last executing test programs:

2m33.195540055s ago: executing program 3 (id=156):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000100)=0x7, 0x4)
recvmmsg$unix(r1, &(0x7f0000001d40)=[{{0x0, 0x5a, 0x0}}], 0x40001ec, 0x102, 0x0)
sendmmsg$inet(r1, &(0x7f0000000600)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000140)='\t', 0x1}], 0x1}}], 0x1, 0x4000010)
writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000300)='X\x00\x00\x00', 0x4}], 0x1)
close(0x3)

2m33.016923629s ago: executing program 3 (id=159):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r0}, 0x18)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10)

2m32.910524017s ago: executing program 3 (id=161):
syz_mount_image$nilfs2(&(0x7f0000000a40), &(0x7f0000000a80)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00a717cf64394a00dc299b573660f498c4d99aac48af10923f703f53e58070c2bf4575228d0e471df7101ac03b8d48a1b0fc276e395f25b63e9a27cd2ab98888989eec154d97b4dbcf", @ANYRESOCT, @ANYRESDEC=0x0], 0x1, 0xa09, &(0x7f0000001540)="$eJzs3UuMHEfdAPDq2Z31M5/H+WyyOCaxCSThkd14vZiHBXEUX7DiiFukiIvlOMHCMQhHgkQ52D5xI1FkrjzEKZcIEBK5ICsnLpGIJS45BQ4csIwUiQME7EW7WzU7+/eMemZt73h2fj+ptqa6aqaqZ3t6erq7qhIwthpLf+fnp6uULr3z5tG/P/y3LYtLnmiXaC39nexINVNKVU5Phtf7cGI5vv7Raye7xVWaW/pb0umZa+3nbkspnU/70uXUSnsuXXnjvbmnj184dnH/+28dvnpn1h4AAMbLty4fnt/9lz/dv/Pjtx84kja1l5fj81ZOb8/H/UfygX85/m+k1emqI3SaCuUmc2iEchNdynXW0wzlJnvUPxVet9mj3Kaa+ic6lnVbbxhlZTtupaoxsyrdaMzMLP8mT0u/66eqmbOnz7xwbkgNBW67fz6YUtonCMI4hoUdw94DASyL1wtvcj6eWbg17Veb7K/+a082uj8fboP13v7VP1r1/+qCPQ63z0bdmsp6lc/R9pyO1xHi/UuDfv7L68XrEc0+29nrOsKoXF/o1c6JdW7HWvVqf9wuNqqv57i8D98I+Z2fn/g/HZX/MdDdv5z/F4SxDQvD3gEBd61439xCVvLjfX0xf1NN/uaa/C01+Vtr8rfV5MM4++3LP0mvVyu/8+Nv+kHPh5XzbPfk+P8GbE88Hzlo/fG+30Hdav3xfmK4m/3+xLOnvvL8c1eW7/+v2tv/jby978vpVv5sXc4FyvnCeF69fe9/a3U9jR7l7g3tuadL+aXHu1aXq3atvE7q2M/c1I7p1c/b0avc3tXlWqHclhw2h/bG45Ot4Xnl+KPsV8v7NRnWtxnWYyq0o+xXduY4tgPWomyPve7/L9vndGpWL5w+c+rxnC7b6R8nmpsWlx9Y53YDt67f/j/TaXX/n+3t5c1G535hx8ryqnO/0ArL53osP5jT5XvuOxNblpbPnPzemedv98rDmDv3yqvfPXHmzKkfeOCBBx60Hwx7zwTcabMvv/T92XOvvPrY6ZdOvHjqxVNnDx46dHBu7tBXD87PLh3Xz3Ye3QMbycqX/rBbAgAAAAAAAAAAAPTrh8eOXvnzu1/+YLn//0r/v9L/v9z5W/r//zj0/4/95Es/+NIPcGeX/KUyYYDVqVCumcP/h/buCvXsDs/7RI7b8/jl/v+lujiua2nPfWF5HL+3lAvDCdw0XspUGIMkzhf46RxfzPEvEwxRtaX74hzXjW9dtvUyPoVxKUZT+b+VraGMY1L6f/ca16ns/3euQxu5/dajO+Gw1xHo7h/G/xaEsQ0LC2bxAO4Ow57/s5z3LPHZP3xz82Ioxa49uXp/GccvhVtxt88/qf6NNf9ne/67vvd/Yca81trq/ffPrn7QUW3a02/9cf3LONC7Bqv/41x/WZtHUn/1L/wi1B8vCPXpP6H+rX3Wf9P6711b/f/N9Ze37dGH+q1/ucVVY3U74nnjcv0vnjcurof1L2N7Drz+a5yo8UauH8bZqMwzO6hRmf+3l3gfxpdyuuwIy30Ocb6TQdtf7q8o3wO7w+tXNd9v5v8dbV/Lcd3nocz/W7bHVpd0oyPd7PLebtR9DYyqD13/E4SxDQsLC3f2hFaNoVbO0N//Yf9OGHb9w37/68T5f+MxfJz/N+bH+X9jfpz/N+bH+fVifpz/N76fcf7fmH9feN04P/B0Tf4na/L31OTfX5O/tyb/UzX5+2vyH6jJf7Am/96a/Idq8j9Tk//ZmvyHa/Ifrcn/XE3+Rlf6o4zr+sM4i/3zfP5hfJTrP70+/7tq8oHR9dO3Dzz13G++3Vru/z/VPh9SruMdyelm/u38o5yO171TR3ox792c/mvIv9vPd8A4ieNnxO/3R2rygdFV7vPy+YYxVHUfsaffcat6HeczWj6f4y/k+Is5fizHMzmezfGBHM+tU/u4M5769e8Ov16t/N7fEfL7vZ889geK40Qd7LM98fzAoPezx3H8BnWr9a+xOxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDQNJb+zs9PVyldeufNo88ePz27uOSJdonW0t/JjlSz/byUHs/xRI5/nh9c/+i1k53xjcV4KqUqzaUqVe3l6Zlr7Zq2pZTOp33pcmqlPZeuvPHe3NPHLxy7uP/9tw5fvYNvAQAAAGx4/wsAAP//2XsNow==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
pwrite64(r1, &(0x7f00000004c0)='^J7', 0x3, 0x4fed3)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x2000, 0x0)
sendfile(r0, r2, 0x0, 0xfffe80)

2m32.192569355s ago: executing program 0 (id=166):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="260f01c32e36260f212366b9090b000066b87a0a000066ba000000000f30b823018ee8ba610066ed0f01c2660f38810f2e0f656c7ff2e3090fa5800500", 0xffffffffffffff96}], 0x1, 0xf, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2m31.74950792s ago: executing program 3 (id=168):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000280)={[{@init_itable_val}, {@grpid}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@user_xattr}, {@dioread_nolock}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x1c, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]})
unlink(&(0x7f0000000180)='./file1\x00')

2m31.74932402s ago: executing program 0 (id=169):
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
write(0xffffffffffffffff, &(0x7f00000000c0)="24000000200099f0000000000000000002", 0x11)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="021380ee02"], 0x10}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="020300090c00000000420b00000000000200130002000000000000000000001f0300060000000051020049e4f0000001c99a00000000000002000100002000100000000200000000030005"], 0x60}}, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmmsg(r0, &(0x7f0000000180), 0x32bc45944b084a6, 0x0)

2m31.603076092s ago: executing program 0 (id=170):
r0 = io_uring_setup(0x2768, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xfffffffc, 0x40000})
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$nfc_llcp(r1, &(0x7f0000000240)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "d9298498abdba7f061bd1ca44c226af5160e961711a07760760beeab11e88509de7f1939e8abff005597c8ef039a5be42200", 0x38}, 0x60)
listen(r1, 0x0)
accept4$nfc_llcp(r1, 0x0, 0x0, 0x80000)
close_range(r0, 0xffffffffffffffff, 0x0)

2m31.38161845s ago: executing program 3 (id=171):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x3}}, @call={0x85, 0x0, 0x0, 0x23}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r0, &(0x7f0000000340), &(0x7f00000000c0)=""/109}, 0x20)

2m31.38102976s ago: executing program 0 (id=172):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount$bind(&(0x7f0000000880)='./file0\x00', &(0x7f00000008c0)='./file0\x00', 0x0, 0x5200, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file0/../file0\x00')

2m31.266305519s ago: executing program 0 (id=174):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r0, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x2, @loopback, 0xfffffffd}}, 0x0, 0x0, 0x7128, 0x0, 0x54, 0x6}, 0x9c)

2m30.980411872s ago: executing program 0 (id=177):
syz_mount_image$msdos(&(0x7f0000000740), &(0x7f0000000240)='./file0\x00', 0x1000000, &(0x7f0000000780)={[{@dots}, {@nodots}, {@dots}, {@fat=@codepage={'codepage', 0x3d, '949'}}, {@fat=@nfs}, {@nodots}, {@dots}, {@fat=@time_offset={'time_offset', 0x3d, 0x359}}, {@dots}, {@nodots}, {@nodots}, {@dots}, {@fat=@check_normal}, {@nodots}, {@nodots}, {}, {@fat=@tz_utc}, {@nodots}, {@nodots}, {@dots}, {@nodots}, {@dots}]}, 0x0, 0x1fe, &(0x7f0000001c80)="$eJzs3T9rE2EYAPDnrjW5uJhNEIUDFwcp6upSkQpiQFA66KRQXVoR7BJd2tGP4Af0A5TiEAQ5SS7ppdHUNkl7Rn+/ITz3PHn/hZfklrz36vq77a33u2+/Xv0SWZZEuh7r0UuiHWmM7MdU6fQSAPC36hVFHBSlsXRS45QAgHM25fd/3I8TmifuFABg+Tx/8fLJg05n41meZxGHxZUyvd/dLINHjzsbd/KBdtXqsNvdXDmq380n7x369UtxeVi/V7bPj9cbcetmfD741u0n8odPOxP1ZmydNPFs8Nqec/kAAAAAAAAAAAAAAAAAAAAAAFCLG5GPtCNu3y+z1fk+a2vj9b7WsF5ejZ0PNHF+z2pcWx1eVscDFXsXtTAAAAAAAAAAAAAAAAAAAABYIrsfP22/3tl586EKmhFxPHOWIBl2PMisjIKz93NBQRoL73lhS26e/4eQ/W4DVEFjMWO1/rCjkkVvknzm5t/n2vyTwYzrakTEXKOn00u9oihOuY1HmnV9OQEAAAAAAAAAAAAAAAAAwH+m+tPvr7WsjgkBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQA2q5//PEOxFxCnefDRYq9alAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8A/7GQAA//9t+y31")
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f0000000140), 0x10)
sendmsg$can_bcm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="050000000300000000000000", @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x48}}, 0x0)
recvmsg$can_bcm(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x42)
read(r0, &(0x7f0000001480)=""/4096, 0x1000)

2m30.628857651s ago: executing program 32 (id=177):
syz_mount_image$msdos(&(0x7f0000000740), &(0x7f0000000240)='./file0\x00', 0x1000000, &(0x7f0000000780)={[{@dots}, {@nodots}, {@dots}, {@fat=@codepage={'codepage', 0x3d, '949'}}, {@fat=@nfs}, {@nodots}, {@dots}, {@fat=@time_offset={'time_offset', 0x3d, 0x359}}, {@dots}, {@nodots}, {@nodots}, {@dots}, {@fat=@check_normal}, {@nodots}, {@nodots}, {}, {@fat=@tz_utc}, {@nodots}, {@nodots}, {@dots}, {@nodots}, {@dots}]}, 0x0, 0x1fe, &(0x7f0000001c80)="$eJzs3T9rE2EYAPDnrjW5uJhNEIUDFwcp6upSkQpiQFA66KRQXVoR7BJd2tGP4Af0A5TiEAQ5SS7ppdHUNkl7Rn+/ITz3PHn/hZfklrz36vq77a33u2+/Xv0SWZZEuh7r0UuiHWmM7MdU6fQSAPC36hVFHBSlsXRS45QAgHM25fd/3I8TmifuFABg+Tx/8fLJg05n41meZxGHxZUyvd/dLINHjzsbd/KBdtXqsNvdXDmq380n7x369UtxeVi/V7bPj9cbcetmfD741u0n8odPOxP1ZmydNPFs8Nqec/kAAAAAAAAAAAAAAAAAAAAAAFCLG5GPtCNu3y+z1fk+a2vj9b7WsF5ejZ0PNHF+z2pcWx1eVscDFXsXtTAAAAAAAAAAAAAAAAAAAABYIrsfP22/3tl586EKmhFxPHOWIBl2PMisjIKz93NBQRoL73lhS26e/4eQ/W4DVEFjMWO1/rCjkkVvknzm5t/n2vyTwYzrakTEXKOn00u9oihOuY1HmnV9OQEAAAAAAAAAAAAAAAAAwH+m+tPvr7WsjgkBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQA2q5//PEOxFxCnefDRYq9alAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8A/7GQAA//9t+y31")
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f0000000140), 0x10)
sendmsg$can_bcm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="050000000300000000000000", @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x48}}, 0x0)
recvmsg$can_bcm(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x42)
read(r0, &(0x7f0000001480)=""/4096, 0x1000)

2m30.580566614s ago: executing program 3 (id=181):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, &(0x7f0000000340), &(0x7f0000000380)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

2m30.361568142s ago: executing program 33 (id=181):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, &(0x7f0000000340), &(0x7f0000000380)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

1m41.754055951s ago: executing program 4 (id=497):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x13, 0x1ffffffffffffe14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x10000}, 0x94)
r0 = syz_io_uring_setup(0x53f, &(0x7f0000000440)={0x0, 0x807734, 0x400, 0xfffffff8, 0xfe}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f00000002c0)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x20, 0x2000, @fd, 0x0, 0xfa4, 0x1, 0x10, 0x1})
io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0)

1m41.586277364s ago: executing program 4 (id=498):
r0 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r3 = eventfd2(0x6, 0x80801)
io_uring_register$IORING_REGISTER_EVENTFD(r0, 0x4, &(0x7f0000000000)=r3, 0x1)
syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x5c, 0x0, @fd=r0, 0xa1f, 0x0, 0x5, 0x2, 0x1})
io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0)

1m41.346926923s ago: executing program 4 (id=502):
r0 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x4cfb, 0x80, 0x3, 0x135}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x42}, 0x94)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345})
io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0)

1m40.665389898s ago: executing program 4 (id=509):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devtmpfs\x00', 0x0, 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r0 = open_tree(0xffffffffffffff9c, &(0x7f00000002c0)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000400)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f0000000080)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000100)='./file0\x00')

1m40.501610591s ago: executing program 4 (id=510):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000280)={{0x0, 0x4, 0x0, 0x9}, 'syz1\x00', 0x9})
ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x51)
ioctl$UI_DEV_CREATE(r0, 0x5501)
r1 = syz_open_dev$evdev(&(0x7f0000000100), 0x72, 0x0)
ioctl$EVIOCSFF(r1, 0x40304580, &(0x7f0000000500)={0x50, 0x9, 0xd, {0x2, 0xdac}, {0x8000, 0x7}, @cond=[{0xeeb, 0x405, 0x5, 0x610b, 0x8, 0x2cf2}, {0x2, 0x2, 0x5, 0xfff9, 0x6, 0x3b7e}]})

1m39.952762985s ago: executing program 4 (id=516):
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="1c0000005e000100"/20, @ANYRES32=r2, @ANYRES32=r1], 0x1c}}, 0x0)

1m39.621303582s ago: executing program 34 (id=516):
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="1c0000005e000100"/20, @ANYRES32=r2, @ANYRES32=r1], 0x1c}}, 0x0)

6.293091745s ago: executing program 2 (id=1280):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd(0x1008c69)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000001c0)={0xfffffffffffffffc, 0x0, 0x1, r2, 0x8})
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000040)={0xfffffffffffff001, 0x0, 0x8, r2, 0xc})

5.310976514s ago: executing program 2 (id=1286):
syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000500)='./bus\x00', 0x18418, &(0x7f0000000200)=ANY=[@ANYRES8=0x0, @ANYRES8], 0xfe, 0x4be, &(0x7f0000000880)="$eJzs20tslNUbx/HfM+/MMB36/1suFjAEmmhiBYFesEBqYrjYaMJFC9VIvKTSKVZ6IZ2ilICwVHcuWLp068KVcWtIXBoXBmNYmCAbN7MSd5jzznuboZepbWda5vshcN7L8w7nnGfeOedM3hEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJCOvXq0q9saXQsAAFBPp88OdvUy/gMA0FTOsf4HAABoJiZPv8u071LJTvn7ZbmTY5NXrg6dGJj7shaTKSXPj3d/c909vQdf6jt0OCwXvn6l7dCZs+eOdhyfmrg8XSgWCyMdQ5NjF6ZGCjW/wnKvr7bH74COiUtXRkZHix09+3srTl9te7BhY3tbf997x7Nh7NCJgYGziZh05j//74+Zb4aflacXZPr4+2/ttKSUlt8Xi7x3VluL34g9fiOGTgz4DRkfG56ccSctFUSlKvskG/ZRHXKxLCnJ1cuyK7Nmy8jTDzIdO1CyM5K8sB/2+l8M11SfRki7paukTq2DnK1hG+TpA5nuHGjTG0G/+vnPStcbXTmsunRw/09Zyd70Pw/c/eQ+Nk++1fH65OhUItZSwR213seHelrjn005eTrj3/ElG9TuRlcHddYiTxMyZb/6xJ9XyJ+XPtV/aNfuI8kZxrZFXsfF7g9urlrG5EwwdbCU+7Py7UJtcubpT5ke/pbz9zvDMUC69WihC/+oS/Ww2szTuEz/3CiZVa1LvcT6PrLex/7VrX9L7vjU5dnpsYsfzcx5Pp87+mFxZnr4wtyny2tXL3lksXVstdTSlmR5K6/4Pv+0FF0XrAH+V96La/PN9fi90FlVhpLvn1q2a17FLmEe5epk5um+TKPvby+PM8ovuW+agcv/gEzF0s8WZjrIf7q8l8j/y3H/5ayyjPi5/X/5e61wLrHj/Nb5jq9G/l2dXP7fkenY39uD7zTK+feqYl1cu0zv3t4ZxKWyLi4dNqf8iqNj44UuF/tIps0/hbHyY/NB7JY4ttvFFmX64k5l7MYgdmsc2+Ni78p079e5Y5+OY3td7KzL172OMDbvYncFse1x7P4LU+Mji3Wry3+PTG/ffM3CNs+b/8T9f6uqjDyW84W3Vyr/bYljt4K8ng/yn14k/1/KNPvXzrDdft+Hb6tN/r9x/t1c+bvblbHhgnJzHNtda7MazeV/k0wPXrkbtTloW7AbZchL5v+ZdGUZ9WuD8r8pcawtqFd2qZ3RhIqz1y4Nj48Xptlovo3M2qgGG2txo9GfTKgHN/4PulG9z7NwHhOM/63lvXjG9PCzePzvryojDRr/NyeO9Qezlkxays1MXM5sk3LF2Wv7xiaGLxYuFiZ7D/Z19Rw52NV7OJMNJ3fxVs199yRw+d8r040ff4nWMZXzv7nn//mqMtKg/G9JtqliXlNzVzQll/9Wmfru343Wm/PM//38h+v/zmcry+j+a1D+tyaOtQX1al1iXwAAAAAAAAAAAAAAAADAepI3T8/JdHXwRQt/Q1TL838jVWWk6jkvW/7zX+UfJi/y/Fd74tjIyv+uweY6taSOBgAAAAAAAAAAqJOUPH0t0/Mq2U13oFU6lSzxRPs3AAD//6qLRy4=")
setrlimit(0x1, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff})
truncate(&(0x7f0000000100)='./file1\x00', 0x20fdfffffe)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143441, 0x98)
write$binfmt_misc(r0, &(0x7f0000000240)='>', 0x1)
write$apparmor_current(r0, &(0x7f0000000000)=@hat={'permhat ', 0x4}, 0x1b)

4.639659628s ago: executing program 2 (id=1292):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
recvmmsg(r1, &(0x7f0000004400), 0x3fffffffffffff2, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000005, 0x8031, 0xffffffffffffffff, 0x0)

3.956596072s ago: executing program 1 (id=1293):
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x8000}, 0x8)
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xb, &(0x7f0000000080)=0x2, 0x4)
sendmmsg$inet6(r0, &(0x7f0000002d00)=[{{&(0x7f0000001080)={0xa, 0x4e22, 0x1, @private2, 0x10001}, 0x1c, &(0x7f00000010c0)=[{&(0x7f00000011c0)="e6", 0x1}], 0x1}}], 0x1, 0x0)
shutdown(r0, 0x1)
getsockopt$bt_hci(r0, 0x84, 0x7f, &(0x7f0000000080)=""/4057, &(0x7f0000001180)=0xfd9)

3.745491699s ago: executing program 1 (id=1294):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CAP_DISABLE_QUIRKS2(r1, 0x4068aea3, &(0x7f0000000740)={0xd5, 0x0, 0x12})
ioctl$KVM_CAP_X86_DISABLE_EXITS(r1, 0x4068aea3, &(0x7f0000000340)={0x8f, 0x0, 0x6})
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, 0x0}], 0x1, 0x0, &(0x7f00000000c0)=[@cr4={0x1, 0x52040}], 0x1)

3.49121393s ago: executing program 6 (id=1295):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0xffff, 0x0, @private1, 0x200000}, 0x1c)
sendto$inet6(r0, &(0x7f00000001c0)='O', 0x1, 0x80, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c)
shutdown(r0, 0x1)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7c, &(0x7f00000000c0), &(0x7f0000000180)=0x8)

3.449225953s ago: executing program 2 (id=1296):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000410, &(0x7f0000000100)={[{@grpid}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0x40086602, &(0x7f0000000080)={@id={0x2, 0x0, @d}})
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0x40086602, &(0x7f0000000080)={@desc={0x84c00, 0x0, @desc2}})
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000280)=0x40)

3.212742182s ago: executing program 1 (id=1297):
r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00')
read$FUSE(r2, &(0x7f0000002080)={0x2020}, 0x2020)

2.756221189s ago: executing program 6 (id=1298):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd(0x1008c69)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000001c0)={0xfffffffffffffffc, 0x0, 0x1, r2, 0x8})
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000040)={0xfffffffffffff001, 0x0, 0x8, r2, 0xc})

2.755487269s ago: executing program 2 (id=1306):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)

2.48620569s ago: executing program 6 (id=1300):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = signalfd(0xffffffffffffffff, &(0x7f0000000140)={[0x9]}, 0x8)
r1 = syz_io_uring_setup(0xddf, &(0x7f0000000300)={0x0, 0xd95f, 0x10100, 0x0, 0x242, 0x0, r0}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x3, r0})
io_uring_enter(r1, 0x353, 0x0, 0x0, 0x0, 0x0)
signalfd(r0, &(0x7f0000002340), 0x8)

2.48605493s ago: executing program 2 (id=1301):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5ac, 0x8241, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000400)={0x20, 0x1, 0x1, "bc"}, 0x0})
r1 = syz_open_dev$hiddev(&(0x7f0000000580), 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r1, 0xc018480b, 0x0)

2.346295342s ago: executing program 6 (id=1302):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r0, &(0x7f00000002c0)="88", 0x1, 0x31, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000200)=""/185, 0xb9, 0x40000002, 0x0, 0x0)
sendto$inet(r0, &(0x7f00000004c0)="3ce2", 0x2, 0x805, 0x0, 0x0)

2.226778141s ago: executing program 1 (id=1303):
syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000040)='./file0\x00', 0x1000000, &(0x7f0000004300)=ANY=[@ANYBLOB='nonumtail=0,iocharset=cp950,umask=00000000000000000000000,uni_xlate=1,uni_xlate=1,shortname=win95,utf8=0,shortname=win95,utf8=1,uid=', @ANYRESHEX=0x0, @ANYBLOB="2c73686f72746e616d653d77696e6e742c756e695f786c6174653d312c696f636861727365743d6d616363726f617469616e2c696f636861727365743d63703433372c757365667265652c726f6469722c7569643e74353a7bd912f41b207e4bc4478b479f5a21373fd412d72f65702b57308921a665e19ef4cc41aac5e7c09d211fd4c1fbf43833c769c6b16297c14d0d92df4f0371acd1b184d6", @ANYRES16, @ANYBLOB="1b7127597c865ddc2f"], 0x6, 0x2b7, &(0x7f00000007c0)="$eJzs3T+LY1UUAPDzMpmXqEVSWIngAy2slp1tbTLILCymUlKohS7uLsgkCLsw4B+MU9naWPoJBMHOL2HjJ1CwFe2cYuDKe3nPZGKSmchEcfz9mjm57577zru5zDBFTt59fnL8oIhHp5/8FN1uFq1BDOIsi360ovFZXDD4IgCA/7KzlOK3NFO+bl8xL4uI7m5LAwB2ZPnv/6W+3XlJAMCOvfHmW68dDodHrxdFN+5OPj8Zlf/Zlz9n1w8fxfsxjodxO3pxHpH+NIvvppSm7aLUj5cm05NRmTl55/t6/cNfIqr8g+hFvxq6mH9veHRQzCzkT8s6np7dP2Vl/p3oxbMr7n9veHRnRX6M8nj5xYX6b0UvfngvPohxPKiKmOd/elAUr6Yvf//47bK8Mj+bnow61by5tLe8d53dvz0AAAAAAAAAAAAAAAAAAAAAANxQt+reOZ2o+veUQ3X/nb3z8sV+FI3+xf48s/ysWWihP1AeKU1TfNX017ldFEWqJ87z2/Fc+8rthgEAAAAAAAAAAAAAAAAAAOBGe/LhR8f3x+OHj68laLoBNB/r/7vrDBZGXojNkzvze7XqcMPKsdfMySLWlZGV21I+xDVty2XBU+tq/vqbbRfsXj5nf9P+XE/QnK7j+9nqPexEM9JtDsl3i3PyqIIff113i/JdL4N8XRlpq+OXr7zU2/rZ82eqYLphTmSbCnvl59nO1SPZ8lPk1a6uTN+vg4X0pbOx1Xn+6++KTLcOAAAAAAAAAAAAAAAAAADYqfmHfldcPN2Y2kqdnZUFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP+o+ff/bxFM6+SNk1tVkMfjJ//yIwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPA/8EcAAAD//8Q9Xoo=")
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0)
ioctl$RNDADDTOENTCNT(r0, 0x40045201, &(0x7f0000000000)=0x2)

2.026074237s ago: executing program 1 (id=1304):
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x19, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x101880a, &(0x7f0000005a80)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c61636c2c6673796e635f6d6f64653d7374726963742c696e6c696e655f78617474722c6673796e635f6d6f64653d706f7369782c646973636172645f756e69743d7365676d656e742c6261636b67726f756e645f67633d6f6e2c6e6f696e6c696e655f78617474722c646973636172645f756e69743d626c6f636b2c6673796e635f6d6f64653d7374726963742c617467632c657874656e745f63616368652c6661756c745f696e6a656374696f6e3d30303030303030303030303030303031343033302c00271d57a599b8b169a579679e220c689eaaec4fa6229021e75c68a687d319b615573b0b0ceefba8e2e2419434463974ef8174b66469344931de0ccad650792761"], 0x1, 0x550b, &(0x7f0000000540)="$eJzs3M1rI2UYAPAn/dhv1yIevO3AIrSwiU0/Fr1V3cUP7FJWPXjSNElDdpNMadK09uTBo3jwPxEFTx79Gzx49iYeFG+Ckpmpbv0AoWlj298PJs+8b94887xhWXhmSgK4sOaSX34qxc24GhHTEXEjIjsvFUdmLQ/PRcStiJh64igV839MXIqIaxFxc5Q8z1kq3vrszvD26o9v/vz1t5dnrn/+1XeT2zUwac9HRHc7P9/r5jFt5fFRMV8btrPYXRkWMX+j+7gYp3nca25mGfZqh+tqWVxu5evT7d3+KG51avVRbLW3svntXn7B/rB1mCf7wKPaTjZuNDez2O6nWWwd5HXtH+T/tx30B3meRpHvwyx9DAaHMZ9v7jfz/Ww/zmK9Nyjm87xpo7k/isMiFpeLetppZHVsHueb/n97q93b3U+GzZ1+O+0lq5Xqi5Xq3XJ1J200B82Vcq3buLuSzLc6o2XlQbPWXWulaavTrNTT7kIy36rXy9VqMn+vudmu9ZJqtbJcWSyvLhRnd5LXHrybdBrJ/Ci+0u7tDtqdfrKV7iT5JxaSpcrySwvJ7Wry9vpGsvHw/v31jXfev/feg5fX33i1WPS3spL5pcWlpXJ1sbxUXbhA+/+4KHqM+4djKU26AICzR/8PTMLJ9f87DyNOvv8P/f9YnKn+9/z1/3svREx0/3As+n8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAvr+9kvXs9O5vLx9WL+qWLqmWJcioipiPjtH0zHpSM5p4s8s/+yfvYvNXxTiizD6BqXi+NaRKwVx69Pn/S3AAAAAOfXlx/d+jTv1vOXuUkXxGnKb9pM3fhgTPlKETE798OYsk2NXp4dU7Ls3/dM7I8pW3YD68qYkuW33GbGle0/mT4SrjwRSnmYOtVyAACAU3G0EzjdLgQAAIDT9MmkC2AySnH4KPPwWXD2l/d/PhC8emQEAAAAnEGlSRcAAAAAnLis//f7fwAAAHC+5b//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7NzP7eJA1EcgJ8NXth/WrTa+7ayNyhjS9jjHiMKSBMUkANpIQ1QA7mlhAgiPA6BiEMkj20l+j7JmYxlfrxBcJgZaQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu3Vfrxe3V7+u2Obt9O3lGAwAAAFyyrdaL+p9Z6n9t7n9vbv1s+kVElBFxae4+ik9nmaMmp3p5/ub0+epVDXcRdcLhPSbN9SUi/jTX44+uPwUAAAD4uDbL1TzN1tOf2dAF0ae0aFN++5spr4iIavaQKa085P3KFFZ/v8fxP1NavYA1zRSWltzGudLepP65H1ftpidNkZry4suORWYbOwAA0KPRWdPvLAQAAIA+/Ru6AIZRxPNW5nErcJKaZnvv81kPAAAAeIeKoQsAAAAAOlfP/3s6/2/v/D8AAAAYRjr/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC5tq/Vis1zN2+bs9u3kGQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyxP+8oEAJhEAZ713cmc//DSoOmpiZVIHz8jcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMX+vKRACARBFMwZ/zvp+x9WEvQMIkRAw6OKWjQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMXO/bzGUcUBAP/OzM7WtooxSg4RUfCgF5tua2tv4kEJHvwThJBua+zWH20QW4qYizfJuRfRo4igxFv/h55b6KXeethDBc/KzM5kp23A9dfMNvl84M377jDM+75ZCPnOewkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtfFb0zgrDguTOK3O3bp/bb3obz/UF25s31kuWhEnbSb9eHih+SFZioij3SUDAADAwZDV9X1E3M13Vos+XSjr/7y+pqj5v31qElf1/Gd1yfpw/V/X/kX75ed7z+0OtDAZp7jpuY3R8PijqfT+rznOu6f/8ope+eTLdy9Z+YWk7249O87L55l8ffPm2/0yPNRGtgDAP3Gs7qug/n2o6AddJgbAgdFrFN51/Z8tdJsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQBvGW3G0jpOIWO5N48Lt+9fW9+pvbN9Zrtvp69e348vpPYtb5BFxbmM0PN7qbObb5StXL6yNRsNL7QcvRkRXo79ZTf/C+zNcHNHJ8xH8R0Fafdnzks/jEXT4QwkAgH0pr1pR19/Nd1aLc8lixB/fPVj/v9KIY8b6/94Hp281x2rW/4PWZjj/VjYvfrJy+crV1zYurp0fnh9+9PqJwRuDk2dOnTqzUr4rWfHGBAAAgH+nX7Vm/Z8uPrr+f6QRx4z1/6ffDL5ojpWp//c0XfTrOhMAAICD7ZmXfv8t2eN80u/H52ubm5cGk+Pu5xOTYwep/m2Hqtas/7PFrrMCAAAA2jDeSh5Y/z/biGPG9f8nv3/+x+Y9s4g4XK3/H1v/eHS2venMtTb+nLjrOQIAANCtw1Vrrv/n5f7/dHfLQxoRr748iat/AzhT/Z+989UPzbGa+/9PtjfFuZQuTZ5H2S9F9Ja6zggAAID97ImqFcX+r/nO6oc/HXmvb/8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQNv+DAAA///fxzxy")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143441, 0x98)
pwritev2(r0, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0xfdef}], 0x1, 0xe7b, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
pwritev2(r1, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1f, 0x5412, 0x0, 0x0)

1.876738939s ago: executing program 5 (id=1307):
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x140, 0x82)
r1 = fanotify_init(0x81, 0x0)
fanotify_mark(r1, 0x105, 0x40001032, r0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0xedc623580215bdcd, 0x12, r2, 0x0)
read$FUSE(r1, &(0x7f00000057c0)={0x2020}, 0x2020)

1.811203345s ago: executing program 5 (id=1308):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000011c0)={'vxcan0\x00', <r1=>0x0})
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r2, &(0x7f0000000040)={0x1d, r1, 0x3, {0x0, 0xf1, 0x4}, 0xfe}, 0x18)
bind$can_j1939(r0, &(0x7f0000001200)={0x1d, r1}, 0x18)
sendmsg$can_j1939(r0, &(0x7f0000000400)={&(0x7f00000002c0)={0x1d, r1, 0x3, {0xdbc3898a7c48bff3, 0xff, 0x2}, 0xfe}, 0x18, &(0x7f00000003c0)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0x8800)

1.426029535s ago: executing program 6 (id=1309):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
unlinkat(0xffffffffffffff9c, 0x0, 0x0)
r0 = open(&(0x7f0000000180)='./file1\x00', 0x4827e, 0x184)
fallocate(r0, 0x0, 0x0, 0x8800000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x14a)
fallocate(r1, 0x20, 0x0, 0x8000)

1.006083679s ago: executing program 1 (id=1310):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f00000001c0)={[{@coherency_buffered}, {@heartbeat_none}, {@coherency_full}, {@commit={'commit', 0x3d, 0x4}}, {@heartbeat_none}, {@localflocks}, {@intr}, {@dir_resv_level={'dir_resv_level', 0x3d, 0x5}}, {@noacl}, {@resv_level={'resv_level', 0x3d, 0x1}}, {@journal_async_commit}, {@commit={'commit', 0x3d, 0xf9}}]}, 0x9, 0x442b, &(0x7f0000004480)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzsLOwIaVsGDr53NgmOf38p159pnD8MSJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4n2zb/6H965/2dOI6Oehr75/s6vmL7944E8L3sz8+WV9fXw9V3SERhWZDTb//9uu9meZjQxzSqu2GjvoghHByy7iqukII739X/xTnkrTR5NgbQjiWfMIb9z67mduj0Tx8XDybfzp1f2349OTqg7XWnz0K4avS/167Pf/zi13DP72yR90DAAAAAAAAAAAAAAAAAPCMG7929fo7g0PhURS6V6Ot7+uOJ8dW78eu75kXOv9hAQAAAAAAAAAAAAAAAAAA4G9q8/3/XHRim/f/x5LjSIv66291fox0zsTbV8cuDA4l+79HW/JfT5J+OdcV+rfZ9z27//u5TP3t93/f2s9uNcbX6LcvRPFA6jyOBwZC+CbZ+P1UdCQulZcqr94qLy/M7tkwnlnp+Nd3709FJ9nQv934j2ba7/z+///dcjVVz2/u3SX2XEvHv6tluW8/jdqK//lMvf2IP7uXjn93La23ucBIfQKoxv/z7p3jP5Zpv1PxPx5CyEXVseZSM0B1DVNNb7VeIS0d/0O1tNTUmfwhW93/v2fifyHT/kHN/yvZLyK2lY7/v2ppPakSm/d/f7zz/X8x0/5BxL86/hXf/21Jx/9wPbE7VaT2l2x3/h/PtN+p+F+Pk3Eej1JXwGpUT2/1/+pIS8e/Z0v+5vNf3Nb671Km/n49/zX6bTz/Nab/l6P68x/bS8e/t2W5du//iUy9Ts//I7X1H7uVjv+RWlp67dxX+9lu/Ccz7Xcq/rVVSU8j/pvzyR+H6+lfW/+1JR3/f9cT4+YSK7WftfVftPP6/3Km/YNY/1XHvxJ3ttfnRXP8u8LRluWq8f+hje//K5l6nY9/CIPW+ruWvv+PtSxXu/97do7/VKZep+P/UicbBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgGjCbHvhDFA6nzOB4YCOF8cn4qHImmC7P56VJ55qOlEMaS9Fw4Ed0ulacLpfzcQnm2mC+USuWZEC4k+SdDT7RUKlfy84W7Fzfa6o3uFAuLlelioRJCGE/S/x+ONdqanqvMF+6GEC5t5P0nLi/evVNYyM/OLb45ODg4GCY2xtAfFT+pFBcq9d7ruSFMbtTti5oGV8u+vDGWo9GH5eXFhUKpln6lqU6pPFMoNdWZSvK+CP1RZXF5YaZQKeZL5duN/g7SSHIcm7j23rUrQ1vyb0b14+j+DgsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAv+jR8BtfhhC662dxCGGk8Uu0XfmHj4tn80+n7q8Nn55cfbD2pFU5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgD/ZgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwi4dozQQRGEAfjMWaucxrJbdznZFES1cETyBHsPD6FG8hHdIkSJtihBIZiFsdmGbpPq+5sH8zLwH8wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJjn6b37eKubiBRXm8uIv6//xWH+UurP/fj9izPMyOk8v3YPj3VT/j0d5XflaNnmXbpefX/GSO39DvZkuE97fZ/rybmm9m1qvr7vTaRcRURb8tuUc1XNewsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtuzAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhB44FAAAAAIT5W0fRtwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/AgAA//+Elx0W")
r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
sendfile(r1, r2, 0x0, 0xfffe82)
write$cgroup_type(r0, &(0x7f0000000200), 0x175d9003)

1.005893079s ago: executing program 5 (id=1311):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfd}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1084}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r3, r1, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0x3a, &(0x7f0000001c00)={@local, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x2, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x18, 0x0, @wg=@data={0x4, 0x2007407, 0xfffffffffffffffd}}}}}}, 0x0)

906.801657ms ago: executing program 5 (id=1312):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)

333.685593ms ago: executing program 6 (id=1313):
syz_read_part_table(0x403a, &(0x7f0000004040)="$eJzs0D1KA2EQBuBZQbCxsBAs5wiyspZ6AQ+hrAsKi40/mCLN5l6BXCNFjpArJLAJSbtFElI8T/O98DHDy7x8fv3+Zz1qs8y39ifv8+M9y6rK76bOx4c4gWKXrmISRXRxE5dDBl+vF8tjFjsXt3dxsY1Fn1bxvP99mm1u2L8RMe6G7p1Pm79DdwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYM0OHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrADByQAAAAAgv6/bkegAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8FAAD//8QZE0c=")
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0)
r1 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xf691, 0x10100, 0x0, 0x2b4}, &(0x7f0000000180)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x200}})
io_uring_enter(r1, 0x708, 0x2bff, 0x2, 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000000)=0x400)

333.549263ms ago: executing program 5 (id=1314):
syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000900)={[{@noblock_validity}, {@noauto_da_alloc}, {@jqfmt_vfsold}, {@stripe={'stripe', 0x3d, 0x3}}, {@noauto_da_alloc}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x5}}, {@resuid}, {@dioread_lock}, {@jqfmt_vfsv1}]}, 0xfc, 0x550, &(0x7f0000000340)="$eJzs3d9rW1UcAPDvTdv91nUwhvoghT04mUvX1h8TfJiPosOBvs/Q3pXRZBlNOtY6cHtwL77IEEQciH+A7z4O/wH/ioEOhoyiD75EbnrTZWvSZm22Zubzgduec89Nzz0593t6bk5CAhhaE9mPQsSrEfFtEnG4rWw08sKJteNWH16fzbYkGo3P/koiyfe1jk/y3wfzzCsR8dvXEScLG+utLa8slMrldDHPT9YrVyZryyunLlVK8+l8enl6ZubMOzPT77/3bt/a+ub5f3749O5HZ745vvr9L/eP3E7ibBzKy9rbsQM32jMTMZE/J2Nx9okDp/pQ2SBJdvsE2JaRPM7HIhsDDsdIHvXA/99XEdEAhlQi/mFIteYBrXv7Pt0HvzAefLh2A7Sx/aNrr43Evua90YHV5LE7o+x+d7wP9Wd1/PrnndvZFv17HQJgSzduRsTp0dGN41+Sj3/bd7qHY56sw/gHz8/dbP7zVqf5T2F9/hMd5j8HO8Tudmwd/4X7faimq2z+90HH+e/6otX4SJ57qTnnG0suXiqn2dj2ckSciLG9WX6z9Zwzq/ca3cra53/ZltXfmgvm53F/dO/jj5kr1Us7aXO7BzcjXus4/03W+z/p0P/Z83G+xzqOpXde71a2dfufrcbPEW907P9HK1rJ5uuTk83rYbJ1VWz0961jv3erf7fbn/X/gc3bP560r9fWnr6On/b9m3Yr2+71vyf5vJnek++7VqrXF6ci9iSfbNw//eixrXzr+Kz9J45vPv51uv73R8QXPbb/1tFbXQ8dhP6fe6r+f/rEvY+//LFb/b31/9vN1Il8Ty/jX68nuJPnDgAAAAAAAAZNISIORVIorqcLhWJx7f0dR+NAoVyt1U9erC5dnovmZ2XHY6zQWuk+3PZ+iKn8/bCt/PQT+ZmIOBIR343sb+aLs9Xy3G43HgAAAAAAAAAAAAAAAAAAAAbEwYh9nT7/n/ljZLfPDnjmfOU3DK/u8Z+X9OObnoCB5P8/DC/xD8NL/MPwEv8wvMQ/DC/xD8NL/MPwEv8AAAAAAAAAAAAAAAAAAAAAAAAAAADQV+fPncu2xurD67NZfu7q8tJC9eqpubS2UKwszRZnq4tXivPV6nw5Lc5WK1v9vXK1emVqOpauTdbTWn2ytrxyoVJduly/cKlSmk8vpGPPpVUAAAAAAAAAAAAAAAAAAADwYqktryyUyuV0UUJiW4nRwTgNiT4ndntkAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBH/gsAAP//sQI4ww==")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
r0 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x8a73, 0x100, 0x22, 0x1b7}, &(0x7f0000000300)=<r1=>0x0, &(0x7f00000001c0)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0x103, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r0, 0x47ba, 0x3000000, 0x0, 0x0, 0x0)

0s ago: executing program 5 (id=1315):
syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x0, &(0x7f0000000c00), 0x1, 0xb7e, &(0x7f0000000c40)="$eJzs3M1rVFcbAPDn3nwYNb6JL/LyWkoNtGChOBrFSl2py9ZFof0DDHEiIdcPkhRMcBHbhXRVC910UWgXpX9AoetstNBV6aaVFrqXShHdp9zJnWQwM0mqMx4/fj84c8/HZM7z5JK555C5E8BLa6x8yCP2R8S5LGKk6s8jYrBRG4pYWn3eg/vXJh/evzaZxcrKB39nkVV9zdfKquPuqjEUEb+cyeK/n2ycd25hcWaiKOqzVfvw/MUrh+cWFg9NX5y4UL9QvzR+YvzY8RPHjr99pGu5vrv35tmvxk/t+f7Mrauv3fj9yyxOxXA11ppHt4zFWKxUWvv7I2Ki25Ml0lflk7X0Zf0JAwIAYFN5yxrufzESfbG+eBuJW78mDQ4AAADoipW+WPsfFQAAAPCiyuz/AQAA4AXX/BzAg/vXJpsl7ScSnq57pyNitF3+/bHUOA7FQETsepBF622t2eqPPbGxiNj30+iPZYke3Ye8maXrEfH/dvlnjfxHG3dxb8w/j4hu3Jk99kj7ecr/VBfmT50/AC+n5dOrF7KN1798bf0Tba5//W2uXY8j9fWv8/pvPf++Duu/97c5R/3Ap593Gmtd/xXfvnq7nL88PlFS/8K96xGv9Hde/5T5Zx3yP7fNOQb++PmHTmNl/mW+zfK081/5JuJg2/3P+jfaZJt/P9HhqemiXj22nePG7e/2dZq/9fyXpZy/uRd4Gsrzv6tD/lud/yvbnGP5r4N/dhrbOv/87mD2YaM2WPVcnZifnx2PGMzObuw/unkszec0X6PM/83XN//7b5d/+Z6wVP0eyr3A9epYtj9+ZM5D773zxuPn31tl/ucf8/zf3OYcX382e7fTWOr8AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHg+5BExHFleW6vnea0WsTsi9sWuvLg8N//W1OWPLp0vxyJGYyCfmi7qRyJiZLWdle3xRn29ffSR9rGI2BsRX4zsbLRrk5eL86mTBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYM3uiBiOLK9FRB4RD0fyvFZLHRUAAADQdaOpAwAAAAB6zv4fAAAAXnz2/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPTY3gPLd7KIWDq5s1FKg9XYQNLIgF7LUwcAJNOXOgAgmf7UAQDJ2OMD2RbjQx1HdnQ9FgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeXQf3L9/JImLp5M5GKQ1WYwNJIwN6LU8dAJBMX+oAgGT6UwcAJGOPD2RbjA91HNnR9VgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeHYNN0qW1yIib9TzvFaL2BMRozGQTU0X9SMR8Z+I+G1kYEfZHk8dNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF03t7A4M1EU9VkVFRWVtUrqdyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFKYW1icmSiK+uxc6kgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA1OYWFmcmiqI+28NK6hwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEjnnwAAAP///JMJmQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0/file0\x00', 0x0, 0x650ce4b086bd440f)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180), 0x40000, 0x0)
read$FUSE(r1, &(0x7f0000000640)={0x2020, 0x0, 0x0, <r2=>0x0}, 0x2020)
setresuid(r2, r2, r2)
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40806685, &(0x7f0000000440)={0x1, 0x1, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0})

kernel console output (not intermixed with test programs):

t_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  122.554612][ T5838] hub 2-1:32.0: bad descriptor, ignoring hub
[  122.568581][ T5838] hub: probe of 2-1:32.0 failed with error -5
[  122.583874][    T8] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  122.591572][ T7074] loop4: detected capacity change from 0 to 512
[  122.631748][ T7074] EXT4-fs: Ignoring removed bh option
[  122.657907][ T7074] EXT4-fs: Ignoring removed mblk_io_submit option
[  122.678118][ T6407] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  122.702892][ T7074] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  122.793203][ T7074] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  122.808575][    T8] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -71
[  122.819619][ T7074] ext4 filesystem being mounted at /14/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  122.829954][    T8] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -71
[  122.840964][    T8] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  122.852952][    T8] smsc75xx: probe of 3-1:0.184 failed with error -71
[  122.890708][    T8] usb 3-1: USB disconnect, device number 7
[  122.912171][   T27] audit: type=1800 audit(1754630222.451:21): pid=7074 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.338" name="syzkallers" dev="loop4" ino=18 res=0 errno=0
[  123.039130][ T6399] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  123.042250][ T5838] usb 2-1: reset high-speed USB device number 4 using dummy_hcd
[  124.204055][ T5829] usb 2-1: USB disconnect, device number 4
[  124.566557][ T7138] netlink: 12 bytes leftover after parsing attributes in process `syz.2.356'.
[  124.707393][ T7135] loop5: detected capacity change from 0 to 8192
[  124.807350][ T7135] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  124.843456][ T7135] REISERFS (device loop5): found reiserfs format "3.6" with non-standard journal
[  124.852848][ T7135] REISERFS (device loop5): using ordered data mode
[  124.859749][ T7135] reiserfs: using flush barriers
[  124.879806][ T7135] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  124.971906][ T7135] REISERFS (device loop5): checking transaction log (loop5)
[  125.245520][ T7135] REISERFS (device loop5): Using tea hash to sort names
[  125.257989][ T7135] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage.
[  125.508242][ T7155] REISERFS warning (device loop5): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2)
[  125.744563][ T7145] loop1: detected capacity change from 0 to 32768
[  125.867139][ T7145] JBD2: Ignoring recovery information on journal
[  125.991145][ T7145] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  126.447023][ T5785] ocfs2: Unmounting device (7,1) on (node local)
[  126.608189][ T7180] af_packet: tpacket_rcv: packet too big, clamped from 20 to 4294967272. macoff=96
[  126.703324][ T5790] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  126.913211][ T5790] usb 3-1: Using ep0 maxpacket: 16
[  126.920469][ T5790] usb 3-1: config 0 has an invalid interface number: 29 but max is 0
[  126.930937][ T5790] usb 3-1: config 0 has no interface number 0
[  126.960049][ T5790] usb 3-1: New USB device found, idVendor=050d, idProduct=2102, bcdDevice=70.d0
[  126.985296][ T5790] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  127.016848][ T5790] usb 3-1: Product: syz
[  127.026955][ T5790] usb 3-1: Manufacturer: syz
[  127.043072][ T5790] usb 3-1: SerialNumber: syz
[  127.063504][ T5790] usb 3-1: config 0 descriptor??
[  127.455961][ T7199] veth0_to_hsr: entered promiscuous mode
[  127.475565][ T7199] veth0_to_hsr: entered allmulticast mode
[  127.494298][ T7199] veth0_to_hsr: left allmulticast mode
[  127.500576][ T7199] veth0_to_hsr: left promiscuous mode
[  127.841917][ T7210] capability: warning: `syz.1.374' uses deprecated v2 capabilities in a way that may be insecure
[  127.980712][ T7213] loop6: detected capacity change from 0 to 7
[  127.998311][ T7213] Dev loop6: unable to read RDB block 7
[  128.009993][ T7213]  loop6: AHDI p1 p2
[  128.016337][ T7213] loop6: partition table partially beyond EOD, truncated
[  128.027042][ T7213] loop6: p1 start 796733310 is beyond EOD, truncated
[  128.344129][ T7223] loop1: detected capacity change from 0 to 1024
[  128.486258][ T1021] hfsplus: b-tree write err: -5, ino 3
[  128.904815][ T7232] pim6reg: entered allmulticast mode
[  128.937141][ T7232] pim6reg: left allmulticast mode
[  129.506189][    T8] usb 3-1: USB disconnect, device number 8
[  130.217618][ T7255] loop4: detected capacity change from 0 to 40427
[  130.254509][ T7255] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  130.269265][ T7255] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  130.290359][ T7255] F2FS-fs (loop4): invalid crc value
[  130.328771][ T7255] F2FS-fs (loop4): Found nat_bits in checkpoint
[  130.448497][ T7266] loop5: detected capacity change from 0 to 8192
[  130.456634][ T7255] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  130.474479][ T7255] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  130.517218][ T7266] FAT-fs (loop5): bogus number of directory entries (9)
[  130.564617][ T7266] FAT-fs (loop5): Can't find a valid FAT filesystem
[  131.125339][   T27] audit: type=1800 audit(1754630230.671:22): pid=7255 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.389" name="file1" dev="loop4" ino=11 res=0 errno=0
[  132.127071][ T7311] loop1: detected capacity change from 0 to 4096
[  132.355485][ T7311] ntfs3: loop1: Mark volume as dirty due to NTFS errors
[  132.436721][ T7311] ntfs3: loop1: Failed to load $Extend (-22).
[  132.452464][ T7311] ntfs3: loop1: Failed to initialize $Extend.
[  132.950361][ T1281] ieee802154 phy0 wpan0: encryption failed: -22
[  132.957185][ T1281] ieee802154 phy1 wpan1: encryption failed: -22
[  133.546499][ T7342] loop4: detected capacity change from 0 to 32768
[  133.915522][ T7362] netlink: 8 bytes leftover after parsing attributes in process `syz.2.418'.
[  136.072467][   T27] audit: type=1326 audit(1754630235.611:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7417 comm="syz.1.435" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fae5838ebe9 code=0x0
[  136.348364][ T7428] netlink: 11 bytes leftover after parsing attributes in process `syz.5.436'.
[  136.479016][   T27] audit: type=1326 audit(1754630236.021:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7389 comm="syz.4.428" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f076db8ebe9 code=0x0
[  136.931377][ T7443] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  137.086097][ T7450] netlink: 8 bytes leftover after parsing attributes in process `syz.5.441'.
[  137.147391][ T7453] "syz.1.442" (7453) uses obsolete ecb(arc4) skcipher
[  137.152464][ T7450] IPVS: Error joining to the multicast group
[  137.336881][ T7458] loop1: detected capacity change from 0 to 128
[  137.392261][ T7458] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  137.504206][ T7458] ext4 filesystem being mounted at /115/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  138.007880][ T5785] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  138.373155][  T785] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  138.601393][  T785] usb 3-1: New USB device found, idVendor=0b95, idProduct=772b, bcdDevice=a2.4c
[  138.611852][  T785] usb 3-1: New USB device strings: Mfr=24, Product=2, SerialNumber=3
[  138.635598][  T785] usb 3-1: Product: syz
[  138.639803][  T785] usb 3-1: Manufacturer: syz
[  138.683350][  T785] usb 3-1: SerialNumber: syz
[  138.726251][  T785] usb 3-1: config 0 descriptor??
[  138.945182][  T785] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  138.973458][  T785] asix: probe of 3-1:0.0 failed with error -61
[  139.514794][ T7532] loop2: detected capacity change from 0 to 1024
[  139.546006][ T7532] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  139.560499][ T7530] loop1: detected capacity change from 0 to 2048
[  139.566635][ T7532] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  139.632162][ T7532] JBD2: no valid journal superblock found
[  139.634556][ T7530] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  139.647880][ T7532] EXT4-fs (loop2): Could not load journal inode
[  139.738253][ T5801] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  139.798217][ T7530] UDF-fs: error (device loop1): udf_truncate_tail_extent: Extent after EOF in inode 1367
[  140.617721][ T7570] netlink: 96 bytes leftover after parsing attributes in process `syz.5.471'.
[  141.101248][ T7591] netlink: 44 bytes leftover after parsing attributes in process `syz.5.479'.
[  141.148693][ T7591] netlink: 43 bytes leftover after parsing attributes in process `syz.5.479'.
[  141.187561][    T8] usb 3-1: USB disconnect, device number 9
[  141.199566][ T7591] netlink: 'syz.5.479': attribute type 6 has an invalid length.
[  141.224549][ T7591] netlink: 'syz.5.479': attribute type 5 has an invalid length.
[  141.245799][ T7591] netlink: 43 bytes leftover after parsing attributes in process `syz.5.479'.
[  141.760676][ T7618] kernel read not supported for file /eth0 (pid: 7618 comm: syz.4.486)
[  141.785566][ T7613] loop2: detected capacity change from 0 to 8192
[  141.792007][   T27] audit: type=1800 audit(1754630241.331:25): pid=7618 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.486" name="eth0" dev="mqueue" ino=14060 res=0 errno=0
[  141.861753][ T7613] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  141.879321][ T7613] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal
[  141.890872][ T7613] REISERFS (device loop2): using ordered data mode
[  141.906583][ T2946] nci: nci_rx_work: unknown MT 0x4
[  141.916595][ T7613] reiserfs: using flush barriers
[  141.936802][ T7613] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  141.978954][ T7613] REISERFS (device loop2): checking transaction log (loop2)
[  142.023114][  T785] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  142.055533][ T7634] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  142.204785][ T7613] REISERFS (device loop2): Using tea hash to sort names
[  142.214891][  T785] usb 2-1: Using ep0 maxpacket: 16
[  142.221637][ T7613] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  142.240340][  T785] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  142.257450][  T785] usb 2-1: config 0 has no interface number 0
[  142.273170][  T785] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  142.296698][  T785] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  142.324140][  T785] usb 2-1: Product: syz
[  142.333996][  T785] usb 2-1: Manufacturer: syz
[  142.344890][  T785] usb 2-1: SerialNumber: syz
[  142.369162][  T785] usb 2-1: config 0 descriptor??
[  142.405106][ T7613] REISERFS warning (device loop2): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2)
[  142.432918][  T785] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  142.935691][ T7652] bridge0: port 1(bridge_slave_0) entered disabled state
[  142.975086][ T7652] bridge0: port 2(bridge_slave_1) entered disabled state
[  143.088679][ T7654] netlink: 'syz.5.494': attribute type 16 has an invalid length.
[  143.106958][ T7654] netlink: 'syz.5.494': attribute type 17 has an invalid length.
[  143.171439][ T7654] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  143.606093][  T785] gspca_spca1528: reg_w err -71
[  143.611157][  T785] spca1528: probe of 2-1:0.1 failed with error -71
[  143.639792][  T785] usb 2-1: USB disconnect, device number 5
[  143.646555][ T7675] xt_CT: No such helper "pptp"
[  143.963570][ T7691] mac80211_hwsim hwsim6 »»»»»»: renamed from wlan0 (while UP)
[  144.428801][ T7697] loop2: detected capacity change from 0 to 4096
[  144.533097][ T7697] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512).
[  144.657363][ T7697] ntfs3: loop2: Failed to initialize $Extend/$Reparse.
[  145.048801][ T5786] ntfs3: loop2: ino=1a, ntfs_sync_fs failed, -22.
[  145.065086][   T58] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  145.215957][   T58] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  145.391182][   T58] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  145.594333][   T58] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  146.128260][ T5796] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  146.140100][ T5796] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  146.148681][ T5796] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  146.159731][ T5796] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  146.170836][ T5796] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  146.178891][ T5796] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  146.286111][ T7727] loop2: detected capacity change from 0 to 32768
[  146.296970][ T7727] XFS: noikeep mount option is deprecated.
[  146.409586][ T7727] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  146.604857][ T7727] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  146.629803][ T7736] loop1: detected capacity change from 0 to 40427
[  146.655765][ T7736] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x7ffff
[  146.684869][ T7736] F2FS-fs (loop1): Image doesn't support compression
[  146.694361][ T7727] XFS (loop2): Starting recovery (logdev: internal)
[  146.712360][ T7736] F2FS-fs (loop1): heap/no_heap options were deprecated
[  146.768646][ T7727] XFS (loop2): Ending recovery (logdev: internal)
[  146.775369][ T7736] F2FS-fs (loop1): Image doesn't support compression
[  146.790133][ T7736] F2FS-fs (loop1): invalid crc value
[  146.804942][ T7736] F2FS-fs (loop1): Found nat_bits in checkpoint
[  146.943292][ T7736] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  147.012093][ T7740] loop5: detected capacity change from 0 to 32768
[  147.046305][ T7740] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop5 scanned by syz.5.525 (7740)
[  147.092422][   T27] audit: type=1800 audit(1754630246.621:26): pid=7736 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.524" name="file1" dev="loop1" ino=10 res=0 errno=0
[  147.158965][ T7727] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x516/0x640, xfs_bnobt block 0x8
[  147.159652][ T7736] F2FS-fs (loop1): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_page+0x1d7/0x910
[  147.171997][ T7727] XFS (loop2): Unmount and run xfs_repair
[  147.213259][ T7740] BTRFS info (device loop5): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  147.260247][ T7740] BTRFS info (device loop5): using blake2b (blake2b-256-generic) checksum algorithm
[  147.270129][ T5785] syz-executor: attempt to access beyond end of device
[  147.270129][ T5785] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  147.284426][ T5785] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  147.310371][ T7740] BTRFS info (device loop5): setting nodatasum
[  147.311940][ T7727] XFS (loop2): Internal error i != 1 at line 508 of file fs/xfs/libxfs/xfs_alloc.c.  Caller xfs_alloc_fixup_trees+0x5df/0x7e0
[  147.327118][ T7740] BTRFS info (device loop5): using free space tree
[  147.400641][ T7727] CPU: 0 PID: 7727 Comm: syz.2.519 Not tainted 6.6.101-syzkaller #0
[  147.408679][ T7727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  147.418765][ T7727] Call Trace:
[  147.422070][ T7727]  <TASK>
[  147.425024][ T7727]  dump_stack_lvl+0x16c/0x230
[  147.429726][ T7727]  ? __xfs_printk+0x90/0x90
[  147.434254][ T7727]  ? show_regs_print_info+0x20/0x20
[  147.439496][ T7727]  xfs_corruption_error+0x122/0x170
[  147.444722][ T7727]  ? xfs_alloc_fixup_trees+0x5df/0x7e0
[  147.450208][ T7727]  xfs_alloc_fixup_trees+0x614/0x7e0
[  147.455516][ T7727]  ? xfs_alloc_fixup_trees+0x5df/0x7e0
[  147.461000][ T7727]  ? xfs_alloc_fix_len+0x280/0x280
[  147.466141][ T7727]  xfs_alloc_cur_finish+0xd5/0x470
[  147.466234][ T7740] BTRFS info (device loop5): enabling ssd optimizations
[  147.471250][ T7727]  ? xfs_allocbt_init_cursor+0x70/0x110
[  147.483743][ T7727]  xfs_alloc_ag_vextent_near+0xd14/0x11e0
[  147.489488][ T7727]  ? __xfs_free_extent_later+0x6d0/0x6d0
[  147.495170][ T7727]  ? xfs_alloc_vextent_near_bno+0x560/0x560
[  147.501093][ T7727]  ? xfs_perag_grab+0x25/0x400
[  147.505894][ T7727]  ? xfs_alloc_vextent_prepare_ag+0x1a1/0x5d0
[  147.511984][ T7727]  xfs_alloc_vextent_iterate_ags+0x609/0x8e0
[  147.518005][ T7727]  xfs_alloc_vextent_start_ag+0x375/0x820
[  147.523111][ T7740] BTRFS info (device loop5): auto enabling async discard
[  147.523733][ T7727]  xfs_bmapi_allocate+0x14bc/0x2b50
[  147.535992][ T7727]  ? xfs_bmapi_write+0x1150/0x1150
[  147.541142][ T7727]  ? xfs_iext_find_level+0x43e/0x490
[  147.546452][ T7727]  ? xfs_iext_lookup_extent+0x3ae/0x7d0
[  147.552026][ T7727]  ? xfs_iext_prev+0x32c/0x370
[  147.556821][ T7727]  ? xfs_iext_last+0x542/0x5e0
[  147.561610][ T7727]  ? xfs_iext_get_extent+0xe5/0x370
[  147.566837][ T7727]  xfs_bmapi_write+0x762/0x1150
[  147.571725][ T7727]  ? xfs_bmapi_minleft+0x200/0x200
[  147.576856][ T7727]  ? stack_trace_save+0x9c/0xe0
[  147.577671][ T7737] chnl_net:caif_netlink_parms(): no params data found
[  147.581710][ T7727]  ? xfs_iext_first+0xd0/0x2b0
[  147.593242][ T7727]  ? __x64_sys_setxattr+0xbb/0xd0
[  147.598287][ T7727]  ? do_syscall_64+0x55/0xb0
[  147.602900][ T7727]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  147.609002][ T7727]  xfs_da_grow_inode_int+0x295/0x860
[  147.614328][ T7727]  ? xfs_da_compname+0xc0/0xc0
[  147.619126][ T7727]  ? kasan_quarantine_put+0xd8/0x220
[  147.624453][ T7727]  xfs_da_grow_inode+0x15e/0x360
[  147.629427][ T7727]  ? xfs_da_grow_inode_int+0x860/0x860
[  147.634918][ T7727]  ? xfs_trans_log_inode+0x96/0x190
[  147.640144][ T7727]  xfs_attr_shortform_to_leaf+0x22c/0x790
[  147.645897][ T7727]  ? xfs_attr_copy_value+0x290/0x290
[  147.651225][ T7727]  ? xfs_attr_shortform_addname+0x1fa/0x490
[  147.657150][ T7727]  xfs_attr_set_iter+0x9d0/0x34b0
[  147.662213][ T7727]  ? xfs_init_attr_trans+0x280/0x280
[  147.667544][ T7727]  ? verify_lock_unused+0x140/0x140
[  147.672764][ T7727]  ? kasan_set_track+0x5f/0x70
[  147.677556][ T7727]  ? xfs_xattr_set+0x119/0x210
[  147.682339][ T7727]  ? __vfs_setxattr+0x431/0x470
[  147.687211][ T7727]  ? __vfs_setxattr_noperm+0x12d/0x5e0
[  147.692699][ T7727]  ? vfs_setxattr+0x16c/0x2f0
[  147.697398][ T7727]  ? path_setxattr+0x362/0x550
[  147.702200][ T7727]  ? xfs_attr_create_intent+0xc4/0x270
[  147.707697][ T7727]  xfs_xattri_finish_update+0xb1/0x1c0
[  147.713184][ T7727]  xfs_attr_finish_item+0x77/0x240
[  147.718317][ T7727]  ? xfs_attr_create_done+0x100/0x100
[  147.723714][ T7727]  xfs_defer_finish_noroll+0xf55/0x1e00
[  147.729297][ T7727]  ? __xfs_trans_commit+0x259/0xd90
[  147.734507][ T7727]  ? xfs_da3_node_add+0xaa0/0xaa0
[  147.739542][ T7727]  __xfs_trans_commit+0x259/0xd90
[  147.744566][ T7727]  ? xfs_trans_commit+0x20/0x20
[  147.749411][ T7727]  ? xfs_trans_alloc_inode+0x19a/0x340
[  147.754864][ T7727]  ? xfs_trans_log_inode+0x11f/0x190
[  147.760146][ T7727]  xfs_attr_set+0xf04/0x13e0
[  147.764740][ T7727]  ? xfs_attr_leaf_shrink+0x350/0x350
[  147.770113][ T7727]  ? __lock_acquire+0x1334/0x7c80
[  147.775134][ T7727]  ? verify_lock_unused+0x140/0x140
[  147.780336][ T7727]  xfs_xattr_set+0x119/0x210
[  147.784925][ T7727]  ? xfs_xattr_get+0x1a0/0x1a0
[  147.789693][ T7727]  ? evm_protect_xattr+0x534/0x7a0
[  147.794800][ T7727]  ? xfs_xattr_get+0x1a0/0x1a0
[  147.799555][ T7727]  __vfs_setxattr+0x431/0x470
[  147.804238][ T7727]  __vfs_setxattr_noperm+0x12d/0x5e0
[  147.809529][ T7727]  vfs_setxattr+0x16c/0x2f0
[  147.814036][ T7727]  ? xattr_permission+0x470/0x470
[  147.819049][ T7727]  ? __mnt_want_write+0x223/0x2a0
[  147.824074][ T7727]  ? path_setxattr+0x314/0x550
[  147.828836][ T7727]  path_setxattr+0x362/0x550
[  147.833428][ T7727]  ? simple_xattrs_free+0x150/0x150
[  147.838642][ T7727]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  147.844618][ T7727]  ? lock_chain_count+0x20/0x20
[  147.849467][ T7727]  __x64_sys_setxattr+0xbb/0xd0
[  147.854317][ T7727]  do_syscall_64+0x55/0xb0
[  147.858728][ T7727]  ? clear_bhb_loop+0x40/0x90
[  147.863396][ T7727]  ? clear_bhb_loop+0x40/0x90
[  147.868062][ T7727]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  147.873958][ T7727] RIP: 0033:0x7fbbd398ebe9
[  147.878379][ T7727] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  147.897977][ T7727] RSP: 002b:00007fbbd4756038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[  147.906384][ T7727] RAX: ffffffffffffffda RBX: 00007fbbd3bb5fa0 RCX: 00007fbbd398ebe9
[  147.914357][ T7727] RDX: 00002000000001c0 RSI: 0000200000000180 RDI: 00002000000000c0
[  147.922320][ T7727] RBP: 00007fbbd3a11e19 R08: 0000000000000000 R09: 0000000000000000
[  147.930280][ T7727] R10: 0000000000001001 R11: 0000000000000246 R12: 0000000000000000
[  147.938240][ T7727] R13: 00007fbbd3bb6038 R14: 00007fbbd3bb5fa0 R15: 00007ffe21686ea8
[  147.946215][ T7727]  </TASK>
[  147.994250][ T7727] XFS (loop2): Corruption detected. Unmount and run xfs_repair
[  148.004370][ T7727] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0x182e/0x1e00 (fs/xfs/libxfs/xfs_defer.c:598).  Shutting down filesystem.
[  148.024248][ T7727] XFS (loop2): Please unmount the filesystem and rectify the problem(s)
[  148.066154][ T5786] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  148.223231][ T5796] Bluetooth: hci2: command tx timeout
[  148.592450][ T7737] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.615618][ T7737] bridge0: port 1(bridge_slave_0) entered disabled state
[  148.622867][ T7737] bridge_slave_0: entered allmulticast mode
[  148.657368][ T7737] bridge_slave_0: entered promiscuous mode
[  148.695726][ T7737] bridge0: port 2(bridge_slave_1) entered blocking state
[  148.702885][ T7737] bridge0: port 2(bridge_slave_1) entered disabled state
[  148.717972][ T7737] bridge_slave_1: entered allmulticast mode
[  148.725459][ T7737] bridge_slave_1: entered promiscuous mode
[  148.908853][ T7737] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  148.977237][   T58] hsr_slave_0: left promiscuous mode
[  148.995553][   T58] hsr_slave_1: left promiscuous mode
[  149.018338][   T58] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  149.033320][   T58] batman_adv: batadv0: Removing interface: batadv_slave_0
[  149.046094][   T58] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  149.053325][ T6407] BTRFS info (device loop5): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  149.056963][   T58] batman_adv: batadv0: Removing interface: batadv_slave_1
[  149.088214][   T58] bridge_slave_1: left allmulticast mode
[  149.106680][   T58] bridge_slave_1: left promiscuous mode
[  149.122450][   T58] bridge0: port 2(bridge_slave_1) entered disabled state
[  149.163939][   T58] bridge_slave_0: left allmulticast mode
[  149.181519][   T58] bridge_slave_0: left promiscuous mode
[  149.198871][   T58] bridge0: port 1(bridge_slave_0) entered disabled state
[  149.307013][   T58] veth1_macvtap: left promiscuous mode
[  149.317132][   T58] veth0_macvtap: left promiscuous mode
[  149.336345][   T58] veth1_vlan: left promiscuous mode
[  149.341713][   T58] veth0_vlan: left promiscuous mode
[  149.399652][ T7790] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  149.817983][  T785] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  149.869587][ T1190] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  150.006868][  T785] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  150.018139][  T785] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  150.028612][  T785] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  150.029778][   T58] team0 (unregistering): Port device team_slave_1 removed
[  150.043397][  T785] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  150.058267][  T785] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  150.073549][  T785] usb 6-1: config 0 descriptor??
[  150.096726][ T1190] usb 3-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7
[  150.108419][ T1190] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  150.120439][ T1190] usb 3-1: Product: syz
[  150.127420][ T1190] usb 3-1: Manufacturer: syz
[  150.132234][ T1190] usb 3-1: SerialNumber: syz
[  150.150190][ T1190] usb 3-1: config 0 descriptor??
[  150.164811][   T58] team0 (unregistering): Port device team_slave_0 removed
[  150.217022][   T58] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  150.281165][   T58] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  150.308412][ T5796] Bluetooth: hci2: command tx timeout
[  150.507276][  T785] kovaplus 0003:1E7D:2D50.0004: unknown main item tag 0x0
[  150.517069][  T785] kovaplus 0003:1E7D:2D50.0004: unknown main item tag 0x0
[  150.524341][  T785] kovaplus 0003:1E7D:2D50.0004: item fetching failed at offset 2/5
[  150.534254][  T785] kovaplus 0003:1E7D:2D50.0004: parse failed
[  150.540321][  T785] kovaplus: probe of 0003:1E7D:2D50.0004 failed with error -22
[  150.760708][  T785] usb 6-1: USB disconnect, device number 3
[  150.936713][   T58] bond0 (unregistering): Released all slaves
[  151.021602][ T7737] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  151.394889][ T1190] usb 3-1: f81604_read: reg: 100e failed: -EPROTO
[  151.430464][ T1190] usb 3-1: f81604_read: reg: 200f failed: -EPROTO
[  151.465228][ T1190] usb 3-1: USB disconnect, device number 10
[  151.539440][ T1190] usb 3-1: f81604_read: reg: 100f failed: -ENODEV
[  151.607066][ T7737] team0: Port device team_slave_0 added
[  151.650430][ T7737] team0: Port device team_slave_1 added
[  151.717716][ T1190] usb 3-1: f81604_read: reg: 200f failed: -ENODEV
[  151.875880][ T7805] loop5: detected capacity change from 0 to 512
[  151.907827][ T7737] batman_adv: batadv0: Adding interface: batadv_slave_0
[  151.933456][ T7805] EXT4-fs (loop5): Test dummy encryption mode enabled
[  151.940347][ T7737] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  151.976298][ T7805] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  152.027029][ T7737] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  152.039188][ T7805] EXT4-fs error (device loop5): ext4_orphan_get:1425: comm syz.5.538: bad orphan inode 131083
[  152.054731][ T7805] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  152.082849][ T7805] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni"
[  152.119868][ T7737] batman_adv: batadv0: Adding interface: batadv_slave_1
[  152.143436][ T7737] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  152.169949][ T7737] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  152.184021][ T6407] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  152.301910][ T7737] hsr_slave_0: entered promiscuous mode
[  152.348358][ T7737] hsr_slave_1: entered promiscuous mode
[  152.383300][ T5796] Bluetooth: hci2: command tx timeout
[  152.779323][ T7737] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  152.792565][ T7737] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  152.829473][ T7737] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  152.859191][ T7737] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  153.036220][ T7737] 8021q: adding VLAN 0 to HW filter on device bond0
[  153.079209][ T7737] 8021q: adding VLAN 0 to HW filter on device team0
[  153.104611][   T42] bridge0: port 1(bridge_slave_0) entered blocking state
[  153.111758][   T42] bridge0: port 1(bridge_slave_0) entered forwarding state
[  153.137426][   T42] bridge0: port 2(bridge_slave_1) entered blocking state
[  153.144656][   T42] bridge0: port 2(bridge_slave_1) entered forwarding state
[  153.744332][ T7737] 8021q: adding VLAN 0 to HW filter on device batadv0
[  154.439134][ T7891] netlink: 32 bytes leftover after parsing attributes in process `syz.1.568'.
[  154.463579][ T5796] Bluetooth: hci2: command tx timeout
[  154.480250][ T7891] netlink: 32 bytes leftover after parsing attributes in process `syz.1.568'.
[  154.510318][ T7737] veth0_vlan: entered promiscuous mode
[  154.560776][ T7737] veth1_vlan: entered promiscuous mode
[  154.681044][ T7737] veth0_macvtap: entered promiscuous mode
[  154.710051][ T7737] veth1_macvtap: entered promiscuous mode
[  154.741170][ T7737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  154.780446][ T7737] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  154.790795][ T7737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  154.811653][ T7737] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  154.831500][ T7737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  154.855896][ T7737] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  154.874672][ T7737] batman_adv: batadv0: Interface activated: batadv_slave_0
[  154.905534][ T7737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  154.931364][ T7737] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  154.967888][ T7737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  155.006211][ T7737] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  155.017955][ T7737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  155.064037][ T7737] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  155.092307][ T7737] batman_adv: batadv0: Interface activated: batadv_slave_1
[  155.134715][ T7737] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  155.160943][ T7737] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  155.170360][ T7737] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  155.179473][ T7737] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  155.343966][   T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  155.361172][   T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  155.411941][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  155.433367][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  155.483435][   T28] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  155.672446][   T28] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  155.701840][   T28] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  155.726745][   T28] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  155.744341][   T28] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  155.758742][ T7907] loop6: detected capacity change from 0 to 8192
[  155.771433][ T7905] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  155.790924][   T28] usb 2-1: Quirk or no altest; falling back to MIDI 1.0
[  156.108825][ T7903] loop2: detected capacity change from 0 to 40427
[  156.183076][ T7903] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  156.201881][   T28] usb 2-1: USB disconnect, device number 6
[  156.223384][ T7903] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  156.299085][ T7911] 9pnet: p9_errstr2errno: server reported unknown error �Çpî‘AçÁ›
¬ž;
KZì44§/@®qæžkøp
[  156.299085][ T7911] éC<+¨
[  156.306099][ T7903] F2FS-fs (loop2): Found nat_bits in checkpoint
[  156.510248][ T7903] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  156.528871][ T7903] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  157.657347][ T7936] 9pnet: p9_errstr2errno: server reported unknown error 184467
[  157.691000][ T7934] loop2: detected capacity change from 0 to 4096
[  157.720214][ T7934] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  157.758862][ T7934] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  157.960427][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  159.827958][ T8004] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  160.148254][ T8018] loop2: detected capacity change from 0 to 512
[  160.169883][ T8018] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  160.196392][ T8018] EXT4-fs (loop2): 1 truncate cleaned up
[  160.209287][ T8018] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  160.336522][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.370466][ T8026] loop1: detected capacity change from 0 to 512
[  160.421863][ T8026] EXT4-fs error (device loop1): ext4_orphan_get:1399: inode #15: comm syz.1.625: casefold flag without casefold feature
[  160.434620][ T1190] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  160.475385][ T8026] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.625: couldn't read orphan inode 15 (err -117)
[  160.519529][ T8026] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  160.573148][ T5838] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  160.646995][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.656779][ T1190] usb 7-1: Using ep0 maxpacket: 32
[  160.676691][ T1190] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 102, changing to 10
[  160.688773][ T1190] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024
[  160.701754][ T1190] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  160.721581][ T1190] usb 7-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[  160.731330][ T1190] usb 7-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[  160.745046][ T1190] usb 7-1: Product: syz
[  160.749765][ T1190] usb 7-1: Manufacturer: syz
[  160.761024][ T1190] usb 7-1: SerialNumber: syz
[  160.765509][ T5838] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  160.784701][ T1190] input: appletouch as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/input/input10
[  160.795266][ T5838] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  160.820969][ T5838] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  160.857288][ T5838] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  160.898450][ T8024] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  160.920202][ T5838] usb 6-1: Quirk or no altest; falling back to MIDI 1.0
[  161.014435][  T785] usb 7-1: USB disconnect, device number 2
[  161.020344][    C1] appletouch 7-1:1.0: atp_complete: usb_submit_urb failed with result -19
[  161.099813][  T785] appletouch 7-1:1.0: input: appletouch disconnected
[  161.165274][ T1190] usb 6-1: USB disconnect, device number 4
[  161.482627][ T8045] netlink: 'syz.1.631': attribute type 12 has an invalid length.
[  161.492464][ T8045] netlink: 'syz.1.631': attribute type 29 has an invalid length.
[  161.528575][ T8045] netlink: 148 bytes leftover after parsing attributes in process `syz.1.631'.
[  161.537686][ T8045] netlink: 'syz.1.631': attribute type 3 has an invalid length.
[  161.545387][ T8045] netlink: 'syz.1.631': attribute type 2 has an invalid length.
[  161.553503][ T8045] netlink: 35 bytes leftover after parsing attributes in process `syz.1.631'.
[  161.879697][ T8058] netlink: 12 bytes leftover after parsing attributes in process `syz.2.637'.
[  161.956078][ T8058] sch_tbf: burst 0 is lower than device bridge1 mtu (1514) !
[  162.133281][  T785] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  162.343530][  T785] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  162.362139][  T785] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  162.388246][  T785] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  162.417740][  T785] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  162.448414][  T785] usb 2-1: config 0 descriptor??
[  162.500167][ T8075] loop5: detected capacity change from 0 to 8192
[  162.535297][ T8075] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  162.683187][ T8075] REISERFS (device loop5): found reiserfs format "3.6" with non-standard journal
[  162.834879][ T8075] REISERFS (device loop5): using ordered data mode
[  162.841477][ T8075] reiserfs: using flush barriers
[  163.143160][ T8075] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  163.434250][ T8075] REISERFS (device loop5): checking transaction log (loop5)
[  163.653254][ T8075] REISERFS (device loop5): Using r5 hash to sort names
[  163.660674][ T8075] REISERFS warning (device loop5): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  164.033168][ T8075] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage.
[  165.895315][  T785] usbhid 2-1:0.0: can't add hid device: -71
[  165.901358][  T785] usbhid: probe of 2-1:0.0 failed with error -71
[  165.928098][  T785] usb 2-1: USB disconnect, device number 7
[  165.953206][ T1190] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  166.148397][ T1190] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  166.159681][ T1190] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  166.169701][ T1190] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  166.178881][ T1190] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  166.190301][ T8084] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  166.204032][ T1190] usb 3-1: Quirk or no altest; falling back to MIDI 1.0
[  166.445819][  T785] usb 3-1: USB disconnect, device number 11
[  166.524505][ T8096] loop1: detected capacity change from 0 to 512
[  166.562609][ T8096] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  166.576380][ T8096] ext4 filesystem being mounted at /170/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  166.726500][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.783222][ T8101] sctp: [Deprecated]: syz.6.654 (pid 8101) Use of struct sctp_assoc_value in delayed_ack socket option.
[  166.783222][ T8101] Use struct sctp_sack_info instead
[  166.982799][ T8107] input: syz0 as /devices/virtual/input/input11
[  167.264752][ T8117] loop1: detected capacity change from 0 to 2048
[  167.335308][ T8117] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  167.886223][ T8131] Bluetooth: hci0: load_link_keys: too big key_count value 26226
[  169.826221][ T8180] loop5: detected capacity change from 0 to 40427
[  169.856658][ T8180] F2FS-fs (loop5): invalid crc value
[  169.880332][ T8180] F2FS-fs (loop5): Found nat_bits in checkpoint
[  170.002387][ T8180] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  170.163315][ T6407] syz-executor: attempt to access beyond end of device
[  170.163315][ T6407] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  170.222684][ T6407] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  170.249866][ T8207] loop2: detected capacity change from 0 to 1024
[  170.274455][ T8207] EXT4-fs: Ignoring removed orlov option
[  170.280141][ T8207] EXT4-fs: Ignoring removed nomblk_io_submit option
[  170.368110][ T8207] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  170.396932][   T27] audit: type=1800 audit(1754630269.941:27): pid=8207 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.700" name="file2" dev="loop2" ino=16 res=0 errno=0
[  170.727353][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  171.603707][ T8231] loop5: detected capacity change from 0 to 8192
[  171.645549][ T8231] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  171.661397][ T8233] loop6: detected capacity change from 0 to 8192
[  171.675278][ T8231] REISERFS (device loop5): found reiserfs format "3.6" with non-standard journal
[  171.695764][ T8231] REISERFS (device loop5): using ordered data mode
[  171.702407][ T8231] reiserfs: using flush barriers
[  171.783491][ T8231] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  171.867368][ T8231] REISERFS (device loop5): checking transaction log (loop5)
[  172.072165][ T8237] netlink: 8 bytes leftover after parsing attributes in process `syz.2.710'.
[  172.103435][ T8237] netlink: 8 bytes leftover after parsing attributes in process `syz.2.710'.
[  172.136928][ T8231] REISERFS (device loop5): Using tea hash to sort names
[  172.169172][ T8231] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage.
[  172.435061][ T8248] loop6: detected capacity change from 0 to 512
[  172.468099][ T8248] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  172.518790][ T8251] loop1: detected capacity change from 0 to 512
[  172.558642][ T8251] EXT4-fs error (device loop1): ext4_orphan_get:1399: inode #15: comm syz.1.715: casefold flag without casefold feature
[  172.565002][ T8248] EXT4-fs (loop6): 1 truncate cleaned up
[  172.571775][ T8251] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.715: couldn't read orphan inode 15 (err -117)
[  172.578490][ T8248] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  172.642560][ T8251] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  172.657582][   T27] audit: type=1804 audit(1754630272.191:28): pid=8248 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.714" name="/newroot/37/file2/file1" dev="loop6" ino=15 res=1 errno=0
[  172.763985][   T27] audit: type=1804 audit(1754630272.311:29): pid=8251 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.715" name="/newroot/182/file1/bus" dev="loop1" ino=18 res=1 errno=0
[  172.810991][ T7737] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.832620][   T27] audit: type=1800 audit(1754630272.331:30): pid=8251 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.715" name="bus" dev="loop1" ino=18 res=0 errno=0
[  172.861906][ T8251] Invalid ELF header magic: != ELF
[  172.979805][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  173.317227][ T8261] input: syz0 as /devices/virtual/input/input12
[  173.461062][ T8264] loop1: detected capacity change from 0 to 1024
[  173.770449][   T48] hfsplus: b-tree write err: -5, ino 4
[  173.788413][ T8274] loop6: detected capacity change from 0 to 512
[  173.895641][ T8274] EXT4-fs error (device loop6): ext4_orphan_get:1399: inode #15: comm syz.6.726: casefold flag without casefold feature
[  173.924077][ T8274] EXT4-fs error (device loop6): ext4_orphan_get:1404: comm syz.6.726: couldn't read orphan inode 15 (err -117)
[  173.938264][ T8274] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  173.999340][   T27] audit: type=1804 audit(1754630273.541:31): pid=8274 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.726" name="/newroot/42/file1/bus" dev="loop6" ino=18 res=1 errno=0
[  174.056681][   T27] audit: type=1800 audit(1754630273.571:32): pid=8274 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.726" name="bus" dev="loop6" ino=18 res=0 errno=0
[  174.082842][ T8274] Invalid ELF header magic: != ELF
[  174.218053][ T7737] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  174.265145][ T8292] loop5: detected capacity change from 0 to 128
[  174.283912][ T8292] FAT-fs (loop5): Unrecognized mount option "shortn" or missing value
[  174.533977][ T8297] loop5: detected capacity change from 0 to 1024
[  174.618258][ T8297] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  174.810487][ T8297] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  174.977835][ T6407] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  175.082784][ T8298] loop6: detected capacity change from 0 to 32768
[  175.176096][ T8298] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  175.419100][ T8298] XFS (loop6): Ending clean mount
[  175.455875][ T8298] XFS (loop6): Quotacheck needed: Please wait.
[  175.573157][ T8298] XFS (loop6): Quotacheck: Done.
[  175.581210][ T8302] loop2: detected capacity change from 0 to 32768
[  175.623290][ T8302] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  175.896262][ T8302] XFS (loop2): Ending clean mount
[  175.908352][ T7737] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  175.922565][ T8302] XFS (loop2): Quotacheck needed: Please wait.
[  175.980717][ T8302] XFS (loop2): Quotacheck: Done.
[  176.006168][ T8338] input: syz0 as /devices/virtual/input/input13
[  176.251280][ T5786] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  176.359305][ T8344] loop1: detected capacity change from 0 to 1024
[  176.474307][ T8344] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  176.718536][ T8344] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  176.887158][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  177.031128][ T8355] loop1: detected capacity change from 0 to 1024
[  177.051732][ T8355] EXT4-fs: inline encryption not supported
[  177.058713][ T8343] loop5: detected capacity change from 0 to 32768
[  177.078208][ T8355] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  177.098763][    T9] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  177.134053][ T8343] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  177.222556][   T27] audit: type=1800 audit(1754630276.761:33): pid=8343 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.751" name="file1" dev="loop5" ino=17059 res=0 errno=0
[  177.298174][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  177.318784][    T9] usb 3-1: Using ep0 maxpacket: 8
[  177.344467][    T9] usb 3-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  177.373102][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  177.381226][    T9] usb 3-1: Product: syz
[  177.391132][    T9] usb 3-1: Manufacturer: syz
[  177.396203][    T9] usb 3-1: SerialNumber: syz
[  177.429230][    T9] usb 3-1: config 0 descriptor??
[  177.455077][    T9] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  177.613210][ T8343] syz.5.751 (8343) used greatest stack depth: 18544 bytes left
[  177.682130][ T6407] ocfs2: Unmounting device (7,5) on (node local)
[  177.787889][ T8361] loop6: detected capacity change from 0 to 32768
[  177.826136][ T8361] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  178.013734][ T7737] (syz-executor,7737,1):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
[  178.056002][ T7737] ocfs2: Unmounting device (7,6) on (node local)
[  178.204377][ T8373] loop9: detected capacity change from 0 to 7
[  178.271144][ T8373]  loop9: [CUMANA/ADFS] p1 [ADFS] p1
[  178.287287][ T8373] loop9: partition table partially beyond EOD, truncated
[  178.305856][ T8373] loop9: p1 size 501170297 extends beyond EOD, truncated
[  178.354313][ T8377] loop1: detected capacity change from 0 to 1024
[  178.400076][ T8377] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  178.492078][ T6279] udevd[6279]: inotify_add_watch(7, /dev/loop9p1, 10) failed: No such file or directory
[  178.659952][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  178.707131][    T9] gspca_sonixj: reg_w1 err -71
[  178.766277][ T5790] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  178.823148][    T9] sonixj: probe of 3-1:0.0 failed with error -71
[  178.841830][    T9] usb 3-1: USB disconnect, device number 12
[  178.955192][ T5790] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  178.986818][ T5790] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  179.009731][ T5790] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  179.024108][ T5790] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  179.034852][ T5790] usb 7-1: SerialNumber: syz
[  179.294034][ T5790] usb 7-1: 0:2 : does not exist
[  179.338718][ T5790] usb 7-1: USB disconnect, device number 3
[  179.842623][ T8416] loop5: detected capacity change from 0 to 1024
[  179.868829][ T8416] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  180.021217][ T6407] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  180.369967][ T8432] Invalid ELF header len 16
[  180.693350][ T5829] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  180.762270][ T8424] loop6: detected capacity change from 0 to 32768
[  180.784900][ T8424] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 scanned by syz.6.779 (8424)
[  180.823174][ T8424] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  180.873902][ T8424] BTRFS info (device loop6): using crc32c (crc32c-intel) checksum algorithm
[  180.882878][ T8424] BTRFS info (device loop6): setting nodatacow, compression disabled
[  180.883255][ T5829] usb 3-1: Using ep0 maxpacket: 8
[  180.897458][ T8424] BTRFS info (device loop6): enabling disk space caching
[  180.909631][ T8424] BTRFS info (device loop6): turning off barriers
[  180.916470][ T8424] BTRFS info (device loop6): turning on flush-on-commit
[  180.925972][ T8424] BTRFS info (device loop6): setting incompat feature flag for COMPRESS_LZO (0x8)
[  180.936263][ T5829] usb 3-1: config 0 has an invalid interface number: 52 but max is 0
[  180.943371][ T8424] BTRFS info (device loop6): force lzo compression, level 0
[  180.962769][ T5829] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  180.963237][ T8424] BTRFS info (device loop6): max_inline at 0
[  180.997056][ T5829] usb 3-1: config 0 has no interface number 0
[  180.999467][ T8424] BTRFS info (device loop6): force clearing of disk cache
[  181.014675][ T5829] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0xE has an invalid bInterval 0, changing to 7
[  181.020779][ T8424] BTRFS info (device loop6): using default commit interval 30s
[  181.043193][ T5829] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0xE has invalid wMaxPacketSize 0
[  181.053094][ T8424] BTRFS info (device loop6): enabling ssd optimizations
[  181.053158][ T8424] BTRFS info (device loop6): max_inline at 868
[  181.053176][ T8424] BTRFS info (device loop6): disk space caching is enabled
[  181.114181][ T5829] usb 3-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 14
[  181.133243][ T5790] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  181.137584][ T5829] usb 3-1: config 0 interface 52 has no altsetting 0
[  181.163261][ T5829] usb 3-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 8.00
[  181.174826][ T8430] loop1: detected capacity change from 0 to 40427
[  181.181865][ T5829] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  181.191544][ T8424] BTRFS info (device loop6): auto enabling async discard
[  181.206227][ T8424] BTRFS info (device loop6): rebuilding free space tree
[  181.208270][ T8430] F2FS-fs (loop1): invalid crc value
[  181.231838][ T8424] BTRFS info (device loop6): disabling free space tree
[  181.241681][ T8430] F2FS-fs (loop1): Found nat_bits in checkpoint
[  181.253782][ T8424] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  181.276033][ T8424] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  181.276808][ T5829] usb 3-1: config 0 descriptor??
[  181.335358][ T5790] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  181.363063][ T5790] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  181.389797][ T5790] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  181.413940][ T8430] F2FS-fs (loop1): Start checkpoint disabled!
[  181.423603][ T5790] usb 6-1: config 0 descriptor??
[  181.431860][ T5790] pwc: Askey VC010 type 2 USB webcam detected.
[  181.453488][ T8430] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  181.615668][ T7737] BTRFS info (device loop6): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  181.740429][ T5829] usb 3-1: USB disconnect, device number 13
[  181.849704][ T5790] pwc: recv_control_msg error -32 req 02 val 2b00
[  181.878017][ T5790] pwc: recv_control_msg error -32 req 02 val 2700
[  181.899789][ T5790] pwc: recv_control_msg error -32 req 02 val 2c00
[  181.907002][   T12] kworker/u4:1: attempt to access beyond end of device
[  181.907002][   T12] loop1: rw=2049, sector=40960, nr_sectors = 24 limit=40427
[  181.952321][   T12] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  181.961448][   T12] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  181.972918][   T12] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  182.154472][ T5790] pwc: recv_control_msg error -71 req 04 val 1300
[  182.170883][ T5790] pwc: recv_control_msg error -71 req 04 val 1400
[  182.185328][ T5790] pwc: recv_control_msg error -71 req 02 val 2000
[  182.202160][ T5790] pwc: recv_control_msg error -71 req 02 val 2100
[  182.213195][ T5790] pwc: recv_control_msg error -71 req 04 val 1500
[  182.222113][ T5790] pwc: recv_control_msg error -71 req 02 val 2500
[  182.243462][ T5790] pwc: recv_control_msg error -71 req 02 val 2400
[  182.253165][ T5790] pwc: recv_control_msg error -71 req 02 val 2600
[  182.273510][ T5790] pwc: recv_control_msg error -71 req 02 val 2900
[  182.281375][ T5790] pwc: recv_control_msg error -71 req 02 val 2800
[  182.308640][ T5790] pwc: recv_control_msg error -71 req 04 val 1100
[  182.334050][ T5790] pwc: recv_control_msg error -71 req 04 val 1200
[  182.359035][ T5790] pwc: Registered as video103.
[  182.386203][ T5790] input: PWC snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/input/input14
[  182.443504][ T5790] usb 6-1: USB disconnect, device number 5
[  183.367981][ T8504] netlink: 28 bytes leftover after parsing attributes in process `syz.5.804'.
[  183.404044][ T5790] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  183.596370][ T5790] usb 7-1: Using ep0 maxpacket: 8
[  183.627398][ T5790] usb 7-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  183.644233][ T5790] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  183.663826][ T5790] usb 7-1: Product: syz
[  183.668168][ T5790] usb 7-1: Manufacturer: syz
[  183.672816][ T5790] usb 7-1: SerialNumber: syz
[  183.702697][ T5790] usb 7-1: config 0 descriptor??
[  183.756353][ T8518] loop1: detected capacity change from 0 to 2048
[  183.826512][ T8518] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  183.846886][ T8518] ext4 filesystem being mounted at /213/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  183.934825][ T5790] usb 7-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  183.956804][ T8518] fs-verity: sha512 using implementation "sha512-avx2"
[  184.048715][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  184.193156][ T5790] dvb_usb_rtl28xxu: probe of 7-1:0.0 failed with error -71
[  184.230472][ T5790] usb 7-1: USB disconnect, device number 4
[  184.631203][ T8548] netlink: 4 bytes leftover after parsing attributes in process `syz.1.821'.
[  185.020360][ T8564] loop6: detected capacity change from 0 to 512
[  185.058237][ T8564] EXT4-fs (loop6): revision level too high, forcing read-only mode
[  185.075445][ T8564] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[  185.095836][ T8564] System zones: 0-1, 15-15, 18-18, 34-34
[  185.106790][ T8564] EXT4-fs (loop6): orphan cleanup on readonly fs
[  185.113936][ T8564] Quota error (device loop6): v2_read_header: Failed header read: expected=8 got=0
[  185.124128][ T8564] EXT4-fs warning (device loop6): ext4_enable_quotas:7173: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  185.139083][ T8564] EXT4-fs (loop6): Cannot turn on quotas: error -22
[  185.168043][ T8564] EXT4-fs error (device loop6): ext4_validate_block_bitmap:439: comm syz.6.829: bg 0: block 40: padding at end of block bitmap is not set
[  185.188358][ T8564] EXT4-fs error (device loop6) in ext4_mb_clear_bb:6642: Corrupt filesystem
[  185.198347][ T8564] EXT4-fs (loop6): 1 truncate cleaned up
[  185.205639][ T8564] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  185.239355][ T8564] EXT4-fs error (device loop6): ext4_encrypted_get_link:46: inode #16: comm syz.6.829: bad symlink.
[  185.269356][ T8564] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  185.473164][ T5829] usb 2-1: new full-speed USB device number 8 using dummy_hcd
[  185.673315][ T5829] usb 2-1: config 0 has an invalid interface number: 128 but max is 0
[  185.685330][ T5829] usb 2-1: config 0 has no interface number 0
[  185.695836][ T5829] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  185.705159][ T5829] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  185.713120][    T9] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  185.721800][ T5829] usb 2-1: Product: syz
[  185.726096][ T5829] usb 2-1: Manufacturer: syz
[  185.730705][ T5829] usb 2-1: SerialNumber: syz
[  185.748615][ T5829] usb 2-1: config 0 descriptor??
[  185.896027][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  185.916448][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  185.928858][    T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  185.948331][    T9] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  185.957870][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  185.980494][    T9] usb 3-1: config 0 descriptor??
[  186.095052][ T8580] loop5: detected capacity change from 0 to 40427
[  186.121614][ T8580] F2FS-fs (loop5): build fault injection attr: rate: 771, type: 0x7ffff
[  186.137228][ T8580] F2FS-fs (loop5): invalid crc value
[  186.159670][ T8580] F2FS-fs (loop5): Found nat_bits in checkpoint
[  186.177961][ T5829] usb 2-1: Firmware: major: 225, minor: 107, hardware type: RZUSB (3)
[  186.296845][ T8580] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  186.392136][ T5829] usb 2-1: no permanent extended address found, random address set
[  186.429857][ T6407] syz-executor: attempt to access beyond end of device
[  186.429857][ T6407] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  186.430637][    T9] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving
[  186.449920][ T6407] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  186.496893][    T9] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  186.633467][ T5829] usb 2-1: USB disconnect, device number 8
[  186.793852][    T9] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  187.023568][    T9] usb 7-1: Using ep0 maxpacket: 32
[  187.057449][    T9] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  187.080540][    T9] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 32
[  187.088839][ T8610] netlink: 8 bytes leftover after parsing attributes in process `syz.5.846'.
[  187.099201][    T9] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  187.116619][    T9] usb 7-1: New USB device strings: Mfr=14, Product=2, SerialNumber=3
[  187.126338][    T9] usb 7-1: Product: syz
[  187.130633][    T9] usb 7-1: Manufacturer: syz
[  187.139376][    T9] usb 7-1: SerialNumber: syz
[  187.264869][ T8614] loop1: detected capacity change from 0 to 1024
[  187.403455][ T8601] raw-gadget.2 gadget.6: fail, usb_ep_enable returned -22
[  187.450401][ T2946] hfsplus: b-tree write err: -5, ino 4
[  187.560953][ T8619] loop5: detected capacity change from 0 to 512
[  187.585344][ T8619] EXT4-fs error (device loop5): ext4_orphan_get:1399: inode #15: comm syz.5.851: iget: bad i_size value: 38620345925642
[  187.598783][ T8619] EXT4-fs error (device loop5): ext4_orphan_get:1404: comm syz.5.851: couldn't read orphan inode 15 (err -117)
[  187.625435][ T8619] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  187.715545][ T8623] EXT4-fs error (device loop5): ext4_validate_block_bitmap:430: comm syz.5.851: bg 0: block 5: invalid block bitmap
[  187.734925][ T8623] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 924 with error 28
[  187.747869][ T8623] EXT4-fs (loop5): This should not happen!! Data will be lost
[  187.747869][ T8623] 
[  187.761372][ T8623] EXT4-fs (loop5): Total free blocks count 0
[  187.767934][ T8623] EXT4-fs (loop5): Free/Dirty block details
[  187.774114][ T8623] EXT4-fs (loop5): free_blocks=0
[  187.779095][ T8623] EXT4-fs (loop5): dirty_blocks=932
[  187.784729][ T8623] EXT4-fs (loop5): Block reservation details
[  187.790733][ T8623] EXT4-fs (loop5): i_reserved_data_blocks=932
[  187.831276][ T5829] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  187.848636][   T12] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 924 with max blocks 8 with error 28
[  188.023128][ T5829] usb 2-1: Using ep0 maxpacket: 32
[  188.030161][ T5829] usb 2-1: config 0 has an invalid interface number: 12 but max is 0
[  188.034326][ T8601] raw-gadget.2 gadget.6: fail, usb_ep_enable returned -22
[  188.038529][ T5829] usb 2-1: config 0 has no interface number 0
[  188.051632][ T5829] usb 2-1: config 0 interface 12 has no altsetting 0
[  188.062692][ T5829] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  188.072035][ T5829] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  188.081228][ T5829] usb 2-1: Product: syz
[  188.085733][ T5829] usb 2-1: Manufacturer: syz
[  188.090342][ T5829] usb 2-1: SerialNumber: syz
[  188.097502][ T5829] usb 2-1: config 0 descriptor??
[  188.268028][    T9] cdc_ncm 7-1:1.0: MAC-Address: 42:42:42:42:42:42
[  188.278703][    T9] cdc_ncm 7-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  188.289277][    T9] cdc_ncm 7-1:1.0: setting rx_max = 2048
[  188.456125][ T8632] xt_CT: No such helper "pptp"
[  188.482147][    T9] cdc_ncm 7-1:1.0: setting tx_max = 184
[  188.507866][    T9] cdc_ncm 7-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.6-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[  188.568224][    T9] usb 7-1: USB disconnect, device number 5
[  188.600823][    T9] cdc_ncm 7-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.6-1, CDC NCM (NO ZLP)
[  188.863297][ T5790] usb 3-1: reset high-speed USB device number 14 using dummy_hcd
[  189.054348][ T5790] usb 3-1: device firmware changed
[  189.064917][ T1190] usb 3-1: USB disconnect, device number 14
[  189.243282][ T1190] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  189.353600][ T5829] f81534 2-1:0.12: f81534_get_register: reg: 1003 failed: -71
[  189.361281][ T5829] f81534 2-1:0.12: f81534_find_config_idx: read failed: -71
[  189.368729][ T5829] f81534 2-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  189.376439][ T5829] f81534: probe of 2-1:0.12 failed with error -71
[  189.388293][ T5829] usb 2-1: USB disconnect, device number 9
[  189.463926][ T1190] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  189.489117][ T1190] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  189.499189][ T1190] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  189.508283][ T1190] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  189.518490][ T1190] usb 3-1: config 0 descriptor??
[  189.553279][  T785] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  189.753345][  T785] usb 7-1: Using ep0 maxpacket: 16
[  189.760485][  T785] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  189.777061][  T785] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  189.789456][  T785] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  189.807295][  T785] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  189.817535][  T785] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  189.839621][  T785] usb 7-1: config 0 descriptor??
[  189.971550][ T1190] pyra 0003:1E7D:2CF6.0006: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.2-1/input0
[  190.239383][ T8662] loop5: detected capacity change from 0 to 512
[  190.260588][ T8662] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  190.328708][ T8662] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  190.379666][ T8662] ext4 filesystem being mounted at /190/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  190.443458][ T8660] loop1: detected capacity change from 0 to 32768
[  190.452720][ T8660] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.866 (8660)
[  190.471566][  T785] HID 045e:07da: Invalid code 65791 type 1
[  190.501654][ T8660] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  190.512112][ T8660] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  190.520862][ T8660] BTRFS info (device loop1): using free space tree
[  190.531832][  T785] input: HID 045e:07da as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:045E:07DA.0007/input/input15
[  190.553482][  T785] microsoft 0003:045E:07DA.0007: input,hidraw1: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.6-1/input0
[  190.570266][  T785] usb 7-1: USB disconnect, device number 6
[  190.589366][ T6407] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  190.671147][ T8660] BTRFS info (device loop1): enabling ssd optimizations
[  190.679005][ T8660] BTRFS info (device loop1): auto enabling async discard
[  190.755636][ T1190] pyra 0003:1E7D:2CF6.0006: couldn't init struct pyra_device
[  190.773232][ T1190] pyra 0003:1E7D:2CF6.0006: couldn't install mouse
[  190.782062][ T8680] fido_id[8680]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory
[  190.812124][ T1190] pyra: probe of 0003:1E7D:2CF6.0006 failed with error -71
[  190.863245][ T1190] usb 3-1: USB disconnect, device number 15
[  190.925924][ T5785] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  191.054421][ T8685] syz.5.870[8685] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  191.054760][ T8685] syz.5.870[8685] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  191.277553][ T8691] loop5: detected capacity change from 0 to 512
[  191.313578][ T8691] EXT4-fs: Ignoring removed mblk_io_submit option
[  191.343274][ T5789] Bluetooth: hci0: command 0x0406 tx timeout
[  191.343370][ T5798] Bluetooth: hci1: command 0x0406 tx timeout
[  191.352769][ T8691] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  191.413142][ T8691] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  191.455633][ T8693] loop2: detected capacity change from 0 to 512
[  191.462929][ T8693] EXT4-fs: Ignoring removed orlov option
[  191.497708][ T8693] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  191.521144][ T8691] EXT4-fs (loop5): 1 truncate cleaned up
[  191.566535][ T8691] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  191.592668][ T8693] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  191.622361][ T8696] loop6: detected capacity change from 0 to 4096
[  191.643993][ T8693] ext4 filesystem being mounted at /243/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  191.658124][ T8696] ntfs3: loop6: Different NTFS sector size (4096) and media sector size (512).
[  191.744836][   T27] audit: type=1800 audit(1754630291.291:34): pid=8701 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.871" name="file1" dev="loop5" ino=15 res=0 errno=0
[  191.884869][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  191.895272][ T6407] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  192.134833][ T8708] syz.5.877[8708] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  192.135072][ T8708] syz.5.877[8708] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  192.194823][ T8713] loop2: detected capacity change from 0 to 1024
[  192.268801][ T8713] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  192.378381][ T8722] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  192.635160][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  193.229207][ T8755] loop6: detected capacity change from 0 to 524287999
[  193.440110][ T8759] loop1: detected capacity change from 0 to 128
[  193.463519][ T8759] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  193.553774][ T8759] UDF-fs: error (device loop1): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40)
[  193.612275][ T8761] UDF-fs: error (device loop1): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40)
[  193.724495][ T8764] loop5: detected capacity change from 0 to 512
[  193.765722][ T8764] EXT4-fs error (device loop5): ext4_orphan_get:1399: inode #15: comm syz.5.901: casefold flag without casefold feature
[  193.885130][ T8764] EXT4-fs error (device loop5): ext4_orphan_get:1404: comm syz.5.901: couldn't read orphan inode 15 (err -117)
[  193.903196][ T8764] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  194.045527][ T8751] loop6: detected capacity change from 0 to 32768
[  194.066307][ T8751] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop6 scanned by syz.6.896 (8751)
[  194.115415][ T8751] BTRFS info (device loop6): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  194.161424][ T8751] BTRFS info (device loop6): using blake2b (blake2b-256-generic) checksum algorithm
[  194.184168][ T8751] BTRFS info (device loop6): using free space tree
[  194.196121][ T6407] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  194.390888][ T1281] ieee802154 phy0 wpan0: encryption failed: -22
[  194.397407][ T1281] ieee802154 phy1 wpan1: encryption failed: -22
[  194.427439][ T8789] vcan0: entered allmulticast mode
[  194.435132][ T8789] vcan0: left allmulticast mode
[  194.457001][ T8751] BTRFS info (device loop6): enabling ssd optimizations
[  194.474517][ T8751] BTRFS info (device loop6): auto enabling async discard
[  194.563746][   T27] audit: type=1800 audit(1754630294.111:35): pid=8751 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.896" name="file1" dev="loop6" ino=260 res=0 errno=0
[  194.901730][ T7737] BTRFS info (device loop6): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  195.216767][ T5801] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 10 /dev/loop6 scanned by udevd (5801)
[  195.352972][ T8774] loop1: detected capacity change from 0 to 32768
[  195.500727][ T8774] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  195.672718][ T8819] loop2: detected capacity change from 0 to 512
[  195.753672][ T8819] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  195.809248][ T8819] ext4 filesystem being mounted at /253/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  195.857188][ T8774] XFS (loop1): Ending clean mount
[  195.890008][ T8774] XFS (loop1): Quotacheck needed: Please wait.
[  196.042312][ T8774] XFS (loop1): Quotacheck: Done.
[  196.126864][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  196.380555][   T27] audit: type=1800 audit(1754630295.921:36): pid=8774 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.904" name="bus" dev="loop1" ino=9290 res=0 errno=0
[  196.837115][ T5785] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  197.078489][ T8838] loop6: detected capacity change from 0 to 4096
[  197.183985][  T785] usb 6-1: new full-speed USB device number 6 using dummy_hcd
[  197.196899][ T8838] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  197.384735][  T785] usb 6-1: config 0 has no interfaces?
[  197.395674][  T785] usb 6-1: New USB device found, idVendor=17dd, idProduct=5500, bcdDevice=f3.5e
[  197.412589][  T785] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  197.435405][  T785] usb 6-1: Product: syz
[  197.442115][  T785] usb 6-1: Manufacturer: syz
[  197.449809][  T785] usb 6-1: SerialNumber: syz
[  197.466827][  T785] usb 6-1: config 0 descriptor??
[  197.478948][ T7737] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  197.646689][ T8852] loop1: detected capacity change from 0 to 512
[  197.711880][ T8852] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  197.813326][ T8852] ext4 filesystem being mounted at /240/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  197.922009][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  197.975350][ T1190] usb 6-1: USB disconnect, device number 6
[  198.298994][ T8856] loop6: detected capacity change from 0 to 32768
[  198.309616][ T8848] loop2: detected capacity change from 0 to 32768
[  198.360043][ T8848] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  198.428025][   T27] audit: type=1804 audit(1754630297.971:37): pid=8856 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.926" name="/newroot/77/file0/bus" dev="loop6" ino=7 res=1 errno=0
[  198.601086][ T8848] XFS (loop2): Ending clean mount
[  198.656436][ T8848] XFS (loop2): Quotacheck needed: Please wait.
[  198.789012][ T8848] XFS (loop2): Quotacheck: Done.
[  198.920920][ T8877] bridge0: entered allmulticast mode
[  198.934685][ T8877] bridge0: left allmulticast mode
[  199.175125][ T8882] loop1: detected capacity change from 0 to 2048
[  199.181916][ T5786] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  199.208496][ T8882] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  200.068348][ T8894] loop2: detected capacity change from 0 to 4096
[  200.119062][ T8899] sctp: [Deprecated]: syz.6.940 (pid 8899) Use of int in max_burst socket option.
[  200.119062][ T8899] Use struct sctp_assoc_value instead
[  200.843233][ T8918] loop1: detected capacity change from 0 to 164
[  200.895739][ T8918] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  200.976644][ T8918] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  201.026553][ T8918] Symlink component flag not implemented
[  201.060136][ T8918] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  201.100219][ T8918] rock: directory entry would overflow storage
[  201.114991][ T8918] rock: sig=0x4f50, size=4, remaining=3
[  201.143114][ T8918] iso9660: Corrupted directory entry in block 4 of inode 1792
[  201.165398][ T8918] Symlink component flag not implemented (255)
[  201.635373][ T8920] loop5: detected capacity change from 0 to 32768
[  201.725167][ T8920] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  201.945865][ T8920] XFS (loop5): Ending clean mount
[  202.029943][ T8933] loop1: detected capacity change from 0 to 32768
[  202.065064][ T8933] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.957 (8933)
[  202.109717][ T6407] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  202.127830][ T8933] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  202.145219][ T8933] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  202.161682][ T8933] BTRFS info (device loop1): enabling auto defrag
[  202.184241][ T8933] BTRFS info (device loop1): max_inline at 0
[  202.190285][ T8933] BTRFS info (device loop1): force clearing of disk cache
[  202.199941][ T8933] BTRFS info (device loop1): turning on sync discard
[  202.207715][ T8933] BTRFS info (device loop1): using free space tree
[  202.393117][ T8933] BTRFS info (device loop1): enabling ssd optimizations
[  202.435847][ T8933] BTRFS info (device loop1): rebuilding free space tree
[  202.834858][ T5785] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  202.871725][ T8977] netlink: 'syz.5.965': attribute type 33 has an invalid length.
[  202.910458][ T8977] netlink: 152 bytes leftover after parsing attributes in process `syz.5.965'.
[  202.960300][ T8977] netlink: 'syz.5.965': attribute type 10 has an invalid length.
[  203.120616][ T8977] 8021q: adding VLAN 0 to HW filter on device bond0
[  203.209160][ T8977] team0: Port device bond0 added
[  203.794940][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  204.432559][ T8981] loop6: detected capacity change from 0 to 32768
[  204.462752][ T8981] XFS (loop6): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  204.516591][ T8981] XFS (loop6): Ending clean mount
[  204.679169][ T7737] XFS (loop6): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  205.636745][ T9024] loop5: detected capacity change from 0 to 32768
[  205.650382][ T9024] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 scanned by syz.5.980 (9024)
[  205.662669][ T9020] loop1: detected capacity change from 0 to 32768
[  205.688710][ T9020] XFS: ikeep mount option is deprecated.
[  205.717700][ T9020] XFS (loop1): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  205.720875][ T9024] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  205.748178][ T9024] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm
[  205.759423][ T9024] BTRFS info (device loop5): using free space tree
[  205.785440][ T9020] XFS (loop1): Ending clean mount
[  205.802882][ T9020] XFS (loop1): Quotacheck needed: Please wait.
[  205.873439][ T9024] BTRFS info (device loop5): enabling ssd optimizations
[  205.906305][ T9024] BTRFS info (device loop5): auto enabling async discard
[  205.926606][ T9020] XFS (loop1): Quotacheck: Done.
[  206.323972][ T6407] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  206.464335][ T5785] XFS (loop1): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  207.044864][ T9070] netlink: 'syz.6.990': attribute type 4 has an invalid length.
[  207.157909][ T9059] loop2: detected capacity change from 0 to 32768
[  207.241281][ T9059] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  207.391025][ T9059] XFS (loop2): Ending clean mount
[  207.606653][ T5786] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  207.807669][ T9074] loop1: detected capacity change from 0 to 40427
[  207.841289][ T9074] F2FS-fs (loop1): Small segment_count (9 < 1 * 24)
[  207.862306][ T9074] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  207.955986][ T9074] F2FS-fs (loop1): Found nat_bits in checkpoint
[  208.153415][ T9074] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  208.185460][ T9074] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  208.292358][ T2946] Bluetooth: hci4: Frame reassembly failed (-84)
[  208.355563][ T9091] loop6: detected capacity change from 0 to 32768
[  208.362548][ T9074] syz.1.992: attempt to access beyond end of device
[  208.362548][ T9074] loop1: rw=2049, sector=53248, nr_sectors = 8 limit=40427
[  208.409680][ T9091] XFS (loop6): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  208.523250][ T9091] XFS (loop6): Ending clean mount
[  208.542087][ T5785] syz-executor: attempt to access beyond end of device
[  208.542087][ T5785] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  208.596711][ T5785] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  208.607423][ T9091] XFS (loop6): Quotacheck needed: Please wait.
[  208.615546][ T5785] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  208.706830][ T9091] XFS (loop6): Quotacheck: Done.
[  208.804963][ T7737] XFS (loop6): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  209.092779][ T9110] loop2: detected capacity change from 0 to 32768
[  209.157557][ T9110] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  209.413611][ T9110] XFS (loop2): Ending clean mount
[  209.444060][ T9110] XFS (loop2): Quotacheck needed: Please wait.
[  209.550538][ T9110] XFS (loop2): Quotacheck: Done.
[  209.726426][ T5786] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  210.023684][ T9130] loop1: detected capacity change from 0 to 4096
[  210.174946][   T27] audit: type=1800 audit(1754630309.711:38): pid=9130 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1006" name="file1" dev="loop1" ino=33 res=0 errno=0
[  210.272466][ T9137] loop2: detected capacity change from 0 to 4096
[  210.303266][ T5796] Bluetooth: hci4: command 0x1003 tx timeout
[  210.304810][ T5792] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  210.333472][ T9137] NILFS (loop2): invalid segment: Checksum error in segment payload
[  210.364197][ T9137] NILFS (loop2): trying rollback from an earlier position
[  210.391704][ T5792] Bluetooth: hci0: command 0x0406 tx timeout
[  210.456392][ T9137] NILFS (loop2): recovery complete
[  210.502144][ T9142] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  211.133595][ T9157] binder: 9156:9157 ioctl c0306201 200000000540 returned -14
[  211.703211][ T5829] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  211.765797][ T9177] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1023'.
[  211.789642][ T9177] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  211.798935][ T9177] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  211.808034][ T9177] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  211.816892][ T9177] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  211.852031][ T9177] vxlan0: entered promiscuous mode
[  211.933277][ T5829] usb 2-1: Using ep0 maxpacket: 16
[  211.945553][ T5829] usb 2-1: config 0 interface 0 altsetting 13 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  211.960153][ T5829] usb 2-1: config 0 interface 0 has no altsetting 0
[  211.984193][ T5829] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1b34, bcdDevice= 0.00
[  212.004882][ T5829] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  212.051380][ T5829] usb 2-1: config 0 descriptor??
[  212.478265][ T5829] corsair 0003:1B1C:1B34.0008: hidraw0: USB HID v0.05 Device [HID 1b1c:1b34] on usb-dummy_hcd.1-1/input0
[  212.687170][ T5829] usb 2-1: USB disconnect, device number 10
[  212.956337][ T9199] loop6: detected capacity change from 0 to 32768
[  213.021956][ T9199] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  213.212149][ T9199] XFS (loop6): Ending clean mount
[  213.331421][ T7737] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  213.388070][    T9] kernel write not supported for file bpf-prog (pid: 9 comm: kworker/0:1)
[  213.579841][ T9222] loop5: detected capacity change from 0 to 512
[  213.670299][ T9222] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  213.684340][ T9222] ext4 filesystem being mounted at /234/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  213.824586][ T9229] input: syz0 as /devices/virtual/input/input16
[  213.935688][ T6407] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  214.288864][ T9239] loop2: detected capacity change from 0 to 512
[  214.311183][ T9239] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  214.394326][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  214.558831][ T9246] loop2: detected capacity change from 0 to 128
[  214.892669][ T9234] loop5: detected capacity change from 0 to 32768
[  214.909724][ T9234] (syz.5.1040,9234,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  214.957537][ T9234] (syz.5.1040,9234,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  215.004335][ T9234] JBD2: Ignoring recovery information on journal
[  215.105202][ T5829] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  215.140075][ T9234] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  215.303774][ T5829] usb 3-1: Using ep0 maxpacket: 32
[  215.310805][ T9234] ocfs2: Unmounting device (7,5) on (node local)
[  215.314474][ T5829] usb 3-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  215.363172][ T5829] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  215.397055][ T5829] usb 3-1: config 0 descriptor??
[  215.416542][ T5829] gspca_main: sunplus-2.14.0 probing 041e:400b
[  216.677834][ T5829] gspca_sunplus: reg_w_riv err -71
[  216.688359][ T5829] sunplus: probe of 3-1:0.0 failed with error -71
[  216.717616][ T5829] usb 3-1: USB disconnect, device number 16
[  217.175963][ T9299] input: syz1 as /devices/virtual/input/input17
[  217.948367][ T9326] loop1: detected capacity change from 0 to 128
[  217.969484][ T9326] EXT4-fs: Ignoring removed nobh option
[  218.000124][ T9326] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  218.017435][ T9326] ext4 filesystem being mounted at /283/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  218.254941][ T5785] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  218.501252][ T9342] netlink: 240 bytes leftover after parsing attributes in process `syz.1.1083'.
[  218.671103][ T9344] loop2: detected capacity change from 0 to 8192
[  218.708683][ T9344] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  218.759948][ T9344] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal
[  218.808002][ T9344] REISERFS (device loop2): using ordered data mode
[  218.816136][ T9344] reiserfs: using flush barriers
[  218.828806][ T9344] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  218.859600][ T9344] REISERFS (device loop2): checking transaction log (loop2)
[  219.043604][ T9344] REISERFS (device loop2): Using tea hash to sort names
[  219.076831][ T9344] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  219.339359][ T9357] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  219.352931][ T9357] iommufd_mock iommufd_mock2: Adding to iommu group 1
[  219.807965][ T9370] loop1: detected capacity change from 0 to 64
[  220.068060][ T9363] loop6: detected capacity change from 0 to 8192
[  220.116498][ T9363] FAT-fs (loop6): bogus number of directory entries (9)
[  220.144225][ T9363] FAT-fs (loop6): Can't find a valid FAT filesystem
[  220.232025][ T5829] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  220.454566][ T5829] usb 6-1: Using ep0 maxpacket: 16
[  220.476362][ T5829] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  220.502748][ T5829] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  220.523288][ T5829] usb 6-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  220.532372][ T5829] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  220.566328][ T5829] usb 6-1: config 0 descriptor??
[  220.768868][ T9387] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1103'.
[  220.788902][ T9387] netlink: 'syz.6.1103': attribute type 6 has an invalid length.
[  220.810956][ T9389] loop1: detected capacity change from 0 to 512
[  220.832025][ T9389] EXT4-fs: Ignoring removed oldalloc option
[  220.836996][ T9387] vxlan1: entered promiscuous mode
[  220.872001][ T9389] EXT4-fs (loop1): 1 truncate cleaned up
[  220.903468][ T9389] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  220.998610][ T5829] input: HID 05ac:8241 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:05AC:8241.0009/input/input18
[  221.106648][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  221.188034][ T5829] appleir 0003:05AC:8241.0009: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.5-1/input0
[  221.523743][ T9400] loop1: detected capacity change from 0 to 8192
[  221.553691][ T9400] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  221.568034][ T9400] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal
[  221.582017][ T9400] REISERFS (device loop1): using ordered data mode
[  221.590878][ T9400] reiserfs: using flush barriers
[  221.601239][ T9400] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  221.710918][ T9400] REISERFS (device loop1): checking transaction log (loop1)
[  221.861628][ T9400] REISERFS (device loop1): Using tea hash to sort names
[  221.869793][ T9400] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  221.961143][ T5829] usb 6-1: USB disconnect, device number 7
[  222.063770][ T5796] Bluetooth: hci3: command 0x0406 tx timeout
[  222.238421][ T9410] loop6: detected capacity change from 0 to 128
[  222.278940][ T9410] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  222.302114][ T9410] ext4 filesystem being mounted at /124/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  222.491595][ T7737] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  222.745213][    T9] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  222.963348][    T9] usb 2-1: Using ep0 maxpacket: 32
[  222.977352][    T9] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[  222.988281][    T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  223.004264][    T9] usb 2-1: config 0 has no interface number 0
[  223.020448][    T9] usb 2-1: config 0 interface 184 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  223.045707][    T9] usb 2-1: config 0 interface 184 has no altsetting 0
[  223.065296][    T9] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  223.075795][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  223.101428][    T9] usb 2-1: Product: syz
[  223.112331][    T9] usb 2-1: Manufacturer: syz
[  223.121708][    T9] usb 2-1: SerialNumber: syz
[  223.146581][    T9] usb 2-1: config 0 descriptor??
[  223.463366][ T5829] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  223.581020][    T9] smsc75xx v1.0.0
[  223.595458][    T9] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  223.610749][    T9] smsc75xx: probe of 2-1:0.184 failed with error -22
[  223.640835][    T9] usb 2-1: USB disconnect, device number 11
[  223.643279][ T5829] usb 7-1: Using ep0 maxpacket: 32
[  223.673876][ T5829] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  223.690077][ T5829] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  223.700458][ T5829] usb 7-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  223.720713][ T5829] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  223.737054][ T5829] usb 7-1: config 0 descriptor??
[  223.759291][ T5829] hub 7-1:0.0: USB hub found
[  223.923975][ T9452] loop5: detected capacity change from 0 to 512
[  223.959357][ T9452] EXT4-fs error (device loop5): ext4_orphan_get:1399: inode #15: comm syz.5.1127: casefold flag without casefold feature
[  223.962586][ T5829] hub 7-1:0.0: 1 port detected
[  223.975887][ T9452] EXT4-fs error (device loop5): ext4_orphan_get:1404: comm syz.5.1127: couldn't read orphan inode 15 (err -117)
[  224.007261][ T9452] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  224.207106][ T6407] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  224.518663][   T27] audit: type=1326 audit(1754630324.061:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9465 comm="syz.1.1133" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fae5838ebe9 code=0x0
[  224.579684][ T5829] hub 7-1:0.0: activate --> -90
[  224.787684][ T9473] loop5: detected capacity change from 0 to 512
[  224.800146][ T9473] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  224.837300][ T9473] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  224.885997][ T9473] EXT4-fs error (device loop5): ext4_readdir:263: inode #2: block 3: comm syz.5.1135: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0
[  224.918379][ T9473] EXT4-fs error (device loop5): ext4_readdir:263: inode #2: block 12: comm syz.5.1135: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[  224.943887][ T9473] EXT4-fs error (device loop5): ext4_readdir:263: inode #2: block 13: comm syz.5.1135: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[  224.985285][ T9473] EXT4-fs error (device loop5): ext4_readdir:263: inode #2: block 14: comm syz.5.1135: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  225.003243][ T5829] hub 7-1:0.0: hub_ext_port_status failed (err = -71)
[  225.016872][ T9473] EXT4-fs error (device loop5): ext4_readdir:263: inode #2: block 15: comm syz.5.1135: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[  225.039087][  T785] usb 7-1: USB disconnect, device number 7
[  225.045164][ T5829] usb 7-1-port1: cannot disable (err = -71)
[  225.065743][ T9473] EXT4-fs error (device loop5): ext4_readdir:263: inode #2: block 16: comm syz.5.1135: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[  225.092899][ T9473] EXT4-fs error (device loop5): ext4_readdir:263: inode #2: block 17: comm syz.5.1135: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  225.118468][ T9473] EXT4-fs error (device loop5): ext4_map_blocks:608: inode #2: block 18: comm syz.5.1135: lblock 23 mapped to illegal pblock 18 (length 1)
[  225.159232][ T9473] EXT4-fs error (device loop5): ext4_readdir:263: inode #2: block 19: comm syz.5.1135: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[  225.181603][ T9473] EXT4-fs error (device loop5): ext4_readdir:263: inode #2: block 20: comm syz.5.1135: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=2048 fake=0
[  225.220673][ T9479] loop2: detected capacity change from 0 to 1024
[  225.266175][ T9479] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  225.294907][ T9479] ext4 filesystem being mounted at /298/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  225.366211][ T9479] EXT4-fs error (device loop2): ext4_map_blocks:718: inode #15: block 3: comm syz.2.1136: lblock 3 mapped to illegal pblock 3 (length 13)
[  225.386276][ T9479] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117
[  225.413947][ T9479] EXT4-fs (loop2): This should not happen!! Data will be lost
[  225.413947][ T9479] 
[  225.468264][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  225.708346][ T6407] EXT4-fs warning (device loop5): ext4_update_dynamic_rev:1154: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  225.730638][ T6407] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  226.187403][ T9503] loop8: detected capacity change from 0 to 8
[  226.221576][ T9503] Dev loop8: unable to read RDB block 8
[  226.250243][ T9503]  loop8: unable to read partition table
[  226.267804][ T9503] loop8: partition table beyond EOD, truncated
[  226.287897][ T9503] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  227.014063][ T9528] loop2: detected capacity change from 0 to 2048
[  227.032409][ T9531] loop1: detected capacity change from 0 to 4096
[  227.065700][ T9528]  loop2: p1 < > p3
[  227.078966][ T9528] loop2: p3 size 134217728 extends beyond EOD, truncated
[  227.122575][ T9531] ntfs3: loop1: Mark volume as dirty due to NTFS errors
[  227.187383][ T9531] ntfs3: loop1: Failed to load $Extend (-22).
[  227.204259][ T9531] ntfs3: loop1: Failed to initialize $Extend.
[  227.465905][ T9537] loop2: detected capacity change from 0 to 128
[  227.516151][ T9537] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  227.600071][ T9537] ext4 filesystem being mounted at /301/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  227.859457][ T5786] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  229.251990][ T9602] loop8: detected capacity change from 0 to 8
[  229.277945][ T9602] Dev loop8: unable to read RDB block 8
[  229.291745][ T9602]  loop8: unable to read partition table
[  229.304132][ T9602] loop8: partition table beyond EOD, truncated
[  229.341496][ T9602] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  229.551517][ T9609] loop6: detected capacity change from 0 to 16
[  229.603508][ T9609] erofs: (device loop6): mounted with root inode @ nid 36.
[  229.644093][ T9609] erofs: (device loop6): z_erofs_readahead: readahead error at folio 26 @ nid 36
[  229.686433][ T9609] erofs: (device loop6): z_erofs_readahead: readahead error at folio 25 @ nid 36
[  229.714325][ T9609] erofs: (device loop6): z_erofs_readahead: readahead error at folio 24 @ nid 36
[  229.726011][ T9590] loop5: detected capacity change from 0 to 40427
[  229.733193][ T9609] erofs: (device loop6): z_erofs_readahead: readahead error at folio 23 @ nid 36
[  229.760659][ T9609] erofs: (device loop6): z_erofs_readahead: readahead error at folio 22 @ nid 36
[  229.772535][ T9590] F2FS-fs (loop5): build fault injection attr: rate: 771, type: 0x7ffff
[  229.790109][ T9590] F2FS-fs (loop5): invalid crc value
[  229.799760][ T9609] erofs: (device loop6): z_erofs_readahead: readahead error at folio 21 @ nid 36
[  229.811137][ T9590] F2FS-fs (loop5): Found nat_bits in checkpoint
[  229.829531][ T9609] erofs: (device loop6): z_erofs_readahead: readahead error at folio 20 @ nid 36
[  229.853332][ T9609] erofs: (device loop6): z_erofs_readahead: readahead error at folio 18 @ nid 36
[  229.876786][ T9609] erofs: (device loop6): z_erofs_readahead: readahead error at folio 16 @ nid 36
[  229.900107][ T9609] erofs: (device loop6): z_erofs_readahead: readahead error at folio 12 @ nid 36
[  229.953123][ T9590] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  229.962694][ T9609] syz.6.1189: attempt to access beyond end of device
[  229.962694][ T9609] loop6: rw=524288, sector=720, nr_sectors = 16 limit=16
[  230.023351][ T9609] syz.6.1189: attempt to access beyond end of device
[  230.023351][ T9609] loop6: rw=524288, sector=525144, nr_sectors = 16 limit=16
[  230.076744][ T9609] syz.6.1189: attempt to access beyond end of device
[  230.076744][ T9609] loop6: rw=524288, sector=8, nr_sectors = 16 limit=16
[  230.080969][ T9590] syz.5.1182: attempt to access beyond end of device
[  230.080969][ T9590] loop5: rw=2049, sector=45096, nr_sectors = 128 limit=40427
[  230.114766][ T9609] syz.6.1189: attempt to access beyond end of device
[  230.114766][ T9609] loop6: rw=524288, sector=13716630376, nr_sectors = 8 limit=16
[  230.155547][ T9590] F2FS-fs (loop5): inject no more block in inc_valid_block_count of f2fs_reserve_new_blocks+0x127/0xb50
[  230.179560][ T9590] syz.5.1182: attempt to access beyond end of device
[  230.179560][ T9590] loop5: rw=2049, sector=77824, nr_sectors = 96 limit=40427
[  230.239567][ T9590] syz.5.1182: attempt to access beyond end of device
[  230.239567][ T9590] loop5: rw=2049, sector=45136, nr_sectors = 88 limit=40427
[  230.375838][ T6407] syz-executor: attempt to access beyond end of device
[  230.375838][ T6407] loop5: rw=2049, sector=45224, nr_sectors = 8 limit=40427
[  230.390185][ T6407] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  231.410934][ T9654] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1210'.
[  231.537587][ T9656] loop6: detected capacity change from 0 to 2048
[  231.585650][ T9656]  loop6: p1 < > p3
[  231.593224][ T5790] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  231.600994][ T9656] loop6: p3 size 134217728 extends beyond EOD, truncated
[  231.793542][ T5790] usb 6-1: Using ep0 maxpacket: 32
[  231.803517][ T5790] usb 6-1: config 0 has an invalid interface number: 184 but max is 0
[  231.817051][ T5790] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  231.836030][ T5790] usb 6-1: config 0 has no interface number 0
[  231.850479][ T5790] usb 6-1: config 0 interface 184 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  231.880774][ T5790] usb 6-1: config 0 interface 184 has no altsetting 0
[  231.894046][ T5790] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  231.903668][ T5790] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  231.912557][ T5790] usb 6-1: Product: syz
[  231.918703][ T5790] usb 6-1: Manufacturer: syz
[  231.923667][ T5790] usb 6-1: SerialNumber: syz
[  231.931291][ T5790] usb 6-1: config 0 descriptor??
[  232.363513][ T5790] smsc75xx v1.0.0
[  232.373165][ T5790] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  232.384329][ T5790] smsc75xx: probe of 6-1:0.184 failed with error -22
[  232.398544][ T5790] usb 6-1: USB disconnect, device number 8
[  232.622525][ T9674] netlink: 240 bytes leftover after parsing attributes in process `syz.6.1221'.
[  232.752558][ T9676] loop1: detected capacity change from 0 to 512
[  232.777718][ T9680] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  232.790889][ T9676] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  232.795125][ T9680] iommufd_mock iommufd_mock2: Adding to iommu group 1
[  232.864112][ T9676] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  232.912820][ T9676] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 3: comm syz.1.1225: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0
[  232.951797][ T9676] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 12: comm syz.1.1225: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[  233.004887][ T9676] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 13: comm syz.1.1225: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[  233.064556][ T9676] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 14: comm syz.1.1225: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  233.127727][ T9676] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 15: comm syz.1.1225: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[  233.187789][ T9676] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 16: comm syz.1.1225: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[  233.236103][ T9676] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 17: comm syz.1.1225: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  233.299324][ T9676] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #2: block 18: comm syz.1.1225: lblock 23 mapped to illegal pblock 18 (length 1)
[  233.313366][ T9692] xt_CT: No such helper "pptp"
[  233.319005][ T9676] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 19: comm syz.1.1225: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[  233.347261][ T9676] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 20: comm syz.1.1225: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=2048 fake=0
[  233.549808][ T9705] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  233.592035][ T9705] iommufd_mock iommufd_mock2: Adding to iommu group 1
[  233.674054][ T5785] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1154: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  233.698904][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  234.114161][ T9724] loop2: detected capacity change from 0 to 512
[  234.123442][ T9724] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  234.140667][ T9722] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  234.177533][ T9724] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  234.205603][ T9719] loop1: detected capacity change from 0 to 8192
[  234.223995][ T9719] FAT-fs (loop1): bogus number of directory entries (9)
[  234.233064][ T9719] FAT-fs (loop1): Can't find a valid FAT filesystem
[  234.266081][ T9724] ext4 filesystem being mounted at /323/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  234.466214][ T9729] loop5: detected capacity change from 0 to 16
[  234.491048][ T9729] erofs: (device loop5): mounted with root inode @ nid 36.
[  234.532140][ T9729] erofs: (device loop5): z_erofs_readahead: readahead error at folio 26 @ nid 36
[  234.561268][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  234.570743][ T9729] erofs: (device loop5): z_erofs_readahead: readahead error at folio 25 @ nid 36
[  234.581718][ T9729] erofs: (device loop5): z_erofs_readahead: readahead error at folio 24 @ nid 36
[  234.594655][ T9729] erofs: (device loop5): z_erofs_readahead: readahead error at folio 23 @ nid 36
[  234.609943][ T9729] erofs: (device loop5): z_erofs_readahead: readahead error at folio 22 @ nid 36
[  234.654294][ T9729] erofs: (device loop5): z_erofs_readahead: readahead error at folio 21 @ nid 36
[  234.684723][ T9729] erofs: (device loop5): z_erofs_readahead: readahead error at folio 20 @ nid 36
[  234.696248][ T9729] erofs: (device loop5): z_erofs_readahead: readahead error at folio 18 @ nid 36
[  234.716662][ T9729] erofs: (device loop5): z_erofs_readahead: readahead error at folio 16 @ nid 36
[  234.743377][ T9729] erofs: (device loop5): z_erofs_readahead: readahead error at folio 12 @ nid 36
[  234.743568][ T5790] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  234.773225][ T9729] syz.5.1246: attempt to access beyond end of device
[  234.773225][ T9729] loop5: rw=524288, sector=720, nr_sectors = 16 limit=16
[  234.792057][ T9729] syz.5.1246: attempt to access beyond end of device
[  234.792057][ T9729] loop5: rw=524288, sector=525144, nr_sectors = 16 limit=16
[  234.981565][ T9742] syz.1.1242[9742] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  234.981801][ T9742] syz.1.1242[9742] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  235.003633][ T5790] usb 7-1: Using ep0 maxpacket: 16
[  235.033129][ T5790] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  235.053034][ T5790] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  235.083161][ T5790] usb 7-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  235.102514][ T5790] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  235.129537][ T5790] usb 7-1: config 0 descriptor??
[  235.152263][ T9747] syz.1.1243[9747] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  235.152492][ T9747] syz.1.1243[9747] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  235.433117][ T1190] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  235.584433][ T5790] input: HID 05ac:8241 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:05AC:8241.000A/input/input19
[  235.607854][ T9753] loop6: detected capacity change from 0 to 524287999
[  235.643202][ T1190] usb 6-1: Using ep0 maxpacket: 32
[  235.653292][ T1190] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  235.683422][ T1190] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  235.694667][ T1190] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  235.707961][ T5790] appleir 0003:05AC:8241.000A: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.6-1/input0
[  235.730509][ T1190] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  235.801727][ T1190] usb 6-1: config 0 descriptor??
[  235.819986][ T1190] hub 6-1:0.0: USB hub found
[  236.008980][ T9762] loop1: detected capacity change from 0 to 16
[  236.027569][ T9762] erofs: (device loop1): mounted with root inode @ nid 36.
[  236.048892][ T9762] erofs: (device loop1): z_erofs_readahead: readahead error at folio 26 @ nid 36
[  236.055405][ T1190] hub 6-1:0.0: 1 port detected
[  236.063560][ T9762] erofs: (device loop1): z_erofs_readahead: readahead error at folio 25 @ nid 36
[  236.084123][ T9762] erofs: (device loop1): z_erofs_readahead: readahead error at folio 24 @ nid 36
[  236.107313][ T9762] erofs: (device loop1): z_erofs_readahead: readahead error at folio 23 @ nid 36
[  236.116880][ T9762] erofs: (device loop1): z_erofs_readahead: readahead error at folio 22 @ nid 36
[  236.148627][ T9762] erofs: (device loop1): z_erofs_readahead: readahead error at folio 21 @ nid 36
[  236.168254][ T9762] erofs: (device loop1): z_erofs_readahead: readahead error at folio 20 @ nid 36
[  236.187982][ T9762] erofs: (device loop1): z_erofs_readahead: readahead error at folio 18 @ nid 36
[  236.210309][ T9762] erofs: (device loop1): z_erofs_readahead: readahead error at folio 16 @ nid 36
[  236.220593][ T9762] erofs: (device loop1): z_erofs_readahead: readahead error at folio 12 @ nid 36
[  236.230712][ T9762] bio_check_eod: 2 callbacks suppressed
[  236.230725][ T9762] syz.1.1253: attempt to access beyond end of device
[  236.230725][ T9762] loop1: rw=524288, sector=720, nr_sectors = 16 limit=16
[  236.252048][ T9762] syz.1.1253: attempt to access beyond end of device
[  236.252048][ T9762] loop1: rw=524288, sector=525144, nr_sectors = 16 limit=16
[  236.266611][ T9762] syz.1.1253: attempt to access beyond end of device
[  236.266611][ T9762] loop1: rw=524288, sector=8, nr_sectors = 16 limit=16
[  236.282687][ T9762] syz.1.1253: attempt to access beyond end of device
[  236.282687][ T9762] loop1: rw=524288, sector=13716630376, nr_sectors = 8 limit=16
[  236.439272][ T5790] usb 7-1: USB disconnect, device number 8
[  236.686801][ T1190] hub 6-1:0.0: activate --> -90
[  237.112439][ T5829] usb 6-1: USB disconnect, device number 9
[  237.326817][ T9789] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1264'.
[  238.202808][ T9792] loop2: detected capacity change from 0 to 40427
[  238.227274][ T9792] F2FS-fs (loop2): invalid crc value
[  238.248084][ T9792] F2FS-fs (loop2): Found nat_bits in checkpoint
[  238.366822][ T9792] F2FS-fs (loop2): Start checkpoint disabled!
[  238.408469][ T9792] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  238.756637][   T48] kworker/u4:3: attempt to access beyond end of device
[  238.756637][   T48] loop2: rw=2049, sector=40960, nr_sectors = 24 limit=40427
[  238.781354][   T48] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  238.811940][   T48] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  238.853202][   T48] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  239.292781][ T9826] loop5: detected capacity change from 0 to 32768
[  239.327689][ T9826] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 scanned by syz.5.1279 (9826)
[  239.388179][ T9826] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  239.432738][ T9826] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm
[  239.460385][ T9826] BTRFS info (device loop5): setting nodatacow, compression disabled
[  239.477114][ T9826] BTRFS info (device loop5): enabling disk space caching
[  239.486153][ T9826] BTRFS info (device loop5): turning off barriers
[  239.492726][ T9826] BTRFS info (device loop5): turning on flush-on-commit
[  239.507958][ T9826] BTRFS info (device loop5): setting incompat feature flag for COMPRESS_LZO (0x8)
[  239.527332][ T9826] BTRFS info (device loop5): force lzo compression, level 0
[  239.538075][ T9826] BTRFS info (device loop5): max_inline at 0
[  239.545380][ T9826] BTRFS info (device loop5): force clearing of disk cache
[  239.552536][ T9826] BTRFS info (device loop5): using default commit interval 30s
[  239.564581][ T9826] BTRFS info (device loop5): enabling ssd optimizations
[  239.571595][ T9826] BTRFS info (device loop5): max_inline at 868
[  239.588362][ T9826] BTRFS info (device loop5): disk space caching is enabled
[  239.763222][ T9851] loop2: detected capacity change from 0 to 128
[  239.809182][ T9826] BTRFS info (device loop5): auto enabling async discard
[  239.819889][ T9851] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  239.855093][ T9826] BTRFS info (device loop5): rebuilding free space tree
[  239.916226][ T9826] BTRFS info (device loop5): disabling free space tree
[  239.933734][ T9826] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  239.948440][ T9851] UDF-fs: error (device loop2): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40)
[  239.973593][ T9826] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  239.983334][ T9851] UDF-fs: error (device loop2): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40)
[  240.209542][ T9867] lo speed is unknown, defaulting to 1000
[  240.227594][ T9867] lo speed is unknown, defaulting to 1000
[  240.247102][ T9867] lo speed is unknown, defaulting to 1000
[  240.296656][ T6407] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  240.324873][ T9867] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  240.444132][ T9867] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  240.611836][ T9867] lo speed is unknown, defaulting to 1000
[  240.622891][ T9838] loop6: detected capacity change from 0 to 40427
[  240.651333][ T9838] F2FS-fs (loop6): build fault injection attr: rate: 771, type: 0x7ffff
[  240.668522][ T9867] lo speed is unknown, defaulting to 1000
[  240.685294][ T9867] lo speed is unknown, defaulting to 1000
[  240.701745][ T9838] F2FS-fs (loop6): invalid crc value
[  240.732270][ T9867] lo speed is unknown, defaulting to 1000
[  240.749683][ T9838] F2FS-fs (loop6): Found nat_bits in checkpoint
[  241.013730][ T9838] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  241.143281][ T9838] syz.6.1284: attempt to access beyond end of device
[  241.143281][ T9838] loop6: rw=2049, sector=45096, nr_sectors = 128 limit=40427
[  241.208739][ T9838] F2FS-fs (loop6): inject no more block in inc_valid_block_count of f2fs_reserve_new_blocks+0x127/0xb50
[  241.262123][ T9838] syz.6.1284: attempt to access beyond end of device
[  241.262123][ T9838] loop6: rw=2049, sector=77824, nr_sectors = 96 limit=40427
[  241.303248][ T9838] syz.6.1284: attempt to access beyond end of device
[  241.303248][ T9838] loop6: rw=2049, sector=45136, nr_sectors = 88 limit=40427
[  241.439007][ T7737] syz-executor: attempt to access beyond end of device
[  241.439007][ T7737] loop6: rw=2049, sector=45224, nr_sectors = 8 limit=40427
[  241.470371][ T7737] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  241.551394][ T9882] loop2: detected capacity change from 0 to 512
[  241.611230][ T9882] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  241.624434][ T9872] loop5: detected capacity change from 0 to 40427
[  241.651841][ T9882] ext4 filesystem being mounted at /339/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  241.707310][ T9872] F2FS-fs (loop5): invalid crc value
[  241.752089][ T9872] F2FS-fs (loop5): Found nat_bits in checkpoint
[  241.912670][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  242.001312][ T9872] F2FS-fs (loop5): Start checkpoint disabled!
[  242.023792][ T9872] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  242.333803][   T48] kworker/u4:3: attempt to access beyond end of device
[  242.333803][   T48] loop5: rw=2049, sector=40960, nr_sectors = 24 limit=40427
[  242.363118][   T48] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  242.382053][   T48] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  242.416970][   T48] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  242.764651][ T9907] loop1: detected capacity change from 0 to 256
[  242.833078][ T5829] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  243.033097][ T5829] usb 3-1: Using ep0 maxpacket: 16
[  243.045113][ T5829] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  243.063274][ T5829] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  243.083163][ T5829] usb 3-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  243.103248][ T5829] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  243.124289][ T5829] usb 3-1: config 0 descriptor??
[  243.204748][ T9918] vxcan0: tx drop: invalid da for name 0x0000000000000003
[  243.418364][ T9914] loop1: detected capacity change from 0 to 40427
[  243.427844][ T9914] F2FS-fs (loop1): build fault injection attr: rate: 771, type: 0x7ffff
[  243.464292][ T9914] F2FS-fs (loop1): invalid crc value
[  243.494341][ T9914] F2FS-fs (loop1): Found nat_bits in checkpoint
[  243.569835][ T5829] input: HID 05ac:8241 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:05AC:8241.000B/input/input20
[  243.598503][ T9914] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  243.689995][ T5829] appleir 0003:05AC:8241.000B: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.2-1/input0
[  243.732167][ T9914] syz.1.1304: attempt to access beyond end of device
[  243.732167][ T9914] loop1: rw=2049, sector=45096, nr_sectors = 128 limit=40427
[  243.777611][ T9925] F2FS-fs (loop1): inject no more block in inc_valid_block_count of f2fs_reserve_new_blocks+0x127/0xb50
[  243.804848][ T9925] syz.1.1304: attempt to access beyond end of device
[  243.804848][ T9925] loop1: rw=2049, sector=77824, nr_sectors = 96 limit=40427
[  243.839243][ T9925] syz.1.1304: attempt to access beyond end of device
[  243.839243][ T9925] loop1: rw=2049, sector=45136, nr_sectors = 88 limit=40427
[  243.905610][ T5785] syz-executor: attempt to access beyond end of device
[  243.905610][ T5785] loop1: rw=2049, sector=45224, nr_sectors = 8 limit=40427
[  243.924302][ T5785] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  244.249101][ T9922] loop6: detected capacity change from 0 to 40427
[  244.296616][ T9922] F2FS-fs (loop6): invalid crc value
[  244.325351][ T9922] F2FS-fs (loop6): Found nat_bits in checkpoint
[  244.384657][ T9922] F2FS-fs (loop6): Start checkpoint disabled!
[  244.406231][ T9922] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[  244.416172][ T5790] usb 3-1: USB disconnect, device number 17
[  244.632074][ T9936] loop5: detected capacity change from 0 to 1024
[  244.657943][ T9936] EXT4-fs (loop5): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  244.716913][ T9936] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  244.747125][   T48] kworker/u4:3: attempt to access beyond end of device
[  244.747125][   T48] loop6: rw=2049, sector=40960, nr_sectors = 24 limit=40427
[  244.800337][   T48] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  244.828247][   T48] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  244.863183][   T48] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  244.880233][ T9934] loop1: detected capacity change from 0 to 32768
[  244.922331][ T6407] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  244.988390][ T9934] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  245.151746][   T27] audit: type=1800 audit(1754630344.691:40): pid=9934 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1310" name="file1" dev="loop1" ino=17059 res=0 errno=0
[  245.227728][ T9942] loop5: detected capacity change from 0 to 4096
[  245.248507][ T9942] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  245.269209][ T9934] 
[  245.271570][ T9934] ======================================================
[  245.278592][ T9934] WARNING: possible circular locking dependency detected
[  245.285626][ T9934] 6.6.101-syzkaller #0 Not tainted
[  245.290741][ T9934] ------------------------------------------------------
[  245.297756][ T9934] syz.1.1310/9934 is trying to acquire lock:
[  245.303738][ T9934] ffff88805ec509d8 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]){+.+.}-{3:3}, at: ocfs2_del_inode_from_orphan+0x135/0x740
[  245.316725][ T9934] 
[  245.316725][ T9934] but task is already holding lock:
[  245.324095][ T9934] ffff88805ecdea20 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}, at: ocfs2_dio_end_io+0x38c/0x10f0
[  245.334743][ T9934] 
[  245.334743][ T9934] which lock already depends on the new lock.
[  245.334743][ T9934] 
[  245.345149][ T9934] 
[  245.345149][ T9934] the existing dependency chain (in reverse order) is:
[  245.354171][ T9934] 
[  245.354171][ T9934] -> #3 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}:
[  245.363066][ T9934]        down_write+0x97/0x1f0
[  245.367852][ T9934]        ocfs2_create_local_dquot+0x1a4/0x1790
[  245.374109][ T9934]        ocfs2_acquire_dquot+0x7cf/0xaf0
[  245.379783][ T9934]        dqget+0x77c/0xeb0
[  245.384223][ T9934]        __dquot_initialize+0x3ba/0xcb0
[  245.389877][ T9934]        ocfs2_get_init_inode+0x13c/0x1b0
[  245.395610][ T9934]        ocfs2_mknod+0x867/0x20f0
[  245.400648][ T9934]        ocfs2_mkdir+0x196/0x410
[  245.405598][ T9934]        vfs_mkdir+0x296/0x440
[  245.410378][ T9934]        do_mkdirat+0x1d4/0x440
[  245.415238][ T9934]        __x64_sys_mkdirat+0x89/0xa0
[  245.420534][ T9934]        do_syscall_64+0x55/0xb0
[  245.425489][ T9934]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  245.431912][ T9934] 
[  245.431912][ T9934] -> #2 (&dquot->dq_lock){+.+.}-{3:3}:
[  245.439549][ T9934]        __mutex_lock+0x129/0xcc0
[  245.444604][ T9934]        dqget+0x6fc/0xeb0
[  245.449024][ T9934]        __dquot_initialize+0x3ba/0xcb0
[  245.454659][ T9934]        ocfs2_get_init_inode+0x13c/0x1b0
[  245.460379][ T9934]        ocfs2_mknod+0x867/0x20f0
[  245.465400][ T9934]        ocfs2_mkdir+0x196/0x410
[  245.470330][ T9934]        vfs_mkdir+0x296/0x440
[  245.475087][ T9934]        do_mkdirat+0x1d4/0x440
[  245.479926][ T9934]        __x64_sys_mkdirat+0x89/0xa0
[  245.485238][ T9934]        do_syscall_64+0x55/0xb0
[  245.490165][ T9934]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  245.496573][ T9934] 
[  245.496573][ T9934] -> #1 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2){+.+.}-{3:3}:
[  245.507077][ T9934]        down_write+0x97/0x1f0
[  245.511832][ T9934]        ocfs2_evict_inode+0x1313/0x3e60
[  245.517464][ T9934]        evict+0x486/0x870
[  245.521867][ T9934]        vfs_rmdir+0x39b/0x4d0
[  245.526616][ T9934]        do_rmdir+0x29e/0x5c0
[  245.531280][ T9934]        __x64_sys_unlinkat+0xc4/0xe0
[  245.536635][ T9934]        do_syscall_64+0x55/0xb0
[  245.541559][ T9934]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  245.547963][ T9934] 
[  245.547963][ T9934] -> #0 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]){+.+.}-{3:3}:
[  245.558285][ T9934]        __lock_acquire+0x2ddb/0x7c80
[  245.563645][ T9934]        lock_acquire+0x197/0x410
[  245.568657][ T9934]        down_write+0x97/0x1f0
[  245.573499][ T9934]        ocfs2_del_inode_from_orphan+0x135/0x740
[  245.579827][ T9934]        ocfs2_dio_end_io+0x47b/0x10f0
[  245.585276][ T9934]        dio_complete+0x254/0x710
[  245.590284][ T9934]        __blockdev_direct_IO+0x2dc8/0x3420
[  245.596162][ T9934]        ocfs2_direct_IO+0x240/0x2b0
[  245.601445][ T9934]        generic_file_direct_write+0x1d4/0x3e0
[  245.607584][ T9934]        __generic_file_write_iter+0x11b/0x230
[  245.613723][ T9934]        ocfs2_file_write_iter+0x1582/0x1d00
[  245.619691][ T9934]        do_iter_write+0x79a/0xc70
[  245.624800][ T9934]        iter_file_splice_write+0x66f/0xc50
[  245.630690][ T9934]        direct_splice_actor+0xe8/0x130
[  245.636233][ T9934]        splice_direct_to_actor+0x2f0/0x870
[  245.642119][ T9934]        do_splice_direct+0x1b7/0x2c0
[  245.647482][ T9934]        do_sendfile+0x5dc/0xf70
[  245.652414][ T9934]        __se_sys_sendfile64+0x13f/0x190
[  245.658035][ T9934]        do_syscall_64+0x55/0xb0
[  245.662963][ T9934]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  245.669381][ T9934] 
[  245.669381][ T9934] other info that might help us debug this:
[  245.669381][ T9934] 
[  245.679592][ T9934] Chain exists of:
[  245.679592][ T9934]   &ocfs2_sysfile_lock_key[args->fi_sysfile_type] --> &dquot->dq_lock --> &ocfs2_quota_ip_alloc_sem_key
[  245.679592][ T9934] 
[  245.696526][ T9934]  Possible unsafe locking scenario:
[  245.696526][ T9934] 
[  245.703996][ T9934]        CPU0                    CPU1
[  245.709341][ T9934]        ----                    ----
[  245.714687][ T9934]   lock(&ocfs2_quota_ip_alloc_sem_key);
[  245.720309][ T9934]                                lock(&dquot->dq_lock);
[  245.727232][ T9934]                                lock(&ocfs2_quota_ip_alloc_sem_key);
[  245.735370][ T9934]   lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]);
[  245.742464][ T9934] 
[  245.742464][ T9934]  *** DEADLOCK ***
[  245.742464][ T9934] 
[  245.750588][ T9934] 3 locks held by syz.1.1310/9934:
[  245.755678][ T9934]  #0: ffff888076ce4418 (sb_writers#15){.+.+}-{0:0}, at: do_sendfile+0x5b9/0xf70
[  245.764821][ T9934]  #1: ffff88805ecded98 (&sb->s_type->i_mutex_key#22){++++}-{3:3}, at: ocfs2_file_write_iter+0x40b/0x1d00
[  245.776141][ T9934]  #2: ffff88805ecdea20 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}, at: ocfs2_dio_end_io+0x38c/0x10f0
[  245.787183][ T9934] 
[  245.787183][ T9934] stack backtrace:
[  245.793067][ T9934] CPU: 1 PID: 9934 Comm: syz.1.1310 Not tainted 6.6.101-syzkaller #0
[  245.801155][ T9934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  245.811203][ T9934] Call Trace:
[  245.814475][ T9934]  <TASK>
[  245.817397][ T9934]  dump_stack_lvl+0x16c/0x230
[  245.822069][ T9934]  ? load_image+0x3b0/0x3b0
[  245.826573][ T9934]  ? show_regs_print_info+0x20/0x20
[  245.831767][ T9934]  ? print_circular_bug+0x12b/0x1a0
[  245.836956][ T9934]  check_noncircular+0x2bd/0x3c0
[  245.841886][ T9934]  ? print_deadlock_bug+0x5d0/0x5d0
[  245.847071][ T9934]  ? lockdep_lock+0xe0/0x220
[  245.851733][ T9934]  ? _find_first_zero_bit+0xd3/0x100
[  245.857013][ T9934]  __lock_acquire+0x2ddb/0x7c80
[  245.861857][ T9934]  ? ocfs2_get_system_file_inode+0x1e3/0x7b0
[  245.867828][ T9934]  ? __lock_acquire+0x7c80/0x7c80
[  245.872868][ T9934]  ? verify_lock_unused+0x140/0x140
[  245.878068][ T9934]  ? __mutex_unlock_slowpath+0x1a2/0x6a0
[  245.883695][ T9934]  ? do_raw_spin_lock+0x121/0x2c0
[  245.888716][ T9934]  ? mutex_unlock+0x10/0x10
[  245.893210][ T9934]  lock_acquire+0x197/0x410
[  245.897703][ T9934]  ? ocfs2_del_inode_from_orphan+0x135/0x740
[  245.903672][ T9934]  ? ocfs2_get_system_file_inode+0x1f1/0x7b0
[  245.909636][ T9934]  ? __might_sleep+0xe0/0xe0
[  245.914218][ T9934]  ? read_lock_is_recursive+0x20/0x20
[  245.919590][ T9934]  ? ocfs2_fast_symlink_read_folio+0x530/0x530
[  245.925746][ T9934]  ? do_raw_spin_unlock+0x121/0x230
[  245.930941][ T9934]  down_write+0x97/0x1f0
[  245.935180][ T9934]  ? ocfs2_del_inode_from_orphan+0x135/0x740
[  245.941149][ T9934]  ? down_read_killable+0x340/0x340
[  245.946346][ T9934]  ocfs2_del_inode_from_orphan+0x135/0x740
[  245.952148][ T9934]  ? __might_sleep+0xe0/0xe0
[  245.956727][ T9934]  ? read_lock_is_recursive+0x20/0x20
[  245.962086][ T9934]  ? ocfs2_add_inode_to_orphan+0x710/0x710
[  245.967879][ T9934]  ? __lock_acquire+0x1334/0x7c80
[  245.972895][ T9934]  ? down_write+0x162/0x1f0
[  245.977389][ T9934]  ? down_read_killable+0x340/0x340
[  245.982584][ T9934]  ocfs2_dio_end_io+0x47b/0x10f0
[  245.987526][ T9934]  ? ocfs2_dio_wr_get_block+0x17a0/0x17a0
[  245.993240][ T9934]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  245.999124][ T9934]  ? _raw_spin_unlock+0x40/0x40
[  246.003970][ T9934]  ? debug_check_no_obj_freed+0x51f/0x540
[  246.009684][ T9934]  ? mark_lock+0x94/0x320
[  246.014001][ T9934]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  246.019966][ T9934]  ? lock_chain_count+0x20/0x20
[  246.024804][ T9934]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  246.030689][ T9934]  ? lockdep_hardirqs_on+0x98/0x150
[  246.035878][ T9934]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  246.041781][ T9934]  ? ocfs2_dio_wr_get_block+0x17a0/0x17a0
[  246.047532][ T9934]  dio_complete+0x254/0x710
[  246.052038][ T9934]  __blockdev_direct_IO+0x2dc8/0x3420
[  246.057415][ T9934]  ? show_vfsstat+0x3a0/0x3a0
[  246.062079][ T9934]  ? mark_lock+0x94/0x320
[  246.066402][ T9934]  ? ocfs2_lock_get_block+0x60/0x60
[  246.071604][ T9934]  ? filemap_write_and_wait_range+0x160/0x1f0
[  246.077687][ T9934]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  246.083667][ T9934]  ? file_update_time+0x197/0x1b0
[  246.088687][ T9934]  ? ocfs2_lock_get_block+0x60/0x60
[  246.093887][ T9934]  ocfs2_direct_IO+0x240/0x2b0
[  246.098663][ T9934]  generic_file_direct_write+0x1d4/0x3e0
[  246.104299][ T9934]  __generic_file_write_iter+0x11b/0x230
[  246.109921][ T9934]  ? ocfs2_file_write_iter+0x1559/0x1d00
[  246.115549][ T9934]  ocfs2_file_write_iter+0x1582/0x1d00
[  246.121008][ T9934]  ? ocfs2_file_read_iter+0xa30/0xa30
[  246.126383][ T9934]  ? kasan_set_track+0x5f/0x70
[  246.131138][ T9934]  ? aa_path_link+0xdd0/0xdd0
[  246.135807][ T9934]  ? iter_file_splice_write+0x18a/0xc50
[  246.141346][ T9934]  ? direct_splice_actor+0xe8/0x130
[  246.146534][ T9934]  ? splice_direct_to_actor+0x2f0/0x870
[  246.152068][ T9934]  ? do_splice_direct+0x1b7/0x2c0
[  246.157081][ T9934]  ? do_sendfile+0x5dc/0xf70
[  246.161661][ T9934]  ? __se_sys_sendfile64+0x13f/0x190
[  246.166933][ T9934]  ? do_syscall_64+0x55/0xb0
[  246.171522][ T9934]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  246.177602][ T9934]  ? end_current_label_crit_section+0x149/0x170
[  246.183845][ T9934]  ? common_file_perm+0x198/0x1f0
[  246.188869][ T9934]  do_iter_write+0x79a/0xc70
[  246.193465][ T9934]  ? vfs_iter_write+0xa0/0xa0
[  246.198142][ T9934]  ? __asan_memset+0x22/0x40
[  246.202729][ T9934]  ? iov_iter_bvec+0xd4/0x1b0
[  246.207396][ T9934]  ? vfs_iter_write+0x6e/0xa0
[  246.212077][ T9934]  iter_file_splice_write+0x66f/0xc50
[  246.217448][ T9934]  ? filemap_splice_read+0x881/0x9e0
[  246.222730][ T9934]  ? splice_from_pipe+0x150/0x150
[  246.227750][ T9934]  ? splice_folio_into_pipe+0xb10/0xb10
[  246.233285][ T9934]  ? splice_from_pipe+0x150/0x150
[  246.238302][ T9934]  direct_splice_actor+0xe8/0x130
[  246.243319][ T9934]  splice_direct_to_actor+0x2f0/0x870
[  246.248687][ T9934]  ? direct_file_splice_eof+0xb0/0xb0
[  246.254057][ T9934]  ? warn_unsupported+0xc0/0xc0
[  246.258908][ T9934]  ? fsnotify_perm+0x5d/0x5e0
[  246.263578][ T9934]  ? security_file_permission+0x79/0xa0
[  246.269118][ T9934]  do_splice_direct+0x1b7/0x2c0
[  246.273964][ T9934]  ? splice_direct_to_actor+0x870/0x870
[  246.279503][ T9934]  ? rcu_read_lock_any_held+0xb4/0x120
[  246.284954][ T9934]  ? do_splice_direct+0x2c0/0x2c0
[  246.289976][ T9934]  do_sendfile+0x5dc/0xf70
[  246.294390][ T9934]  ? do_pwritev+0x340/0x340
[  246.298891][ T9934]  __se_sys_sendfile64+0x13f/0x190
[  246.303995][ T9934]  ? lock_chain_count+0x20/0x20
[  246.308833][ T9934]  ? __x64_sys_sendfile64+0xb0/0xb0
[  246.314026][ T9934]  ? lockdep_hardirqs_on+0x98/0x150
[  246.319217][ T9934]  do_syscall_64+0x55/0xb0
[  246.323624][ T9934]  ? clear_bhb_loop+0x40/0x90
[  246.328286][ T9934]  ? clear_bhb_loop+0x40/0x90
[  246.332955][ T9934]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  246.338845][ T9934] RIP: 0033:0x7fae5838ebe9
[  246.343250][ T9934] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  246.362846][ T9934] RSP: 002b:00007fae591d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  246.371251][ T9934] RAX: ffffffffffffffda RBX: 00007fae585b5fa0 RCX: 00007fae5838ebe9
[  246.379210][ T9934] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[  246.387177][ T9934] RBP: 00007fae58411e19 R08: 0000000000000000 R09: 0000000000000000
[  246.395137][ T9934] R10: 0000000000fffe82 R11: 0000000000000246 R12: 0000000000000000
[  246.403097][ T9934] R13: 00007fae585b6038 R14: 00007fae585b5fa0 R15: 00007ffea64f35f8
[  246.411063][ T9934]  </TASK>
[  246.414178][    C1] vkms_vblank_simulate: vblank timer overrun
[  246.495932][ T9942] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  246.543736][ T9934] syz.1.1310 (9934) used greatest stack depth: 18320 bytes left
[  246.598816][ T6407] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  246.868269][ T5785] ocfs2: Unmounting device (7,1) on (node local)
[  246.874289][ T9947] loop6: detected capacity change from 0 to 32768
[  246.915739][ T9947]  loop6: p1 p2 p3
[  247.055881][ T6279] udevd[6279]: inotify_add_watch(7, /dev/loop6p3, 10) failed: No such file or directory
[  247.057251][ T5779] udevd[5779]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  247.068305][ T5801] udevd[5801]: inotify_add_watch(7, /dev/loop6p1, 10) failed: No such file or directory