQ63z0bdmsp6lc/R9pyO1xHi/UuDfv7L68XrEc0+29nrOsKoXF/o1c6JdW7HWvVqf9wuNqqv57i8D98I+Z2fn/g/HZX/MdDdv5z/F4SxDQvD3gEBd61439xCVvLjfX0xf1NN/uaa/C01+Vtr8rfV5MM4++3LP0mvVyu/8+Nv+kHPh5XzbPfk+P8GbE88Hzlo/fG+30Hdav3xfmK4m/3+xLOnvvL8c1eW7/+v2tv/jby978vpVv5sXc4FyvnCeF69fe9/a3U9jR7l7g3tuadL+aXHu1aXq3atvE7q2M/c1I7p1c/b0avc3tXlWqHclhw2h/bG45Ot4Xnl+KPsV8v7NRnWtxnWYyq0o+xXduY4tgPWomyPve7/L9vndGpWL5w+c+rxnC7b6R8nmpsWlx9Y53YDt67f/j/TaXX/n+3t5c1G535hx8ryqnO/0ArL53osP5jT5XvuOxNblpbPnPzemedv98rDmDv3yqvfPXHmzKkfeOCBBx60Hwx7zwTcabMvv/T92XOvvPrY6ZdOvHjqxVNnDx46dHBu7tBXD87PLh3Xz3Ye3QMbycqX/rBbAgAAAAAAAAAAAPTrh8eOXvnzu1/+YLn//0r/v9L/v9z5W/r//zj0/4/95Es/+NIPcGeX/KUyYYDVqVCumcP/h/buCvXsDs/7RI7b8/jl/v+lujiua2nPfWF5HL+3lAvDCdw0XspUGIMkzhf46RxfzPEvEwxRtaX74hzXjW9dtvUyPoVxKUZT+b+VraGMY1L6f/ca16ns/3euQxu5/dajO+Gw1xHo7h/G/xaEsQ0LC2bxAO4Ow57/s5z3LPHZP3xz82Ioxa49uXp/GccvhVtxt88/qf6NNf9ne/67vvd/Yca81trq/ffPrn7QUW3a02/9cf3LONC7Bqv/41x/WZtHUn/1L/wi1B8vCPXpP6H+rX3Wf9P6711b/f/N9Ze37dGH+q1/ucVVY3U74nnjcv0vnjcurof1L2N7Drz+a5yo8UauH8bZqMwzO6hRmf+3l3gfxpdyuuwIy30Ocb6TQdtf7q8o3wO7w+tXNd9v5v8dbV/Lcd3nocz/W7bHVpd0oyPd7PLebtR9DYyqD13/E4SxDQsLC3f2hFaNoVbO0N//Yf9OGHb9w37/68T5f+MxfJz/N+bH+X9jfpz/N+bH+fVifpz/N76fcf7fmH9feN04P/B0Tf4na/L31OTfX5O/tyb/UzX5+2vyH6jJf7Am/96a/Idq8j9Tk//ZmvyHa/Ifrcn/XE3+Rlf6o4zr+sM4i/3zfP5hfJTrP70+/7tq8oHR9dO3Dzz13G++3Vru/z/VPh9SruMdyelm/u38o5yO171TR3ox792c/mvIv9vPd8A4ieNnxO/3R2rygdFV7vPy+YYxVHUfsaffcat6HeczWj6f4y/k+Is5fizHMzmezfGBHM+tU/u4M5769e8Ov16t/N7fEfL7vZ889geK40Qd7LM98fzAoPezx3H8BnWr9a+xOxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDQNJb+zs9PVyldeufNo88ePz27uOSJdonW0t/JjlSz/byUHs/xRI5/nh9c/+i1k53xjcV4KqUqzaUqVe3l6Zlr7Zq2pZTOp33pcmqlPZeuvPHe3NPHLxy7uP/9tw5fvYNvAQAAAGx4/wsAAP//2XsNow==") r2 = open(&(0x7f0000000080)='.\x00', 0x0, 0x1b5) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r2, 0x40186e8d, &(0x7f0000000040)={0x80, 0x42c0000000003f, 0x400, 0x200000003, 0x5, 0x3, 0x2401}) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r3 = accept4(r1, 0x0, 0x0, 0x0) recvmsg$kcm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000000)=""/10, 0xa}, {&(0x7f0000000200)=""/97, 0x61}], 0x2}, 0x180) sendmsg$nl_route_sched_retired(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000003a40)=@newchain={0x6c, 0x64, 0x100, 0x70bd29, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x7}, {0xfff1}, {0xc, 0xe}}, [@f_rsvp6={{0xa}, {0x3c, 0x2, [@TCA_RSVP_POLICE={0x4}, @TCA_RSVP_ACT={0x34, 0x6, [@m_simple={0x30, 0x1b, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x1}}}}]}]}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x1}, 0x40881) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) 281.78249ms ago: executing program 0 (id=815): openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = dup(r0) r2 = dup(r1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r2, 0x0) ioctl$BLKZEROOUT(r2, 0x127f, &(0x7f00000000c0)={0x4000, 0x80600}) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) dup(0xffffffffffffffff) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r3, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x72, 0x11cfa, 0x0, 0x8000008, 0x3, 0x4, 0x1, 0x0, 0x2}) read$FUSE(r3, &(0x7f0000001680)={0x2020}, 0x2020) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r3, 0x40505330, &(0x7f00000001c0)={0x800100, 0xffffffff, 0x22, 0xe1d9, 0x1101, 0xff}) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/ipc\x00') socket$inet6_udplite(0xa, 0x2, 0x88) epoll_create1(0x0) syz_io_uring_setup(0x5e48, &(0x7f0000000180)={0x0, 0x0, 0x10100, 0x0, 0xfffffffc}, &(0x7f0000000100), &(0x7f0000000140)) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x34}}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) 0s ago: executing program 3 (id=816): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) kernel console output (not intermixed with test programs): 260.050114][ T1228] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 260.071064][ T7582] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 260.123349][ T1228] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 260.142151][ T1228] usb 4-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 260.163475][ T1228] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 260.188619][ T1228] usb 4-1: Product: syz [ 260.389406][ T1228] usb 4-1: Manufacturer: syz [ 260.394084][ T1228] usb 4-1: SerialNumber: syz [ 260.705124][ T1228] usb 4-1: config 0 descriptor?? [ 260.748258][ T1228] streamzap 4-1:0.0: streamzap_probe: endpoint Max Packet Size is 0!?! [ 260.818158][ T1228] usb 4-1: USB disconnect, device number 9 [ 261.071629][ T7598] loop1: detected capacity change from 0 to 4096 [ 261.896147][ T7598] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 261.910772][ T5837] syz-executor: attempt to access beyond end of device [ 261.910772][ T5837] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 261.932154][ T5837] CPU: 1 UID: 0 PID: 5837 Comm: syz-executor Not tainted 6.16.0-rc1-next-20250613-syzkaller #0 PREEMPT(full) [ 261.932184][ T5837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 261.932197][ T5837] Call Trace: [ 261.932207][ T5837] [ 261.932216][ T5837] dump_stack_lvl+0x189/0x250 [ 261.932258][ T5837] ? __pfx_dump_stack_lvl+0x10/0x10 [ 261.932287][ T5837] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 261.932315][ T5837] ? __pfx_queue_work_on+0x10/0x10 [ 261.932338][ T5837] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 261.932374][ T5837] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 261.932403][ T5837] ? f2fs_hw_is_readonly+0x39b/0x470 [ 261.932436][ T5837] f2fs_handle_critical_error+0x37c/0x540 [ 261.932471][ T5837] f2fs_write_end_io+0x495/0x810 [ 261.932499][ T5837] ? blkg_put+0x22/0x240 [ 261.932546][ T5837] __submit_merged_bio+0x27a/0x6a0 [ 261.932581][ T5837] __submit_merged_write_cond+0x255/0x530 [ 261.932617][ T5837] f2fs_write_data_pages+0x261d/0x3000 [ 261.932693][ T5837] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 261.932749][ T5837] ? arch_stack_walk+0xfc/0x150 [ 261.932806][ T5837] ? __mod_zone_page_state+0xd7/0x140 [ 261.932841][ T5837] ? folios_put_refs+0x560/0x640 [ 261.932885][ T5837] ? __lock_acquire+0xab9/0xd20 [ 261.932926][ T5837] ? do_raw_spin_lock+0x121/0x290 [ 261.932965][ T5837] ? do_raw_spin_unlock+0x122/0x240 [ 261.932989][ T5837] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 261.933020][ T5837] do_writepages+0x32b/0x550 [ 261.933055][ T5837] ? do_raw_spin_unlock+0x122/0x240 [ 261.933085][ T5837] filemap_fdatawrite+0x199/0x240 [ 261.933106][ T5837] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 261.933190][ T5837] ? do_raw_spin_unlock+0x122/0x240 [ 261.933219][ T5837] f2fs_sync_dirty_inodes+0x31f/0x830 [ 261.933269][ T5837] f2fs_write_checkpoint+0x95a/0x1df0 [ 261.933331][ T5837] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 261.933419][ T5837] ? try_to_wake_up+0x7e5/0x1290 [ 261.933451][ T5837] ? kill_f2fs_super+0x298/0x6c0 [ 261.933487][ T5837] kill_f2fs_super+0x2c3/0x6c0 [ 261.933526][ T5837] ? __pfx_kill_f2fs_super+0x10/0x10 [ 261.933551][ T5837] ? radix_tree_delete_item+0x2b6/0x400 [ 261.933589][ T5837] ? shrinker_free+0x2ce/0x3e0 [ 261.933701][ T5837] deactivate_locked_super+0xb9/0x130 [ 261.933738][ T5837] cleanup_mnt+0x425/0x4c0 [ 261.933766][ T5837] ? lockdep_hardirqs_on+0x9c/0x150 [ 261.933799][ T5837] task_work_run+0x1d4/0x260 [ 261.933829][ T5837] ? __pfx_task_work_run+0x10/0x10 [ 261.933850][ T5837] ? __x64_sys_umount+0x122/0x160 [ 261.933876][ T5837] ? exit_to_user_mode_loop+0x40/0x110 [ 261.933909][ T5837] exit_to_user_mode_loop+0xec/0x110 [ 261.933937][ T5837] do_syscall_64+0x2bd/0x3b0 [ 261.933965][ T5837] ? lockdep_hardirqs_on+0x9c/0x150 [ 261.933991][ T5837] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 261.934011][ T5837] ? clear_bhb_loop+0x60/0xb0 [ 261.934037][ T5837] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 261.934056][ T5837] RIP: 0033:0x7f608b18fc57 [ 261.934074][ T5837] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 261.934091][ T5837] RSP: 002b:00007ffda0c36778 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 261.934112][ T5837] RAX: 0000000000000000 RBX: 00007f608b210925 RCX: 00007f608b18fc57 [ 261.934126][ T5837] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffda0c36830 [ 261.934138][ T5837] RBP: 00007ffda0c36830 R08: 0000000000000000 R09: 0000000000000000 [ 261.934168][ T5837] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffda0c378c0 [ 261.934181][ T5837] R13: 00007f608b210925 R14: 000000000003f81c R15: 00007ffda0c37900 [ 261.934217][ T5837] [ 261.934225][ T5837] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 261.982815][ T7598] overlayfs: missing 'workdir' [ 262.119018][ T5906] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 262.407179][ T3064] ntfs3(loop1): ino=9, ntfs3_write_inode failed, -22. [ 262.415334][ T5845] ntfs3(loop1): ino=9, ntfs_sync_fs failed, -22. [ 262.428052][ T7611] overlayfs: failed to clone upperpath [ 262.489283][ T5906] usb 4-1: Using ep0 maxpacket: 16 [ 262.510796][ T5906] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 262.552314][ T5906] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 262.578348][ T5906] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 262.592730][ T7613] loop1: detected capacity change from 0 to 2048 [ 262.601110][ T5906] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 262.623704][ T7613] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 262.624507][ T5906] usb 4-1: Product: syz [ 262.654189][ T7613] UDF-fs: error (device loop1): udf_fiiter_advance_blk: extent after position 232 not allocated in directory (ino 1376) [ 262.674391][ T5906] usb 4-1: Manufacturer: syz [ 262.693122][ T5906] usb 4-1: SerialNumber: syz [ 262.917449][ T7604] trusted_key: encrypted_key: insufficient parameters specified [ 262.942698][ T5906] usb 4-1: 0:2 : does not exist [ 262.977421][ T5906] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 263.723029][ T5906] usb 4-1: USB disconnect, device number 10 [ 263.792133][ T6028] udevd[6028]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 264.409099][ T5974] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 264.943514][ T7639] loop0: detected capacity change from 0 to 512 [ 265.007197][ T7639] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 265.014862][ T7639] UDF-fs: Scanning with blocksize 512 failed [ 265.054228][ T7639] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 265.061771][ T7639] UDF-fs: Scanning with blocksize 1024 failed [ 265.080082][ T7639] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 265.087557][ T7639] UDF-fs: Scanning with blocksize 2048 failed [ 265.104388][ T7639] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 265.181167][ T7639] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 265.458868][ T5974] usb 2-1: Using ep0 maxpacket: 32 [ 265.506711][ T7640] loop2: detected capacity change from 0 to 2048 [ 265.557226][ T5974] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 265.575535][ T5974] usb 2-1: config 0 has no interface number 0 [ 265.588346][ T5974] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 265.650799][ T5974] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 265.669336][ T5974] usb 2-1: Product: syz [ 265.673554][ T5974] usb 2-1: Manufacturer: syz [ 265.678167][ T5974] usb 2-1: SerialNumber: syz [ 265.683858][ T7640] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 265.687928][ T5974] usb 2-1: config 0 descriptor?? [ 265.716940][ T5974] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 266.178174][ T7650] loop3: detected capacity change from 0 to 40427 [ 266.196465][ T7653] usb usb8: usbfs: process 7653 (syz.0.437) did not claim interface 0 before use [ 266.277050][ T7650] F2FS-fs (loop3): build fault injection rate: 690 [ 266.283934][ T7650] F2FS-fs (loop3): Image doesn't support compression [ 266.291445][ T7650] F2FS-fs (loop3): Image doesn't support compression [ 266.367410][ T7650] F2FS-fs (loop3): invalid crc value [ 266.776462][ T7650] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 266.822941][ T7657] loop1: detected capacity change from 0 to 8 [ 266.850720][ T7657] SQUASHFS error: zlib decompression failed, data probably corrupt [ 266.859076][ T7657] SQUASHFS error: Failed to read block 0x9b: -5 [ 266.865368][ T7657] SQUASHFS error: Unable to read metadata cache entry [99] [ 266.872734][ T7657] SQUASHFS error: Unable to read inode 0x127 [ 266.910674][ T7657] netlink: 28 bytes leftover after parsing attributes in process `syz.1.432'. [ 266.951895][ T5974] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 267.080542][ T5974] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 267.156673][ T7661] netlink: 24 bytes leftover after parsing attributes in process `syz.0.439'. [ 267.492318][ T5838] syz-executor: attempt to access beyond end of device [ 267.492318][ T5838] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 267.528247][ T5838] CPU: 0 UID: 0 PID: 5838 Comm: syz-executor Not tainted 6.16.0-rc1-next-20250613-syzkaller #0 PREEMPT(full) [ 267.528276][ T5838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 267.528289][ T5838] Call Trace: [ 267.528297][ T5838] [ 267.528306][ T5838] dump_stack_lvl+0x189/0x250 [ 267.528346][ T5838] ? __pfx_dump_stack_lvl+0x10/0x10 [ 267.528375][ T5838] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 267.528401][ T5838] ? __pfx_queue_work_on+0x10/0x10 [ 267.528422][ T5838] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 267.528447][ T5838] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 267.528480][ T5838] ? f2fs_hw_is_readonly+0x39b/0x470 [ 267.528511][ T5838] f2fs_handle_critical_error+0x37c/0x540 [ 267.528549][ T5838] f2fs_write_end_io+0x495/0x810 [ 267.528573][ T5838] ? blkg_put+0x22/0x240 [ 267.528616][ T5838] __submit_merged_bio+0x27a/0x6a0 [ 267.528648][ T5838] __submit_merged_write_cond+0x255/0x530 [ 267.528681][ T5838] f2fs_write_data_pages+0x261d/0x3000 [ 267.528705][ T5838] ? __lock_acquire+0xab9/0xd20 [ 267.528774][ T5838] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 267.528852][ T5838] ? lockdep_hardirqs_on+0x9c/0x150 [ 267.528890][ T5838] ? folios_put_refs+0x560/0x640 [ 267.528932][ T5838] ? __lock_acquire+0xab9/0xd20 [ 267.528968][ T5838] ? do_raw_spin_lock+0x121/0x290 [ 267.529006][ T5838] ? do_raw_spin_unlock+0x122/0x240 [ 267.529029][ T5838] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 267.529057][ T5838] do_writepages+0x32b/0x550 [ 267.529089][ T5838] ? do_raw_spin_unlock+0x122/0x240 [ 267.529117][ T5838] filemap_fdatawrite+0x199/0x240 [ 267.529138][ T5838] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 267.529228][ T5838] ? do_raw_spin_unlock+0x122/0x240 [ 267.529254][ T5838] f2fs_sync_dirty_inodes+0x31f/0x830 [ 267.529298][ T5838] f2fs_write_checkpoint+0x95a/0x1df0 [ 267.529352][ T5838] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 267.529417][ T5838] ? try_to_wake_up+0x7e5/0x1290 [ 267.529445][ T5838] ? kill_f2fs_super+0x298/0x6c0 [ 267.529476][ T5838] kill_f2fs_super+0x2c3/0x6c0 [ 267.529508][ T5838] ? __pfx_kill_f2fs_super+0x10/0x10 [ 267.529531][ T5838] ? radix_tree_delete_item+0x2b6/0x400 [ 267.529563][ T5838] ? shrinker_free+0x2ce/0x3e0 [ 267.529589][ T5838] deactivate_locked_super+0xb9/0x130 [ 267.529618][ T5838] cleanup_mnt+0x425/0x4c0 [ 267.529642][ T5838] ? lockdep_hardirqs_on+0x9c/0x150 [ 267.529670][ T5838] task_work_run+0x1d4/0x260 [ 267.529695][ T5838] ? __pfx_task_work_run+0x10/0x10 [ 267.529715][ T5838] ? __x64_sys_umount+0x122/0x160 [ 267.529738][ T5838] ? exit_to_user_mode_loop+0x40/0x110 [ 267.529768][ T5838] exit_to_user_mode_loop+0xec/0x110 [ 267.529793][ T5838] do_syscall_64+0x2bd/0x3b0 [ 267.529816][ T5838] ? lockdep_hardirqs_on+0x9c/0x150 [ 267.529839][ T5838] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.529857][ T5838] ? clear_bhb_loop+0x60/0xb0 [ 267.529879][ T5838] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.529896][ T5838] RIP: 0033:0x7f254c78fc57 [ 267.529912][ T5838] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 267.529927][ T5838] RSP: 002b:00007ffcea3c68b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 267.529945][ T5838] RAX: 0000000000000000 RBX: 00007f254c810925 RCX: 00007f254c78fc57 [ 267.529956][ T5838] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcea3c6970 [ 267.529967][ T5838] RBP: 00007ffcea3c6970 R08: 0000000000000000 R09: 0000000000000000 [ 267.529978][ T5838] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffcea3c7a00 [ 267.529989][ T5838] R13: 00007f254c810925 R14: 00000000000413be R15: 00007ffcea3c7a40 [ 267.530021][ T5838] [ 267.914728][ T7665] FAULT_INJECTION: forcing a failure. [ 267.914728][ T7665] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 267.966851][ C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 267.976660][ T5974] usb 2-1: USB disconnect, device number 7 [ 268.027324][ T7665] CPU: 1 UID: 0 PID: 7665 Comm: syz.0.442 Not tainted 6.16.0-rc1-next-20250613-syzkaller #0 PREEMPT(full) [ 268.027358][ T7665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 268.027372][ T7665] Call Trace: [ 268.027381][ T7665] [ 268.027391][ T7665] dump_stack_lvl+0x189/0x250 [ 268.027428][ T7665] ? __pfx____ratelimit+0x10/0x10 [ 268.027458][ T7665] ? __pfx_dump_stack_lvl+0x10/0x10 [ 268.027491][ T7665] ? __pfx__printk+0x10/0x10 [ 268.027528][ T7665] should_fail_ex+0x414/0x560 [ 268.027566][ T7665] _copy_to_user+0x31/0xb0 [ 268.027595][ T7665] simple_read_from_buffer+0xe1/0x170 [ 268.027635][ T7665] proc_fail_nth_read+0x1df/0x250 [ 268.027663][ T7665] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 268.027691][ T7665] ? rw_verify_area+0x258/0x650 [ 268.027721][ T7665] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 268.027747][ T7665] vfs_read+0x200/0x980 [ 268.027784][ T7665] ? __pfx___mutex_lock+0x10/0x10 [ 268.027824][ T7665] ? __pfx_vfs_read+0x10/0x10 [ 268.027854][ T7665] ? __fget_files+0x2a/0x420 [ 268.027880][ T7665] ? __fget_files+0x3a0/0x420 [ 268.027899][ T7665] ? __fget_files+0x2a/0x420 [ 268.027930][ T7665] ksys_read+0x145/0x250 [ 268.027961][ T7665] ? __pfx_ksys_read+0x10/0x10 [ 268.027986][ T7665] ? rcu_is_watching+0x15/0xb0 [ 268.028022][ T7665] ? do_syscall_64+0xbe/0x3b0 [ 268.028053][ T7665] do_syscall_64+0xfa/0x3b0 [ 268.028081][ T7665] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 268.028097][ T7665] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 268.028113][ T7665] ? clear_bhb_loop+0x60/0xb0 [ 268.028146][ T7665] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 268.028164][ T7665] RIP: 0033:0x7f608b18d33c [ 268.028181][ T7665] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 268.028198][ T7665] RSP: 002b:00007f608c036030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 268.028218][ T7665] RAX: ffffffffffffffda RBX: 00007f608b3b5fa0 RCX: 00007f608b18d33c [ 268.028232][ T7665] RDX: 000000000000000f RSI: 00007f608c0360a0 RDI: 0000000000000004 [ 268.028244][ T7665] RBP: 00007f608c036090 R08: 0000000000000000 R09: 0000000000000000 [ 268.028255][ T7665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 268.028267][ T7665] R13: 0000000000000000 R14: 00007f608b3b5fa0 R15: 00007ffda0c374e8 [ 268.028297][ T7665] [ 268.294632][ T5974] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 268.310510][ T5838] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 268.337941][ T7669] netlink: 28 bytes leftover after parsing attributes in process `syz.1.443'. [ 268.338569][ T5974] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 268.360423][ T5974] quatech2 2-1:0.51: device disconnected [ 268.413735][ T7669] tipc: Cannot configure node identity twice [ 270.374354][ T7694] loop2: detected capacity change from 0 to 512 [ 270.391900][ T7694] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found [ 270.505335][ T7697] netlink: 'syz.3.441': attribute type 1 has an invalid length. [ 270.513326][ T7697] netlink: 'syz.3.441': attribute type 2 has an invalid length. [ 271.851266][ T7694] UDF-fs: Scanning with blocksize 512 failed [ 271.922973][ T7694] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found [ 272.087713][ T7694] UDF-fs: Scanning with blocksize 1024 failed [ 272.408995][ T7694] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found [ 272.416444][ T7694] UDF-fs: Scanning with blocksize 2048 failed [ 272.442931][ T7694] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 272.558736][ T7694] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 272.810390][ T7702] loop0: detected capacity change from 0 to 40427 [ 272.844310][ T7702] F2FS-fs (loop0): build fault injection rate: 690 [ 272.851041][ T7702] F2FS-fs (loop0): Image doesn't support compression [ 272.858536][ T7702] F2FS-fs (loop0): Image doesn't support compression [ 272.870333][ T7702] F2FS-fs (loop0): invalid crc value [ 272.985970][ T7702] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 273.099416][ T7708] loop1: detected capacity change from 0 to 2048 [ 273.212773][ T7709] loop3: detected capacity change from 0 to 64 [ 273.229902][ T7708] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 273.417600][ T7712] FAULT_INJECTION: forcing a failure. [ 273.417600][ T7712] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 273.431036][ T7712] CPU: 1 UID: 0 PID: 7712 Comm: syz.2.453 Not tainted 6.16.0-rc1-next-20250613-syzkaller #0 PREEMPT(full) [ 273.431065][ T7712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 273.431078][ T7712] Call Trace: [ 273.431087][ T7712] [ 273.431097][ T7712] dump_stack_lvl+0x189/0x250 [ 273.431135][ T7712] ? __pfx____ratelimit+0x10/0x10 [ 273.431165][ T7712] ? __pfx_dump_stack_lvl+0x10/0x10 [ 273.431198][ T7712] ? __pfx__printk+0x10/0x10 [ 273.431220][ T7712] ? __might_fault+0xb0/0x130 [ 273.431255][ T7712] should_fail_ex+0x414/0x560 [ 273.431293][ T7712] _copy_from_user+0x2d/0xb0 [ 273.431320][ T7712] ___sys_recvmsg+0x12e/0x510 [ 273.431353][ T7712] ? __pfx____sys_recvmsg+0x10/0x10 [ 273.431413][ T7712] ? __might_fault+0xb0/0x130 [ 273.431438][ T7712] do_recvmmsg+0x307/0x770 [ 273.431474][ T7712] ? __pfx_do_recvmmsg+0x10/0x10 [ 273.431512][ T7712] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 273.431563][ T7712] __x64_sys_recvmmsg+0x190/0x240 [ 273.431591][ T7712] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 273.431623][ T7712] ? do_syscall_64+0xbe/0x3b0 [ 273.431658][ T7712] do_syscall_64+0xfa/0x3b0 [ 273.431686][ T7712] ? lockdep_hardirqs_on+0x9c/0x150 [ 273.431715][ T7712] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.431735][ T7712] ? clear_bhb_loop+0x60/0xb0 [ 273.431768][ T7712] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.431789][ T7712] RIP: 0033:0x7fc7b5f8e929 [ 273.431807][ T7712] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 273.431825][ T7712] RSP: 002b:00007fc7b6d21038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 273.431848][ T7712] RAX: ffffffffffffffda RBX: 00007fc7b61b5fa0 RCX: 00007fc7b5f8e929 [ 273.431863][ T7712] RDX: 0400000000000179 RSI: 0000200000000480 RDI: 0000000000000003 [ 273.431877][ T7712] RBP: 00007fc7b6d21090 R08: 0000000000000000 R09: 0000000000000000 [ 273.431890][ T7712] R10: 0000000000010022 R11: 0000000000000246 R12: 0000000000000001 [ 273.431904][ T7712] R13: 0000000000000000 R14: 00007fc7b61b5fa0 R15: 00007ffe2b00ff18 [ 273.431936][ T7712] [ 273.946476][ T5859] Bluetooth: hci3: command 0x0406 tx timeout [ 274.010881][ T7718] netlink: 20 bytes leftover after parsing attributes in process `syz.2.455'. [ 274.247604][ T7725] netlink: 'syz.4.457': attribute type 1 has an invalid length. [ 274.494639][ T7725] 8021q: adding VLAN 0 to HW filter on device bond1 [ 274.575211][ T7733] loop3: detected capacity change from 0 to 4096 [ 274.646903][ T7735] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 274.666133][ T7733] NILFS error (device loop3): nilfs_check_folio: bad entry in directory #2: rec_len is smaller than minimal - offset=4096, inode=0, rec_len=0, name_len=0 [ 274.687606][ T7733] Remounting filesystem read-only [ 274.699830][ T7728] bond1: (slave veth3): Enslaving as an active interface with a down link [ 274.728671][ T7733] NILFS error (device loop3): nilfs_readdir: bad page in #2 [ 274.785695][ T7732] bond1: (slave veth0_to_bond): making interface the new active one [ 274.838048][ T7732] veth0_to_bond: entered promiscuous mode [ 274.876851][ T7732] bond1: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 275.038366][ T7737] netlink: 20 bytes leftover after parsing attributes in process `syz.1.460'. [ 275.954640][ T7749] loop1: detected capacity change from 0 to 512 [ 276.896761][ T7749] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found [ 276.904422][ T7749] UDF-fs: Scanning with blocksize 512 failed [ 276.924567][ T7749] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found [ 276.932085][ T7749] UDF-fs: Scanning with blocksize 1024 failed [ 276.957706][ T7749] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found [ 276.965787][ T7749] UDF-fs: Scanning with blocksize 2048 failed [ 276.989287][ T7749] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 277.062083][ T7749] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 277.512476][ T5837] syz-executor: attempt to access beyond end of device [ 277.512476][ T5837] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 277.566640][ T5837] CPU: 1 UID: 0 PID: 5837 Comm: syz-executor Not tainted 6.16.0-rc1-next-20250613-syzkaller #0 PREEMPT(full) [ 277.566668][ T5837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 277.566679][ T5837] Call Trace: [ 277.566687][ T5837] [ 277.566696][ T5837] dump_stack_lvl+0x189/0x250 [ 277.566733][ T5837] ? __pfx_dump_stack_lvl+0x10/0x10 [ 277.566759][ T5837] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 277.566783][ T5837] ? __pfx_queue_work_on+0x10/0x10 [ 277.566802][ T5837] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 277.566827][ T5837] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 277.566852][ T5837] ? f2fs_hw_is_readonly+0x39b/0x470 [ 277.566880][ T5837] f2fs_handle_critical_error+0x37c/0x540 [ 277.566910][ T5837] f2fs_write_end_io+0x495/0x810 [ 277.566934][ T5837] ? blkg_put+0x22/0x240 [ 277.566974][ T5837] __submit_merged_bio+0x27a/0x6a0 [ 277.567006][ T5837] __submit_merged_write_cond+0x255/0x530 [ 277.567038][ T5837] f2fs_write_data_pages+0x261d/0x3000 [ 277.567106][ T5837] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 277.567130][ T5837] ? is_bpf_text_address+0x26/0x2b0 [ 277.567183][ T5837] ? arch_stack_walk+0xfc/0x150 [ 277.567272][ T5837] ? __lock_acquire+0xab9/0xd20 [ 277.567308][ T5837] ? do_raw_spin_lock+0x121/0x290 [ 277.567341][ T5837] ? do_raw_spin_unlock+0x122/0x240 [ 277.567362][ T5837] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 277.567387][ T5837] do_writepages+0x32b/0x550 [ 277.567417][ T5837] ? do_raw_spin_unlock+0x122/0x240 [ 277.567442][ T5837] filemap_fdatawrite+0x199/0x240 [ 277.567461][ T5837] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 277.567533][ T5837] ? do_raw_spin_unlock+0x122/0x240 [ 277.567558][ T5837] f2fs_sync_dirty_inodes+0x31f/0x830 [ 277.567602][ T5837] f2fs_write_checkpoint+0x95a/0x1df0 [ 277.567658][ T5837] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 277.567725][ T5837] ? try_to_wake_up+0x7e5/0x1290 [ 277.567753][ T5837] ? kill_f2fs_super+0x298/0x6c0 [ 277.567784][ T5837] kill_f2fs_super+0x2c3/0x6c0 [ 277.567819][ T5837] ? __pfx_kill_f2fs_super+0x10/0x10 [ 277.567841][ T5837] ? radix_tree_delete_item+0x2b6/0x400 [ 277.567873][ T5837] ? shrinker_free+0x2ce/0x3e0 [ 277.567900][ T5837] deactivate_locked_super+0xb9/0x130 [ 277.567926][ T5837] cleanup_mnt+0x425/0x4c0 [ 277.567950][ T5837] ? lockdep_hardirqs_on+0x9c/0x150 [ 277.567977][ T5837] task_work_run+0x1d4/0x260 [ 277.568003][ T5837] ? __pfx_task_work_run+0x10/0x10 [ 277.568022][ T5837] ? __x64_sys_umount+0x122/0x160 [ 277.568045][ T5837] ? exit_to_user_mode_loop+0x40/0x110 [ 277.568074][ T5837] exit_to_user_mode_loop+0xec/0x110 [ 277.568100][ T5837] do_syscall_64+0x2bd/0x3b0 [ 277.568124][ T5837] ? lockdep_hardirqs_on+0x9c/0x150 [ 277.568146][ T5837] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 277.568164][ T5837] ? clear_bhb_loop+0x60/0xb0 [ 277.568186][ T5837] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 277.568202][ T5837] RIP: 0033:0x7f608b18fc57 [ 277.568224][ T5837] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 277.568239][ T5837] RSP: 002b:00007ffda0c36778 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 277.568259][ T5837] RAX: 0000000000000000 RBX: 00007f608b210925 RCX: 00007f608b18fc57 [ 277.568271][ T5837] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffda0c36830 [ 277.568282][ T5837] RBP: 00007ffda0c36830 R08: 0000000000000000 R09: 0000000000000000 [ 277.568293][ T5837] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffda0c378c0 [ 277.568304][ T5837] R13: 00007f608b210925 R14: 0000000000042f83 R15: 00007ffda0c37900 [ 277.568335][ T5837] [ 277.917081][ T5837] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 278.587396][ T7758] loop1: detected capacity change from 0 to 32768 [ 278.739307][ T7758] ocfs2: Mounting device (7,1) on (node local, slot 0) with writeback data mode. [ 278.979522][ T7768] loop3: detected capacity change from 0 to 256 [ 279.469450][ T7775] process 'syz.3.468' launched './file0' with NULL argv: empty string added [ 279.718548][ T5845] ocfs2: Unmounting device (7,1) on (node local) [ 279.980836][ T7777] loop2: detected capacity change from 0 to 4096 [ 280.030444][ T7777] NILFS (loop2): invalid segment: Checksum error in segment payload [ 280.056559][ T7777] NILFS (loop2): trying rollback from an earlier position [ 280.127754][ T7777] NILFS (loop2): recovery complete [ 280.177139][ T7784] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 280.248107][ T7777] tipc: Enabling of bearer rejected, failed to enable media [ 280.489109][ T7790] loop0: detected capacity change from 0 to 512 [ 280.508903][ T7790] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 280.516364][ T7790] UDF-fs: Scanning with blocksize 512 failed [ 280.531320][ T7790] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 280.539560][ T7790] UDF-fs: Scanning with blocksize 1024 failed [ 280.553181][ T7790] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 280.560913][ T7790] UDF-fs: Scanning with blocksize 2048 failed [ 280.628150][ T7790] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 280.675920][ T7786] loop1: detected capacity change from 0 to 2048 [ 280.702793][ T7790] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 280.837911][ T7786] EXT4-fs: inline encryption not supported [ 280.929319][ T7786] EXT4-fs: Ignoring removed mblk_io_submit option [ 281.048933][ T7786] ext4: Unknown parameter 'audit' [ 281.364280][ T7797] loop3: detected capacity change from 0 to 128 [ 281.759114][ T7800] netlink: 4 bytes leftover after parsing attributes in process `syz.1.473'. [ 281.801198][ T7800] bridge0: entered promiscuous mode [ 281.806934][ T7800] macsec1: entered allmulticast mode [ 281.812307][ T7800] bridge0: entered allmulticast mode [ 281.823984][ T7800] bridge0: port 3(macsec1) entered blocking state [ 281.831139][ T7800] bridge0: port 3(macsec1) entered disabled state [ 282.258885][ T5948] usb 2-1: new low-speed USB device number 8 using dummy_hcd [ 282.269497][ T7800] bridge0: left allmulticast mode [ 282.274564][ T7800] bridge0: left promiscuous mode [ 282.451718][ T5948] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 282.474937][ T7797] EXT4-fs (loop3): Test dummy encryption mode enabled [ 282.492181][ T5948] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 282.504585][ T7806] netlink: 8 bytes leftover after parsing attributes in process `syz.0.480'. [ 282.513096][ T5948] usb 2-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 282.532747][ T5948] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 282.552933][ T7797] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 282.568034][ T5948] usb 2-1: config 0 descriptor?? [ 282.635561][ T7797] ext4 filesystem being mounted at /87/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 282.829176][ T7799] loop1: detected capacity change from 0 to 1024 [ 282.909450][ T7799] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 283.538389][ T7813] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni" [ 283.559043][ T7813] fscrypt: AES-256-XTS using implementation "xts-aes-aesni-avx" [ 283.839921][ T5838] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 284.018456][ T1212] usb 2-1: USB disconnect, device number 8 [ 284.094695][ T5845] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 284.574111][ T7823] netlink: 8 bytes leftover after parsing attributes in process `syz.4.484'. [ 284.583997][ T7825] netlink: 32 bytes leftover after parsing attributes in process `syz.0.483'. [ 284.677378][ T7825] loop0: detected capacity change from 0 to 64 [ 284.731558][ T7825] pim6reg: entered allmulticast mode [ 284.742469][ T7825] pim6reg: left allmulticast mode [ 284.862198][ T7827] loop1: detected capacity change from 0 to 4096 [ 284.925440][ T7827] NILFS (loop1): invalid segment: Checksum error in segment payload [ 284.956499][ T7827] NILFS (loop1): trying rollback from an earlier position [ 285.035009][ T7827] NILFS (loop1): recovery complete [ 285.044950][ T7831] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 285.095656][ T7827] tipc: Enabling of bearer rejected, failed to enable media [ 285.444590][ T7841] loop2: detected capacity change from 0 to 512 [ 285.868333][ T7841] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found [ 285.875920][ T7841] UDF-fs: Scanning with blocksize 512 failed [ 285.897789][ T7841] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found [ 285.905288][ T7841] UDF-fs: Scanning with blocksize 1024 failed [ 285.919858][ T7841] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found [ 285.927310][ T7841] UDF-fs: Scanning with blocksize 2048 failed [ 285.970346][ T7841] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 286.044003][ T7841] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 286.912767][ T7848] netlink: 4 bytes leftover after parsing attributes in process `syz.2.491'. [ 286.951084][ T30] audit: type=1326 audit(1749905477.792:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7847 comm="syz.2.491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7b5f8e929 code=0x7ffc0000 [ 286.999152][ T30] audit: type=1326 audit(1749905477.812:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7847 comm="syz.2.491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=61 compat=0 ip=0x7fc7b5f8e929 code=0x7ffc0000 [ 287.058973][ T30] audit: type=1326 audit(1749905477.812:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7847 comm="syz.2.491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7b5f8e929 code=0x7ffc0000 [ 287.085003][ T30] audit: type=1326 audit(1749905477.812:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7847 comm="syz.2.491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7fc7b5f8e929 code=0x7ffc0000 [ 287.146067][ T30] audit: type=1326 audit(1749905477.822:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7847 comm="syz.2.491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7b5f8e929 code=0x7ffc0000 [ 287.212853][ T7853] loop2: detected capacity change from 0 to 16 [ 287.245760][ T30] audit: type=1326 audit(1749905477.822:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7847 comm="syz.2.491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7b5f8e929 code=0x7ffc0000 [ 287.287486][ T7853] erofs (device loop2): mounted with root inode @ nid 36. [ 287.313877][ T30] audit: type=1326 audit(1749905477.822:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7847 comm="syz.2.491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc7b5f8e929 code=0x7ffc0000 [ 287.336910][ T30] audit: type=1326 audit(1749905477.822:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7847 comm="syz.2.491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7b5f8e929 code=0x7ffc0000 [ 287.423111][ T30] audit: type=1326 audit(1749905477.822:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7847 comm="syz.2.491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fc7b5f8e929 code=0x7ffc0000 [ 287.449392][ T30] audit: type=1326 audit(1749905477.822:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7847 comm="syz.2.491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7b5f8e929 code=0x7ffc0000 [ 287.542588][ T7838] loop1: detected capacity change from 0 to 32768 [ 287.569333][ T7838] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.488 (7838) [ 287.628008][ T7858] loop2: detected capacity change from 0 to 2048 [ 287.812424][ T7858] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 287.867783][ T7838] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 287.893536][ T7858] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 287.991536][ T7838] BTRFS info (device loop1): using sha256 (sha256-x86_64) checksum algorithm [ 288.168150][ T7838] BTRFS info (device loop1): using free-space-tree [ 288.577646][ T7838] BTRFS error (device loop1): open_ctree failed: -12 [ 288.793179][ T7879] syz.3.498: attempt to access beyond end of device [ 288.793179][ T7879] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0 [ 288.807321][ T7879] efs: cannot read volume header [ 288.925859][ T5844] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 289.492225][ T7884] netlink: 'syz.4.499': attribute type 1 has an invalid length. [ 289.544860][ T7884] netlink: 'syz.4.499': attribute type 1 has an invalid length. [ 289.623850][ T7877] program syz.0.497 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 289.900863][ T7895] FAULT_INJECTION: forcing a failure. [ 289.900863][ T7895] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 289.986084][ T7895] CPU: 1 UID: 0 PID: 7895 Comm: syz.2.504 Not tainted 6.16.0-rc1-next-20250613-syzkaller #0 PREEMPT(full) [ 289.986115][ T7895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 289.986128][ T7895] Call Trace: [ 289.986138][ T7895] [ 289.986147][ T7895] dump_stack_lvl+0x189/0x250 [ 289.986185][ T7895] ? __pfx____ratelimit+0x10/0x10 [ 289.986214][ T7895] ? __pfx_dump_stack_lvl+0x10/0x10 [ 289.986247][ T7895] ? __pfx__printk+0x10/0x10 [ 289.986270][ T7895] ? __might_fault+0xb0/0x130 [ 289.986303][ T7895] should_fail_ex+0x414/0x560 [ 289.986370][ T7895] _copy_from_user+0x2d/0xb0 [ 289.986397][ T7895] sock_do_ioctl+0x182/0x300 [ 289.986430][ T7895] ? __pfx_sock_do_ioctl+0x10/0x10 [ 289.986456][ T7895] ? __lock_acquire+0xab9/0xd20 [ 289.986503][ T7895] sock_ioctl+0x576/0x790 [ 289.986533][ T7895] ? __pfx_sock_ioctl+0x10/0x10 [ 289.986561][ T7895] ? __fget_files+0x2a/0x420 [ 289.986583][ T7895] ? __fget_files+0x3a0/0x420 [ 289.986605][ T7895] ? __fget_files+0x2a/0x420 [ 289.986632][ T7895] ? bpf_lsm_file_ioctl+0x9/0x20 [ 289.986663][ T7895] ? __pfx_sock_ioctl+0x10/0x10 [ 289.986690][ T7895] __se_sys_ioctl+0xf9/0x170 [ 289.986724][ T7895] do_syscall_64+0xfa/0x3b0 [ 289.986752][ T7895] ? lockdep_hardirqs_on+0x9c/0x150 [ 289.986780][ T7895] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 289.986800][ T7895] ? clear_bhb_loop+0x60/0xb0 [ 289.986825][ T7895] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 289.986845][ T7895] RIP: 0033:0x7fc7b5f8e929 [ 289.986863][ T7895] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 289.986881][ T7895] RSP: 002b:00007fc7b6d21038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 289.986904][ T7895] RAX: ffffffffffffffda RBX: 00007fc7b61b5fa0 RCX: 00007fc7b5f8e929 [ 289.986919][ T7895] RDX: 0000200000002280 RSI: 0000000000008943 RDI: 0000000000000003 [ 289.986932][ T7895] RBP: 00007fc7b6d21090 R08: 0000000000000000 R09: 0000000000000000 [ 289.986945][ T7895] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 289.986957][ T7895] R13: 0000000000000000 R14: 00007fc7b61b5fa0 R15: 00007ffe2b00ff18 [ 289.986989][ T7895] [ 290.759877][ T5998] veth0_to_bond: left promiscuous mode [ 290.967849][ T7915] loop3: detected capacity change from 0 to 512 [ 291.000050][ T7915] ext3: Bad value for 'init_itable' [ 291.119966][ T7920] FAULT_INJECTION: forcing a failure. [ 291.119966][ T7920] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 291.197374][ T7920] CPU: 1 UID: 0 PID: 7920 Comm: syz.1.511 Not tainted 6.16.0-rc1-next-20250613-syzkaller #0 PREEMPT(full) [ 291.197400][ T7920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 291.197411][ T7920] Call Trace: [ 291.197418][ T7920] [ 291.197426][ T7920] dump_stack_lvl+0x189/0x250 [ 291.197458][ T7920] ? __pfx____ratelimit+0x10/0x10 [ 291.197482][ T7920] ? __pfx_dump_stack_lvl+0x10/0x10 [ 291.197509][ T7920] ? __pfx__printk+0x10/0x10 [ 291.197541][ T7920] should_fail_ex+0x414/0x560 [ 291.197590][ T7920] _copy_to_user+0x31/0xb0 [ 291.197616][ T7920] fscontext_read+0x25b/0x370 [ 291.197650][ T7920] vfs_readv+0x5aa/0x850 [ 291.197672][ T7920] ? __pfx_fscontext_read+0x10/0x10 [ 291.197698][ T7920] ? __pfx_vfs_readv+0x10/0x10 [ 291.197733][ T7920] ? __fget_files+0x2a/0x420 [ 291.197759][ T7920] ? __fget_files+0x3a0/0x420 [ 291.197778][ T7920] ? __fget_files+0x2a/0x420 [ 291.197807][ T7920] do_readv+0x14d/0x2d0 [ 291.197830][ T7920] ? __pfx_do_readv+0x10/0x10 [ 291.197849][ T7920] ? rcu_is_watching+0x15/0xb0 [ 291.197883][ T7920] ? do_syscall_64+0xbe/0x3b0 [ 291.197913][ T7920] do_syscall_64+0xfa/0x3b0 [ 291.197936][ T7920] ? lockdep_hardirqs_on+0x9c/0x150 [ 291.197961][ T7920] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 291.197980][ T7920] ? clear_bhb_loop+0x60/0xb0 [ 291.198002][ T7920] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 291.198020][ T7920] RIP: 0033:0x7f871d38e929 [ 291.198036][ T7920] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 291.198052][ T7920] RSP: 002b:00007f871e290038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 291.198071][ T7920] RAX: ffffffffffffffda RBX: 00007f871d5b5fa0 RCX: 00007f871d38e929 [ 291.198085][ T7920] RDX: 0000000000000002 RSI: 0000200000000500 RDI: 0000000000000003 [ 291.198096][ T7920] RBP: 00007f871e290090 R08: 0000000000000000 R09: 0000000000000000 [ 291.198107][ T7920] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 291.198117][ T7920] R13: 0000000000000000 R14: 00007f871d5b5fa0 R15: 00007ffe672512e8 [ 291.198144][ T7920] [ 291.485548][ T7940] netlink: 8 bytes leftover after parsing attributes in process `syz.3.512'. [ 291.644025][ T7954] netlink: 4 bytes leftover after parsing attributes in process `syz.1.517'. [ 291.689145][ T7954] netlink: 'syz.1.517': attribute type 72 has an invalid length. [ 291.709121][ T7952] FAULT_INJECTION: forcing a failure. [ 291.709121][ T7952] name failslab, interval 1, probability 0, space 0, times 0 [ 291.814006][ T7952] CPU: 1 UID: 0 PID: 7952 Comm: syz.0.514 Not tainted 6.16.0-rc1-next-20250613-syzkaller #0 PREEMPT(full) [ 291.814032][ T7952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 291.814043][ T7952] Call Trace: [ 291.814050][ T7952] [ 291.814057][ T7952] dump_stack_lvl+0x189/0x250 [ 291.814089][ T7952] ? __pfx____ratelimit+0x10/0x10 [ 291.814113][ T7952] ? __pfx_dump_stack_lvl+0x10/0x10 [ 291.814139][ T7952] ? __pfx__printk+0x10/0x10 [ 291.814163][ T7952] ? __pfx___find_rr_leaf+0x10/0x10 [ 291.814191][ T7952] should_fail_ex+0x414/0x560 [ 291.814224][ T7952] should_failslab+0xa8/0x100 [ 291.814243][ T7952] ? __pfx_ip6_dst_gc+0x10/0x10 [ 291.814268][ T7952] kmem_cache_alloc_noprof+0x73/0x3c0 [ 291.814294][ T7952] ? dst_alloc+0x105/0x170 [ 291.814315][ T7952] ? __pfx_ip6_dst_gc+0x10/0x10 [ 291.814341][ T7952] dst_alloc+0x105/0x170 [ 291.814366][ T7952] ip6_rt_cache_alloc+0x3ac/0xa40 [ 291.814392][ T7952] ? __pfx_ip6_rt_cache_alloc+0x10/0x10 [ 291.814410][ T7952] ? rt6_find_cached_rt+0x21c/0x270 [ 291.814440][ T7952] ? ip6_pol_route+0x162/0x1180 [ 291.814455][ T7952] ? ip6_pol_route+0x162/0x1180 [ 291.814470][ T7952] ip6_pol_route+0xf5d/0x1180 [ 291.814499][ T7952] ? __pfx_ip6_pol_route+0x10/0x10 [ 291.814521][ T7952] ? __pfx_ip6_addr_string+0x10/0x10 [ 291.814550][ T7952] fib6_rule_lookup+0x1fc/0x6f0 [ 291.814569][ T7952] ? __pfx_ip6_pol_route_output+0x10/0x10 [ 291.814586][ T7952] ? __pfx_fib6_rule_lookup+0x10/0x10 [ 291.814615][ T7952] ? dev_get_by_index_rcu+0xf4/0x110 [ 291.814645][ T7952] ip6_route_output_flags+0x364/0x5d0 [ 291.814662][ T7952] ? ip6_route_output_flags+0x2e/0x5d0 [ 291.814682][ T7952] ip6_dst_lookup_tail+0x1ae/0x1510 [ 291.814709][ T7952] ? txopt_get+0x7a/0x3f0 [ 291.814735][ T7952] ? __pfx_ip6_dst_lookup_tail+0x10/0x10 [ 291.814755][ T7952] ? txopt_get+0x7a/0x3f0 [ 291.814777][ T7952] ? txopt_get+0x7a/0x3f0 [ 291.814798][ T7952] ? txopt_get+0x7a/0x3f0 [ 291.814821][ T7952] ? txopt_get+0x335/0x3f0 [ 291.814846][ T7952] ? __pfx_txopt_get+0x10/0x10 [ 291.814872][ T7952] ip6_dst_lookup_flow+0x47/0xe0 [ 291.814896][ T7952] rawv6_sendmsg+0xd97/0x17f0 [ 291.814930][ T7952] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 291.814977][ T7952] ? __pfx_aa_sk_perm+0x10/0x10 [ 291.815003][ T7952] ? sock_rps_record_flow+0x19/0x410 [ 291.815031][ T7952] ? inet_sendmsg+0x2f4/0x370 [ 291.815055][ T7952] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 291.815080][ T7952] __sock_sendmsg+0x19c/0x270 [ 291.815107][ T7952] ____sys_sendmsg+0x505/0x830 [ 291.815133][ T7952] ? __pfx_____sys_sendmsg+0x10/0x10 [ 291.815161][ T7952] ? import_iovec+0x74/0xa0 [ 291.815185][ T7952] ___sys_sendmsg+0x21f/0x2a0 [ 291.815225][ T7952] ? __pfx____sys_sendmsg+0x10/0x10 [ 291.815288][ T7952] ? __fget_files+0x2a/0x420 [ 291.815307][ T7952] ? __fget_files+0x3a0/0x420 [ 291.815336][ T7952] __x64_sys_sendmsg+0x19b/0x260 [ 291.815360][ T7952] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 291.815390][ T7952] ? __pfx_ksys_write+0x10/0x10 [ 291.815406][ T7952] ? rcu_is_watching+0x15/0xb0 [ 291.815438][ T7952] ? do_syscall_64+0xbe/0x3b0 [ 291.815468][ T7952] do_syscall_64+0xfa/0x3b0 [ 291.815497][ T7952] ? lockdep_hardirqs_on+0x9c/0x150 [ 291.815521][ T7952] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 291.815539][ T7952] ? clear_bhb_loop+0x60/0xb0 [ 291.815561][ T7952] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 291.815579][ T7952] RIP: 0033:0x7f608b18e929 [ 291.815594][ T7952] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 291.815610][ T7952] RSP: 002b:00007f608c036038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 291.815629][ T7952] RAX: ffffffffffffffda RBX: 00007f608b3b5fa0 RCX: 00007f608b18e929 [ 291.815642][ T7952] RDX: 0000000000000800 RSI: 0000200000000100 RDI: 0000000000000003 [ 291.815653][ T7952] RBP: 00007f608c036090 R08: 0000000000000000 R09: 0000000000000000 [ 291.815665][ T7952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 291.815674][ T7952] R13: 0000000000000000 R14: 00007f608b3b5fa0 R15: 00007ffda0c374e8 [ 291.815703][ T7952] [ 292.233988][ T7952] Dead loop on virtual device ip6_vti0, fix it urgently! [ 292.746360][ T7975] loop0: detected capacity change from 0 to 1024 [ 292.786547][ T7981] loop3: detected capacity change from 0 to 512 [ 292.820000][ T7975] EXT4-fs: Ignoring removed orlov option [ 292.896842][ T7981] EXT4-fs error (device loop3): ext4_iget_extra_inode:5035: inode #15: comm syz.3.526: corrupted in-inode xattr: invalid ea_ino [ 292.914492][ T7975] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 292.925487][ T7975] EXT4-fs (loop0): filesystem too large to mount safely on this system [ 293.012860][ T7981] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.526: couldn't read orphan inode 15 (err -117) [ 293.085207][ T7981] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 293.577647][ T7990] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=563642300 (72146214400 ns) > initial count (43827223936 ns). Using initial count to start timer. [ 293.826229][ T7977] loop2: detected capacity change from 0 to 32768 [ 293.845185][ T7977] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.523 (7977) [ 294.557628][ T7977] BTRFS info (device loop2): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 294.584058][ T7977] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 294.597332][ T7977] BTRFS info (device loop2): using free-space-tree [ 294.784815][ T8021] syz.1.531: attempt to access beyond end of device [ 294.784815][ T8021] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 294.797924][ T8021] efs: cannot read volume header [ 295.270783][ T8028] IPVS: set_ctl: invalid protocol: 135 224.0.0.1:20000 [ 295.278132][ T10] IPVS: starting estimator thread 0... [ 295.295412][ T8028] loop0: detected capacity change from 0 to 512 [ 295.321623][ T8028] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 295.369707][ T8029] IPVS: using max 29 ests per chain, 69600 per kthread [ 295.378039][ T8028] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz.0.533: bg 0: block 104: invalid block bitmap [ 295.393463][ T8028] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6548: Corrupt filesystem [ 295.408865][ T8028] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.533: invalid indirect mapped block 1 (level 1) [ 295.431041][ T8028] EXT4-fs (loop0): 1 truncate cleaned up [ 295.442759][ T8028] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 295.521686][ T8028] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 295.596584][ T8032] netlink: 8 bytes leftover after parsing attributes in process `syz.1.534'. [ 296.402396][ T5837] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 296.487708][ T5844] BTRFS info (device loop2): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 296.521570][ T8036] FAULT_INJECTION: forcing a failure. [ 296.521570][ T8036] name failslab, interval 1, probability 0, space 0, times 0 [ 296.586630][ T8036] CPU: 1 UID: 0 PID: 8036 Comm: syz.1.536 Not tainted 6.16.0-rc1-next-20250613-syzkaller #0 PREEMPT(full) [ 296.586655][ T8036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 296.586666][ T8036] Call Trace: [ 296.586673][ T8036] [ 296.586681][ T8036] dump_stack_lvl+0x189/0x250 [ 296.586714][ T8036] ? __pfx____ratelimit+0x10/0x10 [ 296.586738][ T8036] ? __pfx_dump_stack_lvl+0x10/0x10 [ 296.586764][ T8036] ? __pfx__printk+0x10/0x10 [ 296.586787][ T8036] ? __pfx___might_resched+0x10/0x10 [ 296.586810][ T8036] ? fs_reclaim_acquire+0x7d/0x100 [ 296.586834][ T8036] should_fail_ex+0x414/0x560 [ 296.586864][ T8036] should_failslab+0xa8/0x100 [ 296.586885][ T8036] __kmalloc_noprof+0xcb/0x4f0 [ 296.586909][ T8036] ? kfree+0x4d/0x440 [ 296.586931][ T8036] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 296.586961][ T8036] tomoyo_realpath_from_path+0xe3/0x5d0 [ 296.586990][ T8036] ? tomoyo_domain+0xd9/0x130 [ 296.587011][ T8036] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 296.587032][ T8036] tomoyo_path_number_perm+0x1e8/0x5a0 [ 296.587058][ T8036] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 296.587095][ T8036] ? __lock_acquire+0xab9/0xd20 [ 296.587137][ T8036] ? __fget_files+0x2a/0x420 [ 296.587159][ T8036] ? __fget_files+0x2a/0x420 [ 296.587175][ T8036] ? __fget_files+0x3a0/0x420 [ 296.587192][ T8036] ? __fget_files+0x2a/0x420 [ 296.587214][ T8036] security_file_ioctl+0xcb/0x2d0 [ 296.587236][ T8036] __se_sys_ioctl+0x47/0x170 [ 296.587264][ T8036] do_syscall_64+0xfa/0x3b0 [ 296.587287][ T8036] ? lockdep_hardirqs_on+0x9c/0x150 [ 296.587310][ T8036] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 296.587327][ T8036] ? clear_bhb_loop+0x60/0xb0 [ 296.587347][ T8036] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 296.587364][ T8036] RIP: 0033:0x7f871d38e929 [ 296.587379][ T8036] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 296.587394][ T8036] RSP: 002b:00007f871e290038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 296.587412][ T8036] RAX: ffffffffffffffda RBX: 00007f871d5b5fa0 RCX: 00007f871d38e929 [ 296.587425][ T8036] RDX: 0000200000000000 RSI: 000000004138ae84 RDI: 0000000000000005 [ 296.587435][ T8036] RBP: 00007f871e290090 R08: 0000000000000000 R09: 0000000000000000 [ 296.587445][ T8036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 296.587456][ T8036] R13: 0000000000000000 R14: 00007f871d5b5fa0 R15: 00007ffe672512e8 [ 296.587483][ T8036] [ 296.587490][ T8036] ERROR: Out of memory at tomoyo_realpath_from_path. [ 297.286721][ T8050] usb usb1: usbfs: process 8050 (syz.0.542) did not claim interface 0 before use [ 297.317215][ T8047] loop1: detected capacity change from 0 to 2048 [ 297.350489][ T5838] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 297.366456][ T8047] EXT4-fs: inline encryption not supported [ 297.383691][ T8047] EXT4-fs: Ignoring removed mblk_io_submit option [ 297.402380][ T8047] ext4: Unknown parameter 'audit' [ 297.779835][ T8058] netlink: 4 bytes leftover after parsing attributes in process `syz.1.541'. [ 297.831209][ T8058] bridge0: entered promiscuous mode [ 297.837066][ T8058] macsec1: entered allmulticast mode [ 297.842953][ T8058] bridge0: entered allmulticast mode [ 297.856727][ T8058] bridge0: port 3(macsec1) entered blocking state [ 297.864019][ T8058] bridge0: port 3(macsec1) entered disabled state [ 298.399468][ T8058] bridge0: left allmulticast mode [ 298.404747][ T8058] bridge0: left promiscuous mode [ 298.461628][ T8052] loop2: detected capacity change from 0 to 4096 [ 298.657393][ T8052] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 298.696599][ T1212] IPVS: starting estimator thread 0... [ 298.702914][ T8065] IPVS: set_ctl: invalid protocol: 135 224.0.0.1:20000 [ 298.750801][ T8065] loop3: detected capacity change from 0 to 512 [ 298.762281][ T8065] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 298.809472][ T8066] IPVS: using max 29 ests per chain, 69600 per kthread [ 298.829326][ T8065] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.546: bg 0: block 104: invalid block bitmap [ 298.861824][ T5844] ntfs3(loop2): ino=9, ntfs_sync_fs failed, -22. [ 298.879762][ T8065] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6548: Corrupt filesystem [ 298.959403][ T8065] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.546: invalid indirect mapped block 1 (level 1) [ 298.968883][ T10] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 299.013594][ T8065] EXT4-fs (loop3): 1 truncate cleaned up [ 299.042550][ T8070] Dead loop on virtual device ip6_vti0, fix it urgently! [ 299.052915][ T8076] FAULT_INJECTION: forcing a failure. [ 299.052915][ T8076] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 299.055905][ T8065] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 299.170867][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 299.188986][ T8076] CPU: 0 UID: 0 PID: 8076 Comm: syz.0.550 Not tainted 6.16.0-rc1-next-20250613-syzkaller #0 PREEMPT(full) [ 299.189015][ T8076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 299.189028][ T8076] Call Trace: [ 299.189037][ T8076] [ 299.189045][ T8076] dump_stack_lvl+0x189/0x250 [ 299.189083][ T8076] ? __pfx____ratelimit+0x10/0x10 [ 299.189111][ T8076] ? __pfx_dump_stack_lvl+0x10/0x10 [ 299.189143][ T8076] ? __pfx__printk+0x10/0x10 [ 299.189178][ T8076] should_fail_ex+0x414/0x560 [ 299.189215][ T8076] _copy_to_user+0x31/0xb0 [ 299.189242][ T8076] sock_getbindtodevice+0x245/0x350 [ 299.189270][ T8076] ? __pfx_sock_getbindtodevice+0x10/0x10 [ 299.189306][ T8076] sk_getsockopt+0x75b/0x2530 [ 299.189334][ T8076] ? __pfx_sk_getsockopt+0x10/0x10 [ 299.189355][ T8076] ? do_syscall_64+0x20/0x3b0 [ 299.189396][ T8076] ? __lock_acquire+0xab9/0xd20 [ 299.189435][ T8076] ? __might_fault+0xb0/0x130 [ 299.189478][ T8076] do_sock_getsockopt+0x275/0x650 [ 299.189499][ T8076] ? do_syscall_64+0x20/0x3b0 [ 299.189531][ T8076] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 299.189553][ T8076] ? do_syscall_64+0x20/0x3b0 [ 299.189580][ T8076] ? __fget_files+0x3a0/0x420 [ 299.189601][ T8076] ? __fget_files+0x2a/0x420 [ 299.189630][ T8076] __x64_sys_getsockopt+0x1a5/0x250 [ 299.189652][ T8076] ? do_syscall_64+0x20/0x3b0 [ 299.189682][ T8076] ? do_syscall_64+0x20/0x3b0 [ 299.189721][ T8076] do_syscall_64+0xfa/0x3b0 [ 299.189748][ T8076] ? lockdep_hardirqs_on+0x9c/0x150 [ 299.189776][ T8076] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.189796][ T8076] ? clear_bhb_loop+0x60/0xb0 [ 299.189820][ T8076] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.189838][ T8076] RIP: 0033:0x7f608b18e929 [ 299.189857][ T8076] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 299.189874][ T8076] RSP: 002b:00007f608c036038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 299.189895][ T8076] RAX: ffffffffffffffda RBX: 00007f608b3b5fa0 RCX: 00007f608b18e929 [ 299.189910][ T8076] RDX: 0000000000000019 RSI: 0000000000000001 RDI: 0000000000000003 [ 299.189934][ T8076] RBP: 00007f608c036090 R08: 0000200000003080 R09: 0000000000000000 [ 299.189946][ T8076] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001 [ 299.189958][ T8076] R13: 0000000000000000 R14: 00007f608b3b5fa0 R15: 00007ffda0c374e8 [ 299.190005][ T8076] [ 299.603896][ T30] kauditd_printk_skb: 90 callbacks suppressed [ 299.603922][ T30] audit: type=1800 audit(1749905490.442:270): pid=8070 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.548" name="file1" dev="tmpfs" ino=770 res=0 errno=0 [ 299.630539][ C1] vkms_vblank_simulate: vblank timer overrun [ 299.679075][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 299.689089][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 299.700186][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 299.725538][ T10] usb 2-1: New USB device found, idVendor=0738, idProduct=a2c5, bcdDevice=1e.ce [ 299.734882][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 299.763155][ T10] usb 2-1: Product: syz [ 299.767353][ T10] usb 2-1: Manufacturer: syz [ 299.786295][ T5838] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 299.786353][ T10] usb 2-1: SerialNumber: syz [ 299.835678][ T10] usb 2-1: config 0 descriptor?? [ 299.893020][ T10] xpad 2-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 299.937504][ T10] input: Generic X-Box pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input7 [ 300.075460][ T10] usb 2-1: USB disconnect, device number 9 [ 300.355363][ T10] xpad 2-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 300.368222][ T8090] netlink: 52 bytes leftover after parsing attributes in process `syz.3.557'. [ 300.513768][ T8090] netlink: 52 bytes leftover after parsing attributes in process `syz.3.557'. [ 300.839926][ T8074] loop2: detected capacity change from 0 to 65536 [ 300.864060][ T8074] xfs: Bad value for 'logbufs' [ 301.079737][ T8096] tipc: Cannot configure node identity twice [ 301.242111][ T8101] netlink: 388 bytes leftover after parsing attributes in process `syz.3.562'. [ 302.103536][ T8108] netlink: 52 bytes leftover after parsing attributes in process `syz.3.565'. [ 302.153875][ T8108] netlink: 52 bytes leftover after parsing attributes in process `syz.3.565'. [ 303.261068][ T8132] netlink: 388 bytes leftover after parsing attributes in process `syz.4.575'. [ 303.480289][ T8141] netlink: 12 bytes leftover after parsing attributes in process `syz.1.578'. [ 303.507455][ T8141] netlink: 20 bytes leftover after parsing attributes in process `syz.1.578'. [ 303.568269][ T5847] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 303.728990][ T5847] usb 4-1: Using ep0 maxpacket: 8 [ 303.760477][ T5847] usb 4-1: config 0 has an invalid interface number: 205 but max is 0 [ 303.843740][ T5847] usb 4-1: config 0 has no interface number 0 [ 303.923290][ T5847] usb 4-1: config 0 interface 205 altsetting 9 endpoint 0xE has an invalid bInterval 128, changing to 11 [ 304.065374][ T5847] usb 4-1: config 0 interface 205 altsetting 9 endpoint 0x7 has invalid maxpacket 1463, setting to 64 [ 304.314568][ T5847] usb 4-1: config 0 interface 205 has no altsetting 0 [ 304.331142][ T5847] usb 4-1: New USB device found, idVendor=0b39, idProduct=0421, bcdDevice=76.2e [ 304.343218][ T5847] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 304.355079][ T5847] usb 4-1: Product: з [ 304.359498][ T5847] usb 4-1: Manufacturer: 誠‡ꮄ੔鴇絠䦱烙왃൏﵋逓 [ 304.367064][ T5847] usb 4-1: SerialNumber: syz [ 304.379454][ T8149] netlink: 8 bytes leftover after parsing attributes in process `syz.2.580'. [ 304.389396][ T5847] usb 4-1: config 0 descriptor?? [ 305.131501][ T5847] ftdi_sio 4-1:0.205: FTDI USB Serial Device converter detected [ 305.167211][ T5847] ftdi_sio ttyUSB0: unknown device type: 0x762e [ 305.238841][ T5847] usb 4-1: USB disconnect, device number 11 [ 305.276923][ T8161] IPVS: set_ctl: invalid protocol: 135 224.0.0.1:20000 [ 305.323519][ T5847] ftdi_sio 4-1:0.205: device disconnected [ 305.345625][ T8161] loop0: detected capacity change from 0 to 512 [ 305.378377][ T8161] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 305.401826][ T8141] loop1: detected capacity change from 0 to 32768 [ 305.425807][ T8141] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.578 (8141) [ 305.443353][ T8161] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz.0.584: bg 0: block 104: invalid block bitmap [ 305.483215][ T8141] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 305.523146][ T8161] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6548: Corrupt filesystem [ 305.532651][ T8141] BTRFS info (device loop1): using sha256 (sha256-x86_64) checksum algorithm [ 305.559758][ T8161] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.584: invalid indirect mapped block 1 (level 1) [ 305.587565][ T8141] BTRFS info (device loop1): using free-space-tree [ 305.626327][ T8161] EXT4-fs (loop0): 1 truncate cleaned up [ 305.653292][ T8174] loop2: detected capacity change from 0 to 512 [ 305.676187][ T8161] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 305.700158][ T8174] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 305.761684][ T8174] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.589: bg 0: block 104: invalid block bitmap [ 305.770000][ T8161] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 305.806852][ T8174] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6548: Corrupt filesystem [ 305.831997][ T30] audit: type=1800 audit(1749905496.662:271): pid=8141 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.578" name="bus" dev="loop1" ino=263 res=0 errno=0 [ 305.894110][ T8174] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.589: invalid indirect mapped block 1 (level 1) [ 305.938254][ T8174] EXT4-fs (loop2): 1 truncate cleaned up [ 305.947419][ T8174] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 305.982621][ T5837] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 306.018155][ T5844] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 306.129520][ T5845] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 306.342847][ T8200] netlink: 108 bytes leftover after parsing attributes in process `syz.4.594'. [ 306.368834][ T8200] netlink: 20 bytes leftover after parsing attributes in process `syz.4.594'. [ 306.537437][ T8203] usb usb8: usbfs: process 8203 (syz.2.592) did not claim interface 0 before use [ 307.347353][ T8206] loop1: detected capacity change from 0 to 512 [ 307.435642][ T8206] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 307.478839][ T8206] EXT4-fs (loop1): couldn't mount as ext2 due to feature incompatibilities [ 307.678454][ T8211] loop2: detected capacity change from 0 to 2048 [ 307.714174][ T8211] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=3932051, location=3932051 [ 307.775832][ T8211] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 308.233684][ T8221] loop2: detected capacity change from 0 to 1024 [ 309.460898][ T8237] netlink: 'syz.0.604': attribute type 1 has an invalid length. [ 311.109381][ T5948] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 311.309331][ T5948] usb 2-1: Using ep0 maxpacket: 16 [ 311.367950][ T8240] usb usb8: usbfs: process 8240 (syz.2.605) did not claim interface 0 before use [ 311.499493][ T5948] usb 2-1: config 0 has an invalid interface number: 110 but max is 0 [ 311.717023][ T5948] usb 2-1: config 0 has no interface number 0 [ 311.775080][ T5948] usb 2-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=66.39 [ 311.814927][ T5948] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 311.847909][ T5948] usb 2-1: Product: syz [ 311.857327][ T5948] usb 2-1: Manufacturer: syz [ 311.866860][ T5948] usb 2-1: SerialNumber: syz [ 312.262362][ T5948] usb 2-1: config 0 descriptor?? [ 312.310489][ T5948] ftdi_sio 2-1:0.110: FTDI USB Serial Device converter detected [ 312.358067][ T5948] ftdi_sio ttyUSB0: unknown device type: 0x6639 [ 313.018931][ T5847] usb 2-1: USB disconnect, device number 10 [ 313.026090][ T8277] loop3: detected capacity change from 0 to 1024 [ 313.044594][ T5847] ftdi_sio 2-1:0.110: device disconnected [ 313.163570][ T8282] netlink: 'syz.4.618': attribute type 1 has an invalid length. [ 313.521413][ T8292] loop2: detected capacity change from 0 to 2048 [ 313.602892][ T8292] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 315.251598][ T8315] loop0: detected capacity change from 0 to 64 [ 315.307272][ T8315] hfs: unable to locate alternate MDB [ 315.324795][ T8315] hfs: continuing without an alternate MDB [ 315.367429][ T30] audit: type=1800 audit(1749905506.202:272): pid=8315 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.629" name="file1" dev="loop0" ino=18 res=0 errno=0 [ 315.758294][ T30] audit: type=1326 audit(1749905506.582:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8322 comm="syz.0.633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f608b18e929 code=0x7ffc0000 [ 315.798578][ T8323] loop0: detected capacity change from 0 to 2048 [ 315.818585][ T30] audit: type=1326 audit(1749905506.582:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8322 comm="syz.0.633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f608b18e929 code=0x7ffc0000 [ 315.854777][ T8325] netlink: 60 bytes leftover after parsing attributes in process `syz.4.634'. [ 315.875501][ T6028] loop0: p1 < > p4 [ 315.881643][ T6028] loop0: p4 size 8388608 extends beyond EOD, truncated [ 315.888675][ T30] audit: type=1326 audit(1749905506.582:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8322 comm="syz.0.633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f608b18e963 code=0x7ffc0000 [ 315.917471][ T8325] netlink: 12 bytes leftover after parsing attributes in process `syz.4.634'. [ 315.943297][ T8323] loop0: p1 < > p4 [ 315.946124][ T8301] loop1: detected capacity change from 0 to 32768 [ 315.952068][ T8325] netlink: 60 bytes leftover after parsing attributes in process `syz.4.634'. [ 315.963423][ T8323] loop0: p4 size 8388608 extends beyond EOD, truncated [ 315.973609][ T30] audit: type=1326 audit(1749905506.592:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8322 comm="syz.0.633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f608b18d3df code=0x7ffc0000 [ 316.036901][ T8327] loop2: detected capacity change from 0 to 2048 [ 316.050230][ T30] audit: type=1326 audit(1749905506.632:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8322 comm="syz.0.633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f608b18e9b7 code=0x7ffc0000 [ 316.153743][ T8327] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 316.261073][ T30] audit: type=1326 audit(1749905506.632:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8322 comm="syz.0.633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f608b18d290 code=0x7ffc0000 [ 316.284185][ T30] audit: type=1326 audit(1749905506.632:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8322 comm="syz.0.633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f608b18e52b code=0x7ffc0000 [ 316.348831][ T30] audit: type=1326 audit(1749905506.642:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8322 comm="syz.0.633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f608b18d58a code=0x7ffc0000 [ 316.379100][ T8327] Unsupported ieee802154 address type: 0 [ 316.451130][ T30] audit: type=1326 audit(1749905506.642:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8322 comm="syz.0.633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f608b18e52b code=0x7ffc0000 [ 316.481227][ T8330] netlink: 60 bytes leftover after parsing attributes in process `syz.0.636'. [ 316.543135][ T6418] udevd[6418]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 316.557218][ T6003] udevd[6003]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 316.596540][ T6003] udevd[6003]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 316.610572][ T6205] udevd[6205]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 316.621687][ T8330] netlink: 12 bytes leftover after parsing attributes in process `syz.0.636'. [ 316.657142][ T8330] netlink: 60 bytes leftover after parsing attributes in process `syz.0.636'. [ 317.065623][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.072027][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.834963][ T8357] xt_TCPMSS: Only works on TCP SYN packets [ 319.142685][ T8337] loop3: detected capacity change from 0 to 32768 [ 319.161511][ T8337] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.638 (8337) [ 319.196703][ T8337] BTRFS info (device loop3): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 319.248987][ T8337] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 319.268612][ T8337] BTRFS info (device loop3): disk space caching is enabled [ 319.286418][ T8337] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 319.428581][ T8337] BTRFS info (device loop3): rebuilding free space tree [ 319.499304][ T8337] BTRFS info (device loop3): disabling free space tree [ 319.516651][ T8337] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 319.558047][ T8337] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 319.691915][ T8337] BTRFS info (device loop3): balance: start -sprofiles=system|single|raid0|raid1|dup|raid10|raid5|raid6|raid1c3|raid1c4|0xfffefffffffff800,usage=7,usage=7..0,drange=36028797018963968..70368744177664,vrange=9223372036854775809..7 [ 319.760135][ T8337] BTRFS info (device loop3): balance: ended with status: 0 [ 319.845147][ T8361] loop0: detected capacity change from 0 to 32768 [ 319.879540][ T8337] overlayfs: failed to resolve './file2': -2 [ 319.887103][ T8361] btrfs: Deprecated parameter 'usebackuproot' [ 319.925489][ T8337] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048) [ 319.933996][ T8361] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 319.985381][ T8361] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.646 (8361) [ 320.036871][ T5838] BTRFS info (device loop3): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 320.060824][ T8361] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 320.080164][ T8361] BTRFS info (device loop0): using crc32c (crc32c-x86_64) checksum algorithm [ 320.118866][ T8361] BTRFS info (device loop0): using free-space-tree [ 320.204618][ T8398] loop2: detected capacity change from 0 to 512 [ 320.305685][ T8398] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 320.319057][ T8398] ext4 filesystem being mounted at /113/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 320.438965][ T8361] BTRFS info (device loop0): rebuilding free space tree [ 320.538805][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 320.538824][ T30] audit: type=1800 audit(1749905511.372:295): pid=8361 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.646" name="file1" dev="loop0" ino=260 res=0 errno=0 [ 320.583069][ T8361] BTRFS info (device loop0): balance: start -sconvert=raid0,soft [ 320.624610][ T8361] BTRFS info (device loop0): left=0, need=98304, flags=10 [ 320.660766][ T8361] BTRFS info (device loop0): space_info SYSTEM (sub-group id 0) has 0 free, is not full [ 320.671080][ T8361] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 320.685056][ T8361] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [ 320.694794][ T8361] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 320.703109][ T8361] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 320.711282][ T8361] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 320.719245][ T8361] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 320.823237][ T8361] BTRFS info (device loop0): relocating block group 1048576 flags system [ 320.958617][ T8387] loop1: detected capacity change from 0 to 32768 [ 321.045612][ T5844] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 321.273920][ T8416] syzkaller0: entered promiscuous mode [ 321.279508][ T8416] syzkaller0: entered allmulticast mode [ 321.302475][ T8361] BTRFS info (device loop0): balance: ended with status: 0 [ 321.556620][ T5837] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 321.699074][ T5974] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 321.969516][ T5974] usb 3-1: config index 0 descriptor too short (expected 23569, got 27) [ 322.729005][ T5974] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 322.768926][ T5974] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 322.778027][ T5974] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 322.803153][ T5974] usb 3-1: Manufacturer: syz [ 322.838830][ T5974] usb 3-1: config 0 descriptor?? [ 322.847739][ T5974] igorplugusb 3-1:0.0: incorrect number of endpoints [ 323.034898][ T8436] netlink: 4 bytes leftover after parsing attributes in process `syz.0.655'. [ 323.070129][ T5974] usb 3-1: USB disconnect, device number 17 [ 323.113895][ T8436] bridge_slave_0: left allmulticast mode [ 323.151781][ T8436] bridge_slave_0: left promiscuous mode [ 323.173982][ T8436] bridge0: port 1(bridge_slave_0) entered disabled state [ 323.187542][ T8436] bridge_slave_1: left allmulticast mode [ 323.197863][ T8436] bridge_slave_1: left promiscuous mode [ 323.205941][ T8436] bridge0: port 2(bridge_slave_1) entered disabled state [ 323.222354][ T8436] bond0: (slave bond_slave_0): Releasing backup interface [ 323.236595][ T8436] bond0: (slave bond_slave_1): Releasing backup interface [ 323.271317][ T8436] team0: Port device team_slave_0 removed [ 323.291783][ T8436] team0: Port device team_slave_1 removed [ 323.300060][ T8436] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 323.307583][ T8436] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 323.327872][ T8436] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 323.336449][ T8436] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 323.608972][ T5898] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 323.696937][ T8451] fuse: Unknown parameter 'go' [ 323.810048][ T5898] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 323.818958][ T5898] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 323.839358][ T5898] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 323.848370][ T5898] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 323.881969][ T5898] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 323.907356][ T5898] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 323.918702][ T5898] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 323.927678][ T5898] usb 2-1: Product: syz [ 323.938502][ T5898] usb 2-1: Manufacturer: syz [ 323.962237][ T5898] cdc_wdm 2-1:1.0: skipping garbage [ 324.007480][ T5898] cdc_wdm 2-1:1.0: skipping garbage [ 324.031032][ T5898] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 324.075637][ T5898] cdc_wdm 2-1:1.0: Unknown control protocol [ 324.182316][ T1228] usb 2-1: USB disconnect, device number 11 [ 324.243813][ T8459] loop3: detected capacity change from 0 to 1024 [ 326.494633][ T8481] netlink: 32 bytes leftover after parsing attributes in process `syz.1.674'. [ 326.522292][ T8481] netem: unknown loss type 13 [ 326.536475][ T8481] netem: change failed [ 326.907491][ T8475] syz.2.672: attempt to access beyond end of device [ 326.907491][ T8475] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0 [ 326.922661][ T8475] hpfs: hpfs_map_sector(): read error [ 326.931479][ T8497] FAULT_INJECTION: forcing a failure. [ 326.931479][ T8497] name failslab, interval 1, probability 0, space 0, times 0 [ 327.026123][ T8497] CPU: 0 UID: 0 PID: 8497 Comm: syz.1.676 Not tainted 6.16.0-rc1-next-20250613-syzkaller #0 PREEMPT(full) [ 327.026152][ T8497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 327.026176][ T8497] Call Trace: [ 327.026186][ T8497] [ 327.026195][ T8497] dump_stack_lvl+0x189/0x250 [ 327.026227][ T8497] ? __pfx____ratelimit+0x10/0x10 [ 327.026253][ T8497] ? __pfx_dump_stack_lvl+0x10/0x10 [ 327.026298][ T8497] ? __pfx__printk+0x10/0x10 [ 327.026325][ T8497] ? __pfx___might_resched+0x10/0x10 [ 327.026352][ T8497] ? fs_reclaim_acquire+0x7d/0x100 [ 327.026380][ T8497] should_fail_ex+0x414/0x560 [ 327.026414][ T8497] should_failslab+0xa8/0x100 [ 327.026436][ T8497] kmem_cache_alloc_noprof+0x73/0x3c0 [ 327.026466][ T8497] ? alloc_empty_file+0x55/0x1d0 [ 327.026493][ T8497] alloc_empty_file+0x55/0x1d0 [ 327.026518][ T8497] alloc_file_pseudo+0x13d/0x210 [ 327.026545][ T8497] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 327.026569][ T8497] ? alloc_fd+0x64c/0x6c0 [ 327.026600][ T8497] anon_inode_getfd+0xca/0x1b0 [ 327.026625][ T8497] bpf_prog_get_fd_by_id+0x1e3/0x250 [ 327.026655][ T8497] __sys_bpf+0x7ce/0x860 [ 327.026702][ T8497] ? __pfx___sys_bpf+0x10/0x10 [ 327.026773][ T8497] ? rcu_is_watching+0x15/0xb0 [ 327.026809][ T8497] __x64_sys_bpf+0x7c/0x90 [ 327.026835][ T8497] do_syscall_64+0xfa/0x3b0 [ 327.026863][ T8497] ? lockdep_hardirqs_on+0x9c/0x150 [ 327.026889][ T8497] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.026909][ T8497] ? clear_bhb_loop+0x60/0xb0 [ 327.026934][ T8497] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.026952][ T8497] RIP: 0033:0x7f871d38e929 [ 327.026971][ T8497] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 327.026988][ T8497] RSP: 002b:00007f871e290038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 327.027010][ T8497] RAX: ffffffffffffffda RBX: 00007f871d5b5fa0 RCX: 00007f871d38e929 [ 327.027025][ T8497] RDX: 0000000000000004 RSI: 0000200000000d00 RDI: 000000000000000d [ 327.027037][ T8497] RBP: 00007f871e290090 R08: 0000000000000000 R09: 0000000000000000 [ 327.027049][ T8497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 327.027061][ T8497] R13: 0000000000000000 R14: 00007f871d5b5fa0 R15: 00007ffe672512e8 [ 327.027092][ T8497] [ 328.861294][ T8529] netlink: 388 bytes leftover after parsing attributes in process `syz.1.685'. [ 329.130083][ T8541] loop1: detected capacity change from 0 to 512 [ 329.176008][ T8541] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 329.302757][ T8541] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.688: bg 0: block 384: padding at end of block bitmap is not set [ 329.801512][ T8541] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6548: Corrupt filesystem [ 330.005229][ T8541] EXT4-fs error (device loop1): ext4_clear_blocks:876: inode #11: comm syz.1.688: attempt to clear invalid blocks 983260 len 1 [ 330.123572][ T8541] EXT4-fs error (device loop1): __ext4_get_inode_loc:4792: comm syz.1.688: Invalid inode table block 0 in block_group 0 [ 330.186603][ T8554] netlink: 'syz.0.690': attribute type 11 has an invalid length. [ 330.189523][ T8541] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 330.246653][ T8541] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem [ 330.284218][ T8541] EXT4-fs error (device loop1): __ext4_get_inode_loc:4792: comm syz.1.688: Invalid inode table block 0 in block_group 0 [ 330.337773][ T8541] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 330.356424][ T8560] Illegal XDP return value 4292071376 on prog (id 131) dev N/A, expect packet loss! [ 330.378289][ T8541] EXT4-fs error (device loop1): ext4_truncate:4597: inode #11: comm syz.1.688: mark_inode_dirty error [ 330.416797][ T8541] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem [ 330.443582][ T8541] EXT4-fs (loop1): 1 truncate cleaned up [ 330.485484][ T8541] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 330.597956][ T8541] EXT4-fs error (device loop1): __ext4_get_inode_loc:4792: comm syz.1.688: Invalid inode table block 0 in block_group 0 [ 330.840137][ T8541] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 332.396053][ T5845] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 332.527717][ T8581] netlink: 388 bytes leftover after parsing attributes in process `syz.3.698'. [ 333.021591][ T8595] trusted_key: encrypted_key: insufficient parameters specified [ 333.110336][ T8598] FAULT_INJECTION: forcing a failure. [ 333.110336][ T8598] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 333.144772][ T8598] CPU: 1 UID: 0 PID: 8598 Comm: syz.3.704 Not tainted 6.16.0-rc1-next-20250613-syzkaller #0 PREEMPT(full) [ 333.144800][ T8598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 333.144811][ T8598] Call Trace: [ 333.144819][ T8598] [ 333.144827][ T8598] dump_stack_lvl+0x189/0x250 [ 333.144861][ T8598] ? __pfx____ratelimit+0x10/0x10 [ 333.144886][ T8598] ? __pfx_dump_stack_lvl+0x10/0x10 [ 333.144915][ T8598] ? __pfx__printk+0x10/0x10 [ 333.144950][ T8598] should_fail_ex+0x414/0x560 [ 333.144983][ T8598] _copy_from_user+0x2d/0xb0 [ 333.145008][ T8598] bpf_test_init+0xf8/0x170 [ 333.145031][ T8598] bpf_prog_test_run_skb+0x1e9/0x1560 [ 333.145049][ T8598] ? __fget_files+0x2a/0x420 [ 333.145073][ T8598] ? __fget_files+0x2a/0x420 [ 333.145102][ T8598] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 333.145122][ T8598] bpf_prog_test_run+0x2c7/0x340 [ 333.145153][ T8598] __sys_bpf+0x4a4/0x860 [ 333.145180][ T8598] ? __pfx___sys_bpf+0x10/0x10 [ 333.145218][ T8598] ? ksys_write+0x22a/0x250 [ 333.145237][ T8598] ? __pfx_ksys_write+0x10/0x10 [ 333.145253][ T8598] ? rcu_is_watching+0x15/0xb0 [ 333.145290][ T8598] __x64_sys_bpf+0x7c/0x90 [ 333.145313][ T8598] do_syscall_64+0xfa/0x3b0 [ 333.145339][ T8598] ? lockdep_hardirqs_on+0x9c/0x150 [ 333.145364][ T8598] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 333.145382][ T8598] ? clear_bhb_loop+0x60/0xb0 [ 333.145404][ T8598] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 333.145422][ T8598] RIP: 0033:0x7f254c78e929 [ 333.145439][ T8598] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 333.145455][ T8598] RSP: 002b:00007f254d67e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 333.145475][ T8598] RAX: ffffffffffffffda RBX: 00007f254c9b5fa0 RCX: 00007f254c78e929 [ 333.145488][ T8598] RDX: 0000000000000050 RSI: 0000200000000000 RDI: 000000000000000a [ 333.145509][ T8598] RBP: 00007f254d67e090 R08: 0000000000000000 R09: 0000000000000000 [ 333.145520][ T8598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 333.145531][ T8598] R13: 0000000000000000 R14: 00007f254c9b5fa0 R15: 00007ffcea3c7628 [ 333.145560][ T8598] [ 333.151440][ T8601] fuse: Bad value for 'fd' [ 333.410429][ T8603] netlink: 36 bytes leftover after parsing attributes in process `syz.4.705'. [ 333.467633][ T8603] netlink: 16 bytes leftover after parsing attributes in process `syz.4.705'. [ 333.504605][ T8603] netlink: 36 bytes leftover after parsing attributes in process `syz.4.705'. [ 333.538900][ T8603] netlink: 36 bytes leftover after parsing attributes in process `syz.4.705'. [ 333.588013][ T8601] 9pnet_fd: Insufficient options for proto=fd [ 333.608110][ T8601] tipc: Cannot configure node identity twice [ 333.702057][ T8583] loop2: detected capacity change from 0 to 32768 [ 333.748444][ T8583] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.700 (8583) [ 334.792353][ T8583] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 334.819017][ T8583] BTRFS info (device loop2): using sha256 (sha256-x86_64) checksum algorithm [ 334.828052][ T8583] BTRFS info (device loop2): using free-space-tree [ 334.840993][ T8620] netlink: 388 bytes leftover after parsing attributes in process `syz.3.711'. [ 335.078287][ T8644] netlink: 'syz.1.714': attribute type 2 has an invalid length. [ 335.108853][ T8644] netlink: 132 bytes leftover after parsing attributes in process `syz.1.714'. [ 335.320152][ T5844] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 335.377423][ T8647] loop3: detected capacity change from 0 to 2048 [ 335.435965][ T8647] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 335.450459][ T8651] netlink: 'syz.0.717': attribute type 2 has an invalid length. [ 335.458253][ T8651] netlink: 132 bytes leftover after parsing attributes in process `syz.0.717'. [ 335.467335][ T8647] UDF-fs: Scanning with blocksize 512 failed [ 335.564383][ T8647] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 337.199522][ T8664] netlink: 12 bytes leftover after parsing attributes in process `syz.0.721'. [ 337.420028][ T8664] netlink: 12 bytes leftover after parsing attributes in process `syz.0.721'. [ 337.564741][ T8671] loop2: detected capacity change from 0 to 40427 [ 337.575666][ T8671] F2FS-fs (loop2): build fault injection rate: 690 [ 337.582335][ T8671] F2FS-fs (loop2): Image doesn't support compression [ 337.589200][ T8671] F2FS-fs (loop2): Image doesn't support compression [ 337.635194][ T8671] F2FS-fs (loop2): invalid crc value [ 337.650468][ T8675] tipc: Enabling of bearer rejected, failed to enable media [ 337.763490][ T8671] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 338.201503][ T8692] netlink: 12 bytes leftover after parsing attributes in process `syz.0.727'. [ 338.916608][ T8689] tipc: Enabled bearer , priority 0 [ 339.084496][ T8689] syzkaller0: MTU too low for tipc bearer [ 339.117122][ T8689] tipc: Disabling bearer [ 339.205212][ T8699] tipc: Started in network mode [ 339.211429][ T8699] tipc: Node identity ba2b7cfc63d4, cluster identity 4711 [ 339.220904][ T8699] tipc: Enabled bearer , priority 0 [ 339.233412][ T8699] FAULT_INJECTION: forcing a failure. [ 339.233412][ T8699] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 339.276647][ T8699] CPU: 1 UID: 0 PID: 8699 Comm: syz.0.731 Not tainted 6.16.0-rc1-next-20250613-syzkaller #0 PREEMPT(full) [ 339.276673][ T8699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 339.276684][ T8699] Call Trace: [ 339.276692][ T8699] [ 339.276701][ T8699] dump_stack_lvl+0x189/0x250 [ 339.276734][ T8699] ? __pfx____ratelimit+0x10/0x10 [ 339.276759][ T8699] ? __pfx_dump_stack_lvl+0x10/0x10 [ 339.276786][ T8699] ? __pfx__printk+0x10/0x10 [ 339.276806][ T8699] ? __might_fault+0xb0/0x130 [ 339.276835][ T8699] should_fail_ex+0x414/0x560 [ 339.276868][ T8699] _copy_from_user+0x2d/0xb0 [ 339.276890][ T8699] sock_do_ioctl+0x182/0x300 [ 339.276918][ T8699] ? __pfx_sock_do_ioctl+0x10/0x10 [ 339.276939][ T8699] ? __lock_acquire+0xab9/0xd20 [ 339.276978][ T8699] sock_ioctl+0x576/0x790 [ 339.277003][ T8699] ? __pfx_sock_ioctl+0x10/0x10 [ 339.277026][ T8699] ? __fget_files+0x2a/0x420 [ 339.277046][ T8699] ? __fget_files+0x3a0/0x420 [ 339.277063][ T8699] ? __fget_files+0x2a/0x420 [ 339.277091][ T8699] ? bpf_lsm_file_ioctl+0x9/0x20 [ 339.277118][ T8699] ? __pfx_sock_ioctl+0x10/0x10 [ 339.277141][ T8699] __se_sys_ioctl+0xf9/0x170 [ 339.277168][ T8699] do_syscall_64+0xfa/0x3b0 [ 339.277193][ T8699] ? lockdep_hardirqs_on+0x9c/0x150 [ 339.277216][ T8699] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 339.277233][ T8699] ? clear_bhb_loop+0x60/0xb0 [ 339.277254][ T8699] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 339.277271][ T8699] RIP: 0033:0x7f608b18e929 [ 339.277287][ T8699] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 339.277302][ T8699] RSP: 002b:00007f608c036038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 339.277321][ T8699] RAX: ffffffffffffffda RBX: 00007f608b3b5fa0 RCX: 00007f608b18e929 [ 339.277334][ T8699] RDX: 0000200000002280 RSI: 0000000000008922 RDI: 0000000000000005 [ 339.277345][ T8699] RBP: 00007f608c036090 R08: 0000000000000000 R09: 0000000000000000 [ 339.277356][ T8699] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 339.277366][ T8699] R13: 0000000000000000 R14: 00007f608b3b5fa0 R15: 00007ffda0c374e8 [ 339.277411][ T8699] [ 339.289586][ T5844] syz-executor: attempt to access beyond end of device [ 339.289586][ T5844] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 339.526279][ T8697] tipc: Disabling bearer [ 339.611228][ T5844] CPU: 1 UID: 0 PID: 5844 Comm: syz-executor Not tainted 6.16.0-rc1-next-20250613-syzkaller #0 PREEMPT(full) [ 339.611251][ T5844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 339.611261][ T5844] Call Trace: [ 339.611267][ T5844] [ 339.611274][ T5844] dump_stack_lvl+0x189/0x250 [ 339.611305][ T5844] ? __pfx_dump_stack_lvl+0x10/0x10 [ 339.611326][ T5844] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 339.611346][ T5844] ? __pfx_queue_work_on+0x10/0x10 [ 339.611361][ T5844] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 339.611379][ T5844] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 339.611399][ T5844] ? f2fs_hw_is_readonly+0x39b/0x470 [ 339.611422][ T5844] f2fs_handle_critical_error+0x37c/0x540 [ 339.611446][ T5844] f2fs_write_end_io+0x495/0x810 [ 339.611465][ T5844] ? blkg_put+0x22/0x240 [ 339.611494][ T5844] __submit_merged_bio+0x27a/0x6a0 [ 339.611517][ T5844] __submit_merged_write_cond+0x255/0x530 [ 339.611539][ T5844] f2fs_write_data_pages+0x261d/0x3000 [ 339.611558][ T5844] ? __lock_acquire+0xab9/0xd20 [ 339.611603][ T5844] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 339.611655][ T5844] ? __mod_zone_page_state+0xd7/0x140 [ 339.611677][ T5844] ? folios_put_refs+0x560/0x640 [ 339.611706][ T5844] ? __lock_acquire+0xab9/0xd20 [ 339.611732][ T5844] ? do_raw_spin_lock+0x121/0x290 [ 339.611757][ T5844] ? do_raw_spin_unlock+0x122/0x240 [ 339.611774][ T5844] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 339.611795][ T5844] do_writepages+0x32b/0x550 [ 339.611823][ T5844] ? do_raw_spin_unlock+0x122/0x240 [ 339.611843][ T5844] filemap_fdatawrite+0x199/0x240 [ 339.611858][ T5844] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 339.611908][ T5844] ? do_raw_spin_unlock+0x122/0x240 [ 339.611928][ T5844] f2fs_sync_dirty_inodes+0x31f/0x830 [ 339.611960][ T5844] f2fs_write_checkpoint+0x95a/0x1df0 [ 339.611999][ T5844] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 339.612048][ T5844] ? try_to_wake_up+0x7e5/0x1290 [ 339.612069][ T5844] ? kill_f2fs_super+0x298/0x6c0 [ 339.612094][ T5844] kill_f2fs_super+0x2c3/0x6c0 [ 339.612120][ T5844] ? __pfx_kill_f2fs_super+0x10/0x10 [ 339.612139][ T5844] ? radix_tree_delete_item+0x2b6/0x400 [ 339.612164][ T5844] ? shrinker_free+0x2ce/0x3e0 [ 339.612187][ T5844] deactivate_locked_super+0xb9/0x130 [ 339.612219][ T5844] cleanup_mnt+0x425/0x4c0 [ 339.612247][ T5844] ? lockdep_hardirqs_on+0x9c/0x150 [ 339.612278][ T5844] task_work_run+0x1d4/0x260 [ 339.612308][ T5844] ? __pfx_task_work_run+0x10/0x10 [ 339.612332][ T5844] ? __x64_sys_umount+0x122/0x160 [ 339.612350][ T5844] ? exit_to_user_mode_loop+0x40/0x110 [ 339.612391][ T5844] exit_to_user_mode_loop+0xec/0x110 [ 339.612412][ T5844] do_syscall_64+0x2bd/0x3b0 [ 339.612444][ T5844] ? lockdep_hardirqs_on+0x9c/0x150 [ 339.612473][ T5844] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 339.612486][ T5844] ? clear_bhb_loop+0x60/0xb0 [ 339.612501][ T5844] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 339.612514][ T5844] RIP: 0033:0x7fc7b5f8fc57 [ 339.612525][ T5844] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 339.612535][ T5844] RSP: 002b:00007ffe2b00f1a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 339.612549][ T5844] RAX: 0000000000000000 RBX: 00007fc7b6010925 RCX: 00007fc7b5f8fc57 [ 339.612558][ T5844] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe2b00f260 [ 339.612565][ T5844] RBP: 00007ffe2b00f260 R08: 0000000000000000 R09: 0000000000000000 [ 339.612573][ T5844] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe2b0102f0 [ 339.612581][ T5844] R13: 00007fc7b6010925 R14: 000000000005284f R15: 00007ffe2b010330 [ 339.612600][ T5844] [ 339.612777][ T5844] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 340.632274][ T8701] loop3: detected capacity change from 0 to 32768 [ 340.745254][ T8701] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 341.110469][ T8701] XFS (loop3): Ending clean mount [ 341.262000][ T8701] XFS (loop3): Quotacheck needed: Please wait. [ 341.520553][ T8701] XFS (loop3): Quotacheck: Done. [ 341.726190][ T5838] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 341.823073][ T8727] netlink: 4 bytes leftover after parsing attributes in process `syz.0.739'. [ 341.893573][ T8729] FAULT_INJECTION: forcing a failure. [ 341.893573][ T8729] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 341.937856][ T8729] CPU: 0 UID: 0 PID: 8729 Comm: syz.0.739 Not tainted 6.16.0-rc1-next-20250613-syzkaller #0 PREEMPT(full) [ 341.937884][ T8729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 341.937896][ T8729] Call Trace: [ 341.937903][ T8729] [ 341.937912][ T8729] dump_stack_lvl+0x189/0x250 [ 341.937948][ T8729] ? __pfx____ratelimit+0x10/0x10 [ 341.937974][ T8729] ? __pfx_dump_stack_lvl+0x10/0x10 [ 341.938004][ T8729] ? __pfx__printk+0x10/0x10 [ 341.938037][ T8729] should_fail_ex+0x414/0x560 [ 341.938073][ T8729] strncpy_from_user+0x36/0x290 [ 341.938105][ T8729] getname_flags+0xf3/0x540 [ 341.938150][ T8729] __x64_sys_mkdirat+0x7a/0xa0 [ 341.938183][ T8729] do_syscall_64+0xfa/0x3b0 [ 341.938210][ T8729] ? lockdep_hardirqs_on+0x9c/0x150 [ 341.938237][ T8729] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 341.938256][ T8729] ? clear_bhb_loop+0x60/0xb0 [ 341.938281][ T8729] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 341.938300][ T8729] RIP: 0033:0x7f608b18e929 [ 341.938318][ T8729] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 341.938335][ T8729] RSP: 002b:00007f608c015038 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 341.938356][ T8729] RAX: ffffffffffffffda RBX: 00007f608b3b6080 RCX: 00007f608b18e929 [ 341.938370][ T8729] RDX: 00000000000001ff RSI: 0000200000000a00 RDI: 0000000000000006 [ 341.938383][ T8729] RBP: 00007f608c015090 R08: 0000000000000000 R09: 0000000000000000 [ 341.938395][ T8729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 341.938406][ T8729] R13: 0000000000000000 R14: 00007f608b3b6080 R15: 00007ffda0c374e8 [ 341.938436][ T8729] [ 342.474598][ T8724] loop1: detected capacity change from 0 to 512 [ 342.565191][ T8742] syz.3.742: attempt to access beyond end of device [ 342.565191][ T8742] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0 [ 342.578433][ T8742] efs: cannot read volume header [ 342.739606][ T8724] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 342.760275][ T8743] tipc: Enabled bearer , priority 10 [ 342.895700][ T8724] ext4 filesystem being mounted at /155/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 343.229358][ T30] audit: type=1800 audit(1749905534.072:296): pid=8739 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.737" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 343.592208][ T8752] loop3: detected capacity change from 0 to 4096 [ 343.786100][ T8731] loop2: detected capacity change from 0 to 32768 [ 343.862107][ T5847] tipc: Node number set to 3657399548 [ 343.891608][ T5845] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 344.006292][ T8752] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 344.111545][ T8764] loop0: detected capacity change from 0 to 2048 [ 344.125600][ T8764] EXT4-fs: inline encryption not supported [ 344.132131][ T8764] EXT4-fs: Ignoring removed mblk_io_submit option [ 344.151640][ T8764] ext4: Unknown parameter 'audit' [ 344.235128][ T8731] ERROR: (device loop2): dbFindCtl: Corrupt dmapctl page [ 344.235128][ T8731] [ 344.383677][ T8731] ERROR: (device loop2): remounting filesystem as read-only [ 344.510075][ T8766] ea_get: invalid extended attribute [ 344.516048][ T8766] ffff88802fccc000: eb 03 00 00 00 0b 06 00 75 73 65 72 2e 78 61 74 ........user.xat [ 344.588891][ T8773] netlink: 4 bytes leftover after parsing attributes in process `syz.0.747'. [ 344.640479][ T8773] macsec1: entered allmulticast mode [ 344.645892][ T8773] bridge0: entered allmulticast mode [ 344.655661][ T8773] bridge0: port 1(macsec1) entered blocking state [ 344.662927][ T8773] bridge0: port 1(macsec1) entered disabled state [ 344.864278][ T8773] bridge0: left allmulticast mode [ 344.987570][ T8766] ffff88802fccc010: 74 72 31 00 78 61 74 74 72 31 00 0b 06 00 75 73 tr1.xattr1....us [ 345.128850][ T8766] ffff88802fccc020: 65 72 2e 78 61 74 74 72 32 00 78 61 74 74 72 32 er.xattr2.xattr2 [ 345.138452][ T8766] ffff88802fccc030: 00 15 61 03 74 72 75 73 74 65 64 2e 6f 76 65 72 ..a.trusted.over [ 345.192342][ T8766] ffff88802fccc040: 6c 61 79 2e 75 70 70 65 72 00 00 00 00 00 00 00 lay.upper....... [ 345.238903][ T8766] ffff88802fccc050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.277009][ T8766] ffff88802fccc060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.322443][ T8766] ffff88802fccc070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.348899][ T8766] ffff88802fccc080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.398922][ T8766] ffff88802fccc090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.408518][ T8766] ffff88802fccc0a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.439387][ T8766] ffff88802fccc0b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.468993][ T8766] ffff88802fccc0c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.503237][ T8766] ffff88802fccc0d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.528791][ T8766] ffff88802fccc0e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.558814][ T8766] ffff88802fccc0f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.578698][ T8766] ffff88802fccc100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.596355][ T8771] loop1: detected capacity change from 0 to 32768 [ 345.606304][ T8766] ffff88802fccc110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.616175][ T8766] ffff88802fccc120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.631672][ T8771] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.745 (8771) [ 345.663164][ T8766] ffff88802fccc130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.706849][ T8766] ffff88802fccc140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.729049][ T8766] ffff88802fccc150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.754048][ T8771] BTRFS info (device loop1): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 345.760609][ T8766] ffff88802fccc160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.782293][ T8771] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 345.794333][ T8766] ffff88802fccc170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.812603][ T8771] BTRFS info (device loop1): disk space caching is enabled [ 345.828972][ T8766] ffff88802fccc180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.840075][ T8771] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 345.854197][ T8766] ffff88802fccc190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.854223][ T8766] ffff88802fccc1a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.854241][ T8766] ffff88802fccc1b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.854259][ T8766] ffff88802fccc1c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.854276][ T8766] ffff88802fccc1d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.854293][ T8766] ffff88802fccc1e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.854311][ T8766] ffff88802fccc1f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.854329][ T8766] ffff88802fccc200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.854353][ T8766] ffff88802fccc210: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.854371][ T8766] ffff88802fccc220: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.854388][ T8766] ffff88802fccc230: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.854404][ T8766] ffff88802fccc240: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.854420][ T8766] ffff88802fccc250: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.854437][ T8766] ffff88802fccc260: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.854455][ T8766] ffff88802fccc270: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.854472][ T8766] ffff88802fccc280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.854489][ T8766] ffff88802fccc290: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.854506][ T8766] ffff88802fccc2a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.854523][ T8766] ffff88802fccc2b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.854541][ T8766] ffff88802fccc2c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.854558][ T8766] ffff88802fccc2d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.854575][ T8766] ffff88802fccc2e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.854592][ T8766] ffff88802fccc2f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.854610][ T8766] ffff88802fccc300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.854628][ T8766] ffff88802fccc310: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.854646][ T8766] ffff88802fccc320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.854663][ T8766] ffff88802fccc330: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.854680][ T8766] ffff88802fccc340: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.854697][ T8766] ffff88802fccc350: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.854714][ T8766] ffff88802fccc360: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.854732][ T8766] ffff88802fccc370: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.854749][ T8766] ffff88802fccc380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.854766][ T8766] ffff88802fccc390: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 345.854783][ T8766] ffff88802fccc3a0: 00 00 00 00 00 00 00 00 00 00 00 ........... [ 346.212456][ T5838] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 346.370552][ T8771] BTRFS info (device loop1): rebuilding free space tree [ 346.429812][ T8771] BTRFS info (device loop1): disabling free space tree [ 346.474752][ T8771] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 346.498175][ T30] audit: type=1326 audit(1749905537.332:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8795 comm="syz.4.751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2958b8e929 code=0x7ffc0000 [ 346.533474][ T8771] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 346.596082][ T30] audit: type=1326 audit(1749905537.332:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8795 comm="syz.4.751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2958b8e929 code=0x7ffc0000 [ 346.648126][ T30] audit: type=1326 audit(1749905537.332:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8795 comm="syz.4.751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f2958b8e929 code=0x7ffc0000 [ 346.708445][ T8771] BTRFS info (device loop1): balance: start -d -m [ 346.738953][ T30] audit: type=1326 audit(1749905537.332:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8795 comm="syz.4.751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2958b8e929 code=0x7ffc0000 [ 346.761229][ C1] vkms_vblank_simulate: vblank timer overrun [ 346.781266][ T8771] BTRFS info (device loop1): relocating block group 6881280 flags data|metadata [ 346.814302][ T5858] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 346.839524][ T30] audit: type=1326 audit(1749905537.332:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8795 comm="syz.4.751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2958b8e929 code=0x7ffc0000 [ 346.861760][ C1] vkms_vblank_simulate: vblank timer overrun [ 346.978168][ T8808] syz.3.753: attempt to access beyond end of device [ 346.978168][ T8808] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0 [ 346.991369][ T8808] efs: cannot read volume header [ 347.464766][ T30] audit: type=1326 audit(1749905537.332:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8795 comm="syz.4.751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f2958b8e929 code=0x7ffc0000 [ 347.494148][ T30] audit: type=1326 audit(1749905537.332:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8795 comm="syz.4.751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f2958b8e963 code=0x7ffc0000 [ 347.517474][ T30] audit: type=1326 audit(1749905537.332:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8795 comm="syz.4.751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2958b8e929 code=0x7ffc0000 [ 347.540175][ T30] audit: type=1326 audit(1749905537.332:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8795 comm="syz.4.751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2958b8d290 code=0x7ffc0000 [ 347.809041][ T8771] BTRFS info (device loop1): relocating block group 5242880 flags data|metadata [ 347.829750][ T8816] trusted_key: encrypted_key: insufficient parameters specified [ 347.937386][ T8771] BTRFS info (device loop1): balance: canceled [ 348.109056][ T5845] BTRFS info (device loop1): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 348.497392][ T5898] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 348.858932][ T5898] usb 3-1: Using ep0 maxpacket: 16 [ 348.894383][ T5898] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 348.922014][ T5898] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 348.935119][ T5898] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 348.968907][ T5898] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 348.978084][ T5898] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 349.035681][ T5898] usb 3-1: config 0 descriptor?? [ 349.111377][ T30] kauditd_printk_skb: 38 callbacks suppressed [ 349.111403][ T30] audit: type=1326 audit(1749905539.952:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8832 comm="syz.1.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f871d38e929 code=0x7ffc0000 [ 349.113632][ T8831] FAULT_INJECTION: forcing a failure. [ 349.113632][ T8831] name failslab, interval 1, probability 0, space 0, times 0 [ 349.125942][ T30] audit: type=1326 audit(1749905539.962:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8832 comm="syz.1.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f871d38e929 code=0x7ffc0000 [ 349.178717][ T8831] CPU: 0 UID: 0 PID: 8831 Comm: syz.0.761 Not tainted 6.16.0-rc1-next-20250613-syzkaller #0 PREEMPT(full) [ 349.178747][ T8831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 349.178759][ T8831] Call Trace: [ 349.178767][ T8831] [ 349.178775][ T8831] dump_stack_lvl+0x189/0x250 [ 349.178808][ T8831] ? __pfx____ratelimit+0x10/0x10 [ 349.178835][ T8831] ? __pfx_dump_stack_lvl+0x10/0x10 [ 349.178861][ T8831] ? __pfx__printk+0x10/0x10 [ 349.178887][ T8831] ? __pfx___might_resched+0x10/0x10 [ 349.178920][ T8831] should_fail_ex+0x414/0x560 [ 349.178954][ T8831] should_failslab+0xa8/0x100 [ 349.178976][ T8831] __kmalloc_node_noprof+0xd1/0x4e0 [ 349.178995][ T8831] ? alloc_slab_obj_exts+0x39/0xa0 [ 349.179027][ T8831] alloc_slab_obj_exts+0x39/0xa0 [ 349.179055][ T8831] __memcg_slab_post_alloc_hook+0x31e/0x7f0 [ 349.179100][ T8831] kmem_cache_alloc_node_noprof+0x2bd/0x3c0 [ 349.179119][ T8831] ? __alloc_skb+0x112/0x2d0 [ 349.179141][ T8831] __alloc_skb+0x112/0x2d0 [ 349.179164][ T8831] alloc_skb_with_frags+0xca/0x890 [ 349.179189][ T8831] ? __pfx_process_measurement+0x10/0x10 [ 349.179208][ T8831] ? tomoyo_check_open_permission+0x16a/0x3b0 [ 349.179233][ T8831] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 349.179262][ T8831] sock_alloc_send_pskb+0x857/0x990 [ 349.179291][ T8831] ? __lock_acquire+0xab9/0xd20 [ 349.179346][ T8831] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 349.179379][ T8831] ? __lock_acquire+0xab9/0xd20 [ 349.179414][ T8831] ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20 [ 349.179447][ T8831] unix_stream_sendmsg+0x4c2/0xc90 [ 349.179487][ T8831] ? __pfx_unix_stream_sendmsg+0x10/0x10 [ 349.179516][ T8831] ? aa_sock_msg_perm+0xda/0x1d0 [ 349.179545][ T8831] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 349.179570][ T8831] ? __pfx_unix_stream_sendmsg+0x10/0x10 [ 349.179593][ T8831] __sock_sendmsg+0x21c/0x270 [ 349.179624][ T8831] ____sys_sendmsg+0x505/0x830 [ 349.179652][ T8831] ? __pfx_____sys_sendmsg+0x10/0x10 [ 349.179692][ T8831] ? import_iovec+0x74/0xa0 [ 349.179715][ T8831] ___sys_sendmsg+0x21f/0x2a0 [ 349.179736][ T8831] ? __pfx____sys_sendmsg+0x10/0x10 [ 349.179787][ T8831] ? __fget_files+0x2a/0x420 [ 349.179804][ T8831] ? __fget_files+0x3a0/0x420 [ 349.179834][ T8831] __x64_sys_sendmsg+0x19b/0x260 [ 349.179858][ T8831] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 349.179889][ T8831] ? __pfx_ksys_write+0x10/0x10 [ 349.179903][ T8831] ? rcu_is_watching+0x15/0xb0 [ 349.179936][ T8831] ? do_syscall_64+0xbe/0x3b0 [ 349.179967][ T8831] do_syscall_64+0xfa/0x3b0 [ 349.179992][ T8831] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.180010][ T8831] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 349.180027][ T8831] ? clear_bhb_loop+0x60/0xb0 [ 349.180049][ T8831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.180067][ T8831] RIP: 0033:0x7f608b18e929 [ 349.180084][ T8831] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 349.180100][ T8831] RSP: 002b:00007f608c036038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 349.180120][ T8831] RAX: ffffffffffffffda RBX: 00007f608b3b5fa0 RCX: 00007f608b18e929 [ 349.180134][ T8831] RDX: 0000000000000003 RSI: 0000200000000980 RDI: 0000000000000005 [ 349.180146][ T8831] RBP: 00007f608c036090 R08: 0000000000000000 R09: 0000000000000000 [ 349.180158][ T8831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 349.180168][ T8831] R13: 0000000000000000 R14: 00007f608b3b5fa0 R15: 00007ffda0c374e8 [ 349.180196][ T8831] [ 349.394773][ T5974] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 349.407780][ T30] audit: type=1326 audit(1749905539.962:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8832 comm="syz.1.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f871d38e929 code=0x7ffc0000 [ 349.553063][ T30] audit: type=1326 audit(1749905539.962:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8832 comm="syz.1.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f871d38e929 code=0x7ffc0000 [ 349.575551][ T30] audit: type=1326 audit(1749905539.962:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8832 comm="syz.1.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7f871d38e929 code=0x7ffc0000 [ 349.597910][ T30] audit: type=1326 audit(1749905539.962:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8832 comm="syz.1.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f871d38e929 code=0x7ffc0000 [ 349.620490][ T30] audit: type=1326 audit(1749905539.962:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8832 comm="syz.1.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f871d38e929 code=0x7ffc0000 [ 349.666664][ T30] audit: type=1326 audit(1749905540.022:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8832 comm="syz.1.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f871d38d290 code=0x7ffc0000 [ 349.697474][ T30] audit: type=1326 audit(1749905540.022:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8832 comm="syz.1.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f871d38e52b code=0x7ffc0000 [ 349.744266][ T30] audit: type=1326 audit(1749905540.022:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8832 comm="syz.1.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f871d38e52b code=0x7ffc0000 [ 349.780099][ T10] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 349.781247][ T5974] usb 4-1: config 0 has an invalid interface number: 217 but max is 1 [ 349.805316][ T8837] netlink: 4 bytes leftover after parsing attributes in process `syz.0.764'. [ 349.815761][ T5974] usb 4-1: config 0 has no interface number 1 [ 349.833770][ T5974] usb 4-1: New USB device found, idVendor=0c45, idProduct=628f, bcdDevice=1f.44 [ 349.844342][ T5974] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 349.869853][ T5974] usb 4-1: config 0 descriptor?? [ 349.899265][ T5974] gspca_main: gspca_sn9c20x-2.14.0 probing 0c45:628f [ 349.939211][ T8840] tipc: Enabling of bearer rejected, failed to enable media [ 349.966662][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 349.984346][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 349.998180][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 350.021298][ T10] usb 2-1: New USB device found, idVendor=07c9, idProduct=0012, bcdDevice=c2.f4 [ 350.045049][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 350.053759][ T10] usb 2-1: Product: syz [ 350.058032][ T10] usb 2-1: Manufacturer: syz [ 350.062859][ T10] usb 2-1: SerialNumber: syz [ 350.074039][ T10] usb 2-1: config 0 descriptor?? [ 350.111537][ T5974] gspca_sn9c20x: Write register 1000 failed -71 [ 350.126172][ T5974] gspca_sn9c20x: Device initialization failed [ 350.127103][ T8842] loop0: detected capacity change from 0 to 2048 [ 350.137279][ T5974] gspca_sn9c20x 4-1:0.0: probe with driver gspca_sn9c20x failed with error -71 [ 350.181137][ T8842] EXT4-fs: inline encryption not supported [ 350.196195][ T5974] usb 4-1: USB disconnect, device number 12 [ 350.203433][ T8842] EXT4-fs: Ignoring removed mblk_io_submit option [ 350.214067][ T8842] ext4: Unknown parameter 'audit' [ 350.581240][ T8845] netlink: 4 bytes leftover after parsing attributes in process `syz.0.766'. [ 350.647150][ T8845] macsec1: entered allmulticast mode [ 350.652713][ T8845] bridge0: entered allmulticast mode [ 350.665333][ T8845] bridge0: port 1(macsec1) entered blocking state [ 350.672962][ T8845] bridge0: port 1(macsec1) entered disabled state [ 351.071811][ T8845] bridge0: left allmulticast mode [ 351.149318][ T5898] usbhid 3-1:0.0: can't add hid device: -71 [ 351.155442][ T5898] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 351.184865][ T5898] usb 3-1: USB disconnect, device number 18 [ 351.952739][ T8855] trusted_key: encrypted_key: insufficient parameters specified [ 352.161211][ T10] usb 2-1: USB disconnect, device number 12 [ 352.420494][ T8866] loop2: detected capacity change from 0 to 1024 [ 352.443124][ T8866] EXT4-fs (loop2): can't mount with data_err=abort, fs mounted w/o journal [ 353.199090][ T5858] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 353.400808][ T8876] loop0: detected capacity change from 0 to 4096 [ 353.436475][ T8876] NILFS (loop0): invalid segment: Checksum error in segment payload [ 353.475020][ T8876] NILFS (loop0): trying rollback from an earlier position [ 353.536056][ T8876] NILFS (loop0): recovery complete [ 353.542982][ T8886] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 353.622079][ T8888] tipc: Enabling of bearer rejected, failed to enable media [ 353.836031][ T8890] loop3: detected capacity change from 0 to 4096 [ 353.974028][ T8890] ntfs3(loop3): Mark volume as dirty due to NTFS errors [ 354.071650][ T8883] loop1: detected capacity change from 0 to 32768 [ 354.097332][ T8883] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.778 (8883) [ 354.134121][ T8883] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 354.240570][ T8882] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 354.258899][ T8883] BTRFS info (device loop1): using crc32c (crc32c-x86_64) checksum algorithm [ 354.267984][ T8883] BTRFS info (device loop1): using free-space-tree [ 354.285002][ T8882] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 354.318625][ T5838] ntfs3(loop3): ino=9, ntfs_sync_fs failed, -22. [ 354.603078][ T8882] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 354.801542][ T8882] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 355.003841][ T8913] loop0: detected capacity change from 0 to 512 [ 355.036045][ T8883] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 355.070059][ T8882] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 355.081234][ T8882] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 355.088467][ T8913] EXT4-fs warning (device loop0): ext4_enable_quotas:7168: Failed to enable quota tracking (type=0, err=-13, ino=3). Please run e2fsck to fix. [ 355.131026][ T8882] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 355.176292][ T8882] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 355.184413][ T8913] EXT4-fs (loop0): mount failed [ 355.688808][ T5858] Bluetooth: hci1: command 0x0406 tx timeout [ 355.764893][ T8933] netlink: 4 bytes leftover after parsing attributes in process `syz.4.787'. [ 355.814393][ T8933] bridge0: entered promiscuous mode [ 355.820136][ T8933] macsec1: entered allmulticast mode [ 355.825524][ T8933] bridge0: entered allmulticast mode [ 355.838545][ T8933] bridge0: port 3(macsec1) entered blocking state [ 355.845859][ T8933] bridge0: port 3(macsec1) entered disabled state [ 356.195616][ T8933] bridge0: left allmulticast mode [ 356.201411][ T8933] bridge0: left promiscuous mode [ 356.743936][ T5858] Bluetooth: hci2: command 0x0406 tx timeout [ 357.584913][ T5858] Bluetooth: hci4: command 0x0406 tx timeout [ 357.591077][ T5858] Bluetooth: hci3: command 0x0406 tx timeout [ 357.760289][ T5859] Bluetooth: hci1: command 0x0406 tx timeout [ 358.327988][ T8951] loop3: detected capacity change from 0 to 32768 [ 358.476852][ T8953] loop2: detected capacity change from 0 to 4096 [ 358.486215][ T8951] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 358.622658][ T8951] XFS (loop3): Ending clean mount [ 358.634709][ T8951] XFS (loop3): Quotacheck needed: Please wait. [ 358.743894][ T8951] XFS (loop3): Quotacheck: Done. [ 358.796799][ T8953] NILFS (loop2): invalid segment: Checksum error in segment payload [ 358.859068][ T8953] NILFS (loop2): trying rollback from an earlier position [ 358.887913][ T8953] NILFS (loop2): recovery complete [ 359.054482][ T8971] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 359.548130][ T8974] tipc: Enabling of bearer rejected, failed to enable media [ 359.604625][ T5859] Bluetooth: hci3: command 0x0406 tx timeout [ 359.604646][ T5858] Bluetooth: hci4: command 0x0406 tx timeout [ 359.612506][ T5859] Bluetooth: hci2: command 0x0406 tx timeout [ 359.803051][ T5838] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 360.758977][ T1228] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 360.828549][ T8986] loop2: detected capacity change from 0 to 512 [ 360.918424][ T1228] usb 2-1: device descriptor read/64, error -71 [ 361.181138][ T8986] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 361.219865][ T8987] netlink: 24 bytes leftover after parsing attributes in process `syz.0.804'. [ 361.239134][ T1228] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 361.419834][ T8986] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #13: comm syz.2.802: invalid indirect mapped block 2683928664 (level 1) [ 361.498920][ T8986] EXT4-fs (loop2): Remounting filesystem read-only [ 361.529618][ T8986] EXT4-fs (loop2): 1 truncate cleaned up [ 361.553025][ T8986] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 361.565824][ T1228] usb 2-1: device descriptor read/64, error -71 [ 361.586390][ T8988] 9pnet: Could not find request transport: f0x0000000000000003 [ 361.811062][ T1228] usb usb2-port1: attempt power cycle [ 362.427498][ T5844] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 363.123952][ T1228] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 363.231568][ T1228] usb 2-1: device descriptor read/8, error -71 [ 363.244022][ T9005] loop3: detected capacity change from 0 to 2048 [ 363.295383][ T9005] EXT4-fs: inline encryption not supported [ 363.334126][ T9005] EXT4-fs: Ignoring removed mblk_io_submit option [ 363.363753][ T9005] ext4: Unknown parameter 'audit' [ 364.039592][ T9015] netlink: 4 bytes leftover after parsing attributes in process `syz.3.807'. [ 364.055281][ T9015] bridge0: entered promiscuous mode [ 364.069057][ T9015] macsec1: entered allmulticast mode [ 364.074390][ T9015] bridge0: entered allmulticast mode [ 364.082030][ T9015] bridge0: port 3(macsec1) entered blocking state [ 364.088592][ T9015] bridge0: port 3(macsec1) entered disabled state [ 364.143998][ T9015] bridge0: left allmulticast mode [ 364.149364][ T9015] bridge0: left promiscuous mode [ 364.299274][ T1228] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 364.358056][ T1228] usb 2-1: config 0 has no interfaces? [ 364.371084][ T1228] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 364.380928][ T1228] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 364.389441][ T1228] usb 2-1: SerialNumber: syz [ 364.397876][ T1228] usb 2-1: config 0 descriptor?? [ 364.708910][ T9024] tipc: Enabling of bearer rejected, failed to enable media [ 364.778923][ T5974] usb 4-1: new low-speed USB device number 13 using dummy_hcd [ 364.874135][ T9028] trusted_key: encrypted_key: insufficient parameters specified [ 364.994459][ T9012] netlink: 173 bytes leftover after parsing attributes in process `syz.1.810'. [ 365.011506][ T10] usb 2-1: USB disconnect, device number 16 [ 365.055868][ T5974] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 365.073860][ T5974] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 365.083269][ T5974] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 365.103853][ T5974] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 365.239754][ T5974] usb 4-1: config 0 descriptor?? [ 365.499615][ T5974] usb 4-1: USB disconnect, device number 13 [ 365.724113][ T9031] ================================================================== [ 365.732241][ T9031] BUG: KASAN: slab-use-after-free in do_sync_mmap_readahead+0x4bf/0x830 [ 365.740669][ T9031] Read of size 8 at addr ffff888032be8690 by task syz.0.815/9031 [ 365.748409][ T9031] [ 365.750759][ T9031] CPU: 0 UID: 0 PID: 9031 Comm: syz.0.815 Not tainted 6.16.0-rc1-next-20250613-syzkaller #0 PREEMPT(full) [ 365.750788][ T9031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 365.750802][ T9031] Call Trace: [ 365.750811][ T9031] [ 365.750821][ T9031] dump_stack_lvl+0x189/0x250 [ 365.750857][ T9031] ? __virt_addr_valid+0x1c8/0x5c0 [ 365.750879][ T9031] ? rcu_is_watching+0x15/0xb0 [ 365.750910][ T9031] ? __kasan_check_byte+0x12/0x40 [ 365.750932][ T9031] ? __pfx_dump_stack_lvl+0x10/0x10 [ 365.750963][ T9031] ? rcu_is_watching+0x15/0xb0 [ 365.751002][ T9031] ? lock_release+0x4b/0x3e0 [ 365.751033][ T9031] ? __virt_addr_valid+0x1c8/0x5c0 [ 365.751055][ T9031] ? __virt_addr_valid+0x4a5/0x5c0 [ 365.751078][ T9031] print_report+0xd2/0x2b0 [ 365.751105][ T9031] ? do_sync_mmap_readahead+0x4bf/0x830 [ 365.751132][ T9031] kasan_report+0x118/0x150 [ 365.751155][ T9031] ? do_sync_mmap_readahead+0x4bf/0x830 [ 365.751193][ T9031] do_sync_mmap_readahead+0x4bf/0x830 [ 365.751227][ T9031] ? __pfx_do_sync_mmap_readahead+0x10/0x10 [ 365.751260][ T9031] ? count_memcg_event_mm+0x1d/0x250 [ 365.751287][ T9031] ? count_memcg_event_mm+0x1d/0x250 [ 365.751317][ T9031] filemap_fault+0x62c/0x1200 [ 365.751348][ T9031] ? __pfx_filemap_fault+0x10/0x10 [ 365.751376][ T9031] ? __pfx_filemap_map_pages+0x10/0x10 [ 365.751404][ T9031] ? __handle_mm_fault+0x296f/0x5620 [ 365.751428][ T9031] __do_fault+0x135/0x390 [ 365.751453][ T9031] __handle_mm_fault+0x37ed/0x5620 [ 365.751482][ T9031] ? __pfx___handle_mm_fault+0x10/0x10 [ 365.751510][ T9031] ? follow_page_pte+0x8c0/0x14c0 [ 365.751535][ T9031] handle_mm_fault+0x40a/0x8e0 [ 365.751559][ T9031] __get_user_pages+0x1aef/0x30b0 [ 365.751597][ T9031] ? mt_find+0x15c/0x5f0 [ 365.751636][ T9031] ? __pfx___get_user_pages+0x10/0x10 [ 365.751672][ T9031] populate_vma_page_range+0x29f/0x3a0 [ 365.751704][ T9031] ? __pfx_populate_vma_page_range+0x10/0x10 [ 365.751732][ T9031] ? userfaultfd_unmap_complete+0x278/0x2d0 [ 365.751767][ T9031] ? down_read+0x1ad/0x2e0 [ 365.751787][ T9031] __mm_populate+0x24c/0x380 [ 365.751818][ T9031] ? __pfx___mm_populate+0x10/0x10 [ 365.751849][ T9031] ? up_write+0x1c4/0x420 [ 365.751872][ T9031] vm_mmap_pgoff+0x3f0/0x4c0 [ 365.751904][ T9031] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 365.751934][ T9031] ? __fget_files+0x2a/0x420 [ 365.751959][ T9031] ? __fget_files+0x3a0/0x420 [ 365.751986][ T9031] ? __fget_files+0x2a/0x420 [ 365.752011][ T9031] ksys_mmap_pgoff+0x51f/0x760 [ 365.752034][ T9031] do_syscall_64+0xfa/0x3b0 [ 365.752065][ T9031] ? lockdep_hardirqs_on+0x9c/0x150 [ 365.752093][ T9031] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 365.752114][ T9031] ? clear_bhb_loop+0x60/0xb0 [ 365.752137][ T9031] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 365.752158][ T9031] RIP: 0033:0x7f608b18e929 [ 365.752177][ T9031] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 365.752195][ T9031] RSP: 002b:00007f608c036038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 365.752217][ T9031] RAX: ffffffffffffffda RBX: 00007f608b3b5fa0 RCX: 00007f608b18e929 [ 365.752234][ T9031] RDX: 0000000001000006 RSI: 0000000000b36000 RDI: 0000200000000000 [ 365.752249][ T9031] RBP: 00007f608b210b39 R08: 0000000000000006 R09: 0000000000000000 [ 365.752262][ T9031] R10: 0000000000028011 R11: 0000000000000246 R12: 0000000000000000 [ 365.752276][ T9031] R13: 0000000000000000 R14: 00007f608b3b5fa0 R15: 00007ffda0c374e8 [ 365.752299][ T9031] [ 365.752307][ T9031] [ 366.093464][ T9031] Allocated by task 9031: [ 366.097782][ T9031] kasan_save_track+0x3e/0x80 [ 366.102477][ T9031] __kasan_slab_alloc+0x6c/0x80 [ 366.107318][ T9031] kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 366.112785][ T9031] vm_area_alloc+0x24/0x140 [ 366.117294][ T9031] mmap_region+0xe0d/0x2080 [ 366.121800][ T9031] do_mmap+0xc45/0x10d0 [ 366.125966][ T9031] vm_mmap_pgoff+0x31b/0x4c0 [ 366.130554][ T9031] ksys_mmap_pgoff+0x51f/0x760 [ 366.135318][ T9031] do_syscall_64+0xfa/0x3b0 [ 366.139830][ T9031] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 366.145719][ T9031] [ 366.148035][ T9031] Freed by task 9033: [ 366.152006][ T9031] kasan_save_track+0x3e/0x80 [ 366.156693][ T9031] kasan_save_free_info+0x46/0x50 [ 366.161719][ T9031] __kasan_slab_free+0x62/0x70 [ 366.166483][ T9031] slab_free_after_rcu_debug+0x129/0x2a0 [ 366.172116][ T9031] rcu_core+0xca8/0x1710 [ 366.176369][ T9031] handle_softirqs+0x283/0x870 [ 366.181142][ T9031] __irq_exit_rcu+0xca/0x1f0 [ 366.185738][ T9031] irq_exit_rcu+0x9/0x30 [ 366.189992][ T9031] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 366.195652][ T9031] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 366.201647][ T9031] [ 366.203973][ T9031] Last potentially related work creation: [ 366.209680][ T9031] kasan_save_stack+0x3e/0x60 [ 366.214361][ T9031] kasan_record_aux_stack+0xbd/0xd0 [ 366.219563][ T9031] kmem_cache_free+0x2f6/0x400 [ 366.224317][ T9031] vms_complete_munmap_vmas+0x626/0x8a0 [ 366.229879][ T9031] mmap_region+0x1221/0x2080 [ 366.234468][ T9031] do_mmap+0xc45/0x10d0 [ 366.238620][ T9031] vm_mmap_pgoff+0x31b/0x4c0 [ 366.243219][ T9031] do_syscall_64+0xfa/0x3b0 [ 366.247739][ T9031] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 366.253627][ T9031] [ 366.255990][ T9031] The buggy address belongs to the object at ffff888032be8640 [ 366.255990][ T9031] which belongs to the cache vm_area_struct of size 256 [ 366.270296][ T9031] The buggy address is located 80 bytes inside of [ 366.270296][ T9031] freed 256-byte region [ffff888032be8640, ffff888032be8740) [ 366.284013][ T9031] [ 366.286336][ T9031] The buggy address belongs to the physical page: [ 366.292745][ T9031] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x32be8 [ 366.301506][ T9031] memcg:ffff888078d5c281 [ 366.305741][ T9031] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 366.312843][ T9031] page_type: f5(slab) [ 366.316824][ T9031] raw: 00fff00000000000 ffff88814040ab40 ffffea0001ff28c0 dead000000000004 [ 366.325401][ T9031] raw: 0000000000000000 00000000000c000c 00000000f5000000 ffff888078d5c281 [ 366.333975][ T9031] page dumped because: kasan: bad access detected [ 366.340390][ T9031] page_owner tracks the page as allocated [ 366.346101][ T9031] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5623, tgid 5623 (dhcpcd-run-hook), ts 57125099260, free_ts 57099705450 [ 366.365634][ T9031] post_alloc_hook+0x240/0x2a0 [ 366.370399][ T9031] get_page_from_freelist+0x21e4/0x22c0 [ 366.375956][ T9031] __alloc_frozen_pages_noprof+0x181/0x370 [ 366.381772][ T9031] alloc_pages_mpol+0x232/0x4a0 [ 366.386629][ T9031] allocate_slab+0x8a/0x3b0 [ 366.391158][ T9031] ___slab_alloc+0xbfc/0x1480 [ 366.395832][ T9031] kmem_cache_alloc_noprof+0x283/0x3c0 [ 366.401299][ T9031] vm_area_dup+0x2b/0x680 [ 366.405630][ T9031] __split_vma+0x1a9/0xa00 [ 366.410046][ T9031] vms_gather_munmap_vmas+0x4ab/0x12b0 [ 366.415507][ T9031] mmap_region+0x71a/0x2080 [ 366.420054][ T9031] do_mmap+0xc45/0x10d0 [ 366.424213][ T9031] vm_mmap_pgoff+0x31b/0x4c0 [ 366.428807][ T9031] ksys_mmap_pgoff+0x51f/0x760 [ 366.433563][ T9031] do_syscall_64+0xfa/0x3b0 [ 366.438163][ T9031] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 366.444073][ T9031] page last free pid 23 tgid 23 stack trace: [ 366.450062][ T9031] __free_frozen_pages+0xc71/0xe70 [ 366.455283][ T9031] __tlb_remove_table+0x2d2/0x3b0 [ 366.460307][ T9031] tlb_remove_table_rcu+0x85/0x100 [ 366.465438][ T9031] rcu_core+0xca8/0x1710 [ 366.469727][ T9031] handle_softirqs+0x283/0x870 [ 366.474503][ T9031] run_ksoftirqd+0x9b/0x100 [ 366.479007][ T9031] smpboot_thread_fn+0x542/0xa60 [ 366.483954][ T9031] kthread+0x711/0x8a0 [ 366.488024][ T9031] ret_from_fork+0x3f9/0x770 [ 366.492618][ T9031] ret_from_fork_asm+0x1a/0x30 [ 366.497382][ T9031] [ 366.499702][ T9031] Memory state around the buggy address: [ 366.505327][ T9031] ffff888032be8580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 366.513380][ T9031] ffff888032be8600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 366.521439][ T9031] >ffff888032be8680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 366.529492][ T9031] ^ [ 366.534072][ T9031] ffff888032be8700: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 366.542128][ T9031] ffff888032be8780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 366.550194][ T9031] ================================================================== [ 366.564896][ T9031] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 366.572320][ T9031] CPU: 1 UID: 0 PID: 9031 Comm: syz.0.815 Not tainted 6.16.0-rc1-next-20250613-syzkaller #0 PREEMPT(full) [ 366.583725][ T9031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 366.593798][ T9031] Call Trace: [ 366.597084][ T9031] [ 366.600020][ T9031] dump_stack_lvl+0x99/0x250 [ 366.604626][ T9031] ? __asan_memcpy+0x40/0x70 [ 366.609223][ T9031] ? __pfx_dump_stack_lvl+0x10/0x10 [ 366.614430][ T9031] ? __pfx__printk+0x10/0x10 [ 366.619027][ T9031] panic+0x2db/0x790 [ 366.622932][ T9031] ? __pfx_panic+0x10/0x10 [ 366.627356][ T9031] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 366.633272][ T9031] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 366.639607][ T9031] ? print_memory_metadata+0x314/0x400 [ 366.645097][ T9031] ? do_sync_mmap_readahead+0x4bf/0x830 [ 366.650652][ T9031] check_panic_on_warn+0x89/0xb0 [ 366.655595][ T9031] ? do_sync_mmap_readahead+0x4bf/0x830 [ 366.661153][ T9031] end_report+0x78/0x160 [ 366.665406][ T9031] kasan_report+0x129/0x150 [ 366.669917][ T9031] ? do_sync_mmap_readahead+0x4bf/0x830 [ 366.675505][ T9031] do_sync_mmap_readahead+0x4bf/0x830 [ 366.680906][ T9031] ? __pfx_do_sync_mmap_readahead+0x10/0x10 [ 366.686810][ T9031] ? count_memcg_event_mm+0x1d/0x250 [ 366.692102][ T9031] ? count_memcg_event_mm+0x1d/0x250 [ 366.697406][ T9031] filemap_fault+0x62c/0x1200 [ 366.702108][ T9031] ? __pfx_filemap_fault+0x10/0x10 [ 366.707232][ T9031] ? __pfx_filemap_map_pages+0x10/0x10 [ 366.712697][ T9031] ? __handle_mm_fault+0x296f/0x5620 [ 366.717985][ T9031] __do_fault+0x135/0x390 [ 366.722318][ T9031] __handle_mm_fault+0x37ed/0x5620 [ 366.727442][ T9031] ? __pfx___handle_mm_fault+0x10/0x10 [ 366.732906][ T9031] ? follow_page_pte+0x8c0/0x14c0 [ 366.737932][ T9031] handle_mm_fault+0x40a/0x8e0 [ 366.742782][ T9031] __get_user_pages+0x1aef/0x30b0 [ 366.747820][ T9031] ? mt_find+0x15c/0x5f0 [ 366.752088][ T9031] ? __pfx___get_user_pages+0x10/0x10 [ 366.757482][ T9031] populate_vma_page_range+0x29f/0x3a0 [ 366.762955][ T9031] ? __pfx_populate_vma_page_range+0x10/0x10 [ 366.768945][ T9031] ? userfaultfd_unmap_complete+0x278/0x2d0 [ 366.774847][ T9031] ? down_read+0x1ad/0x2e0 [ 366.779268][ T9031] __mm_populate+0x24c/0x380 [ 366.783884][ T9031] ? __pfx___mm_populate+0x10/0x10 [ 366.789032][ T9031] ? up_write+0x1c4/0x420 [ 366.793362][ T9031] vm_mmap_pgoff+0x3f0/0x4c0 [ 366.797955][ T9031] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 366.803072][ T9031] ? __fget_files+0x2a/0x420 [ 366.807665][ T9031] ? __fget_files+0x3a0/0x420 [ 366.812346][ T9031] ? __fget_files+0x2a/0x420 [ 366.816959][ T9031] ksys_mmap_pgoff+0x51f/0x760 [ 366.821741][ T9031] do_syscall_64+0xfa/0x3b0 [ 366.826253][ T9031] ? lockdep_hardirqs_on+0x9c/0x150 [ 366.831454][ T9031] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 366.837521][ T9031] ? clear_bhb_loop+0x60/0xb0 [ 366.842206][ T9031] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 366.848101][ T9031] RIP: 0033:0x7f608b18e929 [ 366.852519][ T9031] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 366.872139][ T9031] RSP: 002b:00007f608c036038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 366.880564][ T9031] RAX: ffffffffffffffda RBX: 00007f608b3b5fa0 RCX: 00007f608b18e929 [ 366.888540][ T9031] RDX: 0000000001000006 RSI: 0000000000b36000 RDI: 0000200000000000 [ 366.896510][ T9031] RBP: 00007f608b210b39 R08: 0000000000000006 R09: 0000000000000000 [ 366.904480][ T9031] R10: 0000000000028011 R11: 0000000000000246 R12: 0000000000000000 [ 366.912454][ T9031] R13: 0000000000000000 R14: 00007f608b3b5fa0 R15: 00007ffda0c374e8 [ 366.920433][ T9031] [ 366.923807][ T9031] Kernel Offset: disabled [ 366.928145][ T9031] Rebooting in 86400 seconds..