last executing test programs: 4m9.54254784s ago: executing program 0 (id=209): sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x40, 0x0, 0x0) statx(0xffffffffffffffff, 0x0, 0x400, 0x80, 0x0) getuid() madvise(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0xd) syz_usb_connect$uac1(0x3, 0xb5, &(0x7f0000000b00)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xa3, 0x3, 0x1, 0x7, 0x80, 0x4, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x5, 0x9}, [@feature_unit={0x13, 0x24, 0x6, 0x2, 0x6, 0x6, [0x6, 0x6, 0x7, 0xd, 0x8, 0x4], 0x6e}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x79, 0x4, 0x3}, @format_type_ii_discrete={0x9, 0x24, 0x2, 0x2, 0xf5, 0xff, 0x3}, @format_type_ii_discrete={0x9, 0x24, 0x2, 0x2, 0x9727, 0x3518, 0x6f}, @format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0x0, 0x2, 0x10, 0x7}]}, {{0x9, 0x5, 0x1, 0x9, 0x20, 0x4, 0x8, 0xf9, {0x7, 0x25, 0x1, 0x2, 0x5, 0x9}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x8, 0x7, 0x1002}, @format_type_ii_discrete={0x9, 0x24, 0x2, 0x2, 0x8, 0x6, 0x1}]}, {{0x9, 0x5, 0x82, 0x9, 0x200, 0x1, 0x1, 0x0, {0x7, 0x25, 0x1, 0x0, 0x2, 0x95}}}}}}}]}}, 0x0) 4m7.842484629s ago: executing program 0 (id=221): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f000000850000002300000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kfree\x00', r0}, 0x18) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x21c91c, &(0x7f0000000900)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800000}}, {@noblock_validity}, {@mblk_io_submit}, {@jqfmt_vfsold}, {@nodelalloc}, {@nomblk_io_submit}, {@usrjquota}, {@minixdf}, {@resgid, 0x32}]}, 0x1e, 0x4ea, &(0x7f00000009c0)="$eJzs3VFrW9cdAPD/la3MSZzZYXvIAsvCkmGHLZIdL4nZQ7bB2J4C27L3zLNlYyxbxpKT2ITNYR9gMMY22NOe9jLoByiUfIRSCLTvpS0tpU3ah0LbqOhKShxHip1GllLr94MjnXt0r/7nXKGje+49XAXQt05HxJmIeFitVs9FxEijPNNIsVVPtfUe3L89W0tJVKvXPkoiknpZbbXxbe95tLHZUET8/jcRf0qejlve2FyaKRYLa43lfGV5NV/e2Dy/uDyzUFgorExNTV6avjx9cXqiI+0cjogrv3rvn3/736+vvPaTm29f/2D8z0mjPOJxOzqt3vRsui+aBiNibT+C9chg2kIAAL4Jmsf5P4yIczESA+nRHAAAAHCQVH8+HF8kEVUAAADgwMqkc2CTTK4xD2A4Mplcrj6H97txJFMslSs/ni+tr8zV58qORjYzv1gsTDTmCo9GNqktT6b5x8sXdixPRcTxiPjHyOF0OTdbKs71+uQHAAAA9ImjO8b/n47Ux//bfN6zygEAAACdM9rrCgAAAAD7zvgfAAAADj7jfwAAADjQfnv1ai1Vm/9/PXdjY32pdOP8XKG8lFten83NltZWcwul0kJ6z77l3d6vWCqt/jRW1m/lK4VyJV/e2Ly+XFpfqVxffOIvsAEAAIAuOv6Du28lEbH1s8NpqjnU60oBXTH4PCu/u3/1ALpvoNcVAHrmuX7/gQMl2+sKAD2X7PJ628k7r3e+LgAAwP4Y+17r6/8Du54b2Mp0qYrAPnH+D/qX6//Qv1z/h/6VjYEwkIf+ttstQIfajRX2fP2/Wn3uSgEAAB01nKYkk4tIzwMMRyaTy0UcS8cE2WR+sViYiIhvR8SbI9lv1ZYn0y2TXecMAwAAAAAAAAAAAAAAAAAAAAAAAAB11WoSVQAAAOBAi8i8n6R3848YGzk7vPP8wKHks5H0OSJu/ufav27NVCprk7Xyjx+VV/7dKL/QizMYAAAAwE7NcXpzHA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnfTg/u3ZZupm3A9/GRGjreIPxlD6PBTZiDjySRKD27ZLImKgA/G37kTEiVbxk1q1YrRRi1bxD/c4/tEOxId+drfW//yi1fcvE6fT59bfv0tpD/Xi2vd/mUf930CL+LWyY3uMcfLeK/m28e9EnBxs3f804ydt+p8ze4z/xz9sbrZ7rfrfiLGWvz/JE7HyleXVfHlj8/zi8sxCYaGwMjU1eWn68vTF6Yn8/GKx0HhsGePv33/14bPaf6RN/NFd2n92j+3/8t6t+9+pZ7OPNk8exx8/0/rzP9Emfqbx+f+oka+9PtbMb9Xz2536/xunntX+uTbt3+3zH99j+8/97q/v7HFVAKALyhubSzPFYmGtrzMvtDdqh0UvRStezkxtv379zYf2tYZ/2V6SdObrUDsyfzn2/ItletotAQAA++DpMTAAAAAAAAAAAAAAAAAAAADQbd24nVh2R8yt9LETd88HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOicrwIAAP///B/QPg==") syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x41, &(0x7f0000000880)={[{@bsdgroups}, {@nodiscard}, {@usrjquota}, {@grpjquota}, {@grpjquota}, {@minixdf}, {@prjquota}, {@noload}, {@block_validity}]}, 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV") syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1aca421, &(0x7f00000008c0)=ANY=[], 0xb, 0x0, &(0x7f0000000000)) 4m6.653179056s ago: executing program 0 (id=227): capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000040)={0x0, 0x0, 0x7}) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) close(r0) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8917, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) 4m6.174411255s ago: executing program 0 (id=229): syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000180)='./file1\x00', 0x4040, &(0x7f00000015c0)=ANY=[], 0x2, 0xc2d, &(0x7f00000001c0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.throttle.io_serviced\x00', 0x275a, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0xc0086c43, &(0x7f0000000080)=0x700) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x4008, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) 4m5.49761116s ago: executing program 0 (id=235): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000500000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r0}, 0x10) rt_sigaction(0x19, &(0x7f0000000000)={0xfffffffffffffffc, 0xcc000002, 0x0}, 0x0, 0x8, &(0x7f0000000440)) r1 = memfd_create(&(0x7f00000006c0)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\x00\x00\xd4N\x12\x9b\x1f\t\xd1Z+\x86T\x16\xf8\x01\x00\x00\x00\x9f+\x8d!\x0fG\xab\xc2\xdc\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\xa1\x9c\x86xm\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xb9\xc0LF;\xd6\x84\x195\x06\x00\x00\x00~\xf3S\x12\"p^\xc1jP\x8a\xc6[\xbd\xe7q]\xdd\r\x1aZS\x01*\x1b\xfd\xbcMA\xdcq\xa1\x00\xb3\xf9\x91r\x7f\xdc\xf1\xc3G,\xdb\xccS\x15\x95b\x17\xab\xe4?\x96\x95\xa4kP\x99YO\xb8V\xd5p\x90X\xaaf', 0x0) fallocate(r1, 0x0, 0x400000000000000, 0x7) 4m4.865877692s ago: executing program 0 (id=241): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="d8000000580081d34e81f782db44b904e417434509000300e8fe55a1180015000600142603600e120900210000000401a8001600a40001", 0x37}], 0x1}, 0x0) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000380)={&(0x7f0000000040)="b64b6779e728a585fc6d831c9c111ee3bf867c7fa20663508d961b5b0bc1d4eded804b84c8ee0b5e7b55af44aa8bf4a16c4d4aaf896a13f650a3b4f737945a9a179a6ceb93adadb8dd841258d0f04b02868cd415ab9bc48b055a8b3f92b143cb16138c216513a045af2101e7e3c507bedee404330f1171812cdaeed17a0e89dd4863a4e6808ca6b7046c38f33b9a0417e1c8fae7a9e1b4c8161b02", 0x0, 0x0, 0x0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x2, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000003c157d5b0e0000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x39, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="3640000049009125745c7388641f9c0e0a"], 0xfe33) 4m4.490589232s ago: executing program 32 (id=241): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="d8000000580081d34e81f782db44b904e417434509000300e8fe55a1180015000600142603600e120900210000000401a8001600a40001", 0x37}], 0x1}, 0x0) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000380)={&(0x7f0000000040)="b64b6779e728a585fc6d831c9c111ee3bf867c7fa20663508d961b5b0bc1d4eded804b84c8ee0b5e7b55af44aa8bf4a16c4d4aaf896a13f650a3b4f737945a9a179a6ceb93adadb8dd841258d0f04b02868cd415ab9bc48b055a8b3f92b143cb16138c216513a045af2101e7e3c507bedee404330f1171812cdaeed17a0e89dd4863a4e6808ca6b7046c38f33b9a0417e1c8fae7a9e1b4c8161b02", 0x0, 0x0, 0x0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x2, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000003c157d5b0e0000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x39, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="3640000049009125745c7388641f9c0e0a"], 0xfe33) 4m0.611284728s ago: executing program 1 (id=264): unshare(0x20000400) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f00000000c0)='netlink_extack\x00', r0}, 0x10) r1 = socket(0x10, 0x3, 0x0) write(r1, &(0x7f00000000c0)="240000005a001f001007f4f9002304000a04f51108000400020100020800038005000000", 0x24) 4m0.477467389s ago: executing program 1 (id=265): clock_getres(0x3, &(0x7f0000000000)) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket(0x18, 0x2, 0x0) setsockopt(r0, 0x1000000029, 0x2e, &(0x7f00000000c0)="ebffcbff13b9fd812eaa4e713048e69931929648", 0x14) setsockopt(r0, 0x1000000029, 0x2e, &(0x7f0000000000)="ebffcbdf13b9fd812eaa4e713048e69931929648", 0x14) 4m0.381118607s ago: executing program 1 (id=267): pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r1, &(0x7f0000000140)=ANY=[], 0x5) ioctl$int_in(r2, 0x5452, &(0x7f0000000040)=0x9) splice(r0, 0x0, r3, 0x0, 0x1, 0x9) 4m0.216773921s ago: executing program 1 (id=269): syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000002c0)='./file0\x00', 0x10, &(0x7f0000000600), 0x1, 0x59d, &(0x7f0000001100)="$eJzs3c9vFGUfAPDvs7stlAItb97kfZGDTUiERG1pwWiMiRDx5sEfJJ5IrG0hhAUaWhNBjJDgf6B/gIk3E2M8EmOIevHqzcSriSESA714WzO7s2WB3f7cMsh8PsnQ55mnk+8zu3z7zDw7MxtAaY1l/1Qi9kbEfIoY6WirRd441vq9u3euzCzduTKTotF4568UKV/X/v2U/xzON94eEb/8kOI/1YfjLly6fHa6Xp+7mNcnFs/NTyxcuvz8mXPTp+dOz52fmnxx8oUjh6eOHOrLfu6KiJ/Gj9eun3pt3zczX+755LuvbqQ4Gjvz9s796JexGFt+TTplr+tL/Q5WkGq+P51vcaoV2CHWpf3+DUTE/2IkqnHvzRuJT98qtHPAlmqkiAZQUkn+Q0m1jwOy89/2UuwRCfCo3D7WmgC4m1pze0vL+V9rzQ3G9ubcwI6lFJ3TOiki+jEzl8WYfyaNZEts0Twc0N3VaxHx/27jf2rm5mhzFj/L/8p9+V+JiDfzn9n6tzcYf+yBuvyHR2cz+f9eR/6/v8H48h8AAAAAAAD65+axiHiu2+d/leXrf6LL9T/DEXG0D/FX//yvcqsPYYAubh+LeCUi2tf+LXXkf260mtd2Na8HGEinztTnDkXE7og4GAPbsvrkCjHG9v080LOt4/q/bMnit68FzPtxq7bt/m1mpxenN7PPQMvtaxFP1brlf1oe/1OX8T8b++fXGKNx/NUfe7Wtnv/AVml8EXGg6/h/78kVaeXnc0w0jwcm2kcFD/vo5I1ve8WX/1CcbPzfsXL+j6bO5/UsrD/Gx3/+ton87378P5hONB85M5iv+3B6cfHiZMRgeuPh9VPr7zM8idr50M6XLP8P7u9+/r/S8f9QRFxdY8wT379+vVeb8R+KM3QtYnZd4//6C/vf/fzvXvHXNv4faY7pB/M15v9gZWtN0KL7CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/RpWI2BmpMr5crlTGxyOGI+K/saNSv7Cw+OypCx+cn83amt//X2l/0+9Iq57a3/8/2lGfeqB+OCL2RMRn1aFmfXzmQn226J0HAAAAAAAAAAAAAAAAAACAx8Rwj/v/M39Ui+4dsOVqRXcAKIz8h/KS/1Be8h/KS/5Decl/KC/5D+Ul/6G85D+UV7Xx9cmi+wAAAAAAAPTNnqdv/poi4urLQ80lM5i3DRTaM2CrHS26A0BhPOIHysulf1Beq53jmwOAJ19apX37hrcEAAAAAAAAAAAAAPrlwF73/0NZVYruAFCY3vf/ezIAPOnc/w/l5RwfcP8/AAAAAAAAAAAAADz+Fi5dPjtdr89d3Ghh2+Y2V1BYa+H33a3/s49Lf9ZfiNSHjHtEhaL/MgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG3/BAAA//9r5fVk") r0 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000300), 0x1, 0x0) mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0) write$binfmt_register(r0, &(0x7f0000000140)={0x3a, 'syz3', 0x3a, 'E', 0x3a, 0x2007, 0x3a, '\r', 0x3a, '\x84\xa3\xea\xd6O\x89|\xeb\x80\xf0\xe96\xf4`&\xd4E\xe7L\x82n;H\xd8\xdf\x9a, \\E\xd4\xab\x1ed', 0x3a, './file2', 0x3a, [0x46]}, 0x4b) syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1258438, &(0x7f0000000f80)=ANY=[], 0xb, 0x0, &(0x7f0000000000)) 3m59.447558773s ago: executing program 1 (id=273): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14}, [], {0x14}}, 0x28}}, 0x0) syz_mount_image$nilfs2(&(0x7f0000000a40), &(0x7f0000000a80)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00a717cf64394a00dc299b573660f498c4d99aac48af10923f703f53e58070c2bf4575228d0e471df7101ac03b8d48a1b0fc276e395f25b63e9a27cd2ab98888989eec154d97b4dbcf"], 0x1, 0xa09, &(0x7f0000001540)="$eJzs3UuMHEfdAPDq2Z31M5/H+WyyOCaxCSThkd14vZiHBXEUX7DiiFukiIvlOMHCMQhHgkQ52D5xI1FkrjzEKZcIEBK5ICsnLpGIJS45BQ4csIwUiQME7EW7WzU7+/eMemZt73h2fj+ptqa6aqaqZ3t6erq7qhIwthpLf+fnp6uULr3z5tG/P/y3LYtLnmiXaC39nexINVNKVU5Phtf7cGI5vv7Raye7xVWaW/pb0umZa+3nbkspnU/70uXUSnsuXXnjvbmnj184dnH/+28dvnpn1h4AAMbLty4fnt/9lz/dv/Pjtx84kja1l5fj81ZOb8/H/UfygX85/m+k1emqI3SaCuUmc2iEchNdynXW0wzlJnvUPxVet9mj3Kaa+ic6lnVbbxhlZTtupaoxsyrdaMzMLP8mT0u/66eqmbOnz7xwbkgNBW67fz6YUtonCMI4hoUdw94DASyL1wtvcj6eWbg17Veb7K/+a082uj8fboP13v7VP1r1/+qCPQ63z0bdmsp6lc/R9pyO1xHi/UuDfv7L68XrEc0+29nrOsKoXF/o1c6JdW7HWvVqf9wuNqqv57i8D98I+Z2fn/g/HZX/MdDdv5z/F4SxDQvD3gEBd61439xCVvLjfX0xf1NN/uaa/C01+Vtr8rfV5MM4++3LP0mvVyu/8+Nv+kHPh5XzbPfk+P8GbE88Hzlo/fG+30Hdav3xfmK4m/3+xLOnvvL8c1eW7/+v2tv/jby978vpVv5sXc4FyvnCeF69fe9/a3U9jR7l7g3tuadL+aXHu1aXq3atvE7q2M/c1I7p1c/b0avc3tXlWqHclhw2h/bG45Ot4Xnl+KPsV8v7NRnWtxnWYyq0o+xXduY4tgPWomyPve7/L9vndGpWL5w+c+rxnC7b6R8nmpsWlx9Y53YDt67f/j/TaXX/n+3t5c1G535hx8ryqnO/0ArL53osP5jT5XvuOxNblpbPnPzemedv98rDmDv3yqvfPXHmzKkfeOCBBx60Hwx7zwTcabMvv/T92XOvvPrY6ZdOvHjqxVNnDx46dHBu7tBXD87PLh3Xz3Ye3QMbycqX/rBbAgAAAAAAAAAAAPTrh8eOXvnzu1/+YLn//0r/v9L/v9z5W/r//zj0/4/95Es/+NIPcGeX/KUyYYDVqVCumcP/h/buCvXsDs/7RI7b8/jl/v+lujiua2nPfWF5HL+3lAvDCdw0XspUGIMkzhf46RxfzPEvEwxRtaX74hzXjW9dtvUyPoVxKUZT+b+VraGMY1L6f/ca16ns/3euQxu5/dajO+Gw1xHo7h/G/xaEsQ0LC2bxAO4Ow57/s5z3LPHZP3xz82Ioxa49uXp/GccvhVtxt88/qf6NNf9ne/67vvd/Yca81trq/ffPrn7QUW3a02/9cf3LONC7Bqv/41x/WZtHUn/1L/wi1B8vCPXpP6H+rX3Wf9P6711b/f/N9Ze37dGH+q1/ucVVY3U74nnjcv0vnjcurof1L2N7Drz+a5yo8UauH8bZqMwzO6hRmf+3l3gfxpdyuuwIy30Ocb6TQdtf7q8o3wO7w+tXNd9v5v8dbV/Lcd3nocz/W7bHVpd0oyPd7PLebtR9DYyqD13/E4SxDQsLC3f2hFaNoVbO0N//Yf9OGHb9w37/68T5f+MxfJz/N+bH+X9jfpz/N+bH+fVifpz/N76fcf7fmH9feN04P/B0Tf4na/L31OTfX5O/tyb/UzX5+2vyH6jJf7Am/96a/Idq8j9Tk//ZmvyHa/Ifrcn/XE3+Rlf6o4zr+sM4i/3zfP5hfJTrP70+/7tq8oHR9dO3Dzz13G++3Vru/z/VPh9SruMdyelm/u38o5yO171TR3ox792c/mvIv9vPd8A4ieNnxO/3R2rygdFV7vPy+YYxVHUfsaffcat6HeczWj6f4y/k+Is5fizHMzmezfGBHM+tU/u4M5769e8Ov16t/N7fEfL7vZ889geK40Qd7LM98fzAoPezx3H8BnWr9a+xOxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDQNJb+zs9PVyldeufNo88ePz27uOSJdonW0t/JjlSz/byUHs/xRI5/nh9c/+i1k53xjcV4KqUqzaUqVe3l6Zlr7Zq2pZTOp33pcmqlPZeuvPHe3NPHLxy7uP/9tw5fvYNvAQAAAGx4/wsAAP//2XsNow==") r0 = open(&(0x7f0000000080)='.\x00', 0x0, 0x1b5) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000000)='./file1\x00', 0x2010000, &(0x7f0000000880)={[{@numtail}, {@fat=@check_strict}, {@iocharset={'iocharset', 0x3d, 'cp1255'}}, {@shortname_win95}, {@fat=@codepage={'codepage', 0x3d, '949'}}, {@rodir}, {@fat=@debug}, {@shortname_mixed}, {@shortname_win95}, {@numtail}, {@shortname_mixed}, {@utf8no}]}, 0x25, 0x34c, &(0x7f0000000500)="$eJzs3T9oJGUUAPC3mU12EziTQji0Wu0EOS4RC21MOE44TKEni/8aFy7nn+wqZHEhFtlLo1gqNoJWdldoebVYiNhZ2HqCnIqN1x3c4cjuTHY3mcn9EbOn3u9XhJf3fW++byZDdhKSt6+uxua52Th/9eqVqNcrUV09tRrXKrEUM5FE5kIAAP8n19I0/kgzw8RTN5v90ULMZtHcVHYHAByF4ev/a8fGidrd3A0AMA2Fn//LPVuaffvItgUAHKHC6//D+4YP/Jq/OvqbAADgv+v5l15+Zm094myjUY/ovN9r9prx5Hh87Xy8Ee3YiJOxGDcisgeF7Glh8PHpM+unTzYGflmK5qCi14zo9HvN7ElhLRnW12I5FmMpr09H9cmgfnlY34iIC/3h+tGp9JqzsZCv/+NCbMRKLMb9hfqIM+unVxr5AZqdvfp+xG7U905isP8TsRjfzww/OReD2uxYg8zOcqNxKl3fV9+7WBvOAwAAAAAAAAAAAAAAAAAAAACAo3BiPvLuOY2lUf+btNPvvXc2n9Aojg/7+2TDeX+g3aw/UFrb687zQXKwP9D+/jy9ZjVm7uqZAwAAAAAAAAAAAAAAAAAAwL9Hd3suWu32xlZ3+93NcTDX7k9k3vr2i6/n4+CcN5NxJqrZ4fbNyXMxUZXEqDwdlafJvjl5kETkkyvRunhptOPJObXRWRTKB0GtMFTJ99Rqt4899POnZVV/jjNJjIbqpUtU8vUnhjr3Zamy/dw8qHS3V24x53KapoeV73xSrIp6RLXwhfsngm+uvP7AY93jj3cr1c3WV3nTh0ceXXzh8sef/7bZakd+adrtua3ujfRvr5VM3D+V/DpXSu6E8mB3nNnd6m63kh9+f/HBD787MDkpv3/Sycw7h6/15cHMXBYMtnk7ZzpbcvOXB69cH929d34xj3+22rq089OvexfzVlUT3yQ06gAAAAAAAAAAAAAAAAAAgKmY+F/xO/DEc0e3IwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYvvH7/08Eu4XM7QTX+1Ecqm1sdQ9dfH6qpwoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwD3srwAAAP//JT9zjQ==") ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40186e8d, &(0x7f0000000040)={0x700, 0x42c0000000003f, 0x400, 0x200000003, 0x6, 0x3, 0x2401}) 3m57.779981439s ago: executing program 1 (id=284): pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r1, 0x0, 0x10000008ebc, 0x0) splice(r0, 0x0, r3, 0x0, 0x25a5, 0x0) 3m57.261462761s ago: executing program 33 (id=284): pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r1, 0x0, 0x10000008ebc, 0x0) splice(r0, 0x0, r3, 0x0, 0x25a5, 0x0) 2m38.998909541s ago: executing program 3 (id=842): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)={0x2c, r2, 0x1, 0x4, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SCAN_SUPP_RATES={0x8, 0x7d, 0x0, 0x1, [@NL80211_BAND_60GHZ={0xffffffffffffffd7}]}, @NL80211_ATTR_MEASUREMENT_DURATION={0x6, 0xeb, 0x3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4004014}, 0x4004000) 2m38.726636764s ago: executing program 3 (id=844): setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mbind(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) 2m38.346564405s ago: executing program 3 (id=847): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000180)={'syzkaller1\x00', 0x1000}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000300)={0x1, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) 2m38.100872445s ago: executing program 3 (id=851): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) mount$fuseblk(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x24000, 0x0) mount$bind(&(0x7f0000000240)='.\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1a8584c, 0x0) 2m37.925529989s ago: executing program 3 (id=852): bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001a00)=ANY=[@ANYBLOB="85"], 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000300)='mm_migrate_pages_start\x00', r0}, 0x18) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) 2m36.224435708s ago: executing program 3 (id=864): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2}, 0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000340)={0x0, 0x2}, 0x8) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback, 0x8002}, 0x1c) sendto$inet6(r0, &(0x7f0000000180)="1a", 0x20000, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback, 0x5}, 0x1c) 2m35.969702919s ago: executing program 34 (id=864): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2}, 0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000340)={0x0, 0x2}, 0x8) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback, 0x8002}, 0x1c) sendto$inet6(r0, &(0x7f0000000180)="1a", 0x20000, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback, 0x5}, 0x1c) 1m30.169590006s ago: executing program 5 (id=1427): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a310000000038000000030a01040000000000000000010000010900ea0073797a32000000000c00024000000000000000010900010073797a300000000014000000110001"], 0xac}, 0x1, 0x0, 0x0, 0x8040}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000880)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x301, 0x0, 0x0, {0x0, 0x0, 0x6}}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xffffffff}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x78}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 1m30.006372119s ago: executing program 5 (id=1429): socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x170, 0x24, 0xd0f, 0x70bd2b, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0xa}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x140, 0x2, [@TCA_GRED_STAB={0x104, 0x2, "52087def75c736f85cc7d27338360e8cb966058f66908611a2da3e15d87ea4bbea3d646bddcbf88d74a8f9e560e73cc92e50a1e1eb696bc28149a6f97bca767db6d5a2e4a0ce4e1f337f52af8d065ab3903bf929f30662e91d6466b050411964902e6bfd3d89271fd28b48677d5cf2caefd8a40abbe65daabf39f028156294855a66954d2349461e5b3fdf380433eb7182203d89bd1637c99109d611ac6ddd1f8bd70df15be1196d73cf82360c81beb73bd89d4e22511b72fa9373f5ff75156b83de4ba43f4325cb81ad4e1ebabd12279a1c2cb16d9b64ac46472168b729780d5697663cde109a2ea16079fdfb016066bd7f663500"}, @TCA_GRED_PARMS={0x38, 0x1, {0x1, 0x6, 0x37, 0xa, 0x80000001, 0xb, 0x6, 0xffffffff, 0x2, 0x0, 0x14, 0x9, 0x8, 0x6, 0x8bc, 0x6}}]}}]}, 0x170}}, 0x0) 1m29.896577178s ago: executing program 5 (id=1431): syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, &(0x7f0000000000)="66b9800000c00f326635000800000f302e0f001366360f01dfb8a8000f00d866b80001c0fe0f23c80f21f866350800b0000f23f80f009e00000fc75c000f01cbbaf80c66b8020efa8f66efbafc0cedbaf80c66b84750278266efbafc0cb000ee", 0x60}], 0x1, 0x1, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket(0x15, 0x5, 0x0) getsockopt(r0, 0x200000000114, 0x271b, 0x0, &(0x7f0000000000)) 1m29.7476696s ago: executing program 5 (id=1433): r0 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f00000000c0)={[{@noinit_itable}, {@dax_inode}, {@nolazytime}, {@abort}, {@dax_inode}, {@lazytime}, {@noload}, {}, {@noauto_da_alloc}]}, 0xfe, 0x558, &(0x7f0000000c00)="$eJzs3U1rG0cfAPD/ynbenOeJAyG0PRRDDk1JI8d2X1LoIT2WNjTQ3lNhb0ywHAVLDrEbaHJoLr2UUCilgdIP0HuPoV+gnyLQBkIJpj30orLyylFsyZZtpVaq3w82mdldaXY0+x/PaCQUwMAaz/4pRLwcEV8nEcdajg1HfnB87bzVJ7dmsi2Jev2TP5JI8n3N85P8/9E881JE/PJlxJnC5nKryyvzpXI5XczzE7WF6xPV5ZWzVxdKc+lcem1qevr8W9NT777zds/q+vqlv777+MEH5786tfrtT4+O30viQhzNj7XWYw9ut2bGYzx/TUbiwoYTJ3tQWD9J9vsC2JWhPM5HIusDjsVQHvXAf98XEVEHBlQi/mFANccBzbl9j+bBL4zH769NgDbXf3jtvZE41JgbHVlNnpkZZfPdsR6Un5Xx8+/372Vb9O59CIBt3b4TEeeGhzf3f0ne/+3euS7O2VjGDvu/+g4vCWjxIBv/vNFu/FNYH/9Em/HPaJvY3Y3t47/wqAfFdJSN/95rO/5dX7QaG8pz/2uM+UaSK1fLada3/T8iTsfIwSy/1XrO+dWHHfup1vFftmXlN8eC+XU8Gj747GNmS7XSXurc6vGdiFfajn+T9fZP2rR/9npc6rKMk+n9Vzsd277+z1f9x4jX2rb/0xWtZOv1yYnG/TDRvCs2+/PuyV87lb/f9c/a/8jW9R9LWtdrqzsv44dDf6edju32/j+QfNpIH8j33SzVaouTEQeSjzbvn3r62Ga+eX5W/9Ontu7/2t3/hyPisy7rf/fE3Y6n9kP7z+6o/XeeePjh5993Kr+79n+zkTqd7+mm/+v2Avfy2gEAAAAAAEC/KUTE0UgKxfV0oVAsrn2+40QcKZQr1dqZK5Wla7PR+K7sWIwUmivdoy2fh5jMPw/bzE9tyE9HxPGI+GbocCNfnKmUZ/e78gAAAAAAAAAAAAAAAAAAANAnRjt8/z/z29B+Xx3w3PnJbxhc28Z/L37pCehL/v7D4BL/MLjEPwwu8Q+DS/zD4BL/MLjEPwwu8Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9denixWyrrz65NZPlZ28sL81XbpydTavzxYWlmeJMZfF6ca5SmSunxZnKwnbPV65Urk9OxdLNiVparU1Ul1cuL1SWrtUuX10ozaWX05F/pVYAAAAAAAAAAAAAAAAAAADwYqkur8yXyuV0UUJiV4nh/rgMibVEM7D3/IT72y8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQKt/AgAA//+jgjYy") mount$overlay(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}], [], 0x2c}) syz_mount_image$msdos(&(0x7f0000000400), &(0x7f0000001cc0)='.\x00', 0x1aca4b8, &(0x7f0000000480)=ANY=[@ANYRES16=r0, @ANYRESHEX=r0, @ANYBLOB="29ab3b30df7d75af6a66b0358c15235889ce2a0584d8b2ef4a21a27c9af13b6657ff207e1c5d58aea9c00a00ca049d3d367df0c23e00000000fdff00000639e695cecd9d0c27f3bd893e78c469110da7a3f6e2a787693f16be9dccc8aa22db6946d10cc6f04f5ca3a1a1d4a66bf1109fb12822f5e2a37bdd6dfdc5a2a86a95ba2a86dc0f5b5567f70a01d8aa78820a5dfb853c8562ce313972cf4af2e04803755d0068705559237f9a063c2c24ed23c25b8f4aab53efd1c9ced5045e9b88cfe32f33119a4bc01d3d73afd037dedde8aa4600c93c71e78ab732db07cba921af5f6b88c9b5ceccf4c71a4e74dca34e9c482904efbc2ea3d7ec2ec12cdae77d039aa63a344714995b27f961e81b2a68e073361ac1380aa8a2f3298c0807e1fe47f57e88e1a7ed753c1afbdda398eb521c9bc74429", @ANYRESHEX=r0, @ANYRESHEX, @ANYRES32=r0], 0xb, 0x0, &(0x7f0000000000)) chdir(&(0x7f0000000440)='./file0\x00') creat(&(0x7f0000000100)='./file0\x00', 0x7a) 1m29.37723788s ago: executing program 5 (id=1437): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f00000017c0)={0x0, 0x0, &(0x7f0000001780)={&(0x7f0000001700)={0x1c, 0x1, 0x4, 0x801, 0x0, 0x0, {0x5, 0x0, 0xa}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x4000000) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) close(r1) 1m29.095616253s ago: executing program 5 (id=1438): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x7, 0x2, 0x4, 0x5}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0, 0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10) syslog(0xc, 0x0, 0x0) 1m28.926207137s ago: executing program 35 (id=1438): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x7, 0x2, 0x4, 0x5}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0, 0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10) syslog(0xc, 0x0, 0x0) 20.634436497s ago: executing program 7 (id=2222): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x2008002, &(0x7f00000000c0)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1000}}, {@nodiscard}, {@quota}]}, 0x1, 0x558, &(0x7f0000000680)="$eJzs3c9vI1cdAPDvTH52d9vsQg9QAbtAYUGrtTfedlX10nIBoaoSouKAOGxD4o3C2nGIndKESKR/A0ggcYI/gQMSB6SeOHDjiMQBEOWAVCACbZA4GM14kriJw5rEsdn485Fm58ebme979s6852dnXgBj60ZE7ETEdES8GRFzxfakmOLVzpTt92h3e3Fvd3sxiXb7jb8leXq2LbqOyVwuzjkbEV/9UsQ3k+Nxm5tbDxdqtep6sV5u1dfKzc2t2yv1heXqcnW1Urk3f+/OS3dfrAysrNfrP3v/iyuvfe2Xv/j4e7/Z+fx3s2xdKdK6yzFInaJPHcTJTEbEa+cRbAQmivn0iPPB6aQR8aGI+FR+/c/FRP6/EwC4yNrtuWjPda8DABddmveBJWkpItK0aASUOn14z8altNZotm49aGysLnX6yq7GVPpgpVa9c23md9/Od55KsvX5PC1Pz9crR9bvRsS1iPjBzFP5emmxUVsaTZMHAMbe5e76PyL+OZOmpVJfh/b4Vg8AeGLMjjoDAMDQqf8BYPyo/wFg/PRR/xdf9u+ce14AgOHw+R8Axo/6HwDGj/ofAMbKV15/PZvae8Xzr5fe2tx42Hjr9lK1+bBU31gsLTbW10rLjcZy/sye+uPOV2s01uZfiI23y61qs1Vubm7drzc2Vlv38+d6369ODaVUAMB/c+36u79NImLn5afyKbrGclBXw8WWDnAv4MkycZaDNRDgiWa0LxhffVXheSPh1+eeF2A0ej7Me7bn4gf96H8I4ndG8H/l5kf77/83xjNcLHr2YXydrv//lYHnAxi+U/f//2Gw+QCGr91Ojo75P32QBABcSGf4CV/7e4NqhAAj9bjBvAfy/T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcMFci4luRpKV8LPA0+zctlSKejoirMZU8WKlV70TEM3E9IqZmsvX5UWcaADij9C9JMf7XzbnnrxxNnU7+NZPPI+I7P37jh28vtFrr89n2vx9sn9kfPqxyeNwZxhUEAPr3p352yuvvSjHv+iD/aHd7cX86xzwe8/4XDgYfXdzb3c6nTspktNvtdsRs3pa49I8kJotjZiPiuYiYGED8nXci4iO9yp/kfSNXi5FPu+NHEfvpocZPPxA/zdM68+zl+/AA8gLj5t3s/vNqr+svjRv5vPf1P5vfoc4uv//NRuzf+/a64k8WkSZ6xM+u+Rv9xnjhV18+trE910l7J+K5yV7xk4P4yQnxn+8z/u8/9onvv3JCWvsnETejd/zuWOVWfa3c3Ny6vVJfWK4uV1crlXvz9+68dPfFSjnvoy7v91Qf99eXbz1zUt6y8l86IX7nnb98pPzTB8d+ps/y//Tfb37jk4erM0fjf+7Tvd//Z/N579c/qxM/22f8hUs/P3H47iz+0gnlf9z7f6vP+O/9eWupz10BgCFobm49XKjVqutnWsg+hQ7iPMcWsiz2t/N+c/FsQf8Y+cLhy5JEEoMuV9YY62fnqfN6Vc99YfKgrTjYM389O+OQi5MOvBSnWYirxcKjYQUd3T0JGI7Di37UOQEAAAAAAAAAAAAAAE4yjL9hGnUZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLj+EwAA//8GP8IF") syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x1) syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0xa9c1b, 0x0, 0x1, 0x0, &(0x7f0000000080)) renameat2(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x2) 20.163831565s ago: executing program 7 (id=2223): r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x0, @rand_addr=0x64010102}]}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000480)={0x1, [0x0]}, &(0x7f0000000380)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000100)={0x1000, 0xfffb, 0x0, 0x1000, 0xce, 0x3f96222e, 0x7, 0x7, r2}, 0x20) 19.507645679s ago: executing program 7 (id=2224): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_STATION(r3, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000100)={0x4c, r1, 0xe096044a3fc9e6f1, 0x0, 0xfffffffd, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x4}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0xfa}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_OPMODE_NOTIF={0x5, 0xc2, 0x2}, @NL80211_ATTR_STA_PLINK_ACTION={0x5, 0x19, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 19.386415719s ago: executing program 7 (id=2225): syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000080)='./file0\x00', 0x400, &(0x7f00000004c0)=ANY=[@ANYBLOB="6e6f626172726965722c6e6f657874656e745f63616368652c6673796e635f6d6f64653d7374726963742c696e6c696e655f78617474720000693a653d3078303030303030303030303030303766662c736d61636b6673726f6f080000006673f52b00e58abba2d0cc27be339f6f4fe5ad35a724e1531a622f050000008586eb5ba3614d2c24abf5a2614c0f111e057112dafd66336a5e3b6512b81cda80be6e9a34ccc2b88c0100008000000000e3f5def862b95c20ee847008000b0c22653d2ff39b36732e46b56357afe57094f42ba61c5e8b4e184d7dd50000000000000000c0469264c247cd3c7fcb39043dda97538456bc294ae31e525d3b664cf8e83b52b1885b866b58698b3f132aced62a4fc7c8c400b805173d7488a35708d2523190c0014689f57be6ee3f5d28935a0000000000000000000000000000000000000059c1403d010001008ab61fa90695a8b268c277645c1e357ec9316354f659d4244fe126a8364eaa0de6bf4ba21c767782a04bdbb8c86d0cc7e3f03f8ef15c0ee311768cccb8affb0ae5d7cd0000000097676c046a6c754c98dd5f400ad99a588d983ae6e07b4e0e0907266aca53b30a815a84295fb5eab2f263613d36994dc15562892c33ed149270907e9c2e4d0cac7dd9735621a0c6768d4f70c664699157854bb1b85ce3f6ea44456e4f1ae1575315d77f2b995ce4d6ce21b17ca891c155ddd9916e997c32e78231e8d54675e4edf480980023b9736180ff98cf93f888eb70abb728b7e91a5d75b7e43e54f92b6e679249576f12533bef1c93aa993977f15c0a7b595423444db6e87480c46c408f6d48afa1ba"], 0x1, 0x5514, &(0x7f0000005d80)="$eJzs3M1rI2UYAPAn7Xa/XYt48LYDi9DCJmy67aK3qrv4gV3KqgdPmiZpyG6SKU2a1p48eBQPnv0nRMGTR/8GD569iQfFm6BkZqpbP8ClSWPb3w8mz7xv3jzzvGFZeGZKAjiz5pNffirFtbgUEbMRcTUiOy8VR2Y1D89FxPWImHnsKBXzf0ycj4jLEXFtlDzPWSre+vTm8MbKj2/8/PW3F85d+fyr76a3a2Dano+I7lZ+vtvNY9rK48NivjZsZ7G7PCxi/kb3UTFO87jb3Mgy7NYO1tWyeLuVr0+3dvqjuNmp1Uex1d7M5rd6+QX7w9ZBnuwDD2vb2bjR3Mhiu59msbWf17W3n//ftt8f5HkaRb4PsvQxGBzEfL6518z3s/Uoi/XeoJjP86aN5t4oDotYXC7qaaeR1bFxlG/6/+3Ndm9nLxk2t/vttJesVKovVKp3ytXttNEcNJfLtW7jznKy0OqMlpUHzVp3tZWmrU6zUk+7i8lCq14vV6vJwt3mRrvWS6rVyu3KrfLKYnF2M3n1/jtJp5EsjOLL7d7OoN3pJ5vpdpJ/YjFZqtx+cTG5UU3eWltP1h/cu7e2/vZ7d9+9/9La668Ui/5WVrKwdGtpqVy9VV6qLp6h/X9UFD3G/cORlJ5s+YVJ1QFwguj/gWmYXP+//SBi8v1/6P/H4kT1vxPr/z87s/uHI3nC/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNPj+7kvXstO5vPxlWL+qWLqmWJcioiZiPjtH8zG+UM5Z4s8c/+yfu4vNXxTiizD6BoXiuNyRKwWx69PT/pbAAAAgNPryw+vf5J36/nL/LQL4jjlN21mrr4/pnyliJib/2FM2WZGL8+OKVn27/tc7I0pW3YD6+KYkuW33M6NK9t/MnsoXHwslPIwc6zlAAAAx+JwJ3C8XQgAAADH6eNpF8B0lOLgUebBs+DsL+//fCB46dAIAAAAOIFK0y4AAAAAmLis//f7fwAAAHC65b//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7NzP7lpA1EcgJ8NLvSfiqru26N0B8foEbrssuIAvQRHoFfIBTgD2eUIEUR4HBSiJIrisa2Q75PMMBb8/IzwYmakAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALp0Wa0X//9+/9c2Z7dv54WX/dG2bgAAAHgLttV6Ub+Zpf7H5vzn5tTXpl9ERBkRD43dR/HuJHPU5FSPfL66V8NFRJ1wuMakOT5ExM/muP7S9a8AAAAA52uzXM3TaD29zIYuiD6lSZvy069MeUVEVLOrTGnlIe9bprD6/z2OP5nS6gmsaaawNOU2zpX2LPXjfpy1m95pitSUT38/270DAAA9Gp00/Y5CAAAA6NPvoQtgGEXcLmUelwInqWmW996f9AAAAIBXqBi6AAAAAKBz9fjf/n8AAABw3tL+fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHRpW60Xm+Vq3jZnt28nz90AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADADfvzjgIhEAZhsHd9ZzL3P6w0aGpqUgXCx98YDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvPndX/5PTI0zydxrY+l5JFk7NbZOjb1z4+gP4+vXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABc7M9tCoAgEIbBrezrX3j/w8YLeoYIZkB42EVBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBH7hnLOLXO2BJPVbVME3vGvaqOrBJnVokrF/p4sPUPfwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMvO/bzGUcUBAH8zs7NJq+IaZQ8RseBBLzbd1tbexIMSPPgnCCHd1titP9ocbClCLt4k515EjyKCEm/9H3puoZd662EPFTxX5lcy+XFYhZ3ZZD8fePO+Mwzzvm8WQr77XgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADsM/5wL06yQ6+I4/Law2d317P+0YE+c3/78XLWsjhqMunj4Y36SdSvnSw2nwwAAADzIanq+xDCk3RnNevjXl7/p9U9Wc3/00tFXNXzB+v+qq9q/6z9+cfT13YH6hXjZA+9ujEanjucSmd6s5xhz1+e4KZO/ubz716S/AOJP9l6dZzm7zP64cGDj7p5uDD9dAGA/+ds1ZdB9ftQ1g/aTAyAudGpFd5V/Z/02s0JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAnjrfBCFUchhOXOXpx59Ozu+lH9/e3Hy1W7dO/edv2Z2SPSEMLVjdHwXFhscDaz7dbtO9fXRqPhzeaDN0MIbY3+QTn9659NcHMIU0rjTEtvfs6CuPywZyWf4xG0+EMJAIATKS1bVtc/SXdWs2vRUgjPf95f/79di8OE9f/Tzy89rI9Vr/8Hjc1w9q1s3vh65dbtO+9u3Fi7Nrw2/PK984P3BxcuX7x4eSX/rqQ4tp0mAAAAx1i3bPX6P146vP5/uhaHCev/b34cfFcfK1H/H2lv0a/tTAAAAObbK2f++Ts64nrU7YZv1zY3bw6K4+75+eLYQqr/2ULZ6vV/stR2VgAAAEATxlvRvvX/K7U4TLj+/+Ivr/9Wf2YSQjhVrv+fXf9qdKW56cy0qfzx8EL5cDsLAAAAKOvxUwfW/9N8/3+8u+UhDiG881YRl/8GcKL6P/n4+1/rY9X3/19oboozKe4X7yPv+yF0+m1nBAAAwEm2mLdeXv//le6sfvH76U+79v8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANO3fAAAA///FdTwZ") mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000001340)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, &(0x7f00000002c0)={0x4, 0x10000000, 0x7, 0xffff}) 18.595623773s ago: executing program 7 (id=2233): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000140)={@val={0x0, 0x200}, @val={0x1, 0x0, 0x0, 0x0, 0x14}, @ipv4=@icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @multicast2, @local}, @dest_unreach={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, 0x0, @local, @loopback}}}}, 0x3e) 17.41165449s ago: executing program 7 (id=2242): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xb, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2d00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='tcp_probe\x00', r0}, 0x18) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2d}}, 0x6}, 0x1c) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c) 17.060054319s ago: executing program 36 (id=2242): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xb, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2d00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='tcp_probe\x00', r0}, 0x18) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2d}}, 0x6}, 0x1c) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c) 3.122914655s ago: executing program 8 (id=2414): bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000000)={0xffffffffffffffff, 0x0, &(0x7f00000010c0)=""/4097, 0xc26bfe8e8f6baca8}, 0x20) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) syz_clone(0x40800000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r1, 0x34}, 0x10) 2.795530302s ago: executing program 8 (id=2417): r0 = socket$pppoe(0x18, 0x1, 0x0) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000140)={0x18, 0x0, {0x4, @random="6994379a97b0", 'bridge_slave_1\x00'}}, 0x1e) connect$pppoe(r1, &(0x7f00000000c0)={0x18, 0x0, {0x4, @multicast, 'bond0\x00'}}, 0x1e) ioctl$PPPOEIOCSFWD(r1, 0x4008b100, &(0x7f0000000040)={0x18, 0x0, {0x4, @local, 'bridge_slave_1\x00'}}) 2.579247079s ago: executing program 8 (id=2419): syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f00000001c0)={[{@treelog}, {@nodatacow}, {@max_inline={'max_inline', 0x3d, [0x6d, 0x33, 0x78, 0x39, 0x65, 0x36]}}, {@space_cache}, {@nodatasum}, {@nobarrier}, {@flushoncommit}, {@noautodefrag}, {@ref_verify}, {@compress}, {@clear_cache}, {@commit={'commit', 0x3d, 0x3}}, {@ssd}, {@nobarrier}, {@max_inline={'max_inline', 0x3d, [0x38, 0x36, 0x38, 0x35, 0x32, 0x25]}}]}, 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0) renameat2(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x2) pwritev2(r0, &(0x7f0000000800)=[{&(0x7f0000000440)='!', 0x1}], 0x1, 0x96c, 0x200, 0x5) renameat2(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x2) 1.695643972s ago: executing program 2 (id=2421): syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x0, &(0x7f00000021c0)={[{@dioread_nolock}, {@minixdf}, {@nolazytime}, {}]}, 0x1, 0x783, &(0x7f0000002200)="$eJzs3M9rXOUaAOD3nGaa/si9kwt3ce+mCi20UDpJmk27Mm7ETaFQcFtDMgkhJ5mSmdQkFpq6E4TabFQE0b1Lt0Kpf4A7KSi4F0RrXKibkTOZTNt0Zjptk04bnwdO5vvOfN9533dm8uUcyJkA/rFezX8kEUMRcTEiis39aUQcbLQORaxvjdu8d20q35Ko1y/9kuTTYrNebB0raT4ejcaU+F9E3ClEnH7v0bjV1bX5ySwrLzX7I7WFKyPV1bUzcwuTs+XZ8uLY+PnRc+Pj50bHd63WE2+dP3zr2zc2Nr77qnbz2MCZJCYadUeztl0L9ICt16QQEzv2L+5FsD5Kehgz8BzyAACgu/w8/0Dz3KwQxTjQ7SzNCRwAAAC8lOqD9V792fNIAAAA4AWTRL8zAAAAAPbW9v8BbN/bu1f3wXby8+sRMdwu/kDjHuKIQ1GIiCObyUO3HyRb0+CZrN+IiNsTbT5/vdzR3N3o/ebh3Tkiu+12vv5MtFt/0tb6E23Wn4Ht7054Rp3Xv/vxD3RY/y72GOPrz/5f6Bj/RnXl/WPt4iet+EmH+G/3GP/mxge3Oj1X/yLiZNu/P8lDsbp8P8TIzFzW7lerle6dv07d7Vx/xJFH4idJI2rSvf4rPdb/7uZv8+td4p863v3934o/+NC8/DPxYTOPNCJuNR/z/saOGMcXvv/m0cjJ+nb86Q6vf/v3/81W/Z/3WP+PXw6u9DgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGtKIGIokLbXaaVoqRRyNiP/GkTSrVGunZyrLi9P5cxHDUUhn5rLyaEQUt/pJ3h9rtO/3z+7oj0fEf344vBV0LiuXpirZdL+LBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOVoRAxFkpYiIo2I34tpWir1OysAAABg1w33OwEAAABgz7n+BwAAgP3vaa//k13OAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjXLl64kG/1zXvXpvL+9NXV5fnK1TPT5ep8aWF5qjRVWbpSmq1UZrNyaaqy8LjjpRExdj6WV0Zq5WptpLq6dnmhsrxYuzy3MDlbvlwuPJeqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFJDjS1JSxGRNtppWipF/CsihqOQzMxl5dGI+HdE3C0WBvP+WL+TBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYNdVV9fmJ7OsvPRyN+r7q5yeG5FEvABpdGh80nxXuo1J1iP6nmraTPRZjhPxJLOuP+Zl6XfjlT6tRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Fd1dW1+MsvKS9V+ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB/pT8lEZFvJ4snhnY+ezD5o9h4jIh3Pr300cpkrbY0lu//tbW/9nFz/9kHJl5/njUAAADAvvfakwzevk7fvo4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoVXV1bX4yy8pLe9iIG/2uEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBp/BwAA//9Js7nR") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f0000000280)='q', 0x1, 0x9c85) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) pwrite64(r1, &(0x7f0000000140)='2', 0x1, 0x8001) 1.579708991s ago: executing program 4 (id=2422): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000006c0015000000d9fece23b82004000000", @ANYRES32=r0, @ANYBLOB="000080000000000018003480050035"], 0x38}, 0x1, 0x300}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB='8\x00\x00\x00m'], 0x38}, 0x1, 0x300}, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x4924b68, 0x0) 1.567310192s ago: executing program 4 (id=2423): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x7f) write$uinput_user_dev(r0, &(0x7f0000000680)={'syz0\x00', {}, 0x3b, [0x0, 0x0, 0x0, 0x10000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0xfffffffd, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0xffffffff, 0x4], [0x0, 0x0, 0x0, 0x0, 0x2, 0x10, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x4000, 0x0, 0x0, 0xc4, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x8000000, 0x2, 0x9, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x1, 0x0, 0x0, 0xfffffffc, 0x0, 0x1], [0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x2, 0x40f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x100, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x2000001, 0xfffffffd, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e, 0x1, 0x0, 0x6, 0x0, 0xfffffff8], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xedf9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x1ed, 0x0, 0x0, 0x40, 0x0, 0x0, 0x1, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x1e) ioctl$UI_DEV_CREATE(r0, 0x5501) 1.517768846s ago: executing program 4 (id=2424): syz_mount_image$btrfs(&(0x7f0000000000), &(0x7f00000015c0)='./file0\x00', 0x0, &(0x7f0000001600), 0x0, 0x559e, &(0x7f000000ac40)="$eJzs3X9sVeX9B/BzWwoN+C39jhUYfxAgBoMkyJYtjqB4MQa24eKlgsKcCEQlBivYRDcYqUWSZcaghU4EF5GQaDJjscM/FMywy7CMZfzY5hZjs4JSaZZsAzVrHDG69N77XO49l9tembNOXy/SnvPcz3me+9yT88d9X/qcGwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAURUcSc9+d0f3i0ZE1X77/Hz+e+OjGn4zfvX/roVvu23T/gjMjbto5a1nf+mlN8zdsbDjS/PS+ObdGUSLdL5Htf9u136q/88bbvlsdBly+MLOtrS31lJmuJzON4QUP9vcr/FkRRVFVbIDK7PbV7E5FwQC53cbiAQf0Tuui6O7J8ya1dT01bklyYU/xS6df9VBPYKhkr6ue89dSMv27InZErp136SUKLtFM//gF96m8CADgY5mZSm9yb0ezb3Fz7eZ4PdZOxtotsXZ4h9CS37gYmXGHl5rnpHh9iOaZzESFESXnGatnz3+unYr3j7VjUeNjzLPw0GykqS41z7Wx+lDNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCzZOzxo2tWtD2y575fdtQceff9OVc+8KWOw22LT4y8eunKHWum/HTWsr7105rmb9jYcKT56X1zbo2i2nS/RKZ74kTL5b9NjZ3fvXfcG427n6vpq8yOG7bD8g6OXg87s0ZH0cq8Sk8Y9q81UZQqLKSb0Y7iwl3pnW+HAgAAAJ8nX0n/rsi1M3GwqqCdSKfJRPpfkAmL77Quiu6ePG9SW9dT45YkF/Zc/HipEuMlLzherl17/ieRF4xD/I2Pd74eDm0sGmdg8RHjef7SMWPefmty/eSvT5v7xA3PjOru+r8nZ2xJ/bGu5oUrru+tf/a6ovxfO3D+D2dO/gcAAOA/If/HxxnYYPn/jqVTt7z+i2Grft3a8MTB+h1/bv3OMzsXneq54Ud9L09N3v7o1UX5f1LBUxbl/zDjkP8roovL/wAAAPBZ9t/O/8micQY2WP5vONM3+wcHX6vr+PucxXt+9dAVi8+e/tv8U7t3DV9zR8v6uoeuLMr/M8vL/8Pypx0e/F2Y8OrRUTSz/JMKAAAAFAj/737+o4WQ1zOfHMTz+rX/vKp5380ffPMbD97zpzff/s2xA7MnrdteN/PgyzfVf1j5ve3dRfk/WV7+r/p0Xi4AAABQhuePrpw773jPucfPvtB18vDu3pMznjyzrqnvdOslLatXbTr2WlH+T5WX/0cMzcsBAAAALuDeO59bsfnVl/oe2H/X2Ck9FVc1XpK4ZduOqU0TPuq8tPfy7VuL8v/y8vL/yOw2u/Ih06kz/BVC6+goqu7fWZspHIparskVAAAAgE9IyOlbP1ixbOzOsb3jj59+rObQG4dn/2Vt55yN13RXdW/uXNZ4WdH9AkJiL3X//3Cng7D+v+D+f0Xr//MKmbv+zXZjAAAAAL6Iitfzh9vjZ765oNT375e7/n9J3cQTiba33lv11XMHzo1ZsP/7129aV9/be8+El37/wz9M/6i6KP83l5f/K/O3n+T3/wEAAMBF+F/7/r+lReMMbLD7/zdV9DWsWrd3+uota7csTCw7UH3qwdV731+w5l9Tb36+qea6A0X5v6W8/B+2o/JfXkc4P5tGR9H4/p3s3QR/Hqa7OlZor8orZE58rMeNoUe20D4ir5C2Ntbja6OjaHL/TnOs8P+h0BIrnK3JFnbFCsdCIXs95Ap7YoWOcKVtq8lON154MRSyCyzawwqKUbklEbEe75Xq0V+4YI+u3JMDAAB8oYTwnM2yVYXNKB5l2xODHTBysAMqBjugcrADhsUOiB9Y6vFoeWEhPH575yMbNjVMSb7y8NzHfvbms40T9j1+WV3v5g9f2XbvxJ3TW6YW5f9d5eX/cCqGZzal1v9HYf1/9nsNc+v/l4dCbazQHgqp+B0DUuE5MmH34fActalsj7PjcwUAAAD4XAufC1QO8TwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/s3evcdJVd0JAj/d9INumqaNE9GMk3TUgGakaWwNw+AoaoxGRZpZddxkNBBoEGmE8FgFURtQZxziZ3ztrJnoCAoiu+qHGFeDwUhcxIw6iWLiA/Cxjq7r+h6VGM2E/XTfOkXVrS67EFDa+X7/6DpVv/O89eg69946FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/xjuPfjlk4YunP0PHzace8nqqqmL/kfH6Mv+cNW3vvjUPy5b9G9h/i9GnLll3kEXHjd/wbR/6Vi++ogzQmjtKleWFC977oqvPtS613HP3jFw48wbb63fUpWpNxMP/Tr/lGfuXBxbfbF/CHeXhVCRDgypSwKVmft1sb5960LYI2wLZEu01SYl0g2HB2pCWBK2BbJVra4JoS4ncMqG+++7vDNxTU0IXwkhVKfbeKY6aaMmHRhUlQRq04HpFUngt1sT2cBPypMA7LD4Zsi+6Fe15mdo6L5ckddf5U7r2KcrPbw+MdFQPN/rR+3iTuWoSj/QukNPW0F17BIFb4+13m294N1WsJ2v8LTlfpHKfEPZui1UHcontk0aP6d9dnykPDQ19SlW0y56np9+e/6E7Un3mtdh7EDDTnkdXvrYiun9lo2+9OrNvxqz4ayaA3a0m0/lbNLc9K5WHTKvuV7zPEajfJ70grdfwbekRl+6Qghbzz17xtfnTDz7iD63PLnu1QcfrNty9pwFvzhz4nmLLj55w7/Pf6lg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MvFmfzM0BAACg1+gNe01Xnv/6X73+/bWtMxed/u23Dj73w71afz3i/gFVB7yxrqn1/I2ff6Vg/t9Y2vH/eMi/Lne0a0MY1ZVYNCCEvbseTwIrY3e+OyCEL3elWvMDR6UCa0PYpytxULaqVIm+sURjKvByfSYwKhVYHwOtqcDyGLgiFbg4BlalAhNiYG0qcHQMhCn54/hqfWYcJQdqYmBcshFXxbMQ3qmPraW21aZsVQAAADtJZnZYmX8351yHHc0Qp5eranrKEM/ALpqhOlVDegabnVYVraGipxrKe6ohO+6Ojx5+Qc1lPdVccBpGWX6GG9f85X2LXjzsC2P3mvj5xUMvmPKz8eGst++uerx5yYtv7XvEzesK5v/NHz3/r+6mI2UFx/9DGNv1N+Yuz0Tas/FxrXkZAAAAgB1w0R//xR61Lw85oGHT+2X3zl/7xKMrfrl5j1NOf3/c8a//8PCaxnsL5v+jSjv/P+4T6ZOTOTwSd0NMHRBCc34gqXZkYSA56t0vEwAAAIDeIHs8PnssfErmNjlFOz2fLszfup3544H/Ud3m//09/7P2jq3/+mLZBd89d0TNgKX/9GrHhBNOPvqW47/1zj4VB/yyvGD+31ra+f+1+bdJJ9bHXlw9IIS+OYEHYy87A10aY+D5I/MDmfGvjxtgcawqc2JCtqrFscS4GGhOBZYUK/FotsTe+YHMk5VtfFF2HFMyJXICAAAA8ImLuwPicfl4/n/LGSNO++vvzfrbha88eN7qCy75q+Ed80eedP/THzbMvXJp2PTmEQXz/3Hbd/5/1zy44PT+9n4hDK0IoU/6hwGP1CYLA8ZAXVkmcW9tUlefdFULa0MY2TmwdFUvZNb/r0ivMfh4TVJVDOy93y1vD+pMLKsJYWhu4IlvLz2sMzEnFcg2flpNCF/qHG268bv6Jo1Xphu/tm8IX8wJZKua0DeEzsaq0lX9r+rMdQzSVa2qDmHPnEC2quHVIcwNAPRW8X/pxNwHZ82dN3V8e3vbzF2YiDvxa8KkKe1tTROmt0+sLtKniak+561jtKBwTKVe+mZTZo2ixSsnV5aSzv5QsDm3rcyO/IIzBzP345ehyq5xHlKZd7clPeQD9y9sIuR8lSo25PJdPOTa3Eq2PYkF9cf8VaFf6DtnVtvMpvPGz549c1jyt9TshyR/43GmZFsNS2+r2u76VsLLo+hyWSkfd1sNyq1k6OxpM4bOmjtvyJRp4ye3TW47p+XQP2sZMXz410YM7RxUc/K3h5EO6q7m1Ei3Li1xWDtxpF+oyKnkk/jQkJCQ6G2J/f7L5odH77n+nOt/9tqPz+/3zdPu3fvImT889KqpD1Xve/ji24ccWDD/n/HR8//4qRM/+DPrMxQ7/t8QD/Mnj287zD8uBpaUevy/odjR/OyJAY2pQEcMdDjMDwAAwGdD3B0Z92bGndKbb1m/buOSlrk/aHin5dY17Utvuum+U39y58ATvjQ47LXhuhM+VzD/7yjt9/87af3/7NL1JxRb5v+gWKK52Pr/6WX+s+v/dxRb/z+9zH92/f8ln8L6/3OygdQmecf6/wAAwGfBJ7f+f4/L+6cvEFCQocfl/dMXCCjI0OMy/qVeIGC71/9f8+Bff6Wq35g7/qTlN/WXvPZ39xzWeuS6zTP/5Etb10+877qxt6wpmP9fUdr838L9AAAAsPv4z5ddU3H02Xff0bJu6sZxbw5+98m3lgzq80HF0Q+3j3xh4Bu3nlcw/19S2vz/k1//LxQ7/7+xWKC12MKA1v8DAACglyq2/t89Q1sa/zCm/x+eHvab5Q/ePPqnj/z898v3+/mJPyvfZ8Gxz8+8bFLB/H9VafP/eNpFeV7u2JsP65M17UJ6Tbs367M/GQAAAIDeoTw0NVWWmDdvYdSjPn6bT2eWAv2odK7vvXLt2ZtfmH7c46ev+7uaEwbvOWHaBasa/2b4gXd+ftQley7ddGrB/H9tafP/vN9lXPrYiun9lo2+9MOrN/9qzIazag7YdvwfAAAA2HVK3S8BAAAAAAAAAAAAAAB8+s7tWHzhI8uOfe+bt//F/kcseXXwbXcd+Lsh/V664qoHJq1648zJXy/4/X8Y21Wu2O//43X/4u8L/igvd2y15/X/MvdPOfH2uV1LFj5SH8L+uYGpC6fuETLX5h+cG7jvjIMGdiYWpkusefbolzoT30kHjh/yuS2dicNTgXFxkcR90oF4VcUt/VOBuLzi4+lA3B6r0oGqTOCy/sk4ytLb6pW6ZFuVpbfVxroQBuQEstvq7rqkjbL0AK9JBbID/F46EAd4ciZQnu7V7f2SXsVAXSx6Q7+kVwAA7Lbit8DKMGlKe1tz/Aofb79QkX8b5S1ZtqCw2rISm9+UWZps8crJlaWk+6S/i2671nhlqO4cwrCCr6u5Wcq6Rrlzaulh0/1RkSH3tNpbeZFyadu76aqKj6gmGVHThOntEyt7HHhLz1kOqegxy7CCyU5ulvKuTVpCLSX0pYQRlbhtSuhyvF8empr6pHL9eQw2hDw9vSJK/b1+7jp/xV4FuXluO/TKt758zE+f++CfP/9E/2+cVnP7rO+/e+KvX7//wEOOuG5C05otBfP/htLm/9W549qSuRhAR7yy3sgBIYwrcUQAAADw2XfbRbfecfr09a9MWlvx5GOPTS0fc3rl1vl3zp93ycZ7Fx9/2cErdjR+2Fm//f5vBu//b89e9dJPR+7zwA03/58nD3v8z3//8I8eeqduZZ+x7xXM/xtLm//HPViZQ8HJ3o618fr/iwaE0HVp/YYksDIO97sDQvhyV6o1lkguqH9CLNGcBFbGHSYHxRLjWvOr6hsDq1KBl+szgbWpwPoYyOyluCVkduVcWR/CYV2psfklZsQSDanAmBhoTAWaYqA5FegfA6NSgdf6ZwKtqcDDMRCm5G+rH/fPbCsAAIDtkZlnVebfDel53qqKnjKU9ZShtqcM5T1lqO4pQ7FRxPt3xAyVqZNXynIyVaZrrUnVUpAhXgx/u/tVkCE8mp8zXbCg6Xj+QfZ8g7L8DFf+4NlT1w+e/tDqzcd8beBt/zhkz4Obp9e9t+CGp3475pzrnv/TQQXz/+bS5v+1+bdJ6+vj/H/b9f+SwIOxe1fHU8cbY+D5I/MDmR0D6+Nkd3G2qtZMicykfXEsMSoGGlOBGTEwKhUYNzYTWDIwP5CZaWcbX5RtfEqmRE4AAAAAPnFxB0HcTRPn/zce9YOr3x8wccuyeTPvH9vyxMmjv3H1XT+6d/9ld767YvCAce99p2D+P6q0+X9sr19uYxfH3rzYP4S7y7b1JhsYUpcE4n6Muvjz+H3rQtgjZwdHtkRbbVKiKtVweKAm+YV6Vbqq1TXJGgPx/ikb7r/v8s7ENTUhfCVn70u2jWeqkzZq0oFBVUmgNh2YXpEE4p6fbOAn5UkAdlh2r2B8QWVOdclq6L5ckdffZ+WaoOnhFewD7SZfd7+52lWq0w9k9qlmbd/TVlAdu0TB22Otd1tvfLc1eLflfpHKfEPZui1UHcontk0aP6d9dnwk95esBXbR85z7K9VS0jvhddjx8Xvbs+p0B5pTHx/N3Zfr/nVYFqu79LEV0/stG33p1Zt/NWbDWTUHlNyNIuIPhX+05X9XPpWzeXe16pB5zfW6z5NWnye98d9Ao6cthHDZ9cfsu+TdX+/33A3Pnbqu7Maxr/7lrHs2Lf+bysNHrXv/yaGjLy+Y/7eWNv+vSN12+V3cmLMGhHBgzsZ9JG7+YwYkn4M5geRTcs/CQHLI/V/ri35yAgAAwM6W3d2R3V8wJXObnBCenicX5m/dzvxxf8WobvOX2u9j121cedLQN6474G8vOPGNv7/28Kceuv6ysnXL//vYD1avuXzxe08UzP/HffT8v2+qm47/O/7PLuL4f7d2913RfdMPdOzQruiC6tglHP/v1u7+bnP8v1uO/zv+3x3H/3vg+H+3dvenreBb0gxfujonwdff+fPfTbzpg7mN+x180lPPHDrxun+6quXuu0555b+de9601761uWD+P6O0+b/1/7pftC+7/t+4Yuv/zSi2/l+H9f8AAIBdqshCc+l5XsHqfQUZ0qv3FWTocYHAHpcYtP7fdq//t3Dkv1904Q+fb7n2nTvHXb5m07Fnvvr0utXPzFpx3Lnnv9V6112tBfP/jtLm//Hl0C+39d6y/l/j2CJVXREDMywMCAAAwO6o2A4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPl2HnvbO+5d8/R/aBv1ixc1/f+v/+7/P1q594JvfuGn4L6f86RllazZcM+LMLfMOuvC4+Qum/UvH8tVHnBHClK5yZUnxsueu+OpDrXsd9+wdAzfOvPHW+i3VmXorM7d/nJc7tvphfQhLch6pi4k36zvvbAuccuLtcys6E4/Uh7B/bmDqwql7dCaW14cwODdw3xkHDexMLEyXWPPs0S91Jr6TDhw/5HNbOhOHZwJl6e5e1z/pblm6u5f3D2FATiDb3bP751eVbeO4TKA83caKuqSNGKiLRa+tS9qIgfZYYkrfEIZWhNAnXdU/VydV9UlXdU91UlWfdFUXVYcwMoRQka7quaqkqor0yB+tSqqKgb33u+XtQZ2JpVUhDM0NPPHtpYd1JmamAtnG/1NVCF/qfMmkG/9xZdJ4Zbrx/1oZwhdDCFXpEu9VJCWq0iVeqAhhz5zAto1YEcLcwGdD/PSZmPvgrLnzpo5vb2+buQsTVZm2asKkKe1tTROmt0+sTvWpmLKc9NYFH3/sm96eP6HzdvHKyZWlpCsy5Sq7unxIZd7dlt2997FftbmVbHs+CuqP+atCv9B3zqy2mU3njZ89e+aw5G+p2Q9J/vbJRJNtNay3bKtBuZUMnT1txtBZc+cNmTJt/OS2yW3ntBz6Zy0jhg//2oihnYNqTv7ujJEu/eRH+oWKnEo+ife/hIREb0uU5326Ne/un+MFX/S3dbQyVHd9QBdMK3KzlHWNcmcM+qiPOeKP8zWlxxENK5g4FGQ5pOcsLQWTiW1ZapIsXV/rCiaHuTWVd23SeL88NDX1KbYdGvLv5m7e13dg8z6d2XSlpgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAA//8fSxmR") chdir(&(0x7f0000000140)='./file0\x00') r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) write$cgroup_type(r0, &(0x7f0000000200), 0x175d9003) truncate(&(0x7f0000000900)='./file1\x00', 0xbf39) 1.47101973s ago: executing program 8 (id=2425): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$unix(0x1, 0x2, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)={0x28, r2, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x7ff, 0x70}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x91}, 0x24044884) 1.424523224s ago: executing program 2 (id=2426): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f00000002c0)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000010c0)=0x8) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000040)={r2, 0x6}, &(0x7f0000000140)=0x8) 1.087071121s ago: executing program 6 (id=2428): bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) 874.886778ms ago: executing program 8 (id=2430): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x17d) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r0, r1) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94) mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x10, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 725.712481ms ago: executing program 8 (id=2431): syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000680)={[{@coherency_buffered}, {@heartbeat_none}, {@coherency_full}, {@preferred_slot={'preferred_slot', 0x3d, 0x4}}, {@heartbeat_none}, {@localflocks}, {@intr}, {@dir_resv_level={'dir_resv_level', 0x3d, 0x5}}, {@noacl}, {@resv_level={'resv_level', 0x3d, 0x1}}, {@journal_async_commit}, {@commit={'commit', 0x3d, 0xf9}}], [{@euid_eq}, {@hash}, {@pcr={'pcr', 0x3d, 0x2e}}, {@smackfstransmute}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}, {@euid_gt}, {@uid_lt}, {@obj_type={'obj_type', 0x3d, '-+'}}]}, 0x9, 0x442b, &(0x7f0000004480)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzsLOwIaVsGDr53NgmOf38p159pnD8MSJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4n2zb/6H965/2dOI6Oehr75/s6vmL7944E8L3sz8+WV9fXw9V3SERhWZDTb//9uu9meZjQxzSqu2GjvoghHByy7iqukII739X/xTnkrTR5NgbQjiWfMIb9z67mduj0Tx8XDybfzp1f2349OTqg7XWnz0K4avS/167Pf/zi13DP72yR90DAAAAAAAAAAAAAAAAAPCMG7929fo7g0PhURS6V6Ot7+uOJ8dW78eu75kXOv9hAQAAAAAAAAAAAAAAAAAA4G9q8/3/XHRim/f/x5LjSIv66291fox0zsTbV8cuDA4l+79HW/JfT5J+OdcV+rfZ9z27//u5TP3t93/f2s9uNcbX6LcvRPFA6jyOBwZC+CbZ+P1UdCQulZcqr94qLy/M7tkwnlnp+Nd3709FJ9nQv934j2ba7/z+///dcjVVz2/u3SX2XEvHv6tluW8/jdqK//lMvf2IP7uXjn93La23ucBIfQKoxv/z7p3jP5Zpv1PxPx5CyEXVseZSM0B1DVNNb7VeIS0d/0O1tNTUmfwhW93/v2fifyHT/kHN/yvZLyK2lY7/v2ppPakSm/d/f7zz/X8x0/5BxL86/hXf/21Jx/9wPbE7VaT2l2x3/h/PtN+p+F+Pk3Eej1JXwGpUT2/1/+pIS8e/Z0v+5vNf3Nb671Km/n49/zX6bTz/Nab/l6P68x/bS8e/t2W5du//iUy9Ts//I7X1H7uVjv+RWlp67dxX+9lu/Ccz7Xcq/rVVSU8j/pvzyR+H6+lfW/+1JR3/f9cT4+YSK7WftfVftPP6/3Km/YNY/1XHvxJ3ttfnRXP8u8LRluWq8f+hje//K5l6nY9/CIPW+ruWvv+PtSxXu/97do7/VKZep+P/UicbBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgGjCbHvhDFA6nzOB4YCOF8cn4qHImmC7P56VJ55qOlEMaS9Fw4Ed0ulacLpfzcQnm2mC+USuWZEC4k+SdDT7RUKlfy84W7Fzfa6o3uFAuLlelioRJCGE/S/x+ONdqanqvMF+6GEC5t5P0nLi/evVNYyM/OLb45ODg4GCY2xtAfFT+pFBcq9d7ruSFMbtTti5oGV8u+vDGWo9GH5eXFhUKpln6lqU6pPFMoNdWZSvK+CP1RZXF5YaZQKeZL5duN/g7SSHIcm7j23rUrQ1vyb0b14+j+DgsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAv+jR8BtfhhC662dxCGGk8Uu0XfmHj4tn80+n7q8Nn55cfbD2pFU5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgD/ZgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwi4dozQQRGEAfjMWaucxrJbdznZFES1cETyBHsPD6FG8hHdIkSJtihBIZiFsdmGbpPq+5sH8zLwH8wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJjn6b37eKubiBRXm8uIv6//xWH+UurP/fj9izPMyOk8v3YPj3VT/j0d5XflaNnmXbpefX/GSO39DvZkuE97fZ/rybmm9m1qvr7vTaRcRURb8tuUc1XNewsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtuzAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhB44FAAAAAIT5W0fRtwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/AgAA//+Elx0W") openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0xe7) lsetxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000180), &(0x7f00000001c0)=ANY=[], 0x361, 0x0) setxattr$security_ima(&(0x7f0000000100)='./file1\x00', &(0x7f0000000140), &(0x7f0000000380)=ANY=[], 0x700, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0) 675.593385ms ago: executing program 6 (id=2432): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001080)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @quota={{0xa}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_QUOTA_BYTES={0xc, 0x1, 0x1, 0x0, 0xef4f}]}}}]}]}], {0x14}}, 0x78}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETRULE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000190a0102"], 0x14}}, 0x0) 610.04481ms ago: executing program 6 (id=2433): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0x3100, 0x0, &(0x7f0000000000), 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 552.948175ms ago: executing program 4 (id=2434): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x9, @loopback}}, 0x0, 0x0, 0x46, 0x0, "2431d0edd9b36cb74d7df7671eacf04be3b08353efa3641776f56c7556fd3713097bd0072577bc6fefb4cdc9e94e420b0ea4fbc5b07a32056eff5e6c42784b46ddab72b1b8fc87f208ad6db80d8dfe25"}, 0xd8) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000200)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x4, 0x5, 0xc2, 0x0, 0x0, 0x200}}}}}}}, 0x0) 479.672081ms ago: executing program 6 (id=2435): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x5}, {0xfff1, 0xffff}, {0x4}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000002500)=@deltfilter={0x24, 0x2d, 0x1, 0x78bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x8, 0x3}, {0x9, 0x9}, {0x0, 0xb}}}, 0x24}}, 0x20044000) 479.524861ms ago: executing program 2 (id=2436): unshare(0x2c020400) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x8, 0x4, 0x4, 0x8}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r1}, &(0x7f0000000200), &(0x7f0000000240)=r0}, 0x20) 362.05079ms ago: executing program 2 (id=2437): mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) execveat(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0x0, 0x0, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x4800, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x2000, 0x0) mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x2000, 0x103) 353.241841ms ago: executing program 6 (id=2438): syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f00000003c0)=ANY=[@ANYBLOB="6b6565705f6c6173745f646f74732c756d61736b3d30303030303030303030303030303030303030303030352c757466382c6572726f72733d636f6e74696e75652c696f636861727365743d6d616363656e746575726f2c646973636172642c6572726f72733d72656d6f756e742d726f2c6572726f72733d72656d6f756e742d726f2c6572726f72733d636f6e74696e75652c6572726f72733d636f6e74696e75652c00e1ee3e46128f3731e7aa706359338a91706d6543fd9e8fc3"], 0x1, 0x151a, &(0x7f0000002280)="$eJzs3AucT9XaOPDnWWvtMST9muQyrLWezS+5LJIklyS5JEmSJLklJE1yJCEx7pLGJSG5DEkMIblMTBr3+/2SkCRNkuSWW7L+nwl/p1PnPee8p/d4P+88389nf6xn9n7WfvZ+Zs9v7435vvPQGo1qVm1ARPBvwUt/JAJALAAMBIAbACAAgLJxZeMy12eXmPjv7YT9uR5LudYVsGuJ+5+1cf+zNu5/1sb9z9q4/1kb9z9r4/5nbdx/xrKyzdPz38hL1l34/X9Wxp///4dklBz39dqSN3cBiPlnU7j/WRv3//+s4J/ZiPuftXH/s6rYa10A+1+Ar/+sINvfXcP9z9q4/4xlZdf6/fO1XiCStc/Btf7+Y4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDGWNZz1VykAuDK+1nUxxhhjjDHGGGPsz+OzXesKGGOMMcYYY4wx9j8PQYAEBQHEQDaIheyQAwQAXA+54AaIwI0QBzdBbrgZ8kBeyAf5IR4KQEHQYMACQQiFoDBE4RYoArdCUSgGxaEEOCgJpeA2KA23Qxm4A8rCnVAO7oLyUAEqQiW4GyrDPVAF7oWqcB9Ug+pQA2rC/VALHoDa8CDUgYegLjwM9eARqA+PQgN4DBrC49AInoDG8CQ0gabQDJpDi/9W/ivQHV6FHtATEqEX9IY+0Bf6QX8YAAPhNRgEr8NgeAOSYAgMhWEwHN6EEfAWjIRRMBrehjHwDoyFcTAeJkAyTIRJ8C70WXvpbE6FaZAC02EGfAAzYRbMhg9hDnwEc2EezIcFkAofw0JYBGnwCSyGTyEdlsBSWAbLYQWshFWwGtbAWlgH62EDbIRNsBm2wFbYBtthB+yEz2AXfA67YQ/shS9gH3z5L+af+Zv8LggIKFCgQoUxGIOxGIs5MAfmxJyYC3NhBCMYh3GYG3NjHsyD+TAfxmM8FsSCaNAgIWEhLIRRjGIRLIJFsSgWx+Lo0GEpLIWl8XYsg2WwLJbFclgOy2MFrICVsBJWxspYBatgVayK1bAa1sAaeD/ej72wNtbGOlgH62LdK6+nsAE2wIbYEBthI2yMjbEJNsFm2AxbYAtsiS2xFbbCNtgG22JbbIftMAETsD22xw7YATtiR+yEnbAzdsYu2BW7ZrySDfBVfBV7YjXRC3tjb+yLSdn64wAcgK/hIHwdX8c3MAmH4FAchsPwTRyBp3EkjsLROBori3dwLI5DEhMwGZNxEk7CyTgZp+D7+D5OwxScjjNwBs7EWTgLP8Q5+BF+hPNwHi7AVEzFhbgI0zANF+MZTMcluBSX4XJcgctxFa7GVbgW1+Fa3IAbcBNuwi24BbfhNtyBO/AzVAD4Oe7BPZiE+3Af7sf9eAAP4EE8iBmYgYfwEB7Gw3gEj+BRPIrH8DiewON4Ck/haTyDZ/EsnsfzeAFfiv+24WfF1iSByKSEEjEiRsSKWJFD5BA5RU6RS+QSERERcSJO5Ba5RR6RR+QT+US8iBcFRUFhhBEkwhgAEFERFUVEEVFUFBXFRXHhhBOlRClRWpQWZUQZvPzDRpQXFURrV0lUEpVFG1dF3CuqiqqimqguaoiaoqaoJWqJ2qK2qCPqiLqirqgnHhH1RS/sj4+JzM40EkOwsRiKTURTIS9P2lKMwFaitWgjnhGjcCS2Ey1dgnheZBbWQfxFjMMXRScxATuLl0UX0VV0E6+I7qKV6yF6iinYS/QW07Cv6Cf6iwFiJlYXH+Kc7DXEGyJJDBFDxTCxAN8UI8RbYqQYJUaLt8UY8Y4YK8aJ8WKCSBYTxSTxrpgs3hNTxPtiqpgmUsR0MUN8IGaKWWK2+FDMER+JuWKemC8WiFTxsVgoFok08YlYLD4V6WKJWCqWieVihVgpVonVYo1YK9aJ9WKD2Cg2ic1ii9gqtontYofYKT4Tu8TnYrfYI/aKL8Q+8aXYL74SB8TX4qD4RmSIb8Uh8Z04LL4XR8QP4qj4URwTx8UJcVKcEj+J0+KMOCvOifPiZ3FB/CIuCi9AohRSSiUDGSOzyViZXeaQ18mcMrh8dm+UcfImmVveLPPIvDKfzC/jZQFZUGpppJUkQ1lIFpZReYssIm+VRWUxWVyWkHO+u5RdWt4uy8g7ZFl5pywn75KxsoKsKCvJu2VleY+EyKWtqsnqsoasKe+XifCArC0flHXkQ7KufFjWk4/I+vJR2UA+JhvKx2Uj+YRsLJ+UTWRT2Uw2ly3kU7KlfFq2kq1lG/mMbCufle3kczJBPi/bS3/5W+RF2Um+JDvLl2UX2VV2k7/Ii9LLHrKnhF4ge8s+sq/sJ/vLAXKgfE0Okq/LwfINmSSHyKFymBwu35Qj5FtypBwlR8u35Rj5jhwrx8nxcoJMlhPlJPmunCzfk1Pk+3KqnCZT5HTZ//JMs6X8h/nv/kH+4F/3vklullvkVrlNbpc75E75mdwld8ndcrfcK/fKfXKf3C/3ywPygDwoD8oMmSEPyUPysDwsj8gj8qg8Ko/J4/KcPClPyZ/kaXlGnpHn5Hl5Xl64fA5AoRJKKqUCFaOyqViVXeVQ16mc6nqVS92gIupGFaduUrnVzSqPyqvyqfwqXhVQBZVWRllFKlSFVGEVVbdcucZVcVVCOVVSlVK3/Sv5qoi6VRVVxX6Tf6W+xL9TXwvVQrVULVUr1Uq1UW1UW9VWtVPtVIJKUO1Ve9VBdVAdVUfVSXVSnVVn1UV1Ud1UN9VddVc9VA+VqBJVb9VH9VX9VH81QA1Ur6lBapAarAarJJWkhqqhargarkaoEWqkGqlGq9FqjBqjxqqxarwar5JVspqkJqnJarKaoqaoqWqqSlEpaoaaoWaqmWq2mq3mqDlqrpqr5qv5KlWlqoVqoUpTaWqxWqzS1RK1RC1Ty9QKtUKtUqvUGrVGrVPr1Aa1QaWrzWqz2qq2qu1qu9qpdqpdapfarXarvWqv2qf2qf1qvzqgDqiD6qDKUBnqkDqkDqvD6og6oo6qo+qYOqZOqBPqlDqlTqvT6qw6q86r8+qCuqAuqouZt32BCESgAhXEBDFBbBAb5AhyBDmDnEGuIFcQCSJBXBAX5A5uDvIEeYN8Qf4gPigQFAx0YAIbiMtNjwa3BEWCW4OiQbGgeFAicEHJoFRwW1A6uD0oE9wRlA3uDMoFdwXlgwpBxaBScHdQObgnqBLcG1QN7guqBdWDGkHN4P6gVvBAUDt4MKgTPBTUDR4O6gWPBPWDR4MGwWNBw+DxoFHwRNA4eDJoEjQNmgXNgxZ/6vzen877tOuhe+pE3Uv31n10X91P99cD9ED9mh6kX9eD9Rs6SQ/RQ/UwPVy/qUfot/RIPUqP1m/rMfodPVaP0+P1BJ2sJ+pJ+l09Wb+np+j39VQ9Tafo6XqG/kDP1LP0bP2hnqM/0nP1PD1fL9Cp+mO9UC/SafoTvVh/qtP1Er1UL9PL9Qq9Uq/Sq/UavVav0+v1Br1Rb9Kb9Ra9VW/T2/UOvVN/pnfpz/VuvUfv1V/offpLvV9/pQ/or/VB/Y3O0N/qQ/o7fVh/r4/oH/RR/aM+po/rE/qkPqV/0qf1GX1Wn9Pn9c/6gv5FX9Q+8+Y+8+PdKKNMjIkxsSbW5DA5TE6T0+QyuUzEREyciTO5TW6Tx+Qx+Uw+E2/iTUFT0GQiQ6aQKWSiJmqKmCKmqClqipvixhlnSplSprQpbcqYMqasKWvKmXKmvClvKpqK5m5zt7nH3GPuNfea+8x9prqpbmqamqaWqWVqm9qmjqlj6pq6pp6pZ+qb+qaBaWAamoamkWlkGpvGpolpYpqZZqaFaWFampamlWll2pg2pq1pa9qZdibBJJj2pr3pYDqYjqaj6WQ6mc6ms+liuphuppvpbrqbHqaHSTSJprfpbfqavqa/6W8GmoFmkBlkBpvBJskkmaFmqBluhpsRZoQZaUaZ0Zk3quYdM9aMM+PNBJNsks0kM8lMNpPNFDPFTDVTTYpJMTPMDDPTzDSzzWwzx8wxc81cM9/MN6km1Sw0C02aSTOLzWKTbtLNUrPULDfLzUqz0qw2q81as9ash/Vmo9loNpvNZqvZarab7Wan2Wl2mV1mt9lt9pq9Zp/ZZ/ab/eaAOWAOmoMmw2SYQ+aQOWwOmyPmiDlqjppj5pg5YU6YU+aUOW1Om7PmrDlv8l7+vPQm1ma3Oex1Nqe93uayN9i/jfPZ/DbeFrAFrbZ5bN7fxMZaW9QWs8VtCetsSVvK3va7uLytYCvaSvZuW9neY6v8Lq5lH7C17YO2jn3I1rT3/yauax+29ewTtj4igG1qG9rmtpF9wja2T9omtqltZpvbtvZZ284+ZxPs87a9feF38UK7yK62a+xau87utnvsWXvOHrbf2/P2Z9vD9rQD7Wt2kH3dDrZv2CQ75HfxaPu2HWPfsWPtODveTvhdPNVOsyl2up1hP7Az7Sw7bPdv41T7sZ1j0+xcO8/Otwt+jTNrSrOf2MX2U5tuA1hql9nldoVdaVf9/1qX2Q12o91kd9nP7Va7zW63O+zOKzfCdo/da7+w++yX9pD9zh6wX9uD9ojNsN/+Gmce3xH7gz1qf7TH7HF7wp60p+xP6kp25rGftL/Yi9ZbICQgSYoCiqFsFEvZKQddRznpespFN1CEbqQ4uoly082Uh/JSPspP8VSACpImQ5aIQipEhSlKt9CV8opTCXJUkkrRbVSabqcydAeVpTupHN1F5akCVaRKdDdVpnuoCt1LVek+qkbVqQbVpPupFj1AtelBqkMPUV16mOrRI1SfHqUG9Bg1pMepET1BjelJakJNqRk1pxb0FLWkp6kVtaY29Ay1pWepHT1HCfQ8tacXqAP9hTrSi9SJXqLO9DJ1oa7UjV6h7vQq9aCelEi9qDf1ob7Uj/rTABpIr9Egep0G0xuURENoKA2j4fQmjaC3aCSNotH0No2hd2gsjaPxNIGSaSJNondpMr1HU+h9mkrTKIWm0wz6gGbSLJpNH9Ic+ojm0jyaTwsolT6mhbSI0ugTWkyfUjotoaW0jJbTClpJq2g1raG1tI7W0wbaSJtoM22hrbSNttMO2kmf0S76nHbTHtpLX9A++pL201d0gL6mg/QNZdC3dIi+o8P0PR2hH3xP+pGO0XE6QSfpFP1Ep+kMnaVzdJ5+pgv0C10kTxBiKEIZqjAIY8JsYWyYPcwRXhfmDK8Pc4U3hJHwxjAuvCnMHd4c5gnzhvnC/GF8WCAsGOrQhDakMAwLhYXDaHhLWCS8NSwaFguLhyVCF5YMS4W3haXDGCgT3hGWDe8My4V3heXDCuETD1UK7w4rh/eEVcJ7w6rhfWG1sHpYI6wZ3h/WCh8Ia4cPhnXCh8Iy4cNhvfCRsH74aNggfCxsGD4eNgqfCBuHT4ZNwqZhs7B52CJ8KmwZPh22CluHbcJnwrbhs2G78LkwIXw+bB++8Ov6hxf9/fWJYa+wd9gn7BN6/6CcH10QTY1+HF0YXRRNi34SXRz9NJoeXRJdGl0WXR7NvAdaFV0dXRNdG10XXR/dEN0Y3RT1vmY2cOiEk065wMW4bC7WZXc53HUup7ve5XI3uIi70e1pd5PL7W52eVxel8/ld/GugCvotDPOOnKhK+QKu6i7xRVxt/YEV8wVdyWccyVdKdfctXAtXEv3tGvlWrs27hn3jHvWPeuec8+5511794Lr4P7iOroXXSf3knvJvey6uK6um3vFdXcTc126JhNdb9fb9XV9XX/X3w10A90gN8gNdoNdkktyQ91QN9wNdyPcCDfSjXSj3Wg3xo1xY91YN96Nd8ku2U1yk9xkN9lNcVPcVDfVpbgUN8PNcDPdTFd51qW9zHVz3Xw336W6VLfQZZ6vNLfYLXbpLt0tdUvdcrfcrXQr3Wq32q11a916t95tdBvdZrfZbXVb3Xa33e10O90ut8vt9jdcmtTtc/vdfnfAHXAH3Tcuw33rDrnv3GH3vTvifnBH3Y/umDvuTriT7pT7yZ12Z9xZd86ddz+7C+4Xd9F5lxyZGJkUeTcyOfJeZErk/cjUyLRISmR6ZEbkg8jMyKzI7MiHkTmRjyJzI/Mi8yMLIqmRjyMLI4siaZFPIosjn0bSI0siSyPLIssjKyLeF9ga+kK+sI/6W3wRf6sv6ov54r6Ed76kL+Vv86X97b6Mv8OX9Xf6cv4uX95X8BX9k76Jb+qb+ea+hX/Kt/RP+1a+tW/jn/Ft/bO+nX/OJ/jnfXv/gu/g/+I7+hd9J/+S7+xf9l18V9/Nv+K7+1d9D9/TJ/pevrfv4/v6fr6/H+AH+tf8IP+6H+zf8El+iB/qh/nh/k0/wr/lR/pRfnTM237MlUdkmOCT/UQ/yb/rJ/v3/BT/vp/qp/kUP93P8B/4mX6Wn+0/9HP8R36un+fn+wU+1X/sF/pFPs1/4hf7T326X3LlpbJf6Vf51X6NX+vX+fV+g9/oN/nNfovf6rf57X6H3+k/87v853633+P3+i/8Pv+l3++/8gf81/6g/8Zn+G/9If+dP+y/90f8D/6o/9Ef88f9CX/Sn/I/+dP+jD/rz/nz/md/wf/iL/L/WWOMMcYY+6dMvDoUv11z6XV+rz/IEX+1cW8AuH5b/oy/Xp95R7k+z6VxPxHfNgIAz/fs/NiVpVq1xMTEy9umSwgKzwO48jdBmWLgarwE2sCzkACtofQf1t9PdD1P/2D+6J0AOf4qJxauxlfn/woAE/9g/qeeGb2wXHg27r+Yfx5A0cJXc7LD1XgJtPn1/UprKPN36s/b8h/Un/3rZIBWf5WTE67GV+svBU/DC5Dwmy0ZY4wxxhhjjLFL+omKHa88f175F59/9Hwer67mZIOr8T96PmeMMcYYY4wxxti192LXbs89lZDQuuO/Pqjy38r6pweN4X9qZh784cB7gCtfUQDwb04IkDmQ/8mj2PIf2VfS5Uvnb1ctP+cD+N/Ryj9jcI1/MDHGGGOMMcb+dFdv+n/7dXWtCmKMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxrKg/8SvE7vWx8gYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4xda/8vAAD//xtvAG4=") mkdir(&(0x7f0000000a00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x94) r0 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) rename(&(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000006c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 280.989707ms ago: executing program 4 (id=2439): r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) r1 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r1, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @private=0x4000000}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0) connect$rxrpc(r0, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x400}}, 0x24) sendmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0) 146.387038ms ago: executing program 4 (id=2440): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) rt_sigtimedwait(&(0x7f00000000c0)={[0xfffffffffee5394c]}, &(0x7f0000000280), 0x0, 0x8) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x47f2, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) 117.60642ms ago: executing program 2 (id=2441): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r1, &(0x7f0000000140)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000180)="b0", 0x1}], 0x1, 0x0, 0x0, 0x20000851}, 0x0) recvmmsg(r1, &(0x7f00000009c0)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000540)=""/66, 0x42}], 0x1, &(0x7f0000000400)=""/176, 0xb0}, 0x40}], 0x1, 0x40010000, 0x0) 28.844267ms ago: executing program 2 (id=2442): socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="12000000220000000400000002"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1, 0xffffffffffffffff}, &(0x7f0000000200), &(0x7f0000000140)=r0}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r2, 0xffffffffffffffff}, &(0x7f0000000280), &(0x7f00000002c0)=r0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000400)={r3, &(0x7f0000000340), 0x0}, 0x20) 0s ago: executing program 6 (id=2443): r0 = openat$audio(0xffffffffffffff9c, &(0x7f00000005c0), 0x40000000008d82, 0x0) r1 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0x1, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) kernel console output (not intermixed with test programs): p6): using sha256 (sha256-avx2) checksum algorithm [ 238.962285][T10004] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 238.963410][T10010] BTRFS info (device loop6): force clearing of disk cache [ 238.993344][T10010] BTRFS info (device loop6): enabling auto defrag [ 239.000504][T10010] BTRFS info (device loop6): max_inline at 0 [ 239.013334][T10010] BTRFS info (device loop6): enabling disk space caching [ 239.023704][T10010] BTRFS info (device loop6): disk space caching is enabled [ 239.117243][T10010] BTRFS info (device loop6): enabling ssd optimizations [ 239.138345][T10010] BTRFS info (device loop6): rebuilding free space tree [ 239.256154][T10010] BTRFS info (device loop6): disabling free space tree [ 239.263121][T10010] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 239.277861][T10010] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 239.370993][ T5786] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 239.754809][ T48] BTRFS info (device loop6): qgroup scan completed (inconsistency flag cleared) [ 239.810688][T10064] loop5: detected capacity change from 0 to 164 [ 240.075042][ T8766] BTRFS info (device loop6): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 240.653478][ T5874] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 240.843966][ T5874] usb 3-1: Using ep0 maxpacket: 16 [ 240.867142][ T5874] usb 3-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 240.876412][ T8] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 240.888511][ T5874] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 240.898444][ T5874] usb 3-1: Product: syz [ 240.902710][ T5874] usb 3-1: Manufacturer: syz [ 240.912439][ T5874] usb 3-1: SerialNumber: syz [ 240.919429][ T5874] usb 3-1: config 0 descriptor?? [ 241.073423][ T8] usb 7-1: Using ep0 maxpacket: 32 [ 241.084942][ T8] usb 7-1: config 0 has an invalid interface number: 67 but max is 0 [ 241.093090][ T8] usb 7-1: config 0 has no interface number 0 [ 241.119881][ T8] usb 7-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 241.129316][ T8] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.137889][ T8] usb 7-1: Product: syz [ 241.142172][ T8] usb 7-1: Manufacturer: syz [ 241.147624][ T8] usb 7-1: SerialNumber: syz [ 241.155587][ T8] usb 7-1: config 0 descriptor?? [ 241.162376][T10104] loop5: detected capacity change from 0 to 1024 [ 241.163942][ T8] smsc95xx v2.0.0 [ 241.181698][T10104] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 241.242904][ T6701] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 241.353720][ T5874] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 241.372525][ T5874] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 241.391507][ T5874] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 241.399894][ T5874] usb 3-1: media controller created [ 241.442081][ T5874] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 241.574119][ T8] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 241.591018][ T8] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 242.003601][ T5874] zl10353_read_register: readreg error (reg=127, ret==0) [ 242.018943][ T8] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000108: -71 [ 242.033796][ T5874] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 242.054705][ T5874] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 242.063849][ T8] smsc95xx: probe of 7-1:0.67 failed with error -71 [ 242.088410][ T8] usb 7-1: USB disconnect, device number 6 [ 242.094988][ T5874] usb 3-1: USB disconnect, device number 19 [ 242.176052][ T5874] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 242.207815][T10120] loop5: detected capacity change from 0 to 256 [ 243.079115][T10140] loop2: detected capacity change from 0 to 4096 [ 243.099517][T10140] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 243.152156][ T27] audit: type=1800 audit(1754101624.264:23): pid=10140 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1265" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 243.463972][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 243.531618][T10150] loop6: detected capacity change from 0 to 256 [ 243.570266][T10150] FAT-fs (loop6): Directory bread(block 64) failed [ 243.583460][T10150] FAT-fs (loop6): Directory bread(block 65) failed [ 243.601544][T10150] FAT-fs (loop6): Directory bread(block 66) failed [ 243.611601][T10150] FAT-fs (loop6): Directory bread(block 67) failed [ 243.634387][T10150] FAT-fs (loop6): Directory bread(block 68) failed [ 243.640964][T10150] FAT-fs (loop6): Directory bread(block 69) failed [ 243.673424][T10150] FAT-fs (loop6): Directory bread(block 70) failed [ 243.690224][T10150] FAT-fs (loop6): Directory bread(block 71) failed [ 243.710565][T10150] FAT-fs (loop6): Directory bread(block 72) failed [ 243.730697][T10150] FAT-fs (loop6): Directory bread(block 73) failed [ 243.935878][ T48] kworker/u4:3: attempt to access beyond end of device [ 243.935878][ T48] loop6: rw=1, sector=1224, nr_sectors = 12 limit=256 [ 244.256397][T10152] loop2: detected capacity change from 0 to 32768 [ 244.277847][T10152] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.1268 (10152) [ 244.311030][T10152] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 244.324394][T10152] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 244.334243][T10152] BTRFS info (device loop2): force clearing of disk cache [ 244.353334][T10152] BTRFS info (device loop2): enabling auto defrag [ 244.359906][T10152] BTRFS info (device loop2): max_inline at 0 [ 244.380366][T10152] BTRFS info (device loop2): enabling disk space caching [ 244.393320][T10152] BTRFS info (device loop2): disk space caching is enabled [ 244.502077][T10152] BTRFS info (device loop2): enabling ssd optimizations [ 244.524601][T10152] BTRFS info (device loop2): rebuilding free space tree [ 244.584433][T10152] BTRFS info (device loop2): disabling free space tree [ 244.603493][T10152] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 244.613301][T10152] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 245.128312][T10221] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 245.206556][ T5786] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 245.663701][T10242] Bluetooth: MGMT ver 1.22 [ 245.841509][ T5834] kernel write not supported for file /sequencer (pid: 5834 comm: kworker/1:4) [ 245.991694][T10257] loop2: detected capacity change from 0 to 256 [ 246.085877][T10262] tmpfs: Unknown parameter 'nolazytimeÿÿ' [ 246.236374][T10271] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1297'. [ 246.435416][T10281] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 246.623455][ T8] usb 6-1: new full-speed USB device number 14 using dummy_hcd [ 246.824553][ T8] usb 6-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 246.849142][ T8] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 246.874303][ T8] usb 6-1: config 0 descriptor?? [ 246.901102][T10283] loop2: detected capacity change from 0 to 32768 [ 246.951312][T10283] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 247.103140][T10283] XFS (loop2): Ending clean mount [ 247.124921][T10283] XFS (loop2): Quotacheck needed: Please wait. [ 247.211479][T10283] XFS (loop2): Quotacheck: Done. [ 247.326957][ T27] audit: type=1804 audit(1754101628.444:24): pid=10283 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1302" name="/newroot/344/file0/file2" dev="loop2" ino=9287 res=1 errno=0 [ 247.356402][ T27] audit: type=1800 audit(1754101628.444:25): pid=10283 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1302" name="file2" dev="loop2" ino=9287 res=0 errno=0 [ 247.499335][ T5786] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 247.897647][ T8] pegasus: probe of 6-1:0.0 failed with error -71 [ 247.906369][ T8] usb 6-1: USB disconnect, device number 14 [ 248.103438][ T5874] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 248.296825][ T5874] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 248.307591][ T5874] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 248.315933][ T5874] usb 7-1: Product: syz [ 248.320088][ T5874] usb 7-1: Manufacturer: syz [ 248.324798][ T5874] usb 7-1: SerialNumber: syz [ 248.334479][ T5874] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 248.380435][ T5854] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 248.863690][T10319] loop5: detected capacity change from 0 to 4096 [ 248.876963][T10319] ntfs3: loop5: Failed to load $MFT (-22). [ 249.071046][T10326] loop5: detected capacity change from 0 to 512 [ 249.090480][T10326] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem [ 249.113817][T10326] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8002c118, mo2=0002] [ 249.129587][T10326] EXT4-fs error (device loop5): ext4_xattr_ibody_find:2244: inode #15: comm syz.5.1318: corrupted in-inode xattr: e_value size too large [ 249.150371][T10326] EXT4-fs error (device loop5): ext4_orphan_get:1404: comm syz.5.1318: couldn't read orphan inode 15 (err -117) [ 249.165577][T10326] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 249.246737][ T6701] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 249.367704][T10332] loop5: detected capacity change from 0 to 256 [ 249.411377][T10332] FAT-fs (loop5): Directory bread(block 64) failed [ 249.418257][T10332] FAT-fs (loop5): Directory bread(block 65) failed [ 249.425000][T10332] FAT-fs (loop5): Directory bread(block 66) failed [ 249.431636][T10332] FAT-fs (loop5): Directory bread(block 67) failed [ 249.439796][T10332] FAT-fs (loop5): Directory bread(block 68) failed [ 249.446566][T10332] FAT-fs (loop5): Directory bread(block 69) failed [ 249.453470][T10332] FAT-fs (loop5): Directory bread(block 70) failed [ 249.460142][T10332] FAT-fs (loop5): Directory bread(block 71) failed [ 249.469555][ T5834] usb 7-1: USB disconnect, device number 7 [ 249.475720][T10332] FAT-fs (loop5): Directory bread(block 72) failed [ 249.484993][T10332] FAT-fs (loop5): Directory bread(block 73) failed [ 249.513190][T10332] syz.5.1320: attempt to access beyond end of device [ 249.513190][T10332] loop5: rw=2051, sector=1224, nr_sectors = 32 limit=256 [ 249.642034][T10338] netlink: 136 bytes leftover after parsing attributes in process `syz.5.1322'. [ 249.660618][T10338] A link change request failed with some changes committed already. Interface ip6_vti0 may have been left with an inconsistent configuration, please check. [ 249.693410][ T5854] usb 7-1: Service connection timeout for: 256 [ 249.699792][ T5854] ath9k_htc 7-1:1.0: ath9k_htc: Unable to initialize HTC services [ 249.712984][ T5854] ath9k_htc: Failed to initialize the device [ 249.719591][ T5834] usb 7-1: ath9k_htc: USB layer deinitialized [ 250.081946][T10353] loop5: detected capacity change from 0 to 16 [ 250.090550][T10355] loop2: detected capacity change from 0 to 256 [ 250.096032][T10353] erofs: (device loop5): mounted with root inode @ nid 36. [ 250.123603][T10355] FAT-fs (loop2): Directory bread(block 64) failed [ 250.131559][T10355] FAT-fs (loop2): Directory bread(block 65) failed [ 250.140444][T10355] FAT-fs (loop2): Directory bread(block 66) failed [ 250.150071][T10355] FAT-fs (loop2): Directory bread(block 67) failed [ 250.159494][T10355] FAT-fs (loop2): Directory bread(block 68) failed [ 250.168396][T10355] FAT-fs (loop2): Directory bread(block 69) failed [ 250.177609][T10355] FAT-fs (loop2): Directory bread(block 70) failed [ 250.185697][T10355] FAT-fs (loop2): Directory bread(block 71) failed [ 250.192356][T10355] FAT-fs (loop2): Directory bread(block 72) failed [ 250.198978][T10355] FAT-fs (loop2): Directory bread(block 73) failed [ 250.353570][ T5834] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 250.388609][T10221] kworker/u4:13: attempt to access beyond end of device [ 250.388609][T10221] loop2: rw=1, sector=1224, nr_sectors = 12 limit=256 [ 250.489940][T10365] vivid-000: disconnect [ 250.500192][T10365] vivid-000: reconnect [ 250.543318][ T5834] usb 7-1: Using ep0 maxpacket: 32 [ 250.555022][ T5834] usb 7-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 250.585834][ T5834] usb 7-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 250.603267][ T5834] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 250.615700][ T5834] usb 7-1: Product: syz [ 250.619910][ T5834] usb 7-1: Manufacturer: syz [ 250.642431][ T5834] usb 7-1: SerialNumber: syz [ 250.652938][T10374] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 250.669430][ T5834] usb 7-1: config 0 descriptor?? [ 250.691894][ T5834] usb 7-1: bad CDC descriptors [ 250.704842][ T5834] usb 7-1: unsupported MDLM descriptors [ 250.899705][T10380] loop2: detected capacity change from 0 to 2048 [ 250.933604][T10380] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 250.942963][ T5874] usb 7-1: USB disconnect, device number 8 [ 251.000210][T10380] overlayfs: upper fs needs to support d_type. [ 251.165784][T10390] program syz.5.1347 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 251.793599][ T5874] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 251.933725][T10412] fuse: Bad value for 'fd' [ 251.973532][ T5874] usb 7-1: Using ep0 maxpacket: 32 [ 251.989469][ T5874] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 252.008819][ T5874] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 252.024387][ T5874] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 252.042768][ T5874] usb 7-1: Product: syz [ 252.053435][ T5874] usb 7-1: Manufacturer: syz [ 252.063318][ T5874] usb 7-1: SerialNumber: syz [ 252.072762][ T5874] usb 7-1: config 0 descriptor?? [ 252.094085][T10398] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 252.105501][ T5874] hub 7-1:0.0: bad descriptor, ignoring hub [ 252.111451][ T5874] hub: probe of 7-1:0.0 failed with error -5 [ 252.493652][ T5854] usb 7-1: USB disconnect, device number 9 [ 252.675428][T10420] loop2: detected capacity change from 0 to 40427 [ 252.700739][T10420] F2FS-fs (loop2): Found nat_bits in checkpoint [ 252.748825][T10420] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 252.787416][T10420] syz.2.1360: attempt to access beyond end of device [ 252.787416][T10420] loop2: rw=2049, sector=53248, nr_sectors = 136 limit=40427 [ 252.858313][ T5786] syz-executor: attempt to access beyond end of device [ 252.858313][ T5786] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 252.863362][ T5854] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 252.878067][ T5786] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 252.973421][ T5834] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 253.083656][ T5854] usb 7-1: Using ep0 maxpacket: 32 [ 253.108126][ T5854] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 253.135168][ T5854] usb 7-1: string descriptor 0 read error: -22 [ 253.141503][ T5854] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 253.167304][ T5834] usb 6-1: unable to get BOS descriptor or descriptor too short [ 253.173321][ T5854] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 253.184733][ T5834] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 253.189199][ T5854] usb 7-1: config 0 descriptor?? [ 253.203361][ T5834] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1023 [ 253.222754][T10398] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 253.233316][ T5834] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1023 [ 253.245213][ T5854] hub 7-1:0.0: bad descriptor, ignoring hub [ 253.251156][ T5854] hub: probe of 7-1:0.0 failed with error -5 [ 253.256216][ T5834] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 253.266505][ T5834] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 253.285648][ T5834] usb 6-1: Product: syz [ 253.293474][ T5834] usb 6-1: Manufacturer: syz [ 253.298227][ T5834] usb 6-1: SerialNumber: syz [ 253.517313][ T5834] cdc_ncm 6-1:1.0: bind() failure [ 253.533608][ T5834] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found [ 253.557864][ T5834] cdc_ncm 6-1:1.1: bind() failure [ 253.569098][ T5834] usb 6-1: USB disconnect, device number 15 [ 253.673862][ T5873] usb 7-1: USB disconnect, device number 10 [ 254.127381][T10472] loop5: detected capacity change from 0 to 128 [ 254.162306][T10472] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 254.184316][T10472] ext4 filesystem being mounted at /250/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 254.275066][ T6701] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 254.493998][ T8] usb 3-1: new full-speed USB device number 20 using dummy_hcd [ 254.694448][T10482] loop5: detected capacity change from 0 to 32768 [ 254.711868][ T8] usb 3-1: config 0 has an invalid interface number: 7 but max is 0 [ 254.723575][ T8] usb 3-1: config 0 has no interface number 0 [ 254.729734][ T8] usb 3-1: config 0 interface 7 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 254.741397][ T8] usb 3-1: config 0 interface 7 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 254.751794][ T8] usb 3-1: config 0 interface 7 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 254.766737][ T8] usb 3-1: config 0 interface 7 has no altsetting 0 [ 254.773890][ T8] usb 3-1: New USB device found, idVendor=046d, idProduct=c24f, bcdDevice= 0.00 [ 254.783691][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 254.795401][ T8] usb 3-1: config 0 descriptor?? [ 254.829340][T10482] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 254.955949][T10482] XFS (loop5): Ending clean mount [ 254.981173][T10482] XFS (loop5): Quotacheck needed: Please wait. [ 255.081874][T10482] XFS (loop5): Quotacheck: Done. [ 255.191617][T10501] loop6: detected capacity change from 0 to 8192 [ 255.208575][T10501] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 255.247175][T10501] REISERFS (device loop6): found reiserfs format "3.6" with non-standard journal [ 255.257267][T10501] REISERFS (device loop6): using ordered data mode [ 255.263941][T10501] reiserfs: using flush barriers [ 255.283370][T10501] REISERFS (device loop6): journal params: device loop6, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 255.324835][ T6701] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 255.336349][T10501] REISERFS (device loop6): checking transaction log (loop6) [ 255.347676][T10501] REISERFS (device loop6): Using r5 hash to sort names [ 255.355528][T10501] REISERFS warning (device loop6): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 255.369625][T10501] REISERFS (device loop6): Created .reiserfs_priv - reserved for xattr storage. [ 255.431093][T10501] REISERFS warning (device loop6): sh-2029: %s: bitmap block (#%u) reading failed reiserfs_read_bitmap_block: reiserfs_read_bitmap_block [ 255.506120][T10501] REISERFS warning (device loop6): sh-2029: %s: bitmap block (#%u) reading failed reiserfs_read_bitmap_block: reiserfs_read_bitmap_block [ 255.536888][ T5854] usb 3-1: USB disconnect, device number 20 [ 255.549068][T10501] REISERFS warning (device loop6): sh-2029: %s: bitmap block (#%u) reading failed reiserfs_read_bitmap_block: reiserfs_read_bitmap_block [ 255.549076][T10510] capability: warning: `syz.6.1390' uses deprecated v2 capabilities in a way that may be insecure [ 255.860211][ T1275] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.866640][ T1275] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.343664][ T5834] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 256.379706][T10546] loop2: detected capacity change from 0 to 1024 [ 256.444137][T10552] sctp: [Deprecated]: syz.5.1410 (pid 10552) Use of int in max_burst socket option. [ 256.444137][T10552] Use struct sctp_assoc_value instead [ 256.460595][T10223] hfsplus: b-tree write err: -5, ino 4 [ 256.548462][ T5834] usb 7-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 256.557834][ T5834] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 256.568241][ T5834] usb 7-1: config 0 descriptor?? [ 256.576275][ T5834] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 256.984157][ T5834] cpia1 7-1:0.0: unexpected state after lo power cmd: 00 [ 257.364492][T10577] loop2: detected capacity change from 0 to 1024 [ 257.382573][T10577] EXT4-fs: Ignoring removed nobh option [ 257.388362][T10577] EXT4-fs: Ignoring removed bh option [ 257.401001][T10577] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 257.412649][ T5834] gspca_cpia1: usb_control_msg 02, error -71 [ 257.422514][ T5834] cpia1 7-1:0.0: only firmware version 1 is supported (got: 0) [ 257.443074][ T5834] usb 7-1: USB disconnect, device number 11 [ 257.486084][T10577] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 257.596206][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 258.074673][T10598] input: syz1 as /devices/virtual/input/input18 [ 258.150617][T10601] loop5: detected capacity change from 0 to 1024 [ 258.190087][T10601] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 258.315605][T10601] EXT4-fs error (device loop5): __ext4_remount:6741: comm syz.5.1433: Abort forced by user [ 258.337146][T10601] EXT4-fs (loop5): Remounting filesystem read-only [ 258.354659][T10601] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000. [ 258.366688][T10607] loop6: detected capacity change from 0 to 8192 [ 258.379707][T10607] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 258.397689][T10601] overlayfs: failed to get metacopy (-5) [ 258.410639][T10607] REISERFS (device loop6): found reiserfs format "3.6" with non-standard journal [ 258.421062][T10607] REISERFS (device loop6): using ordered data mode [ 258.427740][T10607] reiserfs: using flush barriers [ 258.442988][T10607] REISERFS (device loop6): journal params: device loop6, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 258.460627][T10607] REISERFS (device loop6): checking transaction log (loop6) [ 258.570396][T10607] REISERFS (device loop6): Using tea hash to sort names [ 258.583629][T10607] REISERFS (device loop6): Created .reiserfs_priv - reserved for xattr storage. [ 258.625149][ T6701] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 258.660313][T10603] loop2: detected capacity change from 0 to 32768 [ 258.742936][ T136] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.764273][T10603] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode. [ 258.940606][ T136] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 259.117023][ T136] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 259.133583][ T5786] ocfs2: Unmounting device (7,2) on (node local) [ 259.241048][ T136] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 259.385261][T10622] binder: 10621:10622 ioctl 400c620e 200000000580 returned -22 [ 259.733021][ T5798] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 259.753495][ T5798] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 259.766883][ T5798] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 259.784553][ T5798] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 259.808058][ T5798] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 259.817348][ T5798] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 260.293726][ T5854] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 260.362171][T10645] loop2: detected capacity change from 0 to 40427 [ 260.377799][T10645] F2FS-fs (loop2): build fault injection attr: rate: 0, type: 0x7 [ 260.387845][T10645] F2FS-fs (loop2): invalid crc value [ 260.432838][T10645] F2FS-fs (loop2): Found nat_bits in checkpoint [ 260.444297][T10638] chnl_net:caif_netlink_parms(): no params data found [ 260.496257][ T5854] usb 7-1: config 0 interface 0 has no altsetting 0 [ 260.509210][ T5854] usb 7-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75 [ 260.525572][ T5854] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 260.531748][T10645] F2FS-fs (loop2): Start checkpoint disabled! [ 260.536145][ T5854] usb 7-1: config 0 descriptor?? [ 260.552699][T10645] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 260.609466][T10645] syz.2.1452: attempt to access beyond end of device [ 260.609466][T10645] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 260.745291][ T1086] kworker/u4:6: attempt to access beyond end of device [ 260.745291][ T1086] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 260.760078][ T1086] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 260.780076][ T1086] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 260.790558][T10638] bridge0: port 1(bridge_slave_0) entered blocking state [ 260.799020][T10638] bridge0: port 1(bridge_slave_0) entered disabled state [ 260.806880][T10638] bridge_slave_0: entered allmulticast mode [ 260.824366][T10638] bridge_slave_0: entered promiscuous mode [ 260.854538][T10638] bridge0: port 2(bridge_slave_1) entered blocking state [ 260.867831][T10638] bridge0: port 2(bridge_slave_1) entered disabled state [ 260.885962][T10638] bridge_slave_1: entered allmulticast mode [ 260.896302][T10638] bridge_slave_1: entered promiscuous mode [ 261.123942][ T136] hsr_slave_0: left promiscuous mode [ 261.143725][ T136] hsr_slave_1: left promiscuous mode [ 261.183696][ T136] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 261.201338][ T136] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 261.237866][ T136] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 261.254557][ T136] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 261.288045][ T136] bridge_slave_1: left allmulticast mode [ 261.303591][ T136] bridge_slave_1: left promiscuous mode [ 261.313440][ T136] bridge0: port 2(bridge_slave_1) entered disabled state [ 261.358158][ T136] bridge_slave_0: left allmulticast mode [ 261.370841][ T5854] video4linux radio48: keene_cmd_main failed (-71) [ 261.373478][ T136] bridge_slave_0: left promiscuous mode [ 261.388849][ T5854] radio-keene 7-1:0.0: V4L2 device registered as radio48 [ 261.403499][ T136] bridge0: port 1(bridge_slave_0) entered disabled state [ 261.430298][ T5854] usb 7-1: USB disconnect, device number 12 [ 261.575235][ T136] veth1_macvtap: left promiscuous mode [ 261.582804][ T136] veth0_macvtap: left promiscuous mode [ 261.594906][ T136] veth1_vlan: left promiscuous mode [ 261.600273][ T136] veth0_vlan: left promiscuous mode [ 261.933730][ T5798] Bluetooth: hci1: command tx timeout [ 262.525636][ T136] team0 (unregistering): Port device team_slave_1 removed [ 262.587315][ T136] team0 (unregistering): Port device team_slave_0 removed [ 262.646621][ T136] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 262.710337][ T136] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 263.337125][ T136] bond0 (unregistering): Released all slaves [ 263.432352][T10638] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 263.445902][T10638] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 263.458155][T10680] veth0: entered promiscuous mode [ 263.468845][T10683] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1464'. [ 263.737246][T10638] team0: Port device team_slave_0 added [ 263.764348][T10638] team0: Port device team_slave_1 added [ 263.837055][T10638] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 263.866845][T10638] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 263.866873][T10638] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 263.875177][T10638] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 263.875192][T10638] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 263.875214][T10638] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 263.957622][ C1] vkms_vblank_simulate: vblank timer overrun [ 264.013393][ T5798] Bluetooth: hci1: command tx timeout [ 264.087842][T10638] hsr_slave_0: entered promiscuous mode [ 264.116677][T10638] hsr_slave_1: entered promiscuous mode [ 264.117388][T10638] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 264.117495][T10638] Cannot create hsr debugfs directory [ 264.496672][T10638] 8021q: adding VLAN 0 to HW filter on device bond0 [ 264.542137][T10638] 8021q: adding VLAN 0 to HW filter on device team0 [ 264.559419][T10223] bridge0: port 1(bridge_slave_0) entered blocking state [ 264.566587][T10223] bridge0: port 1(bridge_slave_0) entered forwarding state [ 264.600120][T10223] bridge0: port 2(bridge_slave_1) entered blocking state [ 264.607308][T10223] bridge0: port 2(bridge_slave_1) entered forwarding state [ 264.768715][ T8] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 264.833674][ T23] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 264.852428][T10638] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 264.968828][ T8] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 264.982679][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 265.001053][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 265.011529][ T8] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 265.032657][ T8] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 265.033387][ T23] usb 7-1: Using ep0 maxpacket: 8 [ 265.042473][ T8] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 265.066999][ T23] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 233, changing to 11 [ 265.073422][ T8] usb 3-1: Manufacturer: syz [ 265.083560][ T23] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 265.105439][ T8] usb 3-1: config 0 descriptor?? [ 265.115576][ T23] usb 7-1: New USB device found, idVendor=046d, idProduct=c623, bcdDevice= 0.40 [ 265.124901][ T23] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 265.132914][ T23] usb 7-1: Product: syz [ 265.153305][ T23] usb 7-1: Manufacturer: syz [ 265.157978][ T23] usb 7-1: SerialNumber: syz [ 265.355334][T10638] veth0_vlan: entered promiscuous mode [ 265.382334][T10638] veth1_vlan: entered promiscuous mode [ 265.438703][T10638] veth0_macvtap: entered promiscuous mode [ 265.458681][T10638] veth1_macvtap: entered promiscuous mode [ 265.503059][T10638] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 265.526452][T10638] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 265.542787][T10638] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 265.557060][ T8] appleir 0003:05AC:8243.0017: unknown main item tag 0x0 [ 265.569419][T10638] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 265.582964][ T8] appleir 0003:05AC:8243.0017: No inputs registered, leaving [ 265.593248][T10638] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 265.615369][T10638] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 265.632012][T10638] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 265.642617][T10638] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 265.656307][ T8] appleir 0003:05AC:8243.0017: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 265.676780][T10638] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 265.692065][T10638] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 265.705849][T10638] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 265.717725][T10638] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 265.735032][T10638] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 265.748982][T10638] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 265.836954][ T8] usb 3-1: USB disconnect, device number 21 [ 265.959690][ T136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 265.978072][ T136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 266.032092][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 266.062533][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 266.133448][ T5798] Bluetooth: hci1: command tx timeout [ 266.593441][ T8] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 266.783416][ T8] usb 8-1: Using ep0 maxpacket: 16 [ 266.803031][ T8] usb 8-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 266.836693][ T8] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 266.872954][ T8] usb 8-1: Product: syz [ 266.902352][ T8] usb 8-1: Manufacturer: syz [ 266.906071][ T23] usbhid 7-1:1.0: can't add hid device: -71 [ 266.913006][ T23] usbhid: probe of 7-1:1.0 failed with error -71 [ 266.928878][ T8] usb 8-1: SerialNumber: syz [ 266.936470][ T23] usb 7-1: USB disconnect, device number 13 [ 266.958950][ T8] usb 8-1: config 0 descriptor?? [ 267.000291][ T8] ftdi_sio 8-1:0.0: FTDI USB Serial Device converter detected [ 267.024941][ T8] usb 8-1: Detected FT232H [ 267.164479][T10754] loop6: detected capacity change from 0 to 2048 [ 267.179897][T10745] loop2: detected capacity change from 0 to 32768 [ 267.189126][T10745] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.1483 (10745) [ 267.214607][T10745] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 267.214714][ T8] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 267.235167][T10745] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 267.245119][T10745] BTRFS info (device loop2): setting nodatacow, compression disabled [ 267.255663][T10754] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 267.265074][T10745] BTRFS info (device loop2): max_inline at 0 [ 267.273953][T10745] BTRFS info (device loop2): enabling disk space caching [ 267.280302][T10754] EXT4-fs (loop6): shut down requested (0) [ 267.281042][T10745] BTRFS info (device loop2): turning off barriers [ 267.293465][T10745] BTRFS info (device loop2): turning on flush-on-commit [ 267.300759][T10745] BTRFS info (device loop2): doing ref verification [ 267.309040][T10745] BTRFS info (device loop2): force clearing of disk cache [ 267.319052][T10745] BTRFS info (device loop2): enabling ssd optimizations [ 267.326286][T10745] BTRFS info (device loop2): max_inline at 4096 [ 267.333113][T10745] BTRFS info (device loop2): disk space caching is enabled [ 267.435242][ T8766] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 267.455696][T10745] BTRFS info (device loop2): auto enabling async discard [ 267.489730][T10745] BTRFS info (device loop2): rebuilding free space tree [ 267.548609][T10745] BTRFS info (device loop2): disabling free space tree [ 267.563488][T10745] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 267.583428][T10745] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 267.657443][ T8] usb 8-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 267.778201][ T5786] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 267.876637][ T8] usb 8-1: USB disconnect, device number 2 [ 267.890862][ T8] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 267.933649][ T8] ftdi_sio 8-1:0.0: device disconnected [ 268.002992][ T23] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 268.176452][ T50] Bluetooth: hci1: command tx timeout [ 268.199657][ T23] usb 7-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 268.218353][ T23] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 268.239980][ T23] usb 7-1: Product: syz [ 268.256619][ T23] usb 7-1: Manufacturer: syz [ 268.261408][ T23] usb 7-1: SerialNumber: syz [ 268.284025][ T23] usb 7-1: config 0 descriptor?? [ 268.302119][ T23] ch341 7-1:0.0: ch341-uart converter detected [ 269.067224][ T787] IPVS: starting estimator thread 0... [ 269.069979][T10819] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1509'. [ 269.163626][T10822] IPVS: using max 20 ests per chain, 48000 per kthread [ 269.326982][ T23] usb 7-1: failed to send control message: -71 [ 269.334041][ T23] ch341-uart: probe of ttyUSB0 failed with error -71 [ 269.353848][ T23] usb 7-1: USB disconnect, device number 14 [ 269.360836][ T23] ch341 7-1:0.0: device disconnected [ 269.420454][T10815] loop7: detected capacity change from 0 to 32768 [ 269.437418][T10815] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop7 scanned by syz.7.1505 (10815) [ 269.452691][T10815] BTRFS info (device loop7): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 269.468786][T10815] BTRFS info (device loop7): using sha256 (sha256-avx2) checksum algorithm [ 269.477774][T10815] BTRFS info (device loop7): force clearing of disk cache [ 269.489125][T10815] BTRFS info (device loop7): metadata ratio 0 [ 269.495324][T10815] BTRFS info (device loop7): enabling ssd optimizations [ 269.502280][T10815] BTRFS info (device loop7): using spread ssd allocation scheme [ 269.515615][T10815] BTRFS info (device loop7): using free space tree [ 269.549676][T10815] BTRFS info (device loop7): auto enabling async discard [ 269.559945][T10815] BTRFS info (device loop7): rebuilding free space tree [ 269.735167][ T136] BTRFS info (device loop7): qgroup scan completed (inconsistency flag cleared) [ 269.840223][T10638] BTRFS info (device loop7): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 270.190890][T10855] loop2: detected capacity change from 0 to 32768 [ 270.266264][T10855] [ 270.266264][T10855] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 270.266264][T10855] [ 270.321373][T10855] ERROR: (device loop2): diWrite: ixpxd invalid [ 270.321373][T10855] [ 270.349146][T10855] ERROR: (device loop2): txCommit: [ 270.349146][T10855] [ 270.390608][T10855] ERROR: (device loop2): diWrite: ixpxd invalid [ 270.390608][T10855] [ 270.399852][T10855] ERROR: (device loop2): txCommit: [ 270.399852][T10855] [ 270.417080][T10855] [ 270.417080][T10855] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 270.417080][T10855] [ 270.429475][T10855] [ 270.429475][T10855] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 270.429475][T10855] [ 270.468004][T10855] ERROR: (device loop2): diWrite: ixpxd invalid [ 270.468004][T10855] [ 270.485798][T10855] ERROR: (device loop2): txCommit: [ 270.485798][T10855] [ 270.546809][ T5786] ERROR: (device loop2): diFree: wmap shows inode already free [ 270.546809][ T5786] [ 270.564721][ T5786] [ 270.564721][ T5786] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 270.564721][ T5786] [ 270.578421][ T5786] [ 270.578421][ T5786] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 270.578421][ T5786] [ 270.808756][T10872] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1526'. [ 270.838567][T10873] vlan3: entered promiscuous mode [ 270.849609][T10873] bond0: entered promiscuous mode [ 270.857095][T10873] bond_slave_0: entered promiscuous mode [ 270.874673][T10873] bond_slave_1: entered promiscuous mode [ 271.272569][T10889] loop2: detected capacity change from 0 to 2048 [ 271.303572][T10889] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 271.397408][T10877] loop6: detected capacity change from 0 to 32768 [ 271.417651][T10877] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop6 scanned by syz.6.1529 (10877) [ 271.439119][T10877] BTRFS info (device loop6): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 271.451939][T10877] BTRFS info (device loop6): using sha256 (sha256-avx2) checksum algorithm [ 271.467621][T10877] BTRFS info (device loop6): force clearing of disk cache [ 271.475032][T10877] BTRFS info (device loop6): metadata ratio 0 [ 271.481211][T10877] BTRFS info (device loop6): enabling ssd optimizations [ 271.497242][T10877] BTRFS info (device loop6): using spread ssd allocation scheme [ 271.519835][T10877] BTRFS info (device loop6): using free space tree [ 271.613870][T10877] BTRFS info (device loop6): auto enabling async discard [ 271.636134][T10877] BTRFS info (device loop6): rebuilding free space tree [ 271.902894][ T58] BTRFS info (device loop6): qgroup scan completed (inconsistency flag cleared) [ 271.966652][ T8766] BTRFS info (device loop6): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 272.387789][T10922] loop6: detected capacity change from 0 to 1024 [ 272.604098][T10918] loop7: detected capacity change from 0 to 40427 [ 272.614179][ T136] hfsplus: b-tree write err: -5, ino 4 [ 272.633425][T10918] F2FS-fs (loop7): Invalid log_blocksize (268), supports only 12 [ 272.641202][T10918] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock [ 272.662053][T10918] F2FS-fs (loop7): invalid crc value [ 272.712280][T10918] F2FS-fs (loop7): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 272.851002][T10931] loop2: detected capacity change from 0 to 8192 [ 272.876393][T10918] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0 [ 272.891815][T10918] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5 [ 272.976903][T10937] loop6: detected capacity change from 0 to 164 [ 273.011691][T10937] Unable to read rock-ridge attributes [ 273.036839][T10937] Unable to read rock-ridge attributes [ 273.067354][T10937] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 273.239085][T10942] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1549'. [ 273.690950][T10963] netlink: 'syz.7.1560': attribute type 10 has an invalid length. [ 273.699108][T10963] netlink: 55 bytes leftover after parsing attributes in process `syz.7.1560'. [ 273.961218][T10976] netlink: 'syz.7.1566': attribute type 2 has an invalid length. [ 274.189658][T10989] netlink: 'syz.4.1572': attribute type 3 has an invalid length. [ 274.199093][T10989] netlink: 'syz.4.1572': attribute type 1 has an invalid length. [ 274.208716][T10989] netlink: 199820 bytes leftover after parsing attributes in process `syz.4.1572'. [ 274.745173][T11009] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1340 [ 274.945919][T11014] loop7: detected capacity change from 0 to 4096 [ 274.988419][T11015] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 275.077986][T11007] loop2: detected capacity change from 0 to 32768 [ 275.090611][ T27] audit: type=1804 audit(1754101656.204:26): pid=11014 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.7.1583" name="/newroot/20/file0/file1" dev="loop7" ino=15 res=1 errno=0 [ 275.100489][T11007] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.1580 (11007) [ 275.141899][T11007] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 275.164459][T11007] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 275.175205][T11007] BTRFS info (device loop2): setting nodatacow, compression disabled [ 275.183738][T11007] BTRFS info (device loop2): max_inline at 0 [ 275.191042][T11007] BTRFS info (device loop2): enabling disk space caching [ 275.199994][T11007] BTRFS info (device loop2): turning off barriers [ 275.242908][T11007] BTRFS info (device loop2): turning on flush-on-commit [ 275.262648][T11007] BTRFS info (device loop2): doing ref verification [ 275.278390][T11007] BTRFS info (device loop2): force clearing of disk cache [ 275.291347][T11007] BTRFS info (device loop2): enabling ssd optimizations [ 275.311917][T11007] BTRFS info (device loop2): max_inline at 4096 [ 275.320651][T11007] BTRFS info (device loop2): disk space caching is enabled [ 275.369505][T11007] BTRFS info (device loop2): auto enabling async discard [ 275.383012][T11007] BTRFS info (device loop2): rebuilding free space tree [ 275.412303][T11007] BTRFS info (device loop2): disabling free space tree [ 275.431310][T11007] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 275.453495][T11007] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 275.681103][ T5786] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 275.981182][T11046] loop7: detected capacity change from 0 to 256 [ 276.594114][T11063] loop2: detected capacity change from 0 to 2048 [ 276.635937][T11063] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 276.667435][T11048] loop6: detected capacity change from 0 to 32768 [ 276.689942][T11063] EXT4-fs (loop2): shut down requested (0) [ 276.703453][T11048] XFS (loop6): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 276.744293][T11048] XFS (loop6): Ending clean mount [ 276.762135][T11048] XFS (loop6): Quotacheck needed: Please wait. [ 276.800692][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 276.877308][T11048] XFS (loop6): Quotacheck: Done. [ 277.024328][ T8766] XFS (loop6): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 277.387466][T11086] mmap: syz.6.1602 (11086): VmData 29118464 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. [ 277.879775][T11111] loop2: detected capacity change from 0 to 512 [ 277.916452][T11111] EXT4-fs: Ignoring removed mblk_io_submit option [ 278.002585][T11111] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 278.003653][T11105] loop7: detected capacity change from 0 to 32768 [ 278.023613][T11105] BTRFS: device fsid 3a375e4e-b156-4d76-a2ad-16e198ce1409 devid 1 transid 8 /dev/loop7 scanned by syz.7.1614 (11105) [ 278.039777][T11105] BTRFS info (device loop7): first mount of filesystem 3a375e4e-b156-4d76-a2ad-16e198ce1409 [ 278.050073][T11105] BTRFS info (device loop7): using xxhash64 (xxhash64-generic) checksum algorithm [ 278.059510][T11105] BTRFS info (device loop7): using free space tree [ 278.111177][ T27] audit: type=1800 audit(1754101659.224:27): pid=11111 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1616" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 278.160788][T11105] BTRFS info (device loop7): enabling ssd optimizations [ 278.167855][T11105] BTRFS info (device loop7): auto enabling async discard [ 278.212413][T11105] BTRFS info (device loop7): setting incompat feature flag for COMPRESS_LZO (0x8) [ 278.246984][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 278.305039][T11135] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 278.361077][T10638] BTRFS info (device loop7): last unmount of filesystem 3a375e4e-b156-4d76-a2ad-16e198ce1409 [ 278.617875][T11144] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1625'. [ 279.172266][T11158] loop7: detected capacity change from 0 to 8192 [ 279.182260][T11158] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 279.200032][T11158] REISERFS (device loop7): found reiserfs format "3.5" with non-standard journal [ 279.203650][ T8] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 279.210972][T11158] REISERFS (device loop7): using ordered data mode [ 279.232405][T11158] reiserfs: using flush barriers [ 279.240203][T11158] REISERFS (device loop7): journal params: device loop7, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 279.263337][T11158] REISERFS (device loop7): checking transaction log (loop7) [ 279.272049][T11158] REISERFS (device loop7): Using r5 hash to sort names [ 279.283802][T11158] REISERFS (device loop7): Created .reiserfs_priv - reserved for xattr storage. [ 279.413410][ T8] usb 7-1: Using ep0 maxpacket: 32 [ 279.420663][ T8] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 279.436469][ T8] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 279.446975][ T8] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 279.463360][ T8] usb 7-1: Product: syz [ 279.467559][ T8] usb 7-1: Manufacturer: syz [ 279.472172][ T8] usb 7-1: SerialNumber: syz [ 279.493123][ T8] usb 7-1: config 0 descriptor?? [ 279.509229][T11154] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 279.654739][ T27] audit: type=1326 audit(1754101660.764:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11176 comm="syz.4.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fcbf8eb69 code=0x7ffc0000 [ 279.684066][ T27] audit: type=1326 audit(1754101660.774:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11176 comm="syz.4.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fcbf8eb69 code=0x7ffc0000 [ 279.707420][ T27] audit: type=1326 audit(1754101660.794:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11176 comm="syz.4.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7fcbf8eb69 code=0x7ffc0000 [ 279.752222][ T787] usb 7-1: USB disconnect, device number 15 [ 279.764326][ T27] audit: type=1326 audit(1754101660.794:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11176 comm="syz.4.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fcbf8eb69 code=0x7ffc0000 [ 279.790505][ T27] audit: type=1326 audit(1754101660.794:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11176 comm="syz.4.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fcbf8eb69 code=0x7ffc0000 [ 279.819712][ T27] audit: type=1326 audit(1754101660.804:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11176 comm="syz.4.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7fcbf8eb69 code=0x7ffc0000 [ 279.844086][ T27] audit: type=1326 audit(1754101660.844:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11176 comm="syz.4.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fcbf8eb69 code=0x7ffc0000 [ 279.868128][ T8] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 279.876750][ T27] audit: type=1326 audit(1754101660.864:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11176 comm="syz.4.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fcbf8eb69 code=0x7ffc0000 [ 280.080107][ T8] usb 8-1: unable to get BOS descriptor or descriptor too short [ 280.091655][ T8] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 280.103297][ T8] usb 8-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1023 [ 280.113761][ T8] usb 8-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1023 [ 280.131950][ T8] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 280.154424][ T8] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 280.172227][ T8] usb 8-1: Product: syz [ 280.179198][ T8] usb 8-1: Manufacturer: syz [ 280.199477][ T8] usb 8-1: SerialNumber: syz [ 280.435855][ T8] cdc_ncm 8-1:1.0: bind() failure [ 280.445063][ T8] cdc_ncm 8-1:1.1: CDC Union missing and no IAD found [ 280.451909][ T8] cdc_ncm 8-1:1.1: bind() failure [ 280.480023][ T8] usb 8-1: USB disconnect, device number 3 [ 280.610304][T11205] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1649'. [ 281.818940][T11249] loop2: detected capacity change from 0 to 32768 [ 281.847016][T11249] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 281.863641][ T5873] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 281.927925][T11249] (syz.2.1668,11249,1):ocfs2_rename:1284 ERROR: status = -2 [ 281.938074][T11249] (syz.2.1668,11249,1):ocfs2_rename:1690 ERROR: status = -2 [ 281.996136][ T5786] ocfs2: Unmounting device (7,2) on (node local) [ 282.069341][ T5873] usb 7-1: unable to get BOS descriptor or descriptor too short [ 282.081599][ T5873] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 282.096967][ T5873] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1023 [ 282.108798][ T5873] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1023 [ 282.121554][ T5873] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 282.132065][ T5873] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 282.140208][ T5873] usb 7-1: Product: syz [ 282.144777][ T5873] usb 7-1: Manufacturer: syz [ 282.149383][ T5873] usb 7-1: SerialNumber: syz [ 282.210980][T11259] loop7: detected capacity change from 0 to 512 [ 282.219816][T11259] FAT-fs (loop7): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 282.390318][ T5873] cdc_ncm 7-1:1.0: bind() failure [ 282.392615][T11267] netlink: 'syz.7.1676': attribute type 4 has an invalid length. [ 282.401892][ T5873] cdc_ncm 7-1:1.1: CDC Union missing and no IAD found [ 282.410282][ T5873] cdc_ncm 7-1:1.1: bind() failure [ 282.419310][ T5873] usb 7-1: USB disconnect, device number 16 [ 282.619733][ T27] kauditd_printk_skb: 6 callbacks suppressed [ 282.619746][ T27] audit: type=1326 audit(1754101663.734:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11277 comm="syz.2.1681" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f778758eb69 code=0x0 [ 283.073340][ T787] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 283.254477][ T787] usb 8-1: Using ep0 maxpacket: 32 [ 283.261619][ T787] usb 8-1: config 0 interface 0 altsetting 128 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 283.272692][ T787] usb 8-1: config 0 interface 0 has no altsetting 0 [ 283.279390][ T787] usb 8-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00 [ 283.288462][ T787] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 283.298435][ T787] usb 8-1: config 0 descriptor?? [ 283.590433][T11292] netlink: 300 bytes leftover after parsing attributes in process `syz.2.1694'. [ 284.054261][ T8] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 284.093831][ T787] corsair-cpro 0003:1B1C:0C10.0018: hidraw0: USB HID v4.06 Device [HID 1b1c:0c10] on usb-dummy_hcd.7-1/input0 [ 284.101948][T11315] overlayfs: missing 'lowerdir' [ 284.128901][T11315] overlayfs: missing 'lowerdir' [ 284.164431][T11320] vxcan1: entered allmulticast mode [ 284.216485][T11322] batadv0: entered promiscuous mode [ 284.222820][T11322] macsec0: entered promiscuous mode [ 284.228309][T11322] macsec0: entered allmulticast mode [ 284.234908][T11322] batadv0: entered allmulticast mode [ 284.242978][T11322] batadv0: left allmulticast mode [ 284.248674][T11322] batadv0: left promiscuous mode [ 284.258728][ T8] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 284.277249][ T8] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 284.287426][ T8] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 284.307568][ T787] corsair-cpro: probe of 0003:1B1C:0C10.0018 failed with error -71 [ 284.323173][ T8] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 284.332564][ T8] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 284.351584][ T8] usb 7-1: config 0 descriptor?? [ 284.510894][ T787] usb 8-1: USB disconnect, device number 4 [ 284.784638][ T8] plantronics 0003:047F:FFFF.0019: unknown main item tag 0xd [ 284.794283][ T8] plantronics 0003:047F:FFFF.0019: No inputs registered, leaving [ 284.809759][ T8] plantronics 0003:047F:FFFF.0019: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0 [ 285.113768][ T2128] usb 7-1: USB disconnect, device number 17 [ 285.244863][T11353] input: syz1 as /devices/virtual/input/input20 [ 285.470552][T11357] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1716'. [ 285.660627][T11367] netlink: 16 bytes leftover after parsing attributes in process `syz.7.1721'. [ 286.040161][T11389] netlink: 104 bytes leftover after parsing attributes in process `syz.6.1731'. [ 286.065380][T11386] loop7: detected capacity change from 0 to 8192 [ 286.086429][T11386] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 286.099907][T11386] REISERFS (device loop7): found reiserfs format "3.5" with non-standard journal [ 286.109503][T11386] REISERFS (device loop7): using ordered data mode [ 286.116238][T11386] reiserfs: using flush barriers [ 286.122314][T11386] REISERFS (device loop7): journal params: device loop7, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 286.138927][T11386] REISERFS (device loop7): checking transaction log (loop7) [ 286.150337][T11386] REISERFS (device loop7): Using r5 hash to sort names [ 286.157581][T11386] REISERFS (device loop7): Created .reiserfs_priv - reserved for xattr storage. [ 286.373468][ T8] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 286.563393][ T8] usb 7-1: Using ep0 maxpacket: 8 [ 286.577642][ T8] usb 7-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 286.597808][ T8] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 286.627952][ T8] pvrusb2: Hardware description: Terratec Grabster AV400 [ 286.643357][ T8] pvrusb2: ********** [ 286.647380][ T8] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 286.662049][ T8] pvrusb2: Important functionality might not be entirely working. [ 286.672215][ T8] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 286.683699][ T8] pvrusb2: ********** [ 286.704302][T11402] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input21 [ 286.881831][ T2314] pvrusb2: Invalid write control endpoint [ 286.893790][ T50] Bluetooth: hci0: command 0x0406 tx timeout [ 286.958273][T11398] loop7: detected capacity change from 0 to 40427 [ 286.996768][T11398] F2FS-fs (loop7): invalid crc value [ 287.016178][ T2314] pvrusb2: Invalid write control endpoint [ 287.035485][T11398] F2FS-fs (loop7): Found nat_bits in checkpoint [ 287.046370][ T2314] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 287.083330][ T2314] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 287.103806][ T2314] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 287.123368][ T2314] pvrusb2: Device being rendered inoperable [ 287.168963][T11392] pvrusb2: Killing an I2C write to 0 that is too large (desired=148 limit=61) [ 287.183849][ T2314] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 287.191614][T11398] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5 [ 287.199207][ T2314] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 287.205619][ T787] usb 7-1: USB disconnect, device number 18 [ 287.239675][ T2314] pvrusb2: Attached sub-driver cx25840 [ 287.253308][ T2314] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 287.273259][ T2314] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 287.312048][ T27] audit: type=1800 audit(1754101668.414:43): pid=11398 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.1735" name="file1" dev="loop7" ino=10 res=0 errno=0 [ 287.340021][T10638] syz-executor: attempt to access beyond end of device [ 287.340021][T10638] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 287.373880][T10638] F2FS-fs (loop7): Stopped filesystem due to reason: 3 [ 287.517837][T11405] loop2: detected capacity change from 0 to 40427 [ 287.566889][T11405] F2FS-fs (loop2): Found nat_bits in checkpoint [ 287.623758][T11405] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 287.703672][T11405] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 287.870592][ T5786] syz-executor: attempt to access beyond end of device [ 287.870592][ T5786] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 287.903371][ T5786] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 288.651792][T11438] loop6: detected capacity change from 0 to 4096 [ 288.674157][T11438] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 288.737022][ T8766] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 288.808910][T11444] IPv6: NLM_F_CREATE should be specified when creating new route [ 289.095610][T11457] loop6: detected capacity change from 0 to 64 [ 289.410792][T11475] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1762'. [ 289.832151][ T8] kernel write not supported for file /video36 (pid: 8 comm: kworker/0:0) [ 290.157972][T11510] batadv_slave_1: entered promiscuous mode [ 290.176831][T11509] batadv_slave_1: left promiscuous mode [ 290.413830][ T5798] Bluetooth: hci4: command 0x1003 tx timeout [ 290.421429][ T50] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 290.510348][T11506] loop7: detected capacity change from 0 to 40427 [ 290.518925][T11506] F2FS-fs (loop7): build fault injection attr: rate: 771, type: 0x7ffff [ 290.530392][T11506] F2FS-fs (loop7): invalid crc value [ 290.538366][T11506] F2FS-fs (loop7): Found nat_bits in checkpoint [ 290.544827][ T2128] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 290.572978][T11506] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5 [ 290.744980][ T2128] usb 7-1: Using ep0 maxpacket: 16 [ 290.764652][ T2128] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 290.774848][ T2128] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 290.785786][ T2128] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 290.795490][ T2128] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 290.805183][ T2128] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 290.820042][ T2128] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 290.829163][ T2128] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 290.837200][ T2128] usb 7-1: Manufacturer: syz [ 290.844362][ T2128] usb 7-1: config 0 descriptor?? [ 290.988054][T10638] syz-executor: attempt to access beyond end of device [ 290.988054][T10638] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 291.002692][T10638] F2FS-fs (loop7): Stopped filesystem due to reason: 3 [ 291.129661][ T5873] hid-generic 0000:0000:0000.001A: unknown main item tag 0x0 [ 291.168035][ T5873] hid-generic 0000:0000:0000.001A: hidraw0: HID v0.00 Device [syz1] on syz0 [ 291.223293][ T2128] rc_core: IR keymap rc-hauppauge not found [ 291.231152][ T2128] Registered IR keymap rc-empty [ 291.241099][ T2128] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 291.280183][ T2128] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 291.322014][T11514] loop6: detected capacity change from 0 to 1764 [ 291.334145][ T2128] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0 [ 291.362383][ T2128] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0/input22 [ 291.401643][ T2128] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 291.443555][ T2128] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 291.481511][ T2128] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 291.533545][ T2128] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 291.573377][ T2128] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 291.603697][ T2128] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 291.653414][ T2128] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 291.723479][ T2128] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 291.767930][ T2128] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 291.803453][ T2128] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 291.855329][ T2128] mceusb 7-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 291.872800][ T2128] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 291.891858][ T2128] usb 7-1: USB disconnect, device number 19 [ 292.207535][T11556] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1797'. [ 292.413485][ T8] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 292.627678][ T8] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 292.640787][ T8] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 292.662537][ T8] usb 8-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 292.686769][ T8] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 292.706183][ T8] usb 8-1: SerialNumber: syz [ 292.728292][T11556] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 292.753933][T11556] bond_slave_0: left promiscuous mode [ 292.759759][T11556] bond_slave_0: left allmulticast mode [ 292.800723][T11556] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 292.837944][T11556] bond_slave_1: left promiscuous mode [ 292.844355][T11556] bond_slave_1: left allmulticast mode [ 292.865792][T11556] bond0 (unregistering): Released all slaves [ 292.875167][T11568] sctp: [Deprecated]: syz.6.1802 (pid 11568) Use of struct sctp_assoc_value in delayed_ack socket option. [ 292.875167][T11568] Use struct sctp_sack_info instead [ 292.955347][ T8] usb 8-1: 0:2 : does not exist [ 292.995896][ T8] usb 8-1: 5:0: cannot get min/max values for control 1 (id 5) [ 293.028705][ T8] usb 8-1: 5:0: cannot get min/max values for control 3 (id 5) [ 293.051135][ T8] usb 8-1: 5:0: cannot get min/max values for control 7 (id 5) [ 293.097570][T11578] loop2: detected capacity change from 0 to 512 [ 293.111535][T11578] EXT4-fs (loop2): Test dummy encryption mode enabled [ 293.118610][T11578] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 293.119888][ T8] usb 8-1: USB disconnect, device number 5 [ 293.161197][T11578] EXT4-fs (loop2): 1 truncate cleaned up [ 293.171575][T11578] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 293.236875][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 293.254344][T11584] syzkaller1: entered promiscuous mode [ 293.259851][T11584] syzkaller1: entered allmulticast mode [ 293.365144][T11586] syzkaller1: entered promiscuous mode [ 293.371426][T11586] syzkaller1: entered allmulticast mode [ 293.788273][T11606] fuse: Bad value for 'fd' [ 293.903750][ T2128] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 293.927220][T11610] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1816'. [ 293.943051][T11612] loop7: detected capacity change from 0 to 512 [ 293.984407][T11612] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 293.997793][T11614] netlink: 428 bytes leftover after parsing attributes in process `syz.4.1818'. [ 294.003828][T11612] ext4 filesystem being mounted at /62/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 294.007181][T11614] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1818'. [ 294.085149][T11612] EXT4-fs error (device loop7): ext4_do_update_inode:5230: inode #2: comm syz.7.1817: corrupted inode contents [ 294.122196][T11612] EXT4-fs error (device loop7): ext4_dirty_inode:6106: inode #2: comm syz.7.1817: mark_inode_dirty error [ 294.145840][ T2128] usb 3-1: config 171 has an invalid interface number: 109 but max is 0 [ 294.169158][ T2128] usb 3-1: config 171 has an invalid descriptor of length 0, skipping remainder of the config [ 294.190965][ T2128] usb 3-1: config 171 has no interface number 0 [ 294.199775][T11612] EXT4-fs error (device loop7): ext4_do_update_inode:5230: inode #2: comm syz.7.1817: corrupted inode contents [ 294.205253][ T2128] usb 3-1: config 171 interface 109 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1023 [ 294.230148][T11612] EXT4-fs error (device loop7): __ext4_ext_dirty:202: inode #2: comm syz.7.1817: mark_inode_dirty error [ 294.249778][ T2128] usb 3-1: config 171 interface 109 altsetting 0 endpoint 0x1 has invalid maxpacket 768, setting to 64 [ 294.261885][ T2128] usb 3-1: config 171 interface 109 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 12 [ 294.293452][ T2128] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=fd.2e [ 294.302683][ T2128] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 294.311512][ T2128] usb 3-1: Product: syz [ 294.315881][ T2128] usb 3-1: Manufacturer: syz [ 294.320567][ T2128] usb 3-1: SerialNumber: syz [ 294.329025][T11597] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 294.348743][T10638] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 294.548536][ T2128] ath6kl: Failed to submit usb control message: -71 [ 294.573971][ T2128] ath6kl: unable to send the bmi data to the device: -71 [ 294.591211][ T2128] ath6kl: Unable to send get target info: -71 [ 294.607897][ T2128] ath6kl: Failed to init ath6kl core: -71 [ 294.638323][ T2128] ath6kl_usb: probe of 3-1:171.109 failed with error -71 [ 294.673637][ T2128] usb 3-1: USB disconnect, device number 22 [ 294.717399][T11641] dvmrp0: entered allmulticast mode [ 294.840345][T11646] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1832'. [ 295.733192][T11663] loop6: detected capacity change from 0 to 40427 [ 295.785254][T11663] F2FS-fs (loop6): Found nat_bits in checkpoint [ 295.872971][T11663] F2FS-fs (loop6): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 295.905576][T11663] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 295.918886][T11688] overlayfs: failed to clone upperpath [ 296.045645][ T8766] syz-executor: attempt to access beyond end of device [ 296.045645][ T8766] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 296.065238][ T8766] F2FS-fs (loop6): Stopped filesystem due to reason: 3 [ 296.155398][T11693] input: syz0 as /devices/virtual/input/input23 [ 296.543545][ T28] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 296.617711][T11707] ip6tnl1: entered promiscuous mode [ 296.631587][T11707] ip6tnl1: entered allmulticast mode [ 296.762590][ T28] usb 3-1: Using ep0 maxpacket: 8 [ 296.789347][ T28] usb 3-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 296.808930][ T28] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 296.829377][ T28] usb 3-1: Product: syz [ 296.839616][ T28] usb 3-1: Manufacturer: syz [ 296.849749][ T28] usb 3-1: SerialNumber: syz [ 296.875644][ T28] usb 3-1: config 0 descriptor?? [ 297.122974][ T28] usb 3-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 297.388643][T11711] loop7: detected capacity change from 0 to 40427 [ 297.428076][T11711] F2FS-fs (loop7): Found nat_bits in checkpoint [ 297.483538][T11711] F2FS-fs (loop7): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 297.513709][T11711] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5 [ 297.633128][T11736] syzkaller1: entered promiscuous mode [ 297.640541][T10638] syz-executor: attempt to access beyond end of device [ 297.640541][T10638] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 297.653283][T11736] syzkaller1: entered allmulticast mode [ 297.663341][T10638] F2FS-fs (loop7): Stopped filesystem due to reason: 3 [ 297.931684][ T28] usb write operation failed. (-71) [ 297.950156][ T28] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 297.965083][ T28] dvbdev: DVB: registering new adapter (Terratec H7) [ 297.971980][ T28] usb 3-1: media controller created [ 297.982323][ T28] usb read operation failed. (-71) [ 297.992691][ T28] usb write operation failed. (-71) [ 298.021253][ T28] dvb_usb_az6007: probe of 3-1:0.0 failed with error -5 [ 298.038865][ T28] usb 3-1: USB disconnect, device number 23 [ 298.158207][T11752] loop6: detected capacity change from 0 to 524287999 [ 298.381543][T11762] netlink: 'syz.4.1878': attribute type 1 has an invalid length. [ 298.390442][T11762] netlink: 'syz.4.1878': attribute type 2 has an invalid length. [ 298.405655][T11762] netlink: 'syz.4.1878': attribute type 1 has an invalid length. [ 298.423440][T11762] netlink: 'syz.4.1878': attribute type 2 has an invalid length. [ 298.938901][T11791] overlayfs: The uuid=off requires a single fs for lower and upper, falling back to uuid=null. [ 299.048362][T11798] loop7: detected capacity change from 0 to 128 [ 299.056629][T11798] FAT-fs (loop7): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 299.113391][ T2128] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 299.277655][T11806] loop7: detected capacity change from 0 to 4096 [ 299.289264][T11806] ntfs3: loop7: Different NTFS sector size (1024) and media sector size (512). [ 299.313461][ T2128] usb 3-1: Using ep0 maxpacket: 8 [ 299.323493][ T2128] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 299.332582][ T2128] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 299.348918][ T27] audit: type=1326 audit(1754101680.464:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11807 comm="syz.4.1900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fcbf8eb69 code=0x7ffc0000 [ 299.351211][ T2128] usb 3-1: Product: syz [ 299.381253][ T2128] usb 3-1: Manufacturer: syz [ 299.388686][ T2128] usb 3-1: SerialNumber: syz [ 299.405441][ T27] audit: type=1326 audit(1754101680.494:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11807 comm="syz.4.1900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fcbf8eb69 code=0x7ffc0000 [ 299.436300][ T27] audit: type=1326 audit(1754101680.494:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11807 comm="syz.4.1900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f7fcbf8eb69 code=0x7ffc0000 [ 299.461417][ T2128] usb 3-1: config 0 descriptor?? [ 299.469065][ T27] audit: type=1326 audit(1754101680.494:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11807 comm="syz.4.1900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fcbf8eb69 code=0x7ffc0000 [ 299.500623][ T2128] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 299.505987][ T27] audit: type=1326 audit(1754101680.494:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11807 comm="syz.4.1900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fcbf8eb69 code=0x7ffc0000 [ 299.508951][ T2128] usb 3-1: setting power ON [ 299.550276][T11806] overlayfs: upper fs does not support tmpfile. [ 299.560271][ T2128] dvb-usb: bulk message failed: -22 (2/0) [ 299.562008][ T27] audit: type=1326 audit(1754101680.494:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11807 comm="syz.4.1900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=137 compat=0 ip=0x7f7fcbf8eb69 code=0x7ffc0000 [ 299.569346][T11806] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 299.594026][ T27] audit: type=1326 audit(1754101680.494:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11807 comm="syz.4.1900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fcbf8eb69 code=0x7ffc0000 [ 299.625605][ T27] audit: type=1326 audit(1754101680.494:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11807 comm="syz.4.1900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fcbf8eb69 code=0x7ffc0000 [ 299.628126][ T2128] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 299.698762][ T2128] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 299.723645][ T2128] usb 3-1: media controller created [ 299.738840][T11785] dvb-usb: bulk message failed: -22 (3/0) [ 299.749728][T11785] dvb-usb: bulk message failed: -22 (4/0) [ 299.760562][T11785] cxusb: i2c read failed [ 299.761734][ T2128] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 299.820843][ T2128] usb 3-1: selecting invalid altsetting 6 [ 299.829547][ T2128] usb 3-1: digital interface selection failed (-22) [ 299.836636][ T2128] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 299.856109][ T2128] usb 3-1: setting power OFF [ 299.861430][ T2128] dvb-usb: bulk message failed: -22 (2/0) [ 299.883417][ T2128] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 299.892743][ T2128] (NULL device *): no alternate interface [ 299.954506][ T2128] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 299.957929][T11818] syzkaller1: entered promiscuous mode [ 299.969142][ T2128] usb 3-1: USB disconnect, device number 24 [ 299.971417][T11818] syzkaller1: entered allmulticast mode [ 300.173040][T11827] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1908'. [ 300.271947][T11831] fuse: Bad value for 'fd' [ 300.701254][T11849] vlan2: entered allmulticast mode [ 300.709611][T11849] netdevsim netdevsim4 netdevsim0: entered allmulticast mode [ 300.852133][ C1] sd 0:0:1:0: [sda] tag#5761 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 300.862620][ C1] sd 0:0:1:0: [sda] tag#5761 CDB: Write(6) 0a 00 00 00 05 00 00 00 02 00 00 00 [ 300.917817][T11859] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 301.013525][ T8] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 301.193718][ T8] usb 3-1: Using ep0 maxpacket: 8 [ 301.208739][ T8] usb 3-1: config 0 has an invalid interface number: 33 but max is 1 [ 301.220629][ T8] usb 3-1: config 0 has no interface number 1 [ 301.228297][ T8] usb 3-1: config 0 interface 33 altsetting 0 endpoint 0x6 has an invalid bInterval 0, changing to 7 [ 301.240488][ T8] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 247 [ 301.255069][ T8] usb 3-1: New USB device found, idVendor=2040, idProduct=2950, bcdDevice=85.f1 [ 301.264417][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 301.272530][ T8] usb 3-1: Product: syz [ 301.277195][ T8] usb 3-1: Manufacturer: syz [ 301.282005][ T8] usb 3-1: SerialNumber: syz [ 301.291474][ T8] usb 3-1: config 0 descriptor?? [ 301.300716][ T8] pvrusb2: Hardware description: WinTV PVR USB2 Model 29xxx [ 301.303764][ T23] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 301.504186][ T2314] pvrusb2: Invalid read control endpoint [ 301.510281][ T8] pvrusb2: Hardware description: WinTV PVR USB2 Model 29xxx [ 301.515539][ T2314] usb 3-1: Direct firmware load for v4l-pvrusb2-29xxx-01.fw failed with error -2 [ 301.521530][ T8] usb 3-1: USB disconnect, device number 25 [ 301.533470][ T23] usb 8-1: Using ep0 maxpacket: 32 [ 301.543780][ T2314] usb 3-1: Falling back to sysfs fallback for: v4l-pvrusb2-29xxx-01.fw [ 301.551001][ T23] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 301.564953][ T23] usb 8-1: config 0 interface 0 has no altsetting 0 [ 301.571578][ T23] usb 8-1: New USB device found, idVendor=046d, idProduct=c50c, bcdDevice= 0.00 [ 301.597733][ T23] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 301.608004][ T23] usb 8-1: config 0 descriptor?? [ 302.030666][ T23] logitech 0003:046D:C50C.001B: unexpected long global item [ 302.039718][ T23] logitech 0003:046D:C50C.001B: parse failed [ 302.046014][ T23] logitech: probe of 0003:046D:C50C.001B failed with error -22 [ 302.293845][ T23] usb 8-1: USB disconnect, device number 6 [ 303.621687][T11940] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1961'. [ 303.631464][T11940] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1961'. [ 303.653841][T11940] netlink: 'syz.7.1961': attribute type 5 has an invalid length. [ 303.925061][T11951] loop6: detected capacity change from 0 to 1024 [ 304.323473][ T23] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 304.513514][ T23] usb 8-1: Using ep0 maxpacket: 8 [ 304.525066][ T23] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 304.545257][ T23] usb 8-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 32 [ 304.558446][ T23] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 304.568942][ T23] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 304.579225][ T23] usb 8-1: Product: syz [ 304.583787][ T23] usb 8-1: Manufacturer: syz [ 304.588478][ T23] usb 8-1: SerialNumber: syz [ 304.804059][T11956] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22 [ 305.416566][T11956] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22 [ 305.492022][T12001] fuse: Bad value for 'fd' [ 305.527958][T12005] syzkaller1: entered promiscuous mode [ 305.533906][T12005] syzkaller1: entered allmulticast mode [ 305.635625][ T23] cdc_ncm 8-1:1.0: failed to get mac address [ 305.646650][ T23] cdc_ncm 8-1:1.0: bind() failure [ 305.687428][ T23] cdc_ncm: probe of 8-1:1.1 failed with error -71 [ 305.704127][ T23] cdc_mbim: probe of 8-1:1.1 failed with error -71 [ 305.726293][ T23] usbtest: probe of 8-1:1.1 failed with error -71 [ 305.744736][ T23] usb 8-1: USB disconnect, device number 7 [ 306.334297][T12022] loop6: detected capacity change from 0 to 32768 [ 306.933619][ T9] usb 8-1: new full-speed USB device number 8 using dummy_hcd [ 307.125526][ T9] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 307.152143][ T9] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 307.165982][ T9] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 307.175593][ T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 307.183865][ T9] usb 8-1: Product: syz [ 307.188253][ T9] usb 8-1: Manufacturer: syz [ 307.195806][ T9] usb 8-1: SerialNumber: syz [ 307.356769][T12070] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 307.413104][ T9] usb 8-1: 0:2 : does not exist [ 307.432030][ T9] usb 8-1: 5:0: failed to get current value for ch 0 (-22) [ 307.479336][ T9] usb 8-1: USB disconnect, device number 8 [ 307.865597][T12091] sch_tbf: burst 480 is lower than device lo mtu (65550) ! [ 307.950869][T12093] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2027'. [ 307.964023][T12093] chnl_net:caif_netlink_parms(): no params data found [ 308.139892][T12088] loop6: detected capacity change from 0 to 40427 [ 308.157220][T12088] F2FS-fs (loop6): build fault injection attr: rate: 690, type: 0x7ffff [ 308.167438][T12088] F2FS-fs (loop6): Image doesn't support compression [ 308.174458][T12088] F2FS-fs (loop6): Image doesn't support compression [ 308.183103][T12088] F2FS-fs (loop6): invalid crc value [ 308.197841][T12088] F2FS-fs (loop6): Found nat_bits in checkpoint [ 308.260414][T12088] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 308.286955][ T27] audit: type=1800 audit(1754101689.404:52): pid=12088 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.2025" name="file0" dev="loop6" ino=10 res=0 errno=0 [ 308.362305][ T8766] syz-executor: attempt to access beyond end of device [ 308.362305][ T8766] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 308.398544][ T8766] F2FS-fs (loop6): Stopped filesystem due to reason: 3 [ 308.663439][ T787] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 308.873336][ T787] usb 8-1: Using ep0 maxpacket: 8 [ 308.880481][ T787] usb 8-1: config 179 has an invalid interface number: 65 but max is 0 [ 308.889088][ T787] usb 8-1: config 179 has no interface number 0 [ 308.904409][ T787] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 308.933762][ T787] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 308.953392][ T787] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 308.973593][ T787] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 309.003322][ T787] usb 8-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 309.023413][ T787] usb 8-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 309.042706][ T787] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 309.064295][T12108] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22 [ 309.308178][T12121] Bluetooth: MGMT ver 1.22 [ 309.341827][T12108] loop7: detected capacity change from 0 to 512 [ 309.354918][T12108] EXT4-fs: Ignoring removed oldalloc option [ 309.402903][T12108] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 309.419204][T12108] ext4 filesystem being mounted at /105/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 309.463187][ T787] input: Generic X-Box pad as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:179.65/input/input25 [ 309.659925][ T23] usb 8-1: USB disconnect, device number 9 [ 309.659927][ C0] xpad 8-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 309.675468][ C0] dummy_hcd dummy_hcd.7: timer fired with no URBs pending? [ 309.675487][ T23] xpad 8-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 309.788641][T12139] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 310.200404][T10638] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 310.264371][ T5854] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 310.292990][T12162] loop7: detected capacity change from 0 to 2048 [ 310.308687][T12162] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 310.443324][ T5854] usb 7-1: Using ep0 maxpacket: 8 [ 310.456792][ T5854] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 310.477349][ T5854] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 310.497452][ T5854] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 310.512076][ T5854] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 310.543482][ T5854] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 310.567262][ T5854] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 310.588121][ T5854] hub 7-1:1.0: bad descriptor, ignoring hub [ 310.594223][ T5854] hub: probe of 7-1:1.0 failed with error -5 [ 310.603810][ T5854] cdc_wdm 7-1:1.0: skipping garbage [ 310.619257][ T5854] cdc_wdm 7-1:1.0: skipping garbage [ 310.626026][ T5854] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 310.642153][ T5854] cdc_wdm 7-1:1.0: Unknown control protocol [ 311.146651][ T5854] usb 7-1: reset high-speed USB device number 20 using dummy_hcd [ 311.182702][ T27] audit: type=1800 audit(1754101692.294:53): pid=12162 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.2056" name="file1" dev="loop7" ino=1415 res=0 errno=0 [ 311.605279][T12197] loop7: detected capacity change from 0 to 128 [ 311.628804][T12197] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 311.641494][T12197] ext4 filesystem being mounted at /110/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 311.683807][ T5854] usb 7-1: USB disconnect, device number 20 [ 311.710445][T10638] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 311.885023][T12204] loop7: detected capacity change from 0 to 4096 [ 311.923460][T12206] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 311.959092][ T27] audit: type=1800 audit(1754101693.074:54): pid=12204 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.2076" name="file1" dev="loop7" ino=15 res=0 errno=0 [ 312.003744][ T27] audit: type=1800 audit(1754101693.074:55): pid=12204 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.2076" name="file1" dev="loop7" ino=15 res=0 errno=0 [ 313.264686][T12240] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2091'. [ 313.668512][T12242] loop7: detected capacity change from 0 to 32768 [ 313.679188][T12242] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop7 scanned by syz.7.2092 (12242) [ 313.694274][T12242] BTRFS info (device loop7): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 313.704479][T12242] BTRFS info (device loop7): using crc32c (crc32c-intel) checksum algorithm [ 313.713439][T12242] BTRFS info (device loop7): turning on async discard [ 313.720226][T12242] BTRFS info (device loop7): using free space tree [ 313.744834][T12242] BTRFS info (device loop7): enabling ssd optimizations [ 313.868882][T10638] BTRFS info (device loop7): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 313.891155][T12259] netlink: 'syz.6.2094': attribute type 11 has an invalid length. [ 313.998693][T12263] loop6: detected capacity change from 0 to 512 [ 314.058542][T12263] EXT4-fs error (device loop6): ext4_orphan_get:1425: comm syz.6.2095: bad orphan inode 11862016 [ 314.099113][T12263] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 314.153669][T12263] ext4 filesystem being mounted at /255/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 314.561323][ T8766] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 315.286526][T12308] loop7: detected capacity change from 0 to 1024 [ 315.332720][T12308] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 315.349692][T12308] ext4 filesystem being mounted at /125/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 315.355063][T12312] sctp: [Deprecated]: syz.2.2112 (pid 12312) Use of int in max_burst socket option deprecated. [ 315.355063][T12312] Use struct sctp_assoc_value instead [ 315.446049][T10223] EXT4-fs error (device loop7): ext4_validate_block_bitmap:439: comm kworker/u4:14: bg 0: block 393: padding at end of block bitmap is not set [ 315.492586][T10223] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 1 with error 117 [ 315.533255][T10223] EXT4-fs (loop7): This should not happen!! Data will be lost [ 315.533255][T10223] [ 315.556284][T10638] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 316.106808][T12337] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2122'. [ 316.115948][T12337] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2122'. [ 316.139863][T12337] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 316.149553][T12337] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 316.158362][T12337] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 316.167141][T12337] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 316.243412][ T2128] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 316.315026][T12341] netlink: 'syz.7.2125': attribute type 10 has an invalid length. [ 316.433350][ T2128] usb 7-1: Using ep0 maxpacket: 32 [ 316.441835][ T2128] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 316.463328][ T2128] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 316.468273][T12350] syzkaller1: entered promiscuous mode [ 316.473109][ T2128] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 316.484660][T12350] syzkaller1: entered allmulticast mode [ 316.516918][ T2128] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 316.539233][ T2128] usb 7-1: config 0 descriptor?? [ 316.989305][ T2128] savu 0003:1E7D:2D5A.001C: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.6-1/input0 [ 317.312529][ T1275] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.326082][ T1275] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.351006][ T2128] usb 7-1: USB disconnect, device number 21 [ 317.667672][ T787] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 317.864837][ T787] usb 8-1: Using ep0 maxpacket: 8 [ 317.876208][ T787] usb 8-1: config 0 has an invalid interface number: 33 but max is 1 [ 317.889630][ T787] usb 8-1: config 0 has no interface number 1 [ 317.901479][ T787] usb 8-1: config 0 interface 33 altsetting 0 endpoint 0x6 has an invalid bInterval 0, changing to 7 [ 317.918728][ T787] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 247 [ 317.964700][ T787] usb 8-1: New USB device found, idVendor=2040, idProduct=2950, bcdDevice=85.f1 [ 317.983403][ T787] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 317.991440][ T787] usb 8-1: Product: syz [ 318.024162][ T787] usb 8-1: Manufacturer: syz [ 318.028862][ T787] usb 8-1: SerialNumber: syz [ 318.066284][ T787] usb 8-1: config 0 descriptor?? [ 318.086061][ T787] pvrusb2: Hardware description: WinTV PVR USB2 Model 29xxx [ 318.282807][ T787] pvrusb2: Hardware description: WinTV PVR USB2 Model 29xxx [ 318.307660][ T787] usb 8-1: USB disconnect, device number 10 [ 318.324815][ T787] pvrusb2: Device being rendered inoperable [ 318.353897][ T787] pvrusb2: Device being rendered inoperable [ 320.302342][T12439] loop6: detected capacity change from 0 to 32768 [ 320.313422][T12439] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 scanned by syz.6.2162 (12439) [ 320.333461][T12439] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 320.363446][T12439] BTRFS info (device loop6): using crc32c (crc32c-intel) checksum algorithm [ 320.384669][T12439] BTRFS info (device loop6): turning on async discard [ 320.391488][T12439] BTRFS info (device loop6): using free space tree [ 320.473329][T12439] BTRFS info (device loop6): enabling ssd optimizations [ 320.771741][ T8766] BTRFS info (device loop6): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 321.584277][T12491] loop6: detected capacity change from 0 to 8192 [ 321.610144][T12491] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 321.628210][T12491] REISERFS (device loop6): found reiserfs format "3.5" with non-standard journal [ 321.639672][T12491] REISERFS (device loop6): using ordered data mode [ 321.647321][T12491] reiserfs: using flush barriers [ 321.662522][T12491] REISERFS (device loop6): journal params: device loop6, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 321.682523][T12491] REISERFS (device loop6): checking transaction log (loop6) [ 321.716024][T12491] REISERFS (device loop6): Using r5 hash to sort names [ 321.733619][T12491] REISERFS (device loop6): Created .reiserfs_priv - reserved for xattr storage. [ 322.073098][T12504] loop7: detected capacity change from 0 to 4096 [ 322.753835][T12531] loop6: detected capacity change from 0 to 512 [ 322.796425][T12535] overlay: Unknown parameter '/' [ 322.805626][T12531] EXT4-fs (loop6): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 322.839739][T12531] EXT4-fs (loop6): orphan cleanup on readonly fs [ 322.874798][T12531] EXT4-fs error (device loop6): ext4_read_block_bitmap_nowait:512: comm syz.6.2196: Block bitmap for bg 0 marked uninitialized [ 322.994383][T12531] EXT4-fs error (device loop6) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 323.054717][T12531] EXT4-fs (loop6): 1 orphan inode deleted [ 323.084571][T12531] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 323.194483][T12531] vxcan0: tx address claim with different name [ 323.334851][ T8766] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 323.760849][T12530] loop7: detected capacity change from 0 to 32768 [ 323.788202][T12530] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop7 scanned by syz.7.2195 (12530) [ 324.087341][T12530] BTRFS info (device loop7): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 324.113424][T12530] BTRFS info (device loop7): using blake2b (blake2b-256-generic) checksum algorithm [ 324.139298][T12530] BTRFS info (device loop7): using free space tree [ 324.263118][ T5798] Bluetooth: hci4: sending frame failed (-49) [ 324.275671][ T50] Bluetooth: hci4: Opcode 0x1003 failed: -49 [ 324.338757][T12530] BTRFS info (device loop7): enabling ssd optimizations [ 324.351490][T12530] BTRFS info (device loop7): auto enabling async discard [ 324.494130][T10638] BTRFS info (device loop7): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 324.508989][ T27] audit: type=1800 audit(1754101705.524:56): pid=12530 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.2195" name="file1" dev="loop7" ino=263 res=0 errno=0 [ 327.312033][T12605] loop7: detected capacity change from 0 to 512 [ 327.339833][T12605] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 327.376149][T12605] ext4 filesystem being mounted at /150/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 327.442752][T12605] EXT4-fs error (device loop7): ext4_do_update_inode:5230: inode #2: comm syz.7.2222: corrupted inode contents [ 327.471168][T12605] EXT4-fs error (device loop7): ext4_dirty_inode:6106: inode #2: comm syz.7.2222: mark_inode_dirty error [ 327.508583][T12605] EXT4-fs error (device loop7): ext4_do_update_inode:5230: inode #2: comm syz.7.2222: corrupted inode contents [ 327.543890][T12605] EXT4-fs error (device loop7): __ext4_ext_dirty:202: inode #2: comm syz.7.2222: mark_inode_dirty error [ 327.683013][T10638] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 328.396097][T12597] loop6: detected capacity change from 0 to 262144 [ 328.413426][T12597] F2FS-fs (loop6): invalid crc value [ 328.421748][T12597] F2FS-fs (loop6): Found nat_bits in checkpoint [ 328.469888][T12597] F2FS-fs (loop6): Start checkpoint disabled! [ 328.485916][T12597] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 329.066929][T12619] loop7: detected capacity change from 0 to 40427 [ 329.088166][T12619] F2FS-fs (loop7): Found nat_bits in checkpoint [ 329.145268][T12619] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5 [ 329.199874][T10638] F2FS-fs (loop7): access invalid blkaddr:2048 [ 329.207736][T10638] CPU: 0 PID: 10638 Comm: syz-executor Not tainted 6.6.101-syzkaller #0 [ 329.216097][T10638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 329.226180][T10638] Call Trace: [ 329.229469][T10638] [ 329.232402][T10638] dump_stack_lvl+0x16c/0x230 [ 329.237083][T10638] ? show_regs_print_info+0x20/0x20 [ 329.242269][T10638] ? f2fs_get_next_page_offset+0x690/0x690 [ 329.248090][T10638] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 329.253459][T10638] f2fs_map_blocks+0xcdd/0x3c00 [ 329.258325][T10638] ? f2fs_get_block_locked+0xe0/0xe0 [ 329.263603][T10638] ? __lock_acquire+0x7c80/0x7c80 [ 329.268623][T10638] ? xas_descend+0x3a4/0x490 [ 329.273203][T10638] ? xa_load+0x2c0/0x2e0 [ 329.277442][T10638] ? xa_load+0x64/0x2e0 [ 329.281585][T10638] ? page_index+0xe7/0x470 [ 329.285996][T10638] f2fs_mpage_readpages+0x9f5/0x1ec0 [ 329.291289][T10638] ? detach_page_private+0x4c0/0x4c0 [ 329.296564][T10638] ? __mod_lruvec_page_state+0xa5/0x420 [ 329.302115][T10638] ? f2fs_readahead+0x167/0x300 [ 329.306954][T10638] ? f2fs_dirty_data_folio+0x810/0x810 [ 329.312406][T10638] read_pages+0x177/0x840 [ 329.316727][T10638] ? folio_put+0xd0/0xd0 [ 329.320966][T10638] ? page_cache_ra_unbounded+0x770/0x770 [ 329.326597][T10638] ? filemap_add_folio+0x192/0x3c0 [ 329.331702][T10638] page_cache_ra_unbounded+0x692/0x770 [ 329.337163][T10638] f2fs_readdir+0x44c/0x8c0 [ 329.341674][T10638] ? f2fs_fill_dentries+0xbb0/0xbb0 [ 329.346871][T10638] ? mutex_lock_nested+0x20/0x20 [ 329.351797][T10638] ? end_current_label_crit_section+0x149/0x170 [ 329.358034][T10638] ? down_read_killable+0x1d0/0x340 [ 329.363226][T10638] ? fsnotify_perm+0x271/0x5e0 [ 329.368064][T10638] iterate_dir+0x1c2/0x580 [ 329.372486][T10638] __se_sys_getdents64+0xe9/0x260 [ 329.377508][T10638] ? __x64_sys_getdents64+0x80/0x80 [ 329.382703][T10638] ? filldir+0x680/0x680 [ 329.386942][T10638] ? lock_chain_count+0x20/0x20 [ 329.391789][T10638] ? lockdep_hardirqs_on+0x98/0x150 [ 329.397032][T10638] do_syscall_64+0x55/0xb0 [ 329.401445][T10638] ? clear_bhb_loop+0x40/0x90 [ 329.406109][T10638] ? clear_bhb_loop+0x40/0x90 [ 329.410774][T10638] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 329.416658][T10638] RIP: 0033:0x7ff8189c14d3 [ 329.421070][T10638] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 82 3e f8 ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8 [ 329.440674][T10638] RSP: 002b:00007ffc298e38b8 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9 [ 329.449077][T10638] RAX: ffffffffffffffda RBX: 000055558200e600 RCX: 00007ff8189c14d3 [ 329.457038][T10638] RDX: 0000000000008000 RSI: 000055558200e600 RDI: 0000000000000005 [ 329.465005][T10638] RBP: 000055558200e5d4 R08: 0000000000000000 R09: 0000000000000000 [ 329.472960][T10638] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffa8 [ 329.480920][T10638] R13: 0000000000000010 R14: 000055558200e5d0 R15: 00007ffc298e5b70 [ 329.488889][T10638] [ 329.553432][T10638] syz-executor: attempt to access beyond end of device [ 329.553432][T10638] loop7: rw=524288, sector=45064, nr_sectors = 8 limit=40427 [ 329.578501][T10638] syz-executor: attempt to access beyond end of device [ 329.578501][T10638] loop7: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 329.775903][T12639] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2235'. [ 329.786670][T12641] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2235'. [ 329.800618][T12642] overlayfs: failed to clone lowerpath [ 329.835733][T10638] syz-executor: attempt to access beyond end of device [ 329.835733][T10638] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 329.874964][T10638] F2FS-fs (loop7): Stopped filesystem due to reason: 3 [ 330.107192][T12648] netlink: 'syz.2.2239': attribute type 8 has an invalid length. [ 331.364316][T12665] team_slave_0: entered promiscuous mode [ 331.370525][T12665] team_slave_1: entered promiscuous mode [ 331.401794][T12665] macsec0: entered promiscuous mode [ 331.412278][ T50] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 331.414732][T12665] team0: entered promiscuous mode [ 331.432285][ T50] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 331.441493][ T50] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 331.450318][T12665] macsec0: entered allmulticast mode [ 331.460220][ T50] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 331.467259][T12665] team0: entered allmulticast mode [ 331.473065][T12665] team_slave_0: entered allmulticast mode [ 331.473101][ T50] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 331.486648][ T50] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 331.493955][T12665] team_slave_1: entered allmulticast mode [ 331.505159][T12665] team0: Device macsec0 is already an upper device of the team interface [ 331.535286][T12665] team0: left allmulticast mode [ 331.540238][T12665] team_slave_0: left allmulticast mode [ 331.552787][T12665] team_slave_1: left allmulticast mode [ 331.558825][T12665] team0: left promiscuous mode [ 331.574177][T12665] team_slave_0: left promiscuous mode [ 331.579660][T12665] team_slave_1: left promiscuous mode [ 331.718824][ T12] hsr_slave_0: left promiscuous mode [ 331.739700][ T12] hsr_slave_1: left promiscuous mode [ 331.750170][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 331.762925][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 331.773957][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 331.781406][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 331.789631][ T12] bridge_slave_1: left allmulticast mode [ 331.795341][ T12] bridge_slave_1: left promiscuous mode [ 331.801067][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 331.809617][ T12] bridge_slave_0: left allmulticast mode [ 331.815501][ T12] bridge_slave_0: left promiscuous mode [ 331.821224][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 331.849708][ T12] veth1_macvtap: left promiscuous mode [ 331.855395][ T12] veth0_macvtap: left promiscuous mode [ 331.860956][ T12] veth1_vlan: left promiscuous mode [ 331.871728][ T12] veth0_vlan: left promiscuous mode [ 332.579739][ T12] team0 (unregistering): Port device team_slave_1 removed [ 332.642635][ T12] team0 (unregistering): Port device team_slave_0 removed [ 332.708312][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 332.768012][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 333.478284][ T12] bond0 (unregistering): Released all slaves [ 333.545669][ T50] Bluetooth: hci1: command tx timeout [ 333.770604][T12693] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2259'. [ 333.787200][T12693] netlink: 43 bytes leftover after parsing attributes in process `syz.4.2259'. [ 333.798565][T12693] netlink: 'syz.4.2259': attribute type 6 has an invalid length. [ 333.807009][T12693] netlink: 'syz.4.2259': attribute type 5 has an invalid length. [ 333.816946][T12693] netlink: 43 bytes leftover after parsing attributes in process `syz.4.2259'. [ 333.948659][T12666] chnl_net:caif_netlink_parms(): no params data found [ 334.119696][T12701] loop6: detected capacity change from 0 to 2048 [ 334.159436][T12701] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 334.234544][T12666] bridge0: port 1(bridge_slave_0) entered blocking state [ 334.241729][T12666] bridge0: port 1(bridge_slave_0) entered disabled state [ 334.273187][T12666] bridge_slave_0: entered allmulticast mode [ 334.294833][T12666] bridge_slave_0: entered promiscuous mode [ 334.312495][T12666] bridge0: port 2(bridge_slave_1) entered blocking state [ 334.332265][T12666] bridge0: port 2(bridge_slave_1) entered disabled state [ 334.347216][T12666] bridge_slave_1: entered allmulticast mode [ 334.379875][T12666] bridge_slave_1: entered promiscuous mode [ 334.454117][T12666] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 334.485968][T12666] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 334.591248][T12666] team0: Port device team_slave_0 added [ 334.612988][T12666] team0: Port device team_slave_1 added [ 334.683404][T12666] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 334.701630][T12666] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 334.733772][T12666] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 334.752164][T12666] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 334.762141][T12666] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 334.792351][T12666] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 334.874532][T12666] hsr_slave_0: entered promiscuous mode [ 334.888132][T12666] hsr_slave_1: entered promiscuous mode [ 334.897755][T12666] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 334.909858][T12666] Cannot create hsr debugfs directory [ 335.261957][T12666] 8021q: adding VLAN 0 to HW filter on device bond0 [ 335.324553][T12666] 8021q: adding VLAN 0 to HW filter on device team0 [ 335.345106][T10223] bridge0: port 1(bridge_slave_0) entered blocking state [ 335.352294][T10223] bridge0: port 1(bridge_slave_0) entered forwarding state [ 335.389732][T10223] bridge0: port 2(bridge_slave_1) entered blocking state [ 335.396928][T10223] bridge0: port 2(bridge_slave_1) entered forwarding state [ 335.613724][ T50] Bluetooth: hci1: command tx timeout [ 335.645431][T12749] program syz.6.2278 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 335.814357][T12753] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2279'. [ 335.849834][T12666] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 335.980800][T12759] syz.2.2281: attempt to access beyond end of device [ 335.980800][T12759] loop5: rw=0, sector=0, nr_sectors = 8 limit=0 [ 335.997801][T12759] F2FS-fs (loop5): Unable to read 1th superblock [ 336.004521][T12759] syz.2.2281: attempt to access beyond end of device [ 336.004521][T12759] loop5: rw=0, sector=8, nr_sectors = 8 limit=0 [ 336.031551][T12759] F2FS-fs (loop5): Unable to read 2th superblock [ 336.405553][T12666] veth0_vlan: entered promiscuous mode [ 336.450900][T12666] veth1_vlan: entered promiscuous mode [ 336.521872][T12666] veth0_macvtap: entered promiscuous mode [ 336.540052][T12666] veth1_macvtap: entered promiscuous mode [ 336.565752][T12666] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 336.579987][T12666] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.590170][T12666] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 336.603079][T12666] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.617508][T12666] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 336.628172][T12666] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.649980][T12666] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 336.674537][T12666] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 336.695973][T12666] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.713368][T12666] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 336.733336][T12666] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.743323][ T28] usb 7-1: new high-speed USB device number 22 using dummy_hcd [ 336.751881][T12666] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 336.772581][T12666] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.795014][T12666] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 336.930748][T10221] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 336.944103][ T28] usb 7-1: Using ep0 maxpacket: 32 [ 336.957269][T10221] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 336.966156][ T28] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 336.973613][ T27] audit: type=1326 audit(1754101718.084:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12783 comm="syz.2.2291" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f778758eb69 code=0x0 [ 336.979835][ T28] usb 7-1: New USB device found, idVendor=056a, idProduct=4004, bcdDevice= 0.00 [ 337.029930][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 337.033553][ T28] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 337.049367][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 337.066732][T12787] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 337.074164][ T28] usb 7-1: config 0 descriptor?? [ 337.077178][T12787] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 337.090488][T12787] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 337.099657][T12787] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 337.108849][T12787] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 337.118040][T12787] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 337.127210][T12787] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 337.136340][T12787] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 337.145519][T12787] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 337.154761][T12787] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 337.531195][ T28] wacom 0003:056A:4004.001D: hidraw0: USB HID vb.27 Device [HID 056a:4004] on usb-dummy_hcd.6-1/input0 [ 337.693565][ T50] Bluetooth: hci1: command tx timeout [ 337.733408][ T28] usb 7-1: USB disconnect, device number 22 [ 337.828893][T12798] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2296'. [ 337.854401][T12798] (unnamed net_device) (uninitialized): option ad_select: invalid value (102) [ 337.924846][T12791] loop8: detected capacity change from 0 to 32768 [ 337.974673][T12791] XFS (loop8): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 338.051884][T12791] XFS (loop8): Ending clean mount [ 338.179695][T12666] XFS (loop8): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 338.649889][T12825] loop6: detected capacity change from 0 to 8192 [ 338.663565][T12825] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 338.681189][T12825] REISERFS (device loop6): found reiserfs format "3.5" with non-standard journal [ 338.691629][T12825] REISERFS (device loop6): using ordered data mode [ 338.698496][T12825] reiserfs: using flush barriers [ 338.705403][T12825] REISERFS (device loop6): journal params: device loop6, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 338.723998][T12825] REISERFS (device loop6): checking transaction log (loop6) [ 338.744564][T12825] REISERFS (device loop6): Using r5 hash to sort names [ 338.753177][T12825] REISERFS (device loop6): using 3.5.x disk format [ 338.760170][T12825] REISERFS (device loop6): Created .reiserfs_priv - reserved for xattr storage. [ 338.854366][T12825] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[3 4 0(1) DIR], item_len 35, item_location 3617, free_space(entry_count) 2 [ 338.859550][T12842] loop8: detected capacity change from 0 to 2048 [ 338.869865][T12825] REISERFS error (device loop6): vs-5150 search_by_key: invalid format found in block 534. Fsck? [ 338.886575][T12842] EXT4-fs: Ignoring removed nobh option [ 338.893062][T12825] REISERFS (device loop6): Remounting filesystem read-only [ 338.901899][T12825] REISERFS error (device loop6): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [3 4 0x0 SD] stat data [ 338.919784][T12825] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[3 4 0(1) DIR], item_len 35, item_location 3617, free_space(entry_count) 2 [ 338.941145][T12825] REISERFS error (device loop6): vs-5150 search_by_key: invalid format found in block 534. Fsck? [ 338.961478][T12825] REISERFS error (device loop6): zam-7001 reiserfs_find_entry: io error [ 338.972011][T12842] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 338.985247][T12842] ext4 filesystem being mounted at /2/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 339.052620][T12666] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 339.587954][T12869] vxcan1: tx drop: invalid sa for name 0x0000000000000002 [ 339.666674][T12871] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2324'. [ 339.712480][T12871] netlink: 32 bytes leftover after parsing attributes in process `syz.8.2324'. [ 339.773452][ T50] Bluetooth: hci1: command tx timeout [ 340.086234][T12878] loop8: detected capacity change from 0 to 8192 [ 340.108182][T12878] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 340.139627][T12878] REISERFS (device loop8): found reiserfs format "3.5" with non-standard journal [ 340.163413][T12878] REISERFS (device loop8): using ordered data mode [ 340.182125][T12878] reiserfs: using flush barriers [ 340.188999][T12878] REISERFS (device loop8): journal params: device loop8, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 340.208226][T12878] REISERFS (device loop8): checking transaction log (loop8) [ 340.222801][T12878] REISERFS (device loop8): Using r5 hash to sort names [ 340.244072][T12878] REISERFS (device loop8): using 3.5.x disk format [ 340.268721][T12878] REISERFS (device loop8): Created .reiserfs_priv - reserved for xattr storage. [ 340.377874][T12878] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[3 4 0(1) DIR], item_len 35, item_location 3617, free_space(entry_count) 2 [ 340.412683][T12878] REISERFS error (device loop8): vs-5150 search_by_key: invalid format found in block 534. Fsck? [ 340.439009][T12878] REISERFS (device loop8): Remounting filesystem read-only [ 340.459170][T12878] REISERFS error (device loop8): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [3 4 0x0 SD] stat data [ 340.483832][T12878] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[3 4 0(1) DIR], item_len 35, item_location 3617, free_space(entry_count) 2 [ 340.546239][T12878] REISERFS error (device loop8): vs-5150 search_by_key: invalid format found in block 534. Fsck? [ 340.561716][T12878] REISERFS error (device loop8): zam-7001 reiserfs_find_entry: io error [ 340.735745][T12912] loop8: detected capacity change from 0 to 256 [ 340.754202][T12912] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0x734a0e65, utbl_chksum : 0xe619d30d) [ 341.753685][T12962] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2362'. [ 341.790719][T12964] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2365'. [ 341.853635][ T50] Bluetooth: hci1: command tx timeout [ 343.108520][T13003] loop6: detected capacity change from 0 to 32768 [ 343.121492][T13003] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop6 scanned by syz.6.2382 (13003) [ 343.157893][T13003] BTRFS info (device loop6): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 343.176484][T13003] BTRFS info (device loop6): using blake2b (blake2b-256-generic) checksum algorithm [ 343.190247][T13003] BTRFS info (device loop6): max_inline at 7 [ 343.196503][T13003] BTRFS info (device loop6): using free space tree [ 343.262850][T13003] BTRFS info (device loop6): enabling ssd optimizations [ 343.270059][T13003] BTRFS info (device loop6): auto enabling async discard [ 343.507856][ T8766] BTRFS info (device loop6): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 344.493113][T13076] net_ratelimit: 3319 callbacks suppressed [ 344.493131][T13076] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 344.600636][T13080] netlink: 14528 bytes leftover after parsing attributes in process `syz.4.2410'. [ 345.934531][T13100] loop8: detected capacity change from 0 to 32768 [ 345.947513][T13100] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop8 scanned by syz.8.2419 (13100) [ 345.973340][T13100] BTRFS info (device loop8): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 345.985181][T13100] BTRFS info (device loop8): using crc32c (crc32c-intel) checksum algorithm [ 345.994017][T13100] BTRFS info (device loop8): setting nodatacow, compression disabled [ 346.002429][T13100] BTRFS info (device loop8): max_inline at 0 [ 346.008507][T13100] BTRFS info (device loop8): enabling disk space caching [ 346.015698][T13100] BTRFS info (device loop8): turning off barriers [ 346.022139][T13100] BTRFS info (device loop8): turning on flush-on-commit [ 346.029130][T13100] BTRFS info (device loop8): doing ref verification [ 346.035781][T13100] BTRFS info (device loop8): use zlib compression, level 3 [ 346.042995][T13100] BTRFS info (device loop8): force clearing of disk cache [ 346.050209][T13100] BTRFS info (device loop8): enabling ssd optimizations [ 346.057322][T13100] BTRFS info (device loop8): max_inline at 4096 [ 346.063626][T13100] BTRFS info (device loop8): disk space caching is enabled [ 346.102741][T13100] BTRFS info (device loop8): auto enabling async discard [ 346.112084][T13100] BTRFS info (device loop8): rebuilding free space tree [ 346.130067][T13100] BTRFS info (device loop8): disabling free space tree [ 346.140689][T13100] BTRFS info (device loop8): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 346.152910][T13100] BTRFS info (device loop8): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 346.367219][T12666] BTRFS info (device loop8): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 346.427374][ T50] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 346.433771][ T5798] Bluetooth: hci4: command 0x1003 tx timeout [ 347.046903][ T5176] kernel write not supported for file bpf-prog (pid: 5176 comm: kworker/0:3) [ 347.546303][T13158] loop6: detected capacity change from 0 to 256 [ 347.584275][T13158] exfat: Deprecated parameter 'utf8' [ 347.611112][T13158] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x7b823c56, utbl_chksum : 0xe619d30d) [ 347.746513][T13145] loop8: detected capacity change from 0 to 32768 [ 347.782069][T13145] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode. [ 347.813831][ T27] audit: type=1800 audit(1754101728.934:58): pid=13145 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.2431" name="file1" dev="loop8" ino=17058 res=0 errno=0 [ 347.837738][T13145] [ 347.840093][T13145] ====================================================== [ 347.847112][T13145] WARNING: possible circular locking dependency detected [ 347.854140][T13145] 6.6.101-syzkaller #0 Not tainted [ 347.859238][T13145] ------------------------------------------------------ [ 347.866241][T13145] syz.8.2431/13145 is trying to acquire lock: [ 347.872283][T13145] ffff88805a846d98 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#3){+.+.}-{3:3}, at: ocfs2_reserve_suballoc_bits+0x165/0x4360 [ 347.885505][T13145] [ 347.885505][T13145] but task is already holding lock: [ 347.892855][T13145] ffff888079dfbff8 (&oi->ip_xattr_sem){++++}-{3:3}, at: ocfs2_xattr_set+0x410/0x11f0 [ 347.902331][T13145] [ 347.902331][T13145] which lock already depends on the new lock. [ 347.902331][T13145] [ 347.912717][T13145] [ 347.912717][T13145] the existing dependency chain (in reverse order) is: [ 347.921723][T13145] [ 347.921723][T13145] -> #4 (&oi->ip_xattr_sem){++++}-{3:3}: [ 347.929647][T13145] down_read+0x46/0x2e0 [ 347.934327][T13145] ocfs2_init_acl+0x2fa/0x720 [ 347.939536][T13145] ocfs2_mknod+0x12e5/0x20f0 [ 347.944645][T13145] ocfs2_create+0x196/0x410 [ 347.949658][T13145] path_openat+0x1277/0x3190 [ 347.954778][T13145] do_filp_open+0x1c5/0x3d0 [ 347.959807][T13145] do_sys_openat2+0x12c/0x1c0 [ 347.965006][T13145] __x64_sys_open+0x11f/0x140 [ 347.970201][T13145] do_syscall_64+0x55/0xb0 [ 347.975133][T13145] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 347.981542][T13145] [ 347.981542][T13145] -> #3 (jbd2_handle){++++}-{0:0}: [ 347.988830][T13145] start_this_handle+0x1e9d/0x20c0 [ 347.994449][T13145] jbd2__journal_start+0x2bb/0x5b0 [ 348.000096][T13145] jbd2_journal_start+0x2a/0x40 [ 348.005462][T13145] ocfs2_start_trans+0x376/0x6c0 [ 348.011044][T13145] ocfs2_mknod+0xe47/0x20f0 [ 348.016078][T13145] ocfs2_create+0x196/0x410 [ 348.021096][T13145] path_openat+0x1277/0x3190 [ 348.026208][T13145] do_filp_open+0x1c5/0x3d0 [ 348.031229][T13145] do_sys_openat2+0x12c/0x1c0 [ 348.036420][T13145] __x64_sys_open+0x11f/0x140 [ 348.041608][T13145] do_syscall_64+0x55/0xb0 [ 348.046535][T13145] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 348.052949][T13145] [ 348.052949][T13145] -> #2 (&journal->j_trans_barrier){.+.+}-{3:3}: [ 348.061455][T13145] down_read+0x46/0x2e0 [ 348.066127][T13145] ocfs2_start_trans+0x36a/0x6c0 [ 348.071580][T13145] ocfs2_mknod+0xe47/0x20f0 [ 348.076590][T13145] ocfs2_create+0x196/0x410 [ 348.081601][T13145] path_openat+0x1277/0x3190 [ 348.086706][T13145] do_filp_open+0x1c5/0x3d0 [ 348.091733][T13145] do_sys_openat2+0x12c/0x1c0 [ 348.096919][T13145] __x64_sys_open+0x11f/0x140 [ 348.102102][T13145] do_syscall_64+0x55/0xb0 [ 348.107028][T13145] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 348.113435][T13145] [ 348.113435][T13145] -> #1 (sb_internal#4){.+.+}-{0:0}: [ 348.120897][T13145] ocfs2_start_trans+0x26b/0x6c0 [ 348.126354][T13145] ocfs2_dio_end_io+0x824/0x10f0 [ 348.131813][T13145] dio_complete+0x254/0x710 [ 348.136827][T13145] __blockdev_direct_IO+0x2dc8/0x3420 [ 348.142705][T13145] ocfs2_direct_IO+0x240/0x2b0 [ 348.147986][T13145] generic_file_direct_write+0x1d4/0x3e0 [ 348.154131][T13145] __generic_file_write_iter+0x11b/0x230 [ 348.160270][T13145] ocfs2_file_write_iter+0x1582/0x1d00 [ 348.166242][T13145] do_iter_write+0x79a/0xc70 [ 348.171344][T13145] do_pwritev+0x205/0x340 [ 348.176184][T13145] do_syscall_64+0x55/0xb0 [ 348.181111][T13145] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 348.187520][T13145] [ 348.187520][T13145] -> #0 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#3){+.+.}-{3:3}: [ 348.198025][T13145] __lock_acquire+0x2ddb/0x7c80 [ 348.203385][T13145] lock_acquire+0x197/0x410 [ 348.208397][T13145] down_write+0x97/0x1f0 [ 348.213149][T13145] ocfs2_reserve_suballoc_bits+0x165/0x4360 [ 348.219554][T13145] ocfs2_reserve_new_metadata_blocks+0x404/0x940 [ 348.226396][T13145] ocfs2_init_xattr_set_ctxt+0x2f8/0x6e0 [ 348.232536][T13145] ocfs2_xattr_set+0xb6d/0x11f0 [ 348.237895][T13145] __vfs_setxattr+0x431/0x470 [ 348.243120][T13145] __vfs_setxattr_noperm+0x12d/0x5e0 [ 348.248915][T13145] vfs_setxattr+0x16c/0x2f0 [ 348.253931][T13145] path_setxattr+0x362/0x550 [ 348.259036][T13145] __x64_sys_lsetxattr+0xb8/0xd0 [ 348.264484][T13145] do_syscall_64+0x55/0xb0 [ 348.269410][T13145] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 348.275817][T13145] [ 348.275817][T13145] other info that might help us debug this: [ 348.275817][T13145] [ 348.286029][T13145] Chain exists of: [ 348.286029][T13145] &ocfs2_sysfile_lock_key[args->fi_sysfile_type]#3 --> jbd2_handle --> &oi->ip_xattr_sem [ 348.286029][T13145] [ 348.301766][T13145] Possible unsafe locking scenario: [ 348.301766][T13145] [ 348.309221][T13145] CPU0 CPU1 [ 348.314583][T13145] ---- ---- [ 348.319946][T13145] lock(&oi->ip_xattr_sem); [ 348.324539][T13145] lock(jbd2_handle); [ 348.331121][T13145] lock(&oi->ip_xattr_sem); [ 348.338225][T13145] lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#3); [ 348.345508][T13145] [ 348.345508][T13145] *** DEADLOCK *** [ 348.345508][T13145] [ 348.353642][T13145] 3 locks held by syz.8.2431/13145: [ 348.358828][T13145] #0: ffff8880643b4418 (sb_writers#18){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 348.368063][T13145] #1: ffff888079dfc2d8 (&sb->s_type->i_mutex_key#26){++++}-{3:3}, at: vfs_setxattr+0x145/0x2f0 [ 348.378510][T13145] #2: ffff888079dfbff8 (&oi->ip_xattr_sem){++++}-{3:3}, at: ocfs2_xattr_set+0x410/0x11f0 [ 348.388446][T13145] [ 348.388446][T13145] stack backtrace: [ 348.394337][T13145] CPU: 1 PID: 13145 Comm: syz.8.2431 Not tainted 6.6.101-syzkaller #0 [ 348.402479][T13145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 348.412525][T13145] Call Trace: [ 348.415798][T13145] [ 348.418723][T13145] dump_stack_lvl+0x16c/0x230 [ 348.423403][T13145] ? load_image+0x3b0/0x3b0 [ 348.427908][T13145] ? show_regs_print_info+0x20/0x20 [ 348.433101][T13145] ? print_circular_bug+0x12b/0x1a0 [ 348.438290][T13145] check_noncircular+0x2bd/0x3c0 [ 348.443221][T13145] ? print_deadlock_bug+0x5d0/0x5d0 [ 348.448411][T13145] ? lockdep_lock+0xe0/0x220 [ 348.452990][T13145] ? _find_first_zero_bit+0xd3/0x100 [ 348.458270][T13145] __lock_acquire+0x2ddb/0x7c80 [ 348.463118][T13145] ? ocfs2_get_system_file_inode+0x1e3/0x7b0 [ 348.469088][T13145] ? __lock_acquire+0x7c80/0x7c80 [ 348.474102][T13145] ? verify_lock_unused+0x140/0x140 [ 348.479292][T13145] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 348.484917][T13145] ? do_raw_spin_lock+0x121/0x2c0 [ 348.489933][T13145] ? mutex_unlock+0x10/0x10 [ 348.494426][T13145] lock_acquire+0x197/0x410 [ 348.498919][T13145] ? ocfs2_reserve_suballoc_bits+0x165/0x4360 [ 348.504985][T13145] ? ocfs2_get_system_file_inode+0x1f1/0x7b0 [ 348.510955][T13145] ? __might_sleep+0xe0/0xe0 [ 348.515535][T13145] ? read_lock_is_recursive+0x20/0x20 [ 348.520896][T13145] ? ocfs2_fast_symlink_read_folio+0x530/0x530 [ 348.527040][T13145] ? verify_lock_unused+0x140/0x140 [ 348.532224][T13145] ? check_noncircular+0x175/0x3c0 [ 348.537326][T13145] down_write+0x97/0x1f0 [ 348.541560][T13145] ? ocfs2_reserve_suballoc_bits+0x165/0x4360 [ 348.547622][T13145] ? down_read_killable+0x340/0x340 [ 348.552816][T13145] ocfs2_reserve_suballoc_bits+0x165/0x4360 [ 348.558725][T13145] ? mark_lock+0x94/0x320 [ 348.563048][T13145] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 348.569018][T13145] ? lock_chain_count+0x20/0x20 [ 348.573856][T13145] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 348.579746][T13145] ? ocfs2_block_group_search+0x470/0x470 [ 348.585461][T13145] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 348.591343][T13145] ? _raw_spin_unlock+0x40/0x40 [ 348.596187][T13145] ? stack_trace_save+0x9c/0xe0 [ 348.601027][T13145] ? stack_trace_snprint+0xf0/0xf0 [ 348.606127][T13145] ? __stack_depot_save+0x560/0x630 [ 348.611311][T13145] ? kasan_set_track+0x5f/0x70 [ 348.616063][T13145] ? kasan_set_track+0x4e/0x70 [ 348.620812][T13145] ? __kasan_kmalloc+0x8f/0xa0 [ 348.625565][T13145] ? ocfs2_reserve_new_metadata_blocks+0x114/0x940 [ 348.632058][T13145] ? ocfs2_init_xattr_set_ctxt+0x2f8/0x6e0 [ 348.637854][T13145] ? ocfs2_xattr_set+0xb6d/0x11f0 [ 348.642867][T13145] ? __vfs_setxattr+0x431/0x470 [ 348.647707][T13145] ? __vfs_setxattr_noperm+0x12d/0x5e0 [ 348.653153][T13145] ? vfs_setxattr+0x16c/0x2f0 [ 348.657822][T13145] ? path_setxattr+0x362/0x550 [ 348.662578][T13145] ? __x64_sys_lsetxattr+0xb8/0xd0 [ 348.667701][T13145] ? do_syscall_64+0x55/0xb0 [ 348.672276][T13145] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 348.678354][T13145] ocfs2_reserve_new_metadata_blocks+0x404/0x940 [ 348.684679][T13145] ? ocfs2_init_steal_slots+0x160/0x160 [ 348.690215][T13145] ? ocfs2_xattr_block_set+0x2b40/0x2b40 [ 348.695846][T13145] ocfs2_init_xattr_set_ctxt+0x2f8/0x6e0 [ 348.701472][T13145] ? ocfs2_xattr_set+0xb33/0x11f0 [ 348.706485][T13145] ? ocfs2_prepare_refcount_xattr+0xf20/0xf20 [ 348.712540][T13145] ? ocfs2_truncate_log_needs_flush+0x135/0x2e0 [ 348.718768][T13145] ? ocfs2_remove_btree_range+0x1480/0x1480 [ 348.724650][T13145] ? down_write+0x162/0x1f0 [ 348.729145][T13145] ? down_read_killable+0x340/0x340 [ 348.734333][T13145] ? up_write+0x1c3/0x410 [ 348.738657][T13145] ocfs2_xattr_set+0xb6d/0x11f0 [ 348.743503][T13145] ? __ocfs2_xattr_set_handle+0xf10/0xf10 [ 348.749211][T13145] ? __lock_acquire+0x1334/0x7c80 [ 348.754223][T13145] ? verify_lock_unused+0x140/0x140 [ 348.760540][T13145] ? lock_chain_count+0x20/0x20 [ 348.765399][T13145] ? asm_sysvec_call_function_single+0x1a/0x20 [ 348.771540][T13145] ? lockdep_hardirqs_on+0x98/0x150 [ 348.776737][T13145] ? asm_sysvec_call_function_single+0x1a/0x20 [ 348.782875][T13145] ? ocfs2_xattr_trusted_get+0x40/0x40 [ 348.788324][T13145] ? ocfs2_xattr_trusted_set+0x23/0x50 [ 348.793774][T13145] ? ocfs2_xattr_trusted_get+0x40/0x40 [ 348.799225][T13145] __vfs_setxattr+0x431/0x470 [ 348.803901][T13145] __vfs_setxattr_noperm+0x12d/0x5e0 [ 348.809181][T13145] vfs_setxattr+0x16c/0x2f0 [ 348.813675][T13145] ? xattr_permission+0x470/0x470 [ 348.818692][T13145] ? __mnt_want_write+0x223/0x2a0 [ 348.823711][T13145] ? path_setxattr+0x314/0x550 [ 348.828466][T13145] path_setxattr+0x362/0x550 [ 348.833049][T13145] ? simple_xattrs_free+0x150/0x150 [ 348.838246][T13145] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 348.844217][T13145] ? lock_chain_count+0x20/0x20 [ 348.849055][T13145] __x64_sys_lsetxattr+0xb8/0xd0 [ 348.853986][T13145] do_syscall_64+0x55/0xb0 [ 348.858389][T13145] ? clear_bhb_loop+0x40/0x90 [ 348.863050][T13145] ? clear_bhb_loop+0x40/0x90 [ 348.867712][T13145] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 348.873600][T13145] RIP: 0033:0x7f327eb8eb69 [ 348.878004][T13145] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 348.897607][T13145] RSP: 002b:00007f327e9ff038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 348.906015][T13145] RAX: ffffffffffffffda RBX: 00007f327edb5fa0 RCX: 00007f327eb8eb69 [ 348.913973][T13145] RDX: 00002000000001c0 RSI: 0000200000000180 RDI: 00002000000001c0 [ 348.921931][T13145] RBP: 00007f327ec11df1 R08: 0000000000000000 R09: 0000000000000000 [ 348.929892][T13145] R10: 0000000000000361 R11: 0000000000000246 R12: 0000000000000000 [ 348.937850][T13145] R13: 0000000000000000 R14: 00007f327edb5fa0 R15: 00007fffe3c3c7e8 [ 348.945817][T13145] [ 349.028709][T12666] ocfs2: Unmounting device (7,8) on (node local)